Ts.ED provide a decorator @Authenticated() to implementation authentication strategy on your routes.

class MyCtrl {
  @Authenticated({role: "admin"})
  public getResource(){}


If you planed to use Passport.js, it's recommended to follow the Passport.js guide here.

To configure the authentication you have to override the default provided AuthenticatedMiddleware by creating a new file under the middleware directory.

Here an example, to override the AuthenticatedMiddleware:

import {OverrideMiddleware, AuthenticatedMiddleware} from "@tsed/common";
import {Forbidden} from "ts-httpexceptions";

export class MyAuthMiddleware implements IMiddleware {
    public use(@EndpointInfo() endpoint: EndpointMetadata,
               @Request() request: Express.Request,
               @Next() next: Express.NextFunction) { // next is optional here
        // options given to the @Authenticated decorator
        const options = endpoint.get(AuthenticatedMiddleware) || {};
        // options => {role: 'admin'}
        if (!request.isAuthenticated()) { // passport.js
          throw new Forbidden("Forbidden")  


By default, the server import automatically your middlewares matching with this rules ${rootDir}/middlewares/**/*.ts (See componentScan configuration).

├── src
│   ├── controllers
│   ├── services
│   ├── middlewares
│   └── Server.ts
└── package.json

If not, just import your middleware in your server or edit the componentScan configuration.

import {ServerLoader, ServerSettings} from "@tsed/common";
import "./src/other/directory/MyAuthMiddleware";

export class Server extends ServerLoader {