Site Home
Guides
LoginTry for Free
Start typing to search…

Add Auth Guard

Create an authentication guard to secure your NestJS application.

To protect your application endpoints, you'll need to create an authentication guard. Later in this guide, you'll use that guard on your NestJS routes to enforce authentication on incoming requests.

Create An Auth Guard

Create an authentication guard in your project using the createWristbandAuthGuard() function.

// src/guards/auth.guard.ts

import { createWristbandAuthGuard } from '@wristband/nestjs-auth';

export const WristbandAuthGuard = createWristbandAuthGuard();

Configure The Auth Guard

Register an auth guard configuration factory in your Wristband configuration file. This guard uses the SESSION authentication strategy, so any NestJS route it's applied to will require incoming requests to include a valid session cookie.

// src/config/wristband.config.ts

import { registerAs } from '@nestjs/config';
import type { AuthConfig, SessionOptions, AuthGuardConfig } from '@wristband/nestjs-auth';

export const authConfig = registerAs('wristbandAuth', (): AuthConfig => ({
  clientId: '<WRISTBAND_CLIENT_ID>',
  clientSecret: '<WRISTBAND_CLIENT_SECRET>',
  wristbandApplicationVanityDomain: '<WRISTBAND_APPLICATION_VANITY_DOMAIN>',
}));

const sessionOptions: SessionOptions = {
  secrets: '<your-generated-secret>',
};

export const sessionConfig = registerAs(
  'wristbandSession',
  (): SessionOptions => sessionOptions,
);

// ADD: Auth guard configuration that enforces valid session cookie
export const authGuardConfig = registerAs(
  'wristbandAuthGuard',
  (): AuthGuardConfig => ({
    authStrategies: ['SESSION'],
    sessionConfig: { sessionOptions },
  }),
);

Register The Guard Configuration

Add the auth guard configuration to your ConfigModule in AppModule:

// src/app.module.ts

import { ConfigModule, ConfigService } from '@nestjs/config';
import { Module, NestModule, MiddlewareConsumer } from '@nestjs/common';
import { env } from 'node:process';
import { WristbandExpressAuthModule } from '@wristband/nestjs-auth';
import {
  WristbandExpressSessionMiddleware,
  WristbandExpressSessionModule
} from '@wristband/nestjs-auth/session';

// ADD: Import the guard configuration.
import { authConfig, sessionConfig, authGuardConfig } from './config/wristband.config';

@Module({
  imports: [
    ConfigModule.forRoot({
      isGlobal: true,
      // Register the guard configuration.
      load: [authConfig, sessionConfig, authGuardConfig],  // <-- ADD
      envFilePath: env.NODE_ENV === 'production' ? '' : '.env',
      ignoreEnvFile: env.NODE_ENV === 'production',
    }),
    WristbandExpressAuthModule.forRootAsync({
      imports: [ConfigModule],
      useFactory: (configService: ConfigService) => configService.get('wristbandAuth'),
      inject: [ConfigService],
    }),
    WristbandExpressSessionModule.forRootAsync({
      imports: [ConfigModule],
      useFactory: (configService: ConfigService) => configService.get('wristbandSession'),
      inject: [ConfigService],
    }),

    // ...any project-specific modules...
  ],
})

export class AppModule implements NestModule {
  configure(consumer: MiddlewareConsumer) {
    consumer.apply(WristbandExpressSessionMiddleware).forRoutes('{*splat}');
  }
}

Updated about 3 hours ago

What’s Next

Next, you'll create the necessary authentication endpoints in your NestJS server using the Wristband auth service.