Authentication

Eicrud handles the authentication of users in a global NestJS guard.

export class AuthenticationOptions {
  saltRounds = 11;
  saltRoundsAdmin = 14;
  verificationEmailTimeoutHours = 6;
  twoFaEmailTimeoutMinutes = 15;
  passwordResetEmailTimeoutHours = 6;
  passwordMaxLength = 64;
  userFieldsInJwtPayload = ['rvkd'];
  fieldsThatResetRevokedCount = ['password', 'email'];
  username_field = 'email';
  renewJwt = false;
  minTimeBetweenLoginAttempsMs: number = 600;
  maxJwtexpiresInSec = 60*60*24*30; //30 days
  extractUserOnRoutes: string[] = [];
  resetTokenLength: number = 17;
}

Options are passed to the CrudConfigService.

eicrud.config.service.ts

import { AuthenticationOptions } from '@eicrud/core/authentication';

const authenticationOptions = new AuthenticationOptions();

@Injectable()
export class MyConfigService extends CrudConfigService {
    constructor(/* ... */) {
        super({ authenticationOptions, /* ... */})
    }
    //..
}

Custom routes

By default, Eicrud doesn't check the JWT token on non /crud routes. You can specify extractUserOnRoutes to change that behavior.

authenticationOptions.extractUserOnRoutes = ['my-custom-route']

You can then retrieve the user in a NestJS controller.

import { CrudContext } from "@eicrud/core/crud";
import { Context } from "@eicrud/core/authentication";
import { Get, Query } from '@nestjs/common';

// ...

@Get('my-custom-route')
async get(@Query() query, @Context() ctx: CrudContext) {
    const user = ctx.user;
}

Note

When calling your route, the JWT token must be present in the request headers (as a Cookie or in the authorization header).

Authorization: Bearer <token>;

If your JWT is stored in an httpOnly cookie, the eicrud-csrf cookie (obtained during authentication) must be provided. You must provide it as a cookie and as a custom header of the same name to satisfy the Double-submit Cookie Pattern,