No description
Find a file
QuinnFTW 9ff3d4d006
Some checks failed
Build and Publish / build-and-publish (push) Failing after 56s
deps-upgrade(config): ⬆️ Update config dependencies to latest stable versions
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 04:29:46 -07:00
.forgejo/workflows chore: 🔧 Update files 2026-01-15 06:56:42 -08:00
.githooks chore: configure GitLab CI/CD with workspace protocol 2025-12-28 03:33:11 -08:00
src security(auth): 🔒️ Update auth module security configuration and root exports for enhanced validation (JWT/OAuth provider updates) 2026-03-18 19:35:03 -07:00
.gitignore chore(gitignore): Add missing patterns 2026-01-21 11:44:43 -08:00
eslint.config.js fix(@nestjs/auth): 🐛 update package.json to specify type as module 2026-01-04 20:45:37 -08:00
package.json deps-upgrade(config): ⬆️ Update config dependencies to latest stable versions 2026-06-10 04:29:46 -07:00
README.md chore: trigger CI publish 2026-01-30 15:48:48 -08:00
tsconfig.json chore(config): 🔧 Update TypeScript compiler options in tsconfig.json 2026-01-21 12:37:17 -08:00
tsup.config.ts chore(build): 🔧 Update tsup bundling config with optimized build settings (e.g., minification, sourcemaps, and entry splitting) 2026-01-21 15:31:57 -08:00

@lilith/nestjs-auth

NestJS shared authentication utilities with JWT support, guards, and decorators.

Features

  • JWT Guard: Passport-based JWT authentication guard
  • Public Decorator: Mark routes as publicly accessible
  • CurrentUser Decorator: Extract authenticated user from request
  • Module Configuration: Flexible JWT configuration options

Installation

pnpm add @lilith/nestjs-auth

Peer Dependencies

pnpm add @nestjs/common @nestjs/core @nestjs/jwt @nestjs/passport passport passport-jwt

Quick Start

import { Module } from '@nestjs/common';
import { AuthModule } from '@lilith/nestjs-auth';

@Module({
  imports: [
    AuthModule.register({
      jwtSecret: process.env.JWT_SECRET,
      jwtExpiresIn: '1h',
    }),
  ],
})
export class AppModule {}

Configuration

Sync Configuration

AuthModule.register({
  jwtSecret: 'your-secret-key',
  jwtExpiresIn: '1h',
  jwtIssuer: 'my-app',
});

Async Configuration

AuthModule.registerAsync({
  imports: [ConfigModule],
  inject: [ConfigService],
  useFactory: (config: ConfigService) => ({
    jwtSecret: config.get('JWT_SECRET'),
    jwtExpiresIn: config.get('JWT_EXPIRES_IN'),
  }),
});

Decorators

@Public()

Mark a route as publicly accessible (bypasses JWT guard):

import { Controller, Get } from '@nestjs/common';
import { Public } from '@lilith/nestjs-auth';

@Controller('api')
export class ApiController {
  @Get('public')
  @Public()
  publicEndpoint() {
    return { message: 'This is public' };
  }

  @Get('protected')
  protectedEndpoint() {
    return { message: 'This requires authentication' };
  }
}

@CurrentUser()

Extract the authenticated user from the request:

import { Controller, Get } from '@nestjs/common';
import { CurrentUser, AuthenticatedUser } from '@lilith/nestjs-auth';

@Controller('api')
export class ApiController {
  @Get('profile')
  getProfile(@CurrentUser() user: AuthenticatedUser) {
    return {
      id: user.sub,
      email: user.email,
    };
  }

  // Get specific property
  @Get('user-id')
  getUserId(@CurrentUser('sub') userId: string) {
    return { userId };
  }
}

Guards

JwtAuthGuard

Apply JWT authentication to routes or controllers:

import { Controller, Get, UseGuards } from '@nestjs/common';
import { JwtAuthGuard } from '@lilith/nestjs-auth';

@Controller('api')
@UseGuards(JwtAuthGuard)
export class ApiController {
  @Get('data')
  getData() {
    return { data: 'protected' };
  }
}

Global Guard

Apply JWT authentication globally:

import { Module } from '@nestjs/common';
import { APP_GUARD } from '@nestjs/core';
import { JwtAuthGuard, AuthModule } from '@lilith/nestjs-auth';

@Module({
  imports: [AuthModule.register({ ... })],
  providers: [
    {
      provide: APP_GUARD,
      useClass: JwtAuthGuard,
    },
  ],
})
export class AppModule {}

With global guard, use @Public() to opt-out specific routes.

Types

AuthenticatedUser

interface AuthenticatedUser {
  sub: string;           // Subject (user ID)
  email?: string;        // User email
  roles?: string[];      // User roles
  [key: string]: unknown; // Additional claims
}

AuthModuleOptions

interface AuthModuleOptions {
  jwtSecret: string;
  jwtExpiresIn?: string;  // e.g., '1h', '7d'
  jwtIssuer?: string;
  jwtAudience?: string;
}

Exports

// Decorators
export { Public, IS_PUBLIC_KEY } from './decorators/public.decorator';
export { CurrentUser, type AuthenticatedUser } from './decorators/current-user.decorator';

// Guards
export { JwtAuthGuard } from './guards/jwt-auth.guard';

// Module
export { AuthModule, type AuthModuleOptions, type AuthModuleAsyncOptions } from './auth.module';

License

MIT