Install the following peer dependencies:
npm install passport @nestjs/passport passport-jwt jwks-rsa
npm install --save-dev @types/passport-jwtInstall the package
npm install @whitecloak/nestjs-passport-firebaseImport the FirebaseAuthModule into the root module (the AppModule, defined in the app.module.ts file).
import { Module } from '@nestjs/common';
import { FirebaseAuthModule } from '@whitecloak/nestjs-passport-firebase';
@Module({
imports: [
FirebaseAuthModule.register({
audience: '<PROJECT_ID>',
issuer: 'https://securetoken.google.com/<PROJECT_ID>',
}),
],
})
export class AppModule {}The value of audience is a string equal to your Firebase project ID, the unique identifier for your Firebase project.
For the issuer it should be set to https://securetoken.google.com/<PROJECT_ID>. You can also store this config to the
environment variable.
FirebaseAuthModule.register({
audience: process.env.FIREBASE_AUDIENCE,
issuer: proccess.env.FIREBASE_ISSUER,
})Use FirebaseAuthGuard to protect your routes.
import { Controller, Get, UseGuards } from '@nestjs/common';
import { AppService } from './app.service';
import { FirebaseAuthGuard } from '@whitecloak/nestjs-passport-firebase';
@Controller()
export class AppController {
constructor(private readonly appService: AppService) {}
@Get()
@UseGuards(FirebaseAuthGuard)
getHello(): string {
return this.appService.getHello();
}
}If you are using GraphQL, you need to extend the FirebaseAuthGuard and override the getRequest() method. Read more here.
import { ExecutionContext, Injectable } from '@nestjs/common';
import { GqlExecutionContext } from '@nestjs/graphql';
import { FirebaseAuthGuard } from '@whitecloak/nestjs-passport-firebase';
@Injectable()
export class GqlAuthGuard extends FirebaseAuthGuard {
getRequest(context: ExecutionContext) {
const ctx = GqlExecutionContext.create(context);
return ctx.getContext().req;
}
}You can now protect your queries and mutations by using the GqlAuthGuard.
import { Query, Resolver } from '@nestjs/graphql';
import { UseGuards } from '@nestjs/common';
import { GqlAuthGuard } from './guards/gql-auth.guard';
@Resolver()
export class VersionsResolver {
constructor(private readonly appService: AppService) {}
@Query(() => String)
@UseGuards(GqlAuthGuard)
getHello(): string {
return this.appService.getHello();
}
}Sometimes you need to tweak the behavior of the validate method to fit into your project requirements. You can do
it by creating a custom strategy and extending the FirebaseStrategy to override the validate method.
import { DecodedIdToken, FirebaseStrategy } from '@whitecloak/nestjs-passport-firebase';
import { Repository } from 'typeorm';
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { User } from '@entities/user.entity';
@Injectable()
export class FirebaseCustomStrategy extends FirebaseStrategy {
constructor(
@InjectRepository(User) private userRepository: Repository<User>,
) {
super({
audience: process.env.FIREBASE_AUDIENCE,
issuer: proccess.env.FIREBASE_ISSUER,
});
}
async validate(payload: DecodedIdToken): Promise<User> {
// Do the custom behavior here.
return this.userRepository.findOne({ email: payload.email });
}
}Then add the FirebaseCustomStrategy to the providers list of the module and don't forget to import its dependencies
import { Module } from '@nestjs/common';
import { User } from '@entities/user.entity';
import { TypeOrmModule } from '@nestjs/typeorm';
import { FirebaseAuthModule } from '@whitecloak/nestjs-passport-firebase';
import { FirebaseCustomStrategt } from '@modules/auth/strategy/firebase-custom.strategy';
@Module({
imports: [
TypeormModule.forFeature([User]),
FirebaseAuthModule.register({
audience: '<PROJECT_ID>',
issuer: 'https://securetoken.google.com/<PROJECT_ID>',
}),
],
providers: [FirebaseCustomStrategy]
})
export class AppModule {}See Changelog for more information.
Contributions welcome! See Contributing.
Jimuel Palaca
Licensed under the MIT License - see the LICENSE file for details.