'how to secure nest js server on Heroku, I would like to know if the strategy I am using is secure or not
I am hosting my nest js server on heroku.
I am using authGuards in nest js to validate the request using accessToken passed by client with the request (this accessToken is passed to user while signing in & will be stored in local storage). The accessToken will contain the userId.
For few requests (admin specific). After the accessToken is verified. I will retrieve the user doc from DB with that userId and then will check if the role of userId associated to that accessToken is admin or not.
If it is admin, the request will be handled, else will throw unauthorised request.
and I am using DTO's as well to ensure only supposed data is accepted by server.
Are there any other measures I should take in order to make my server secure and not allow hackers from changing my server code like functions which involves in altering data in My Databases.
And I would like to know if the strategy I am following is secure or not.
Any help is really appreciated. Thankyou.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|