A robust and scalable authentication microservice built with NestJS, featuring comprehensive user management, JWT-based authentication, and secure password handling.
-
🔐 Complete Authentication System
- User registration and login
- JWT access and refresh token mechanism
- Secure password hashing with bcrypt
- Token refresh and revocation
-
👥 User Management
- User CRUD operations
- Complete role and permission system with CASL
- Email and username uniqueness validation
- User profile management
- Granular permission controls
-
🛡️ Security First
- Password strength validation
- JWT token security with configurable expiration
- Refresh token rotation
- Secure database schema design
-
🏗️ Modern Architecture
- Modular NestJS structure
- Drizzle ORM for type-safe database operations
- PostgreSQL database with migrations
- CASL for authorization and ability management
- Clean separation of concerns
- Swagger API documentation
- Users: Core user information with assigned roles
- Roles: Role definitions with associated permissions
- Permissions: Granular permission definitions for actions and resources
- Passwords: Secure password storage (hashed)
- Refresh Tokens: JWT refresh token management
- Node.js >= 18
- PostgreSQL >= 13
- npm or yarn
- Clone the repository
- Install dependencies:
npm install- Set up PostgreSQL database
- Create and configure your
.envfile (see below) - Run database migrations:
npm run db:migrate- Seed the database (optional):
npm run db:seed- Start the development server:
npm run start:devCreate a .env file in the root directory:
# Database
DATABASE_URL=postgresql://username:password@localhost:5432/auth_service
# JWT Configuration
JWT_SECRET=your-super-secret-jwt-key
JWT_EXPIRES_IN=15m
JWT_REFRESH_SECRET=your-super-secret-refresh-key
JWT_REFRESH_EXPIRES_IN=7d
# Application
PORT=3000
NODE_ENV=development- Access Tokens: Short-lived (15 minutes) for API access
- Refresh Tokens: Long-lived (7 days) for token renewal
- Token Rotation: Refresh tokens are rotated on each use
- Secure Storage: Tokens use strong secrets and proper signing
- bcrypt Hashing: Industry-standard password hashing
- Salt Rounds: Configurable salt rounds for performance tuning
- Password Validation: Server-side validation for password strength
- Prepared Statements: Protection against SQL injection
- Type Safety: Drizzle ORM ensures type-safe database operations
- Schema Validation: Zod-based validation for all inputs
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
This project is licensed under the UNLICENSED License.
Built with ❤️ using NestJS and TypeScript