Nestjs websocket gateway, how to parse signed cookies from handshake for guard authorization?

Question

My guard contains the following code:

    let client: Socket = context.switchToWs().getClient();
    const sessionCookie = client.handshake.headers.cookie
      .split('; ')
      .find((cookie: string) => cookie.startsWith('session'))
      .split('=')[1];

    const sessionId = cookieParser.signedCookie(
      sessionCookie,
      process.env.CryptoKey,
    );

    console.log('SESSION ID',sessionId);

The resulting sessionId is still signed after calling cookieParse.signedCookie();

client.request.cookies and signedCookies are both undefined.

The session id is there and the cookie is being sent by the browser but I am unable to parse it in the gateway.

score 5 · Accepted Answer · answered Mar 14 '20 at 13:59

I had the same issue and found the answer. Your code is close, but the reason cookieParser.signedCookie(...) returns the signed cookie again is because some characters in the cookie value are encoded. So it doesn't detect the string as a signed cookie.

To fix this, you have to pass decodeURIComponent(sessionCookie) to the cookieParser instead.

    let client: Socket = context.switchToWs().getClient();
    const sessionCookie = client.handshake.headers.cookie
      .split('; ')
      .find((cookie: string) => cookie.startsWith('session'))
      .split('=')[1];

    const sessionId = cookieParser.signedCookie(
      decodeURIComponent(sessionCookie),
      process.env.CryptoKey,
    );

    console.log('SESSION ID',sessionId);

score 1 · Answer 2 · edited Dec 27 '22 at 14:01

1

In addition to above this:

client.handshake.headers.cookie?.split('; ')

Optional chaining (.?) is needed because there is possibility.

edited Dec 27 '22 at 14:01

Tyler2P

2,324
26
22
31

answered Dec 27 '22 at 11:03

MINSOO KIM

11
1

Nestjs websocket gateway, how to parse signed cookies from handshake for guard authorization?

2 Answers2