npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@n4it/api-key

v1.3.2

Published

Package to manage API Keys in NestJS.

Downloads

344

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

n4itn4it

Keywords

nestjsnestapi keysauthenticationauthorizationn4itpassport

Readme

@n4it/api-key

A NestJS module for creating and validating API keys effortlessly, leveraging JWT tokens and customizable policies.

Installation

To install the module, use npm:

npm install @n4it/api-key

Usage

Importing and Configuring the Module

First, import the ApiKeyModule into your NestJS module and configure it using the forRoot method. This method requires a secret for signing the JWT tokens and an apiKeyHeader for identifying the API key in requests.

import { ApiKeyModule } from "@n4it/api-key";
import { Module } from "@nestjs/common";

@Module({
  imports: [
    ApiKeyModule.register({
      secret: "your-secret-key",  // Replace with your actual secret
      apiKeyHeader: "x-api-key",  // The header to look for the API key
      expiresIn: 60 * 60, // the time the API Keys will expire
    }),
  ],
})
export class AppModule {}

Generating API Tokens

To generate an API token, inject the ApiKeyService into your service and use the createApiKey method. This method allows you to associate policies with the generated token.

import { ApiKeyService } from "@n4it/api-key";
import { Injectable } from "@nestjs/common";

@Injectable()
export class AppService {
  constructor(private readonly apiKeyService: ApiKeyService) {}

  public createToken() {
    return this.apiKeyService.createApiKey({
      policies: ["user:manage"],  // Define your custom claims here
      role: "admin"
    });
  }
}

Using the API Key Strategy in Guards

To protect routes using the generated API keys, you can use the API_KEY_MODULE_STRATEGY with NestJS's AuthGuard. This guard will automatically validate incoming requests against the configured API key strategy.

import { Injectable, ExecutionContext } from "@nestjs/common";
import { AuthGuard as PassportAuthGuard } from "@nestjs/passport";
import { API_KEY_MODULE_STRATEGY } from "@n4it/api-key";

@Injectable()
export class AuthGuard extends PassportAuthGuard([
  API_KEY_MODULE_STRATEGY,  // Add other strategies if necessary
]) {
  canActivate(context: ExecutionContext) {
    return super.canActivate(context);
  }
}

Using the ApiKeyClient Decorator

The module also provides a convenient ApiKeyClient decorator. This decorator can be used in your controllers to directly inject the parsed JWT token as an AuthenticatedClient object. This makes it easy to access the details of the authenticated client in your route handlers.

You can import both ApiKeyClient and AuthenticatedClient:

import { Controller, Get } from "@nestjs/common";
import { ApiKeyClient, AuthenticatedClient } from "@n4it/api-key";

@Controller('user')
export class UserController {
  @Get('profile')
  getUserProfile(@ApiKeyClient() client: AuthenticatedClient) {
    // Access client details from the parsed JWT token
    // possibly validate the policies
    return {
      userId: client.userId,
      policies: client.policies,
    };
  }
}

Example Guard Usage

Once you've created the AuthGuard, you can apply it to your controllers or specific routes to enforce API key validation.

import { Controller, Get, UseGuards } from "@nestjs/common";
import { AuthGuard } from "./auth.guard";

@Controller('protected')
export class ProtectedController {
  @Get()
  @UseGuards(AuthGuard)
  getProtectedResource() {
    return "This is a protected resource";
  }
}

License

This project is licensed under theGNU General Public License v3.0 - see the LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request or open an issue on GitHub.

Support

If you have any questions or need support, you can contact us at [email protected].