Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Xsecurity package integration #14

Merged
merged 1 commit into from
Nov 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .env.docker
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@ APP_URL=http://localhost
JWT_SECRET=aSubMyjTUd4aBzTJmypcdFY5sJcql8qphncJHeZiH+Vqxdnk06lrlJ8TmuoffX/IFwhG3NCp9c11v9U0w+OQpQ==
JWT_EXPIRATION=30d # 30 days

# XSecurity Config
XSECURITY_ENABLED=false
XSECURITY_SECRET=your-XSecurity-secret
XSECURITY_MAX_ATTEMPTS=5
XSECURITY_DECAY_MINUTES=1
XSECURITY_RATE_LIMIT_ENABLED=false
XSECURITY_RATE_LIMIT_STORE_LIMIT=10000

# Database Config
DB_DRIVER=postgres
DB_HOST=db
Expand Down
4 changes: 4 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ JWT_EXPIRATION=3600 # 1 hour in seconds
# XSecurity Config
XSECURITY_ENABLED=false
XSECURITY_SECRET=your-XSecurity-secret
XSECURITY_MAX_ATTEMPTS=5
XSECURITY_DECAY_MINUTES=1
XSECURITY_RATE_LIMIT_ENABLED=true
XSECURITY_RATE_LIMIT_STORE_LIMIT=10000

#throttle config
THROTTLE_TTL=10
Expand Down
39 changes: 10 additions & 29 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

## About this project

`ims-nest-api-starter` is a backend API starter template using [NestJS](https://nestjs.com/), [PostgreSQL](https://www.postgresql.org/), [Redis](https://redis.io/), [BullMQ](https://bullmq.io/) and [MikroORM](https://mikro-orm.io/) designed for scalable applications.
`ims-nest-api-starter` is a backend API starter template using [NestJS](https://nestjs.com/), [PostgreSQL](https://www.postgresql.org/), [Redis](https://redis.io/), [BullMQ](https://bullmq.io/), [MikroORM](https://mikro-orm.io/) and [XSECURITY](https://www.npmjs.com/package/nestjs-xsecurity) designed for scalable applications.

### Key Features

Expand All @@ -16,7 +16,7 @@
- **Database Management**: MikroORM setup with PostgreSQL for efficient data handling.
- **Queue Management**: BullMQ for asynchronous tasks and event-driven architecture.
- **Email Notification**: Send emails using [Nodemailer](https://nodemailer.com/) with BullMQ asynchronously.
- **XSECURITY**: An added security layer that safeguards APIs against unauthorized access, ensuring data protection and integrity.
- **XSECURITY**: [XSECURITY](https://www.npmjs.com/package/nestjs-xsecurity) is an added security layer that safeguards APIs against unauthorized access, ensuring data protection and integrity.

## Getting Started Guide Without Docker

Expand Down Expand Up @@ -220,36 +220,17 @@ npm run test

## Xsecurity Setup

IMS introduces an additional layer of security, enhancing the API's reliability and resilience. With this system, only applications possessing a shared XSECURITY_TOKEN can send API requests to the server; others will be blocked. To get started, follow the guide below.
To ensure the security of your application, we have integrated [XSECURITY](https://www.npmjs.com/package/nestjs-xsecurity) which is a security layer that safeguards APIs against unauthorized access by token validation, rate limiting. here is the [XSECURITY Guide](https://github.com/AHS12/nestjs-xsecurity/wiki).

Getting Started
By default, XSecure is disabled! To enable it, set the XSECURITY_ENABLED value to true in your .env file:
for quick start, you can run the following command:

```bash
XSECURITY_ENABLED=true
npx nestjs-xsecurity install
```

Other wise it will be disabled.

Installation
Execute the following command to set up XSECURITY:

```bash
npm run xsecurity:install
```

This command generates a secret for your application and updates your .env file with the `XSECURITY_SECRET` field.

After running the command, you will receive output similar to this:

```bash
Generated secret: N+6WQq7RjqvE+KhMRFDtk1n09M98lBAb/P/8j/I3w/7ibNzgbJeg2a+gBjNpPbMgyXSgq0sebXzYwPwnFSmleg==
XSECURITY_SECRET key has been updated in the .env file.
```

Use this secret in your frontend or mobile app to generate a short-lived XSecure token, which will be verified by the backend server.

For more information on how to use XSECURITY, refer to the [XSECURITY Guide](https://github.com/Innovix-Matrix-Systems/ims-laravel-api-starter/wiki/XSECURE-setup).
This command will:
- Generate a secure random secret
- Set up required environment variables
- update the existing `.env` file with the new environment variables

## Extra CLI Commands

Expand Down Expand Up @@ -294,7 +275,7 @@ nest generate --help

You can create custom CLI commands tailored to your specific needs using the [nestjs-command](https://www.npmjs.com/package/nestjs-command) package.
This project already includes integration with [nestjs-command](https://www.npmjs.com/package/nestjs-command) package.
For reference, check out the `xsecurity` command implemented in [src/commands/xsecurity.command.ts](https://github.com/Innovix-Matrix-Systems/ims-nest-api-starter/blob/main/src/commands/xsecurity.command.ts).
For reference, check out the `create-module` command implemented in [src/commands/create-module.command.ts](https://github.com/Innovix-Matrix-Systems/ims-nest-api-starter/blob/main/src/commands/create-module.command.ts).

