NestJS JWT实现用户认证

·  阅读 690

功能说明:

  1. client端使用用户名和用户密码登录,登录成功后server端发送JWT;
  2. client在header中携带JWT访问server,server端对client端携带的JWT进行认证;

初始化项目

创建项目并初始化User,Auth模块,terminal执行:

 # 新建nestjs工程: auth-jwt
 nest new auth-jwt
 # 初始化UserModule,AuthModule
 cd auth-jwt
 nest g module auth
 nest g service auth
 nest g controller auth
 
 nest g module user
 nest g service user
 nest g controller user
复制代码

工程结构:

├── nest-cli.json
├── package.json
├── package-lock.json
├── README.md
├── src
│   ├── app.controller.spec.ts
│   ├── app.controller.ts
│   ├── app.module.ts
│   ├── app.service.ts
│   ├── auth
│   │   ├── auth.controller.spec.ts
│   │   ├── auth.controller.ts
│   │   ├── auth.module.ts
│   │   └── auth.service.ts
│   ├── main.ts
│   └── user
│       ├── user.controller.ts
│       ├── user.module.ts
│       └── user.service.ts
├── test
│   ├── app.e2e-spec.ts
│   └── jest-e2e.json
├── tsconfig.build.json
└── tsconfig.json
复制代码

User Module

  1. 通过用户名获取用户;
  2. 获取用户列表;
  3. 导出 User Service以便Auth Service引用;

user.entity.ts

export interface UserEntity {
  id: number;
  username: string;
  password?: string;
}
复制代码

user.service.ts

import { Injectable } from '@nestjs/common';
import { UserEntity } from './user.entity';

@Injectable()
export class UserService {
  private readonly users: Array<UserEntity>;

  constructor() {
    this.users = [
      { id: 1, username: 'admin', password: 'admin' },
      { id: 2, username: 'tester', password: 'tester' },
    ];
  }

  /**
   * find user by username
   * @param username
   */
  async find(username: string): Promise<UserEntity> {
    const user = this.users.find((user) => user.username === username);
    if (user) return user;
    else return null;
  }

  /**
   * list all users
   */
  async listAll(): Promise<Array<UserEntity>> {
    return this.users.map((user) => {
      const { password, ...info } = user;
      return info;
    });
  }
}
复制代码

user.controller.ts

import { Controller, Get } from '@nestjs/common';
import { UserService } from './user.service';
import { UserEntity } from './user.entity';

@Controller('user')
export class UserController {
  constructor(private readonly userService: UserService) {
    this.userService = userService;
  }

  @Get()
  async list(): Promise<Array<UserEntity>> {
    return this.userService.listAll();
  }
}
复制代码

User Module中导出UserService,user.module.ts

import { Module } from '@nestjs/common';
import { UserService } from './user.service';
import { UserController } from './user.controller';

@Module({
  providers: [UserService],
  controllers: [UserController],
  exports: [UserService],
})
export class UserModule {}
复制代码

Auth Module,实现用户登录

安装登录认证所需依赖passport, passport-local, @nestjs/passport, @types/passport-local, terminal中执行:

npm i passport passport-local @nestjs/passport
npm i @types/passport-local -D
复制代码

账户、密码认证策略实现

AuthService实现用户身份认证

auth.service.ts,用户名密码验证:

import { Injectable } from '@nestjs/common';
import { UserService } from '../user/user.service';
import { UserEntity } from '../user/user.entity';

@Injectable()
export class AuthService {
  constructor(private readonly userService: UserService) {
    this.userService = userService;
  }

  /**
   * validate user name and password
   * @param username
   * @param password
   */
  async validate(username: string, password: string): Promise<UserEntity> {
    const user = await this.userService.find(username);
    // 注:实际中的密码处理应通过加密措施
    if (user && user.password === password) {
      const { password, ...userInfo } = user;
      return userInfo;
    } else {
      return null;
    }
  }
}
复制代码

LocalStrategy,实现账户、密码认证策略。

auth目录下新建local.strategy.ts

import { PassportStrategy } from '@nestjs/passport';
import { Strategy } from 'passport-local';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { UserEntity } from '../user/user.entity';
import { AuthService } from './auth.service';

@Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
  constructor(private readonly authService: AuthService) {
    super();
    this.authService = authService;
  }

  async validate(username: string, password: string): Promise<UserEntity> {
    const user = await this.authService.validate(username, password);
    if (user) return user;
    else throw new UnauthorizedException('incorrect username or password');
  }
}
复制代码

validate方法为默认的用户身份认证的实现,passport-local守卫将自动调用。

用户登录API

AuthController中实现login API,使用passport-local守卫。 auth.controller.ts

import { Controller, Post, Request, UseGuards } from '@nestjs/common';
import { UserEntity } from '../user/user.entity';
import { AuthGuard } from '@nestjs/passport';

@Controller('auth')
export class AuthController {
  @UseGuards(AuthGuard('local'))
  @Post('/login')
  async login(@Request() request): Promise<UserEntity> {
    return request.user;
  }
}
复制代码

@UseGuards(AuthGuard('local'))守卫将从body中提取username、password,然后调用LocalStrategy中的validate方法,若认证通过,则将User信息赋值给request.user。

auth.module.ts

import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { PassportModule } from '@nestjs/passport';
import { UserModule } from '../user/user.module';
import { LocalStrategy } from './local.strategy';

@Module({
  imports: [UserModule, PassportModule],
  providers: [AuthService, LocalStrategy],
  controllers: [AuthController],
})
export class AuthModule {}
复制代码

npm run start启动服务,使用POST请求访问http://127.0.0.1:3000/auth/login,若用户名、密码正确,则获得用户信息,否则response code为401。curl命令如下:

curl -X POST http://127.0.0.1:3000/auth/login -d '{"username": "admin", "password": "123456"}' -H "Content-Type: application/json"

