Microservices 在微服务设计中,API网关服务和身份验证服务的最佳模式是什么
我正在构建一个微服务项目,其中两项服务是:Microservices 在微服务设计中,API网关服务和身份验证服务的最佳模式是什么,microservices,passport.js,nestjs,nestjs-passport,Microservices,Passport.js,Nestjs,Nestjs Passport,我正在构建一个微服务项目,其中两项服务是: API网关:用于路由到合适的服务 身份验证服务:用于验证用户凭据/用户令牌 身份验证服务由NestJS使用TCP协议构建 Forcase登录: 从客户端到API网关的HTTP请求。API Gateway send to Authentication serviceconst OAuthenticated user:LoginUserResponseDto=等待此消息。authMicroServiceClient.send('login',logi
- API网关:用于路由到合适的服务
- 身份验证服务:用于验证用户凭据/用户令牌
- 从客户端到API网关的HTTP请求。API Gateway send to Authentication service
用于验证电子邮件和密码。如果用户的凭据正确,它将返回UserInfo(名称、访问令牌和重新刷新令牌)const OAuthenticated user:LoginUserResponseDto=等待此消息。authMicroServiceClient.send('login',loginRequest).toPromise()
- 从客户端到API网关的HTTP请求,带有
。在调用post服务以执行post创建之前,API网关调用身份验证服务以通过头中的访问令牌const authenReponse=wait this.authMicroServiceClient.send('verify_access_token',{token:access_token})验证令牌。toPromise()
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { TJwtPayload } from '../../types/auth/jwt-payload.type';
import { UserSimpleDTO } from '@modules/user/dto';
import { ConfigService } from '@nestjs/config'
import { TokenService } from '@app/shared/services'
/**
* Powered Thuan
* @author thuan.nguyen
* @namespace auth
* @classname JwtAccessTokenStrategy
**/
@Injectable()
export class JwtAccessTokenStrategy extends PassportStrategy(Strategy, 'jwt-access-token') {
constructor(private readonly tokenService: TokenService, configService: ConfigService) {
super({
jwtFromRequest: ExtractJwt.fromExtractors([
ExtractJwt.fromAuthHeaderAsBearerToken(),
]),
ignoreExpiration: true,
secretOrKey: configService.get("JWT_ACCESS_SECRET"),
});
}
async validate(payload: TJwtPayload): Promise<UserSimpleDTO> {
const user = await this.tokenService.validatePayload(payload);
if (!user) {
throw new UnauthorizedException('Cannot find user via payload');
}
return user;
}
}
从'@nestjs/passport'导入{PassportStrategy};
从“passport jwt”导入{ExtractJwt,Strategy};
从'@nestjs/common'导入{可注射的,未授权的dexception};
从“../../types/auth/jwt payload.type”导入{TJwtPayload};
从'@modules/user/dto'导入{UserSimpleDTO};
从'@nestjs/config'导入{ConfigService}
从“@app/shared/services”导入{TokenService}
/**
*动力Thuan
*@作者thuan.nguyen
*@namespace-auth
*@classname JwtAccessTokenStrategy
**/
@可注射()
导出类JwtAccessTokenStrategy扩展了PassportStrategy(策略“jwt访问令牌”){
构造函数(专用只读令牌服务:令牌服务,配置服务:配置服务){
超级({
jwtFromRequest:ExtractJwt.fromExtractors([
从AuthHeaderAbarerToken()中提取JWT,
]),
ignoreExpiration:对,
secretrokey:configService.get(“JWT\u ACCESS\u SECRET”),
});
}
异步验证(有效负载:TJwtPayload):承诺{
const user=wait this.tokenService.validatePayload(有效负载);
如果(!用户){
抛出新的UnauthorizedException(“无法通过有效负载找到用户”);
}
返回用户;
}
}
从“passport local”导入{Strategy};
从'@nestjs/passport'导入{PassportStrategy};
从'@nestjs/common'导入{可注射的,未授权的dexception};
从“../user/user.service”导入{UserService};
从'@modules/user/dto'导入{UserLoginReqDTO};
/**
*由Thuan提供动力
*@作者thuan.nguyen
*@namespace-auth
*@classname LocalStrategy
**/
@可注射()
导出类LocalStrategy扩展了PassportStrategy(策略){
建造师(
私有用户服务:用户服务,
) {
超级({usernameField:'email'});
}
异步验证(电子邮件:字符串,密码:字符串):承诺{
const user:UserLoginReqDTO=wait this.userService.getUserIfPasswordMatches(电子邮件、密码);
如果(!用户){
抛出新的UnauthorizedException();
}
返回用户;
}
}
import { Strategy } from 'passport-local';
import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { UserService } from '../user/user.service';
import { UserLoginReqDTO } from '@modules/user/dto';
/**
* Powered by Thuan
* @author thuan.nguyen
* @namespace auth
* @classname LocalStrategy
**/
@Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
constructor(
private userService: UserService,
) {
super({ usernameField: 'email' });
}
async validate(email: string, password: string): Promise<UserLoginReqDTO> {
const user: UserLoginReqDTO = await this.userService.getUserIfPasswordMatches(email, password);
if (!user) {
throw new UnauthorizedException();
}
return user;
}
}