Welcome to the NestJS Authentication and Authorization Starter repository! This starter template provides a robust foundation for building authentication and authorization systems using NestJS, a progressive Node.js framework.
- JWT Access and Refresh Token Rotation: Implementing a fully functional JWT access token and refresh token rotation strategy ensures secure and efficient authentication.
- Global Authentication Guard: Protect your routes with a global authentication guard to ensure that only authenticated users can access protected resources.
- Custom Decorator for Public Routes: Easily make any route public by using a custom decorator, providing flexibility in defining which routes require authentication.
- CASL Authorization Library: Utilize CASL, an isomorphic authorization library, to implement fine-grained access control based on user roles and permissions.
- Global Ability Guard: Apply a global ability guard to enforce authorization rules across your application, ensuring that users only access resources they are authorized to.
- Custom Decorator for Ability Metadata: Configure granular access control by using a custom decorator to define ability metadata for routes and resources.
- CORS Configuration: Cross-Origin Resource Sharing (CORS) setup is included to facilitate communication between frontend and backend components.
- Swagger Setup: Easily document and test your API endpoints with Swagger setup, providing a user-friendly interface for developers to interact with your API.
- Global Exception Filter: Handle exceptions gracefully with a global exception filter, improving error handling and providing a consistent user experience.
- TypeORM Module: Integrate TypeORM, a powerful Object-Relational Mapping (ORM) library, for seamless database interactions and entity management.
- Global Validation Filter: Ensure data integrity by implementing a global validation filter, validating incoming requests against defined schemas.
- Default User Entity: Get started quickly with a default User entity, including essential fields for authentication and authorization.
- NestJSFormDataModule Configuration for File Upload: Easily handle file uploads by configuring NestJSFormDataModule, simplifying the process of managing file uploads within your application.
- Database Setup in Local Docker Container: The database is set up in a local Docker container. Configuration details can be found in the
docker-compose.ymlfile. - Class-validator Library for Endpoints Data Validation: Implement robust data validation for your endpoints using the class-validator library.
- Rate Limiting: Rate limit your application end points.
- Helmet: Helmet helps secure your apps by setting various HTTP headers.
- Custom security headers: Implementing security headers and Content Security Policy (CSP) helps mitigate common web security vulnerabilities such as XSS and clickjacking attacks.
Paginationfunctionality using Type ORM querybuilder.
To get started with this starter template, follow these steps:
- Create a new repository with this template by clicking the
Use this templatebutton on top right of <>Code section. - Clone your newly create repository.
- Install dependencies using
npm install. - Customize the provided User entity or create your own entities as needed.
- Configure authentication and authorization settings based on your application requirements.
- Start building your NestJS application by defining routes, controllers, and services.
DATABASE_URL=mysql://<db_user>:<db_password>@localhost:3306/<db_name>
ACCESS_TOKEN_SECRET=
REFRESH_TOKEN_SECRET=Contributions from the community are welcomed! If you have any suggestions, improvements, or bug fixes, feel free to open an issue or submit a pull request.
For information on security-related matters, including reporting vulnerabilities and responsible disclosure guidelines, please refer to the SECURITY.md file.
This project is licensed under the MIT License.