npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@narando/nest-auth

v0.3.0

Published

Authenticate and authorize incoming requests.

Downloads

9

Readme

@narando/nest-auth

Authenticate and authorize incoming requests.

Getting Started

Requirements

  • NestJS 7.1.3+

Installation

npm i @narando/nest-auth

Configuration

With the package installed, import the AuthModule into the root AppModule.

import { AuthModule } from "@narando/nest-auth";

@Module({
  imports: [
    AuthModule.register({
      enableGlobally: true,
      jwt: {
        publicKey: "1337",
        algorithm: "HS256",
      },
    }),
  ],
  providers: [APIService],
})
export class AppModule {}

You can also use AuthModule.registerAsync() to dynamically load configuration.

Usage

There are two ways to enable the checks. You can enable them globally through the enableGlobally flag that can be set on the module import. You can also enable them per controller/route by using the @Auth() decorator.

Authentication

For every incoming request the package will check the Authorization header for a bearer token and will validate this token as a JWT against the credentials supplied during module import.

If the token is invalid or expired a 401 Unauthorized is returned to the user.

If the token is valid, the payload will be restructured and made available to the controller at req.user. You can use the @ReqUser decorator to inject it into your controller function:

import { ReqUser, AuthUser } from "@narando/nest-auth";

@Controller("cats")
export class CatController {
  findAllForUser(@ReqUser() user: AuthUser) {
    return this.catService.findAllForUser(user.id);
  }
}

Authorization

Activities take the form service:scope:method:item, eg.: api:articles:get:list. A Permission is an Activity that is linked to an user and contains additional information:

// Permission
{
  // Name of Activity
  name: "service:scope:method:item",
  // Wether this permission only applies to objects that
  // the user owns/has control of.
  onlyAssociated: true,
}

These permissions are included in the JWT and the authentication middleware will automatically parse them and add them to the request object.

By default the package will not verify that the user is authorized to perform any actions.

You can enable this on a per-controller or per-route basis. Use the @Auth() decorator to specify the required permission to access the route.

You can specify the decorator on the controller to set defaults and then override them on a per-route basis.

import { Auth } from "@narando/nest-auth";

@Controller("cats")
@Auth({
  service: "animal-shelter",
  scope: "cat",
})
export class CatController {
  @Get()
  @Auth({
    method: "get",
    item: "list",
  })
  findAll() {
    return this.cats;
  }
}

Now every request going to the findAll route need to have the permission animal-shelter:cat:get:list, otherwise the request will be aborted with 403 Forbidden.

Association-based checks

In many cases we'll not just check if a user is allowed to perform the action itself but if he is allowed to perform the action on this specific resource.

This is achieved by implementing an async function called isAssociated() on the service which should check the association. For example if we want to validate if the user is associated with an BillingEntity we would implement the isAssociated() function in the BillingEntitiesService.

The isAssociated() function takes an object containing user and reqParams as an input and returns a boolean.

import { AuthAssociatedCheck, IsAssociatedArguments } from "@narando/nest-auth";

@Injectable()
export class CatService implements AuthAssociatedCheck {
  async isAssociated({
    user,
    reqParams,
  }: IsAssociatedArguments): Promise<boolean> {
    // determine if associated or not
    return false;
  }
}

To enable these checks we'll need to pass the service containing the isAssociated() function in the @Auth() decorator like below:

  @Auth({
    method: "read",
    item: "self",
    associationCheckService: CatService
  })

Disabling authentication

It is possible to explicitly disable authentication on a route (or controller) by setting the disable: true flag.

import { Auth } from "@narando/nest-auth";

@Auth({
  disable: true
})