Creating a Secure REST API with NestJS, JWT and User Roles (Admin, User)

Chargement en cours...

Creating a Secure REST API with NestJS, JWT and User Roles (Admin, User) | Blog | Akim Emane

Learn how to implement a complete authentication and authorization system with NestJS

Creating a Secure REST API with NestJS, JWT and User Roles (Admin, User)

Security is a fundamental aspect of modern REST API development. In this article, we'll explore how to create a secure REST API with NestJS, implementing JWT authentication and a user role system (Admin and User).

1. Project Initialization

Let's start by setting up our NestJS project. If you haven't installed the NestJS CLI yet, you can do so with the following command:

Then, let's create our project:

Let's install the necessary dependencies for our authentication system:

These packages will allow us to:

Generate and verify JWT tokens
Implement authentication strategies with Passport
Hash passwords with bcrypt
Validate incoming data with class-validator
Manage environment variables with @nestjs/config

2. Creating the Authentication Module

Database Configuration

For this example, we'll use TypeORM with a PostgreSQL database. Let's install the necessary packages:

Let's configure our database connection in app.module.ts:

Let's create a .env file at the root of the project:

DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=your_password
DB_NAME=nest_auth
DB_SYNC=true
JWT_SECRET=your_jwt_secret
JWT_EXPIRATION=3600

Creating the User Entity

Let's create our User entity with role support:

Creating the Authentication Module

Now let's create our authentication module:

Let's implement the authentication logic:

Let's create a DTO for login:

Let's create a DTO for registration:

Let's implement the users service:

3. Setting Up the Role System

Now, let's implement our role-based access control system. First, let's create a JWT strategy:

Let's create a custom guard to check roles:

Let's create a decorator to specify required roles:

Let's configure the authentication module:

Let's configure the users module:

4. Protected Route Examples

Now, let's implement the controllers with protected routes:

Let's create the decorator to get the current user:

Let's create the controller for users with role-protected routes:

5. Bonus: Exception Handling and Global Validation

Let's configure global validation in our application:

Let's create a custom exception filter:

Let's apply this filter globally:

Conclusion

In this article, we created a secure REST API with NestJS, implementing JWT authentication and a role-based access control system. We have:

Configured a NestJS project with PostgreSQL database
Implemented a JWT authentication system
Created a role system (Admin, User)
Protected routes with role-based guards
Added data validation and exception handling

This model can be extended to meet more complex needs, such as adding features like:

Token refresh
Email verification
Password recovery
Login attempt logging
Rate limiting to prevent brute force attacks

The complete code is available on GitHub.

CLAPPING

AMAZED

THINKING

Contents

Creating a Secure REST API with NestJS, JWT and User Roles (Admin, User)1. Project Initialization2. Creating the Authentication Module3. Setting Up the Role System4. Protected Route Examples5. Bonus: Exception Handling and Global ValidationConclusion