Authentication
Eicrud handles the authentication of users in a global NestJS guard.
export class AuthenticationOptions {
saltRounds = 11;
saltRoundsAdmin = 14;
verificationEmailTimeoutHours = 6;
twoFaEmailTimeoutMinutes = 15;
passwordResetEmailTimeoutHours = 6;
passwordMaxLength = 64;
userFieldsInJwtPayload = ['rvkd'];
fieldsThatResetRevokedCount = ['password', 'email'];
username_field = 'email';
renewJwt = false;
minTimeBetweenLoginAttempsMs: number = 600;
maxJwtexpiresInSec = 60*60*24*30; //30 days
extractUserOnRoutes: string[] = [];
resetTokenLength: number = 17;
}
Options are passed to the CrudConfigService.
eicrud.config.service.ts
import { AuthenticationOptions } from '@eicrud/core/authentication';
const authenticationOptions = new AuthenticationOptions();
@Injectable()
export class MyConfigService extends CrudConfigService {
constructor(/* ... */) {
super({ authenticationOptions, /* ... */})
}
//..
}
Custom routes
By default, Eicrud doesn't check the JWT token on non /crud
routes. You can specify extractUserOnRoutes
to change that behavior.
import { CrudContext } from "@eicrud/core/crud";
import { Context } from "@eicrud/core/authentication";
import { Get, Query } from '@nestjs/common';
// ...
@Get('my-custom-route')
async get(@Query() query, @Context() ctx: CrudContext) {
const user = ctx.user;
}
Note
When calling your route, the JWT token must be present in the request headers (as a Cookie or in the authorization header).
If your JWT is stored in an httpOnly
cookie, the eicrud-csrf
cookie (obtained during authentication) must be provided. You must provide it as a cookie and as a custom header of the same name to satisfy the Double-submit Cookie Pattern,