Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions apps/backend/.env.example
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,13 @@ SERVICE_ACCOUNT={...}
PORT=3000

NODE_ENV=development

# Google OAuth (optional - for Google identity provider)
GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-google-client-secret

# Self-issued JWT (RS256) - run `pnpm --filter backend generate:keys` to create keys
JWT_ISSUER=https://api.yourapp.com
JWT_PRIVATE_KEY_PATH=./keys/private.pem
JWT_PUBLIC_KEY_PATH=./keys/public.pem
JWT_EXPIRES_IN=1h
7 changes: 5 additions & 2 deletions apps/backend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@
"test:watch": "jest --watch",
"test:cov": "jest --coverage",
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
"test:e2e": "jest --config ./test/jest-e2e.json"
"test:e2e": "jest --config ./test/jest-e2e.json",
"generate:keys": "bash scripts/generate-keys.sh"
},
"dependencies": {
"@auth0/auth0-spa-js": "^2.1.3",
Expand All @@ -33,6 +34,8 @@
"class-transformer": "^0.5.1",
"class-validator": "^0.14.1",
"dotenv": "^16.4.7",
"google-auth-library": "^10.5.0",
"jsonwebtoken": "^9.0.3",
"jwks-rsa": "^3.2.0",
"nestjs-cls": "^5.4.1",
"passport": "^0.7.0",
Expand All @@ -55,7 +58,7 @@
"@swc/core": "^1.10.7",
"@types/express": "^5.0.0",
"@types/jest": "^29.5.14",
"@types/jsonwebtoken": "^9.0.9",
"@types/jsonwebtoken": "^9.0.10",
"@types/node": "^22.10.7",
"@types/passport": "^1.0.17",
"@types/passport-jwt": "^4.0.1",
Expand Down
42 changes: 42 additions & 0 deletions apps/backend/scripts/generate-keys.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
#!/bin/bash

# Generate RSA key pair for RS256 JWT signing
# This script creates private and public keys for self-issued JWT tokens

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
KEYS_DIR="$SCRIPT_DIR/../keys"

# Create keys directory if it doesn't exist
mkdir -p "$KEYS_DIR"

# Check if keys already exist
if [ -f "$KEYS_DIR/private.pem" ] && [ -f "$KEYS_DIR/public.pem" ]; then
echo "Keys already exist in $KEYS_DIR"
echo "To regenerate, delete the existing keys first."
exit 0
fi

echo "Generating RSA key pair..."

# Generate 2048-bit RSA private key
openssl genrsa -out "$KEYS_DIR/private.pem" 2048

# Extract public key from private key
openssl rsa -in "$KEYS_DIR/private.pem" -pubout -out "$KEYS_DIR/public.pem"

# Set appropriate permissions
chmod 600 "$KEYS_DIR/private.pem"
chmod 644 "$KEYS_DIR/public.pem"

echo ""
echo "RSA key pair generated successfully!"
echo " Private key: $KEYS_DIR/private.pem"
echo " Public key: $KEYS_DIR/public.pem"
echo ""
echo "Add these to your .env file:"
echo " JWT_PRIVATE_KEY_PATH=./keys/private.pem"
echo " JWT_PUBLIC_KEY_PATH=./keys/public.pem"
echo ""
echo "IMPORTANT: Never commit the private key to version control!"
29 changes: 25 additions & 4 deletions apps/backend/src/auth/auth.module.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,33 @@ import { Module, Global } from '@nestjs/common';
import { PassportModule } from '@nestjs/passport';
import { JwtStrategy } from './jwt.strategy';
import { UsersModule } from 'src/modules/users/users.module';
import { ConfigModule } from '@nestjs/config';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { GoogleProvider } from './providers';
import { JwtTokenService, SelfIssuedJwtStrategy } from './jwt';

@Global()
@Module({
imports: [ConfigModule, PassportModule.register({ defaultStrategy: 'jwt' }), UsersModule],
providers: [JwtStrategy],
exports: [PassportModule, UsersModule],
imports: [
ConfigModule,
PassportModule.register({ defaultStrategy: 'jwt' }),
UsersModule,
],
providers: [
JwtStrategy,
SelfIssuedJwtStrategy,
JwtTokenService,
{
provide: GoogleProvider,
useFactory: (configService: ConfigService) => {
const googleClientId = configService.get<string>('GOOGLE_CLIENT_ID');
if (googleClientId) {
return new GoogleProvider(configService);
}
return null;
},
inject: [ConfigService],
},
],
exports: [PassportModule, UsersModule, JwtTokenService, GoogleProvider],
})
export class AuthModule {}
2 changes: 2 additions & 0 deletions apps/backend/src/auth/jwt/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
export * from './jwt.service';
export * from './self-issued-jwt.strategy';
Loading