JWT

The jwt feature in LightTs locks down your API with JSON Web Token (JWT) authentication using jsonwebtoken. It generates a customizable auth.ts file, letting you secure routes and restrict access by roles with ease.

Add JWT Support

Run the Command
Terminal window
```
lts add jwt
```
Check Output

Generates src/middleware/auth.middleware.ts and updates src/config.ts with JWT settings.
Secure Routes

Use the validateToken middleware in your routes.

import { auth } from '@/config';
import { NextFunction, Request, Response } from 'express';
import jwt from 'jsonwebtoken';

export const { validateToken } = {
    validateToken: (roles?: IAuthUserRole[]) => {
        return async (req: Request, res: Response, next: NextFunction): Promise<void> => {
            const token = req.header('Authorization');

            if (!token) {
                res.status(401).json({ message: 'access denied' });
                return;
            }
            const accessToken = token.split(' ')[1];

            try {
                const decoded = jwt.verify(accessToken, auth.jwt.access.secret) as IAuthUser;
                req.user = decoded;

                if (!roles) return next();

                if (!roles?.includes(decoded.role)) {
                    res.status(403).json({ message: 'permission denied' });
                    return;
                }

                next();
            } catch (error) {
                res.status(401).json({ message: 'invalid token' });
            }
        };
    }
};

export const { auth } = {
  auth: {
        salt: 10,
        jwt: {
            access: {
                secret: process.env.ACCESS_JWT_SECRET,
                expiresIn: '15m'
            },
            refresh: {
                secret: process.env.REFRESH_JWT_SECRET,
                expiresIn: '30d'
            }
        }
    },
};

import { Router } from 'express';
import { validateToken } from '@/middleware/auth.middleware';
import service from './user.service';

const router = Router();

router.get('/users', validateToken(['admin']), service.getUsers);

Role-Based Access

Restrict routes to specific roles (e.g., admin) in the JWT payload:

{
  "id": 1,
  "email": "[email protected]",
  "role": "admin"
}

Define roles in src/types/express.d.ts:

export type IAuthUserRole = 'admin' | 'user' | string;

export interface IAuthUser {
  id: number;
  email: string;
  role: IAuthUserRole;
}

Notes

Set ACCESS_JWT_SECRET in your .env file for security.
Expects Authorization: Bearer <token> in headers.
Customize auth.middleware.ts for refresh tokens or advanced logic.

See JWT in Action Try a JWT-protected route example.