NestJS Unleashed
  • Introduction
    • Prerequisites
    • Necessary tools
    • Upgrading packages (ncu)
      • NestJS v9 -> v10
      • NestJS v10 -> v11
    • UPDATES
      • 1.1
      • 1.2
  • Core module - Backend Development with NestJS
    • Project creation
    • Basic configuration
    • User entity
    • Validation
      • Basic validation
      • More specific validation
      • Validation pipe options
      • Id validation
      • Options dedicated file
    • Database creation with Docker
    • TypeORM Integration
      • Database connection
      • Entity mapping
      • Migrations
      • Repository pattern
    • Pagination
    • DTO Limitations
    • Decorator composition
    • Configuration
      • Environment variables
      • Availability and validation
      • Using the variables
      • Configuration namespace and partial registration
      • Reducing boilerplate
      • Further improvements
        • Env vars in main file
        • Generating database url in codebase
    • Remaining domain
      • Entities
        • Order
        • Payment
        • Category
        • Product
        • Order Item
      • Logic
        • Category
        • Product
        • Entity validation
          • Nested validation
          • Function overload
        • Order
        • Exposing get fields
        • Payment
    • Seeding
  • Closing
  • Improvements/Tips module
    • Improvements
      • Soft delete
        • Fix - Boolean casting
        • Soft delete
        • Recover
      • Password validation
        • Regex pattern
        • Custom validator
        • Multiple validations
    • Tips
      • CORS
      • Helmet
      • UUID
  • Extra module 1 - Authentication/Authorization
    • Password hashing
      • Basic solution
      • Abstract service
      • Event listener
    • Excluding password
    • Authentication
      • Local strategy
      • Request user decorator
      • Request user interface
      • Validation middleware
      • JWT strategy
      • Public routes
    • Authorization
      • Role
      • Insert admin migration
      • Assign role route
      • Storing role in request user
      • Requiring permissions
      • Forbid empty arrays
      • More authorization checks
    • Rate limiting
    • Fix - Recover route
  • Extra module 2 - Exception Filters
    • NotFound exception filter
      • Filter basic structure
      • Error structure
      • Extracting message data
      • Response setup
    • Database exception filter
      • Basic setup
      • Creating error data
      • Last steps
  • Extra module 3 - OpenAPI Specification
    • Base document
    • Swagger CLI plugin
    • Swagger mapped types
    • Detecting optional fields
    • File name suffixes
    • Comments introspection
    • Api decorators
    • Enabling authentication
    • Discovery service
    • Limitation - Innacurate response schema
  • Extra module 4 - File Management
    • Basic file route
    • File validation
      • Validating size and extensions
      • Factory function for file validators
      • Fix - Converting file types to media types
      • Accepting file array
      • Validating file signature
    • File logic
      • Storage service
      • More util methods
      • Product-related logic
        • Controller routes
        • Service logic
        • Fetching products with filenames
      • Serve static
    • More features
      • Files exception filter
      • Documenting files routes
      • Tip - Extract body from multipart formdata
  • Extra module 5 - Advanced Querying
    • Pagination
      • Find and count
      • Querying structure
      • Metadata field
      • Documenting paginated responses
    • Filtering and sorting
      • DTO Orchestration
      • Everything at once
      • Encapsulating text filter
      • Filter operators
  • Extra module 6 - Automated Testing
    • Jest configuration
    • Simple resource
    • Unit tests
      • Some theory & First test
      • Mocks
      • Remaining service tests
      • Controller tests
    • e2e tests
      • Better test readability
      • Simulated environment
      • Testing entire flows
  • Parallel module - Prisma
    • Integration with Prisma/Docker
    • User model
    • User logic
    • Error Handling
    • Remaining domain
      • Models
        • Order
        • Payment
        • Category
        • Product
        • Order Item
      • Logic
        • Category
        • Product
        • Order
        • Payment
    • Seeding
    • Tip - Serialization
  • Further Improvements
    • More validations
    • Sending emails
    • Health checks
    • Cron jobs
Powered by GitBook
On this page
  1. Extra module 1 - Authentication/Authorization
  2. Password hashing

Abstract service

Now let's decouple this functionality into its own service.

It would be interesting to isolate this logic from the UsersService into a more appropriate place. This elegant solution was extracted from an official NestJS course lesson.

First of all, let's create a resource to deal with everything pertaining to authentication/authorization and security in general. Choose no to CRUD entry points.

nest g res auth

Now, let's create a service for hashing.

nest g s auth/hashing

We now have a service for this purpose. However, it won't be here that we'll implement the logic. This will be an abstract class that will only containt the methods' signatures. We do this to achieve lesser code coupling.

@Injectable()
export abstract class HashingService {
  abstract hash(data: string | Buffer): Promise<string>;
  abstract compare(data: string | Buffer, encrypted: string): Promise<boolean>;
}

The second method is for comparing a received password with the hash, for example in a login attempt. But it will be further explored in a future moment.

We prefix the class and its methods with the abstract keyword to indicate that they should be implemented and thus cannot be directly used.

We'll now create the service that contains the actual logic, in this case related to bcrypt.

nest g s auth/hashing/bcrypt --flat

The --flat flag prevents creating a folder to hold the generated files.

This service should implement the abstract one. With this, we separate declaration from definition.

@Injectable()
export class BcryptService implements HashingService {
  async hash(data: string | Buffer) {
    const salt = await genSalt();
    return hash(data, salt);
  }

  compare(data: string | Buffer, encrypted: string) {
    return compare(data, encrypted);
  }
}

After generating both services, the AuthModule will have added them in its providers in the standard fashion. However, this is not correct, as the abstract service should not be directly used. You can even notice an error. What should be done instead is to use the interface of the abstract class but with a reference to the concrete class. This allows for lesser coupling.

{
  provide: HashingService,
  useClass: BcryptService,
},

Lastly, we should add the HashingService to the exports, and also add the AuthModule to the imports of the UsersModule, so that its context can use this service. After that, remove that private method from the UsersService and inject the HashingService here, to use its method instead.

In the next section, we'll learn an approach that allows to put the hashing logic involving the password itself, elsewhere.

Commit - Hashing service as abstract class

PreviousBasic solutionNextEvent listener

Last updated 2 months ago