From 412f4b6f6fdc4be647887419ee4e4f13d2d97906 Mon Sep 17 00:00:00 2001 From: psenderos Date: Sat, 24 Feb 2024 14:21:46 +0100 Subject: [PATCH] Update README --- README.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 51 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d4e2826..87c7834 100644 --- a/README.md +++ b/README.md @@ -74,10 +74,13 @@ custom transformations on the parsed access token. ## Authenticating users -You can authenticate users based on their role (or token type). -The library assumes that all access tokens contain a `tokenType` field. +You can authenticate users based on their role (or token type) or based on the permission. +The library assumes that all access tokens contain a `tokenType` field or a `permissions` array. Authentication can be applied on the class level or on the method level. +### @Authenticated +The library will check that the token type is equal with one of the roles declared in the decorator + ```typescript import { Authenticated } from "@moveaxlab/nestjs-security"; @@ -93,6 +96,39 @@ class MyController { } } ``` +### @HasPermission +The library will search for the required permission in the `permissions` array. + +```typescript +import { HasPermission } from "@moveaxlab/nestjs-security"; + +@HasPermission("myResource.read") +class MyController { + async firstMethod() { + // accessible to both admins and users + } + + @HasPermission("myResource.write") + async secondMethod() { + // only accessible to admins + } +} +``` + +The library also accept the wildcard `*` has permission, to check that the user has a valid accessToken, but without any required permission. + +```typescript +import { + HasPermission, +} from "@moveaxlab/nestjs-security"; + +@HasPermission("*") +class MyController { + async getMyProfile() { + // use the token here + } +} +``` ## Setting cookies @@ -191,11 +227,16 @@ You can access the parsed access token and refresh token inside your controllers and resolvers using decorators. ```typescript -import { Authenticated, AccessToken } from "@moveaxlab/nestjs-security"; +import { + Authenticated, + AccessToken, + HasPermission +} from "@moveaxlab/nestjs-security"; interface User { tokenType: "admin" | "user"; uid: string; + permission: string[]; // other information contained in the token } @@ -205,6 +246,13 @@ class MyController { // use the token here } } + +@HasPermission('myPermission') +class MySecondController { + async mySecondMethod(@AccessToken() token: User) { + // use the token here + } +} ``` The refresh token can be accessed via decorators when using cookies.