如何使用护照和 nestjs 根据请求 url 将 api 键作为查询字符串传递
How to pass api key as query string on request url using passport and nestjs
我根据 https://www.stewright.me/2021/03/add-header-api-key-to-nestjs-rest-api/
制定了 api-key 策略
它有效,我在 header 中传递 api-key 并授权它。
现在,对于某些情况,我需要将 api-key 作为查询参数传递给 url 而不是 header。我没弄明白。
例如mysite.com/api/book/5?api-key=myapikey
我当前的代码是
api-key-strategy.ts
@Injectable()
export class ApiKeyStrategy extends PassportStrategy(Strategy, 'api-key') {
constructor(private configService: ConfigService) {
super({ header: 'api-key', prefix: '' }, true, async (apiKey, done) =>
this.validate(apiKey, done)
);
}
private validate(apiKey: string, done: (error: Error, data) => any) {
if (
this.configService.get(AuthEnvironmentVariables.API_KEY) === apiKey
) {
done(null, true);
}
done(new UnauthorizedException(), null);
}
}
api-key-auth-gurad.ts
import { Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class ApiKeyAuthGuard extends AuthGuard('api-key') {}
app.controller
...
@UseGuards(ApiKeyAuthGuard)
@Get('/test-api-key')
testApiKey() {
return {
date: new Date().toISOString()
};
}
...
我找到了解决方案,以防其他人遇到同样的问题。
我在守卫中添加了 canActivate 方法,然后从 request.query 读取 api 密钥,并将其添加到 header。然后其余代码像以前一样工作并检查 header
@Injectable()
export class ApiKeyAuthGuard extends AuthGuard('api-key') {
canActivate(context: ExecutionContext) {
const request: Request = context.switchToHttp().getRequest();
if (request && request.query['api-key'] && !request.header('api-key')) {
(request.headers['api-key'] as any) = request.query['api-key'];
}
return super.canActivate(context);
}
}
我根据 https://www.stewright.me/2021/03/add-header-api-key-to-nestjs-rest-api/
制定了 api-key 策略它有效,我在 header 中传递 api-key 并授权它。
现在,对于某些情况,我需要将 api-key 作为查询参数传递给 url 而不是 header。我没弄明白。
例如mysite.com/api/book/5?api-key=myapikey
我当前的代码是
api-key-strategy.ts
@Injectable()
export class ApiKeyStrategy extends PassportStrategy(Strategy, 'api-key') {
constructor(private configService: ConfigService) {
super({ header: 'api-key', prefix: '' }, true, async (apiKey, done) =>
this.validate(apiKey, done)
);
}
private validate(apiKey: string, done: (error: Error, data) => any) {
if (
this.configService.get(AuthEnvironmentVariables.API_KEY) === apiKey
) {
done(null, true);
}
done(new UnauthorizedException(), null);
}
}
api-key-auth-gurad.ts
import { Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class ApiKeyAuthGuard extends AuthGuard('api-key') {}
app.controller
...
@UseGuards(ApiKeyAuthGuard)
@Get('/test-api-key')
testApiKey() {
return {
date: new Date().toISOString()
};
}
...
我找到了解决方案,以防其他人遇到同样的问题。
我在守卫中添加了 canActivate 方法,然后从 request.query 读取 api 密钥,并将其添加到 header。然后其余代码像以前一样工作并检查 header
@Injectable()
export class ApiKeyAuthGuard extends AuthGuard('api-key') {
canActivate(context: ExecutionContext) {
const request: Request = context.switchToHttp().getRequest();
if (request && request.query['api-key'] && !request.header('api-key')) {
(request.headers['api-key'] as any) = request.query['api-key'];
}
return super.canActivate(context);
}
}