Authorization & RBAC
Role-based access control, custom guards, decorators, permissions, resource ownership
1What is RBAC (Role-Based Access Control)?
What is RBAC (Role-Based Access Control)?
Risposta
RBAC is an access control system that grants permissions to users based on their roles. Instead of managing permissions individually for each user, RBAC groups permissions into roles (e.g., ADMIN, USER, MANAGER) and assigns these roles to users. This simplifies access management in applications, particularly useful in NestJS with custom guards and metadata decorators.
2What is the difference between authentication and authorization?
What is the difference between authentication and authorization?
Risposta
Authentication verifies the user's identity (who are you?), typically via login/password or JWT token. Authorization verifies the user's permissions (what can you do?), controlling access to resources based on roles or permissions. In NestJS, authentication often uses JwtAuthGuard, while authorization uses custom guards like RolesGuard to check access rights.
3Which NestJS decorator allows creating a custom guard?
Which NestJS decorator allows creating a custom guard?
Risposta
To create a custom guard in NestJS, create a class decorated with @Injectable() that implements the CanActivate interface. This interface requires the canActivate(context: ExecutionContext) method that returns a boolean or Promise. The guard can then be applied to routes with @UseGuards(). This architecture allows injecting dependencies (services, repositories) into the guard to perform complex validations.
In RBAC, what does a 'permission' represent?
How to attach a guard to a controller in NestJS?
+17 domande da colloquio
Altri argomenti di colloquio Node.js / NestJS
Node.js Fundamentals
Node.js Core APIs
Asynchronous Programming
Express.js Basics
NestJS Fundamentals
REST API Design
Validation & DTO
API Documentation & Contracts
Error Handling
Unit Testing
Task Scheduling
NestJS Modules & DI
Configuration & Environment Management
JWT Authentication
Database with TypeORM
Prisma ORM
Middleware & Interceptors
File Upload
WebSockets
GraphQL with NestJS
End-to-End Testing
Caching with Redis
Queues with Bull
DevOps, Logging & CI/CD
Docker & Containerization
Microservices
Security Best Practices
Performance & Cloud Deployment
Padroneggia Node.js / NestJS per il tuo prossimo colloquio
Accedi a tutte le domande, flashcards, test tecnici, esercizi di code review e simulatori di colloquio.
Inizia gratis