Override Authentication

The annotation @Authenticated() use the AuthenticatedMiddleware to check the authentication strategy.

To customise this behavior, the right way is to override the default AuthenticatedMiddleware then implement directly your authentication strategy (with passport.js for example).

Use case

class MyCtrl {
  @Authenticated({role: "admin"})
  public getResource(){}


import {OverrideMiddleware, AuthenticatedMiddleware} from "@tsed/common";
import {Forbidden} from "ts-httpexceptions";

export class MyAuthMiddleware implements IMiddleware {
    public use(@EndpointInfo() endpoint: EndpointMetadata,
               @Request() request: Express.Request,
               @Response() response: Express.Response,
               @Next() next: Express.NextFunction) { // next is optional
        // options given to the @Authenticated decorator
        const options = endpoint.get(AuthenticatedMiddleware) || {};
        // options => {role: 'admin'}
        if (!request.isAuthenticated()) { // passport.js
          throw new Forbidden("Forbidden")  


By default, the server import automatically your middlewares matching with this rules ${rootDir}/middlewares/**/*.ts (See componentScan configuration).

├── src
│   ├── controllers
│   ├── services
│   ├── middlewares
│   └── Server.ts
└── package.json

If not, just import your middleware in your server or edit the componentScan configuration.

import {ServerLoader, ServerSettings} from "@tsed/common";
import "./src/other/directory/MyAuthMiddleware";

export class Server extends ServerLoader {