NestJS: Adding verification options to AuthGuard with JWT

Question

I am trying to make use of the AuthGuard decorator, and the passport JWT strategy, following the documentation.

Everything in the documentation works great.

Answer 1

I tried a slightly different approach, by extending the AuthGuard guard. I wanted to maintain the ability to use different Passport Strategies, so I included a mixin. Feedback is appreciated.

In your Jwt strategy you could simply return the JwtPaylozd so that the user has a scopes attribute. Then the custom AuthGuard looks like this:

import { UnauthorizedException, mixin } from "@nestjs/common";
import { AuthGuard } from "@nestjs/passport";

export function AuthScopes(scopes: string[], type?: string | string[]) {
    return mixin(class ScopesAuth extends AuthGuard(type) {
        protected readonly scopes = scopes;
        handleRequest(err, user, info, context) {
        if (err || !user) {
            throw err || new UnauthorizedException();
        }

        if(!this.scopes.some(s => user.scopes.split(' ').includes(s)))
        {
            throw new UnauthorizedException(`JWT does not possess one of the required scopes (${this.scopes.join(',')})`);
        }
        return user;
        }
    });
  }

You can then use this guard like so:

@Get('protected')
@UseGuards(AuthScopes(['secret:read'], 'jwt'))
async protected(): Promise {
    return 'Hello Protected World';
}

'jwt' represents the strategy.