typescript
32 lines · 6 steps
Building a @CurrentUser decorator in NestJS
A custom parameter decorator pulls the authenticated user off the request and lets handlers grab the whole object or a single field.
Explained by
highlit
1import {
2 createParamDecorator,
3 ExecutionContext,
4 UnauthorizedException,
5} from '@nestjs/common';
6import { Request } from 'express';
7
8export interface AuthenticatedUser {
9 id: string;
10 email: string;
11 roles: string[];
12}
13
14interface RequestWithUser extends Request {
15 user?: AuthenticatedUser;
16}
17
18export const CurrentUser = createParamDecorator(
19 (
20 field: keyof AuthenticatedUser | undefined,
21 ctx: ExecutionContext,
22 ): AuthenticatedUser | AuthenticatedUser[keyof AuthenticatedUser] => {
23 const request = ctx.switchToHttp().getRequest<RequestWithUser>();
24 const user = request.user;
25
26 if (!user) {
27 throw new UnauthorizedException('No authenticated user on request');
28 }
29
30 return field ? user[field] : user;
31 },
32);
01 / 01
STEP 01
‹ swipe to step through ›
Walkthrough
Space play
←→ step
click any line
Three takeaways
- 1Custom parameter decorators keep controllers clean by extracting request data in one reusable place.
- 2Using keyof lets a single decorator return either the whole object or a typed subfield.
- 3Guarding for a missing user inside the decorator centralizes the auth check instead of repeating it per handler.
Related explainers
typescript
type User = { id: number; email: string; roles: string[];
Validating API data with TypeScript type guards
type-guards
runtime-validation
type-narrowing
Intermediate
8 steps
python
from functools import lru_cache import math
Memoizing number theory with lru_cache
memoization
number-theory
caching
Intermediate
8 steps
typescript
import { inject } from '@angular/core'; import { CanActivateFn, Router,
Functional route guards in Angular
route-guards
dependency-injection
observables
Intermediate
5 steps
rust
use axum::{ body::Bytes, extract::State, http::{HeaderMap, StatusCode},
Verifying Stripe webhook signatures in Axum
hmac
webhooks
constant-time-comparison
Intermediate
8 steps
php
<?php namespace App\Http\Controllers\Auth;
Rate-limited login in Laravel
authentication
rate-limiting
validation
Intermediate
9 steps
typescript
import { CanActivate, ExecutionContext, Injectable,
Role-based route guards in NestJS
authorization
decorators
metadata-reflection
Intermediate
8 steps
Share this explainer
Here's the card — post it anywhere.
Made with highlit — turn any snippet into a walkthrough like this in about a minute.
Explain your code
Embed this explainer
Drop the interactive walkthrough into a blog or docs. Views never cost a credit.
<iframe src="https://highlit.co/explainers/building-a-currentuser-decorator-in-nestjs-explained-typescript-4cdb/embed?autoplay=1" width="100%" height="520" loading="lazy" style="border:0"></iframe>
Autoplay is on by default — add ?autoplay=0 to start paused.