Install the following peer dependencies:
npm install passport @nestjs/passport passport-jwt jwks-rsa
npm install --save-dev @types/passport-jwtInstall the package
npm install @whitecloak/nestjs-passport-firebaseImport the FirebaseAuthModule into the root module (the AppModule, defined in the app.module.ts file).
import {Module} from '@nestjs/common';
import {FirebaseAuthModule} from '@whitecloak/nestjs-passport-firebase';
@Module({
imports: [
FirebaseAuthModule.register({
audience: '<PROJECT_ID>',
issuer: 'https://securetoken.google.com/<PROJECT_ID>',
}),
],
})
export class AppModule {
}The value of audience is a string equal to your Firebase project ID, the unique identifier for your Firebase project.
For the issuer it should be set to https://securetoken.google.com/<PROJECT_ID>. You can also store this config to
the
environment variable.
FirebaseAuthModule.register({
audience: process.env.FIREBASE_AUDIENCE,
issuer: proccess.env.FIREBASE_ISSUER,
})Use FirebaseAuthGuard to protect your routes.
import {Controller, Get, UseGuards} from '@nestjs/common';
import {AppService} from './app.service';
import {FirebaseAuthGuard} from '@whitecloak/nestjs-passport-firebase';
@Controller()
export class AppController {
constructor(private readonly appService: AppService) {
}
@Get()
@UseGuards(FirebaseAuthGuard)
getHello(): string {
return this.appService.getHello();
}
}If you are using GraphQL, you need to extend the FirebaseAuthGuard and override the getRequest() method. Read
more here.
import {ExecutionContext, Injectable} from '@nestjs/common';
import {GqlExecutionContext} from '@nestjs/graphql';
import {FirebaseAuthGuard} from '@whitecloak/nestjs-passport-firebase';
@Injectable()
export class GqlAuthGuard extends FirebaseAuthGuard {
getRequest(context: ExecutionContext) {
const ctx = GqlExecutionContext.create(context);
return ctx.getContext().req;
}
}You can now protect your queries and mutations by using the GqlAuthGuard.
import {Query, Resolver} from '@nestjs/graphql';
import {UseGuards} from '@nestjs/common';
import {GqlAuthGuard} from './guards/gql-auth.guard';
@Resolver()
export class VersionsResolver {
constructor(private readonly appService: AppService) {
}
@Query(() => String)
@UseGuards(GqlAuthGuard)
getHello(): string {
return this.appService.getHello();
}
}Sometimes you need to tweak the behavior of the validate method to fit into your project requirements. You can do
it by creating a custom strategy and extending the FirebaseStrategy to override the validate method.
import {DecodedIdToken, FirebaseStrategy} from '@whitecloak/nestjs-passport-firebase';
import {Repository} from 'typeorm';
import {Injectable} from '@nestjs/common';
import {InjectRepository} from '@nestjs/typeorm';
import {User} from '@entities/user.entity';
@Injectable()
export class FirebaseCustomStrategy extends FirebaseStrategy {
constructor(
@InjectRepository(User) private userRepository: Repository<User>,
) {
super({
audience: process.env.FIREBASE_AUDIENCE,
issuer: proccess.env.FIREBASE_ISSUER,
});
}
async validate(payload: DecodedIdToken): Promise<User> {
// Do the custom behavior here.
return this.userRepository.findOne({email: payload.email});
}
}Then add the FirebaseCustomStrategy to the providers list of the module and don't forget to import its dependencies
import {Module} from '@nestjs/common';
import {User} from '@entities/user.entity';
import {TypeOrmModule} from '@nestjs/typeorm';
import {FirebaseAuthModule} from '@whitecloak/nestjs-passport-firebase';
import {FirebaseCustomStrategt} from '@modules/auth/strategy/firebase-custom.strategy';
@Module({
imports: [
TypeormModule.forFeature([User]),
FirebaseAuthModule.register({
audience: '<PROJECT_ID>',
issuer: 'https://securetoken.google.com/<PROJECT_ID>',
}),
],
providers: [FirebaseCustomStrategy]
})
export class AppModule {
}See Changelog for more information.
Contributions welcome! See Contributing.
Jimuel Palaca
Licensed under the MIT License - see the LICENSE file for details.