@zola_do/authorization

v0.1.10

Published

8 days ago

JWT auth, guards, strategies for NestJS

0High
0Medium
0Low

zola_doti

@zola_do/authorization

JWT authentication, API key validation, guards, and strategies for NestJS.

Installation

# Install individually
npm install @zola_do/authorization

# Or via meta package
npm install @zola_do/nestjs-shared

Usage

Module Setup

import { Module } from '@nestjs/common';
import { AuthorizationModule } from '@zola_do/authorization';

@Module({
  imports: [AuthorizationModule],
})
export class AppModule {}

By default, JwtGuard is registered as a global guard. Protect routes automatically; use @AllowAnonymous() for public routes.

Protected Routes

import { Controller, Get } from '@nestjs/common';
import { CurrentUser, JwtGuard, UseGuards } from '@zola_do/authorization';

@Controller('profile')
@UseGuards(JwtGuard)
export class ProfileController {
  @Get()
  getProfile(@CurrentUser() user: any) {
    return user; // Contains JWT payload (id, email, organization, etc.)
  }
}

Anonymous Routes

import { AllowAnonymous } from '@zola_do/authorization';

@Get('public')
@AllowAnonymous()
getPublicData() {
  return { message: 'No auth required' };
}

Permission Guards

Require specific permissions on routes:

import { PermissionsGuard } from '@zola_do/authorization';

@Post()
@UseGuards(JwtGuard, PermissionsGuard('product:create'))
createProduct(@Body() dto: CreateProductDto) {}

API Key Guard

Protect routes with API key validation:

import { ApiKeyGuard } from '@zola_do/authorization';

@UseGuards(ApiKeyGuard)
@Get('api-data')
getApiData() {}

AuthHelper

Generate and verify tokens:

import { AuthHelper } from '@zola_do/authorization';

@Injectable()
export class AuthService {
  constructor(private readonly authHelper: AuthHelper) {}

  async login(user: User) {
    return this.authHelper.generateTokens(user);
  }
}

Environment Variables

| Variable | Description | |----------|-------------| | JWT_ACCESS_TOKEN_SECRET | Secret for access token signing | | JWT_REFRESH_TOKEN_SECRET | Secret for refresh token signing | | JWT_ACCESS_TOKEN_EXPIRES | Access token TTL (e.g. 15m) | | JWT_REFRESH_TOKEN_EXPIRES | Refresh token TTL (e.g. 7d) | | API_KEY | API key for ApiKeyGuard validation |

Exports

Guards: JwtGuard, JwtRefreshGuard, PermissionsGuard, ApiKeyGuard, VendorGuard, OptionalJwtGuard, ThrottlerBehindProxyGuard
Decorators: @CurrentUser(), @AllowAnonymous()
Strategies: JwtStrategy, JwtRefreshTokenStrategy
Helpers: AuthHelper

Related Packages

@zola_do/core — Shared types and decorators
@zola_do/interceptors — TenantInterceptor uses req.user from JWT
@zola_do/crud — Uses JwtGuard and PermissionsGuard

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

@zola_do/authorization

Installation

Usage

Module Setup

Protected Routes

Anonymous Routes

Permission Guards

API Key Guard

AuthHelper

Environment Variables

Exports

Related Packages