DEV Community

Building NestJS app boilerplate - Authentication, Validation, GraphQL and Prisma

Nikita Kot on October 22, 2019

The boilerplate app created by this tutorial is here. ⚠️⚠️⚠️ Update - 06 April 2020 NestJS version 7 was recently released. Many thanks...

Read full post

John Biundo • Apr 5 '20

Nikita, thanks for the great tutorial. I am running this 1.5 years after you wrote it 😄 and with Nest v7. So there were a couple of issues I had to fix:

Installing graphql@latest (15.0) caused some sort of problem for me. I haven't quite sorted it out, so I fell back to ^14.6.0 to avoid that problem.

With Nest 7, there's a breaking change to createParamDecorator. Here's the change I made to src/shared/decorators/decorators.ts to make it work:

import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { GqlExecutionContext } from '@nestjs/graphql';

import { Response } from 'express';
import { User } from '../../../generated/prisma-client';

export const ResGql = createParamDecorator(
  (data: unknown, context: ExecutionContext): Response =>
    GqlExecutionContext.create(context).getContext().res,
);

export const GqlUser = createParamDecorator(
  (data: unknown, context: ExecutionContext): User => {
    const ctx = GqlExecutionContext.create(context).getContext();
    return ctx.req && ctx.req.user;
  },
);

Nikita Kot • Apr 5 '20 • Edited

Hi John! Thanks for sharing this! I'll update the article and the repo in near future. By the way, there is prisma 2 beta release out, haven't checked it yet, but I'm pretty sure some bigger changes have to be done for the upgrade too.

John Biundo • Apr 5 '20

Sounds good. Figured I'd post the code that worked for me as a stop gap in case others run into it.

Valère BRON • Mar 15 '20

Hi Nikita Gr8 Article ... but Express can't write token'cookie !

this line of code seems ok : "res.cookie('token', jwt, { httpOnly: true });" in auth.resolver.ts,
and the token is correctly generated but no cookie is created in client side...

Nikita Kot • Mar 15 '20

Please check your graphql playground settings in the browser. You should have "request.credentials": "same-origin" set there to allow CORS.

Valère BRON • Mar 16 '20 • Edited

Indeed, that works

Nikita Kot • Mar 15 '20

P.S. If you are not using graphql playground and calling the server from a front-end application served from another server (different domain/port/etc.) you need to enable cors on the nestjs server (not described in the article). To do it simply add these lines to your main.ts file to the bootstrap function.

app.enableCors({
    credentials: true,
    origin: true,
  });

Valère BRON • Mar 16 '20

Cors was the problem yes, thanks again for these speed responses !

abumalick • Nov 7 '20

Thank you very much for your tutorial, it was very helpful.

In Nest v7 you don't really need to create custom Decorators, you can use the @Context decorator from graphql package:

import {Args, Context, Mutation, Resolver} from '@nestjs/graphql'

// and in your mutation:
@Mutation()
  async login(
    @Args('loginInput') { email, password }: LoginInput,
    @Context('res') res: Response,
  ) {

Thank you again

otarbes • Apr 19 '23

Hi Nikita! Thanks for sharing this. We would love to have your input on our last opensource project leveraging Prisma to add generative capabilities to Nest!

Traxion 🎉 a 100% open-source Generative Toolkit for NestJS Developers ! It helps you accelerate your NestJS projects with generative capabilities while maintaining total control over your code. Features 🌟: Data management with Prisma, Instant GraphQL API, Role-Based Access Control, Official Packages including Dev-Kit, Nest-Authentication, Nest-Authorization, and Nest-Utilities.

Check it out at github.com/tractr/traxion
We'd love to hear your feedback!

Cheers

Edertxo • Jan 29 '20

That help me a lot, thanks! :D

Elie • Apr 13 '20

Is this the best approach for log out?

  @Mutation(() => Boolean)
  async logOut(@ResGql() res: Response) {
    res.cookie('token', '', { httpOnly: true })
    return true
  }

Nikita Kot • Apr 14 '20

Hi Elie,

This looks like as the easiest solution. Or you can implement something like token blacklist. More here.

Valerii Kuzivanov • Mar 8 '20 • Edited

Great article Nikita, but authorization doesnt work properly due to problems with cookiest. I can see Set-Cookie header, but it does not add cookie to your browser storage.
github.com/apollographql/apollo-cl...

Nikita Kot • Mar 13 '20

Thanks! About authorisation - take a look at src/main.ts. I'm using external cookieParser library to parse cookies. You sure you also installed it?