add-nest-auth 1.0.0

package/dist/generator/templates/jwt/local-auth.guard.ts.hbs

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class LocalAuthGuard extends AuthGuard('local') {}

package/dist/generator/templates/jwt/local.strategy.ts.hbs

@@ -0,0 +1,22 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { Strategy } from 'passport-local';
+import { AuthService } from '../auth.service';
+
+@Injectable()
+export class LocalStrategy extends PassportStrategy(Strategy) {
+  constructor(private authService: AuthService) {
+    super({
+      usernameField: 'email',
+      passwordField: 'password',
+    });
+  }
+
+  async validate(email: string, password: string): Promise<any> {
+    const user = await this.authService.validateUser(email, password);
+    if (!user) {
+      throw new UnauthorizedException('Invalid credentials');
+    }
+    return user;
+  }
+}

package/dist/generator/templates/rbac/role.enum.ts.hbs

@@ -0,0 +1,5 @@
+export enum Role {
+{{#each rbac.roles}}
+  {{uppercase this}} = '{{this}}',
+{{/each}}
+}

package/dist/generator/templates/rbac/roles.guard.ts.hbs

@@ -0,0 +1,22 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { ROLES_KEY } from '../decorators/roles.decorator';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const requiredRoles = this.reflector.getAllAndOverride<string[]>(ROLES_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (!requiredRoles) {
+      return true;
+    }
+
+    const { user } = context.switchToHttp().getRequest();
+    return requiredRoles.some((role) => user.roles?.includes(role));
+  }
+}

package/dist/generator/templates/shared/README.auth.md.hbs

@@ -0,0 +1,283 @@
+# Authentication Module
+
+Generated by **add-nest-auth** on {{timestamp}}
+
+## Overview
+
+This authentication module provides:
+- ✅ JWT-based authentication
+{{#if rbac.enabled}}
+- ✅ Role-Based Access Control (RBAC)
+{{/if}}
+{{#if features.refreshTokens}}
+- ✅ Refresh token rotation
+{{/if}}
+- ✅ Password hashing with bcrypt
+- ✅ Request validation with class-validator
+{{#if (eq orm "typeorm")}}
+- ✅ TypeORM integration
+{{/if}}
+
+## Endpoints
+
+### Public Endpoints (No authentication required)
+
+#### POST /auth/register
+Register a new user.
+
+**Request body:**
+```json
+{
+  "email": "user@example.com",
+  "password": "your-password"
+}
+```
+
+**Response:**
+```json
+{
+  "accessToken": "eyJhbGciOiJIUzI1NiIs...",
+{{#if features.refreshTokens}}
+  "refreshToken": "eyJhbGciOiJIUzI1NiIs...",
+{{/if}}
+  "user": {
+    "id": "uuid",
+    "email": "user@example.com"{{#if rbac.enabled}},
+    "roles": ["User"]{{/if}}
+  }
+}
+```
+
+#### POST /auth/login
+Login with existing credentials.
+
+**Request body:**
+```json
+{
+  "email": "user@example.com",
+  "password": "your-password"
+}
+```
+
+**Response:** Same as register
+
+{{#if features.refreshTokens}}
+#### POST /auth/refresh
+Refresh access token using refresh token.
+
+**Request body:**
+```json
+{
+  "refreshToken": "eyJhbGciOiJIUzI1NiIs..."
+}
+```
+
+**Response:**
+```json
+{
+  "accessToken": "eyJhbGciOiJIUzI1NiIs..."
+}
+```
+{{/if}}
+
+### Protected Endpoints (Authentication required)
+
+#### GET /users/profile
+Get current user profile.
+
+**Headers:**
+```
+Authorization: Bearer <accessToken>
+```
+
+**Response:**
+```json
+{
+  "id": "uuid",
+  "email": "user@example.com"{{#if rbac.enabled}},
+  "roles": ["User"]{{/if}}
+}
+```
+
+{{#if rbac.enabled}}
+#### GET /users (Admin only)
+Get all users.
+
+**Headers:**
+```
+Authorization: Bearer <accessToken>
+```
+
+**Response:**
+```json
+[
+  {
+    "id": "uuid",
+    "email": "user@example.com",
+    "roles": ["User"],
+    "createdAt": "2026-01-01T00:00:00.000Z"
+  }
+]
+```
+{{/if}}
+
+## Usage
+
+### Protect Routes
+
+By default, all routes require authentication. Use the `@Public()` decorator to make routes public:
+
+```typescript
+import { Public } from './auth/decorators/public.decorator';
+
+@Public()
+@Get('public')
+getPublicData() {
+  return 'This endpoint is public';
+}
+```
+
+### Get Current User
+
+Use the `@CurrentUser()` decorator to access the authenticated user:
+
+```typescript
+import { CurrentUser } from './auth/decorators/current-user.decorator';
+
+@Get('me')
+getMe(@CurrentUser() user: any) {
+  return user;
+}
+```
+
+{{#if rbac.enabled}}
+### Role-Based Access Control
+
+Use the `@Roles()` decorator to restrict access by role:
+
+```typescript
+import { Roles } from './auth/decorators/roles.decorator';
+import { RolesGuard } from './auth/guards/roles.guard';
+
+@UseGuards(JwtAuthGuard, RolesGuard)
+@Roles('Admin')
+@Get('admin-only')
+adminOnlyRoute() {
+  return 'Only admins can see this';
+}
+```
+
+Available roles: {{#each rbac.roles}}{{this}}{{#unless @last}}, {{/unless}}{{/each}}
+{{/if}}
+
+## Environment Variables
+
+Copy `.env.example` to `.env` and update the values:
+
+```bash
+cp .env.example .env
+```
+
+Required variables:
+- `JWT_SECRET` - Secret key for JWT signing (auto-generated, but you can change it)
+- `JWT_EXPIRES_IN` - Access token expiration (e.g., "1h", "15m")
+{{#if features.refreshTokens}}
+- `JWT_REFRESH_EXPIRES_IN` - Refresh token expiration (e.g., "7d")
+{{/if}}
+{{#if (eq orm "typeorm")}}
+- `DATABASE_*` - Database connection details
+{{/if}}
+
+{{#if (eq orm "typeorm")}}
+## Database Setup
+
+### Create Migration
+
+Generate a migration for the auth tables:
+
+```bash
+npm run migration:generate -- src/migrations/CreateAuthTables
+```
+
+### Run Migration
+
+Apply the migration:
+
+```bash
+npm run migration:run
+```
+
+### Revert Migration
+
+Rollback the migration:
+
+```bash
+npm run migration:revert
+```
+{{/if}}
+
+## Security Best Practices
+
+1. **Never commit .env file** - It contains sensitive secrets
+2. **Use strong JWT secrets** - At least 32 characters, random
+3. **HTTPS in production** - Always use HTTPS to protect tokens
+4. **Short token expiration** - Keep access tokens short-lived
+{{#if features.refreshTokens}}
+5. **Rotate refresh tokens** - Refresh tokens are automatically rotated
+{{/if}}
+6. **Rate limiting** - Add rate limiting to auth endpoints
+7. **Password requirements** - Enforce strong password policies
+
+## Testing
+
+### Register a User
+
+```bash
+curl -X POST http://localhost:3000/auth/register \
+  -H "Content-Type: application/json" \
+  -d '{"email":"test@example.com","password":"Password123!"}'
+```
+
+### Login
+
+```bash
+curl -X POST http://localhost:3000/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{"email":"test@example.com","password":"Password123!"}'
+```
+
+### Access Protected Route
+
+```bash
+curl http://localhost:3000/users/profile \
+  -H "Authorization: Bearer <your-access-token>"
+```
+
+## Troubleshooting
+
+### "JWT secret not found"
+Make sure `.env` file exists and contains `JWT_SECRET`.
+
+### "Database connection failed"
+Check your database is running and credentials in `.env` are correct.
+
+### "Invalid credentials"
+Ensure email and password are correct. Passwords are case-sensitive.
+
+{{#if (eq orm "typeorm")}}
+### "Entity not found"
+Run migrations: `npm run migration:run`
+{{/if}}
+
+## Documentation
+
+- [NestJS Authentication](https://docs.nestjs.com/security/authentication)
+- [Passport.js](http://www.passportjs.org/)
+- [JWT](https://jwt.io/)
+{{#if (eq orm "typeorm")}}
+- [TypeORM](https://typeorm.io/)
+{{/if}}
+
+---
+
+Generated with ❤️ by [add-nest-auth](https://github.com/yourusername/add-nest-auth)

package/dist/generator/templates/shared/env.template.hbs

@@ -0,0 +1,29 @@
+# JWT Configuration
+JWT_SECRET={{jwt.secret}}
+JWT_EXPIRES_IN={{jwt.accessExpiration}}
+{{#if features.refreshTokens}}
+JWT_REFRESH_EXPIRES_IN={{jwt.refreshExpiration}}
+{{/if}}
+
+# Database Configuration
+{{#if (eq database "postgres")}}
+DATABASE_HOST=localhost
+DATABASE_PORT=5432
+DATABASE_USER=postgres
+DATABASE_PASSWORD=postgres
+DATABASE_NAME={{projectName}}
+{{/if}}
+{{#if (eq database "mysql")}}
+DATABASE_HOST=localhost
+DATABASE_PORT=3306
+DATABASE_USER=root
+DATABASE_PASSWORD=root
+DATABASE_NAME={{projectName}}
+{{/if}}
+{{#if (eq database "mongodb")}}
+MONGODB_URI=mongodb://localhost:27017/{{projectName}}
+{{/if}}
+
+# Application
+NODE_ENV=development
+PORT=3000

package/dist/generator/templates/users/users.controller.ts.hbs

@@ -0,0 +1,31 @@
+import { Controller, Get{{#if rbac.enabled}}, UseGuards{{/if}} } from '@nestjs/common';
+{{#if rbac.enabled}}
+import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../auth/guards/roles.guard';
+import { Roles } from '../auth/decorators/roles.decorator';
+{{/if}}
+import { CurrentUser } from '../auth/decorators/current-user.decorator';
+import { UsersService } from './users.service';
+
+@Controller('users')
+{{#if rbac.enabled}}
+@UseGuards(JwtAuthGuard, RolesGuard)
+{{else}}
+@UseGuards(JwtAuthGuard)
+{{/if}}
+export class UsersController {
+  constructor(private readonly usersService: UsersService) {}
+
+  @Get('profile')
+  getProfile(@CurrentUser() user: any) {
+    return user;
+  }
+
+{{#if rbac.enabled}}
+  @Get()
+  @Roles('Admin')
+  findAll() {
+    return this.usersService.findAll();
+  }
+{{/if}}
+}

package/dist/generator/templates/users/users.module.ts.hbs

@@ -0,0 +1,27 @@
+import { Module } from '@nestjs/common';
+{{#if (eq orm "typeorm")}}
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from './entities/user.entity';
+{{#if features.refreshTokens}}
+import { RefreshToken } from './entities/refresh-token.entity';
+{{/if}}
+{{/if}}
+import { UsersService } from './users.service';
+import { UsersController } from './users.controller';
+
+@Module({
+{{#if (eq orm "typeorm")}}
+  imports: [
+    TypeOrmModule.forFeature([
+      User,
+{{#if features.refreshTokens}}
+      RefreshToken,
+{{/if}}
+    ]),
+  ],
+{{/if}}
+  controllers: [UsersController],
+  providers: [UsersService],
+  exports: [UsersService],
+})
+export class UsersModule {}

package/dist/generator/templates/users/users.service.ts.hbs

@@ -0,0 +1,93 @@
+import { Injectable, ConflictException, NotFoundException } from '@nestjs/common';
+{{#if (eq orm "typeorm")}}
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { User } from './entities/user.entity';
+{{/if}}
+import { CreateUserDto } from '../auth/dto/create-user.dto';
+
+@Injectable()
+export class UsersService {
+{{#if (eq orm "typeorm")}}
+  constructor(
+    @InjectRepository(User)
+    private usersRepository: Repository<User>,
+  ) {}
+
+  /**
+   * Create a new user
+   */
+  async create(createUserDto: CreateUserDto): Promise<User> {
+    // Check if user already exists
+    const existingUser = await this.usersRepository.findOne({
+      where: { email: createUserDto.email },
+    });
+
+    if (existingUser) {
+      throw new ConflictException('User with this email already exists');
+    }
+
+    const user = this.usersRepository.create(createUserDto);
+    return await this.usersRepository.save(user);
+  }
+
+  /**
+   * Find user by email
+   */
+  async findByEmail(email: string): Promise<User | null> {
+    return await this.usersRepository.findOne({
+      where: { email },
+    });
+  }
+
+  /**
+   * Find user by ID
+   */
+  async findById(id: string): Promise<User | null> {
+    return await this.usersRepository.findOne({
+      where: { id },
+    });
+  }
+
+  /**
+   * Find all users
+   */
+  async findAll(): Promise<User[]> {
+    return await this.usersRepository.find({
+      select: ['id', 'email'{{#if rbac.enabled}}, 'roles'{{/if}}, 'createdAt'],
+    });
+  }
+{{else}}
+  /**
+   * Create a new user
+   * TODO: Implement with your ORM
+   */
+  async create(createUserDto: CreateUserDto): Promise<any> {
+    throw new Error('Not implemented');
+  }
+
+  /**
+   * Find user by email
+   * TODO: Implement with your ORM
+   */
+  async findByEmail(email: string): Promise<any> {
+    throw new Error('Not implemented');
+  }
+
+  /**
+   * Find user by ID
+   * TODO: Implement with your ORM
+   */
+  async findById(id: string): Promise<any> {
+    throw new Error('Not implemented');
+  }
+
+  /**
+   * Find all users
+   * TODO: Implement with your ORM
+   */
+  async findAll(): Promise<any[]> {
+    throw new Error('Not implemented');
+  }
+{{/if}}
+}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Main CLI orchestrator
+ */
+declare function run(cwd?: string): Promise<void>;
+
+export { run };