Changelog 31-08-2020
- Linting
- Formating
- Readme updated
Dominicode Live Coding 30-08-2020
Video: https://www.youtube.com/watch?v=kjr54SpV_eQ
- Creación del repositorio
- Clonar repositorio
git clone -b livecoding/2 https://github.com/ruslanguns/nestjs-myblog.git myblog
- Implementando la autenticación de usuarios
Requisitos:
Paquetes:
# LOCAL STRATEGY
- @nestjs/passport
- passport
- passport-local
- @types/passport-local (DEV)
# JWT STRATEGY
- @nestjs/jwt
- passport-jwt
- @types/passport-jwt (DEV)
- Estructura de carpetas que usaremos.
- Configuración básica siguiendo la Documentacion oficial
- Inyectar PassportModule
- Crear el provider localStrategy e implementarlo conjunto al servicio
- Mi primer Custom Decorator para obtener el usuario
- Inyectar JwtModule
- Implementar el provider jwtStrategy e implementarlo
- Método de Login JWT y endpoint profile
- Error handling con JWT en el Guard
- Configuración para el Swagger addBearerAuth()
- Gestionar los Roles con el paquete nest-access-control
Requisitos:
Paquetes:
- nest-access-control
- Modificación de UserModel para almacenar los roles
- Creación del archivo app.roles.ts y utilizar builder
- Inyectar el AccessControlModule en el AppModule
- Creación del decorador wrapper
- Implementar lógica de negocio para rutas OWN && ANY
- Creación de una función para generar un usuario único
- Recomendaciones de seguridad, docs
ROADMAP
| Controller | Método | Ruta | Info | PUBLIC | AUTHOR | ADMIN | AUTHOR POSSESION | ADMIN POSSESION | ||
| USER | GET | /user | Get Many | YES | YES | YES | ANY | ANY | ||
| USER | GET | /user/1 | Get One By ID | YES | YES | YES | ANY | ANY | ||
| USER | POST | /user | Create One | NO | YES | YES | OWN | OWN | ||
| USER | PUT | /user/1 | Edit One | NO | YES | YES | OWN | ANY | ||
| USER | DELETE | /user/1 | Delete One | NO | YES | YES | OWN | ANY | ||
| USER | POST | /post | Registration | YES | YES | YES | - | - | ||
| POST | GET | /post | Get Many | YES | YES | YES | ANY | ANY | ||
| POST | GET | /post/1 | Get One By ID | YES | YES | YES | ANY | ANY | ||
| POST | POST | /post | Create One | NO | YES | YES | OWN | OWN | ||
| POST | PUT | /post/1 | Edit One | NO | YES | YES | OWN | ANY | ||
| POST | DELETE | /post/1 | Delete One | NO | YES | YES | OWN | ANY | ||
| AUTH | POST | /auth/login | Login | YES | YES | YES | - | - | ||
| AUTH | GET | /auth/profile | Get me | NO | YES | YES | - | - | ||
Articles to read
- https://medium.com/better-programming/getting-started-with-nestjs-a4e8b0b09db4
- https://medium.com/@sureshdsk/how-json-web-token-jwt-authentication-works-585c4f076033
- https://docs.nestjs.com/techniques/security#csrf
- https://codeburst.io/why-you-should-use-nestjs-for-your-next-project-6a0f6c993be
- https://auth0.com/blog/modern-full-stack-development-with-nestjs-react-typescript-and-mongodb-part-1/
- https://cutt.ly/Lfo6d5f