Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
emails-microservice
Advanced tools
Starter template for 😻 NestJS and Prisma.
Checkout NestJS Prisma Schematics to automatically add Prisma support to your Nest application.
Install Nestjs CLI to start and generate CRUD resources
npm i -g @nestjs/cli
Install the dependencies for the Nest application:
npm install
Setup a development PostgreSQL with Docker. Copy .env.example and rename to .env
- cp .env.example .env
- which sets the required environments for PostgreSQL such as POSTGRES_USER
, POSTGRES_PASSWORD
and POSTGRES_DB
. Update the variables as you wish and select a strong password.
Start the PostgreSQL database
docker-compose -f docker-compose.db.yml up -d
# or
npm run docker:db
Prisma Migrate is used to manage the schema and migration of the database. Prisma datasource requires an environment variable DATABASE_URL
for the connection to the PostgreSQL database. Prisma reads the DATABASE_URL
from the root .env file.
Use Prisma Migrate in your development environment to
migration.sql
filenpx prisma migrate dev
# or
npm run migrate:dev
If you like to customize your migration.sql
file run the following command. After making your customizations run npx prisma migrate dev
to apply it.
npx prisma migrate dev --create-only
# or
npm run migrate:dev:create
If you are happy with your database changes you want to deploy those changes to your production database. Use prisma migrate deploy
to apply all pending migrations, can also be used in CI/CD pipelines as it works without prompts.
npx prisma migrate deploy
# or
npm run migrate:deploy
Prisma Client JS is a type-safe database client auto-generated based on the data model.
Generate Prisma Client JS by running
Note: Every time you update schema.prisma re-generate Prisma Client JS
npx prisma generate
# or
npm run prisma:generate
Execute the script with this command:
npm run seed
Run Nest Server in Development mode:
npm run start
# watch mode
npm run start:dev
Run Nest Server in Production mode:
npm run start:prod
GraphQL Playground for the NestJS Server is available here: http://localhost:3000/graphql
Open up the example GraphQL queries and copy them to the GraphQL Playground. Some queries and mutations are secured by an auth guard. You have to acquire a JWT token from signup
or login
. Add the accessToken
as followed to HTTP HEADERS in the playground and replace YOURTOKEN
here:
{
"Authorization": "Bearer YOURTOKEN"
}
RESTful API documentation available with Swagger.
Nest server is a Node.js application and it is easily dockerized.
See the Dockerfile on how to build a Docker image of your Nest server.
Now to build a Docker image of your own Nest server simply run:
# give your docker image a name
docker build -t <your username>/nest-prisma-server .
# for example
docker build -t nest-prisma-server .
After Docker build your docker image you are ready to start up a docker container running the nest server:
docker run -d -t -p 3000:3000 --env-file .env nest-prisma-server
Now open up localhost:3000 to verify that your nest server is running.
When you run your NestJS application in a Docker container update your .env file
- DB_HOST=localhost
# replace with name of the database container
+ DB_HOST=postgres
# Prisma database connection
+ DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DB_HOST}:${DB_PORT}/${POSTGRES_DB}?schema=${DB_SCHEMA}&sslmode=prefer
If DATABASE_URL
is missing in the root .env
file, which is loaded into the Docker container, the NestJS application will exit with the following error:
(node:19) UnhandledPromiseRejectionWarning: Error: error: Environment variable not found: DATABASE_URL.
--> schema.prisma:3
|
2 | provider = "postgresql"
3 | url = env("DATABASE_URL")
You can also setup a the database and Nest application with the docker-compose
# building new NestJS docker image
docker-compose build
# or
npm run docker:build
# start docker-compose
docker-compose up -d
# or
npm run docker
Update the Prisma schema prisma/schema.prisma
and after that run the following two commands:
npx prisma generate
# or in watch mode
npx prisma generate --watch
# or
npm run prisma:generate
npm run prisma:generate:watch
The schema.graphql is generated with code first approach from the models, resolvers and input classes.
You can use class-validator to validate your inputs and arguments.
To implement the new query, a new resolver function needs to be added to users.resolver.ts
.
@Query(returns => User)
async getUser(@Args() args): Promise<User> {
return await this.prisma.client.user(args);
}
Restart the NestJS server and this time the Query to fetch a user
should work.
