身份认证(JWT)

安装

npm install --save @nestjs/jwt

配置

import { Module } from '@nestjs/common';
import { AppController } from './app.controller';
import { AppService } from './app.service';
import { TypeOrmModule } from '@nestjs/typeorm';
import { App } from './app.entity';
import { JwtModule } from '@nestjs/jwt';
@Module({
  imports: [
    TypeOrmModule.forRoot({
      type: 'mysql',
      host: 'wwlj-yunfuwu.mysql.huhehaote.rds.aliyuncs.com',
      port: 3306,
      username: "j******9",
      password: "A**********0",
      database: "jiamei",
      retryDelay: 500,
      retryAttempts: 10,
      autoLoadEntities: true,
      synchronize: true,
    }),
    TypeOrmModule.forFeature([App]),
    JwtModule.register({
      global: true,
      secret: "ahckcsksvcs",
      signOptions: { expiresIn: '120s' },
    })
  ],
  controllers: [AppController],
  providers: [AppService],
})
export class AppModule { }

模型

import { Entity, Column, PrimaryGeneratedColumn, BeforeInsert } from 'typeorm';
import * as bcrypt from 'bcrypt';
@Entity()
export class App {
    @PrimaryGeneratedColumn()
    id: number;

    @Column()
    userName: string;

    @Column()
    passWord: string;

    @BeforeInsert()
    async hashPassword() {
        this.passWord = await bcrypt.hash(this.passWord, 10);
    }

    @Column({ default: true })
    isActive: boolean;

    @Column({ default: "user" })
    role: string;
}

生成Token

import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { InjectRepository } from '@nestjs/typeorm';
import { App } from './app.entity';
import { Repository } from 'typeorm';
import * as bcrypt from 'bcrypt';
@Injectable()
export class AppService {
  constructor(
    @InjectRepository(App)
    private readonly appRepository: Repository<App>,
    private readonly jwtService: JwtService,
  ) { }
  async login() {
    const username = "admin"
    const password = "123456"
    const user = await this.appRepository.findOne({
      where: {
        userName: username
      }
    })
    if (!user) {
      return "用户不存在"
    }
    if (user?.passWord && !await bcrypt.compare(password, user.passWord)) {
      return "密码错误"
    }
    return {
      code: 200,
      msg: "登录成功",
      token: await this.jwtService.signAsync({ ...user })
    }
  }
  async mustLogin() {

  }
}

新建身份守卫

nest g gu ./guard/authentication

import {
  CanActivate,
  ExecutionContext,
  Injectable,
  UnauthorizedException,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { Request } from 'express';

@Injectable()
export class AuthGuard implements CanActivate {
  constructor(private jwtService: JwtService) { }

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const request = context.switchToHttp().getRequest();
    const token = this.extractTokenFromHeader(request);
    if (!token) {
      throw new UnauthorizedException();
    }
    try {
      const payload = await this.jwtService.verifyAsync(
        token,
        {
          secret: "ahckcsksvcs"
        }
      );
      request['user'] = payload;
    } catch {
      throw new UnauthorizedException();
    }
    return true;
  }

  private extractTokenFromHeader(request: Request): string | undefined {
    const [type, token] = request.headers.authorization?.split(' ') ?? [];
    return type === 'Bearer' ? token : undefined;
  }
}

使用

import { Controller, Get, Req, UseGuards } from '@nestjs/common';
import { AppService } from './app.service';
import { AuthGuard } from 'src/guard/authentication/authentication.guard';
@Controller()
export class AppController {
  constructor(private readonly appService: AppService) { }

  @Get("login")
  login() {
    return this.appService.login();
  }

  @UseGuards(AuthGuard)
  @Get("mustLogin")
  mustLogin(@Req() req: any) {
    return this.appService.mustLogin(req);
  }
}

import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { InjectRepository } from '@nestjs/typeorm';
import { App } from './app.entity';
import { Repository } from 'typeorm';
import * as bcrypt from 'bcrypt';
@Injectable()
export class AppService {
  constructor(
    @InjectRepository(App)
    private readonly appRepository: Repository<App>,
    private readonly jwtService: JwtService,
  ) { }
  async login() {
    const username = "admin"
    const password = "123456"
    const user = await this.appRepository.findOne({
      where: {
        userName: username
      }
    })
    if (!user) {
      return "用户不存在"
    }
    if (user?.passWord && !await bcrypt.compare(password, user.passWord)) {
      return "密码错误"
    }
    return {
      code: 200,
      msg: "登录成功",
      token: await this.jwtService.signAsync({ ...user })
    }
  }
  async mustLogin(req: any) {
    return req.user
  }
}