♻️ 校验token通过后，不再去数据库查询用户是否存在，避免每次请求都去查询数据库

2023-02-17 11:49:16 +08:00 · 2023-02-17 11:49:16 +08:00 · b166294b6b
commit b166294b6b
parent 57a41e30b6
7 changed files with 33 additions and 35 deletions
--- a/src/auth/auth.controller.ts
+++ b/src/auth/auth.controller.ts
@ -3,14 +3,17 @@ import { AuthService } from './auth.service'
 import { CreateUserDto } from 'src/users/dto/create-user.dto'
 import { ApiTags } from '@nestjs/swagger'
 import { LoginInputDto } from './dto/login-input.dto'
-import { UserEntity } from 'src/users/entities/user.entity'
-import { User } from 'src/common/decorators/user.decorator'
+import { Token } from 'src/common/decorators/token.decorator'
 import { NeedAuth } from 'src/common/decorators/need-auth.decorator'
+import { UsersService } from 'src/users/users.service'

@ApiTags('auth')
@Controller()
 export class AuthController {
-  constructor(private readonly authService: AuthService) {}
+  constructor(
+    private readonly authService: AuthService,
+    private readonly userService: UsersService,
+  ) {}

  @Post('api/register')
  async register(@Body() userData: CreateUserDto) {
@ -24,7 +27,8 @@ export class AuthController {

  @NeedAuth()
  @Get('api/profile')
-  async getUserInfo(@User() user: UserEntity) {
+  async getUserInfo(@Token('userId') userId: string) {
+    const user = await this.userService.findUser({ id: userId })
    return user
  }
 }
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@ -1,6 +1,6 @@
 import { Injectable, BadRequestException } from '@nestjs/common'
 import { PasswordService } from 'src/users/password.service'
-import { Token } from './dto/token.dto'
+import { Token, TokenPayload } from './dto/token.dto'
 import { JwtService } from '@nestjs/jwt'
 import { ConfigService } from '@nestjs/config'
 import { UsersService } from 'src/users/users.service'
@ -34,7 +34,7 @@ export class AuthService {
    return this.generateTokens({ userId: user.id })
  }

-  private generateTokens(payload: { userId: string }): Token {
+  private generateTokens(payload: TokenPayload): Token {
    const accessToken = this.jwtService.sign(payload, {
      secret: this.configService.get<string>(
        'JWT_ACCESS_SECRET',
--- a/src/auth/dto/token.dto.ts
+++ b/src/auth/dto/token.dto.ts
@ -7,3 +7,7 @@ export class Token {
  @ApiProperty()
  refreshToken: string
 }
+
+export class TokenPayload {
+  userId: string
+}
--- a/src/auth/strategies/jwt.strategy.ts
+++ b/src/auth/strategies/jwt.strategy.ts
@ -1,29 +1,19 @@
 import { Strategy, ExtractJwt } from 'passport-jwt'
 import { PassportStrategy } from '@nestjs/passport'
-import { Injectable, UnauthorizedException } from '@nestjs/common'
+import { Injectable } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
-import { User } from '@prisma/client'
-import { PrismaService } from 'nestjs-prisma'
+import { TokenPayload } from '../dto/token.dto'

@Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
-  constructor(
-    private prismaService: PrismaService,
-    readonly configService: ConfigService,
-  ) {
+  constructor(readonly configService: ConfigService) {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      secretOrKey: configService.get('JWT_ACCESS_SECRET', 'JWT_ACCESS_SECRET'),
    })
  }

-  async validate(payload: { userId: string }): Promise<User> {
-    const user = await this.prismaService.user.findUnique({
-      where: { id: payload.userId },
-    })
-    if (!user) {
-      throw new UnauthorizedException()
-    }
-    return user
+  async validate(payload: TokenPayload) {
+    return payload
  }
 }
--- a/src/common/decorators/token.decorator.ts
+++ b/src/common/decorators/token.decorator.ts
@ -0,0 +1,12 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common'
+import { type Request } from 'express'
+import { TokenPayload } from 'src/auth/dto/token.dto'
+
+export const Token = createParamDecorator(
+  (key: keyof TokenPayload, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest<Request>()
+    const token = request.user as TokenPayload
+
+    return key ? token?.[key] : token
+  },
+)
--- a/src/common/decorators/user.decorator.ts
+++ b/src/common/decorators/user.decorator.ts
@ -1,12 +0,0 @@
-import { createParamDecorator, ExecutionContext } from '@nestjs/common'
-import { type Request } from 'express'
-import { UserEntity } from 'src/users/entities/user.entity'
-
-export const User = createParamDecorator(
-  (key: string, ctx: ExecutionContext) => {
-    const request = ctx.switchToHttp().getRequest<Request>()
-    const user = request.user as UserEntity
-
-    return key ? user?.[key] : user
-  },
-)
--- a/src/common/guards/jwt-auth.guard.ts
+++ b/src/common/guards/jwt-auth.guard.ts
@ -15,11 +15,11 @@ export class JwtAuthGuard extends AuthGuard('jwt') {
  }

  canActivate(context: ExecutionContext) {
-    const isPublic = this.reflector.getAllAndOverride<boolean>(SKIP_AUTH_KEY, [
+    const skipAuth = this.reflector.getAllAndOverride<boolean>(SKIP_AUTH_KEY, [
      context.getHandler(),
      context.getClass(),
    ])
-    if (isPublic) {
+    if (skipAuth) {
      return true
    }
    return super.canActivate(context)