Two years ago, I wrote a post about protecting API endpoints of a Nestjs application. To summarize it:
- use the declarative approach of Nestjs and protect the whole application by default behind a guard.
- provide your project with a decorator that you can add on controllers and controllers' methods to opt out of the default guard protection.
I realized there was a nicer syntax than @SetMetadata(AUTH_GUARD_CONFIG, { disabled: true } as AuthGuardConfig)
. Simply create a function that does it, just with a much better name:
export const AllowUnauthorized = () => SetMetadata(AUTH_GUARD_CONFIG, { disabled: true } as AuthGuardConfig);
That's it!