The latest articles on DEV Community by zenstok (@zenstok). https://dev.to/zenstok https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1090994%2F2a525e82-aae5-4b5b-b7ec-2101c4e91f91.png https://dev.to/zenstok en zenstok Mon, 16 Jun 2025 08:19:31 +0000 https://dev.to/zenstok/m3u8-to-mp4-the-easiest-way-to-convert-videos-instantly-privately-4j3b https://dev.to/zenstok/m3u8-to-mp4-the-easiest-way-to-convert-videos-instantly-privately-4j3b <p>You’ve been there.<br><br> You find the perfect video, try to download it... and what do you get? A weird <code>.m3u8</code> file. No MP4. No playback. Just confusion. </p> <p>We get it — it’s frustrating. That’s why we built a better way.</p> <h2> 🚀 Introducing: Instant M3U8 to MP4 Conversion </h2> <p><strong>No installs. No extensions. No waiting. Just your browser.</strong><br><br> Paste a link. Get your MP4. That’s it.</p> <h3> Here’s why it hits different: </h3> <ul> <li>✅ <strong>100% free</strong> — and always will be </li> <li>✅ <strong>Unlimited conversions</strong> — as long as your browser can handle it </li> <li>✅ <strong>No file size limits</strong> — works even for big videos </li> <li>✅ <strong>Works in-browser</strong> — no downloads, no setup </li> <li>✅ <strong>Lightning fast</strong> — converts in seconds </li> </ul> <h3> 🔒 Privacy-First, No Exceptions </h3> <p>We don’t see your files. Everything happens <em>locally</em>, right inside your browser tab. </p> <ul> <li>No uploads </li> <li>No snooping </li> <li>No third-party servers </li> <li>Zero data exposure </li> </ul> <p><strong>You keep your files. We just help you convert them — fast.</strong></p> <h3> 📦 Got a <code>.zip</code> of the playlist files instead of a link? </h3> <p>No problem. Drop it in. You’ll still get an MP4.</p> <p><strong>Try it now → <a href="https://www.m3u8-to-mp4-converter.com/" rel="noopener noreferrer">https://www.m3u8-to-mp4-converter.com/</a></strong><br><br> And yes — it really is <em>that</em> simple.</p> zenstok Fri, 01 Nov 2024 08:59:29 +0000 https://dev.to/zenstok/how-to-avoid-the-single-threaded-trap-in-javascript-12ih https://dev.to/zenstok/how-to-avoid-the-single-threaded-trap-in-javascript-12ih <p>JavaScript is often described as <strong>single-threaded</strong>, which means it executes one task at a time. But does this imply that every piece of code runs in complete isolation, with no ability to handle other tasks while waiting for asynchronous operations like HTTP responses or database requests? The answer is <strong>no!</strong> In fact, JavaScript’s event loop and promises allow it to handle asynchronous tasks efficiently while other code continues to run.</p> <p>The truth is javascript <strong>is indeed single-threaded</strong>, however, misunderstanding how this works can lead to common pitfalls. One such trap is managing asynchronous operations like API requests, especially when trying to control access to shared resources without causing race conditions. Let's explore a real-world example and see how poor implementation can lead to serious bugs.</p> <p><em>I encountered <strong>a bug</strong> in an application that required logging into a backend service to update data. Upon logging in, the app would receive an access token with a specified expiration date. Once this expiration date passed, we needed to re-authenticate before making any new requests to the update endpoint. The challenge arose because the login endpoint was throttled to a maximum of one request every five minutes, while the update endpoint needed to be called more frequently within that same five-minute window. It was critical for the logic to function correctly, yet the login endpoint was <strong>occasionally triggered multiple times</strong> within the five-minute interval, leading to the update endpoint failing to work. While there were times when everything functioned as expected, this intermittent bug presented a more serious risk, as it could give a <strong>false sense of security</strong> at first, making it seem like the system was operating properly.</em></p> <p>To illustrate this example, we're using a very basic NestJS app that includes the following services:</p> <ul> <li> <strong>AppService</strong>: Acts as a controller to simulate two variants— the bad version, which sometimes works and sometimes doesn't, and the good version, which is guaranteed to always function properly.</li> <li> <strong>BadAuthenticationService</strong>: Implementation for the bad version.</li> <li> <strong>GoodAuthenticationService</strong>: Implementation for the good version.</li> <li> <strong>AbstractAuthenticationService</strong>: Class responsible for maintaining the shared state between the GoodAuthenticationService and BadAuthenticationService.</li> <li> <strong>LoginThrottleService</strong>: Class that simulates the throttling mechanism of the login endpoint for the backend service.</li> <li> <strong>MockHttpService</strong>: Class that helps simulate HTTP requests.</li> <li> <strong>MockAwsCloudwatchApiService</strong>: Simulates an API call to the AWS CloudWatch logging system.</li> </ul> <p>I won't show the code for all these classes here; you can find it directly in the <a href="https://github.com/zenstok/nestjs-singlethread-trap" rel="noopener noreferrer">GitHub repository</a>. Instead, I will focus specifically on the logic and what needs to be changed for it to work correctly.</p> <p>The Bad Approach:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BadAuthenticationService</span> <span class="kd">extends</span> <span class="nc">AbstractAuthenticationService</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">loginToBackendService</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">loginInProgress</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="c1">// this is BAD, we are inside a promise, it's asynchronous. it's not synchronous, javascript can execute it whenever it wants</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">firstValueFrom</span><span class="p">(</span> <span class="k">this</span><span class="p">.</span><span class="nx">httpService</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s2">`https://backend-service.com/login`</span><span class="p">,</span> <span class="p">{</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">loginInProgress</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">route</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">data</span><span class="p">?:</span> <span class="nx">unknown</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">loginInProgress</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">1000</span><span class="p">));</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">route</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">awsCloudwatchApiService</span><span class="p">.</span><span class="nf">logLoginCallAttempt</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">loginData</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">loginToBackendService</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="nx">loginData</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span><span class="p">);</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">firstValueFrom</span><span class="p">(</span> <span class="k">this</span><span class="p">.</span><span class="nx">httpService</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s2">`https://backend-service.com</span><span class="p">${</span><span class="nx">route</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">data</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">statusCode</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">route</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span><span class="p">);</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Why This Is a Bad Approach: </h3> <p>In the <code>BadAuthenticationService</code>, the method <code>loginToBackendService</code> sets <code>this.loginInProgress</code> to <code>true</code> when initiating a login request. However, since this method is asynchronous, it does not guarantee that the login status will be updated immediately. This could lead to multiple concurrent calls to the login endpoint within the throttling limit.<br> When <code>sendProtectedRequest</code> detects that the access token is absent, it checks if a login is in progress. If it is, the function waits for a second and then retries. However, if another request comes in during this time, it can trigger additional login attempts. This can lead to multiple calls to the login endpoint, which is throttled to allow only one call every minute. As a result, the update endpoint may fail intermittently, causing unpredictable behavior and a false sense of security when the system appears to be functioning properly at times.</p> <p>In summary, the problem lies in the <strong>improper handling of asynchronous operations</strong>, which leads to potential race conditions that can break the logic of the application.</p> <h3> The Good Approach: </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">GoodAuthenticationService</span> <span class="kd">extends</span> <span class="nc">AbstractAuthenticationService</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">loginToBackendService</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">firstValueFrom</span><span class="p">(</span> <span class="k">this</span><span class="p">.</span><span class="nx">httpService</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s2">`https://backend-service.com/login`</span><span class="p">,</span> <span class="p">{</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">loginInProgress</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">route</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">data</span><span class="p">?:</span> <span class="nx">unknown</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">loginInProgress</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">1000</span><span class="p">));</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">route</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Critical: Set the flag before ANY promise call</span> <span class="k">this</span><span class="p">.</span><span class="nx">loginInProgress</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">awsCloudwatchApiService</span><span class="p">.</span><span class="nf">logLoginCallAttempt</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">loginData</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">loginToBackendService</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="nx">loginData</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span><span class="p">);</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">firstValueFrom</span><span class="p">(</span> <span class="k">this</span><span class="p">.</span><span class="nx">httpService</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s2">`https://backend-service.com</span><span class="p">${</span><span class="nx">route</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">data</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">statusCode</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">route</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span><span class="p">);</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Why This Is a Good Approach: </h3> <p>In the <code>GoodAuthenticationService</code>, the <code>loginToBackendService</code> method is structured to handle the login logic efficiently. The key improvement is the management of the <code>loginInProgress</code> flag. It is set <strong>after</strong> confirming that an access token is absent and <strong>before</strong> any asynchronous operations begin. This ensures that once a login attempt is initiated, no other login calls can be made concurrently, effectively preventing multiple requests to the throttled login endpoint.</p> <h3> Demo Instructions </h3> <h4> Clone the Repository: </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/zenstok/nestjs-singlethread-trap.git </code></pre> </div> <h4> Install the Necessary Dependencies: </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>nestjs-singlethread-trap npm <span class="nb">install</span> </code></pre> </div> <h4> Run the Application: </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run start </code></pre> </div> <h4> Simulate requests: </h4> <ul> <li>To simulate two requests with the <strong>bad version</strong>, call: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:3000/simulate-2-requests-bad-version </code></pre> </div> <p>To simulate two requests with the <strong>good version</strong>, call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:3000/simulate-2-requests-good-version </code></pre> </div> <h3> Conclusion: Avoiding JavaScript's Single-Threaded Pitfalls </h3> <p>While JavaScript is single-threaded, it can handle asynchronous tasks like HTTP requests efficiently using promises and the event loop. However, improper handling of these promises, particularly in scenarios involving shared resources (like tokens), can lead to race conditions and duplicate actions.<br> The key takeaway is to synchronize asynchronous actions like logins to avoid such traps. Always ensure that your code is aware of ongoing processes and handles requests in a way that guarantees proper sequencing, even when JavaScript is multitasking behind the scenes.</p> <p>If you haven't already joined the <a href="https://discord.com/invite/qum7KGX3" rel="noopener noreferrer">Rabbit Byte Club</a>, now is your chance to hop into a thriving community of software enthusiasts, tech founders, and non-tech founders. Together, we share knowledge, learn from each other, and prepare to build the next big startup. Join us today and be part of an exciting journey towards innovation and growth!</p> javascript nestjs webdev programming zenstok Mon, 28 Oct 2024 09:11:46 +0000 https://dev.to/zenstok/introducing-rabbit-byte-club-discord-community-4jpf https://dev.to/zenstok/introducing-rabbit-byte-club-discord-community-4jpf <p>🚀 Exciting News! Rabbit Byte Club Has Launched!</p> <p>I’m thrilled to announce the start of Rabbit Byte Club’s community on Discord! For anyone passionate about software development, business, and tech innovation, this is your chance to join a community dedicated to elevating global software quality through shared ideas and expertise.</p> <p>🎁 Early Member Benefits:<br> Lifetime Access: The first 50 members who join the Rabbit Byte Discord community will receive lifetime access to my future paid articles on <a href="https://rabbitbyte.club" rel="noopener noreferrer">RabbitByte.club</a>, completely free of charge!<br> Exclusive Support: Direct access to me to discuss your software ideas, challenges, and questions. I’ll be offering my time to help you solve issues, all for free.</p> <p>🌟 Invest Early, Reap the Benefits! <br> With over 25,000 views on my posts, I’m excited to launch Rabbit Byte Club’s premium mentorship packages starting at 50 EUR for 30 minutes or 80 EUR for an hour. If you are among the first 5 people to join the Discord community and subscribe to the newsletter on RabbitByte.club, you’ll receive a free 30-minute consultation each month, valued at 50 EUR! This means you can gain up to 600 EUR in value each year at no cost, as long as the mentorship program is in place. Whether you’re a tech founder, a software engineer facing complex issues, or a non-tech founder looking to build your software vision, I’ll be there to support you.<br> Starting November 1st, 1:1 mentoring sessions will be open for booking, and subscriptions will be available. Spots are limited, so make sure to grab yours early!<br> Join us today on Discord and secure your place in a growing community where ideas, expertise, and resources are shared freely to foster innovation.</p> <p>Let’s build something amazing together!<br> Community link: <a href="https://discord.com/invite/qum7KGX3" rel="noopener noreferrer">https://discord.com/invite/qum7KGX3</a></p> rabbitbyteclub softwarecommunity softwareengineering mentorship zenstok Sun, 06 Oct 2024 15:26:44 +0000 https://dev.to/zenstok/how-to-create-and-download-files-of-unlimited-size-in-nodejsnestjs-48al https://dev.to/zenstok/how-to-create-and-download-files-of-unlimited-size-in-nodejsnestjs-48al <p>Hey, folks! Have you ever wondered if it's possible to send a file of unlimited size to your users, all while giving them real-time feedback during the download process? Well, today, we're diving into exactly that. Let’s explore how we can achieve this in <strong>NestJS</strong> using one of Node.js's most powerful features—<strong>Streams</strong>.</p> <p>In this guide, I’m not just going to show you how to download files of <em>unlimited size</em>—I’ll also walk you through the magic of <strong>streams</strong> and how they really work behind the scenes.</p> <h3> The Scenario: A Manager's Report Download </h3> <p>Imagine a manager needs to download a dynamically generated report containing invoice data, based on a user-defined date range. The twist? We have no idea how big the report will be because the user sets the parameters. We need to stream this data efficiently without overwhelming our server’s memory. Here’s where <strong>chunked transfer encoding</strong> comes into play. By setting the <code>Transfer-Encoding</code> header to <code>chunked</code> (<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Transfer-Encoding" rel="noopener noreferrer">learn more here</a>), we can send the data in chunks, eliminating the need for a predetermined file size.</p> <p>But wait—how do we handle massive file sizes? The answer is simple: <strong>Node.js Streams</strong>.</p> <h3> Why Not Buffers? </h3> <p>At first, you might think we can handle this using file buffers. However, buffers are limited by the server’s memory. If you’re dealing with large files, buffers will quickly hit a ceiling. Instead, we turn to <strong>streams</strong>, which are the backbone of Node.js when it comes to data management.</p> <p>Streams process data in small chunks, sending it out without holding everything in memory. This way, we can handle "infinite" files, or at least ones large enough to blow your mind.</p> <h3> What are streams? </h3> <p>Streams in Node.js are powerful objects that let us process batches of data without loading everything into memory. Instead of holding the entire dataset, streams process chunks of data and pass them along as they go. So, because they don’t hold all the data in memory, they can handle massive files. But where do these chunks go? They’re passed on to other <strong>streams</strong>!</p> <p>There are two key types of streams you’ll be working with in Node.js: <strong>readable</strong> and <strong>writable</strong> streams.</p> <h4> Let’s break it down with an example: </h4> <p>If you’re reading a file’s contents, you’d use the <code>fs.createReadStream</code> method. This returns a <strong>readable stream</strong> object, which gives you chunks of the file’s data bit by bit.</p> <p>But once you’ve read the data, how do you send it to the user as an HTTP response?</p> <p>Well, here’s the cool part: in Node.js, the response object itself is a <strong>writable stream</strong>. What does that mean? It means you can take the data you’re reading from the readable stream and send it directly to the writable stream (the HTTP response) using a method called <code>.pipe</code>.</p> <p>With just a few lines of code, the <code>.pipe</code> method lets you effortlessly stream file content directly to the client as an HTTP response—no need to worry about memory limits or large file sizes. Simple, right?</p> <h2> The Three Methods to Stream Large Files in NestJS </h2> <p>We’ll walk through three different ways to stream large files in NestJS, ranging from basic to more advanced, giving you both performance and flexibility.</p> <ol> <li> <strong>The Easy Version: Node.js Out of the Box</strong> </li> <li> <strong>The Performant Version: String-Based Stream Chunks</strong> </li> <li> <strong>The Buffer Version: For When Precision Matters</strong> </li> </ol> <h3> 1. <strong>The Easy Version</strong> </h3> <p>In this approach, we use Node.js's built-in interfaces to handle the heavy lifting for us. Here’s what the controller code looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/simple</span><span class="dl">'</span><span class="p">)</span> <span class="p">@</span><span class="nd">Header</span><span class="p">(</span><span class="dl">'</span><span class="s1">Content-Disposition</span><span class="dl">'</span><span class="p">,</span> <span class="s2">`attachment; filename="bigJson.json"`</span><span class="p">)</span> <span class="p">@</span><span class="nd">Header</span><span class="p">(</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">)</span> <span class="p">@</span><span class="nd">Header</span><span class="p">(</span><span class="dl">'</span><span class="s1">Transfer-Encoding</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">chunked</span><span class="dl">'</span><span class="p">)</span> <span class="nf">getBigFileSimple</span><span class="p">(@</span><span class="nd">Res</span><span class="p">()</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">simpleService</span><span class="p">.</span><span class="nf">getBigFile</span><span class="p">(</span><span class="nx">res</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The <code>@Header</code> decorators set the file to be an attachment, specify the content type, and enable chunked transfer encoding. This allows us to send the file in parts without knowing its total size upfront.</p> <p>In our service, we have the following method:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">SimpleService</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="nx">jsonService</span><span class="p">:</span> <span class="nx">JsonService</span><span class="p">)</span> <span class="p">{}</span> <span class="nf">getBigFile</span><span class="p">(</span><span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">jsonService</span><span class="p">.</span><span class="nf">createBigJsonFileStream</span><span class="p">().</span><span class="nf">pipe</span><span class="p">(</span><span class="nx">res</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>With <strong>just one line of code</strong>, we pipe the file stream to the response! This elegant solution leverages Node.js's stream piping, making it both simple and powerful.</p> <p>Now, you might wonder—what exactly is this <code>createBigJsonFileStream()</code> method doing?