DEV Community

Discussion on: Authentication and Sessions for MVC Apps with NestJS

Collapse
 
forsetius profile image
Marcin Paździora

That's really helpful article, thanks for it! It would be great if at least parts of it got integrated into Nest's docs.

Following all the steps described I managed to get auth+sessions work. But one thing bugs me: database security. In src/app.controller.ts we have LoginGuard on login route that after some hops takes us to auth.service.ts. There we pass username and password:

  async validateUser(username, password): Promise<any> {
    const user = await this.usersService.findOne(username);
Enter fullscreen mode Exit fullscreen mode

Let's say we pull the user from the database so we certainly want to have username validated first. But Guards are executed before Pipes so LoginGuard will run before ValidationPipe could return "400 Bad request" on some malicious payload.

So, how to make LoginGuard use ValidationPipe to check the input before proceeding with using it for its auth job?

Collapse
 
dddsuzuki profile image
dddsuzuki

Same opinion as you.

Should login logic with passport be implemented in Service instead of Guard?
process order: ValidationPipe -> Controller@Post -> LoginService -> DB

Collapse
 
umasankarswain profile image
umasankar-swain