{"statusCode":401,"message":"incorrect username or password","error":"Unauthorized"}
复制代码

JWT Strategy实现

至此,使用Local Strategy用户认证守卫完成了用户登录功能.现在我们来实现:

  1. 当用户登录成功后下发access_token;
  2. User List服务使用jwt认证。

安装依赖

terminal执行:

npm i passport-jwt @nestjs/jwt npm i @types/passport-jwt -D

重写login,登录成功下发access_token

auth.service.ts添加login方法:

import { Injectable } from '@nestjs/common';
import { UserService } from '../user/user.service';
import { UserEntity } from '../user/user.entity';
import { JwtService } from '@nestjs/jwt';
import { TokenEntity } from './token.entity';

@Injectable()
export class AuthService {
  private readonly userService: UserService;
  private readonly jwtService: JwtService;
  constructor(userService: UserService, jwtService: JwtService) {
    this.userService = userService;
    this.jwtService = jwtService;
  }

  /**
   * validate user name and password
   * @param username
   * @param password
   */
  async validate(username: string, password: string): Promise<UserEntity> {
    const user = await this.userService.find(username);
    // 注:实际中的密码处理应通过加密措施
    if (user && user.password === password) {
      const { password, ...userInfo } = user;
      return userInfo;
    } else {
      return null;
    }
  }

  /**
   * user login
   * @param user
   */
  async login(user: UserEntity): Promise<TokenEntity> {
    const { id, username } = user;
    return {
      token: this.jwtService.sign({ username, sub: id }),
    };
  }
}

复制代码

auth.controller.ts

import { Controller, Post, Request, UseGuards } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { AuthService } from './auth.service';
import { TokenEntity } from './token.entity';

@Controller('auth')
export class AuthController {
  constructor(private readonly authService: AuthService) {
    this.authService = authService;
  }
  @UseGuards(AuthGuard('local'))
  @Post('/login')
  async login(@Request() request): Promise<TokenEntity> {
    return this.authService.login(request.user);
  }
}

复制代码

AuthModule 中注册 JwtModule

auth目录下新建jwt.contants.ts

export const jwtContants = {
  secret: 'json_web_token_secret_key',
};
复制代码

注册JwtModule,auth.module.ts

import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { PassportModule } from '@nestjs/passport';
import { UserModule } from '../user/user.module';
import { LocalStrategy } from './local.strategy';
import { JwtModule } from '@nestjs/jwt';
import { jwtContants } from './jwt.contants';

@Module({
  imports: [
    UserModule,
    PassportModule,
    JwtModule.register({
      secret: jwtContants.secret,
    }),
  ],
  providers: [AuthService, LocalStrategy],
  controllers: [AuthController],
})
export class AuthModule {}
复制代码

启动服务,访问登录服务,认证通过后将返回token:

curl -X POST http://127.0.0.1:3000/auth/login -d '{"username": "admin", "password": "admin"}' -H "Content-Type: application/json"
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwic3ViIjoxLCJpYXQiOjE2MDYxNDQwMjF9.IIOMnGgjMmaqVB4RhNGBxS_rEKuSLsr40yG_ooTuFVU"}
复制代码

JWT access_token认证

auth下新建jwt.strategy.ts

import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';
import { jwtContants } from './jwt.contants';
import { UserEntity } from '../user/user.entity';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      // 获取请求header token值
      jwtFromRequest: ExtractJwt.fromHeader('token'),
      secretOrKey: jwtContants.secret,
    });
  }

  async validate(payload: any): Promise<UserEntity> {
    //payload:jwt-passport认证jwt通过后解码的结果
    return { username: payload.username, id: payload.sub };
  }
}
复制代码

auth.module.ts

import { Module } from '@nestjs/common';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { PassportModule } from '@nestjs/passport';
import { UserModule } from '../user/user.module';
import { LocalStrategy } from './local.strategy';
import { JwtModule } from '@nestjs/jwt';
import { jwtContants } from './jwt.contants';
import { JwtStrategy } from './jwt.strategy';

@Module({
  imports: [
    UserModule,
    PassportModule,
    JwtModule.register({
      secret: jwtContants.secret,
    }),
  ],
  providers: [AuthService, LocalStrategy, JwtStrategy],
  controllers: [AuthController],
})
export class AuthModule {}
复制代码

user.controller.ts 添加jwt认证守卫:

import { Controller, Get, UseGuards } from '@nestjs/common';
import { UserService } from './user.service';
import { UserEntity } from './user.entity';
import { AuthGuard } from '@nestjs/passport';

@Controller('user')
export class UserController {
  constructor(private readonly userService: UserService) {
    this.userService = userService;
  }

  @UseGuards(AuthGuard('jwt'))
  @Get()
  async list(): Promise<Array<UserEntity>> {
    return this.userService.listAll();
  }
}
复制代码

启动服务,访问http://127.0.0.1:3000/user,token认证通过将获得用户列表:

curl http://127.0.0.1:3000/user -H "token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwic3ViIjoxLCJpYXQiOjE2MDYxODA4MjR9.y9xt_rn6nORS5MEU18MeNB0brnGHvZLxe7sAYNkz0KY"
## 返回
[{"id":1,"username":"admin"},{"id":2,"username":"tester"}]
复制代码
  1. demo工程源码 github.com/louie-001/n…
  2. NestJS 官方nestjs.com/。
分类:
后端
标签: