NestJS Serverless User CRUD Application
A professional serverless NestJS application with AWS Lambda, user CRUD operations, authentication, and comprehensive CI/CD pipeline.
Features
- ☁️ Serverless Architecture - AWS Lambda with API Gateway
- 🔐 Authentication & Authorization - JWT-based authentication with role-based access control
- 👥 User Management - Complete CRUD operations for users
- 📝 Post Management - Create, read, update, and delete posts
- 🏗️ Clean Architecture - MVC + Clean Architecture patterns
- 🗄️ Database - PostgreSQL with Prisma ORM (RDS)
- 📚 API Documentation - Swagger/OpenAPI documentation
- 🛡️ Security - Helmet, CORS, rate limiting, input validation, WAF
- 🧪 Testing Ready - Jest configuration with CI/CD
- 🚀 CI/CD Pipeline - GitHub Actions with automated deployment
- 🌍 Multi-Environment - Dev, Staging, and Production environments
Tech Stack
- Framework: NestJS
- Runtime: AWS Lambda (Node.js 18.x)
- API Gateway: AWS API Gateway
- Database: PostgreSQL (AWS RDS)
- ORM: Prisma
- Authentication: JWT with Passport
- Validation: class-validator & class-transformer
- Documentation: Swagger/OpenAPI
- Security: Helmet, bcryptjs, AWS WAF
- Deployment: Serverless Framework
- CI/CD: GitHub Actions
- Infrastructure: AWS (Lambda, RDS, VPC, CloudWatch)
Project Structure
src/
├── common/ # Shared utilities and configurations
│ ├── database/ # Database configuration
│ ├── decorators/ # Custom decorators
│ ├── dto/ # Common DTOs
│ ├── guards/ # Custom guards
│ ├── interfaces/ # TypeScript interfaces
│ └── utils/ # Utility functions
├── modules/ # Feature modules
│ ├── auth/ # Authentication module
│ │ ├── controllers/ # Auth controllers
│ │ ├── dto/ # Auth DTOs
│ │ ├── guards/ # Auth guards
│ │ ├── services/ # Auth services
│ │ └── strategies/ # Passport strategies
│ ├── users/ # Users module
│ │ ├── controllers/ # User controllers
│ │ ├── dto/ # User DTOs
│ │ └── services/ # User services
│ └── posts/ # Posts module
│ ├── controllers/ # Post controllers
│ ├── dto/ # Post DTOs
│ └── services/ # Post services
├── app.module.ts # Root module
├── app.controller.ts # Root controller
├── app.service.ts # Root service
└── main.ts # Application entry point
Getting Started
Prerequisites
- Node.js (v18 or higher)
- AWS CLI configured
- PostgreSQL database (local or AWS RDS)
- npm or yarn
- Serverless Framework
Installation
-
Clone the repository
git clone <repository-url> cd nestjs-serverless-user-crud -
Install dependencies
npm install -
Set up environment variables
# Copy environment template cp env.dev .envUpdate the
.envfile with your database credentials and JWT secret. -
Set up AWS resources
# Run the AWS setup script chmod +x scripts/setup-aws.sh ./scripts/setup-aws.sh dev -
Set up the database
# Generate Prisma client npm run prisma:generate # Run database migrations npm run prisma:migrate # Seed the database (optional) npm run prisma:seed -
Start the application
# Local development npm run start:dev # Serverless offline npm run start:serverless # Deploy to AWS npm run deploy:dev
API Documentation
Once the application is running, you can access the Swagger documentation at:
- Local Development: http://localhost:3000/api/docs
- Serverless Offline: http://localhost:3000/api/docs
- AWS Lambda: https://your-api-gateway-url/api/docs (dev environment only)
Serverless Deployment
Environment Configuration
The application supports multiple environments:
- Development (
dev) - For local development and testing - Staging (
staging) - For pre-production testing - Production (
prod) - For live production environment
Deployment Commands
# Deploy to development
npm run deploy:dev
# Deploy to staging
npm run deploy:staging
# Deploy to production
npm run deploy:prod
# Remove deployment
npm run remove:dev
npm run remove:staging
npm run remove:prod
Environment Variables
Set up the following environment variables for each environment:
# Database
DATABASE_URL="postgresql://username:password@host:5432/database?schema=public"
# JWT Configuration
JWT_SECRET="your-super-secret-jwt-key"