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">JsonService</span> <span class="p">{</span> <span class="nf">createBigJsonFileStream</span><span class="p">(</span><span class="nx">rowsLength</span> <span class="o">=</span> <span class="mi">25000000</span><span class="p">):</span> <span class="nx">Readable</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">currentRow</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">rowsLength</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getRandomLengthFromRange</span><span class="p">(</span><span class="nx">rowsLength</span> <span class="o">/</span> <span class="mi">2</span><span class="p">,</span> <span class="nx">rowsLength</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">stream</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Readable</span><span class="p">({</span> <span class="nf">read</span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentRow</span> <span class="o">===</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">[</span><span class="dl">'</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="s2">`{"id":</span><span class="p">${</span><span class="nx">currentRow</span><span class="p">}</span><span class="s2">,"name":"element</span><span class="p">${</span><span class="nx">currentRow</span><span class="p">}</span><span class="s2">"},`</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentRow</span> <span class="o">===</span> <span class="nx">rowsLength</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="s2">`{"id":</span><span class="p">${</span><span class="nx">currentRow</span><span class="p">}</span><span class="s2">,"name":"element</span><span class="p">${</span><span class="nx">currentRow</span><span class="p">}</span><span class="s2">"}`</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">]</span><span class="dl">'</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="s2">`{"id":</span><span class="p">${</span><span class="nx">currentRow</span><span class="p">}</span><span class="s2">,"name":"element</span><span class="p">${</span><span class="nx">currentRow</span><span class="p">}</span><span class="s2">"},`</span><span class="p">);</span> <span class="p">}</span> <span class="nx">currentRow</span><span class="o">++</span><span class="p">;</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">stream</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="nf">getRandomLengthFromRange</span><span class="p">(</span><span class="nx">min</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">max</span><span class="p">:</span> <span class="kr">number</span><span class="p">):</span> <span class="kr">number</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">(</span><span class="nb">Math</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">*</span> <span class="p">(</span><span class="nx">max</span> <span class="o">-</span> <span class="nx">min</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">+</span> <span class="nx">min</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In this case, we’re not serving a file from disk. Remember, the scenario we’re addressing is where a manager wants to download a report, choosing their own start and end dates. This means we need to dynamically generate the file based on the user's request. And how do we do that? You guessed it—<strong>with streams!</strong></p> <h3> What’s happening here? </h3> <p>We’re creating a <strong>readable stream</strong> using Node.js’s <code>Readable</code> constructor (<a href="https://nodejs.org/api/stream.html#new-streamreadableoptions" rel="noopener noreferrer">documentation here</a>). We’re keeping things simple by focusing on the required <code>read()</code> method.</p> <p>Here’s how it works: every time the stream has data to offer, the <code>read()</code> method is called. As long as we keep pushing data into the stream (and don’t push <code>null</code>), the stream will stay active and keep sending data.</p> <p>In this example, we’ve set a <code>rowsLength</code>—the total number of rows our JSON file will have. <em>(Note: We’re dynamically altering the <code>rowsLength</code> to simulate the manager selecting a start and end date, creating a random value to represent the report’s size.)</em> Based on this, we push one row at a time into the stream. It’s that simple! We’re dynamically creating a huge JSON file, sending data chunk by chunk, and handling it all seamlessly without loading everything into memory.</p> <h3> 2. <strong>The Performant Version: String-Based Chunks</strong> </h3> <p>In this approach, we fine-tune performance by manually controlling how the data is written to the response stream:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">PerformantService</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="nx">jsonService</span><span class="p">:</span> <span class="nx">JsonService</span><span class="p">)</span> <span class="p">{}</span> <span class="nf">getBigFile</span><span class="p">(</span><span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">jsonStream</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">jsonService</span><span class="p">.</span><span class="nf">createBigJsonFileStream</span><span class="p">();</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">setEncoding</span><span class="p">(</span><span class="dl">'</span><span class="s1">utf-8</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">chunkSize</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">bigChunk</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">data</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">chunk</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">bigChunk</span> <span class="o">+=</span> <span class="nx">chunk</span><span class="p">;</span> <span class="nx">chunkSize</span><span class="o">++</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">chunkSize</span> <span class="o">===</span> <span class="mi">1000</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">writable</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">bigChunk</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">writable</span><span class="p">)</span> <span class="p">{</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">pause</span><span class="p">();</span> <span class="p">}</span> <span class="nx">bigChunk</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">chunkSize</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">drain</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">resume</span><span class="p">();</span> <span class="p">});</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">end</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">bigChunk</span><span class="p">.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">bigChunk</span><span class="p">);</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> So, what do we have here? </h3> <p>What do we have here? Well, the logic might look a bit complex, but that's because we’re handling the process of writing to the res writable stream manually. Why? We believe that our approach is faster than simply piping the stream.</p> <p>So, how do we do it? First, we set the encoding of our JSON stream to UTF-8 using <code>jsonStream.setEncoding('utf-8');</code>. This ensures that instead of receiving default Buffer objects from the stream, we get data as UTF-8 encoded strings.</p> <p>Next, we define two variables: chunkSize, initialized to 0, and bigChunk, an empty string. The cool thing about streams is that we can listen to events on them. For example, the data event gives us a data chunk every time the stream is read. But when is read called? It's triggered as soon as the readable stream is instantiated and continues until all the data is read—pretty cool, right? We know the stream has finished reading when we hit the end event.</p> <p>Now, when data arrives from the stream, we want to be efficient. Instead of sending small chunks to the res stream, we batch 1,000 chunks together and send them as one large chunk to our HTTP response, which is itself a writable stream. But wait—why does the write method return a boolean? This introduces us to a crucial concept in Node.js streams: <a href="https://nodejs.org/en/learn/modules/backpressuring-in-streams" rel="noopener noreferrer">backpressure</a>. As Node.js describes it, “backpressure occurs when data builds up behind a buffer during data transfer.” In simpler terms, it means the res stream is telling us, "Slow down! I can't keep up!"" The solution? We stop sending data! This is done by calling <code>jsonStream.pause()</code>, which halts the stream from reading further.</p> <p>But what happens next? Now, we need to listen for another stream event—this time on the res writable stream. We need the stream to signal when it has recovered from the backpressure. This is where the "drain" event comes in. The "drain" event is emitted when it’s appropriate to resume writing data to the stream. So, once we catch this event, we simply resume reading from our big JSON stream!</p> <p>Finally, when the JSON stream reaches the end event, we check if there’s any leftover data in bigChunk and write it to the res stream. After that, we call res.end() to signal that the response is complete.</p> <p>And just like that, we’ve manually controlled how the data flows through the streams, handled backpressure, and delivered a dynamic file as a response!</p> <h3> 3. <strong>The Buffer Version: Chunking with Buffers</strong> </h3> <p>For a more complex scenario, say we want to send large buffer chunks. Here's how we can handle it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">BufferService</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="k">private</span> <span class="k">readonly</span> <span class="nx">jsonService</span><span class="p">:</span> <span class="nx">JsonService</span><span class="p">)</span> <span class="p">{}</span> <span class="nf">getBigFile</span><span class="p">(</span><span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">jsonStream</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">jsonService</span><span class="p">.</span><span class="nf">createBigJsonFileStream</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">sendingChunkSize</span> <span class="o">=</span> <span class="mi">50</span> <span class="o">*</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span><span class="p">;</span> <span class="c1">// 50 MiBs, Make sure to set the sending chunk size larger than the chunk buffer size to avoid unnecessary iterations in the while loop.</span> <span class="kd">let</span> <span class="nx">currentChunkSize</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">sendingChunk</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nf">alloc</span><span class="p">(</span><span class="nx">sendingChunkSize</span><span class="p">);</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">data</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">chunk</span><span class="p">:</span> <span class="nx">Buffer</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">while </span><span class="p">(</span><span class="nx">chunk</span><span class="p">.</span><span class="nx">byteLength</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">availableSpace</span> <span class="o">=</span> <span class="nx">sendingChunkSize</span> <span class="o">-</span> <span class="nx">currentChunkSize</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">chunk</span><span class="p">.</span><span class="nx">byteLength</span> <span class="o">&lt;=</span> <span class="nx">availableSpace</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// If the chunk fits within the remaining space</span> <span class="nx">chunk</span><span class="p">.</span><span class="nf">copy</span><span class="p">(</span><span class="nx">sendingChunk</span><span class="p">,</span> <span class="nx">currentChunkSize</span><span class="p">);</span> <span class="nx">currentChunkSize</span> <span class="o">+=</span> <span class="nx">chunk</span><span class="p">.</span><span class="nx">byteLength</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Fill the remaining space in the sendingChunk</span> <span class="nx">chunk</span><span class="p">.</span><span class="nf">subarray</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">availableSpace</span><span class="p">).</span><span class="nf">copy</span><span class="p">(</span><span class="nx">sendingChunk</span><span class="p">,</span> <span class="nx">currentChunkSize</span><span class="p">);</span> <span class="nx">currentChunkSize</span> <span class="o">+=</span> <span class="nx">availableSpace</span><span class="p">;</span> <span class="c1">// Send the filled buffer</span> <span class="kd">const</span> <span class="nx">writable</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">sendingChunk</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">writable</span><span class="p">)</span> <span class="p">{</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">pause</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// Reset for the next chunk</span> <span class="nx">sendingChunk</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nf">alloc</span><span class="p">(</span><span class="nx">sendingChunkSize</span><span class="p">);</span> <span class="nx">currentChunkSize</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">chunk</span> <span class="o">=</span> <span class="nx">chunk</span><span class="p">.</span><span class="nf">subarray</span><span class="p">(</span><span class="nx">availableSpace</span><span class="p">);</span> <span class="c1">// Process the rest of the chunk</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">drain</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">resume</span><span class="p">();</span> <span class="c1">// Resume when writable</span> <span class="p">});</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">end</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Send any remaining data that hasn't been flushed</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentChunkSize</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">sendingChunk</span><span class="p">.</span><span class="nf">subarray</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">currentChunkSize</span><span class="p">));</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="nx">jsonStream</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="c1">// Log error for debugging</span> <span class="nx">res</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Oh no, what’s going on here? It looks so complicated!</p> <p>Well, that’s because it <em>is</em> a bit tricky! But here’s the backstory: we received a request from our boss to send file downloads in chunks of <strong>50 MiB</strong>, because he has blazing-fast internet, he wants to take full advantage of it.</p> <p>So, what’s the plan?</p> <p>We start by setting our sending chunk size to <strong>50 MiB</strong>. Next, we initialize a <code>currentChunkSize</code> variable to <code>0</code> and create a new buffer object, allocating exactly <strong>50 MiB</strong> of memory.</p> <p>Now, here’s where it gets interesting. Since we’re using fixed-size buffers, we need to ensure that all the JSON data fits perfectly within the allocated space. To do this, we calculate the available space in the current sending chunk. As long as the JSON chunk fits within the remaining space, we copy it to the sending chunk and update the <code>currentChunkSize</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">chunk</span><span class="p">.</span><span class="nf">copy</span><span class="p">(</span><span class="nx">sendingChunk</span><span class="p">,</span> <span class="nx">currentChunkSize</span><span class="p">);</span> <span class="nx">currentChunkSize</span> <span class="o">+=</span> <span class="nx">chunk</span><span class="p">.</span><span class="nx">byteLength</span><span class="p">;</span> </code></pre> </div> <p>The <code>copy()</code> method copies the bytes from the <code>chunk</code> buffer into <code>sendingChunk</code>, starting at the <code>currentChunkSize</code> (which marks the first free byte in the buffer).</p> <h3> What if the available space is larger than the JSON chunk? </h3> <p>This is where things get a bit messy! In this case, we need to extract exactly the right number of bytes from the JSON chunk to fill the available space in the sending chunk. Once it’s perfectly full, we send the chunk to the HTTP response.</p> <p>After that, we reset the <code>sendingChunk</code> to a fresh buffer and set <code>currentChunkSize</code> back to <code>0</code>.</p> <h3> But what about the rest of the JSON chunk? </h3> <p>Good question! Any remaining data in the JSON chunk is processed in the next iteration of our loop. The loop ensures that this remaining data is added to the new <code>sendingChunk</code>. This loop continues as long as the JSON chunk is larger than the available space in the buffer.</p> <p>Technically, we could set the buffer size to send chunks as small as <strong>1 byte</strong> to the response stream, but that would be incredibly inefficient. So, to avoid unnecessary iterations in the while loop, it’s important to set a reasonable chunk size.</p> <h3> Demo </h3> <p>For the demo, let's <a href="https://github.com/zenstok/nestjs-big-file-download" rel="noopener noreferrer">git clone the project here</a>. After cloning, install the dependencies using <code>npm install</code>, and then run the project with <code>npm run start</code>.</p> <p>On the index page, you’ll find a tutorial that explains how to call each version in action, as shown in the screenshot below:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4p2a4ycxrocefm35o5vj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4p2a4ycxrocefm35o5vj.png" alt="Demo screenshot" width="800" height="182"></a></p> <h3> Conclusion </h3> <p>By leveraging the power of Node.js streams, we can deliver files of virtually any size without consuming large amounts of memory. Whether you're aiming for simplicity, performance, or handling large buffer sizes, these approaches have you covered.</p> <p>I hope this guide helped you understand how to work with large file downloads in NestJS. Have any ideas or topics you'd like me to cover next? Drop a comment! And don’t forget to subscribe to my newsletter on <a href="https://rabbitbyte.club/" rel="noopener noreferrer">rabbitbyte.club</a> for more tips!</p> webdev node javascript nestjs zenstok Mon, 02 Sep 2024 06:45:11 +0000 https://dev.to/zenstok/part-33-how-to-implement-refresh-tokens-through-http-only-cookie-in-nestjs-and-react-265e https://dev.to/zenstok/part-33-how-to-implement-refresh-tokens-through-http-only-cookie-in-nestjs-and-react-265e <p>Hello everyone,</p> <p>Welcome to the final episode of our three-part series on token management in a <strong>NestJS + React application</strong>. In the <a href="https://dev.to/zenstok/how-to-implement-refresh-tokens-with-token-rotation-in-nestjs-1deg">first two posts</a>, we walked through the process of implementing refresh token logic by storing tokens in local storage. Today, we’ll advance to a more secure method by implementing HTTP-only cookies for refresh tokens.</p> <h3> Why Use HTTP-Only Cookies? </h3> <p>HTTP-only cookies allow us to store sensitive data, such as refresh tokens, in a way that cannot be accessed by JavaScript. This means that even if there are vulnerabilities in your code or third-party libraries, a hacker won't be able to retrieve the refresh token.</p> <p>However, even with HTTP-only cookies, there's still a risk of requests being made on behalf of the user through XSS attacks. The key advantage is that hackers will not be able to access the value of the refresh token directly; they would need to execute targeted XSS attacks on the application's endpoints, which requires prior knowledge of the system.</p> <h4> Why Not Store Both Access and Refresh Tokens in HTTP-Only Cookies? </h4> <p>By keeping the access token out of cookies, we protect against CSRF (Cross-Site Request Forgery) attacks. To mitigate XSS attacks, we set a short expiry time on the access token, limiting the damage even if it’s compromised.</p> <h4> Should We Worry About CSRF on the /refresh-tokens Endpoint? </h4> <p>Not really. Since this endpoint doesn’t compromise the system or user data, CSRF attacks here are less of a concern.</p> <h4> Enhancing Security: Hashing Refresh Tokens </h4> <p>To further improve security, we also hash the refresh tokens in the database. We use a hashing algorithm without salt, allowing us to reproduce the same hash for previously used tokens to check if they have been blacklisted. With this improvement, in case of database leaks, the hacker will not be able to read any refresh tokens!</p> <h3> Getting Started </h3> <p>To begin, ensure you've completed the guides in <a href="https://dev.to/zenstok/how-to-implement-refresh-tokens-with-token-rotation-in-nestjs-1deg">Part 1</a> and <a href="https://dev.to/zenstok/part-23-how-to-implement-refresh-tokens-in-react-84c">Part 2</a> for app installation. Afterward, follow these steps to implement the necessary changes.</p> <p>If you want to jump straight into the code, you can <a href="https://github.com/zenstok/nestjs-auth-refresh-token-example/tree/part-3" rel="noopener noreferrer">check out the repository here on the "part-3" branch</a>.</p> <h4> Step 1: Define Cookie Configuration and Helper Function </h4> <p>First, set up a cookie configuration and create a helper function to extract the refresh token from cookies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Request</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">cookieConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">refreshToken</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">refreshToken</span><span class="dl">'</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// For production, use '/auth/api/refresh-tokens'. We use '/' for localhost in order to work on Chrome.</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">'</span><span class="s1">strict</span><span class="dl">'</span> <span class="k">as</span> <span class="dl">'</span><span class="s1">strict</span><span class="dl">'</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">1000</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">30</span><span class="p">,</span> <span class="c1">// 30 days; must match Refresh JWT expiration.</span> <span class="p">},</span> <span class="p">},</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">extractRefreshTokenFromCookies</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookies</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">cookie</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">; </span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">cookies</span><span class="p">?.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">refreshTokenCookie</span> <span class="o">=</span> <span class="nx">cookies</span><span class="p">.</span><span class="nf">find</span><span class="p">((</span><span class="nx">cookie</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">cookie</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">cookieConfig</span><span class="p">.</span><span class="nx">refreshToken</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">=`</span><span class="p">)</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">refreshTokenCookie</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">refreshTokenCookie</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">=</span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <h4> Step 2: Enable CORS to Accept Cookies </h4> <p>Ensure the CORS policy allows credentials so that our backend can receive cookies from the frontend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">enableCors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// Set the correct origin for production.</span> </code></pre> </div> <h4> Step 3: Update the Token Generation Method </h4> <p>Modify the <code>generateTokenPair</code> method to set the refresh token as an HTTP-only cookie whenever it's called:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="nf">generateTokenPair</span><span class="p">(</span> <span class="nx">user</span><span class="p">:</span> <span class="nx">Express</span><span class="p">.</span><span class="nx">User</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">currentRefreshToken</span><span class="p">?:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">currentRefreshTokenExpiresAt</span><span class="p">?:</span> <span class="nb">Date</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">sub</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">role</span> <span class="p">};</span> <span class="nx">res</span><span class="p">.</span><span class="nf">cookie</span><span class="p">(</span> <span class="nx">cookieConfig</span><span class="p">.</span><span class="nx">refreshToken</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">generateRefreshToken</span><span class="p">(</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">currentRefreshToken</span><span class="p">,</span> <span class="nx">currentRefreshTokenExpiresAt</span><span class="p">,</span> <span class="p">),</span> <span class="p">{</span> <span class="p">...</span><span class="nx">cookieConfig</span><span class="p">.