NestJS + Passport と Firebase Auth で宣言的な JWT 認証を実装する / NestJS Meetup Tokyo #1

Transcript

1. NestJS + Passport ͱ Firebase Auth Ͱ એݴతͳ JWT ೝূΛ࣮૷͢Δ

   2019.11.29 #nestjs_meetup ͠ʔͳΔ͢(@ci7lus)

2. ͠ʔͳΔ͢ (@ci7lus) • Organizations • An Engineer at ElevenBack LLC.

   • I like • TypeScript, Python, Front/Back-End, Server-less, Database • Works • Candy by ElevenBack LLC. - ϑϦʔϥϯεɾύϥϨϧϫʔΧʔͷͨΊͷ ؾʹ͠ͳ͍ձܭ؅ཧΫϥ΢υ(https://candy.ac) ։ൃ

3. Topics 1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ 2. Firebase Auth Λ૊Έ͜ΜͰΈΔ 3. خ͍͠఺

   4. ·ͱΊ

4. Topics 1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ 2. Firebase Auth Λ૊Έ͜ΜͰΈΔ 3. خ͍͠఺

   4. ·ͱΊ

5. ΞϓϦέʔγϣϯʹ͓͚Δೝূ • Ϣʔβʔ৘ใΛ࣋ͭ Web ΞϓϦέʔγϣϯʹ͓͍ͯɺೝূ৘ใͷ ؅ཧ͸ආ͚ΒΕͳ͍ • ʮೝূ৘ใ͕౉͖͍ͬͯͯΔ͔ʯʮਖ਼͍͠Ϣʔβʔ৘ใ͔ʯ͸ ҰՕॴʹूதͯ͠؅ཧ͍ͨ͠

6. NestJS ʹ͓͚ΔೝূɾೝՄ • Guards ͱ͍͏ػೳΛ࢖࣮ͬͯ૷͢Δ • https://docs.nestjs.com/guards • σίϨʔλΛ༻͍ͯએݴతʹΤϯυϙΠϯτΛम০ •

   2 छྨͷ Guards ͕ଘࡏ͢Δ • ಛఆͷΤϯυϙΠϯτʹରͯ͠ෳ਺ͷ Guards ΛࢦఆͰ͖Δ • ༏ઌॱҐΛઃఆͰ͖Δ

7. 2छྨͷ Guards: CanActivate • https://docs.nestjs.com/guards Ͱղઆ͞Ε͍ͯΔ Guards • ࣮ߦ࣌ͷঢ়ଶ͔ΒೝՄΛ൑அ •

   ೝՄΛ Boolean Ͱฦ٫ • ΤϯυϙΠϯτʹର͠ೝՄʹඞཁͳϝλσʔλΛ௥Ճ͠ɺͦΕΒΛ ಡΈऔΔ͜ͱ΋Ͱ͖Δ • ೝՄର৅ͷϩʔϧͳͲ

8. 2छྨͷ Guards: AuthGuard • https://docs.nestjs.com/techniques/authentication Ͱղઆ͞Ε͍ͯΔ Guards • Passport ͷ

   Strategy Λ༻͍ͯೝՄΛ൑அ • ೝՄΛ Boolean / Object Ͱฦ٫ • طଘͷ Strategy Λར༻͢Δ͜ͱ͕Ͱ͖Δ • ར༻͍ͯ͠Δೝূػߏ޲͚ʹ Strategy ͕ఏڙ͞Ε͍ͯΔ৔߹ɺ ಋೖ͕༰қ

9. 2छྨͷ Guards ͷൺֱ • CanActivate • ݁Ռͷฦ٫͸ Boolean • ৘ใͷ࠶ར༻͸Ͱ͖ͳ͍

   • AuthGuard • ݁Ռͷฦ٫͸ Object / Boolean • ϦΫΤετ಺Ͱฦ٫ͨ͠ΦϒδΣΫτͷ࠶ར༻͕Մೳ • Ϣʔβʔೝূ͸͜ΕΛ༻͍Δͷ͕ϕλʔ

10. Topics 1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ 2. Firebase Auth Λ૊Έ͜ΜͰΈΔ 3. خ͍͠఺

    4. ·ͱΊ

11. Firebase Auth Λ༻͍ͨೝূ • NestJS ͸ Passport ͷ Strategy Λ༻͍ͯೝূ͕Ͱ͖Δ

    ʢ@nestjs/passportʣ • Firebase Auth ͷ Passport Strategy Λ༻͍Δ͜ͱ͕Ͱ͖Δʁ • ͋Γͦ͏ɺ୳ͯ͠ΈΑ͏ • https://www.npmjs.com/package/passport-firebase-auth • “0.0.0-beta.1 / Published 3 years ago” • ͩΊͦ͏…

12. Firebase Auth Λ༻͍ͨೝূ • https://docs.nestjs.com/techniques/authentication ʹ͋ΔΑ͏ʹɺ passport-local Λ༻͍ͯ validate ಺ͰೝূΛ࣮ߦͰ͖ͳ͍͔ʁ

