Nest.js Crash Course #7 – Guards

In this series you’ll learn how to make a ninja-themed API with Nest.js, which is a node.js framework for making server side applications.

⭐ Thanks to Marius for making this course. Subscribe to his channel here –

?‍? Nest.js docs –
?‍? VS Code –

In this video we're going to briefly Talk about what guards are in an SGS Framework as you can see guards really Have a single responsibility it's really To protect the underlying routes based On some kind of logic so for example Authentication and authorization perhaps You want to protect an endpoint to make Sure that a user is already logged in Before they can use that or maybe you're Trying to protect an endpoint to make Sure that only a specific type of user Can use that like maybe an admin can Only change a specific setting that's What guards are for so go back in our Code remember we've been building a Ninjas API to manage an Army of Ninjas Perhaps that we want to protect the Specific route of creating ninjas let's Maybe say that I don't know you have to Have a black belt to be able to create a New Ninja right to be able to manage Ninjas you have to be you know the Greatest ninja of them all kind of like Sean right so you gotta have a black Belt so here's what we're gonna to do Back in the terminal we're gonna do Nest G guard and maybe let's just call this Belt and you can see that this creates a Belt guard in its own folder we probably Could move this into the ninja folder as Well but let's keep it here for now and Let's see what happens here you can see That a guard is really

Again just another class with a Injectable kind of like a provider but It very specifically implements the can Activate interface and you can see that The interface simply returns a true or False so the core idea behind guards is That you can attach a guard either to an Entire controller or to individual Methods in that controller so for Example you can do Something like this use guards And then provide your garden there in Our case we have a belt guard right so You can have a guard in front of an Entire controller which means that it's Going to sit in front of all of the Underlying routes in here so if you're Trying to protect all of the Ninja Routes you can do that Or you can also move this into Individual routes for example we said That we want to protect the ability to Create a ninja so we'll move the use Guards into our create ninja method here And if we go back to our application Here on post 3000 slash ninjas we should Be able to still you know create a Ninjas just like before But if we go into our guard let's see What happens when we change this to a False Hit send And now it's saying that it's forbidden Right so at a high level it's pretty

Simple you just need to be able to Toggle the Boolean that you're passing In here to true or false based on a Specified logic so you can see that We're passing in the execution context Here and typically what you would want To do is parse the request out of that Context right so that request includes Everything about the incoming requests Like the URL and about cookies it might Have and you can use that request Basically validate to tell if you should Allow this request to move forward or Not right so for example let's imagine That as part of this request we're Getting back the user session and the User session determines uh you know what Kind of user is that what kind of belt Do they have So maybe you do something like request Dot user dot belts dot includes black Right obviously we didn't implement this This is kind of just pseudo code but Then you know you can return true or False based on that which is effectively Going to protect this route for you Based on whether or not that user has a Black belt right so again it has a Single purpose of basically allowing Something to move forward or not based On the logic that happens within can Activate so again you think of use cases Like authentication maybe you want to Check is the user logged in and again

For authorization this would be an Example of authorization where we're Saying you have to have an authorized User to move forward so that's really Guards at a super high level obviously Implementing the logic in between here For a real application is much more Complex that we're showing here but this Is just introducing to you the concept So that pretty much wraps up our crash Course for an SGS here we learned quite A bit of stuff we built a simple crowd API if you're trying to figure out where To go from here with this video perhaps You want to learn more I highly Recommend uh two things one go to the Documentation of nest.js it's actually Very well written in my opinion there's A lot more things to learn here so I Highly recommend you you check out Everything that the framework has to Offer now the second thing is actually a Quick plug for my channel which is Pretty small but I've got quite a bit of Uh videos there especially for nest.js If that's something that you want to Dive deeper into I cover some of the More complex topics like authentication And then I do have other videos on other Topics like front end react view remix Graphql all that fun stuff anyways That's it for me today thanks for Watching and special thanks to Sean the Net Ninja for having me on the channel

Anyways hope you guys have a great day

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *