--- id: daily-nestjs-patterns name: "nestjs-patterns" url: https://skills.yangsir.net/skill/daily-nestjs-patterns author: affaan-m domain: ai-software-architecture-engineering tags: ["backend", "typescript", "nodejs"] install_count: 2900 rating: 4.40 (14 reviews) github: https://github.com/affaan-m/everything-claude-code --- # nestjs-patterns > 提供生产级NestJS模块化架构模式,包含控制器、提供者、DTO验证、守卫和拦截器的最佳实践 **Stats**: 2,900 installs · 4.4/5 (14 reviews) ## Before / After 对比 ### NestJS项目搭建 **Before**: 手动创建模块、控制器和服务的文件结构,反复配置依赖注入和验证规则,容易遗漏安全和性能配置,一个微服务的基础搭建需要1天 **After**: 使用标准化模式自动生成模块骨架,内置DTO验证、异常过滤和权限守卫,30分钟完成生产级别的NestJS服务架构 | Metric | Before | After | Change | |---|---|---|---| | 搭建时间 | 480分钟 | 30分钟 | -94% | ## Readme # nestjs-patterns # NestJS Development Patterns Production-grade NestJS patterns for modular TypeScript backends. ## When to Activate - Building NestJS APIs or services - Structuring modules, controllers, and providers - Adding DTO validation, guards, interceptors, or exception filters - Configuring environment-aware settings and database integrations - Testing NestJS units or HTTP endpoints ## Project Structure ``` src/ ├── app.module.ts ├── main.ts ├── common/ │ ├── filters/ │ ├── guards/ │ ├── interceptors/ │ └── pipes/ ├── config/ │ ├── configuration.ts │ └── validation.ts ├── modules/ │ ├── auth/ │ │ ├── auth.controller.ts │ │ ├── auth.module.ts │ │ ├── auth.service.ts │ │ ├── dto/ │ │ ├── guards/ │ │ └── strategies/ │ └── users/ │ ├── dto/ │ ├── entities/ │ ├── users.controller.ts │ ├── users.module.ts │ └── users.service.ts └── prisma/ or database/ ``` - Keep domain code inside feature modules. - Put cross-cutting filters, decorators, guards, and interceptors in `common/`. - Keep DTOs close to the module that owns them. ## Bootstrap and Global Validation ``` async function bootstrap() { const app = await NestFactory.create(AppModule, { bufferLogs: true }); app.useGlobalPipes( new ValidationPipe({ whitelist: true, forbidNonWhitelisted: true, transform: true, transformOptions: { enableImplicitConversion: true }, }), ); app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector))); app.useGlobalFilters(new HttpExceptionFilter()); await app.listen(process.env.PORT ?? 3000); } bootstrap(); ``` - Always enable `whitelist` and `forbidNonWhitelisted` on public APIs. - Prefer one global validation pipe instead of repeating validation config per route. ## Modules, Controllers, and Providers ``` @Module({ controllers: [UsersController], providers: [UsersService], exports: [UsersService], }) export class UsersModule {} @Controller('users') export class UsersController { constructor(private readonly usersService: UsersService) {} @Get(':id') getById(@Param('id', ParseUUIDPipe) id: string) { return this.usersService.getById(id); } @Post() create(@Body() dto: CreateUserDto) { return this.usersService.create(dto); } } @Injectable() export class UsersService { constructor(private readonly usersRepo: UsersRepository) {} async create(dto: CreateUserDto) { return this.usersRepo.create(dto); } } ``` - Controllers should stay thin: parse HTTP input, call a provider, return response DTOs. - Put business logic in injectable services, not controllers. - Export only the providers other modules genuinely need. ## DTOs and Validation ``` export class CreateUserDto { @IsEmail() email!: string; @IsString() @Length(2, 80) name!: string; @IsOptional() @IsEnum(UserRole) role?: UserRole; } ``` - Validate every request DTO with `class-validator`. - Use dedicated response DTOs or serializers instead of returning ORM entities directly. - Avoid leaking internal fields such as password hashes, tokens, or audit columns. ## Auth, Guards, and Request Context ``` @UseGuards(JwtAuthGuard, RolesGuard) @Roles('admin') @Get('admin/report') getAdminReport(@Req() req: AuthenticatedRequest) { return this.reportService.getForUser(req.user.id); } ``` - Keep auth strategies and guards module-local unless they are truly shared. - Encode coarse access rules in guards, then do resource-specific authorization in services. - Prefer explicit request types for authenticated request objects. ## Exception Filters and Error Shape ``` @Catch() export class HttpExceptionFilter implements ExceptionFilter { catch(exception: unknown, host: ArgumentsHost) { const response = host.switchToHttp().getResponse(); const request = host.switchToHttp().getRequest(); if (exception instanceof HttpException) { return response.status(exception.getStatus()).json({ path: request.url, error: exception.getResponse(), }); } return response.status(500).json({ path: request.url, error: 'Internal server error', }); } } ``` - Keep one consistent error envelope across the API. - Throw framework exceptions for expected client errors; log and wrap unexpected failures centrally. ## Config and Environment Validation ``` ConfigModule.forRoot({ isGlobal: true, load: [configuration], validate: validateEnv, }); ``` - Validate env at boot, not lazily at first request. - Keep config access behind typed helpers or config services. - Split dev/staging/prod concerns in config factories instead of branching throughout feature code. ## Persistence and Transactions - Keep repository / ORM code behind providers that speak domain language. - For Prisma or TypeORM, isolate transactional workflows in services that own the unit of work. - Do not let controllers coordinate multi-step writes directly. ## Testing ``` describe('UsersController', () => { let app: INestApplication; beforeAll(async () => { const moduleRef = await Test.createTestingModule({ imports: [UsersModule], }).compile(); app = moduleRef.createNestApplication(); app.useGlobalPipes(new ValidationPipe({ whitelist: true, transform: true })); await app.init(); }); }); ``` - Unit test providers in isolation with mocked dependencies. - Add request-level tests for guards, validation pipes, and exception filters. - Reuse the same global pipes/filters in tests that you use in production. ## Production Defaults - Enable structured logging and request correlation ids. - Terminate on invalid env/config instead of booting partially. - Prefer async provider initialization for DB/cache clients with explicit health checks. - Keep background jobs and event consumers in their own modules, not inside HTTP controllers. - Make rate limiting, auth, and audit logging explicit for public endpoints. Weekly Installs525Repository[affaan-m/everyt…ude-code](https://github.com/affaan-m/everything-claude-code)GitHub Stars152.8KFirst Seen10 days agoSecurity Audits[Gen Agent Trust HubPass](/affaan-m/everything-claude-code/nestjs-patterns/security/agent-trust-hub)[SocketPass](/affaan-m/everything-claude-code/nestjs-patterns/security/socket)[SnykPass](/affaan-m/everything-claude-code/nestjs-patterns/security/snyk)Installed oncodex492opencode469gemini-cli466cursor466github-copilot465kimi-cli465 --- *Source: https://skills.yangsir.net/skill/daily-nestjs-patterns* *Markdown mirror: https://skills.yangsir.net/api/skill/daily-nestjs-patterns/markdown*