JWT_EXPIRES_IN="7d"
# AWS Configuration
AWS_REGION="us-east-1"
VPC_SECURITY_GROUP_ID="sg-xxxxxxxxx"
VPC_SUBNET_ID_1="subnet-xxxxxxxxx"
VPC_SUBNET_ID_2="subnet-yyyyyyyyy"
API Endpoints
Authentication
POST /api/v1/auth/register- Register a new userPOST /api/v1/auth/login- Login userPOST /api/v1/auth/refresh- Refresh access token
Users
GET /api/v1/users- Get all users (Admin/Moderator only)GET /api/v1/users/profile- Get current user profileGET /api/v1/users/:id- Get user by ID (Admin/Moderator only)PATCH /api/v1/users/profile- Update current user profilePATCH /api/v1/users/:id- Update user by ID (Admin only)DELETE /api/v1/users/:id- Delete user by ID (Admin only)
Posts
GET /api/v1/posts- Get all postsGET /api/v1/posts/my-posts- Get current user's postsGET /api/v1/posts/:id- Get post by IDPOST /api/v1/posts- Create a new postPATCH /api/v1/posts/:id- Update post by IDDELETE /api/v1/posts/:id- Delete post by ID
User Roles
- USER: Basic user with limited permissions
- MODERATOR: Can view all users and moderate content
- ADMIN: Full access to all resources
Database Schema
Users Table
id- Unique identifieremail- User email (unique)username- Username (unique)password- Hashed passwordfirstName- First namelastName- Last nameisActive- Account statusrole- User role (USER, MODERATOR, ADMIN)createdAt- Creation timestampupdatedAt- Last update timestamp
Posts Table
id- Unique identifiertitle- Post titlecontent- Post contentpublished- Publication statusauthorId- Foreign key to users tablecreatedAt- Creation timestampupdatedAt- Last update timestamp
Security Features
- Password Hashing: bcryptjs for secure password storage
- JWT Authentication: Secure token-based authentication
- Role-based Access Control: Different permissions for different roles
- Input Validation: Comprehensive validation using class-validator
- Rate Limiting: Protection against brute force attacks
- CORS: Configurable cross-origin resource sharing
- Helmet: Security headers for HTTP responses
CI/CD Pipeline
The application includes a comprehensive CI/CD pipeline using GitHub Actions:
Pipeline Stages
- Test & Lint - Runs unit tests, e2e tests, and code linting
- Build - Builds the application and uploads artifacts
- Deploy Dev - Deploys to development environment (on develop branch)
- Deploy Staging - Deploys to staging environment (on main branch)
- Deploy Production - Deploys to production environment (manual approval)
- Security Scan - Runs security audits and vulnerability scans
GitHub Secrets
Configure the following secrets in your GitHub repository:
Development Environment:
AWS_ACCESS_KEY_ID_DEVAWS_SECRET_ACCESS_KEY_DEVDATABASE_URL_DEVJWT_SECRET_DEVVPC_SECURITY_GROUP_ID_DEVVPC_SUBNET_ID_1_DEVVPC_SUBNET_ID_2_DEV
Staging Environment:
AWS_ACCESS_KEY_ID_STAGINGAWS_SECRET_ACCESS_KEY_STAGINGDATABASE_URL_STAGINGJWT_SECRET_STAGINGVPC_SECURITY_GROUP_ID_STAGINGVPC_SUBNET_ID_1_STAGINGVPC_SUBNET_ID_2_STAGING
Production Environment:
AWS_ACCESS_KEY_ID_PRODAWS_SECRET_ACCESS_KEY_PRODDATABASE_URL_PRODJWT_SECRET_PRODVPC_SECURITY_GROUP_ID_PRODVPC_SUBNET_ID_1_PRODVPC_SUBNET_ID_2_PROD
Additional:
SNYK_TOKEN- For security scanning
Development
Available Scripts
npm run start:dev- Start in development mode with hot reloadnpm run start:serverless- Start serverless offlinenpm run build- Build the applicationnpm run build:lambda- Build for Lambda deploymentnpm run start:prod- Start in production modenpm run test- Run unit testsnpm run test:e2e- Run end-to-end testsnpm run lint- Run ESLintnpm run format- Format code with Prettier
Database Commands
npm run prisma:generate- Generate Prisma clientnpm run prisma:push- Push schema changes to databasenpm run prisma:migrate- Run database migrationsnpm run prisma:studio- Open Prisma Studionpm run prisma:seed- Seed the database
Deployment Scripts
./scripts/deploy.sh [environment]- Deploy to specified environment./scripts/setup-aws.sh [environment]- Set up AWS resources
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
License
This project is licensed under the MIT License.