</span><span class="nx">refreshToken</span><span class="p">.</span><span class="nx">options</span><span class="p">,</span> <span class="p">},</span> <span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">access_token</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">jwtService</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">payload</span><span class="p">),</span> <span class="c1">// JWT module is configured in auth.module.ts for access token.</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h4> Step 4: Update JWT Strategy to Use Cookies </h4> <p>Modify the refresh JWT strategy to retrieve the token from cookies instead of using bearer token authentication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">jwtFromRequest</span><span class="p">:</span> <span class="nx">ExtractJwt</span><span class="p">.</span><span class="nf">fromExtractors</span><span class="p">([</span> <span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">extractRefreshTokenFromCookies</span><span class="p">(</span><span class="nx">req</span><span class="p">),</span> <span class="p">]),</span> </code></pre> </div> <h4> Step 5: Adjust Token Handling and Add Cookie Clearing Endpoint </h4> <p>When calling the <code>/refresh-tokens</code> endpoint, the token should now be extracted from the HTTP-only cookie, replacing the previous method of using Bearer authorization.</p> <p>Additionally, we must implement a <code>/clear-auth-cookie</code> endpoint to remove the cookie. This endpoint should be invoked during the logout action on the frontend. The reason for this is that HTTP-only cookies cannot be cleared programatically from the frontend, so this ensures the user is properly logged out.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Public</span><span class="p">()</span> <span class="p">@</span><span class="nd">UseGuards</span><span class="p">(</span><span class="nx">JwtRefreshAuthGuard</span><span class="p">)</span> <span class="p">@</span><span class="nd">Post</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh-tokens</span><span class="dl">'</span><span class="p">)</span> <span class="nf">refreshTokens</span><span class="p">(</span> <span class="p">@</span><span class="nd">Req</span><span class="p">()</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="p">@</span><span class="nd">Res</span><span class="p">({</span> <span class="na">passthrough</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">InternalServerErrorException</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">authRefreshTokenService</span><span class="p">.</span><span class="nf">generateTokenPair</span><span class="p">(</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="k">as</span> <span class="kr">any</span><span class="p">).</span><span class="nx">attributes</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nf">extractRefreshTokenFromCookies</span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="k">as</span> <span class="kr">string</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="k">as</span> <span class="kr">any</span><span class="p">).</span><span class="nx">refreshTokenExpiresAt</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="p">@</span><span class="nd">Public</span><span class="p">()</span> <span class="p">@</span><span class="nd">Post</span><span class="p">(</span><span class="dl">'</span><span class="s1">clear-auth-cookie</span><span class="dl">'</span><span class="p">)</span> <span class="nf">clearAuthCookie</span><span class="p">(@</span><span class="nd">Res</span><span class="p">({</span> <span class="na">passthrough</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">clearCookie</span><span class="p">(</span><span class="nx">cookieConfig</span><span class="p">.</span><span class="nx">refreshToken</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h4> Step 6: Update Frontend Logic </h4> <p>Now regarding the frontend project, we will actually simplify the logic a little bit.</p> <p><strong>Remove Refresh Token from Local Storage:</strong></p> <p>Clear any references to the refresh token in the <code>AuthClientStore</code> class:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">ACCESS_TOKEN_KEY</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">rabbit.byte.club.access.token</span><span class="dl">"</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AuthClientStore</span> <span class="p">{</span> <span class="k">static</span> <span class="nf">getAccessToken</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="nx">ACCESS_TOKEN_KEY</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="nx">ACCESS_TOKEN_KEY</span><span class="p">,</span> <span class="nx">token</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="nf">removeAccessToken</span><span class="p">():</span> <span class="k">void</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="nx">ACCESS_TOKEN_KEY</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">AuthClientStore</span><span class="p">;</span> </code></pre> </div> <p><strong>Update Request Methods:</strong></p> <p>Remove the <code>refreshToken</code> variable from the <code>sendProtectedRequest</code> method, as it's no longer needed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">sendProtectedRequest</span> <span class="o">=</span> <span class="p">(</span> <span class="nx">method</span><span class="p">:</span> <span class="nx">ApiMethod</span><span class="p">,</span> <span class="nx">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// eslint-disable-next-line</span> <span class="nx">body</span><span class="p">?:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">init</span><span class="p">?:</span> <span class="nx">RequestInit</span><span class="p">,</span> <span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authToken</span> <span class="o">=</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">getAccessToken</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">No auth token found</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">sendRequest</span><span class="p">(</span><span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">authToken</span><span class="p">,</span> <span class="nx">init</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p><strong>Include Credentials in Requests:</strong></p> <p>Very important: Update the <code>login</code> and <code>refresh token</code> API integration methods to include credentials, ensuring that cookies can be set and sent correctly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendRequest</span><span class="p">(</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">login</span><span class="p">,</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="p">},</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">},</span> <span class="c1">// Required update</span> <span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">refreshTokens</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timeout</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">debouncedPromise</span><span class="p">)</span> <span class="p">{</span> <span class="nx">debouncedPromise</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">debouncedResolve</span> <span class="o">=</span> <span class="nx">resolve</span><span class="p">;</span> <span class="nx">debouncedReject</span> <span class="o">=</span> <span class="nx">reject</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">timeout</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">executeLogic</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendRequest</span><span class="p">(</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">refreshTokens</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">},</span> <span class="c1">// Required update</span> <span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="p">};</span> <span class="nf">executeLogic</span><span class="p">().</span><span class="nf">then</span><span class="p">(</span><span class="nx">debouncedResolve</span><span class="p">).</span><span class="k">catch</span><span class="p">(</span><span class="nx">debouncedReject</span><span class="p">);</span> <span class="nx">debouncedPromise</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="p">},</span> <span class="mi">200</span><span class="p">);</span> <span class="k">return</span> <span class="nx">debouncedPromise</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>Define Clear Auth Cookie API Call:</strong></p> <p>Implement the <code>clearAuthCookie</code> API call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">clearAuthCookie</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">sendRequest</span><span class="p">(</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">clearAuthCookie</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">},</span> <span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p><strong>Call <code>clearAuthCookie</code> on Logout:</strong></p> <p>Ensure the auth cookie is cleared on logout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">removeAccessToken</span><span class="p">();</span> <span class="k">return</span> <span class="nf">clearAuthCookie</span><span class="p">();</span> <span class="p">};</span> </code></pre> </div> <p>And that's it! With these steps, the refresh token logic is now integrated into an HTTP-only cookie. You can proceed to <a href="https://dev.to/zenstok/part-23-how-to-implement-refresh-tokens-in-react-84c">Part 2</a> of the tutorial to test the solution.</p> <p>If you'd like me to cover more interesting topics about the node.js ecosystem, feel free to leave your suggestions in the comments section. Don't forget to subscribe to my newsletter on <a href="//rabbitbyte.club">rabbitbyte.club</a> for updates!</p> webdev node nestjs react zenstok Tue, 30 Jul 2024 07:26:36 +0000 https://dev.to/zenstok/part-23-how-to-implement-refresh-tokens-in-react-84c https://dev.to/zenstok/part-23-how-to-implement-refresh-tokens-in-react-84c <p>Hello, guys!</p> <p>On the premise that our App is immune to XSS attacks, we will store both access &amp; refresh tokens in the local storage. For this, we will use React which escapes any values embedded in JSX before rendering them, greatly helping us in countering XSS attacks.</p> <p>This is the second episode in our three-part series on implementing refresh tokens. In our <a href="https://dev.to/zenstok/how-to-implement-refresh-tokens-with-token-rotation-in-nestjs-1deg">previous article</a>, we explored how to implement refresh tokens in NestJS. Be sure to check it out if you're looking to easily run the demo from this tutorial.</p> <p>While storing both access and refresh tokens in local storage is convenient, it does come with security risks. Even with robust XSS attack prevention, there's still a vulnerability to attacks via third-party libraries. Fortunately, in the final episode of this series, we'll demonstrate how to securely store refresh tokens using HTTP-only cookies, which enhances security.</p> <h3> Implementation overview </h3> <p>To keep the application straightforward, we've implemented only the core features necessary to demonstrate the functionality. Here’s what we aim to achieve and some potential caveats to be aware of:</p> <h4> Objectives: </h4> <ol> <li> <strong>Persistent Authentication</strong>: We want the user to remain authenticated even after refreshing the page.</li> <li> <strong>Automatic Logout</strong>: The user should be logged out automatically when an API endpoint returns a 401 Unauthorized response.</li> <li> <strong>Seamless Data Access</strong>: When calling a protected endpoint, the app should retrieve data if a valid refresh token exists. If the first request returns a 401, the app should attempt to refresh the tokens. Only if the subsequent request after refreshing also fails with a 401 should the user be logged out.</li> </ol> <h4> Potential Caveat: </h4> <p>A notable issue is that the refresh token endpoint call invalidates the previous refresh token. This can create a problem if <code>/auth/refresh-tokens</code> is called more than once concurrently, as it may lead to inconsistencies or failures in token handling. To mitigate this, we must ensure that the refresh token is not requested multiple times concurrently, even if multiple protected requests are made across the app.</p> <p>If you want to jump directly to the GitHub repo to see how we did it, you can <a href="https://github.com/zenstok/react-auth-refresh-token-example" rel="noopener noreferrer">check it out here</a>.</p> <h3> Getting started </h3> <p>Since the authentication state is a global concept in the app, we need to ensure that every component can access this state. The best way to manage this is by using React Context to define a global context provider. We will look into this later in the tutorial.</p> <p>First, we define a class responsible for managing the manipulation of local storage keys for access and refresh tokens:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">ACCESS_TOKEN_KEY</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">rabbit.byte.club.access.token</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">REFRESH_TOKEN_KEY</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">rabbit.byte.club.refresh.token</span><span class="dl">"</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AuthClientStore</span> <span class="p">{</span> <span class="k">static</span> <span class="nf">getAccessToken</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="nx">ACCESS_TOKEN_KEY</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="nx">ACCESS_TOKEN_KEY</span><span class="p">,</span> <span class="nx">token</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="nf">removeAccessToken</span><span class="p">():</span> <span class="k">void</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="nx">ACCESS_TOKEN_KEY</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="nf">getRefreshToken</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="nx">REFRESH_TOKEN_KEY</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="nf">setRefreshToken</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="nx">REFRESH_TOKEN_KEY</span><span class="p">,</span> <span class="nx">token</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="nf">removeRefreshToken</span><span class="p">():</span> <span class="k">void</span> <span class="p">{</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="nx">REFRESH_TOKEN_KEY</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">AuthClientStore</span><span class="p">;</span> </code></pre> </div> <p>Next, we define a <code>useApi</code> hook, which abstracts how requests are sent to our app server, both protected and unprotected:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">AuthClientStore</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../../auth/client-store/auth-client-store.ts</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ApiMethod</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../types.ts</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">apiUrl</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_API_BASE_URL</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">sendRequest</span> <span class="o">=</span> <span class="p">(</span> <span class="nx">method</span><span class="p">:</span> <span class="nx">ApiMethod</span><span class="p">,</span> <span class="nx">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// eslint-disable-next-line</span> <span class="nx">body</span><span class="p">?:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">authToken</span><span class="p">?:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">,</span> <span class="nx">init</span><span class="p">?:</span> <span class="nx">RequestInit</span><span class="p">,</span> <span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">apiUrl</span> <span class="o">+</span> <span class="nx">path</span><span class="p">,</span> <span class="p">{</span> <span class="nx">method</span><span class="p">,</span> <span class="p">...(</span><span class="nx">body</span> <span class="o">&amp;&amp;</span> <span class="p">{</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">body</span><span class="p">)</span> <span class="p">}),</span> <span class="p">...</span><span class="nx">init</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">...(</span><span class="nx">authToken</span> <span class="o">&amp;&amp;</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">authToken</span><span class="p">}</span><span class="s2">`</span> <span class="p">}),</span> <span class="p">...</span><span class="nx">init</span><span class="p">?.</span><span class="nx">headers</span><span class="p">,</span> <span class="p">},</span> <span class="p">}).</span><span class="nf">then</span><span class="p">((</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">&gt;=</span> <span class="mi">400</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="p">});</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">sendProtectedRequest</span> <span class="o">=</span> <span class="p">(</span> <span class="nx">method</span><span class="p">:</span> <span class="nx">ApiMethod</span><span class="p">,</span> <span class="nx">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// eslint-disable-next-line</span> <span class="nx">body</span><span class="p">?:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">useRefreshToken</span> <span class="o">=</span> <span class="kc">false</span><span class="p">,</span> <span class="nx">init</span><span class="p">?:</span> <span class="nx">RequestInit</span><span class="p">,</span> <span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authToken</span> <span class="o">=</span> <span class="nx">useRefreshToken</span> <span class="p">?</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">getRefreshToken</span><span class="p">()</span> <span class="p">:</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">getAccessToken</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">No auth token found</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">sendRequest</span><span class="p">(</span><span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">authToken</span><span class="p">,</span> <span class="nx">init</span><span class="p">);</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">useApi</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">sendRequest</span><span class="p">,</span> <span class="nx">sendProtectedRequest</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>Please note that the <code>sendProtectedRequest</code> method accepts an optional <code>useRefreshToken</code> parameter. This is used exclusively by routes that refresh the token, as they require the refresh token for bearer authentication. In all other cases, the default behavior is to use the access token.</p> <p>Now we need to define a useAuthApi hook where the magic happens.</p> <p>First, we will use useApi hook from which we need to call sendRequest and sendProtectedRequest methods:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">useAuthApi</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sendRequest</span><span class="p">,</span> <span class="nx">sendProtectedRequest</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useApi</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h5> Implementing Authentication: Login, Logout, and Token Refresh </h5> <p>Now, let's define the <code>login</code> function, which, upon successful authentication, will set the access and refresh tokens in the local storage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">useAuthApi</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sendRequest</span><span class="p">,</span> <span class="nx">sendProtectedRequest</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useApi</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendRequest</span><span class="p">(</span><span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">login</span><span class="p">,</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="p">});</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setRefreshToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>Next, the <code>logout</code> function is straightforward: it simply removes the access and refresh tokens from local storage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">useAuthApi</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sendRequest</span><span class="p">,</span> <span class="nx">sendProtectedRequest</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useApi</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendRequest</span><span class="p">(</span><span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">login</span><span class="p">,</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="p">});</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setRefreshToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">removeAccessToken</span><span class="p">();</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">removeRefreshToken</span><span class="p">();</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>An essential method to define is <code>refreshTokens</code>, which has a simple logic similar to the <code>login</code> function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">refreshTokens</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">refreshTokens</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">getRefreshToken</span><span class="p">(),</span> <span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setRefreshToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p>Note that because the refresh tokens endpoint requires the refresh token as an authentication method, we pass the refresh token as a parameter to <code>sendProtectedRequest</code> so it uses the refresh token as the bearer instead of the default access token used for other requests.</p> <p>Is this all we need for the <code>refreshTokens</code> method? Well, keep in mind that each call to refresh the access token will invalidate the previous refresh tokens. So, if two parts of the app concurrently need to refresh the access token, one request might fail because the first request will invalidate the refresh token being used. Therefore, it's crucial to ensure this method is called only once. To manage this logic efficiently, we need to decorate this method a little bit.</p> <h5> Debouncing Refresh Tokens Requests and Managing Authentication State </h5> <p>To handle cases where multiple parts of the app might concurrently call the refresh tokens method, we need to debounce these calls so that only one request is made. We also need to ensure that each caller receives the same access and refresh token pair. Here's how we achieve this:</p> <p>First, we define some variables outside of the hook to manage the debounce logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="cm">/* * These variables are used to debounce the refreshTokens function */</span> <span class="kd">let</span> <span class="nx">debouncedPromise</span><span class="p">:</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">unknown</span><span class="o">&gt;</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">debouncedResolve</span><span class="p">:</span> <span class="p">(...</span><span class="nx">args</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">debouncedReject</span><span class="p">:</span> <span class="p">(...</span><span class="nx">args</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">timeout</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> </code></pre> </div> <p>Now, we update the <code>refreshTokens</code> method to include debouncing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">refreshTokens</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timeout</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">debouncedPromise</span><span class="p">)</span> <span class="p">{</span> <span class="nx">debouncedPromise</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">debouncedResolve</span> <span class="o">=</span> <span class="nx">resolve</span><span class="p">;</span> <span class="nx">debouncedReject</span> <span class="o">=</span> <span class="nx">reject</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">timeout</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">executeLogic</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">refreshTokens</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">getRefreshToken</span><span class="p">(),</span> <span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setRefreshToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">);</span> <span class="p">};</span> <span class="nf">executeLogic</span><span class="p">().</span><span class="nf">then</span><span class="p">(</span><span class="nx">debouncedResolve</span><span class="p">).</span><span class="k">catch</span><span class="p">(</span><span class="nx">debouncedReject</span><span class="p">);</span> <span class="nx">debouncedPromise</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="p">},</span> <span class="mi">200</span><span class="p">);</span> <span class="k">return</span> <span class="nx">debouncedPromise</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>Here’s how it works:</p> <ul> <li>We clear the timeout whenever a new caller invokes this method within a 200ms window, effectively debouncing the calls.</li> <li>The <code>debouncedPromise</code> ensures that all callers receive the same promise, which resolves or rejects when the token refresh logic completes.</li> <li>After processing, <code>debouncedPromise</code> is reset to handle new calls later.</li> </ul> <p>Next, we define a method that acts as a gatekeeper for protected API routes. It attempts a request and, if it fails with a 401 (Unauthorized) error, refreshes the access token and retries the request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">sendAuthGuardedRequest</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span> <span class="nx">userIsNotAuthenticatedCallback</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">,</span> <span class="nx">method</span><span class="p">:</span> <span class="nx">ApiMethod</span><span class="p">,</span> <span class="nx">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">body</span><span class="p">?:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">init</span><span class="p">?:</span> <span class="nx">RequestInit</span><span class="p">,</span> <span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">init</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">refreshTokens</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nf">userIsNotAuthenticatedCallback</span><span class="p">();</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">init</span><span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>The <code>userIsNotAuthenticatedCallback</code> parameter allows the authentication context provider to update the global auth state, which any component in the app can listen to.</p> <p>Finally, we define a method for checking if the user is authenticated by calling the <code>/auth/me</code> endpoint. This should be executed on app startup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">me</span> <span class="o">=</span> <span class="p">(</span><span class="nx">userIsNotAuthenticatedCallback</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">sendAuthGuardedRequest</span><span class="p">(</span> <span class="nx">userIsNotAuthenticatedCallback</span><span class="p">,</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">GET</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">me</span><span class="p">,</span> <span class="p">)</span> <span class="k">as</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>Our hook is now complete, this is the full version of it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="cm">/* * These variables are used to debounce the refreshTokens function */</span> <span class="kd">let</span> <span class="nx">debouncedPromise</span><span class="p">:</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">unknown</span><span class="o">&gt;</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">debouncedResolve</span><span class="p">:</span> <span class="p">(...</span><span class="nx">args</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">debouncedReject</span><span class="p">:</span> <span class="p">(...</span><span class="nx">args</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">timeout</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">useAuthApi</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sendRequest</span><span class="p">,</span> <span class="nx">sendProtectedRequest</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useApi</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendRequest</span><span class="p">(</span><span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">login</span><span class="p">,</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="p">});</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setRefreshToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">removeAccessToken</span><span class="p">();</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">removeRefreshToken</span><span class="p">();</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">refreshTokens</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timeout</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">debouncedPromise</span><span class="p">)</span> <span class="p">{</span> <span class="nx">debouncedPromise</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">debouncedResolve</span> <span class="o">=</span> <span class="nx">resolve</span><span class="p">;</span> <span class="nx">debouncedReject</span> <span class="o">=</span> <span class="nx">reject</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">timeout</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">executeLogic</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">POST</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">refreshTokens</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">getRefreshToken</span><span class="p">(),</span> <span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setAccessToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">AuthClientStore</span><span class="p">.</span><span class="nf">setRefreshToken</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">);</span> <span class="p">};</span> <span class="nf">executeLogic</span><span class="p">().</span><span class="nf">then</span><span class="p">(</span><span class="nx">debouncedResolve</span><span class="p">).</span><span class="k">catch</span><span class="p">(</span><span class="nx">debouncedReject</span><span class="p">);</span> <span class="nx">debouncedPromise</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="p">},</span> <span class="mi">200</span><span class="p">);</span> <span class="k">return</span> <span class="nx">debouncedPromise</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">sendAuthGuardedRequest</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span> <span class="na">userIsNotAuthenticatedCallback</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="nx">ApiMethod</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// eslint-disable-next-line</span> <span class="nx">body</span><span class="p">?:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">init</span><span class="p">?:</span> <span class="nx">RequestInit</span><span class="p">,</span> <span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">init</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span><span class="p">?.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">refreshTokens</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nf">userIsNotAuthenticatedCallback</span><span class="p">();</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">sendProtectedRequest</span><span class="p">(</span><span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="kc">undefined</span><span class="p">,</span> <span class="nx">init</span><span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">me</span> <span class="o">=</span> <span class="p">(</span><span class="na">userIsNotAuthenticatedCallback</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="k">void</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">sendAuthGuardedRequest</span><span class="p">(</span> <span class="nx">userIsNotAuthenticatedCallback</span><span class="p">,</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">GET</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">me</span><span class="p">,</span> <span class="p">)</span> <span class="k">as</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">};</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">logout</span><span class="p">,</span> <span class="nx">me</span><span class="p">,</span> <span class="nx">sendAuthGuardedRequest</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <h5> Implementing the Auth Provider component </h5> <p>Now let's have a look at our auth provider component, responsible with our global auth state.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">type</span> <span class="nx">ContextType</span> <span class="o">=</span> <span class="p">{</span> <span class="na">isAuthenticated</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nf">login</span><span class="p">(</span><span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span><span class="p">;</span> <span class="nf">logout</span><span class="p">():</span> <span class="k">void</span><span class="p">;</span> <span class="nf">me</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span><span class="o">&gt;</span><span class="p">;</span> <span class="nf">sendAuthGuardedRequest</span><span class="p">(</span> <span class="na">method</span><span class="p">:</span> <span class="nx">ApiMethod</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// eslint-disable-next-line</span> <span class="nx">body</span><span class="p">?:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">init</span><span class="p">?:</span> <span class="nx">RequestInit</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">unknown</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">AuthContext</span> <span class="o">=</span> <span class="nx">createContext</span><span class="o">&lt;</span><span class="nx">ContextType</span> <span class="o">|</span> <span class="kc">undefined</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">undefined</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">AuthProvider</span><span class="p">({</span> <span class="nx">children</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">ReactNode</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">isAuthenticated</span><span class="p">,</span> <span class="nx">setIsAuthenticated</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">login</span><span class="p">:</span> <span class="nx">authLogin</span><span class="p">,</span> <span class="na">logout</span><span class="p">:</span> <span class="nx">authLogout</span><span class="p">,</span> <span class="na">me</span><span class="p">:</span> <span class="nx">authMe</span><span class="p">,</span> <span class="na">sendAuthGuardedRequest</span><span class="p">:</span> <span class="nx">authSendAuthGuardedRequest</span><span class="p">,</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuthApi</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">login</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">password</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">authLogin</span><span class="p">(</span><span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">);</span> <span class="nf">setIsAuthenticated</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setIsAuthenticated</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="k">throw</span> <span class="nx">e</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">logout</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">authLogout</span><span class="p">();</span> <span class="nf">setIsAuthenticated</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">me</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">authMe</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">setIsAuthenticated</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">});</span> <span class="nf">setIsAuthenticated</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">sendAuthGuardedRequest</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span> <span class="nx">method</span><span class="p">:</span> <span class="nx">ApiMethod</span><span class="p">,</span> <span class="nx">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="c1">// eslint-disable-next-line</span> <span class="nx">body</span><span class="p">?:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">init</span><span class="p">?:</span> <span class="nx">RequestInit</span><span class="p">,</span> <span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">authSendAuthGuardedRequest</span><span class="p">(</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">setIsAuthenticated</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="p">},</span> <span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">init</span><span class="p">,</span> <span class="p">);</span> <span class="p">};</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">AuthContext</span><span class="p">.</span><span class="nx">Provider</span> <span class="nx">value</span><span class="o">=</span><span class="p">{{</span> <span class="nx">isAuthenticated</span><span class="p">,</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">logout</span><span class="p">,</span> <span class="nx">me</span><span class="p">,</span> <span class="nx">sendAuthGuardedRequest</span><span class="p">,</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">children</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/AuthContext.Provider</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">AuthProvider</span><span class="p">,</span> <span class="nx">AuthContext</span> <span class="p">};</span> </code></pre> </div> <p>In this implementation, we’ve essentially wrapped the authentication API hook methods and manage the <code>isAuthenticated</code> state based on API responses. The final method in this component is very important: it is used by all other hooks or components that need to perform protected requests to our API. By incorporating the <code>userIsNotAuthenticated</code> callback, we ensure that when an endpoint call fails due to token expiration, the authentication state is updated. This approach allows the <code>isAuthenticated</code> state to be set to <code>false</code>, prompting all components across the app to adjust their behavior accordingly.</p> <p>Next, we’ll define a <code>useAuthContext</code> hook to simplify access to the authentication state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">useAuthContext</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="nf">useContext</span><span class="p">(</span><span class="nx">AuthContext</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">ctx</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">useAuthContext must be within AuthProvider</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">ctx</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <h5> Wrapping Your App with AuthProvider </h5> <p>Ensure your application is wrapped with the <code>AuthProvider</code> to provide authentication state to all components.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">ReactDOM</span><span class="p">.</span><span class="nf">createRoot</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">"</span><span class="s2">root</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">).</span><span class="nf">render</span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">React</span><span class="p">.</span><span class="nx">StrictMode</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">AuthProvider</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">App</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="sr">/AuthProvider</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/React.StrictMode&gt;</span><span class="err">, </span><span class="p">);</span> </code></pre> </div> <p>Next, we’ll define a <code>useUserApi</code> hook to handle API methods related to user operations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">useUserApi</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sendAuthGuardedRequest</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuthContext</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">findAllUsers</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span> <span class="na">limit</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="na">offset</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">FindAllUsersResponse</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">queryString</span> <span class="o">=</span> <span class="nf">buildQueryParams</span><span class="p">([</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">"</span><span class="s2">limit</span><span class="dl">"</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">limit</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="p">},</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="dl">"</span><span class="s2">offset</span><span class="dl">"</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">offset</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="p">},</span> <span class="p">]);</span> <span class="k">return</span> <span class="nf">sendAuthGuardedRequest</span><span class="p">(</span> <span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">GET</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">findAll</span> <span class="o">+</span> <span class="nx">queryString</span><span class="p">,</span> <span class="p">);</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">findOneUser</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="na">id</span><span class="p">:</span> <span class="kr">number</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">sendAuthGuardedRequest</span><span class="p">(</span><span class="nx">ApiMethod</span><span class="p">.</span><span class="nx">GET</span><span class="p">,</span> <span class="nx">routes</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">findOne</span><span class="p">(</span><span class="nx">id</span><span class="p">));</span> <span class="p">};</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">findAllUsers</span><span class="p">,</span> <span class="nx">findOneUser</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>Note how we are using the <code>sendAuthGuardedRequest</code> method from the auth context. </p> <p>Now, let's take a look at our <code>App</code> component.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">App</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">isAuthenticated</span><span class="p">,</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">logout</span><span class="p">,</span> <span class="nx">me</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuthContext</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">appIsLoading</span><span class="p">,</span> <span class="nx">setAppIsLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">findAllUsers</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useUserApi</span><span class="p">();</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">me</span><span class="p">()</span> <span class="p">.</span><span class="k">catch</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{})</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">setAppIsLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">));</span> <span class="p">},</span> <span class="p">[]);</span> <span class="k">if </span><span class="p">(</span><span class="nx">appIsLoading</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span><span class="nx">Loading</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/div&gt;</span><span class="err">; </span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">isAuthenticated</span><span class="p">)</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">form</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span> <span class="na">display</span><span class="p">:</span> <span class="dl">"</span><span class="s2">flex</span><span class="dl">"</span><span class="p">,</span> <span class="na">flexDirection</span><span class="p">:</span> <span class="dl">"</span><span class="s2">column</span><span class="dl">"</span><span class="p">,</span> <span class="na">gap</span><span class="p">:</span> <span class="mi">16</span> <span class="p">}</span> <span class="nx">onSubmit</span><span class="o">=</span><span class="p">{(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">e</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="nf">login</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">value</span><span class="p">,</span> <span class="nx">e</span><span class="p">.</span><span class="nx">target</span><span class="p">[</span><span class="mi">1</span><span class="p">].</span><span class="nx">value</span><span class="p">);</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span><span class="nx">Authentication</span><span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">input</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Email</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="nx">input</span> <span class="nx">placeholder</span><span class="o">=</span><span class="dl">"</span><span class="s2">Password</span><span class="dl">"</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">password</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="kd">type</span><span class="o">=</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Login</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/form</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;&gt;</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://rabbitbyte.club</span><span class="dl">"</span> <span class="nx">target</span><span class="o">=</span><span class="dl">"</span><span class="s2">_blank</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">img</span> <span class="nx">src</span><span class="o">=</span><span class="p">{</span><span class="nx">rabitByteClubLogo</span><span class="p">}</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">logo</span><span class="dl">"</span> <span class="nx">alt</span><span class="o">=</span><span class="dl">"</span><span class="s2">logo-rabbit-byte</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="sr">/a</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">h1</span><span class="o">&gt;</span><span class="nx">Rabbit</span> <span class="nx">Byte</span> <span class="nx">Club</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">style</span><span class="o">=</span><span class="p">{{</span> <span class="na">display</span><span class="p">:</span> <span class="dl">"</span><span class="s2">flex</span><span class="dl">"</span><span class="p">,</span> <span class="na">gap</span><span class="p">:</span> <span class="mi">16</span> <span class="p">}}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="mi">5</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="nf">findAllUsers</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="p">}</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="nx">Simulate</span> <span class="mi">5</span> <span class="nx">concurrent</span> <span class="nx">requests</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{()</span> <span class="o">=&gt;</span> <span class="nf">logout</span><span class="p">()}</span><span class="o">&gt;</span><span class="nx">Logout</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">App</span><span class="p">;</span> </code></pre> </div> <p>We define an <code>appLoading</code> state, which is set to <code>false</code> once the <code>/auth/me</code> endpoint completes, regardless of success or failure. While the user is not authenticated, we display the login form. </p> <p>If the user is authenticated, a button is provided to simulate 5 concurrent requests, allowing you to test the logic easily in the demo.