菜单
Add authentication to a NEAN project using Passport.js with JWT and optional OAuth.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | nean-add-auth |
| description | Add authentication to a NEAN project using Passport.js with JWT and optional OAuth. |
| argument-hint | [--providers local,google,github] [--with-refresh-tokens] |
| allowed-tools | Bash, Write, Read, Glob, Grep |
Add secure authentication to an existing NEAN project using Passport.js and JWT.
--providers <list> — Comma-separated providers (default: local)
local, google, github, discord--with-refresh-tokens — Enable refresh token rotation (recommended for production)libs/api/auth/
├── src/
│ ├── auth.module.ts # Auth module with guards
│ ├── auth.controller.ts # Login, register, refresh endpoints
│ ├── auth.service.ts # Auth logic
│ ├── strategies/
│ │ ├── jwt.strategy.ts # JWT validation
│ │ ├── jwt-refresh.strategy.ts # Refresh token (if enabled)
│ │ ├── local.strategy.ts # Username/password
│ │ ├── google.strategy.ts # (if selected)
│ │ └── github.strategy.ts # (if selected)
│ ├── guards/
│ │ ├── jwt-auth.guard.ts # Route protection
│ │ ├── local-auth.guard.ts # Login guard
│ │ └── roles.guard.ts # RBAC guard
│ ├── decorators/
│ │ ├── current-user.decorator.ts # Extract user from request
│ │ ├── public.decorator.ts # Mark route as public
│ │ └── roles.decorator.ts # Role requirements
│ └── index.ts
libs/api/database/src/entities/
├── user.entity.ts # User entity
└── refresh-token.entity.ts # (if --with-refresh-tokens)
libs/shared/types/src/
├── auth.dto.ts # Login, register, token DTOs
└── user.dto.ts # User response DTO
apps/web/src/app/auth/
├── auth.routes.ts # Auth routing
├── login/ # Login page
├── register/ # Registration page
├── callback/ # OAuth callback (if OAuth)
└── guards/
└── auth.guard.ts # Angular route guard
libs/web/auth/
├── src/
│ ├── auth.service.ts # Auth API calls
│ ├── auth.interceptor.ts # Attach JWT to requests
│ ├── auth.store.ts # NgRx auth state
│ └── index.ts
.env.example # Updated with auth vars
# JWT
JWT_SECRET= # Generate with: openssl rand -base64 64
JWT_EXPIRES_IN=15m
JWT_REFRESH_SECRET= # If using refresh tokens
JWT_REFRESH_EXPIRES_IN=7d
# OAuth (per provider)
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_CALLBACK_URL=http://localhost:3000/api/auth/google/callback
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_CALLBACK_URL=http://localhost:3000/api/auth/github/callback
@nestjs/passport, passport, passport-jwt, passport-local, bcrypt| Method | Endpoint | Description | Auth |
|---|---|---|---|
| POST | /api/auth/register | Create new account | No |
| POST | /api/auth/login | Login with credentials | No |
| POST | /api/auth/refresh | Refresh access token | No* |
| POST | /api/auth/logout | Invalidate tokens | Yes |
| GET | /api/auth/me | Get current user | Yes |
| GET | /api/auth/google | Start Google OAuth | No |
| GET | /api/auth/google/callback | Google callback | No |
*Refresh endpoint uses refresh token in httpOnly cookie
Apply JwtAuthGuard globally in main.ts or per-controller:
// Global (with @Public() decorator for exceptions)
app.useGlobalGuards(new JwtAuthGuard());
// Per-controller
@UseGuards(JwtAuthGuard)
@Controller('users')
export class UsersController {}
// Per-route
@UseGuards(JwtAuthGuard, RolesGuard)
@Roles('admin')
@Delete(':id')
delete() {}
@Controller('protected')
@UseGuards(JwtAuthGuard)
export class ProtectedController {
@Get('profile')
getProfile(@CurrentUser() user: User) {
return user;
}
}
@Component({...})
export class ProfileComponent {
private authStore = inject(AuthStore);
user = this.authStore.user;
isAuthenticated = this.authStore.isAuthenticated;
}
export const authGuard: CanActivateFn = () => {
const authStore = inject(AuthStore);
const router = inject(Router);
if (authStore.isAuthenticated()) {
return true;
}
return router.createUrlTree(['/auth/login']);
};
Summarize: providers configured, environment variables needed, protected routes, components available.
For templates and OAuth setup guides, see reference/nean-add-auth-reference.md
Scaffold a pnpm + Turborepo MERN monorepo with Next.js, tooling, tests, CI, and optional GitHub repo creation.
Configure GitHub repository security with branch protection, Dependabot, security scanning, and CI workflows. Integrates with mern-scaffold, nean-scaffold, and iOS projects.
Harden a Vercel deployment with security headers, CSP, bot protection, and deployment configuration
Add authentication to an iOS app with Sign in with Apple, biometrics, and Keychain storage.
Scaffold a new feature with View, ViewModel, and tests following ios-std conventions.
Review iOS code for compliance with standards, NFRs, and security policy.