Developing a Secure API with NestJS

Hi, thanks for the excellent tutorial, but I had problems with the implementation of this API, because I don’t understand how the frontend works, if I need to add a token in the request header to the Auth0. Can you show the frontend code of this application?

1 Like

Thank you for joining the Auth0 community and for your kind feedback :slight_smile:

:pray: Sorry for the late reply. I missed the notification. It’s definitely in the works to release the client application with a tutorial. I’ve been making some tweaks as the current app uses a demo launcher to bootstrap the Auth0 values.

Right now that client is built with React and RxJS. Is that an architecture that interests you?

My goal is to provide it in both React and Angular. I think that for React it may be more mainstream to use the Context API instead of RxJS.

Adan, I am currently working on this to simplify the client application and its corresponding tutorial.

@zacksinclair, @mob, @jajaperson and anyone else who may know: Is there a best practice or commended way to initiate a module such as MongooseModule using an environmental variables? I essentially need to use a secret in the connection string to MongoDB Cloud but I have not found an easy way to make this work with the existing ConfigModule and ConfigService.

The goal is to have something like this:

@Module({
  imports: [
    ConfigModule.forRoot(),
    MenusModule,
    LocationsModule,
    ItemsModule,
    MongooseModule.forRoot(
      `mongodb+srv://<USERNAME>:<PASSWORD>@someclustername.mongodb.net/test?retryWrites=true&w=majority`,
    ),
  ],
  controllers: [AppController],
  providers: [AppService],
})
export class AppModule {}

But I’d like USERNAME and PASSWORD to come from an .env file.

Thank you for any insight you may provide me on this :slight_smile:

I think this may be the best way :thinking:

1 Like

Dan I responded to the email! Yes the user guide works except it’s designed to use with mogoose and I wanted to use mongoDb so this is what I did:

In the app.module I wrote

//app.module

import { Module } from '@nestjs/common';
import { ItemsModule } from './items/items.module';
import { TypeOrmModule } from '@nestjs/typeorm';
import { Item } from './items/item.entity';
import * as dotenv from 'dotenv';

dotenv.config();

@Module({
 imports: [ItemsModule, TypeOrmModule.forRoot({
   type: 'mongodb',
   url: process.env.URL,
   database: process.env.DATABASE,
   entities: [Item],
   synchronize: true
})],
 controllers: [],
 providers: [],
})
export class AppModule { }

Then I wrote the service like this:

import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { getMongoRepository } from 'typeorm';
import { Item } from './item.entity';


@Injectable()
export class ItemsService {

 manager = getMongoRepository(Item);

 async create(newItem: Item): Promise<void> {
   try {
     await this.manager.insert(newItem);
  } catch (err) {
     return err;
  }
}
}

I used the MongoDB TypeORM definition
https://github.com/typeorm/typeorm/blob/master/docs/mongodb.md

As far as dotEnv I really did not have problems.

Hope this helps,

Adan

Really great tutorial.

Suggest to change the example so that the audience variable ends with a “/”.

I just spent over an hour trying to figure out what’s wrong with my code, eventually it was the missing “/”. This is missing in your example as well.

2 Likes

Thanks for letting us know @MrRennen!

Howdy, welcome to the Auth0 Community. Thank you for your feedback and I am glad that you enjoyed the tutorial.

:thinking: When you created the identifier, did you perhaps add the / at the end? The identifier can be anything you want. The tutorial suggests using https://menu-api.demo.com but you can use any other string value:

The value of AUTH0_AUDIENCE in the .env file just needs to match whatever the value of the Identifier is :slight_smile: