Install the following peer dependencies:
npm install passport @nestjs/passport passport-jwt jwks-rsa
npm install --save-dev @types/passport-jwt
Install the package
npm install @whitecloak/nestjs-passport-firebase
Import the FirebaseAuthModule
into the root module (the AppModule
, defined in the app.module.ts
file).
import {Module} from '@nestjs/common';
import {FirebaseAuthModule} from '@whitecloak/nestjs-passport-firebase';
@Module({
imports: [
FirebaseAuthModule.register({
audience: '<PROJECT_ID>',
issuer: 'https://securetoken.google.com/<PROJECT_ID>',
}),
],
})
export class AppModule {
}
The value of audience
is a string equal to your Firebase project ID, the unique identifier for your Firebase project.
For the issuer
it should be set to https://securetoken.google.com/<PROJECT_ID>
. You can also store this config to
the
environment variable.
FirebaseAuthModule.register({
audience: process.env.FIREBASE_AUDIENCE,
issuer: proccess.env.FIREBASE_ISSUER,
})
Use FirebaseAuthGuard
to protect your routes.
import {Controller, Get, UseGuards} from '@nestjs/common';
import {AppService} from './app.service';
import {FirebaseAuthGuard} from '@whitecloak/nestjs-passport-firebase';
@Controller()
export class AppController {
constructor(private readonly appService: AppService) {
}
@Get()
@UseGuards(FirebaseAuthGuard)
getHello(): string {
return this.appService.getHello();
}
}
If you are using GraphQL, you need to extend the FirebaseAuthGuard
and override the getRequest()
method. Read
more here.
import {ExecutionContext, Injectable} from '@nestjs/common';
import {GqlExecutionContext} from '@nestjs/graphql';
import {FirebaseAuthGuard} from '@whitecloak/nestjs-passport-firebase';
@Injectable()
export class GqlAuthGuard extends FirebaseAuthGuard {
getRequest(context: ExecutionContext) {
const ctx = GqlExecutionContext.create(context);
return ctx.getContext().req;
}
}
You can now protect your queries and mutations by using the GqlAuthGuard
.
import {Query, Resolver} from '@nestjs/graphql';
import {UseGuards} from '@nestjs/common';
import {GqlAuthGuard} from './guards/gql-auth.guard';
@Resolver()
export class VersionsResolver {
constructor(private readonly appService: AppService) {
}
@Query(() => String)
@UseGuards(GqlAuthGuard)
getHello(): string {
return this.appService.getHello();
}
}
Sometimes you need to tweak the behavior of the validate
method to fit into your project requirements. You can do
it by creating a custom strategy and extending the FirebaseStrategy
to override the validate
method.
import {DecodedIdToken, FirebaseStrategy} from '@whitecloak/nestjs-passport-firebase';
import {Repository} from 'typeorm';
import {Injectable} from '@nestjs/common';
import {InjectRepository} from '@nestjs/typeorm';
import {User} from '@entities/user.entity';
@Injectable()
export class FirebaseCustomStrategy extends FirebaseStrategy {
constructor(
@InjectRepository(User) private userRepository: Repository<User>,
) {
super({
audience: process.env.FIREBASE_AUDIENCE,
issuer: proccess.env.FIREBASE_ISSUER,
});
}
async validate(payload: DecodedIdToken): Promise<User> {
// Do the custom behavior here.
return this.userRepository.findOne({email: payload.email});
}
}
Then add the FirebaseCustomStrategy
to the providers list of the module and don't forget to import its dependencies
import {Module} from '@nestjs/common';
import {User} from '@entities/user.entity';
import {TypeOrmModule} from '@nestjs/typeorm';
import {FirebaseAuthModule} from '@whitecloak/nestjs-passport-firebase';
import {FirebaseCustomStrategt} from '@modules/auth/strategy/firebase-custom.strategy';
@Module({
imports: [
TypeormModule.forFeature([User]),
FirebaseAuthModule.register({
audience: '<PROJECT_ID>',
issuer: 'https://securetoken.google.com/<PROJECT_ID>',
}),
],
providers: [FirebaseCustomStrategy]
})
export class AppModule {
}
See Changelog for more information.
Contributions welcome! See Contributing.
Jimuel Palaca
Licensed under the MIT License - see the LICENSE file for details.