-
-
Notifications
You must be signed in to change notification settings - Fork 7.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Global app guard doesn't apply to WebSocketGateway #8060
Comments
|
@jmcdo29 We should have provided a code snippet: @Module({
imports: [
...
EventModule,
],
providers: [{
provide: APP_GUARD,
useClass: AuthGuard,
}],
})
export class AppModule { } @Module({
providers: [
EventGateway,
EventService,
],
exports: [EventService],
})
export class EventModule { } @WebSocketGateway({ path: '/events', perMessageDeflate: true, inheritAppConfig: true, transports: ['websocket'] })
export class EventGateway implements OnGatewayInit, OnGatewayConnection, OnGatewayDisconnect {
...
} The issue is that for a nested ws gateway running on path /events doesn't inherit the APP_GUARD even when setting inheritAppConfig. This feels unintuitive to me. |
I believe that the |
@jmcdo29 Any reason to not support inheritAppConfig for WebSocketGateway? Happy to turn this into a feature request. |
Other than it (possibly) being difficult to manage, nothing that I'm really seeing in an old conversation. If you'd like to make a PR for this we'd love to see it. |
In that case, we should consider that - according to the docs - guards for web sockets should fire WsExceptions, rather than the regular HTTP exceptions. That sounds like a lot of "if/elses" in our code ;) |
That's correct. |
Bug Report
Current behavior
A global app guard is applied to regular http controllers, but is not applied to websocket gateways. This can be worked around by importing the guard in the gateway module and using a
UseGuards
decorator. Without declaring theUseGuards
decorator, websocket connections and messages are accepted without being validated by the global guard.Input Code
Expected behavior
Global app guards should also apply to websocket gateways so that connections or messages to the websocket gateway are guarded like normal http handlers.
Possible Solution
No suggestions 😬
Environment
The text was updated successfully, but these errors were encountered: