Socket
Socket
Sign inDemoInstall

nestjs-url-generator

Package Overview
Dependencies
4
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

nestjs-url-generator

NestJs library for generating & signing url


Version published
Weekly downloads
898
increased by0.79%
Maintainers
1
Created
Weekly downloads
 

Readme

Source

NestJS module for generating & signing URL

CodeFactor NPM Version NPM Downloads License

Description

URL Generation is used to dynamically generate URL that point to NestJS controller method (Route).

nestjs-url-generator can generate plain and signed URLs

Installation

npm i --save nestjs-url-generator

Or if you use Yarn:

yarn add nestjs-url-generator

Requirements

nestjs-url-generator is built to work with Nest 7 and newer versions.

Basic Usage

Include Module

First you need to import [UrlGeneratorModule]:

app.module.ts

import { UrlGeneratorModule } from 'nestjs-url-generator';

@Module({
  imports: [
    UrlGeneratorModule.forRoot({
      secret: 'secret', // optional, required only for signed URL
      appUrl: 'https://localhost:3000',
    }),
  ],
})
export class ApplicationModule {}

Or Async Import With .ENV usage

.ENV

APP_KEY=secret
APP_URL=https://localhost:3000

signed-url.config.ts

import { UrlGeneratorModuleOptions } from 'nestjs-url-generator';

export function urlGeneratorModuleConfig(): UrlGeneratorModuleOptions {
  return {
    secret: process.env.APP_KEY,
    appUrl: process.env.APP_URL,
  };
}

app.module.ts

import { UrlGeneratorModule } from 'nestjs-url-generator';

@Module({
  imports: [
    ConfigModule.forRoot(),
    UrlGeneratorModule.forRootAsync({
      useFactory: () => urlGeneratorModuleConfig(),
    }),
  ],
})
export class ApplicationModule {}

Using Service

Now you need to register the service, by injecting it to the constructor. There are two methods for generating url:

generateUrlFromController({
  controller,
  controllerMethod,
  /*?*/ query,
  /*?*/ params,
});

generateUrlFromPath({
  relativePath,
  /*?*/ query,
  /*?*/ params,
});

app.controller.ts

import { UrlGeneratorService } from 'nestjs-url-generator';

@Controller()
export class AppController {
  constructor(private readonly urlGeneratorService: UrlGeneratorService) {}

  @Get('makeUrl')
  async makeUrl(): Promise<string> {
    const params = {
      version: '1.0',
      userId: 12,
    };

    const query = {
      email: 'email@email',
    };

    // This will generate:
    // https://localhost:3000/emailVerification/1.0/12?email=email%40email
    return this.urlGeneratorService.generateUrlFromController({
      controller: AppController,
      controllerMethod: AppController.prototype.emailVerification,
      query: query,
      params: params,
    });
  }
}

Generate Signed URL

There are two methods for generating url:

SignControllerUrl({
  controller,
  controllerMethod,
  /*?*/ expirationDate,
  /*?*/ query,
  /*?*/ params,
});

SignUrl({
  relativePath,
  /*?*/ expirationDate,
  /*?*/ query,
  /*?*/ params,
});

app.controller.ts

import { UrlGeneratorService } from 'nestjs-url-generator';

@Controller()
export class AppController {
  constructor(private readonly urlGeneratorService: UrlGeneratorService) {}

  @Get('makeSignUrl')
  async makeSignUrl(): Promise<string> {
    // This will generate:
    // https://localhost:3000/emailVerification?
    // expirationDate=2021-12-12T00%3A00%3A00.000Z&
    // signed=84b5a021c433d0ee961932ac0ec04d5dd5ffd6f7fdb60b46083cfe474dfae3c0
    return this.urlGeneratorService.SignControllerUrl({
      controller: AppController,
      controllerMethod: AppController.prototype.emailVerification,
      expirationDate: new Date('2021-12-12'),
      // or using DateTime library of your choice
      // will be expired 30 minutes after it was created
      expirationDate: dayjs().add(30, 'minute').toDate(),
    });
  }
}
  • [expirationDate] and [signed] query keys are used for signed URL.

  • By default, the signed URLs lives forever. You can add expiration date to them at the time of generating one.

Reminder

The difference between params & query in ExpressJS


Using Guard

You can use SignUrlGuard to verify the signed url in controller.

If the url has been tampered or when the expiration date is due, then a Forbidden exception will be thrown.

app.controller.ts

import { SignedUrlGuard } from 'nestjs-url-generator';

@Controller()
export class AppController {
  constructor(private readonly urlGeneratorService: UrlGeneratorService) {}

  @Get('emailVerification')
  @UseGuards(SignedUrlGuard)
  async emailVerification(): Promise<string> {
    return 'You emailed has been verified.';
  }
}

Note

  • Changing the secret key will invalidate all signed urls

  • Signed URL is typically used for unsubscribe email, email verification, sign file permission, and more.

  • If you are using https with reverse proxy please make sure to enable trust proxy in express

const app = await NestFactory.create<NestExpressApplication>(AppModule);

app.set('trust proxy', true);
// or
expressSession({ proxy: true });

Generating Keys using node REPL

require('crypto').randomBytes(64, (err, buf) => {
  if (err) throw err;
  console.log(`${buf.length} bytes of random data: ${buf.toString('base64')}`);
  process.exit();
});

TODO

  • Create unit test (expiration, tampered, with or without globalPrefix, request with or without query & param, if target for signerUrl doesn't have guard)

  • Automate CI, npm run build, push, npm publish

Keywords

FAQs

Last updated on 24 Nov 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc