Health check module: pingCheck() - bypass useGuards | NestJS | Page 1

calm obsidian Aug 3, 2023, 11:25 AM

#

In the health check module (Healthchecks Terminus), I created a custom indicator that sends a POST request using axios. But the endpoint that receives this POST request has guards in place. I want to bypass these guards when the request is made from the health check module, any idea how can I achieve this ?

#

Health check module: pingCheck() - bypass useGuards

swift vessel Aug 3, 2023, 1:38 PM

#

In the authentication section, there's a segment about applying the jwt guard globally, that shows how you can create a custom decorator to apply metadata to the route handler and retrieve that metadata in the guard and skip if it's present. Sounds like what you're looking for

calm obsidian Aug 3, 2023, 2:56 PM

#

Check out this code snippet
`@Controller('health-check')
@UseGuards(SkipGuardsGuard)
export class HealthCheckController {
constructor(
private health: HealthCheckService,
private http: HttpHealthIndicator,
private db: MongooseHealthIndicator,
) {}

@Get()
@HealthCheck()
check() {
return this.health.check([

  () => this.db.pingCheck('database', { timeout: 300 }),
  () => this.http.pingCheck('list roles','http://localhost:5001/api/roles/list'),
]);

}
}`

#

For example this endpoint "http://localhost:5001/api/roles/list" is protected by a JWT auth guard.
Even if we use @UseGuards(SkipGuardsGuard) in the health check controller, we may still encounter a 403 Forbidden error.
To overcome this, we need to use @UseGuards(SkipGuardsGuard) in the roles controller where the protected endpoint exists.
Additionally, we should add a custom header to the request, which will trigger the SkipGuardsGuard decorator.
By applying the SkipGuardsGuard to the roles controller and providing the custom header,
we can conditionally bypass the JWT auth guard and allow the health check to run without interference from other guards.
If I'm wrong, correct me

swift vessel Aug 3, 2023, 2:57 PM

#

Right, because you don't need to apply a new guard. You apply new logic to the existing guards to check for the skip metadata and if it exists you short the guard's execution by returning true

cunning locust Aug 3, 2023, 3:54 PM

#

Here's the documentation guide Jay mentioned earlier: https://docs.nestjs.com/security/authentication#enable-authentication-globally

calm obsidian Aug 3, 2023, 4:39 PM

#

Yes, I see, but I need this endpoint to be public only if it's called from the health check module. How can I tell if it's called from the health check module?
Will adding a custom header do the job?

swift vessel Aug 3, 2023, 4:43 PM

#

but I need this endpoint to be public only if it's called from the health check module
What do you mean by this?

#

You generally don't want anyone calling /api/roles/list, only the GET /health-check?

#

Why have that endpoint in the first place then? Why not call the service directly?

#Health check module: pingCheck() - bypass useGuards