Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pay-k/nestjs-private-api-guard

A NestJS private api guard
https://github.com/pay-k/nestjs-private-api-guard

Last synced: 2 months ago
JSON representation

A NestJS private api guard

Host: GitHub
URL: https://github.com/pay-k/nestjs-private-api-guard
Owner: pay-k
License: mit
Created: 2020-02-23T14:38:23.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2023-01-05T08:05:28.000Z (about 2 years ago)
Last Synced: 2023-03-02T23:26:29.711Z (almost 2 years ago)
Language: TypeScript
Size: 735 KB
Stars: 4
Watchers: 2
Forks: 1
Open Issues: 11
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        


@payk/nestjs-private-api-guard





  





 API Protection for NestJS

  



  [![Build Status](https://dev.azure.com/payk/PayK%20Public/_apis/build/status/pay-k.nestjs-response-utils?branchName=master)](https://dev.azure.com/payk/PayK%20Public/_build/latest?definitionId=12&branchName=master)

## Installation

```

npm install @payk/nestjs-private-api-guard

```

## What does it do?

## Quick Start

Add a Global Guard

in the `main.ts` after the `app` creation

```ts

  app.useGlobalGuards(new PrivateApiGuard(app.get(Reflector)));

```

### Public End-Point

Each call coming from outside the internal network will carry a header stating it came from the public.

Add a decorator on top of your api end point you wish to expose through the Gateway

```ts

@PublicApi()

@Get()

getAllUsers() {

  return [];

}

```

Any end-point without the `@PublicApi` decorator won't be accessible through the gateway.

The header being used is by default `X-Public-Api` and is `true` when coming from the public domain.

You can choose a different header key name by passing the `PrivateApiGuard` another parameter:

```ts

  app.useGlobalGuards(new PrivateApiGuard(app.get(Reflector), 'X-My-Cool-Public'));

```

### Consumer Group End-Point (ACL)

Each OAuth2 consumer has groups defined on him. We can use those groups in order to define access to specific end-point - for example, only the BackOffice can access that end-point, not the mobile (it's not per user, it's per consumer)

Add a decorator on top of your api end point you wish to expose through the Gateway to a list of groups

```ts

@AllowedConsumerGroups('backoffice', 'admins')

@Get()

getAllUsers() {

  return [];

}

```