NestJS Authorization: RBAC, ABAC, claims-based, and more! | NestJS Guards Tutorial
In this video we'll discuss the fundamentals of doing authorization on a NestJS API. We'll take a look at how to use custom decorators to add metadata to controller methods. We'll then work on creating a new guard specifically for authorization. We'll take a look at how to extract a user's roles and determine if they are allowed to process with the request or not. We'll also briefly discuss more advanced scenarios where you might want to use claims-based or perhaps attribute-based (ABAC) authorization techniques using libraries like CASL and accesscontrol.
Video on NestJS AUTHENTICATION (user logins): • NestJS Authentication:...
00:00 - Intro
00:44 - Creating new application
02:08 - Defining User entity and Roles enum
05:37 - Defining our auth requirements
07:33 - Using SetMetadata decorator
08:40 - Creating a custom Roles decorator
10:51 - Creating a new Roles Guard
15:47 - Accessing user roles within a guard
21:08 - Discussing more advanced authorization with claims or permissions/attributes
25:31 - NestJS CASL Integration
25:47 - Outro
Пікірлер: 119
very useful. i wish this video was around when my company built a new project in nestjs and rbac last year
thank you so much... straight to the point.... best nest js explanations i've seen so far.
thankyou for creating such a great content covering everything making it easy for everyone to understand
Thank you for your useful videos. Would be great to have more in deep tutorial about CASL with NestJS.
Thank you, Marius. I'm just switching from making the nodejs API from scratch to using a library like nestjs. This helps me a lot
@mariusespejo
2 жыл бұрын
Awesome glad to hear! Nest is an awesome choice
Thanks, mate. Very educational.
Great job Marius, your videos are very useful and simple at the same time, keep rocking 🤘
@mariusespejo
Жыл бұрын
Thanks Alireza! 🤘🤘
You are always so helpful! Thank you Marius! 🤗
@mariusespejo
2 жыл бұрын
You’re welcome Cecilia!
Great Stuff once again. Your NestJs content has helped me a lot.
@mariusespejo
2 жыл бұрын
🙌😄
Thanks (again!) for this content Marius. Would love to see a long-form CASL workshop for managing routes and resources.
@codesuit
2 жыл бұрын
Yes, thanks for this content :). CASL-"workshop" would be nice + a included database with the relations between the roles/permissions and the user-entity. ❤️
thank you for the wonderful explanation! I hope that you will continue to help us
@mariusespejo
Жыл бұрын
Absolutely! You’re welcome!
Thanks, bro. Appreciate the video. I was hoping for a GraphQL implementation, but after watching your tutorial, I figured out how to do it.
@mariusespejo
2 жыл бұрын
Yeah as far as I know guards work pretty much the exact same way even if you are using graphql
Once again, thanks for an amazing video! I love to see these videos to get some inspiration! I would love to see a video about Passport with the Local Strategy together with JWT, I know you have done this but I still feel it would be nice to cover JWT refresh in the backend, and hopefully in the frontend as well.
@mariusespejo
2 жыл бұрын
Thank you! Yeah I’m hoping to maybe put together a longer video which mixes all these topics together. And refresh flow definitely has been requested a few times. Technically it is really just introducing a second token (refresh token) and having your access token expire at a shorter time. It’s probably the underlying logic, where you’d store the tokens, etc. that would be good to cover in a video
@tukuyoma
2 жыл бұрын
@@mariusespejo Please when will you be able to put up this video
Excelent content bro
Next Tutorial about CASL sir
Thanks Marius, very cool!
Hey, Nice video, thankyou for all these explanations, The CASL video would be nice!
thank you! very clear and straightforward
@mariusespejo
Ай бұрын
Thanks for feedback!
@mariusespejo
Ай бұрын
Thanks for feedback!
Great video!!! Thank you for this video
@mariusespejo
2 жыл бұрын
Glad you think so! Thanks!
it solved my problem, thank you
Thanks man for this.
Great tutorial ❤️. Please make a video implementing casl in nest js. I read the docs but didn't understand properly.
awesome video, you are just great teacher
@mariusespejo
2 жыл бұрын
Thank you 🙏
Thank you, nice straightforward explanation :D now I'm SUBSCRIBED (with the bell ON) Hope you the best
@mariusespejo
2 жыл бұрын
Thank you 🙏😄
спасибо, как всегда все доходчиво и понятно
truly amazing
Great video Marius, I just watced all the NestJs related videos. You did a very good job, they are very usefull. Right now I am trying to do a Nestjs authentication trough Firebase auth IDP. It would be awesome if you will do a video that covers that.
@mariusespejo
2 жыл бұрын
Thank you! Yeah a couple folks have mentioned firebase, I’ve used it back in the day but it likely has changed a lot since then, I’ll have to look into it again
CASL in nestjs would be awesome :)
Very helpful dude 💪🏻 I like your format. Would be amazing if you could do a video on CASL and its integration with NestJS 😋 thanks
@mariusespejo
2 жыл бұрын
I’m interested in CASL myself so me covering it is likely!