</p> <h3> DEMO </h3> <p><strong>Prerequisites:</strong> </p> <p>To test the feature quickly and easily, set the JWT access token expiration to 10 seconds in your backend application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">JwtModule</span><span class="p">.</span><span class="nf">registerAsync</span><span class="p">({</span> <span class="na">inject</span><span class="p">:</span> <span class="p">[</span><span class="nx">ConfigService</span><span class="p">],</span> <span class="na">useFactory</span><span class="p">:</span> <span class="p">(</span><span class="na">configService</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="o">&lt;</span><span class="nx">EnvironmentVariables</span><span class="o">&gt;</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">jwtSecret</span><span class="dl">'</span><span class="p">),</span> <span class="na">signOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">10s</span><span class="dl">'</span> <span class="p">},</span> <span class="p">}),</span> <span class="p">}),</span> </code></pre> </div> <p>Set the JWT refresh token expiration to 30 seconds:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">newRefreshToken</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">jwtService</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span> <span class="p">{</span> <span class="na">sub</span><span class="p">:</span> <span class="nx">authUserId</span> <span class="p">},</span> <span class="p">{</span> <span class="na">secret</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">jwtRefreshSecret</span><span class="dl">'</span><span class="p">),</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">30s</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">);</span> </code></pre> </div> <p>Additionally, you may want to temporarily disable throttling on the refresh tokens endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// @Throttle({</span> <span class="c1">// short: { limit: 1, ttl: 1000 },</span> <span class="c1">// long: { limit: 2, ttl: 60000 },</span> <span class="c1">// })</span> <span class="p">@</span><span class="nd">ApiBearerAuth</span><span class="p">()</span> <span class="p">@</span><span class="nd">Public</span><span class="p">()</span> <span class="p">@</span><span class="nd">UseGuards</span><span class="p">(</span><span class="nx">JwtRefreshAuthGuard</span><span class="p">)</span> <span class="p">@</span><span class="nd">Post</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh-tokens</span><span class="dl">'</span><span class="p">)</span> <span class="nf">refreshTokens</span><span class="p">(@</span><span class="nd">Request</span><span class="p">()</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">ExpressRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">InternalServerErrorException</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">authRefreshTokenService</span><span class="p">.</span><span class="nf">generateTokenPair</span><span class="p">(</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="k">as</span> <span class="kr">any</span><span class="p">).</span><span class="nx">attributes</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">],</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="k">as</span> <span class="kr">any</span><span class="p">).</span><span class="nx">refreshTokenExpiresAt</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Steps to Run the Demo:</strong></p> <p><strong>Clone the <a href="https://github.com/zenstok/react-auth-refresh-token-example" rel="noopener noreferrer">Github Project</a>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> git clone https://github.com/zenstok/react-auth-refresh-token-example </code></pre> </div> <p><strong>Install dependencies:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> npm <span class="nb">install</span> </code></pre> </div> <p><strong>Run the App:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> npm run dev </code></pre> </div> <p><strong>Ensure Backend is Running:</strong></p> <p>Navigate to the backend directory and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> yarn dc up </code></pre> </div> <p><em>Fill in users in the database if needed:</em></p> <p>In a new terminal in backend directory run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> yarn dc-db-init </code></pre> </div> <p><strong>Log In:</strong></p> <p>Enter the following credentials on the login screen:</p> <ul> <li> <strong>Email:</strong> <a href="mailto:admin@admin.com">admin@admin.com</a> </li> <li> <strong>Password:</strong> 1234</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9f9frpccao20e12zfrl3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9f9frpccao20e12zfrl3.png" alt="Login Screen" width="800" height="488"></a></p> <p><strong>Test Functionality:</strong></p> <p>After logging in, you will see two buttons: <strong>Simulate 5 Concurrent Requests</strong> and <strong>Log Out</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn8fe8isx1ohvjib9t0m8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn8fe8isx1ohvjib9t0m8.png" alt="Buttons" width="800" height="507"></a></p> <ul> <li>Open your browser's Network tab.</li> <li>Click <strong>Simulate 5 Concurrent Requests</strong>.</li> </ul> <p>You will see the effect of the refresh token logic in action.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7c9u2j2qpj6fjjl734br.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7c9u2j2qpj6fjjl734br.png" alt="Network Tab" width="800" height="338"></a></p> <p>The app will wait for a single call to the refresh tokens endpoint and then rerun the requests. Success!</p> <p><strong>Verification of Objectives:</strong></p> <ul> <li> <strong>Persistent Authentication:</strong> Refresh the page and ensure you remain authenticated. ✅</li> <li> <strong>Automatic Logout:</strong> Log in and wait for more than 30 seconds. After pressing <strong>Simulate 5 Concurrent Requests</strong>, confirm that you are logged out. ✅</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ak3u1eww5eqplhg0wna.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ak3u1eww5eqplhg0wna.png" alt="Logout Verification" width="800" height="373"></a></p> <ul> <li> <strong>Seamless Data Access:</strong> When calling a protected endpoint, the app should return data if a valid refresh token exists. ✅</li> </ul> <h3> Conclusion </h3> <p>I hope this tutorial has been helpful in your journey to implement refresh tokens in React. Stay tuned for the final episode of this series, where we'll swap the backend and frontend logic to use HTTP-only cookies for the refresh token.</p> <p>If you'd like me to cover more interesting topics about the node.js ecosystem, feel free to leave your suggestions in the comments section. Don't forget to subscribe to my newsletter on <a href="//rabbitbyte.club">rabbitbyte.club</a> for updates!</p> <p>Post Creation:<br> <a href="https://dev.to/zenstok/part-33-how-to-implement-refresh-tokens-through-http-only-cookie-in-nestjs-and-react-265e">Check out Part 3 of this series</a>, where we update the app to use HTTP-only cookies for refresh tokens.</p> webdev javascript react tutorial zenstok Thu, 06 Jun 2024 08:27:20 +0000 https://dev.to/zenstok/how-to-implement-refresh-tokens-with-token-rotation-in-nestjs-1deg https://dev.to/zenstok/how-to-implement-refresh-tokens-with-token-rotation-in-nestjs-1deg <p>In this episode, we will learn how to implement refresh tokens using local storage as a strategy for storing both access and refresh tokens. If you want to jump directly to the GitHub repo, you can <a href="https://github.com/zenstok/nestjs-auth-refresh-token-example" rel="noopener noreferrer">access it here</a>.</p> <h3> Prerequisites </h3> <p>Before diving into this guide, it's important to have some experience with NestJS and the implementation of Passport strategies in NestJS. If you're not familiar with these topics, please visit the following articles from the NestJS documentation:</p> <ul> <li><a href="https://docs.nestjs.com/recipes/passport" rel="noopener noreferrer">Passport Integration</a></li> </ul> <h3> Why Do We Use Refresh Tokens? </h3> <p>Even though we use HTTPS to encrypt network traffic, there are additional steps we can take to prevent malicious users from stealing access tokens through methods like social engineering or library hacks. Refresh tokens allow a user to stay logged in for a long time without needing to log in again, provided they are active users. We can log them out after a set period, such as six months, if they have been inactive. </p> <p>Why use refresh tokens instead of a single access token with a long or no expiration date? Because we want to counter token theft with short-lived access tokens, so attackers are likely to obtain expired tokens. Additionally, refresh tokens can provide a way to revoke user access without resetting the JWT signing key and logging out all users.</p> <h3> Implementation Overview </h3> <p>When we log in for the first time, we receive a token pair that includes an access token and a refresh token. As the access token approaches expiration, we can obtain a new token pair by requesting a new set of tokens from our authentication server. The server will provide the new token pair only if the refresh token is provided. </p> <p>Why do you think I mentioned receiving a new token pair consisting of both access token and refresh token? If I have the refresh token with a long expiration date, wouldn't it have been sufficient to just get a new access token? Well, storing the refresh token with long expiration date invalidates the logic that hackers obtain short-lived tokens that are likely to be expired. Furthermore, this approach eliminates the possibility of implementing the 'permanently logged in' users feature, even if they are active. So, what we do is when we request a new token pair, we immediately invalidate the previous refresh token through a mechanism called refresh token rotation.</p> <h3> Refresh Token Rotation </h3> <p>Refresh token rotation operates by generating a blacklist which will "force invalidate" previously used refresh tokens. When a new token pair is requested, we utilize a refresh token and then include this used refresh token in our blacklist. This means that if a hacker gains control of a refresh token, it will already be invalid if the user has refreshed their token pair. </p> <p>But what if the hacker gets a fresh, valid refresh token? You've got two options: if you spot the hack right away, though that's unlikely, you can quickly get a new token pair to make the hacker's refresh token worthless. If the hacker uses your refresh token and it's marked invalid, there's not much you can do. They might have access to your app indefinitely until you change the JWT signing key. To stop this, we can store the refresh token in an HTTP-only cookie and guard against CSRF attacks. That way, even if your app has XSS vulnerabilities, the hacker can't read the refresh token. If you're interested in an article about storing refresh tokens in HTTP-only cookies, leave a comment, and I'll get right on it.</p> <h3> Getting Started </h3> <p>For this article, we'll focus on the core logic and keep the app simple.</p> <p>Clone the project from GitHub and start the Docker containers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>yarn dc up </code></pre> </div> <p>Pre-fill your database with two users:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>yarn dc-db-init </code></pre> </div> <p>Access Swagger at <code>localhost:3000/docs</code> to log in. For the admin user, use:<br> Email: <a href="mailto:admin@admin.com">admin@admin.com</a><br> Password: 1234</p> <p>Our app allows refreshing the token pair by calling the <code>/refresh-tokens</code> endpoint. When called with a refresh token as bearer auth, it invalidates the previous token. Try calling the endpoint twice with the same token to see the <code>401 Unauthorized error</code> on the second call.</p> <p>The core logic is in the authentication module. We have three guards:</p> <ul> <li> <strong>Local Auth Guard</strong>: For initial authentication with email and password.</li> <li> <strong>JWT Auth Guard</strong>: Protects all app routes globally, defined as an <code>APP_GUARD</code> in <code>app.module.ts</code>, uses access token for validation.</li> <li> <strong>JWT Refresh Auth Guard</strong>: Guards the <code>/refresh-tokens endpoint</code>, uses refresh token for validation.</li> </ul> <p>The critical aspect here is the interaction between access tokens and refresh tokens, so I'll skip discussing the local auth guard. For the JWT auth guard, we utilize the JWT strategy from the <code>'passport-jwt'</code> package.</p> <p>In the following section, we define how to extract the JWT from the request and the JWT signature key, which we set in the environment. In the validate method, we receive the payload of the JWT, which we use to retrieve the user ID and verify if the user exists in the database before granting access if true.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">class</span> <span class="nc">JwtStrategy</span> <span class="kd">extends</span> <span class="nc">PassportStrategy</span><span class="p">(</span><span class="nx">Strategy</span><span class="p">)</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="k">private</span> <span class="nx">userService</span><span class="p">:</span> <span class="nx">UserService</span><span class="p">,</span> <span class="nx">configService</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="o">&lt;</span><span class="nx">EnvironmentVariables</span><span class="o">&gt;</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">({</span> <span class="na">jwtFromRequest</span><span class="p">:</span> <span class="nx">ExtractJwt</span><span class="p">.</span><span class="nf">fromAuthHeaderAsBearerToken</span><span class="p">(),</span> <span class="na">ignoreExpiration</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">secretOrKey</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">jwtSecret</span><span class="dl">'</span><span class="p">),</span> <span class="p">});</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">payload</span><span class="p">:</span> <span class="kr">any</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">User</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authUser</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">userService</span><span class="p">.</span><span class="nf">findOne</span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authUser</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">UnauthorizedException</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">authUser</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Similarly, for the JWT refresh auth guard, we employ the same JWT strategy from the <code>'passport-jwt'</code> package. The distinction here from the JWT strategy file is that we utilize a different secret key for JWT token generation, and we return both the user attributes and the refresh token expiration date. This expiration date becomes necessary later in the process.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">JwtRefreshStrategy</span> <span class="kd">extends</span> <span class="nc">PassportStrategy</span><span class="p">(</span><span class="nx">Strategy</span><span class="p">,</span> <span class="dl">'</span><span class="s1">jwt-refresh</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="k">private</span> <span class="nx">userService</span><span class="p">:</span> <span class="nx">UserService</span><span class="p">,</span> <span class="nx">configService</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="o">&lt;</span><span class="nx">EnvironmentVariables</span><span class="o">&gt;</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">({</span> <span class="na">jwtFromRequest</span><span class="p">:</span> <span class="nx">ExtractJwt</span><span class="p">.</span><span class="nf">fromAuthHeaderAsBearerToken</span><span class="p">(),</span> <span class="na">ignoreExpiration</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">secretOrKey</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">jwtRefreshSecret</span><span class="dl">'</span><span class="p">),</span> <span class="p">});</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">payload</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authUser</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">userService</span><span class="p">.</span><span class="nf">findOne</span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authUser</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">UnauthorizedException</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">attributes</span><span class="p">:</span> <span class="nx">authUser</span><span class="p">,</span> <span class="na">refreshTokenExpiresAt</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">exp</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">),</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In the authentication.controller's login method, we observe that we call the login method, which, in turn, invokes the generateTokenPair from our <code>AuthRefreshTokenService</code>. It's important to note that we also implement a throttle mechanism to limit the number of requests on the login route, thereby preventing brute force attacks, with a maximum of 2 requests per second and a maximum of 5 login attempts per 60 seconds.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Throttle</span><span class="p">({</span> <span class="na">short</span><span class="p">:</span> <span class="p">{</span> <span class="na">limit</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">ttl</span><span class="p">:</span> <span class="mi">1000</span> <span class="p">},</span> <span class="na">long</span><span class="p">:</span> <span class="p">{</span> <span class="na">limit</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="na">ttl</span><span class="p">:</span> <span class="mi">60000</span> <span class="p">}</span> <span class="p">})</span> <span class="p">@</span><span class="nd">ApiBody</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="nx">UserLoginDto</span> <span class="p">})</span> <span class="p">@</span><span class="nd">Public</span><span class="p">()</span> <span class="p">@</span><span class="nd">UseGuards</span><span class="p">(</span><span class="nx">LocalAuthGuard</span><span class="p">)</span> <span class="p">@</span><span class="nd">Post</span><span class="p">(</span><span class="dl">'</span><span class="s1">login</span><span class="dl">'</span><span class="p">)</span> <span class="nf">login</span><span class="p">(@</span><span class="nd">Request</span><span class="p">()</span> <span class="nx">req</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">authenticationService</span><span class="p">.</span><span class="nf">login</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>From within authentication service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">login</span><span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">authRefreshTokenService</span><span class="p">.</span><span class="nf">generateTokenPair</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The auth.refresh.token.service.ts looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">class</span> <span class="nc">AuthRefreshTokenService</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="k">private</span> <span class="nx">jwtService</span><span class="p">:</span> <span class="nx">JwtService</span><span class="p">,</span> <span class="k">private</span> <span class="nx">configService</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="o">&lt;</span><span class="nx">EnvironmentVariables</span><span class="o">&gt;</span><span class="p">,</span> <span class="p">@</span><span class="nd">InjectRepository</span><span class="p">(</span><span class="nx">AuthRefreshToken</span><span class="p">)</span> <span class="k">private</span> <span class="nx">authRefreshTokenRepository</span><span class="p">:</span> <span class="nx">Repository</span><span class="o">&lt;</span><span class="nx">AuthRefreshToken</span><span class="o">&gt;</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="k">async</span> <span class="nf">generateRefreshToken</span><span class="p">(</span><span class="nx">authUserId</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">currentRefreshToken</span><span class="p">?:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">currentRefreshTokenExpiresAt</span><span class="p">?:</span> <span class="nb">Date</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">newRefreshToken</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">jwtService</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span> <span class="p">{</span> <span class="na">sub</span><span class="p">:</span> <span class="nx">authUserId</span> <span class="p">},</span> <span class="p">{</span> <span class="na">secret</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">configService</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">jwtRefreshSecret</span><span class="dl">'</span><span class="p">),</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">30d</span><span class="dl">'</span> <span class="p">},</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentRefreshToken</span> <span class="o">&amp;&amp;</span> <span class="nx">currentRefreshTokenExpiresAt</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">isRefreshTokenBlackListed</span><span class="p">(</span><span class="nx">currentRefreshToken</span><span class="p">,</span> <span class="nx">authUserId</span><span class="p">))</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid refresh token.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">authRefreshTokenRepository</span><span class="p">.</span><span class="nf">insert</span><span class="p">({</span> <span class="na">refreshToken</span><span class="p">:</span> <span class="nx">currentRefreshToken</span><span class="p">,</span> <span class="na">expiresAt</span><span class="p">:</span> <span class="nx">currentRefreshTokenExpiresAt</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">authUserId</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">newRefreshToken</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="nf">isRefreshTokenBlackListed</span><span class="p">(</span><span class="nx">refreshToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">userId</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">authRefreshTokenRepository</span><span class="p">.</span><span class="nf">existsBy</span><span class="p">({</span> <span class="nx">refreshToken</span><span class="p">,</span> <span class="nx">userId</span> <span class="p">});</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">generateTokenPair</span><span class="p">(</span><span class="nx">user</span><span class="p">:</span> <span class="nx">User</span><span class="p">,</span> <span class="nx">currentRefreshToken</span><span class="p">?:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">currentRefreshTokenExpiresAt</span><span class="p">?:</span> <span class="nb">Date</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">sub</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">};</span> <span class="k">return</span> <span class="p">{</span> <span class="na">access_token</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">jwtService</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">payload</span><span class="p">),</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">generateRefreshToken</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">currentRefreshToken</span><span class="p">,</span> <span class="nx">currentRefreshTokenExpiresAt</span><span class="p">),</span> <span class="p">};</span> <span class="p">}</span> <span class="p">@</span><span class="nd">Cron</span><span class="p">(</span><span class="nx">CronExpression</span><span class="p">.