Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NestJS integration should be enhanced #593

Open
MansurAliKoroglu opened this issue Jun 20, 2023 · 2 comments
Open

NestJS integration should be enhanced #593

MansurAliKoroglu opened this issue Jun 20, 2023 · 2 comments

Comments

@MansurAliKoroglu
Copy link

I have some concerns using SuperTokens with a NestJS app.

Currently SuperTokens sdk is used as a middleware. This is also described in the NestJS integration documentation of SuperTokens.

However here is how NestJS request-response cycle works.

request -> middleware -> guard -> interceptor (before) -> pipe -> controller -> service -> controller -> interceptor (after) -> filter (if applicable) -> response

With SuperTokens middleware it will work for configured SuperTokens routes just like below.

request -> middleware -> response

With that, some important aspects of the application might lose.

  1. No guards called. Guards can be used to restrict ip address, or restrict geolocation. There will be no restrictions for SuperTokens routes.
  2. No interceptors called. Interceptors can be used for metrics, all kind of analysis and logs. There will be no analysis about what Supertokens routes called with what frequency, in what times and many more.

To give an example, commonly used middlewares in NestJS are cors() and helmet() middlewares. They do not early terminate request so interceptors, guards and other middlewares also run. Note that cors() might not be the perfect example here.

So, current NestJS integration with middlewares does not seem right to me.

As an initial idea, what can be done is, creating a NestJS module with proper controllers to serve routes instead of middleware. With that, users can register the module into their apps and everything will be in the regular request-response cycle of NestJS.

NestJS prometheus package can be inspected for inspiration https://github.com/willsoto/nestjs-prometheus

However this can be a great maintenance burden for the team. Maybe outsourcing main functionality from sdk and keeping that in a base that would be used in sdk and NestJS module can greatly reduce the maintenance burden.
@rishabhpoddar
Copy link
Contributor

From @porcellus - "right now my best recommendation is to add all the ST routes the recipes you use expose into a controller in your code and add just pass the necessary params into our middleware. This will basically make our middleware run in the appropriate phase. If this solution works for you, I'm happy to help make this work."

@h4sohail
Copy link

From @porcellus - "right now my best recommendation is to add all the ST routes the recipes you use expose into a controller in your code and add just pass the necessary params into our middleware. This will basically make our middleware run in the appropriate phase. If this solution works for you, I'm happy to help make this work."

Hi, can you please give us an example of this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rishabhpoddar @h4sohail @MansurAliKoroglu