@flyingwebsolutions8208
2 жыл бұрын
@@mariusespejo what is your general thought about NestJS?? I am study it now and your videos are cool! Could you suggest me an easy project that I can create with it? Thanks
@mariusespejo
2 жыл бұрын
General thoughts: the express ecosystem is massive and Nest simply builds on top of it and gives you a nice architecture out of the box, it integrates well with a lot of things. You can’t go wrong with using it. I would suggest a project that you’re personally interested in and something that involves perhaps doing CRUD with a database as well as authentication/authorization. E.g. perhaps creating an API for a blog with multiple users and allowing for creating/editing posts as well as adding comments to posts
Thanks Marius, I would love to see a video on Nestjs authorization with CASL Integration.
@mariusespejo
2 жыл бұрын
Definitely would like to look into CASL myself so I’ll likely cover it in the future
@musbell
2 жыл бұрын
@@mariusespejo that would be great! I'm about to implement authorization in my project and likely to use CASL. Looking forward to see the video in the future. 🙂
Hi Marius, love your videos. Please do a tutorial on authentication with firebase admin sdk
@mariusespejo
2 жыл бұрын
Will look into it!
thank u sir.very helpful video.Plz make a video on CASL authorizatoin
@mariusespejo
2 жыл бұрын
Thanks yeah will likely cover that in the future
@lovenlive
2 жыл бұрын
@@mariusespejo thank u sir....🙏 Can u please make a video on ORY Kratos implement on nest app!🙏🙏
@mariusespejo
2 жыл бұрын
I don’t know what that is haha will try to look into it
@lovenlive
2 жыл бұрын
@@mariusespejo thank u sir... 😀🙏
the best !
Thanks
Started working with nest a couple of months ago and your videos really helped me out, thank you! Btw, what do you think of a nestjs project wrapped within the docker ? Would that be something interesting to make?
@mariusespejo
2 жыл бұрын
Docker in general is useful, I mean it really depends on how you want to do development and deployments. If you have a need for containers yeah why not
@ashishthakur9983
2 жыл бұрын
make a video in this topic
Great tutorial Marius! You won a subscriber :)!! I have a question though, what if you want to allow the user to edit their own data but only admins are allowed to edit or delete other users data? Thanks in advance :)
@mariusespejo
2 жыл бұрын
Thanks! 🙌 Basically you’d have to create a slightly more custom guard where you load in the user record and check ownership, return false if not owned or not an admin. As your access control requirements gets more complex that’s also when I’d recommend looking at adding things like CASL or similar
@nearmint8350
2 жыл бұрын
@@mariusespejo Thanks Marius :) I dit and its working properly.
@mariusespejo
2 жыл бұрын
Awesome!
Great video as always. Do you have repos for any of these videos? It would be nice to look at the code directly. Thanks.
Thanks sir. Can you do also a video with keycloak integration? Thank you so much!
@mariusespejo
2 жыл бұрын
Hmm have not heard of keycloak, will look into it
Nest js Casl Authorization ABAC more on this would be great..
It would be really great if you upload the code in a github repository.
Pretty good video this was really helpful. Would you also consider tutorial using fastify for NestJS ?
@mariusespejo
2 жыл бұрын
As far as actually doing that there’s really not much to it and it is documented in the nest site. The bigger changes would be things that rely on express will no longer work so you’d have to maybe find some alternative integrations
@jamols09
2 жыл бұрын
You mean there's a lot functionality nestjs supports on express compared to fastify (or that fastify does not have)? As of now all I know is that fastify does not support nested routes. It is mentioned in their documentation.
@mariusespejo
2 жыл бұрын
I don’t know what is and isn’t supported or how much. All i can tell you i that any express-specific integrations, e.g. if you were using express-session, then you’d have to use whatever the fastify equivalent of that is. As for actually just switching to fastify that’s documented and is fairly simple to enable
Thank you for this amazing Content , Is there a way or Guide on How to do ABAC with Typeorm , dynamic roles , privileges loaded from DB ( mariaDB maybe )
@mariusespejo
Жыл бұрын
You can use something like CASL, which I’ve made videos about. You’d just need to store the user privileges in the DB and map them to abilities in casl. Since it’s dynamic that means you likely will want to query your DB for current user privileges and construct the ability for each request
@gendev1105
Жыл бұрын
@@mariusespejo Thank you for your response , I will try that out , thank you so much your videos are a great help
Can you make a video on nestjs best practices and folder structure for making scalable applications. Covering all aspects like auth, database, graphql etc.
@mariusespejo
2 жыл бұрын
Check out the channel! Most of those I’ve already covered
thank you sir great video , can you please also explain how to verify loggedin user woth context, it shows me Undefined
@mariusespejo
Жыл бұрын
That’s more of an authentication topic, I have some videos about it in the channel if you’re interested
@jabirabu3776
Жыл бұрын
@@mariusespejo can u please specify which video ......... it would be a great help
Can you do an example for testing in nestjs graphql?
