A complete NestJS application with JWT authentication, multiple database support (PostgreSQL, MongoDB, Redis), Docker containerization, and enterprise-grade security features.
- Rate Limiting: Protection against brute force attacks
- Strong Password Policy: 12+ characters with complexity requirements
- Secure JWT: Short-lived tokens with issuer/audience validation
- CORS Protection: Restricted origins and methods
- Security Headers: Helmet.js for comprehensive protection
- Input Validation: Class-validator with strict validation
- Data Redaction: Sensitive data automatically excluded from logs
- Network Isolation: Database ports not exposed publicly
- Strong Authentication: bcrypt with 12 rounds
- JWT Authentication - Login/Register with refresh tokens
- Password Reset - OTP-based password recovery via email
- Rate Limiting - Configurable limits per endpoint type
- Session Management - Secure token handling
- PostgreSQL - Primary database with TypeORM
- MongoDB - Document storage (internal use only)
- Redis - Caching and session management (internal use only)
- Dual ID System - Integer IDs for internal use, UUIDs for external APIs
- Data Redaction - Sensitive fields automatically excluded from logs and responses
- Soft Deletes - Records marked as deleted without physical removal
- Request Tracking - Unique request IDs for debugging and monitoring
- Complete containerization for development and production
- Network isolation for security
- Health checks for all services
- Environment-based configuration
- SMTP integration with fallback logging
- OTP delivery for password resets
- Configurable templates
- Winston with request tracking
- Request ID correlation
- Sensitive data redaction
- Configurable log levels
- Environment-based configuration
- Security best practices
- Performance optimizations
- Comprehensive error handling
- Node.js (v18 or higher)
- Docker & Docker Compose
- npm
git clone <your-repo>
cd nest_js_example
npm installIMPORTANT: Copy the secure environment template and update with your values:
cp env.secure .env
# Edit .env with your actual passwords and configurationRequired Environment Variables:
DB_PASSWORD- Strong PostgreSQL passwordMONGO_PASSWORD- Strong MongoDB passwordREDIS_PASSWORD- Strong Redis passwordJWT_SECRET- Cryptographically secure random string (64+ chars)
openssl rand -base64 64Development with hot reload:
# Start only databases
npm run docker:dev
# In another terminal, run the app locally
npm run start:devFull production setup:
npm run docker:prod- Default: 100 requests per minute
- Authentication: 10 requests per minute
- Registration: 5 requests per minute
- Login: 5 attempts per minute
- Password Reset: 3 requests per minute
- Minimum length: 12 characters
- Complexity: Uppercase, lowercase, number, special character
- Hashing: bcrypt with 12 rounds
- Access token: 15 minutes expiration
- Issuer validation:
nestjs-auth-api - Audience validation:
nestjs-users - No weak fallbacks
- Development:
localhost:3000,localhost:3001 - Production: Configurable allowed origins
- Methods: GET, POST, PUT, DELETE, PATCH
- Headers: Content-Type, Authorization, x-request-id
POST /auth/register- Register new user (rate limited: 5/min)POST /auth/login- User login (rate limited: 5/min)POST /auth/refresh- Refresh JWT tokens (rate limited: 10/min)POST /auth/forgot-password- Request password reset (rate limited: 3/min)POST /auth/reset-password- Reset password with OTP (rate limited: 5/min)POST /auth/logout- Logout and invalidate tokens
GET /users- Get all users (paginated)GET /users/:uuid- Get user by UUIDGET /profile- Get current user profile
GET /- Welcome messageGET /docs- Swagger documentation (development only)
src/
βββ auth/ # Authentication module
β βββ dto/ # Validation DTOs
β βββ guards/ # JWT authentication guards
β βββ strategies/ # Passport JWT strategy
β βββ auth.controller.ts # Auth endpoints with rate limiting
β βββ auth.service.ts # Authentication business logic
β βββ auth.module.ts # Auth module configuration
βββ common/ # Shared functionality
β βββ database/ # Database configuration
β βββ dto/ # Response DTOs
β βββ services/ # Common services
β βββ utils/ # Utility functions
β βββ interceptors/ # Request tracking
β βββ common.module.ts # Common module
βββ entities/ # Database entities
βββ users/ # User management
βββ main.ts # Application entry point
See env.secure for a complete template with security best practices.
- Development:
docker-compose.dev.yml - Production:
docker-compose.yml - Security: Database ports not exposed publicly
- Strong password requirements
- Rate limiting on all endpoints
- JWT security hardening
- CORS protection
- Security headers (Helmet.js)
- Input validation and sanitization
- Data redaction in logs
- Network isolation
- No weak fallbacks
- Secure authentication flow
- Swagger: Only enabled in development
- Logging: Sensitive data automatically redacted
- Validation: Strict input validation with class-validator
- Testing: Comprehensive test coverage
- Linting: ESLint with security-focused rules
- Follow security best practices
- Update security documentation
- Test all security features
- Review rate limiting configuration
- Validate input sanitization
This project is licensed under the MIT License - see the LICENSE file for details.
For security issues, please contact the development team directly.