    • Ҿ਺ͱͯ͠ड͚औΕΔ৘ใ͕ඇৗʹ੍ݶ͞Ε͍ͯΔ • Username / Password ͷΈ • ೝূʹඞཁͳ৘ใΛऔಘͰ͖ͳ͍

13. Firebase Auth Λ༻͍ͨೝূ • ͡Ό͋Ͳ͏͢Δ͔ • passport-custom ͱ͍͏ϑϧΧελϜՄೳͳ Strategy ͕ଘࡏ͢Δ

    • Ҿ਺ͱͯ͠ϦΫΤετͷ৘ใΛ͢΂ͯड͚औΔ͜ͱ͕Ͱ͖Δ • Authorization ϔομʔͷ JWT ΋ݟΒΕΔʂ • ͜ΕΛ֦ுͯ͠ @nestjs/passport ͱ࿈ܞͤ͞Δ

14. ࣮૷ͷצॴ • https://docs.nestjs.com/techniques/authentication ͷ “auth/local.strategy.ts“ Λࢀߟʹ Strategy Λ֦ு͍ͯ͘͠ • constructor

    ͷ super() ʹ౉ͨ͠஋͕ຊདྷͷ Strategy ͷୈ1Ҿ਺ʹ౉ ͞ΕΔ • Strategy ʹରͯ͠ΦϓγϣϯΛ౉͢৔߹͸͜͜Ͱ౉ͤ͹ྑ͍ • ͜ΕΛলུ͢Δͱୈ1Ҿ਺͔Βͦͷ·· validate ʹ౉Δ • Strategy ͷίʔϧόοΫ͸֦ுଆͰΑ͠ͳʹͯ͘͠ΕΔ

15. ࣮૷ͷצॴ • ·ͨɺStrategy ໊͸ࣗ༝ʹมߋ͕Մೳ • σϑΥϧτͩͱ “custom” • PassportStrategy ͷୈ2Ҿ਺ʹ

    string Λ౉ͤΔ • Θ͔Γ΍͘͢ “firebase” ͳͲʹ͓ͯ͘͠ͱྑ͍ • PassportStrategy(Strategy, ‘firebase’) • ݺͼग़͢ͱ͖͸ @UseGuards(AuthGuard(‘strategyName’))

16. ࣮૷ @Injectable() export class FirebaseStrategy extends PassportStrategy(Strategy, 'firebase') { constructor()

    { super(); } async validate(req: Request) { const token = req.headers.authorization; if (!token) return false; const parsedToken = bearerRegex.exec(token); if (!parsedToken) return false; try { return await auth.verifyIdToken(parsedToken[1]); } catch (error) { return false; } } }

17. Topics 1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ 2. Firebase Auth Λ૊Έ͜ΜͰΈΔ 3. خ͍͠఺

    4. ·ͱΊ

18. خ͍͠఺ • ೝূɾೝՄΛൺֱత؆୯ʹಋೖ͢Δ͜ͱ͕Ͱ͖Δ • AuthGuard ͕ Passport ͷ֦ுϞδϡʔϧͱͯ͠༻ҙ͞Ε͍ͯΔ • ϝϯςφϯε͞Ε͍ͯΔ

    Strategy ͕طଘ͍ͯ͠Ε͹ΑΓ؆୯ • ϩʔϧͳͲඞཁʹͳΓ΍͍͢ػೳ΋৫ΓࠐΈࡁΈ • σίϨʔλϕʔεͰอޢ͕࣮ࢪͰ͖ΔͷͰָ

19. خ͍͠఺ • ΤϯυϙΠϯτͰೝূ৘ใΛ༻͍Δ͜ͱ͕Ͱ͖Δ • req.user ʹ UserRecord ͕୅ೖ͞ΕΔ • UserRecord

    ܕΛ෇͚ͯݺͼग़͢ͱศར • Strategy ಺Ͱ͸खʹೖͬͨϢʔβ৘ใΛ༻͍ͯԿΛฦͯ͠΋͍͍ • Firestore ಺ͷϢʔβʔ৘ใͱ݁߹ͯ͠ฦ͢ͱͦͷ··࢖͑Δ • Ϣʔβʔ৘ใΛѻ͏ Util Λผ్ఆٛͯ͠ฦͯ͠΋Α͍

20. Topics 1. NestJS ʹ͓͚ΔೝূɾೝՄʹ͍ͭͯ 2. Firebase Auth Λ૊Έ͜ΜͰΈΔ 3. خ͍͠఺

    4. ·ͱΊ

21. ·ͱΊ • Express ͳͲͰ͸ϛυϧ΢ΣΞͱͯ͠Ұॹͨ͘ʹѻΘΕΔอޢػߏΛ ଞϛυϧ΢ΣΞͱ໌ࣔతʹผͷ΋ͷͱͯ͠ѻ͏͜ͱͰɺ࣮૷ͷ༰қ͞ Λ࣮ݱ͍ͯ͠Δ • ಋೖʹ͓͍ͯ͸2ͭͷ Guards ֓೦ͷཧղʹ࣌ؒΛཁͨͨ͠Ίɺ

    ͦͷ఺ʹؔͯ͠೦ೖΓʹղઆͨ͠ʢͭ΋Γʣ • ৭ʑศརʂ

22. ͓ΘΓ