</span><span class="nx">EVERY_DAY_AT_6AM</span><span class="p">)</span> <span class="k">async</span> <span class="nf">clearExpiredRefreshTokens</span><span class="p">()</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">authRefreshTokenRepository</span><span class="p">.</span><span class="k">delete</span><span class="p">({</span> <span class="na">expiresAt</span><span class="p">:</span> <span class="nc">LessThanOrEqual</span><span class="p">(</span><span class="k">new</span> <span class="nc">Date</span><span class="p">())</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Looking at <code>generateRefreshToken</code> method, we generate a new refresh token with a 30-days expiration. If we don't receive the optional currentRefreshToken and currentRefreshTokenExpiresAt parameters, we simply return the newly created refresh token, as expected after a successful login.</p> <p>Examining the <code>refreshTokens</code> method below in the authentication controller, we notice the implementation of a throttle mechanism: a maximum of 1 request per second or 2 requests per 60 seconds. We invoke generateTokenPair with user attributes, the used refresh token, and its expiration date:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Throttle</span><span class="p">({</span> <span class="na">short</span><span class="p">:</span> <span class="p">{</span> <span class="na">limit</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">ttl</span><span class="p">:</span> <span class="mi">1000</span> <span class="p">},</span> <span class="na">long</span><span class="p">:</span> <span class="p">{</span> <span class="na">limit</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">ttl</span><span class="p">:</span> <span class="mi">60000</span> <span class="p">},</span> <span class="p">})</span> <span class="p">@</span><span class="nd">ApiBearerAuth</span><span class="p">()</span> <span class="p">@</span><span class="nd">Public</span><span class="p">()</span> <span class="p">@</span><span class="nd">UseGuards</span><span class="p">(</span><span class="nx">JwtRefreshAuthGuard</span><span class="p">)</span> <span class="p">@</span><span class="nd">Post</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh-tokens</span><span class="dl">'</span><span class="p">)</span> <span class="nf">refreshTokens</span><span class="p">(@</span><span class="nd">Request</span><span class="p">()</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">ExpressRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">InternalServerErrorException</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">authRefreshTokenService</span><span class="p">.</span><span class="nf">generateTokenPair</span><span class="p">(</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="k">as</span> <span class="kr">any</span><span class="p">).</span><span class="nx">attributes</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">],</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="k">as</span> <span class="kr">any</span><span class="p">).</span><span class="nx">refreshTokenExpiresAt</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The <code>generateTokenPair</code> method of <code>AuthRefreshTokenService</code>, when invoked with <code>currentRefreshToken</code> and <code>currentRefreshTokenExpiresAt</code>, checks if the current token is blacklisted and throws an error if it's reused. For the first-time usage, it inserts this token into our auth refresh tokens database table, effectively acting as our blacklist.</p> <p>In the final method of our service, we have a cron job responsible for deleting all refresh tokens whose expiration date has passed, as we no longer need to retain them in the database.</p> <p>This is part 1 of a 3-episode series. In the next episode, I will show you how to manage access and refresh tokens easily in a React app. In episode 3, we'll delve deeper into storing the refresh token in an HTTP-only cookie instead of local storage. This approach prevents attackers from reading the refresh token, even if your app is vulnerable to XSS attacks.</p> <p>If you'd like me to cover more interesting topics about the node.js ecosystem, feel free to leave your suggestions in the comments section. Don't forget to subscribe to my newsletter on <a href="//rabbitbyte.club">rabbitbyte.club</a> for updates!</p> <p>Post Creation:<br> <a href="https://dev.to/zenstok/part-23-how-to-implement-refresh-tokens-in-react-84c">Check out Part 2 of this series</a>, where we integrate this backend with a React App.</p> webdev javascript node nestjs zenstok Mon, 18 Mar 2024 07:16:59 +0000 https://dev.to/zenstok/nestjs-dependency-injection-in-worker-threads-5deh https://dev.to/zenstok/nestjs-dependency-injection-in-worker-threads-5deh <p>There may be cases when you need to do CPU-intensive tasks on the backend like big JSON parsing, video encoding, compression, etc. If you have at least 2 cores in your processor's configuration you can run javascript in parallel for these tasks and not block the main thread of the NestJS app that handles client requests.</p> <p>An excellent way of doing this is by using node.js <a href="https://nodejs.org/api/worker_threads.html" rel="noopener noreferrer">worker threads</a>.</p> <p>You shouldn't use worker threads for I/O operations as node.js already gracefully handles this for you.</p> <p>If you're eager to dive into the complete example right away, you can <a href="https://github.com/zenstok/nestjs-worker-thread-example" rel="noopener noreferrer">check out the GitHub repo for the full example.</a> </p> <p>In order to illustrate this, we will use a very simple service that calculates the fibonacci sum, which is a CPU-intensive task, a great candidate for node.js worker threads!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Injectable</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">FibonacciService</span> <span class="p">{</span> <span class="nf">fibonacci</span><span class="p">(</span><span class="nx">n</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">n</span> <span class="o">&lt;=</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">fibonacci</span><span class="p">(</span><span class="nx">n</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="o">+</span> <span class="k">this</span><span class="p">.</span><span class="nf">fibonacci</span><span class="p">(</span><span class="nx">n</span> <span class="o">-</span> <span class="mi">2</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now, let's dive into the code snippet that launches the worker thread:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Injectable</span><span class="p">,</span> <span class="nx">Logger</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Worker</span><span class="p">,</span> <span class="nx">isMainThread</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">worker_threads</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">workerThreadFilePath</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./worker-threads/config</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppService</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">logger</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Logger</span><span class="p">(</span><span class="nx">AppService</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="nf">checkMainThread</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">logger</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Are we on the main thread here?</span><span class="dl">'</span><span class="p">,</span> <span class="nx">isMainThread</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Yes.</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">No.</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// do not run this from the worker thread or you will spawn an infinite number of threads in cascade</span> <span class="nf">runWorker</span><span class="p">(</span><span class="nx">fibonacci</span><span class="p">:</span> <span class="kr">number</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">checkMainThread</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">thisService</span> <span class="o">=</span> <span class="k">this</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">worker</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Worker</span><span class="p">(</span><span class="nx">workerThreadFilePath</span><span class="p">,</span> <span class="p">{</span> <span class="na">workerData</span><span class="p">:</span> <span class="nx">fibonacci</span><span class="p">,</span> <span class="p">});</span> <span class="nx">worker</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">fibonacciSum</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">thisService</span><span class="p">.</span><span class="nx">logger</span><span class="p">.</span><span class="nf">verbose</span><span class="p">(</span><span class="dl">'</span><span class="s1">Calculated sum</span><span class="dl">'</span><span class="p">,</span> <span class="nx">fibonacciSum</span><span class="p">);</span> <span class="p">});</span> <span class="nx">worker</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">on error</span><span class="dl">'</span><span class="p">,</span> <span class="nx">e</span><span class="p">));</span> <span class="nx">worker</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">exit</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">code</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">on exit</span><span class="dl">'</span><span class="p">,</span> <span class="nx">code</span><span class="p">));</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">Processing the fibonacci sum... Check NestJS app console for the result.</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>As we can see from the snippet above, we defined a new worker, gave it a path to a file to be executed by the worker, and gave it as param the workerData. Worker data is data sent from the main thread to the other thread. </p> <p>We are using the constant <code>workerThreadFilePath</code> from associated config file on the same level in the directory tree so we can safely use the path for the worker thread regardless of where the app is deployed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// it will import the compiled js file from dist directory</span> <span class="kd">const</span> <span class="nx">workerThreadFilePath</span> <span class="o">=</span> <span class="nx">__dirname</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">/findFibonacciSum.js</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">workerThreadFilePath</span><span class="p">;</span> </code></pre> </div> <p>Take a note that we are using the js extension here because the transpiled output of typescript, as we know, it's javascript.</p> <p>Let's explore the file which will be executed in the worker thread:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NestFactory</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/core</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">workerData</span><span class="p">,</span> <span class="nx">parentPort</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">worker_threads</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AppModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../app.module</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">FibonacciService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../fibonacci/fibonacci.service</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AppService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../app.service</span><span class="dl">'</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">run</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">NestFactory</span><span class="p">.</span><span class="nf">createApplicationContext</span><span class="p">(</span><span class="nx">AppModule</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">appService</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">AppService</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">fibonacciService</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">FibonacciService</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">fibonacciNumber</span><span class="p">:</span> <span class="kr">number</span> <span class="o">=</span> <span class="nx">workerData</span><span class="p">;</span> <span class="c1">// this is data received from main thread</span> <span class="c1">// here we apply business logic inside the worker thread</span> <span class="nx">appService</span><span class="p">.</span><span class="nf">checkMainThread</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">fibonacciSum</span> <span class="o">=</span> <span class="nx">fibonacciService</span><span class="p">.</span><span class="nf">fibonacci</span><span class="p">(</span><span class="nx">fibonacciNumber</span><span class="p">);</span> <span class="nx">parentPort</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">(</span><span class="nx">fibonacciSum</span><span class="p">);</span> <span class="p">}</span> <span class="nf">run</span><span class="p">();</span> </code></pre> </div> <p>In order to have access to dependency injection in our NestJs app in the thread, we leverage <a href="https://docs.nestjs.com/standalone-applications?ref=rabbitbyte.club" rel="noopener noreferrer">Nest standalone application</a> which is a wrapper around the Nest IoC container, which holds all instantiated classes.</p> <p>Now, we can execute any method from any service.</p> <p>Caveats: </p> <ul> <li>Be cautious when using dependency injection from NestJS in a worker thread, as it comes with a cost. The startup process of the NestJS app must be awaited before accessing the dependency injection. Therefore, utilize this method only if absolutely necessary, or if the startup bottleneck is negligible in terms of overall performance.</li> <li>If your app setup is starting processes that you don't want to run on the separate thread you will need to configure your app module into a <a href="https://docs.nestjs.com/fundamentals/dynamic-modules?ref=rabbitbyte.club" rel="noopener noreferrer">dynamic module</a> to accept a parameter to not initiate the setup. Example: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">NestFactory</span><span class="p">.</span><span class="nf">createApplicationContext</span><span class="p">(</span> <span class="nx">AppModule</span><span class="p">.</span><span class="nf">register</span><span class="p">({</span> <span class="na">attachRabbitMqConsumers</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}),</span> <span class="p">);</span> </code></pre> </div> <p><a href="https://github.com/zenstok/nestjs-worker-thread-example/blob/master/src/app.service.ts?ref=rabbitbyte.club" rel="noopener noreferrer">Click here for the github repo.</a></p> <p>If you'd like me to cover more interesting topics about the node.js ecosystem, feel free to leave your suggestions in the comments section. Don't forget to subscribe to my newsletter on <a href="//rabbitbyte.club">rabbitbyte.club</a> for updates!</p> javascript webdev nestjs node zenstok Wed, 13 Sep 2023 10:36:49 +0000 https://dev.to/zenstok/33-how-to-deploy-a-production-app-to-kubernetes-gke-2lah https://dev.to/zenstok/33-how-to-deploy-a-production-app-to-kubernetes-gke-2lah <p><strong>Introduction:</strong><br> This blog post is the final installment of a three-part series dedicated to scaling a NestJS chat app to handle millions of users. In the <a href="https://dev.to/zenstok/how-to-scale-a-chat-app-to-millions-of-users-in-nestjs-2k0k">first two episodes</a>, we discussed the scaling process and demonstrated how to deploy it locally using Docker and Minikube. However, in this final episode, our focus shifts to deploying the app in a production environment on Google Kubernetes Engine (GKE). If you want to jump directly to a working solution, you can check out the <code>deploy-on-gke</code> branch of the GitHub repository <a href="https://github.com/zenstok/nestjs-scalable-chat-app-example/tree/deploy-on-gke" rel="noopener noreferrer">here</a>.</p> <p>While it is recommended to read the previous episodes for a comprehensive understanding of the scaling process, this post can also serve as a standalone guide specifically for deploying the app to GKE in a production-ready manner. By the end of this episode, you will possess all the necessary tools and knowledge to successfully deploy your NestJS chat app on GKE, ready to handle high user loads.</p> <p><strong>Section 1: Prerequisites</strong><br> Before diving into the deployment process, ensure you have the following prerequisites in place:</p> <ul> <li>A Google Cloud account.</li> <li>The Google Cloud SDK installed on your local machine (you can find installation instructions <a href="https://cloud.google.com/sdk/docs/install" rel="noopener noreferrer">here</a>).</li> <li>Basic familiarity with Docker and Kubernetes concepts.</li> </ul> <p><strong>Section 2: Creating a GKE Cluster</strong><br> The first step is to set up a GKE cluster, which will serve as the runtime environment for your application. Here are the steps:</p> <ul> <li>Create a new Google Cloud project through the GUI and ensure billing is activated.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1o47do9gi2rhg5gklia.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1o47do9gi2rhg5gklia.png" alt="Image description" width="800" height="327"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9e51bigjsvp8xua30ys8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9e51bigjsvp8xua30ys8.png" alt="Image description" width="800" height="606"></a></p> <ul> <li>Enable the Kubernetes Engine API for the newly created project (billing should be activated).</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flc6b0nairop8omdpkrs3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flc6b0nairop8omdpkrs3.png" alt="Image description" width="800" height="329"></a></p> <ul> <li>Switch to the Google Cloud CLI and authenticate using the command <code>gcloud auth login</code>.</li> <li>Make sure your active project with billing activated is set to the correct one by running <code>gcloud config set project &lt;YOUR-PROJECT-ID&gt;</code>.</li> <li>Create a Kubernetes cluster using the command <code>gcloud container clusters create scale-chat-app-cluster</code>.</li> </ul> <p>This process may take a little time. Afterward, create a static external IP address, which is needed to make your app accessible over the internet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud compute addresses create tutorial-ip <span class="nt">--global</span> </code></pre> </div> <p>Check the details of the newly created IP address:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud compute addresses describe <span class="nt">--global</span> tutorial-ip </code></pre> </div> <p>Now, update your DNS records for your chosen domain to point to this IP address.</p> <p><strong>Section 3: Containerizing Your Application</strong><br> To deploy your application to Kubernetes, it must be packaged into a container image. For this tutorial, we've already published the Docker image on Docker Hub as a public image <a href="https://hub.docker.com/r/zenstok/scalable-chat-app-example-backend" rel="noopener noreferrer">here</a>. Docker Hub serves as a container registry from which your Kubernetes app will retrieve the container image. If you want to use a private image, you can do so. If you're interested in learning how to publish your own image, you can follow a Docker tutorial <a href="https://docs.docker.com/get-started/04_sharing_app/" rel="noopener noreferrer">here</a>.</p> <p><strong>Section 4: Defining Kubernetes Deployment and Service YAML</strong><br> In this section, we'll delve into the Kubernetes Deployment and Service YAML files. These files define how your application should be deployed and exposed. We'll discuss key parameters and provide examples to help you create your own YAML files.</p> <ul> <li>To start, use the Kubernetes YAML files from the <a href="https://github.com/zenstok/nestjs-scalable-chat-app-example/tree/improved-version%2Bdeploy-on-kubernetes/k8s" rel="noopener noreferrer">previous tutorial</a>. What you'll need to add: <ul> <li>A GKE <strong>Ingress Controller</strong>. An ingress controller receives and load-balances traffic from outside Kubernetes to pods running in a Kubernetes cluster.</li> <li>A default backend for this Ingress. Any requests that don't match the paths in the rules field are sent to the Service and port specified in the defaultBackend field. We will have an Ingress with no rules so that all requests are sent to this default backend.</li> <li>Annotations for the Ingress to capture the IP address set above.</li> <li>A managed certificate service where we will define the domains we own so that the app can point to that domain and have SSL.</li> <li>A frontend config that will automatically redirect all requests to HTTPS.</li> <li>A readiness probe configuration in our deployment config to inform GKE about pod health (for this, you will also need to implement a health route, which is a route that always returns a 200 status on GET).</li> </ul> </li> </ul> <p>The ingress config looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backend-ingress</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">kubernetes.io/ingress.global-static-ip-name</span><span class="pi">:</span> <span class="s">tutorial-ip</span> <span class="na">networking.gke.io/managed-certificates</span><span class="pi">:</span> <span class="s">managed-cert</span> <span class="na">kubernetes.io/ingress.class</span><span class="pi">:</span> <span class="s2">"</span><span class="s">gce"</span> <span class="na">networking.gke.io/v1beta1.FrontendConfig</span><span class="pi">:</span> <span class="s">ssl-redirect</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">backend</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">defaultBackend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backend-service</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">3000</span> </code></pre> </div> <p>The backend config looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">cloud.google.com/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">BackendConfig</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-backendconfig</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">timeoutSec</span><span class="pi">:</span> <span class="m">120</span> </code></pre> </div> <p>The backend service should be annotated with your backend config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">backend-service</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">backend</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">cloud.google.com/backend-config</span><span class="pi">:</span> <span class="s1">'</span><span class="s">{"ports":</span><span class="nv"> </span><span class="s">{"3000":"my-backendconfig"}}'</span> </code></pre> </div> <p>The frontend config looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.gke.io/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">FrontendConfig</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ssl-redirect</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">redirectToHttps</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>The managed certificate looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.gke.