Closed saulotoledo closed 3 years ago
As a side note, I want to highlight that there is a Typescript typing issue while using app.register()
:
Argument of type 'typeof import("/Users/saulos/FreeSoftware/sample-nest-project/node_modules/fastify-helmet/index")' is not assignable to parameter of type
'FastifyPlugin<{ dnsPrefetchControl: boolean; frameguard: boolean; hidePoweredBy: boolean; ieNoOpen: boolean; noCache: boolean; noSniff: boolean; permittedCrossDomainPolicies: boolean; referrerPolicy: boolean; xssFilter: boolean; }>'.
Type 'typeof import("/Users/saulos/FreeSoftware/sample-nest-project/node_modules/fastify-helmet/index")' is not assignable to type
'FastifyPluginAsync<{ dnsPrefetchControl: boolean; frameguard: boolean; hidePoweredBy: boolean; ieNoOpen: boolean; noCache: boolean; noSniff: boolean; permittedCrossDomainPolicies: boolean; referrerPolicy: boolean; xssFilter: boolean; }, Server>'.
Type 'typeof import("/Users/saulos/FreeSoftware/sample-nest-project/node_modules/fastify-helmet/index")' provides no match for the signature
'(instance: FastifyInstance<Server, IncomingMessage, ServerResponse, FastifyLoggerInstance>, opts: { ...; }): Promise<...>'
I did not have the time to investigate wether this is a nest issue or not yet, but if someone starts working on this issue, he/she must be aware that an error will be triggered here. Possible solutions:
//@ ts-ignore
before app.register(fastifyHelmet)
app.getHttpAdapter().getInstance().register(fastifyHelmet)
instead (no need for the ignore, but not type safe)@saulotoledo would you be able to provide a minimum reproduction repository for this TS issue?
Also, do you want to create a PR to the docs with a hint about fastify-helmet
instead of helmet
(when fastify is used)?
Hi @kamilmysliwiec. Thanks for your answer. A reproducible example: https://repl.it/@saulotoledo/NestJSFastifyTypingIssue
Regarding the docs, I will do it until the end of this week.
@kamilmysliwiec, the typing issue is solved by upgrading to fastify-helmet v5.0.0, released 2 days ago. It is not a problem in Nest. :)
@saulotoledo wrote
As a side note, I want to highlight that there is a Typescript typing issue while using
app.register()
:Argument of type 'typeof import("/Users/saulos/FreeSoftware/sample-nest-project/node_modules/fastify-helmet/index")' is not assignable to parameter of type 'FastifyPlugin<{ dnsPrefetchControl: boolean; frameguard: boolean; hidePoweredBy: boolean; ieNoOpen: boolean; noCache: boolean; noSniff: boolean; permittedCrossDomainPolicies: boolean; referrerPolicy: boolean; xssFilter: boolean; }>'. Type 'typeof import("/Users/saulos/FreeSoftware/sample-nest-project/node_modules/fastify-helmet/index")' is not assignable to type 'FastifyPluginAsync<{ dnsPrefetchControl: boolean; frameguard: boolean; hidePoweredBy: boolean; ieNoOpen: boolean; noCache: boolean; noSniff: boolean; permittedCrossDomainPolicies: boolean; referrerPolicy: boolean; xssFilter: boolean; }, Server>'. Type 'typeof import("/Users/saulos/FreeSoftware/sample-nest-project/node_modules/fastify-helmet/index")' provides no match for the signature '(instance: FastifyInstance<Server, IncomingMessage, ServerResponse, FastifyLoggerInstance>, opts: { ...; }): Promise<...>'
I did not have the time to investigate wether this is a nest issue or not yet, but if someone starts working on this issue, he/she must be aware that an error will be triggered here. Possible solutions:
* use `//@ ts-ignore` before `app.register(fastifyHelmet)` * use `app.getHttpAdapter().getInstance().register(fastifyHelmet)` instead (no need for the ignore, but not type safe)
Both Workarounds fail, the first one with //@ ts-ignore
:
server/src/main.ts:20:16 - error TS2345: Argument of type 'typeof import("/home/marc/pacta/space/node_modules/fastify-helmet/index")' is not assignable to parameter of type 'FastifyPlugin<FastifyPluginOptions>'.
Type 'typeof import("/home/marc/pacta/space/node_modules/fastify-helmet/index")' is not assignable to type 'FastifyPluginAsync<FastifyPluginOptions, Server>'.
Type 'typeof import("/home/marc/pacta/space/node_modules/fastify-helmet/index")' provides no match for the signature '(instance: FastifyInstance<Server, IncomingMessage, ServerResponse, FastifyLoggerInstance>, opts: FastifyPluginOptions): Promise<...>'.
20 app.register(helmet);
~~~~~~
The second also fails:
server/src/main.ts:22:24 - error TS2339: Property 'register' does not exist on type 'HttpServer<any, any>'.
22 app.getHttpAdapter().register(helmet);
Code:
import { NestFactory } from '@nestjs/core';
import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
import {
FastifyAdapter,
NestFastifyApplication,
} from '@nestjs/platform-fastify';
import { AppModule } from './app.module';
import { ValidationPipe } from '@nestjs/common';
import * as helmet from 'fastify-helmet';
import * as csurf from 'csurf';
const path = require('path');
async function bootstrap() {
const app = await NestFactory.create<NestFastifyApplication>(
AppModule,
new FastifyAdapter(),
);
app.enableCors();
//@ ts-ignore
//app.register(helmet);
//console.log({ helmet });
app.getHttpAdapter().register(helmet);
app.use(csurf());
app.useGlobalPipes(new ValidationPipe());
const options = new DocumentBuilder()
.setTitle('Pacta.Space')
.setDescription('Pacta.Space API definition')
.setVersion('0.1')
.build();
const document = SwaggerModule.createDocument(app, options);
SwaggerModule.setup('api', app, document);
app.useStaticAssets({
root: path.join(__dirname, '..', 'dist', 'client'),
prefix: '/',
});
await app.listen(Number(process.env.PORT ?? 4000), '0.0.0.0');
}
bootstrap();
So I cannot use fastify-helmet at all. :-(
I know this issue has been closed a long time ago, but I'm on fastify-helmet version 5.0.3 and this issue just occured for me. I think it's because of the default export. The documentation here says to register the whole imported helmet object, but instead you need to call either default or the fastifyHelmet callback.
Here's an example of my working configuration:
const fastify = new FastifyAdapter();
fastify.register(compression);
fastify.register(helmet.fastifyHelmet);
const app = await NestFactory.create<NestFastifyApplication>(AppModule, fastify);
const ms = app.connectMicroservice({
transport: Transport.RMQ,
options: {
urls: ['amqp://localhost:5672'],
queue: 'cats_queue',
queueOptions: {
durable: false
},
}
});
Feature Request
Is your feature request related to a problem? Please describe.
Nest documentation describes how to use
helmet
at https://docs.nestjs.com/techniques/security#helmetHowever,
helmet
does not work with Fastify the way it is described in the documentation. The following error will be triggered:Describe the solution you'd like
There is a package called fastify-helmet, a port from
helmet
tofastify
. The documentation should have instructions regarding how to use it.app.use(fastifyHelmet)
does not work for that module.app.register(fastifyHelmet)
should be used instead.