npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

auth-service-nestjs

v0.0.9

Published

Authorization service for lightweight systems

Downloads

31

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

develinuxdevelinux

Keywords

servicenestjsauthorizationauthauthorityembedded

Readme

Service auth-service-nestjs

About the service

The authorization service is intended for use in embedded and light server systems. The service provides JWT authorization and user management, and has the ability to easily integrate with a nestjs backend and protection against brute force attacks.

Auth-service-nestjs is not an npm library, it is a nodejs microservice. For installation, do not use the command npm i auth-service-nestjs, read the instructions below.

There are 3 roles available in the service, admin, operator and guest, admin can do everything unless the DENY_ADMIN_CHANGE_ADMIN option is set

Roles below admin cannot block users, change roles, delete/create/edit users, but can get a list of all users. Receiving a list of users for roles below admin can be prohibited using the DENY_GET_USER_LIST option

By default, external user registration is prohibited; you can enable this with the ALLOW_USER_REGISTRATION option

The operation of the service and an example of integration can be viewed here https://github.com/trotill/auth-service_use_example

Example backend + frontend

https://github.com/trotill/auth-service_use_example

Dependencies

  1. tested on Ubuntu 22.04 and Docker
  2. nodejs no lower than version 18
  3. node-gyp
  4. npm
  5. sqlite3

Installation/configuration of the service

  1. git clone https://github.com/trotill/auth-service.git
  2. cd auth-service
  3. Copy .env.example to .env
    In .env, adjust the variables (see description below)
  4. npm install
  5. public and private keys, databases are generated automatically at startup
  6. Before the first launch in development mode, you need to make migrations and seeds (in production mode, this is not necessary)
    • npm run migrate
    • npm run seed

Running in production mode

npm run start

Running in development mode

npm run start:dev

Running in a docker container

  1. npm run docker:up (run)
  2. npm run docker:down (stop)

Сhecking functionality

  1. In the .env config set SHOW_API_DOCS=1
  2. Start the service
  3. Go to the link http://localhost:7777/api/docs in browser. You will see swagger interactive content, here you can test any endpoint.

Integration into your application

An example of integration is here https://github.com/trotill/auth-service_use_example

.env file options

Web server port

LISTEN_HTTP_PORT=4499

Path to the folder for keys and database

STORE_PATH=store

DB file name

DB_PATH=auth.db

DB name

DB_NAME=database_development

Database user

DB_USER=develinux

DB password

DB_PASSWORD=cnfhjcnm

Access token lifetime

ACCESS_TIMEOUT=60s

Access token cookie max age

ACCESS_TOKEN_COOKIE_MAX_AGE=31104000000

Lifetime of refresh token

REFRESH_TIMEOUT=90d

Service port from docker (proxy to LISTEN_HTTP_PORT in docker). Used only when running in a docker container.

PUBLIC_HTTP_PORT=7777

Save the swagger file on startup in the swagger folder

SAVE_SWAGGER=1

Show swagger API on /api/docs route. For example, at http://localhost:7777/api/docs

SHOW_API_DOCS=1

Allow users to register themselves

In this mode, the register endpoint is enabled, allowing users to register themselves in the system, with a low role and blocking enabled

ALLOW_USER_REGISTRATION=0

Deny all groups except admin from receiving a list of users

DENY_GET_USER_LIST=0

An admin cannot change the password of another admin, block or delete any admin

DENY_ADMIN_CHANGE_ADMIN=0

Protection against brute force attacks

Delay in ms if login fails

BRUTE_FORCE_LOGIN_DELAY = 2000

Interval in ms, window of the allowed number of requests for the login route

BRUTE_FORCE_LOGIN_TTL = 10000

Allowed number of requests per interval BRUTE_FORCE_LOGIN_TTL

BRUTE_FORCE_LOGIN_LIMIT = 10

Interval in ms, window of the allowed number of requests for a whoami route

BRUTE_FORCE_WHOAMI_TTL = 60000

Allowed number of requests per interval BRUTE_FORCE_WHOAMI_TTL

BRUTE_FORCE_WHOAMI_LIMIT = 100000

Interval in ms, window of the allowed number of requests for any routes by default

BRUTE_FORCE_DEFAULT_TTL = 20000

Allowed number of requests per interval BRUTE_FORCE_DEFAULT_TTL

BRUTE_FORCE_DEFAULT_LIMIT = 10000