aequum NestJS authorization module

The module is designed to provide easy and simple RBAC (Role-Based Access Control) to the app.

Use

Install the module

To use the authorization module, you must install the package @aequum/nestjs-authz:

pnpm install @aequum/nestjs-authz

Prerequisite: User role property

The authorization module requires the user model to have a role property, by default is role, but you can change it in the configuration.

Add the guard in the application

To use the authorization module, you must add the JWTGuard in your main application module.

See the exapmle in our boilerplate (Yes, are the commented lines)

Configure

By default the services reads configuration from ConfigService with the prefix authorization. it means root property authorization in the configuration object, implementing the AuthzConfiguration interface, this can be configured in RBACGuard by the static property configPrefix.

See the configuration in our boilerplate, to get an example.

Components

Controllers

• AuthController: Abstract class to implmement and handle login and token refresh.

Decorators

Can be used in the whole controller class or in a endpoint method.

• @FreeAccess(): Marks controller or method as free access, meaning it does not require authorization, this is mandatory over other decorators.
• @RoleAccessTo(...roles): Only the roles in the arguments are allowed to access this controller or method .
• @DeniedToRoles(...roles): Denies access to the roles in the arguments, this is mandatory over @RoleAccessTo.

Guards

• RBACGuard: The main guardian of this module.

Interfaces

• AuthzConfiguration: Interface for authorization module configuration.

Services

• AuthnService: Abstract authorization service class to implmement in the application and add it to conatiner.

Types

• Policies: Policy to use when no access are defined by decorators.

• WhenNoUserActions: What to do when no user is found in the request.