GateKeeper is responsible for handling and resolving the data from incomming requests.


@GateKeeper has 2 arguments the first one is SecureContext class and the second is AuthResolver object.

@GateKeeper(AuthContext, AuthContextResolver)
export class AppModule {}


Let's create a file src/context/auth.context.ts

import { HttpRequest } from '@heronjs/express';
import { SecureContext, SecureProperty } from '@heronjs/common';
import { Observable, of } from 'rxjs';
export class AuthContext implements SecureContext<JWTToken, SecureProperty> {
    OnGuard(data: JWTToken): Observable<SecureProperty> {
        //...convert <auth> data to SecureProperty object
        return of(
            auth || {
                roles: ['admin', 'moderator'],
                permissions: ['view-naughty-movies'],

Now we have 2 properties roles and permissions for @Guard decorator


AuthResolver will resolver and working like a interceptor on every requests. AuthResolver is an extened interface from IResolver

AuthResolver has 2 optional variables but required in the case http and ws

httpheader,cookie,sessionTupleIt's a tuple type with first argument is HttpInComing and the last is a http header variables
wshandshake, headerTupleIt's a tuple type with first argument is WebSocketInComing and the last is handshake.auth variables

The @heronjs/common module has JWTResolver class for working with JWT

export const AuthContextResolver: AuthResolver<JWTToken> = {
    http: ['header', 'authorization'],
    ws: ['handshake', 'token'],
    resolve: async (data?: string): Promise<Any> => {
        console.log('resolver data ' + data);
        return data;


Guards are responsible for handling and protecting the controller access.

Protecting Resources

To protecting the api route inside a controller. We can use @Guard to define the routing access.

  • @Guard Support multiple conditions checking
import { Rest } from '@heronjs/common';
export class TodoController {
    @Get({ uri: '/'})
    @Guard({ roles: ['admin'], permissions: ['add-todo'] })
    public async findAll(): Promise<TodoModel> {
        return ['todo1'];