$30 off During Our Annual Pro Sale. View Details »

NestJS + Passport と Firebase Auth で宣言的な JWT 認証を実装する / NestJS Meetup Tokyo #1

ci7lus
November 29, 2019

NestJS + Passport と Firebase Auth で宣言的な JWT 認証を実装する / NestJS Meetup Tokyo #1

「NestJS meetup Tokyo #1 @ Eureka ( https://nest-jp.connpass.com/event/152260/ )」で話した、「NestJS + Passport と Firebase Auth で宣言的な JWT 認証を実装する」のスライドです。

ci7lus

November 29, 2019
Tweet

Other Decks in Programming

Transcript

  1. NestJS + Passport ͱ Firebase Auth Ͱ
    એݴతͳ JWT ೝূΛ࣮૷͢Δ
    2019.11.29 #nestjs_meetup ͠ʔͳΔ͢(@ci7lus)

    View Slide

  2. ͠ʔͳΔ͢
    (@ci7lus)
    • Organizations
    • An Engineer at ElevenBack LLC.
    • I like
    • TypeScript, Python, Front/Back-End, Server-less, Database
    • Works
    • Candy by ElevenBack LLC. - ϑϦʔϥϯεɾύϥϨϧϫʔΧʔͷͨΊͷ
    ؾʹ͠ͳ͍ձܭ؅ཧΫϥ΢υ(https://candy.ac) ։ൃ

    View Slide

  3. Topics
    1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ
    2. Firebase Auth Λ૊Έ͜ΜͰΈΔ
    3. خ͍͠఺
    4. ·ͱΊ

    View Slide

  4. Topics
    1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ
    2. Firebase Auth Λ૊Έ͜ΜͰΈΔ
    3. خ͍͠఺
    4. ·ͱΊ

    View Slide

  5. ΞϓϦέʔγϣϯʹ͓͚Δೝূ
    • Ϣʔβʔ৘ใΛ࣋ͭ Web ΞϓϦέʔγϣϯʹ͓͍ͯɺೝূ৘ใͷ
    ؅ཧ͸ආ͚ΒΕͳ͍
    • ʮೝূ৘ใ͕౉͖͍ͬͯͯΔ͔ʯʮਖ਼͍͠Ϣʔβʔ৘ใ͔ʯ͸
    ҰՕॴʹूதͯ͠؅ཧ͍ͨ͠

    View Slide

  6. NestJS ʹ͓͚ΔೝূɾೝՄ
    • Guards ͱ͍͏ػೳΛ࢖࣮ͬͯ૷͢Δ
    • https://docs.nestjs.com/guards
    • σίϨʔλΛ༻͍ͯએݴతʹΤϯυϙΠϯτΛम০
    • 2 छྨͷ Guards ͕ଘࡏ͢Δ
    • ಛఆͷΤϯυϙΠϯτʹରͯ͠ෳ਺ͷ Guards ΛࢦఆͰ͖Δ
    • ༏ઌॱҐΛઃఆͰ͖Δ

    View Slide

  7. 2छྨͷ Guards: CanActivate
    • https://docs.nestjs.com/guards Ͱղઆ͞Ε͍ͯΔ Guards
    • ࣮ߦ࣌ͷঢ়ଶ͔ΒೝՄΛ൑அ
    • ೝՄΛ Boolean Ͱฦ٫
    • ΤϯυϙΠϯτʹର͠ೝՄʹඞཁͳϝλσʔλΛ௥Ճ͠ɺͦΕΒΛ
    ಡΈऔΔ͜ͱ΋Ͱ͖Δ
    • ೝՄର৅ͷϩʔϧͳͲ

    View Slide

  8. 2छྨͷ Guards: AuthGuard
    • https://docs.nestjs.com/techniques/authentication
    Ͱղઆ͞Ε͍ͯΔ Guards
    • Passport ͷ Strategy Λ༻͍ͯೝՄΛ൑அ
    • ೝՄΛ Boolean / Object Ͱฦ٫
    • طଘͷ Strategy Λར༻͢Δ͜ͱ͕Ͱ͖Δ
    • ར༻͍ͯ͠Δೝূػߏ޲͚ʹ Strategy ͕ఏڙ͞Ε͍ͯΔ৔߹ɺ
    ಋೖ͕༰қ

    View Slide

  9. 2छྨͷ Guards ͷൺֱ
    • CanActivate
    • ݁Ռͷฦ٫͸ Boolean
    • ৘ใͷ࠶ར༻͸Ͱ͖ͳ͍
    • AuthGuard
    • ݁Ռͷฦ٫͸ Object / Boolean
    • ϦΫΤετ಺Ͱฦ٫ͨ͠ΦϒδΣΫτͷ࠶ར༻͕Մೳ
    • Ϣʔβʔೝূ͸͜ΕΛ༻͍Δͷ͕ϕλʔ

    View Slide

  10. Topics
    1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ
    2. Firebase Auth Λ૊Έ͜ΜͰΈΔ
    3. خ͍͠఺
    4. ·ͱΊ

    View Slide

  11. Firebase Auth Λ༻͍ͨೝূ
    • NestJS ͸ Passport ͷ Strategy Λ༻͍ͯೝূ͕Ͱ͖Δ
    ʢ@nestjs/passportʣ
    • Firebase Auth ͷ Passport Strategy Λ༻͍Δ͜ͱ͕Ͱ͖Δʁ
    • ͋Γͦ͏ɺ୳ͯ͠ΈΑ͏
    • https://www.npmjs.com/package/passport-firebase-auth
    • “0.0.0-beta.1 / Published 3 years ago”
    • ͩΊͦ͏…

