Welcome to the NestJS Authentication and Authorization Starter repository! This starter template provides a robust foundation for building authentication and authorization systems using NestJS, a progressive Node.js framework.
- JWT Access and Refresh Token Rotation: Implementing a fully functional JWT access token and refresh token rotation strategy ensures secure and efficient authentication.
- Global Authentication Guard: Protect your routes with a global authentication guard to ensure that only authenticated users can access protected resources.
- Custom Decorator for Public Routes: Easily make any route public by using a custom decorator, providing flexibility in defining which routes require authentication.
- CASL Authorization Library: Utilize CASL, an isomorphic authorization library, to implement fine-grained access control based on user roles and permissions.
- Global Ability Guard: Apply a global ability guard to enforce authorization rules across your application, ensuring that users only access resources they are authorized to.
- Custom Decorator for Ability Metadata: Configure granular access control by using a custom decorator to define ability metadata for routes and resources.
- CORS Configuration: Cross-Origin Resource Sharing (CORS) setup is included to facilitate communication between frontend and backend components.
- Swagger Setup: Easily document and test your API endpoints with Swagger setup, providing a user-friendly interface for developers to interact with your API.
- Global Exception Filter: Handle exceptions gracefully with a global exception filter, improving error handling and providing a consistent user experience.
- TypeORM Module: Integrate TypeORM, a powerful Object-Relational Mapping (ORM) library, for seamless database interactions and entity management.
- Global Validation Filter: Ensure data integrity by implementing a global validation filter, validating incoming requests against defined schemas.
- Default User Entity: Get started quickly with a default User entity, including essential fields for authentication and authorization.
- NestJSFormDataModule Configuration for File Upload: Easily handle file uploads by configuring NestJSFormDataModule, simplifying the process of managing file uploads within your application.
- Database Setup in Local Docker Container: The database is set up in a local Docker container. Configuration details can be found in the
docker-compose.yml
file. - Class-validator Library for Endpoints Data Validation: Implement robust data validation for your endpoints using the class-validator library.
To get started with this starter template, follow these steps:
- Create a new repository with this template by clicking the
Use this template
button on top right of <>Code section. - Clone your newly create repository.
- Install dependencies using
npm install
. - Customize the provided User entity or create your own entities as needed.
- Configure authentication and authorization settings based on your application requirements.
- Start building your NestJS application by defining routes, controllers, and services.
DATABASE_URL=mysql://<db_user>:<db_password>@localhost:3306/<db_name>
ACCESS_TOKEN_SECRET=
REFRESH_TOKEN_SECRET=
Contributions from the community are welcomed! If you have any suggestions, improvements, or bug fixes, feel free to open an issue or submit a pull request.
For information on security-related matters, including reporting vulnerabilities and responsible disclosure guidelines, please refer to the SECURITY.md file.
This project is licensed under the MIT License.