@454creative/easy-security
v2.0.0
Published
Comprehensive security library for NestJS applications with authentication, authorization, rate limiting, and AWS integration
Downloads
7
Readme
Easy Security Library
A comprehensive security library for NestJS applications providing authentication, authorization, rate limiting, and AWS integration.
🎯 Core Philosophy
This library focuses on business logic and core security services rather than presentation layer concerns. Controllers are provided as examples only - implement your own controllers to match your application's API design.
🚀 Quick Start
Installation
npm install @454creative/easy-securityBasic Setup
import { EasySecurityModule } from '@454creative/easy-security';
@Module({
imports: [
EasySecurityModule.forRoot({
// AWS Cognito configuration
cognito: {
userPoolId: process.env.AWS_COGNITO_USER_POOL_ID,
clientId: process.env.AWS_COGNITO_CLIENT_ID,
region: process.env.AWS_REGION,
},
// JWT configuration
jwt: {
secret: process.env.JWT_SECRET,
expiresIn: '1d',
issuer: process.env.JWT_ISSUER,
audience: process.env.JWT_AUDIENCE,
},
}),
],
})
export class AppModule {}🔧 Core Services
Authentication Services
import { CognitoService, AuthService } from '@454creative/easy-security';
@Injectable()
export class MyAuthService {
constructor(
private cognitoService: CognitoService,
private authService: AuthService,
) {}
async login(credentials: AuthLoginDto) {
return this.cognitoService.authenticateUser(credentials);
}
async register(userData: AuthRegisterDto) {
return this.cognitoService.registerUser(userData);
}
}Authorization Services
import { PermissionService } from '@454creative/easy-security';
@Injectable()
export class MyAuthorizationService {
constructor(private permissionService: PermissionService) {}
async checkAccess(userRoles: string[], requiredPermissions: string[]) {
return this.permissionService.hasRequiredPermissions(userRoles, requiredPermissions);
}
}Rate Limiting
import { RateLimiterService } from '@454creative/easy-security';
@Injectable()
export class MyRateLimitService {
constructor(private rateLimiterService: RateLimiterService) {}
async checkRateLimit(userId: string, action: string) {
return this.rateLimiterService.checkRateLimit(userId, action);
}
}🛡️ Guards & Decorators
Guards
import { AuthGuard, RolesGuard, RateLimiterGuard } from '@454creative/easy-security';
@Controller('api')
export class MyController {
@Get('protected')
@UseGuards(AuthGuard)
getProtectedData() {
return { message: 'Protected data' };
}
@Get('admin')
@UseGuards(RolesGuard)
@Roles('ADMIN')
getAdminData() {
return { message: 'Admin data' };
}
@Post('api-call')
@UseGuards(RateLimiterGuard)
@RateLimit(100, 60000) // 100 requests per minute
makeApiCall() {
return { message: 'API call' };
}
}Decorators
import { Roles, Permissions, RateLimit } from '@454creative/easy-security';
@Controller('users')
export class UserController {
@Get()
@Roles('ADMIN', 'USER')
@Permissions('READ_USERS')
getUsers() {
// Implementation
}
@Post()
@Roles('ADMIN')
@Permissions('CREATE_USERS')
@RateLimit(10, 60000) // 10 requests per minute
createUser() {
// Implementation
}
}🔐 Authentication Strategies
The library supports multiple authentication strategies:
- JWT Strategy - Standard JWT token authentication
- Lambda Strategy - AWS Lambda function authentication
- AWS SigV4 Strategy - AWS signature authentication
- Task Role Strategy - AWS ECS task role authentication
- Auto Strategy - Automatically selects the best strategy
import { JwtStrategy, AutoStrategy } from '@454creative/easy-security';
// Use specific strategy
@UseGuards(AuthGuard('jwt'))
getData() { }
// Use auto strategy (recommended)
@UseGuards(AuthGuard('auto'))
getData() { }📝 Implementing Your Own Controllers
Basic Authentication Controller
import { Controller, Post, Body, UseGuards } from '@nestjs/common';
import { CognitoService, AuthGuard } from '@454creative/easy-security';
@Controller('auth')
export class AuthController {
constructor(private cognitoService: CognitoService) {}
@Post('login')
async login(@Body() credentials: AuthLoginDto) {
return this.cognitoService.authenticateUser(credentials);
}
@Post('register')
async register(@Body() userData: AuthRegisterDto) {
return this.cognitoService.registerUser(userData);
}
@Get('profile')
@UseGuards(AuthGuard)
async getProfile(@Request() req) {
return req.user;
}
}Advanced Token Management Controller
import { Controller, Post, Param, UseGuards } from '@nestjs/common';
import { CognitoService, AuthGuard } from '@454creative/easy-security';
@Controller('token-management')
@UseGuards(AuthGuard)
export class TokenManagementController {
constructor(private cognitoService: CognitoService) {}
@Post('revoke-user-tokens/:username')
async revokeUserTokens(@Param('username') username: string) {
return this.cognitoService.revokeUserTokens(username);
}
@Post('revoke-refresh-token')
async revokeRefreshToken(@Body() body: { refreshToken: string }) {
return this.cognitoService.revokeRefreshToken(body.refreshToken);
}
}📚 Examples
The library includes example controllers in the examples/ folder:
AuthController- Basic authentication endpointsTokenManagementController- Advanced token managementAuthTestController- Testing endpoints
These are for reference only - implement your own controllers to match your application's needs.
🔧 Configuration
Full Configuration Example
const securityConfig: EasySecurityConfig = {
// AWS Cognito
cognito: {
userPoolId: process.env.AWS_COGNITO_USER_POOL_ID,
clientId: process.env.AWS_COGNITO_CLIENT_ID,
region: process.env.AWS_REGION,
authority: process.env.AWS_COGNITO_AUTHORITY,
},
// JWT Configuration
jwt: {
secret: process.env.JWT_SECRET,
expiresIn: '1d',
issuer: process.env.JWT_ISSUER,
audience: process.env.JWT_AUDIENCE,
algorithms: ['RS256'],
},
// Rate Limiting
rateLimiting: {
enabled: true,
redis: {
host: process.env.REDIS_HOST,
port: parseInt(process.env.REDIS_PORT),
password: process.env.REDIS_PASSWORD,
},
},
// Feature Flags
features: {
authentication: true,
authorization: true,
rateLimiting: true,
auditLogging: true,
},
// RBAC Configuration
rbac: {
adminRole: 'ADMIN',
defaultRole: 'USER',
roles: ['ADMIN', 'USER', 'READONLY'],
},
};🧪 Testing
# Run all tests
npm test
# Run tests with coverage
npm run test:coverage
# Run specific test file
npm test -- --testPathPattern=auth.service.spec.ts📦 Exports
Core Services
CognitoService- AWS Cognito integrationAuthService- JWT token managementPermissionService- Role-based access controlRateLimiterService- Rate limiting functionalityFeatureFlagService- Feature flag management
Guards
AuthGuard- Authentication guardRolesGuard- Role-based authorization guardRateLimiterGuard- Rate limiting guard
Decorators
@Roles()- Role-based access control@Permissions()- Permission-based access control@RateLimit()- Rate limiting configuration
Strategies
JwtStrategy- JWT authenticationLambdaStrategy- AWS Lambda authenticationAwsSigV4Strategy- AWS signature authenticationTaskRoleStrategy- AWS task role authenticationAutoStrategy- Automatic strategy selection
Utilities
AuthUtils- Authentication utilitiesROLES- Role constantsPERMISSIONS- Permission constants
🤝 Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
📄 License
MIT License - see LICENSE file for details.