nestjs-patterns
提供生产级NestJS模块化架构模式,包含控制器、提供者、DTO验证、守卫和拦截器的最佳实践
npx skills add affaan-m/everything-claude-code --skill nestjs-patternsBefore / After 效果对比
1 组手动创建模块、控制器和服务的文件结构,反复配置依赖注入和验证规则,容易遗漏安全和性能配置,一个微服务的基础搭建需要1天
使用标准化模式自动生成模块骨架,内置DTO验证、异常过滤和权限守卫,30分钟完成生产级别的NestJS服务架构
nestjs-patterns
NestJS Development Patterns
Production-grade NestJS patterns for modular TypeScript backends.
When to Activate
-
Building NestJS APIs or services
-
Structuring modules, controllers, and providers
-
Adding DTO validation, guards, interceptors, or exception filters
-
Configuring environment-aware settings and database integrations
-
Testing NestJS units or HTTP endpoints
Project Structure
src/
├── app.module.ts
├── main.ts
├── common/
│ ├── filters/
│ ├── guards/
│ ├── interceptors/
│ └── pipes/
├── config/
│ ├── configuration.ts
│ └── validation.ts
├── modules/
│ ├── auth/
│ │ ├── auth.controller.ts
│ │ ├── auth.module.ts
│ │ ├── auth.service.ts
│ │ ├── dto/
│ │ ├── guards/
│ │ └── strategies/
│ └── users/
│ ├── dto/
│ ├── entities/
│ ├── users.controller.ts
│ ├── users.module.ts
│ └── users.service.ts
└── prisma/ or database/
-
Keep domain code inside feature modules.
-
Put cross-cutting filters, decorators, guards, and interceptors in
common/. -
Keep DTOs close to the module that owns them.
Bootstrap and Global Validation
async function bootstrap() {
const app = await NestFactory.create(AppModule, { bufferLogs: true });
app.useGlobalPipes(
new ValidationPipe({
whitelist: true,
forbidNonWhitelisted: true,
transform: true,
transformOptions: { enableImplicitConversion: true },
}),
);
app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)));
app.useGlobalFilters(new HttpExceptionFilter());
await app.listen(process.env.PORT ?? 3000);
}
bootstrap();
-
Always enable
whitelistandforbidNonWhitelistedon public APIs. -
Prefer one global validation pipe instead of repeating validation config per route.
Modules, Controllers, and Providers
@Module({
controllers: [UsersController],
providers: [UsersService],
exports: [UsersService],
})
export class UsersModule {}
@Controller('users')
export class UsersController {
constructor(private readonly usersService: UsersService) {}
@Get(':id')
getById(@Param('id', ParseUUIDPipe) id: string) {
return this.usersService.getById(id);
}
@Post()
create(@Body() dto: CreateUserDto) {
return this.usersService.create(dto);
}
}
@Injectable()
export class UsersService {
constructor(private readonly usersRepo: UsersRepository) {}
async create(dto: CreateUserDto) {
return this.usersRepo.create(dto);
}
}
-
Controllers should stay thin: parse HTTP input, call a provider, return response DTOs.
-
Put business logic in injectable services, not controllers.
-
Export only the providers other modules genuinely need.
DTOs and Validation
export class CreateUserDto {
@IsEmail()
email!: string;
@IsString()
@Length(2, 80)
name!: string;
@IsOptional()
@IsEnum(UserRole)
role?: UserRole;
}
-
Validate every request DTO with
class-validator. -
Use dedicated response DTOs or serializers instead of returning ORM entities directly.
-
Avoid leaking internal fields such as password hashes, tokens, or audit columns.
Auth, Guards, and Request Context
@UseGuards(JwtAuthGuard, RolesGuard)
@Roles('admin')
@Get('admin/report')
getAdminReport(@Req() req: AuthenticatedRequest) {
return this.reportService.getForUser(req.user.id);
}
-
Keep auth strategies and guards module-local unless they are truly shared.
-
Encode coarse access rules in guards, then do resource-specific authorization in services.
-
Prefer explicit request types for authenticated request objects.
Exception Filters and Error Shape
@Catch()
export class HttpExceptionFilter implements ExceptionFilter {
catch(exception: unknown, host: ArgumentsHost) {
const response = host.switchToHttp().getResponse<Response>();
const request = host.switchToHttp().getRequest<Request>();
if (exception instanceof HttpException) {
return response.status(exception.getStatus()).json({
path: request.url,
error: exception.getResponse(),
});
}
return response.status(500).json({
path: request.url,
error: 'Internal server error',
});
}
}
-
Keep one consistent error envelope across the API.
-
Throw framework exceptions for expected client errors; log and wrap unexpected failures centrally.
Config and Environment Validation
ConfigModule.forRoot({
isGlobal: true,
load: [configuration],
validate: validateEnv,
});
-
Validate env at boot, not lazily at first request.
-
Keep config access behind typed helpers or config services.
-
Split dev/staging/prod concerns in config factories instead of branching throughout feature code.
Persistence and Transactions
-
Keep repository / ORM code behind providers that speak domain language.
-
For Prisma or TypeORM, isolate transactional workflows in services that own the unit of work.
-
Do not let controllers coordinate multi-step writes directly.
Testing
describe('UsersController', () => {
let app: INestApplication;
beforeAll(async () => {
const moduleRef = await Test.createTestingModule({
imports: [UsersModule],
}).compile();
app = moduleRef.createNestApplication();
app.useGlobalPipes(new ValidationPipe({ whitelist: true, transform: true }));
await app.init();
});
});
-
Unit test providers in isolation with mocked dependencies.
-
Add request-level tests for guards, validation pipes, and exception filters.
-
Reuse the same global pipes/filters in tests that you use in production.
Production Defaults
-
Enable structured logging and request correlation ids.
-
Terminate on invalid env/config instead of booting partially.
-
Prefer async provider initialization for DB/cache clients with explicit health checks.
-
Keep background jobs and event consumers in their own modules, not inside HTTP controllers.
-
Make rate limiting, auth, and audit logging explicit for public endpoints.
Weekly Installs525Repositoryaffaan-m/everyt…ude-codeGitHub Stars152.8KFirst Seen10 days agoSecurity AuditsGen Agent Trust HubPassSocketPassSnykPassInstalled oncodex492opencode469gemini-cli466cursor466github-copilot465kimi-cli465
用户评价 (0)
发表评价
暂无评价
统计数据
用户评分
为此 Skill 评分