That's really helpful article, thanks for it! It would be great if at least parts of it got integrated into Nest's docs.
Following all the steps described I managed to get auth+sessions work. But one thing bugs me: database security. In src/app.controller.ts we have LoginGuard on login route that after some hops takes us to auth.service.ts. There we pass username and password:
Let's say we pull the user from the database so we certainly want to have username validated first. But Guards are executed before Pipes so LoginGuard will run before ValidationPipe could return "400 Bad request" on some malicious payload.
So, how to make LoginGuard use ValidationPipe to check the input before proceeding with using it for its auth job?
That's really helpful article, thanks for it! It would be great if at least parts of it got integrated into Nest's docs.
Following all the steps described I managed to get auth+sessions work. But one thing bugs me: database security. In
src/app.controller.ts
we haveLoginGuard
on login route that after some hops takes us toauth.service.ts
. There we pass username and password:Let's say we pull the user from the database so we certainly want to have
username
validated first. But Guards are executed before Pipes so LoginGuard will run before ValidationPipe could return "400 Bad request" on some malicious payload.So, how to make LoginGuard use ValidationPipe to check the input before proceeding with using it for its auth job?
Same opinion as you.
Should login logic with passport be implemented in Service instead of Guard?
process order: ValidationPipe -> Controller@Post -> LoginService -> DB
dev.to/umasankarswain/how-to-updat...