nestjs-roles icon indicating copy to clipboard operation
nestjs-roles copied to clipboard

Published 20 hours ago verified publisher icon iamolegga

Metadata

Type safe roles guard and decorator made easy

nestjs-roles

npm GitHub branch checks state Supported platforms: Express & Fastify

Snyk Vulnerabilities for npm package Dependencies status Dependabot Maintainability

Type safe roles guard with the decorator for controller made easy. Just specify how to get role from ExecutionContext. nestjs-roles will do the rest.

Install

npm i nestjs-roles

Example

First, let's define roles:

// role.enum.ts

export enum Role {
  ADMIN = 'ADMIN',
  USER = 'USER',
  MODERATOR = 'MODERATOR',
}

Let's say you use nestjs-session and keep role in session property object of request. So then create guard with getRole callback:

// roles.guard.ts

import { ExecutionContext } from '@nestjs/common';
import { createRolesGuard } from 'nestjs-roles';
import { Role } from './role.enum';

function getRole(context: ExecutionContext) {
  const { session } = context.switchToHttp().getRequest();
  if (!session) {
    return;
  }
  
  // you can use single role or array of roles
  // if you provide array of roles, the guard will pass if one of roles is in required roles
  return (session as { role?: Role | Role[] }).role;
}

export const Roles = createRolesGuard<Role>(getRole);

After that we can set Roles guard globally (don't forget to pass Reflector instance):

// bootstrap.ts

import { NestFactory, Reflector } from '@nestjs/core';
import { Roles } from './roles.guard';

const app = await NestFactory.create(AppModule);

const reflector = app.get<Reflector>(Reflector);
app.useGlobalGuards(new Roles(reflector));

All settings are done. Now you can set up access in your controllers:

// secrets.controller.ts

import { Roles } from './roles.guard';

@Controller('secrets')
@Roles.Params(true) // setup access on Controller for users with any existing role
export class SecretsController {

  @Get('my')
  async readMy() {
    // ...
  }

  @Patch(':id')
  @Roles.Params(Role.ADMIN) // override access on certain handler
  async update() {
    // ...
  }
}

Do you use this library?
Don't be shy to give it a star! ★

Also if you are into NestJS ecosystem you may be interested in one of my other libs:

nestjs-pino

GitHub stars npm

Platform agnostic logger for NestJS based on pino with request context in every log

nestjs-session

GitHub stars npm

Idiomatic session module for NestJS. Built on top of express-session

nestjs-cookie-session

GitHub stars npm

Idiomatic cookie session module for NestJS. Built on top of cookie-session

nestjs-roles

GitHub stars npm

Type safe roles guard and decorator made easy

nestjs-injectable

GitHub stars npm

@Injectable() on steroids that simplifies work with inversion of control in your hexagonal architecture

nest-ratelimiter

GitHub stars npm

Distributed consistent flexible NestJS rate limiter based on Redis

create-nestjs-middleware-module

GitHub stars npm

Create simple idiomatic NestJS module based on Express/Fastify middleware in just a few lines of code with routing out of the box

nestjs-configure-after

GitHub stars npm

Declarative configuration of NestJS middleware order

Metadata

222
Stars
12
Forks
Watchers

Owner

verified publisher icon iamolegga

Metadata

Type safe roles guard and decorator made easy

Back