Just how to Develop a Secure Nest.js REST API Using JWT as well as MongoDB

  • Just how to Develop a Secure Nest.js REST API Using JWT as well as MongoDB

Express.js is a wonderful technology for constructing secure and robust REST APIs, however, it doesn't offer a predefined framework. Its minimalistic nature enables you to manage important facets like directing, code organization, and safety steps either manually or by leveraging available middleware and libraries.

On the other hand, Nest.js, built on top of Express.js and Node.js, introduces a higher-level abstraction that supplies a clear framework, a robust code organization strategy, and also simplified execution details. Basically, Nest.js gives an extra structured style for building efficient as well as secure backend APIs and also solutions.

Setting Up a Nest.js Task

To get going, you first need to mount Nest.js' command line (CLI) internationally by running the command below:

npm i -g @nestjs/cli

As soon as the installment is full, go ahead, and create a brand-new project, by running:

nest new nest-jwt-api

Next, Nest.js CLI will certainly trigger you to pick a plan supervisor to mount the reliances. For this tutorial, we'll use npm, the Node Plan Supervisor. Select npm and wait while the CLI develops a standard Nest.js project and also mounts all the called for setup data and also preliminary reliances required to run the application.

nest new nest-jwt-api

After the task is established, browse to the project directory site and also begin the advancement server.

cd nest-jwt-api
npm run start

Run the command listed below to mount the plans we'll make use of for this project.

npm install mongodb mongoose @nestjs/mongoose @types/bcrypt bcrypt jsonwebtoken @nestjs/jwt

Set Up MongoDB Database Link

Set up a MongoDB database in your area or configure a MongoDB collection on the cloud. After setting up the database, copy the database link URI string, produce a.env data in the origin directory of our job folder, and also paste in the link string:

MONGO_URI="connection string"

Next off, upgrade the app.module.ts in the src directory file to set up Mongoose as adheres to:

import { Module } from '@nestjs/common';
import { ConfigModule } from '@nestjs/config';
import { MongooseModule } from '@nestjs/mongoose';
import { AppController } from './app.controller';
import { AppService } from './app.service';
import { UserAuthModule } from './user-auth/user-auth.module';

  imports: [
      envFilePath: '.env',
      isGlobal: true,
  controllers: [AppController],
  providers: [AppService],

export class AppModule {}

The offered code sets up 3 necessary modules for the Nest.js application: ConfigModule for atmosphere configuration, MongooseModule for developing the MongoDB link, as well as UserAuthModule for user authentication. Please note that, at this phase, an error could occur because the UserAuthModule is not yet defined, however we'll develop it in the next section.

Producing the Individual Verification Module

To maintain clean and also well-organized code, develop a customer verification module by running the complying with command.

nest g module user-auth

The Nest.js CLI device immediately creates the called for module documents. Furthermore, it will certainly upgrade the app.module.ts data, integrating the needed adjustments related to the customer authentication module.

You can decide to produce the main project configuration data by hand, however, the CLI tool streamlines this procedure by automatically developing the called for products, along with, upgrading the adjustments accordingly in the app.module.ts documents.

Produce an Individual Schema

Inside the recently created user-auth folder in the src directory site, produce a brand-new schemas/user-auth. schema.ts submit, as well as add the following code to develop a Mongoose schema for the User model

import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
import { Document } from 'mongoose';

@Schema({ timestamps: true })
export class User {
  username: string;
  password: string;

export type UserDocument = User & Document;
export const UserSchema = SchemaFactory.createForClass(User);

Producing the User Authentication Solution

Now, allow's produce the individual authentication solution that will certainly manage the authentication logic for the REST API by running the command listed below:

nest g service user-auth

This command will certainly produce a user-auth. service.ts submit inside the user-auth directory site. Open this documents and also update it with the following code.

Initially, make the complying with imports.

import { Injectable, NotFoundException, Logger, UnauthorizedException } from '@nestjs/common';
import { InjectModel } from '@nestjs/mongoose';
import { Model } from 'mongoose';
import { User } from './schemas/user-auth.schema';
import * as bcrypt from 'bcrypt';
import { JwtService } from '@nestjs/jwt';

Develop a UserAuthService class that encapsulates the functionality for customer enrollment, login, and recovering all user information routes:

import { Injectable, NotFoundException, Logger, UnauthorizedException } from '@nestjs/common';
import { InjectModel } from '@nestjs/mongoose';
import { Model } from 'mongoose';
import { User } from './schemas/user-auth.schema';
import * as bcrypt from 'bcrypt';
import { JwtService } from '@nestjs/jwt';

The UserAuthService course executes the reasoning of individual registration, login, and obtaining user data. It uses the userModel to interact with the data source as well as carry out the needed activities consisting of hashing the password during registration, validating login credentials, as well as last but not least, generating JWT tokens after successful authentication.