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ManagedCertificate</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">managed-cert</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">domains</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">subdomain.put-your-domain-here.com</span> </code></pre> </div> <p>The readiness probe looks like this: (It has to be added in backend-deployment.yaml at <strong>spec.template.spec.containers</strong>)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">readinessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/health"</span> <span class="na">port</span><span class="pi">:</span> <span class="m">3000</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="m">5</span> </code></pre> </div> <p>If your Docker image is private, you will need to create a Kubernetes secret to store your Docker private image credentials. However, for the purpose of this tutorial, we will continue using the public image we've used in our previous episodes.</p> <p>Here's how to create a Kubernetes secret for private Docker images:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create secret docker-registry regcred <span class="se">\</span> <span class="nt">--docker-server</span><span class="o">=</span>https://index.docker.io/v1 <span class="se">\</span> <span class="nt">--docker-username</span><span class="o">=</span>&lt;your-name&gt; <span class="se">\</span> <span class="nt">--docker-password</span><span class="o">=</span>&lt;your-password&gt; <span class="se">\</span> <span class="nt">--docker-email</span><span class="o">=</span>&lt;your-email&gt; </code></pre> </div> <p>Please note that this example assumes you are using Docker Hub as your registry. If you are using a different Docker registry, make sure to set the <code>--docker-server</code> option accordingly to match your registry's URL.</p> <p>In your backend-deployment yaml spec (<strong>spec.template.spec.imagePullSecrets</strong>), you will have to add this secret in order to be able to pull the image:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">imagePullSecrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">regcred</span> </code></pre> </div> <p><strong>Section 5: Deploying Your Application to GKE</strong><br> Now, it's time to deploy your application to the GKE cluster. Follow these steps:</p> <ul> <li>Ensure you are in the correct Kubernetes context: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl config get-contexts </code></pre> </div> <p>If necessary, switch to the appropriate context:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl config use-context &lt;YOUR-CONTEXT-NAME&gt; </code></pre> </div> <ul> <li>Run the following command in your project directory: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> k8s </code></pre> </div> <p>You will need to wait for the Google-managed certificate to finish provisioning, which may take up to 60 minutes. You can check the status of the certificate using this command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl describe managedcertificate managed-cert </code></pre> </div> <p><strong>Section 6: Scaling and Managing Your Application</strong><br> Kubernetes</p> <p>GKE offers powerful scaling and management capabilities. For example, you can update the number of replicas or resources used per pod.</p> <ul> <li>Add a resources variable to the containers in backend-deployment.yaml: (make sure the cluster has sufficient resources) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2000m"</span> <span class="c1"># Maximum CPU limit</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">4Gi"</span> <span class="c1"># Maximum memory limit</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000m"</span> <span class="c1"># Minimum CPU request</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1Gi"</span> <span class="c1"># Minimum memory request</span> </code></pre> </div> <p><strong>Section 7: Conclusion</strong><br> In conclusion, Kubernetes GKE offers a scalable and reliable environment for deploying applications. Throughout this blog post, we've explored the essential configuration options necessary to successfully deploy your application in a production-ready environment.</p> <p>If you wish to support me in creating high-quality articles about various complex software concepts, please subscribe to my newsletter on <a href="https://rabbitbyte.club/" rel="noopener noreferrer">Rabbit Byte Club</a>. It's a new project I'm starting with the aim of improving software product quality worldwide.</p> kubernetes gke nestjs javascript zenstok Thu, 15 Jun 2023 23:33:24 +0000 https://dev.to/zenstok/part-22-deploy-scalable-nestjs-chat-app-to-kubernetes-59o0 https://dev.to/zenstok/part-22-deploy-scalable-nestjs-chat-app-to-kubernetes-59o0 <p>In our <a href="https://dev.to/zenstok/how-to-scale-a-chat-app-to-millions-of-users-in-nestjs-2k0k">previous blog post</a>, we explored how to write a scalable NestJS chat app using a distributed architecture and WebSockets for real-time communication. Building upon that, we will now dive deeper into improving the app's efficiency and deploying it on Kubernetes using minikube. If you're eager to check out the source code, you can find it in the GitHub repository <a href="https://github.com/zenstok/nestjs-scalable-chat-app-example/tree/improved-version+deploy-on-kubernetes" rel="noopener noreferrer">here</a> (make sure you check out on <strong>improved-version+deploy-on-kubernetes</strong> branch). Additionally, if you find this post useful, let me know in the comments, and I'll create another tutorial focusing on deploying a production app with Google Kubernetes Engine (GKE). This tutorial will cover essential features like configuring a static IP, associating a domain name, obtaining a TLS certificate for secure communication, and setting up a load balancer for distributing traffic between instances.</p> <h2> Improving the Previous Model </h2> <p>In the previous post, we stored an array of connected clients in each instance and triggered events to notify all instances about new messages. In this paradigm, we broadcast messages to all instances regardless if they have associated ws clients which needs to receive the message or not. To enhance this model and optimize the broadcasting process, we can leverage Redis. Here's how we can achieve this improvement:</p> <ol> <li><p>Consolidating Redis Channels:<br> Instead of having three channels for different types of messages (send to all, send to many, send to one), we will use a single global channel for broadcasting global messages (send to all). Additionally, we will <strong>dynamically</strong> create user-specific channels in the format: <code>ws_socket_client/{USER_ID}</code>. Each instance that holds WebSocket clients will basically subscribe to these channels. This helps optimize the broadcasting process and ensures that messages are only sent to the relevant instances with the corresponding clients.</p></li> <li><p>Implementation Changes:<br> To implement this change, we need to listen for WebSocket connect and disconnect events and subscribe/unsubscribe the Redis client to each client's respective channel. Here are the code changes:</p></li> </ol> <ul> <li>In the constructor, we now subscribe only to the channel for sending messages to all clients: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">sendWsMessageToAllClientsRedisChannel</span><span class="p">);</span> </code></pre> </div> <ul> <li>Create a new private method to generate the user-specific channel name: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">private</span> <span class="nf">getClientIdRedisChannel</span><span class="p">(</span><span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">wsSocketClientRedisChannel</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">userId</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Subscribe to the user-specific channel in the <code>addConnection</code> method: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nf">getClientIdRedisChannel</span><span class="p">(</span><span class="nx">userId</span><span class="p">));</span> </code></pre> </div> <ul> <li>Unsubscribe from the user-specific channel in the <code>removeConnection</code> method: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">unsubscribe</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nf">getClientIdRedisChannel</span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">userId</span><span class="p">));</span> </code></pre> </div> <ul> <li>Update the subscriber client to listen to the global channel for sending messages to all clients, as well as the user-specific channels: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">channel</span><span class="p">,</span> <span class="nx">message</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">message</span><span class="p">)</span> <span class="k">as</span> <span class="nx">RedisPubSubMessage</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="k">from</span> <span class="o">!==</span> <span class="k">this</span><span class="p">.</span><span class="nx">redisClientId</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="nx">channel</span> <span class="o">===</span> <span class="k">this</span><span class="p">.</span><span class="na">sendWsMessageToAllClientsRedisChannel</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendMessageToAllClients</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">wsSocketClientRedisChannel</span><span class="p">):</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendMessageToClient</span><span class="p">(</span> <span class="p">(</span><span class="nx">data</span> <span class="k">as</span> <span class="nx">RedisPubSubMessageWithClientId</span><span class="p">).</span><span class="nx">clientId</span><span class="p">,</span> <span class="nx">data</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="c1">// no default</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>You will also notice that on this branch, I updated the chat gateway class, now it has 3 types of messages it subscribes to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">enum</span> <span class="nx">SubscribeMessageType</span> <span class="p">{</span> <span class="nx">SendChatMessageToOneParticipant</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">send_chat_message_to_one_participant</span><span class="dl">'</span><span class="p">,</span> <span class="nx">SendChatMessageToManyParticipants</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">send_chat_message_to_many_participants</span><span class="dl">'</span><span class="p">,</span> <span class="nx">SendChatMessageToAllParticipant</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">send_chat_message_to_all_participants</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>In order to test it in the browser, you can follow the <a href="https://dev.to/zenstok/how-to-scale-a-chat-app-to-millions-of-users-in-nestjs-2k0k">previous tutorial</a> where I discussed how to set up the database and how to obtain bearer tokens for authenticated users.<br> Also, the content of the websocket message should follow the format of our DTO classes so it can be received correctly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">class</span> <span class="nc">SendMessageToAllDto</span> <span class="p">{</span> <span class="p">@</span><span class="nd">IsString</span><span class="p">()</span> <span class="p">@</span><span class="nd">Length</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">5000</span><span class="p">)</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">class</span> <span class="nc">SendMessageToManyDto</span> <span class="kd">extends</span> <span class="nc">SendMessageToAllDto</span> <span class="p">{</span> <span class="p">@</span><span class="nd">IsArray</span><span class="p">()</span> <span class="p">@</span><span class="nd">IsUUID</span><span class="p">(</span><span class="kc">undefined</span><span class="p">,</span> <span class="p">{</span> <span class="na">each</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="nx">participantIds</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">class</span> <span class="nc">SendMessageToOneDto</span> <span class="kd">extends</span> <span class="nc">SendMessageToAllDto</span> <span class="p">{</span> <span class="p">@</span><span class="nd">IsUUID</span><span class="p">()</span> <span class="nx">participantId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>For example if you want to send multiple messages you can use something like this in the browser:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">users</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">user</span> <span class="o">=&gt;</span> <span class="nx">ws</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span><span class="na">event</span><span class="p">:</span> <span class="dl">'</span><span class="s1">send_chat_message_to_one_participant</span><span class="dl">'</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span><span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">,</span> <span class="na">participantId</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">}})));</span> </code></pre> </div> <p>To test this improvement, connect and disconnect multiple clients in the browser and observe the behavior in the Docker console.</p> <h2> Deploying the Stack on Minikube </h2> <p>To deploy the chat app on Minikube for local development and testing, follow these steps:</p> <ol> <li><p>Install Minikube by referring to the official tutorial at <br> <a href="https://kubernetes.io/docs/tasks/tools/" rel="noopener noreferrer">https://kubernetes.io/docs/tasks/tools/</a>.</p></li> <li> <p>Once Minikube is installed, start the Minikube cluster using the command:<br> </p> <pre class="highlight plaintext"><code>minikube start </code></pre> </li> <li><p>Inside the <a href="https://github.com/zenstok/nestjs-scalable-chat-app-example/tree/improved-version%2Bdeploy-on-kubernetes/k8s" rel="noopener noreferrer">k8s</a> directory, you'll find the deployment files for the backend, Redis, and PostgreSQL, along with the corresponding services and volumes. We have set up environment variables within the backend deployment to ensure connectivity with Redis and PostgreSQL. The deployment is configured with five replicas to create a total of five backend pods. To test the deployment locally, the backend service is set as a node port, allowing it to be exposed to your local machine.</p></li> <li> <p>To deploy the app, navigate to the project directory and run the following command:<br> </p> <pre class="highlight plaintext"><code>kubectl apply -f k8s </code></pre> <p>This will set up the entire app along with its dependencies. Please note that we are using the <code>zenstok/scalable-chat-app-example-backend</code> image, which is built from the <code>improved-version+deploy-on-kubernetes</code> branch available at <a href="https://github.com/zenstok/nestjs-scalable-chat-app-example" rel="noopener noreferrer">https://github.com/zenstok/nestjs-scalable-chat-app-example</a>.</p> </li> <li> <p>Initiate database inside kubernetes</p> <p>Find a backend pod name:<br> </p> <pre class="highlight plaintext"><code>kubectl get pods </code></pre> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fchx6szzbg6r4cdavc081.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fchx6szzbg6r4cdavc081.png" alt="terminal-output" width="800" height="220"></a></p> <p>Access a shell inside a backend pod:<br> </p> <pre class="highlight plaintext"><code>kubectl exec -it backend-deployment-7ddd9c4769-fxqxg -- sh </code></pre> <p>Run db init command:<br> </p> <pre class="highlight plaintext"><code>yarn db-init </code></pre> <p>If you want to port-forward kubernetes db to inspect it, you can do so by running:<br> </p> <pre class="highlight plaintext"><code>kubectl port-forward deployment/postgres-deployment 5432:5432 </code></pre> </li> <li> <p>To access the deployed service locally, expose it using the command:<br> </p> <pre class="highlight plaintext"><code>minikube service backend-service </code></pre> </li> <li> <p>Interact with the deployed app locally and verify its behavior.</p> <p>You will get something like this in the console:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwtx49avwnuzw2h0o2jnr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwtx49avwnuzw2h0o2jnr.png" alt="terminal-output" width="800" height="342"></a></p> <p>It will start a tunnel for backend-service which can be accessed locally at this address (beware that the port might be different on your machine):<br> </p> <pre class="highlight plaintext"><code>http://127.0.0.1:61939 </code></pre> <p>Now you can interact with the app exactly as you interacted with the docker configured app.<br> For example, to access swagger docs, you just hit this in the browser:<br> </p> <pre class="highlight plaintext"><code>http://127.0.0.1:61939/docs </code></pre> <p>Also, if you want to inspect the logs from all backend pods, you can do so by running:<br> </p> <pre class="highlight plaintext"><code>kubectl logs -l app=backend -f </code></pre> </li> <li> <p>Once you have finished testing, clean up the Minikube cluster by deleting it:<br> </p> <pre class="highlight plaintext"><code>minikube delete </code></pre> </li> </ol> <p>In this blog post, we explored how to enhance the scalability of a NestJS chat app by leveraging Redis and implementing user-specific channels. By optimizing the broadcasting process, we reduced networking costs and improved overall efficiency. Additionally, we learned how to deploy the app on Kubernetes using Minikube for local development and testing.</p> <p>Your feedback and comments are highly appreciated, so please share your thoughts and experiences. Stay tuned for new posts!</p> nestjs webdev kubernetes javascript zenstok Mon, 29 May 2023 11:31:00 +0000 https://dev.to/zenstok/how-to-scale-a-chat-app-to-millions-of-users-in-nestjs-2k0k https://dev.to/zenstok/how-to-scale-a-chat-app-to-millions-of-users-in-nestjs-2k0k <p>Hello, in this guide, I will teach you how to scale a NestJS app to millions of users.</p> <p>Prerequisites:</p> <ul> <li>Experience with JavaScript.</li> <li>Experience with NestJS.</li> <li>Experience as a backend engineer.</li> </ul> <p>Access the GitHub repository for this project <a href="https://github.com/zenstok/nestjs-scalable-chat-app-example" rel="noopener noreferrer">here</a>.</p> <p>To scale your app, you will need to scale horizontally by creating multiple instances of your NestJS app.</p> <p>Each instance of your app should have the following features:</p> <ol> <li>WebSocket integrations that keep track of connected clients through websockets in a singleton memory array. (this is done by default when using nestjs, reference: <a href="https://docs.nestjs.com/fundamentals/injection-scopes" rel="noopener noreferrer">Injection Scopes</a>)</li> <li>A Redis database publisher that announces new requests received by all other instances and a subscriber that listents to these requests. This is necessary because a client may send a request to one instance (e.g., instance number 3) and be registered as a websocket client there. However, the client may then send a request to another instance because you will have a load balancer installed (e.g., instance number 32), triggering a websocket chat notification. Unfortunately, this instance does not have the connected client in its singleton memory array. To handle this, the instance needs to announce the request to all other instances through Redis. The other instances can then look up their array of connected clients and notify them if a match is found.</li> </ol> <p>Here's how you can achieve this:</p> <ol> <li><p>Install websockets in your NestJS app. Follow the <a href="https://docs.nestjs.com/websockets/gateways" rel="noopener noreferrer">official NestJS guide</a>. If you'd like to quickly jump out and see the GitHub repo for the full example, you can find it <a href="https://github.com/zenstok/nestjs-scalable-chat-app-example" rel="noopener noreferrer">here</a>.</p></li> <li><p>Create the WebSocket client manager service (explained below).</p></li> </ol> <p>After setting up websockets in your app, we need to define an entrypoint gateway for websockets.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">WebSocketGateway</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/entrypoint</span><span class="dl">'</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">EntrypointGateway</span> <span class="p">{}</span> </code></pre> </div> <p>Then, create a new lifecycle gateway that extends this entrypoint. This lifecycle gateway contains the logic to insert clients into the WebSocket client manager.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">LifecycleGateway</span> <span class="kd">extends</span> <span class="nc">EntrypointGateway</span> <span class="k">implements</span> <span class="nx">OnGatewayInit</span><span class="p">,</span> <span class="nx">OnGatewayConnection</span><span class="p">,</span> <span class="nx">OnGatewayDisconnect</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">logger</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Logger</span><span class="p">(</span><span class="nx">LifecycleGateway</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="nf">constructor</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">jwtService</span><span class="p">:</span> <span class="nx">JwtService</span><span class="p">,</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">wsClientManager</span><span class="p">:</span> <span class="nx">WsClientManager</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">();</span> <span class="p">}</span> <span class="nf">afterInit</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">logger</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="dl">'</span><span class="s1">Websockets initialized </span><span class="dl">'</span> <span class="o">+</span> <span class="k">this</span><span class="p">.</span><span class="kd">constructor</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="p">}</span> <span class="nf">handleConnection</span><span class="p">(</span><span class="nx">client</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authUserTokenData</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getDecodedAuthToken</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authUserTokenData</span><span class="p">)</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nf">close</span><span class="p">();</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">this</span><span class="p">.</span><span class="nx">wsClientManager</span><span class="p">.</span><span class="nf">addConnection</span><span class="p">(</span><span class="nx">client</span><span class="p">,</span> <span class="nx">authUserTokenData</span><span class="p">);</span> <span class="p">}</span> <span class="nf">handleDisconnect</span><span class="p">(</span><span class="nx">client</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">wsClientManager</span><span class="p">.</span><span class="nf">removeConnection</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="p">}</span> <span class="nf">getDecodedAuthToken</span><span class="p">(</span><span class="nx">client</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">decodedJwt</span><span class="p">:</span> <span class="nx">DecodedAuthToken</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">protocol</span><span class="p">)</span> <span class="p">{</span> <span class="nx">decodedJwt</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">jwtService</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">protocol</span><span class="p">,</span> <span class="p">{</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">jwtConstants</span><span class="p">.</span><span class="nx">secret</span><span class="p">,</span> <span class="p">})</span> <span class="k">as</span> <span class="nx">DecodedAuthToken</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{}</span> <span class="k">return</span> <span class="nx">decodedJwt</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>To inject the Redis connection into our app, we utilize <code>@liaoliaots/nestjs-redis</code> package with the following yarn command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> yarn add @liaoliaots/nestjs-redis </code></pre> </div> <p>Moving forward, we will add the Redis module configuration for subscriber and publisher channels.