A NestJS module for creating and validating API keys effortlessly, leveraging JWT tokens and customizable policies.
To install the module, use npm:
npm install @n4it/api-keyFirst, import the ApiKeyModule into your NestJS module and configure it using the register method. This method requires a secret for signing the JWT tokens and an apiKeyHeader for identifying the API key in requests.
import { ApiKeyModule } from "@n4it/api-key";
import { Module } from "@nestjs/common";
@Module({
imports: [
ApiKeyModule.register({
secret: "your-secret-key", // Replace with your actual secret
apiKeyHeader: "x-api-key", // The header to look for the API key
expiresIn: 60 * 60, // the time the API Keys will expire
}),
],
})
export class AppModule {}To generate an API token, inject the ApiKeyService into your service and use the createApiKey method. This method allows you to associate policies with the generated token.
import { ApiKeyService } from "@n4it/api-key";
import { Injectable } from "@nestjs/common";
@Injectable()
export class AppService {
constructor(private readonly apiKeyService: ApiKeyService) {}
public createToken() {
return this.apiKeyService.createApiKey({
policies: ["user:manage"], // Define your custom claims here
role: "admin"
});
}
}To protect routes using the generated API keys, you can use the API_KEY_MODULE_STRATEGY with NestJS's AuthGuard. This guard will automatically validate incoming requests against the configured API key strategy.
import { Injectable, ExecutionContext } from "@nestjs/common";
import { AuthGuard as PassportAuthGuard } from "@nestjs/passport";
import { API_KEY_MODULE_STRATEGY } from "@n4it/api-key";
@Injectable()
export class AuthGuard extends PassportAuthGuard([
API_KEY_MODULE_STRATEGY, // inject the strategy in a passport auth guard
// other auth mechanisms can be added here as well...
]) {
canActivate(context: ExecutionContext) {
return super.canActivate(context);
}
}The module also provides a convenient ApiKeyClient decorator. This decorator can be used in your controllers to directly inject the parsed JWT token as an AuthenticatedClient object. This makes it easy to access the details of the authenticated client in your route handlers.
You can import both ApiKeyClient and AuthenticatedClient:
import { Controller, Get } from "@nestjs/common";
import { ApiKeyClient, AuthenticatedClient } from "@n4it/api-key";
@Controller('user')
export class UserController {
@Get('profile')
getUserProfile(@ApiKeyClient() client: AuthenticatedClient) {
// Access client details from the parsed JWT token
// possibly validate the policies
return {
userId: client.userId,
policies: client.policies,
};
}
}Once you've created the AuthGuard, you can apply it to your controllers or specific routes to enforce API key validation.
import { Controller, Get, UseGuards } from "@nestjs/common";
import { AuthGuard } from "./auth.guard";
@Controller('protected')
export class ProtectedController {
@Get()
@UseGuards(AuthGuard)
getProtectedResource() {
return "This is a protected resource";
}
}This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request or open an issue on GitHub.
If you have any questions or need support, you can contact us at info@n4it.nl.