القائمة
Add authentication to a NEAN project using Passport.js with JWT and optional OAuth.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Scaffold a pnpm + Turborepo MERN monorepo with Next.js, tooling, tests, CI, and optional GitHub repo creation.
Configure GitHub repository security with branch protection, Dependabot, security scanning, and CI workflows. Integrates with mern-scaffold, nean-scaffold, and iOS projects.
Harden a Vercel deployment with security headers, CSP, bot protection, and deployment configuration
Add authentication to an iOS app with Sign in with Apple, biometrics, and Keychain storage.
Scaffold a new feature with View, ViewModel, and tests following ios-std conventions.
Review iOS code for compliance with standards, NFRs, and security policy.
| name | nean-add-auth |
| description | Add authentication to a NEAN project using Passport.js with JWT and optional OAuth. |
| argument-hint | [--providers local,google,github] [--with-refresh-tokens] |
| allowed-tools | Bash, Write, Read, Glob, Grep |
Add secure authentication to an existing NEAN project using Passport.js and JWT.
--providers <list> — Comma-separated providers (default: local)
local, google, github, discord--with-refresh-tokens — Enable refresh token rotation (recommended for production)libs/api/auth/
├── src/
│ ├── auth.module.ts # Auth module with guards
│ ├── auth.controller.ts # Login, register, refresh endpoints
│ ├── auth.service.ts # Auth logic
│ ├── strategies/
│ │ ├── jwt.strategy.ts # JWT validation
│ │ ├── jwt-refresh.strategy.ts # Refresh token (if enabled)
│ │ ├── local.strategy.ts # Username/password
│ │ ├── google.strategy.ts # (if selected)
│ │ └── github.strategy.ts # (if selected)
│ ├── guards/
│ │ ├── jwt-auth.guard.ts # Route protection
│ │ ├── local-auth.guard.ts # Login guard
│ │ └── roles.guard.ts # RBAC guard
│ ├── decorators/
│ │ ├── current-user.decorator.ts # Extract user from request
│ │ ├── public.decorator.ts # Mark route as public
│ │ └── roles.decorator.ts # Role requirements
│ └── index.ts
libs/api/database/src/entities/
├── user.entity.ts # User entity
└── refresh-token.entity.ts # (if --with-refresh-tokens)
libs/shared/types/src/
├── auth.dto.ts # Login, register, token DTOs
└── user.dto.ts # User response DTO
apps/web/src/app/auth/
├── auth.routes.ts # Auth routing
├── login/ # Login page
├── register/ # Registration page
├── callback/ # OAuth callback (if OAuth)
└── guards/
└── auth.guard.ts # Angular route guard
libs/web/auth/
├── src/
│ ├── auth.service.ts # Auth API calls
│ ├── auth.interceptor.ts # Attach JWT to requests
│ ├── auth.store.ts # NgRx auth state
│ └── index.ts
.env.example # Updated with auth vars
# JWT
JWT_SECRET= # Generate with: openssl rand -base64 64
JWT_EXPIRES_IN=15m
JWT_REFRESH_SECRET= # If using refresh tokens
JWT_REFRESH_EXPIRES_IN=7d
# OAuth (per provider)
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_CALLBACK_URL=http://localhost:3000/api/auth/google/callback
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_CALLBACK_URL=http://localhost:3000/api/auth/github/callback
@nestjs/passport, passport, passport-jwt, passport-local, bcrypt| Method | Endpoint | Description | Auth |
|---|---|---|---|
| POST | /api/auth/register | Create new account | No |
| POST | /api/auth/login | Login with credentials | No |
| POST | /api/auth/refresh | Refresh access token | No* |
| POST | /api/auth/logout | Invalidate tokens | Yes |
| GET | /api/auth/me | Get current user | Yes |
| GET | /api/auth/google | Start Google OAuth | No |
| GET | /api/auth/google/callback | Google callback | No |
*Refresh endpoint uses refresh token in httpOnly cookie
Apply JwtAuthGuard globally in main.ts or per-controller:
// Global (with @Public() decorator for exceptions)
app.useGlobalGuards(new JwtAuthGuard());
// Per-controller
@UseGuards(JwtAuthGuard)
@Controller('users')
export class UsersController {}
// Per-route
@UseGuards(JwtAuthGuard, RolesGuard)
@Roles('admin')
@Delete(':id')
delete() {}
@Controller('protected')
@UseGuards(JwtAuthGuard)
export class ProtectedController {
@Get('profile')
getProfile(@CurrentUser() user: User) {
return user;
}
}
@Component({...})
export class ProfileComponent {
private authStore = inject(AuthStore);
user = this.authStore.user;
isAuthenticated = this.authStore.isAuthenticated;
}
export const authGuard: CanActivateFn = () => {
const authStore = inject(AuthStore);
const router = inject(Router);
if (authStore.isAuthenticated()) {
return true;
}
return router.createUrlTree(['/auth/login']);
};
Summarize: providers configured, environment variables needed, protected routes, components available.
For templates and OAuth setup guides, see reference/nean-add-auth-reference.md