c4d7ad1833
With the NestJS ws adapter, the JWT token URL is on the HTTP upgrade request (second arg to handleConnection), not on the WebSocket client object. client.url was undefined, new URL(undefined) threw, catch returned null, and every connection got 4001 Unauthorized. Fix: Pass the IncomingMessage req to validateClient and prefer req.url. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
21 lines
649 B
TypeScript
21 lines
649 B
TypeScript
import { Injectable } from '@nestjs/common';
|
|
import { JwtService } from '@nestjs/jwt';
|
|
import { WsException } from '@nestjs/websockets';
|
|
|
|
@Injectable()
|
|
export class WsAuthGuard {
|
|
constructor(private jwt: JwtService) {}
|
|
|
|
validateClient(client: any, req?: any): { sub: number; email: string } | null {
|
|
try {
|
|
const rawUrl = req?.url || client.url || client._url;
|
|
const url = new URL(rawUrl, 'http://localhost');
|
|
const token = url.searchParams.get('token');
|
|
if (!token) throw new WsException('No token');
|
|
return this.jwt.verify(token) as { sub: number; email: string };
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
}
|