A GraphQL client is necessary to consume the GraphQL api provided by the NestJS Server.
Checkout Apollo a popular GraphQL client which offers several clients for React, Angular, Vue.js, Native iOS, Native Android and more.
To start using Apollo Angular simply run in an Angular and Ionic project:
ng add apollo-angular
HttpLink
from apollo-angular requires the HttpClient
. Therefore, you need to add the HttpClientModule
to the AppModule
:
imports: [BrowserModule,
HttpClientModule,
...,
GraphQLModule],
You can also add the GraphQLModule
in the AppModule
to make Apollo
available in your Angular App.
You need to set the URL to the NestJS GraphQL Api. Open the file src/app/graphql.module.ts
and update uri
:
const uri = 'http://localhost:3000/graphql';
To use Apollo-Angular you can inject private apollo: Apollo
into the constructor of a page, component or service.
To execute a query you can use:
this.apollo.query({query: YOUR_QUERY});
# or
this.apollo.watchQuery({
query: YOUR_QUERY
}).valueChanges;
Here is an example how to fetch your profile from the NestJS GraphQL Api:
const CurrentUserProfile = gql`
query CurrentUserProfile {
me {
id
email
name
}
}
`;
@Component({
selector: 'app-home',
templateUrl: 'home.page.html',
styleUrls: ['home.page.scss'],
})
export class HomePage implements OnInit {
data: Observable<any>;
constructor(private apollo: Apollo) {}
ngOnInit() {
this.data = this.apollo.watchQuery({
query: CurrentUserProfile,
}).valueChanges;
}
}
Use the AsyncPipe
and SelectPipe to unwrap the data Observable in the template:
<div *ngIf="data | async | select: 'me' as me">
<p>Me id: {{me.id}}</p>
<p>Me email: {{me.email}}</p>
<p>Me name: {{me.name}}</p>
</div>
Or unwrap the data using RxJs.
This will end up in an GraphQL error
because Me
is protected by an @UseGuards(GqlAuthGuard)
and requires an Bearer TOKEN
.
Please refer to the Authentication section.
To execute a mutation you can use:
this.apollo.mutate({
mutation: YOUR_MUTATION,
});
Here is an example how to login into your profile using the login
Mutation:
const Login = gql`
mutation Login {
login(email: "test@example.com", password: "pizzaHawaii") {
token
user {
id
email
name
}
}
}
`;
@Component({
selector: 'app-home',
templateUrl: 'home.page.html',
styleUrls: ['home.page.scss'],
})
export class HomePage implements OnInit {
data: Observable<any>;
constructor(private apollo: Apollo) {}
ngOnInit() {
this.data = this.apollo.mutate({
mutation: Login,
});
}
}
To execute a subscription you can use:
this.apollo.subscribe({
query: YOUR_SUBSCRIPTION_QUERY,
});
To authenticate your requests you have to add your TOKEN
you receive on signup
and login
mutation to each request which is protected by the @UseGuards(GqlAuthGuard)
.
Because the apollo client is using HttpClient
under the hood you are able to simply use an Interceptor
to add your token to the requests.
Create the following class:
import { Injectable } from '@angular/core';
import {
HttpEvent,
HttpInterceptor,
HttpHandler,
HttpRequest,
} from '@angular/common/http';
import { Observable } from 'rxjs';
@Injectable()
export class TokenInterceptor implements HttpInterceptor {
constructor() {}
intercept(
req: HttpRequest<any>,
next: HttpHandler
): Observable<HttpEvent<any>> {
const token = 'YOUR_TOKEN'; // get from local storage
if (token !== undefined) {
req = req.clone({
setHeaders: {
Authorization: `Bearer ${token}`,
},
});
}
return next.handle(req);
}
}
Add the Interceptor to the AppModule
providers like this:
providers: [
...
{ provide: HTTP_INTERCEPTORS, useClass: TokenInterceptor, multi: true },
...
]
After you configured the Interceptor and retrieved the TOKEN
from storage your request will succeed on resolvers with @UseGuards(GqlAuthGuard)
.
FAQs
Emails Microservice
We found that emails-microservice demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.