Carrying Out the Verification Guard

To ensure the safety and security of sensitive resources, it is vital to restrict gain access to exclusively to authorized customers. This is achieved by enforcing a protection action that mandates the presence of a valid JWT in succeeding API requests made to secured endpoints, in this situation, the users route. In the user-auth directory, produce a brand-new auth.guard.ts data as well as include the code listed below.

import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { Request } from 'express';
import { secretKey } from './config';

export class AuthGuard implements CanActivate {
  constructor(private jwtService: JwtService) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const request = context.switchToHttp().getRequest();
    const token = this.extractTokenFromHeader(request);
    if (!token) {
      throw new UnauthorizedException();
    try {
      const payload = await this.jwtService.verifyAsync(token, {
        secret: secretKey.secret,
      request['user'] = payload;
    } catch {
      throw new UnauthorizedException();
    return true;
  private extractTokenFromHeader(request: Request): string | undefined {
    const [type, token] = request.headers.authorization?.split(' ') ?? [];
    return type === 'Bearer' ? token : undefined;

The code implements a guard, as specified in the main documents, to protect courses and also guarantee that just authenticated customers with a valid JWT token can access them.

If the token is missing or invalid, it throws an UnauthorizedException to stop access to the secured route.

Now, develop config.ts file in the very same directory, as well as add the code listed below.

export const secretKey = {
    secret: 'SECTRET VALUE.',

This secret key is utilized to confirm the authenticity and authorize of JWTs. It's essential to keep the key value securely to avoid unauthorized accessibility and protect the stability of the JWTs.

Define the API Controller

Develop a controller that takes care of the API endpoints for individual verification.

nest g controller user-auth

Next off, replicate the code provided in this GitHub database documents, and include it to the user-auth. controller.ts file-- it defines the endpoints for user enrollment, login, and also obtaining individual data. The UseGuards( AuthGuard) designer is consisted of to implement verification for the getUsers endpoint, making sure that only confirmed users are given gain access to.

Update the user-auth. module.ts Submit

To mirror the adjustments made to the job, upgrade the user-auth. module.ts file to set up the essential modules, services, and also controllers for user authentication.

import { Module, NestModule, MiddlewareConsumer } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { UserAuthController } from './user-auth.controller';
import { UserAuthService } from './user-auth.service';
import { MongooseModule } from '@nestjs/mongoose';
import { UserSchema } from './schemas/user-auth.schema';
import { secretKey } from './config';

  imports: [
    MongooseModule.forFeature([{ name: 'User', schema: UserSchema }]),
      secret: secretKey.secret,
      signOptions: { expiresIn: '1h' },
  controllers: [UserAuthController],
  providers: [UserAuthService],

export class UserAuthModule implements NestModule {
  configure(consumer: MiddlewareConsumer) {

Lastly, rotate up the growth web server and test the API endpoints utilizing Mail carrier.

npm run start

Structure Secure Nest.js REST APIs

Structure secure Nest.js REST APIs needs a detailed technique that surpasses simply relying upon JWTs for verification and consent. While JWTs are very important, it is equally important to apply added safety and security actions.

In addition, by focusing on safety at every phase of API growth, you can make certain the safety and security of your backend systems.



Related Articles

7 Reasons Your Website Isn’t Mobile Responsive

A sizable portion of your audience, if you run a website, will be utilising a mobile device. Make sure you're providing them with the finest experience possible.

The Internet: How It's Changed Our Lives Forever

the Internet on our daily lives and how it has revolutionized the way we live, work, and connect with others.

Top 5 AI-Powered Applications for Daily Use

AI-powered applications are now being used by millions of people around the world to simplify and automate tasks, from scheduling meetings to providing medical diagnoses.

Free Movie Streaming Sites With No Sign Up Requirements

To enjoy a movie without the trouble, go here. Use these free, reputable, and registration-free websites.