@mariusespejo
2 жыл бұрын
i do have one on Nest testing but in REST, it’s honestly pretty much the same fundamentals except you have resolvers instead of controllers
Hello Marius, first of all, thank you for the great content! I was using jwt guard for authentication and my request has a user object but I can't take the user object in RolesGuard. It says it is undefined but I can see it in my controller when I try to pull the request object. Is JwtGuard running before that RolesGuard? But My JwtGuard was applied on the controller level, and RolesGuard was applied on the method level. Any idea or suggestion?
@mariusespejo
2 жыл бұрын
Not positive what the problem might be there, assuming your jwt guard puts the user in req.user, if you’re seeing it’s not there on the rolesguard then you might have the wrong execution order somehow. Maybe try to debug by putting both on the method level?
would you make a video on cookie based auth and storing it in redis
@mariusespejo
9 ай бұрын
I did! Find the nestjs auth video in my channel. It covers session-based auth, which is maintained via cookie containing the session ID. The session library can use whatever storage you want, including redis
Could you go through the process for graphql queries please?
@mariusespejo
Жыл бұрын
In nest guards should pretty much work the same I think regardless if you’re using rest or graphql. Only thing different is your guard logic will need to create/work with the graphql context
It is posible that a could retrieve the result of my authentication guard and use it in my authorization guard? I have the role there.
please I do get the link to Jwt Session video? thanks
@mariusespejo
2 жыл бұрын
NestJS Authentication: JWTs, Sessions, logins, and more! | NestJS PassportJS Tutorial kzread.info/dash/bejne/kYBmlJezoLixYLA.html
The APP_GUARD runs before the JwtGuard (when authentication is set up). Thus the user is simply not available in the request at that time, what to do in that scenario.
@sulaimanaminu9515
3 ай бұрын
Were you able to figure this out?
@mariusespejo
3 ай бұрын
Guard execution starts with global guards, then proceeds to controller guards, and finally to route guards. Just adjust in the order that you need.
@sulaimanaminu9515
3 ай бұрын
@mariusespejo thank you. I am done with the implementation. Just adjust the guards in the order you want them to be. If you want the jwt guard first then don't add the roleguard globally
how are we gonna get user from req? You just hardcoded that part, what I need to get those user information from the request?
@mariusespejo
Жыл бұрын
I have videos on how to do authentication if you want to see how. If you do it correctly typically the user session would be stored in req.user, just like in express. That’s the assumption that’s being made here
wp gg
can you please let me know you customize your terminal?
@mariusespejo
2 жыл бұрын
Nowadays I mostly use oh-my-zsh and some basic plugins for autocompletion and syntax highlighting. Not really much more to it than that
Can you give me a link of your background, thank you!
T hank you, can you tell me how to make exception filter prisma js for nestjs
@mariusespejo
2 жыл бұрын
Exception filters are fairly well documented in the next docs, custom ones simply require catching a specific error either directly from prisma or one that your throw yourself
i actually need assistance on a logic please. i am working on a project that has five different users [hospital, pharmacy, laboratory, patients and a bot] and i am not building them as a microservice. each of them have their own tables in the same db , with ofcus different dtos. now i need help on how to implement the logic of authenticating all the different users using just one Jwt Authentication Service. i am developing this project with nestjs typescript. please i need help on howto craft out that logic
@mariusespejo
Жыл бұрын
If you check my channel i do have videos on how to do authentication with jwt in nest. I imagine authentication for any of your users should be mostly the same, what likely would differ is their authorization which is what this video covers. If that doesn’t help I suggest asking in stackoverflow
Really offtopic question, but what is the origin of your first name? 😁
@mariusespejo
2 жыл бұрын
My parents picked it hahaha if you’re asking actual origins I know that it sort of started as a Roman name in ancient history lol
Hey @Marius, awesome content so far! How would you go about building a NestJS backend based on Clean Code Architecture? Nest already has dependency injection and separation of concerns, but I like some of the ideas and points made in this video: kzread.info/dash/bejne/daKVy86Nk628j7g.html Could you build something similar to this using Nest and TS? It would be really interesting to see how you approach it.
@mariusespejo
2 жыл бұрын
I would suggest watching the nestjs crash course on my channel. Technically Nest.js is already providing you with an architecture out of the box, it’s not exactly the same as the one outlined in that video but the core principles are the same, e.g. you’ll notice Nest documents and recommends a clear separation between controllers, services (this is probably closest to “use cases” in that video’s diagram) for business logic, and data repository/model (close to entities in that diagram) for data access/manipulation logic. Although you definitely can customize things a bit and make it look exactly like in that video (e.g. perhaps labeling things as use cases instead of services), however that seems counterproductive to me when Nest is already designed to give you a predefined architecture that’s already out of the box close to what you’re looking for and is solving the same exact problem
Thumbnail 😂😅
@mariusespejo
2 жыл бұрын
🤣
Thanks