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">RedisModule</span><span class="p">.</span><span class="nf">forRootAsync</span><span class="p">({</span> <span class="na">inject</span><span class="p">:</span> <span class="p">[</span><span class="nx">ConfigService</span><span class="p">],</span> <span class="na">useFactory</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="na">config</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">config</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">namespace</span><span class="p">:</span> <span class="dl">'</span><span class="s1">subscriber</span><span class="dl">'</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">REDIS_HOST</span><span class="dl">'</span><span class="p">),</span> <span class="na">port</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">REDIS_PORT</span><span class="dl">'</span><span class="p">),</span> <span class="p">},</span> <span class="p">{</span> <span class="na">namespace</span><span class="p">:</span> <span class="dl">'</span><span class="s1">publisher</span><span class="dl">'</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">REDIS_HOST</span><span class="dl">'</span><span class="p">),</span> <span class="na">port</span><span class="p">:</span> <span class="nx">config</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">REDIS_PORT</span><span class="dl">'</span><span class="p">),</span> <span class="p">},</span> <span class="p">],</span> <span class="p">}),</span> <span class="p">}),</span> </code></pre> </div> <p>In the WebSocket client manager, you will find the following:</p> <ul> <li>We generate a random Redis client using the <code>crypto</code> module's <code>randomUUID</code> from the official Node.js package.</li> </ul> <p>Each NestJS app instance subscribes to the three Redis channels we defined:</p> <ul> <li>SendWsMessageToAllClients</li> <li>SendWsMessageToSomeClients</li> <li>SendWsMessageToOneClient</li> </ul> <p>When a NestJS instance receives a message, it first checks that the publisher is not the same as the subscriber. Then, it proceeds to send the message. However, this time, we set the <code>shouldPublishToRedis</code> parameter to <code>false</code> to avoid an infinite loop. The received message will be sent by each instance if it finds the clients in its singleton memory array.</p> <p>This approach also handles cases where a single user uses the app through multiple devices simultaneously (e.g., PC, mobile app). The user will receive chat notifications on all devices because, upon inspecting the code, you will notice that we are utilizing a map object. For every user ID, we store all associated WebSocket connected clients.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">WsClientManager</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">connectedClients</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="kr">any</span><span class="p">[]</span><span class="o">&gt;</span><span class="p">();</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">redisClientId</span> <span class="o">=</span> <span class="s2">`ws_socket_client-</span><span class="p">${</span><span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">()}</span><span class="s2">`</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(</span> <span class="p">@</span><span class="nd">InjectRedis</span><span class="p">(</span><span class="dl">'</span><span class="s1">subscriber</span><span class="dl">'</span><span class="p">)</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">subscriberRedis</span><span class="p">:</span> <span class="nx">Redis</span><span class="p">,</span> <span class="p">@</span><span class="nd">InjectRedis</span><span class="p">(</span><span class="dl">'</span><span class="s1">publisher</span><span class="dl">'</span><span class="p">)</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">publisherRedis</span><span class="p">:</span> <span class="nx">Redis</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="nx">SendWsMessageToAllClients</span><span class="p">,</span> <span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="nx">SendWsMessageToSomeClients</span><span class="p">,</span> <span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">subscribe</span><span class="p">(</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="nx">SendWsMessageToOneClient</span><span class="p">,</span> <span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">subscriberRedis</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">channel</span><span class="p">,</span> <span class="nx">message</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">message</span><span class="p">)</span> <span class="k">as</span> <span class="nx">RedisPubSubMessage</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="k">from</span> <span class="o">!==</span> <span class="k">this</span><span class="p">.</span><span class="nx">redisClientId</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch </span><span class="p">(</span><span class="nx">channel</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="na">SendWsMessageToAllClients</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendMessageToAllClients</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="na">SendWsMessageToSomeClients</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendMessageToClients</span><span class="p">(</span> <span class="p">(</span><span class="nx">data</span> <span class="k">as</span> <span class="nx">RedisPubSubMessageWithClientIds</span><span class="p">).</span><span class="nx">clientIds</span><span class="p">,</span> <span class="nx">data</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="na">SendWsMessageToOneClient</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">sendMessageToClient</span><span class="p">(</span> <span class="p">(</span><span class="nx">data</span> <span class="k">as</span> <span class="nx">RedisPubSubMessageWithClientId</span><span class="p">).</span><span class="nx">clientId</span><span class="p">,</span> <span class="nx">data</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">addConnection</span><span class="p">(</span><span class="nx">client</span><span class="p">:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">authUserTokenData</span><span class="p">:</span> <span class="nx">DecodedAuthToken</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">authUserTokenData</span><span class="p">.</span><span class="nx">sub</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nf">setUserIdOnClient</span><span class="p">(</span><span class="nx">client</span><span class="p">,</span> <span class="nx">userId</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">clientsPool</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getClientsPool</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span> <span class="nx">userId</span><span class="p">,</span> <span class="nx">clientsPool</span> <span class="p">?</span> <span class="p">[...</span><span class="nx">clientsPool</span><span class="p">,</span> <span class="nx">client</span><span class="p">]</span> <span class="p">:</span> <span class="p">[</span><span class="nx">client</span><span class="p">],</span> <span class="p">);</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nf">close</span><span class="p">();</span> <span class="c1">// This will trigger removeConnection from the LifecycleGateway's handleDisconnect</span> <span class="p">},</span> <span class="k">this</span><span class="p">.</span><span class="nf">getConnectionLimit</span><span class="p">(</span><span class="nx">authUserTokenData</span><span class="p">));</span> <span class="p">}</span> <span class="nf">removeConnection</span><span class="p">(</span><span class="nx">client</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">clientsPool</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getClientsPool</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">newPool</span> <span class="o">=</span> <span class="nx">clientsPool</span><span class="o">!</span><span class="p">.</span><span class="nf">filter</span><span class="p">((</span><span class="nx">c</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">c</span> <span class="o">!==</span> <span class="nx">client</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">newPool</span><span class="p">.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">userId</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">userId</span><span class="p">,</span> <span class="nx">newPool</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">private</span> <span class="nf">setUserIdOnClient</span><span class="p">(</span><span class="nx">client</span><span class="p">:</span> <span class="kr">any</span><span class="p">,</span> <span class="nx">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nx">userId</span> <span class="o">=</span> <span class="nx">userId</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="nf">getClientsPool</span><span class="p">(</span><span class="nx">client</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">client</span><span class="p">.</span><span class="nx">userId</span><span class="p">);</span> <span class="p">}</span> <span class="k">private</span> <span class="nf">getConnectionLimit</span><span class="p">(</span><span class="nx">tokenData</span><span class="p">:</span> <span class="nx">DecodedAuthToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">tokenData</span><span class="p">.</span><span class="nx">exp</span> <span class="o">*</span> <span class="mi">1000</span> <span class="o">-</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="p">}</span> <span class="nf">getConnectedClientIds</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">clientIds</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">iterator</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="nf">keys</span><span class="p">();</span> <span class="kd">let</span> <span class="nx">current</span> <span class="o">=</span> <span class="nx">iterator</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="k">while </span><span class="p">(</span><span class="o">!</span><span class="nx">current</span><span class="p">.</span><span class="nx">done</span><span class="p">)</span> <span class="p">{</span> <span class="nx">clientIds</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">current</span><span class="p">.</span><span class="nx">value</span><span class="p">);</span> <span class="nx">current</span> <span class="o">=</span> <span class="nx">iterator</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">clientIds</span><span class="p">;</span> <span class="p">}</span> <span class="nf">sendMessageToClient</span><span class="p">(</span> <span class="nx">clientId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">shouldPublishToRedis</span> <span class="o">=</span> <span class="kc">true</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">shouldPublishToRedis</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">publisherRedis</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="nx">SendWsMessageToOneClient</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">message</span><span class="p">,</span> <span class="nx">clientId</span><span class="p">,</span> <span class="na">from</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">redisClientId</span><span class="p">,</span> <span class="p">}),</span> <span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">clientPool</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">clientId</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">clientPool</span><span class="p">)</span> <span class="p">{</span> <span class="nx">clientPool</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">client</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">sendMessageToClients</span><span class="p">(</span> <span class="nx">clientIds</span><span class="p">:</span> <span class="kr">string</span><span class="p">[],</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">shouldPublishToRedis</span> <span class="o">=</span> <span class="kc">true</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">shouldPublishToRedis</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">publisherRedis</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="nx">SendWsMessageToSomeClients</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">message</span><span class="p">,</span> <span class="nx">clientIds</span><span class="p">,</span> <span class="na">from</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">redisClientId</span><span class="p">,</span> <span class="p">}),</span> <span class="p">);</span> <span class="p">}</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">clientPool</span><span class="p">,</span> <span class="nx">clientId</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">clientIds</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">clientId</span><span class="p">))</span> <span class="p">{</span> <span class="nx">clientPool</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">client</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">sendMessageToAllClients</span><span class="p">(</span><span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">shouldPublishToRedis</span> <span class="o">=</span> <span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">shouldPublishToRedis</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">publisherRedis</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span> <span class="nx">RedisSubscribeChannel</span><span class="p">.</span><span class="nx">SendWsMessageToAllClients</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">message</span><span class="p">,</span> <span class="na">from</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">redisClientId</span><span class="p">,</span> <span class="p">}),</span> <span class="p">);</span> <span class="p">}</span> <span class="k">this</span><span class="p">.</span><span class="nx">connectedClients</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">clientPool</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">clientPool</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">client</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now it's time to test our app. First, clone the project. Make sure you have Docker installed.</p> <p>This is the Dockerfile for our NestJS app (represents a single instance):</p> <p><strong>Dockerfile:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">node:18.13.0-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">development</span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app</span> <span class="k">COPY</span><span class="s"> package.json ./</span> <span class="k">COPY</span><span class="s"> yarn.lock ./</span> <span class="k">RUN </span>yarn <span class="nb">install</span> <span class="nt">--frozen-lockfile</span> <span class="se">\ </span><span class="o">&amp;&amp;</span> yarn cache clean <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>yarn build <span class="k">CMD</span><span class="s"> yarn install; yarn start:debug;</span> </code></pre> </div> <p>In the docker-compose file, we use our backend image generated from the Dockerfile above. We also have an Nginx server to act as a load balancer between app instances, Postgres as the database, and Redis as the centralized database used for communication between app instances. In this example, we simulate the presence of five NestJS app instances.</p> <p><strong>docker-compose.yml:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.7'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">scalable-chat-app-example-backend</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./../</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">./docker/Dockerfile</span> <span class="na">target</span><span class="pi">:</span> <span class="s">development</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./../:/usr/src/app</span> <span class="pi">-</span> <span class="s">scalable-chat-app-example-backend-node-modules:/usr/src/app/node_modules</span> <span class="pi">-</span> <span class="s">scalable-chat-app-example-backend-dist:/usr/src/app/dist</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">3000'</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mainnet</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres</span> <span class="pi">-</span> <span class="s">redis</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">scale</span><span class="pi">:</span> <span class="m">5</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">scalable-chat-app-example-nginx-load-balancer</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:latest</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./../nginx.conf:/etc/nginx/nginx.conf</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">backend</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mainnet</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">3000:3000'</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">scalable-chat-app-example-postgres-db</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:15.0</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mainnet</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">TZ</span><span class="pi">:</span> <span class="s">${DB_TIMEZONE}</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${DB_USERNAME}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${DB_PASSWORD}</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${DB_NAME}</span> <span class="na">PG_DATA</span><span class="pi">:</span> <span class="s">/var/lib/postgresql/data</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">5432:5432'</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">scalable-chat-app-example-pgdata:/var/lib/postgresql/data</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">scalable-chat-app-example-redis-db</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7.0.7</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mainnet</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">6379'</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">scalable-chat-app-example-redisdata:/data</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">mainnet</span><span class="pi">:</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">scalable-chat-app-example-pgdata</span><span class="pi">:</span> <span class="na">scalable-chat-app-example-backend-node-modules</span><span class="pi">:</span> <span class="na">scalable-chat-app-example-backend-dist</span><span class="pi">:</span> <span class="na">scalable-chat-app-example-redisdata</span><span class="pi">:</span> </code></pre> </div> <p>We also need the following Nginx configuration to handle WebSocket connections:</p> <p><strong>nginx.conf:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">user</span> <span class="s">nginx</span><span class="p">;</span> <span class="k">events</span> <span class="p">{</span> <span class="kn">worker_connections</span> <span class="mi">1000</span><span class="p">;</span> <span class="p">}</span> <span class="k">http</span> <span class="p">{</span> <span class="kn">upstream</span> <span class="s">app</span> <span class="p">{</span> <span class="kn">server</span> <span class="nf">scalable-chat-app-example-backend-1</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="kn">server</span> <span class="nf">scalable-chat-app-example-backend-2</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="kn">server</span> <span class="nf">scalable-chat-app-example-backend-3</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="kn">server</span> <span class="nf">scalable-chat-app-example-backend-4</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="kn">server</span> <span class="nf">scalable-chat-app-example-backend-5</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="p">}</span> <span class="kn">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">3000</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://app</span><span class="p">;</span> <span class="c1"># WebSocket support</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="nv">$http_connection</span><span class="p">;</span> <span class="p">}</span> <span class="kn">client_max_body_size</span> <span class="mi">1000M</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>To set up the example, navigate to the repository directory and execute the following three commands:</p> <p>Copy sample.env:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cp sample.env .env </code></pre> </div> <p>Run containers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn dc up </code></pre> </div> <p>Initiate docker database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn dc-db-init </code></pre> </div> <p>If you want to clean the project you can run the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn dc-clean </code></pre> </div> <p>Your database has 5 users initiated:</p> <ul> <li><a href="mailto:test@test.com">test@test.com</a></li> <li><a href="mailto:test2@test.com">test2@test.com</a></li> <li><a href="mailto:test3@test.com">test3@test.com</a></li> <li><a href="mailto:test4@test.com">test4@test.com</a></li> </ul> <p>Each one of them has 1234 as password.</p> <p>Open swagger at <a href="http://localhost:3000/docs" rel="noopener noreferrer">http://localhost:3000/docs</a>.</p> <p>Login multiple users so you obtain the bearer token needed for ws authentication.</p> <p>Open as many browser tabs as you want and write the following code in each of them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">ws</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebSocket</span><span class="p">(</span><span class="dl">'</span><span class="s1">ws://localhost:3000/entrypoint</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">introduceHereBearerTokenFromAuthLogin</span><span class="dl">'</span><span class="p">)</span> </code></pre> </div> <p>Check out your users table from docker database and extract them as a json so you can use the array of users in the browser.</p> <p>Now, type the following in any browser window:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">users</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">user</span> <span class="o">=&gt;</span> <span class="nx">ws</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span><span class="na">event</span><span class="p">:</span> <span class="dl">'</span><span class="s1">send_chat_message_to_participant</span><span class="dl">'</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span><span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test</span><span class="dl">'</span><span class="p">,</span> <span class="na">participantId</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">}})));</span> </code></pre> </div> <p>This will send individual chat message to all participants. You can also check docker logs to see it in action.</p> <p>Regardless of which NestJS instance grabs the WebSocket connection, the messages are consistently sent to participants. This is how you scale a NestJS chat app to millions of users.</p> <p>If you are interested in learning how to deploy this stack on Kubernetes, leave a comment and i will do the tutorial.</p> <p>If you want to collaborate on potential start-up projects, you can reach me at: <a href="//mailto:rares.tarabega27@gmail.com">rares.tarabega27@gmail.com</a></p> <p><strong>Post Creation:</strong><br> If you want to check out an improved and more efficient model for broadcasting messages between instances, as well as how to deploy this stack on Kubernetes, you can find Part 2 of this series <a href="https://dev.to/zenstok/part-22-deploy-scalable-nestjs-chat-app-to-kubernetes-59o0">here</a>.</p> webdev node nestjs javascript