A simple easy to use access control level module for NestJS
Nest Simple ACL framework TypeScript starter repository Nest.
$ npm install --save nestjs-simple-aclThe first thing you need to do to implement an AuthorizationStrategy. Here is an example based on user role authorization:
role.model.ts
export class Roles {
name: string;
authorizations: string[];
}user.model.ts
import { Role } from "./role.model";
export class User {
name: string;
email: string;
password: string;
role: Role;
}If you are using the JWT authentication approach with Passport.js, this guard should work for you:
role-authorization.strategy.ts
import { Request } from "express";
import { AuthorizationStrategy } from "nestjs-simple-acl";
import { User } from "./user.model";
export class RoleAuthorizationStrategy implements AuthorizationStrategy {
isAuthorized(request: Request, requiredAuthorization: string): boolean {
// User injected on every jwt authenticated request
const user: User = request.user as User;
if (
// Checks if required authorization is present on user's role authorizations
user.role.authorizations.some(
(authorization) => authorization.name === requiredAuthorization
)
) {
// If so, grant access
return true;
}
// If not, deny access
return false;
}
}Now you import ACLModule on app.module.js.
app.module.ts
import { DynamicModule, Module } from "@nestjs/common";
import { TypeOrmModule } from "@nestjs/typeorm";
import { ACLModule } from "nestjs-simple-acl";
import { RoleAuthorizationStrategy } from "./strategies/role.strategy";
@Module({
imports: [
ACLModule.forRoot({
strategy: new RoleAuthorizationStrategy(),
}),
],
controllers: [],
providers: [],
exports: [],
})
export class AppModule {}You will need to create ENUM containing your app's or module's authorizations list. Here is an example:
test.authorizations.ts
export enum TestAuthorizations {
SEARCH = "SEARCH",
CREATE = "CREATE",
}Then you need to register the authorizations on ACLModule.
app.module.ts
import { DynamicModule, Module } from "@nestjs/common";
import { TypeOrmModule } from "@nestjs/typeorm";
import { ACLModule } from "nestjs-simple-acl";
import { RoleAuthorizationStrategy } from "./strategies/role.strategy";
import { TestAuthorizations } from "./test.authorizations";
@Module({
imports: [
ACLModule.forRoot({
strategy: new RoleAuthorizationStrategy(),
}),
ACLModule.registerAuthorizations([TestAuthorizations]),
],
controllers: [],
providers: [],
exports: [],
})
export class AppModule {}Now you will need to use the AuthorizationGuard on your controller and anotate the functions that should be protected with @RequiredAuthorization() decorator passing the required authorization as parameter.
import { Controller, Get, Post, UseGuards } from "@nestjs/common";
import { AuthorizationGuard, RequiredAuthorization } from "nest-simple-acl";
import { TestAuthorizations } from "./test.authorizations";
@UseGuards(AuthorizationGuard)
@Controller("test")
export class TestController {
@RequiredAuthorization(TestAuthorizations.SEARCH)
@Get()
async search(): Promise<string> {
return "Ok";
}
@RequiredAuthorization(TestAuthorizations.CREATE)
@Post()
async create(): Promise<string> {
return "Ok";
}
}That's it!
# e2e tests
$ npm run test:e2e- Author - Guilherme Nogueira
NestJS Simple ACL MIT licensed.