nidomiro
diff --git a/‎packages/examples/nestjs-guard/README.md‎
Lines changed: 27 additions & 0 deletions b/‎packages/examples/nestjs-guard/README.md‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎packages/examples/nestjs-guard/src/app/guard/keto-guard.ts‎
Lines changed: 6 additions & 4 deletions b/‎packages/examples/nestjs-guard/src/app/guard/keto-guard.ts‎
Lines changed: 6 additions & 4 deletions
@@ -0,0 +1,27 @@
+# relation-tuple-parser/examples/nestjs-guard
+
+## Startup
+
+Start Keto:
+
+```bash
+docker-compose up
+```
+
+Start nestjs-app:
+
+```bash
+nx serve examples-nestjs-guard
+```
+
+Urls:
+
+-   Allowed access: http://localhost:3333/api?userId=user1
+-   Allowed access: http://localhost:3333/api?userId=user2
+-   Forbidden access: http://localhost:3333/api?userId=user3
+-   Forbidden access: http://localhost:3333/api
+
+## Files
+
+-   [src/app/app.controller.ts](./src/app/app.controller.ts): Contains the secured endpoint
+-   [src/app/guard/keto-guard.ts](./src/app/guard/keto-guard.ts): Contains guard that protects the app
@@ -20,8 +20,10 @@ export class KetoGuard implements CanActivate {
 			return false // Deny every request by default
 		}
 
-		let userId = this.getUserId(ctx)
-		const ketoResult = await this._ketoReadClient.validateRelationTuple(relationTuple, { userId })
+		const userId = this.getUserId(ctx)
+		const ketoResult = await this._ketoReadClient.validateRelationTuple(relationTuple, {
+			userId: userId ?? 'Unauthorized',
+		})
 
 		if (ketoResult.hasError()) {
 			const { error } = ketoResult
@@ -45,14 +47,14 @@ export class KetoGuard implements CanActivate {
 	 * @param ctx
 	 * @private
 	 */
-	private getUserId(ctx: HttpArgumentsHost) {
+	private getUserId(ctx: HttpArgumentsHost): string | null {
 		const request = ctx.getRequest<IncomingMessage>()
 		const { userId: rawUserId } = Url.parse(request.url, true).query
 
 		if (Array.isArray(rawUserId)) {
 			return rawUserId[0]
 		} else {
-			return rawUserId
+			return rawUserId ?? null
 		}
 	}
 }