@payk/nestjs-private-api-guard

API Protection for NestJS

Installation

npm install @payk/nestjs-private-api-guard

What does it do?

Quick Start

Add a Global Guard in the main.ts after the app creation

  app.useGlobalGuards(new PrivateApiGuard(app.get(Reflector)));

Public End-Point

Each call coming from outside the internal network will carry a header stating it came from the public. Add a decorator on top of your api end point you wish to expose through the Gateway

@PublicApi()
@Get()
getAllUsers() {
  return [];
}

Any end-point without the @PublicApi decorator won't be accessible through the gateway.

The header being used is by default X-Public-Api and is true when coming from the public domain.

You can choose a different header key name by passing the PrivateApiGuard another parameter:

  app.useGlobalGuards(new PrivateApiGuard(app.get(Reflector), 'X-My-Cool-Public'));

Consumer Group End-Point (ACL)

Each OAuth2 consumer has groups defined on him. We can use those groups in order to define access to specific end-point - for example, only the BackOffice can access that end-point, not the mobile (it's not per user, it's per consumer) Add a decorator on top of your api end point you wish to expose through the Gateway to a list of groups

@AllowedConsumerGroups('backoffice', 'admins')
@Get()
getAllUsers() {
  return [];
}