HTTP guard that validates the Authorization: Bearer <token> header on every incoming request.
Authorization: Bearer <token>
The comparison is performed in constant time via timingSafeEqual to mitigate timing-based token enumeration attacks.
MTLS between the upstream NGINX reverse proxy and the client is handled entirely by NGINX; this guard only validates the application-level token.
Private
Readonly
Returns true when the request carries a valid Bearer token, otherwise throws UnauthorizedException.
true
NestJS execution context providing access to the HTTP request.
true if authentication succeeds.
If the header is missing, malformed, or the token is invalid.
HTTP guard that validates the
Authorization: Bearer <token>header on every incoming request.The comparison is performed in constant time via timingSafeEqual to mitigate timing-based token enumeration attacks.
MTLS between the upstream NGINX reverse proxy and the client is handled entirely by NGINX; this guard only validates the application-level token.