{"id":13650872,"url":"https://github.com/icebob/moleculer-protect-services","last_synced_at":"2025-04-24T04:16:47.199Z","repository":{"id":54610453,"uuid":"156985363","full_name":"icebob/moleculer-protect-services","owner":"icebob","description":"Protect services","archived":false,"fork":false,"pushed_at":"2021-10-16T08:28:36.000Z","size":263,"stargazers_count":24,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-24T04:16:42.241Z","etag":null,"topics":["demonstration","moleculer","protection"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/icebob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-10T13:47:37.000Z","updated_at":"2024-11-12T06:52:45.000Z","dependencies_parsed_at":"2022-08-13T21:30:42.643Z","dependency_job_id":null,"html_url":"https://github.com/icebob/moleculer-protect-services","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icebob%2Fmoleculer-protect-services","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icebob%2Fmoleculer-protect-services/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icebob%2Fmoleculer-protect-services/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icebob%2Fmoleculer-protect-services/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/icebob","download_url":"https://codeload.github.com/icebob/moleculer-protect-services/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250560057,"owners_count":21450173,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["demonstration","moleculer","protection"],"created_at":"2024-08-02T02:00:41.871Z","updated_at":"2025-04-24T04:16:47.180Z","avatar_url":"https://github.com/icebob.png","language":"JavaScript","funding_links":[],"categories":["Services"],"sub_categories":["Security, Authentication and Authorization"],"readme":"[![Moleculer](https://img.shields.io/badge/Powered%20by-Moleculer-green.svg?colorB=0e83cd)](https://moleculer.services)\n\n# moleculer-protect-services\nThis repo demonstrates how to use JWT token to protect service actions. It contains a `ServiceGuard` middleware and a `guard` service which implement this feature.\n\n## Setup\n\n1. Generate JWT token for every service. Use the `call guard.generate --service myService` command in REPL to generate a JWT for a service. The received token put into `authToken` property in service schema:\n\n    ```js\n    module.exports = {\n        name: \"users\",\n\n        authToken: \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXJ2aWNlIjoidXNlcnMiLCJpYXQiOjE1NDE4NTU0ODl9.td1P27_xpFv1P5_j0HLtMwyz-aRF9xQqjLHYIIHcKPE\",\n\n        ...\n    }\n    ```\n    \u003e In production you had better place it into environment variables like `USERS_AUTH_TOKEN` and use `authToken: process.env.USERS_AUTH_TOKEN` in schema\n\n2. Define restriction in action definition. If `restricted` property is `null` or not defined it means the action can be called from every service.\n\n    ```js\n    actions: {\n        create: {\n            // It can be called by \"api\" service\n            restricted: [\n                \"api\"\n            ],\n            handler(ctx) {}\n        },\n\n        list: {\n            // It can be called by everyone.\n            restricted: null,\n            handler(ctx) {}\n        },\n\n        posts: {\n            // It can be called by \"api\" \u0026 \"posts\" service.\n            restricted: [\n                \"api\",\n                \"posts\"\n            ],\n            handler(ctx) {}\n        }\n    },\n    ```\n\n3. Add `ServiceGuard` middleware to `moleculer.config.js`\n\n    ```js\n    module.exports = {\n        logger: true,\n        logLevel: \"info\",\n\n        middlewares: [\n            ServiceGuard\n        ]\n    };\n    ```\n\n## Try\n\n**Try the following command in REPL:**\n- `call users.create` - throw error because it is called directly, not from the `api` service\n- `call users.list` - returns \"OK\" because it is not restricted\n- `call users.posts` - throw error because it is called directly, not from `api` or `posts` service\n\n- `call posts.createUser` - throw error because it is called from `posts` service and not from `api` service\n- `call posts.userPosts` - returns \"OK\" because it is called from `posts` service.\n\n- open http://localhost:3000/api/users/create in the browser - returns \"OK\" because it is called from the `api` service.\n\n\n## Start\n\n``` bash\n# Install dependencies\nnpm install\n\n# Start with REPL\nnpm run dev\n\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficebob%2Fmoleculer-protect-services","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ficebob%2Fmoleculer-protect-services","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficebob%2Fmoleculer-protect-services/lists"}