Skip to content

Feature/global jwt auth guard#587

Merged
Xhristin3 merged 5 commits into
Gatheraa:mainfrom
Glam26:feature/global-jwt-auth-guard
Jun 28, 2026
Merged

Feature/global jwt auth guard#587
Xhristin3 merged 5 commits into
Gatheraa:mainfrom
Glam26:feature/global-jwt-auth-guard

Conversation

@Glam26

@Glam26 Glam26 commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Here's a summary of the changes made:

  1. Registered JwtAuthGuard Globally:
    • Created the @public() decorator at public.decorator.ts.
    • Updated jwt-auth.guard.ts to utilize Reflector so it skips endpoints
    marked with the @public() decorator.
    • Updated main.ts to register the JwtAuthGuard globally via
    app.useGlobalGuards(new JwtAuthGuard(app.get(Reflector))) .
  2. Added a Controller-Level Test:
    • Created global-guard.e2e-spec.ts with two endpoints: one protected by
    default
    and one exposed by @public() . The test verifies that unauthenticated
    requests to the protected route return 401 Unauthorized , while the
    public route works perfectly.
  3. Documented the Pattern:
    • Created auth.md explaining how the global JWT guard works and
    provides an example for explicit opt-outs using the @public()
    decorator.
    closes [backend][security] Auth module's JWT verification is not registered globally #530

@Xhristin3 Xhristin3 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Xhristin3 Xhristin3 merged commit f951296 into Gatheraa:main Jun 28, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[backend][security] Auth module's JWT verification is not registered globally

3 participants