    View Slide

  12. Firebase Auth Λ༻͍ͨೝূ
    • https://docs.nestjs.com/techniques/authentication ʹ͋ΔΑ͏ʹɺ
    passport-local Λ༻͍ͯ validate ಺ͰೝূΛ࣮ߦͰ͖ͳ͍͔ʁ
    • Ҿ਺ͱͯ͠ड͚औΕΔ৘ใ͕ඇৗʹ੍ݶ͞Ε͍ͯΔ
    • Username / Password ͷΈ
    • ೝূʹඞཁͳ৘ใΛऔಘͰ͖ͳ͍

    View Slide

  13. Firebase Auth Λ༻͍ͨೝূ
    • ͡Ό͋Ͳ͏͢Δ͔
    • passport-custom ͱ͍͏ϑϧΧελϜՄೳͳ Strategy ͕ଘࡏ͢Δ
    • Ҿ਺ͱͯ͠ϦΫΤετͷ৘ใΛ͢΂ͯड͚औΔ͜ͱ͕Ͱ͖Δ
    • Authorization ϔομʔͷ JWT ΋ݟΒΕΔʂ
    • ͜ΕΛ֦ுͯ͠ @nestjs/passport ͱ࿈ܞͤ͞Δ

    View Slide

  14. ࣮૷ͷצॴ
    • https://docs.nestjs.com/techniques/authentication ͷ
    “auth/local.strategy.ts“ Λࢀߟʹ Strategy Λ֦ு͍ͯ͘͠
    • constructor ͷ super() ʹ౉ͨ͠஋͕ຊདྷͷ Strategy ͷୈ1Ҿ਺ʹ౉
    ͞ΕΔ
    • Strategy ʹରͯ͠ΦϓγϣϯΛ౉͢৔߹͸͜͜Ͱ౉ͤ͹ྑ͍
    • ͜ΕΛলུ͢Δͱୈ1Ҿ਺͔Βͦͷ·· validate ʹ౉Δ
    • Strategy ͷίʔϧόοΫ͸֦ுଆͰΑ͠ͳʹͯ͘͠ΕΔ

    View Slide

  15. ࣮૷ͷצॴ
    • ·ͨɺStrategy ໊͸ࣗ༝ʹมߋ͕Մೳ
    • σϑΥϧτͩͱ “custom”
    • PassportStrategy ͷୈ2Ҿ਺ʹ string Λ౉ͤΔ
    • Θ͔Γ΍͘͢ “firebase” ͳͲʹ͓ͯ͘͠ͱྑ͍
    • PassportStrategy(Strategy, ‘firebase’)
    • ݺͼग़͢ͱ͖͸ @UseGuards(AuthGuard(‘strategyName’))

    View Slide

  16. ࣮૷
    @Injectable()
    export class FirebaseStrategy extends PassportStrategy(Strategy, 'firebase') {
    constructor() {
    super();
    }
    async validate(req: Request) {
    const token = req.headers.authorization;
    if (!token) return false;
    const parsedToken = bearerRegex.exec(token);
    if (!parsedToken) return false;
    try {
    return await auth.verifyIdToken(parsedToken[1]);
    } catch (error) {
    return false;
    }
    }
    }

    View Slide

  17. Topics
    1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ
    2. Firebase Auth Λ૊Έ͜ΜͰΈΔ
    3. خ͍͠఺
    4. ·ͱΊ

    View Slide

  18. خ͍͠఺
    • ೝূɾೝՄΛൺֱత؆୯ʹಋೖ͢Δ͜ͱ͕Ͱ͖Δ
    • AuthGuard ͕ Passport ͷ֦ுϞδϡʔϧͱͯ͠༻ҙ͞Ε͍ͯΔ
    • ϝϯςφϯε͞Ε͍ͯΔ Strategy ͕طଘ͍ͯ͠Ε͹ΑΓ؆୯
    • ϩʔϧͳͲඞཁʹͳΓ΍͍͢ػೳ΋৫ΓࠐΈࡁΈ
    • σίϨʔλϕʔεͰอޢ͕࣮ࢪͰ͖ΔͷͰָ

    View Slide

  19. خ͍͠఺
    • ΤϯυϙΠϯτͰೝূ৘ใΛ༻͍Δ͜ͱ͕Ͱ͖Δ
    • req.user ʹ UserRecord ͕୅ೖ͞ΕΔ
    • UserRecord ܕΛ෇͚ͯݺͼग़͢ͱศར
    • Strategy ಺Ͱ͸खʹೖͬͨϢʔβ৘ใΛ༻͍ͯԿΛฦͯ͠΋͍͍
    • Firestore ಺ͷϢʔβʔ৘ใͱ݁߹ͯ͠ฦ͢ͱͦͷ··࢖͑Δ
    • Ϣʔβʔ৘ใΛѻ͏ Util Λผ్ఆٛͯ͠ฦͯ͠΋Α͍

    View Slide

  20. Topics
    1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ
    2. Firebase Auth Λ૊Έ͜ΜͰΈΔ
    3. خ͍͠఺
    4. ·ͱΊ

    View Slide

  21. ·ͱΊ
    • Express ͳͲͰ͸ϛυϧ΢ΣΞͱͯ͠Ұॹͨ͘ʹѻΘΕΔอޢػߏΛ
    ଞϛυϧ΢ΣΞͱ໌ࣔతʹผͷ΋ͷͱͯ͠ѻ͏͜ͱͰɺ࣮૷ͷ༰қ͞
    Λ࣮ݱ͍ͯ͠Δ
    • ಋೖʹ͓͍ͯ͸2ͭͷ Guards ֓೦ͷཧղʹ࣌ؒΛཁͨͨ͠Ίɺ
    ͦͷ఺ʹؔͯ͠೦ೖΓʹղઆͨ͠ʢͭ΋Γʣ
    • ৭ʑศརʂ

    View Slide

  22. ͓ΘΓ

    View Slide