Skip to content

Dynamically generating & signing URL based on controller method reference.

License

Notifications You must be signed in to change notification settings

vh13294/nestjs-url-generator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NestJS module for generating & signing URL

CodeFactor NPM Version NPM Downloads License

Description

URL Generation is used to dynamically generate URL that point to NestJS controller method (Route).

nestjs-url-generator can generate plain and signed URLs

Installation

npm i --save nestjs-url-generator

Or if you use Yarn:

yarn add nestjs-url-generator

Requirements

nestjs-url-generator is built to work with Nest 7 and newer versions.

Basic Usage

Include Module

First you need to import [UrlGeneratorModule]:

app.module.ts

import { UrlGeneratorModule } from 'nestjs-url-generator';

@Module({
  imports: [
    UrlGeneratorModule.forRoot({
      secret: 'secret', // optional, required only for signed URL
      appUrl: 'https://localhost:3000',
    }),
  ],
})
export class ApplicationModule {}

Or Async Import With .ENV usage

.ENV

APP_KEY=secret
APP_URL=https://localhost:3000

signed-url.config.ts

import { UrlGeneratorModuleOptions } from 'nestjs-url-generator';

export function urlGeneratorModuleConfig(): UrlGeneratorModuleOptions {
  return {
    secret: process.env.APP_KEY,
    appUrl: process.env.APP_URL,
  };
}

app.module.ts

import { UrlGeneratorModule } from 'nestjs-url-generator';

@Module({
  imports: [
    ConfigModule.forRoot(),
    UrlGeneratorModule.forRootAsync({
      useFactory: () => urlGeneratorModuleConfig(),
    }),
  ],
})
export class ApplicationModule {}

Using Service

Now you need to register the service, by injecting it to the constructor. There are two methods for generating url:

generateUrlFromController({
  controller,
  controllerMethod,
  /*?*/ query,
  /*?*/ params,
});

generateUrlFromPath({
  relativePath,
  /*?*/ query,
  /*?*/ params,
});

app.controller.ts

import { UrlGeneratorService } from 'nestjs-url-generator';

@Controller()
export class AppController {
  constructor(private readonly urlGeneratorService: UrlGeneratorService) {}

  @Get('makeUrl')
  async makeUrl(): Promise<string> {
    const params = {
      version: '1.0',
      userId: 12,
    };

    const query = {
      email: 'email@email',
    };

    // This will generate:
    // https://localhost:3000/emailVerification/1.0/12?email=email%40email
    return this.urlGeneratorService.generateUrlFromController({
      controller: AppController,
      controllerMethod: AppController.prototype.emailVerification,
      query: query,
      params: params,
    });
  }
}

Generate Signed URL

There are two methods for generating url:

SignControllerUrl({
  controller,
  controllerMethod,
  /*?*/ expirationDate,
  /*?*/ query,
  /*?*/ params,
});

SignUrl({
  relativePath,
  /*?*/ expirationDate,
  /*?*/ query,
  /*?*/ params,
});

app.controller.ts

import { UrlGeneratorService } from 'nestjs-url-generator';

@Controller()
export class AppController {
  constructor(private readonly urlGeneratorService: UrlGeneratorService) {}

  @Get('makeSignUrl')
  async makeSignUrl(): Promise<string> {
    // This will generate:
    // https://localhost:3000/emailVerification?
    // expirationDate=2021-12-12T00%3A00%3A00.000Z&
    // signed=84b5a021c433d0ee961932ac0ec04d5dd5ffd6f7fdb60b46083cfe474dfae3c0
    return this.urlGeneratorService.SignControllerUrl({
      controller: AppController,
      controllerMethod: AppController.prototype.emailVerification,
      expirationDate: new Date('2021-12-12'),
      // or using DateTime library of your choice
      // will be expired 30 minutes after it was created
      expirationDate: dayjs().add(30, 'minute').toDate(),
    });
  }
}
  • [expirationDate] and [signed] query keys are used for signed URL.

  • By default, the signed URLs lives forever. You can add expiration date to them at the time of generating one.

Reminder

The difference between params & query in ExpressJS


Using Guard

You can use SignUrlGuard to verify the signed url in controller.

If the url has been tampered or when the expiration date is due, then a Forbidden exception will be thrown.

app.controller.ts

import { SignedUrlGuard } from 'nestjs-url-generator';

@Controller()
export class AppController {
  constructor(private readonly urlGeneratorService: UrlGeneratorService) {}

  @Get('emailVerification')
  @UseGuards(SignedUrlGuard)
  async emailVerification(): Promise<string> {
    return 'You emailed has been verified.';
  }
}

Note

  • Changing the secret key will invalidate all signed urls

  • Signed URL is typically used for unsubscribe email, email verification, sign file permission, and more.

  • If you are using https with reverse proxy please make sure to enable trust proxy in express

const app = await NestFactory.create<NestExpressApplication>(AppModule);

app.set('trust proxy', true);
// or
expressSession({ proxy: true });

Generating Keys using node REPL

require('crypto').randomBytes(64, (err, buf) => {
  if (err) throw err;
  console.log(`${buf.length} bytes of random data: ${buf.toString('base64')}`);
  process.exit();
});

TODO

  • Create unit test (expiration, tampered, with or without globalPrefix, request with or without query & param, if target for signerUrl doesn't have guard)

  • Automate CI, npm run build, push, npm publish