id: shared-auth
Shared Authentication Module
Status ✅
Authentication module is implemented and shared across services.
Overview
The @kaido/utils package provides shared authentication utilities used across Ton Arcana services, ensuring consistent security patterns and reducing code duplication.
Features
Basic Auth Middleware
- Purpose: Protect admin routes and dashboards
- Implementation: NestJS middleware using basic-auth
- Configuration: Environment-based credentials
- Usage: Currently protecting BullMQ dashboards
JWT Authentication
- JWT token generation and validation
- Refresh token support
- Token blacklisting
- Role-based access control integration
Telegram Mini App Guard
- Validate Telegram Web App init data
- Hash validation with bot token
- User data extraction and verification
- Request expiration check
- Integration with NestJS guard system
NEXT_TASK: Implement JWT authentication module with token generation, validation, and refresh token support
Technical Implementation
@Injectable()
export class BasicAuthMiddleware implements NestMiddleware {
constructor(private configService: ConfigService) {}
use(req: Request, res: Response, next: NextFunction) {
const credentials = basicAuth(req);
// Validate against environment credentials
// ...
}
}
Configuration
Required environment variables:
ADMIN_USERNAME=your_admin_username
ADMIN_PASSWORD=your_admin_password
Usage Example
@Module({
imports: [
ConfigModule.forRoot(),
// ... other imports
],
})
export class AppModule implements NestModule {
configure(consumer: MiddlewareConsumer) {
consumer.apply(BasicAuthMiddleware).forRoutes('/protected');
}
}
Security Considerations
-
Environment Variables
- Use secure values in production
- Don't commit credentials to version control
- Consider using secrets management
-
Access Control
- Apply to sensitive routes only
- Use HTTPS in production
- Monitor access attempts
-
Error Handling
- Clear error messages
- Proper HTTP status codes
- Secure headers