Custom Guards
The built-in decorators cover most use cases. But sometimes you need custom logic. Like checking if a user's email matches a specific domain, or validating custom claims.
You can extend AbstractGuard to build your own guard. It handles JWT verification and token extraction. You just add your validation logic.
Extend AbstractGuard
import { Injectable } from '@nestjs/common';
import { AbstractGuard } from '@nestjs-cognito/auth';
import { ExecutionContext } from '@nestjs/common';
import { User } from '@nestjs-cognito/auth';
@Injectable()
export class CompanyEmailGuard extends AbstractGuard {
protected onValidate(user: User): boolean {
return user.email.endsWith('@company.com');
}
protected getRequest(context: ExecutionContext) {
return context.switchToHttp().getRequest();
}
}
Use it
import { Controller, Get, UseGuards } from '@nestjs/common';
import { CompanyEmailGuard } from './company-email.guard';
@Controller('protected')
@UseGuards(CompanyEmailGuard)
export class ProtectedController {
@Get()
getProtectedResource() {
return 'This is only accessible to users with company email';
}
}
How it works
AbstractGuardverifies the JWT token- It calls your
onValidate()method with the user data - If you return
false, the request is rejected
Different request types
For HTTP:
protected getRequest(context: ExecutionContext) {
return context.switchToHttp().getRequest();
}
For WebSocket:
protected getRequest(context: ExecutionContext) {
return context.switchToWs().getClient();
}