### Custom Module Creation Command

Expand Down
19 changes: 18 additions & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
"ims-nest-api-starter": "file:",
"ioredis": "^5.4.1",
"nestjs-command": "^3.1.4",
"nestjs-xsecurity": "^1.0.0",
"nodemailer": "^6.9.16",
"passport": "^0.7.0",
"passport-jwt": "^4.0.1",
Expand Down
27 changes: 16 additions & 11 deletions src/app.module.ts
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
import { MikroOrmModule } from '@mikro-orm/nestjs';
import { RedisModule } from '@nestjs-modules/ioredis';
import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
import { BullModule } from '@nestjs/bullmq';
import { Module } from '@nestjs/common';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { APP_GUARD } from '@nestjs/core';
import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
import { CommandModule } from 'nestjs-command';
import { XSecurityModule } from 'nestjs-xsecurity';
import { AppController } from './app.controller';
import { CreateModuleCommand } from './commands/create-module.command';
import { XSecureInstallCommand } from './commands/xsecurity.command';
import bullRedisConfig from './config/bull-redis.config';
import mikroOrmConfig from './config/mikro-orm.config';
import redisConfig from './config/redis.config';
import { XSecurityMiddleware } from './middlewares/xsecurity.middleware';
import xsecurityConfig from './config/xsecurity.config';
import { AuthModule } from './modules/auth/auth.module';
import { CacheModule } from './modules/cache/cache.module';
import { EmailModule } from './modules/email/email.module';
Expand All @@ -20,7 +21,6 @@ import { MiscModule } from './modules/misc/misc.module';
import { PermissionModule } from './modules/permission/permission.module';
import { RoleModule } from './modules/role/role.module';
import { UserModule } from './modules/user/user.module';
import { BullModule } from '@nestjs/bullmq';

@Module({
imports: [
Expand Down Expand Up @@ -55,9 +55,19 @@ import { BullModule } from '@nestjs/bullmq';
inject: [ConfigService],
useFactory: (configService: ConfigService) => ({
connection: bullRedisConfig(configService),
defaultJobOptions: { attempts: 3, removeOnComplete: true },
defaultJobOptions: {
attempts: 3,
removeOnComplete: true,
removeOnFail: true,
},
}),
}),
XSecurityModule.registerAsync({
imports: [ConfigModule],
inject: [ConfigService],
useFactory: (configService: ConfigService) =>
xsecurityConfig(configService),
}),
CommandModule,
HealthModule,
MiscModule,
Expand All @@ -74,12 +84,7 @@ import { BullModule } from '@nestjs/bullmq';
provide: APP_GUARD,
useClass: ThrottlerGuard,
},
XSecureInstallCommand,
CreateModuleCommand,
],
})
export class AppModule implements NestModule {
configure(consumer: MiddlewareConsumer) {
consumer.apply(XSecurityMiddleware).forRoutes('*');
}
}
export class AppModule {}
51 changes: 0 additions & 51 deletions src/commands/xsecurity.command.ts

This file was deleted.

61 changes: 61 additions & 0 deletions src/config/xsecurity.config.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
import { ConfigService } from '@nestjs/config';
import { config } from 'dotenv';
import { XSecurityConfig } from 'nestjs-xsecurity';
import { getConfigValue } from '../utils/helper';

// Load environment variables for CLI usage
config();

export class XsecurityConfig {
constructor(private readonly configService?: ConfigService) {}

configureOptions(): XSecurityConfig {
return {
enabled: !!getConfigValue<boolean>(
'XSECURITY_ENABLED',
false,
this.configService,
),
secret: getConfigValue<string>(
'XSECURITY_SECRET',
'',
this.configService,
),
token: {
headerName: 'X-SECURITY-TOKEN',
},
rateLimit: {
enabled: !!getConfigValue<boolean>(
'XSECURITY_RATE_LIMIT_ENABLED',
false,
this.configService,
),
maxAttempts: Number(
getConfigValue<string>(
'XSECURITY_MAX_ATTEMPTS',
'0',
this.configService,
),
),
decayMinutes: Number(
getConfigValue<string>(
'XSECURITY_DECAY_MINUTES',
'0',
this.configService,
),
),
storeLimit: Number(
getConfigValue<string>(
'XSECURITY_RATE_LIMIT_STORE_LIMIT',
'10000',
this.configService,
),
),
},
exclude: ['/health', '/api/v1/ping'],
};
}
}

export default (configService?: ConfigService) =>
new XsecurityConfig(configService).configureOptions();
Loading