下面提供一套可直接使用的 NestJS + TypeScript BFF 网关样板工程,满足你的功能与结构要求。内容包含目录结构、核心代码文件、配置、数据库与缓存、队列、监控、测试、部署与 CI/CD。可直接使用 yarn 运行与构建。
目录结构
- src/
- main.ts
- app.module.ts
- app.controller.ts
- app.service.ts
- common/
- constants/error-codes.ts
- filters/http-exception.filter.ts
- interceptors/response.interceptor.ts
- interceptors/audit.interceptor.ts
- interceptors/metrics.interceptor.ts
- guards/jwt-auth.guard.ts
- guards/roles.guard.ts
- pipes/validation.pipe.ts
- decorators/roles.decorator.ts
- decorators/cached.decorator.ts
- utils/trace.util.ts
- config/
- configuration.ts
- validation.ts
- swagger.ts
- cors.ts
- throttler.ts
- otel.ts
- database/
- database.module.ts
- typeorm.config.ts
- migrations/
- 1700000000000-InitSchema.ts
- seeds/
- modules/
- auth/
- auth.module.ts
- auth.service.ts
- auth.controller.ts
- strategies/jwt-access.strategy.ts
- strategies/jwt-refresh.strategy.ts
- dtos/login.dto.ts
- dtos/refresh.dto.ts
- users/
- users.module.ts
- users.controller.ts
- users.service.ts
- dtos/create-user.dto.ts
- dtos/update-user.dto.ts
- entities/user.entity.ts
- products/
- products.module.ts
- products.controller.ts
- products.service.ts
- dtos/create-product.dto.ts
- dtos/update-product.dto.ts
- entities/product.entity.ts
- orders/
- orders.module.ts
- orders.controller.ts
- orders.service.ts
- dtos/create-order.dto.ts
- dtos/update-order.dto.ts
- entities/order.entity.ts
- cache/
- cache.module.ts
- cache.service.ts
- queue/
- queue.module.ts
- mail.processor.ts
- reconcile.processor.ts
- health/
- health.module.ts
- health.controller.ts
- metrics/
- metrics.module.ts
- metrics.controller.ts
- tracing/
- test/
- unit/
- e2e/
- app.e2e-spec.ts
- jest-e2e.json
- .env.example
- ormconfig.ts
- package.json
- tsconfig.json
- jest.config.js
- Dockerfile
- docker-compose.yml
- .github/workflows/ci.yml
- .eslintrc.js
- .prettierignore(如需)
- scripts/
关键代码示例
- 启动与 App 模块
src/main.ts
import 'reflect-metadata';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import { ValidationPipe } from './common/pipes/validation.pipe';
import { HttpExceptionFilter } from './common/filters/http-exception.filter';
import { ResponseInterceptor } from './common/interceptors/response.interceptor';
import { AuditInterceptor } from './common/interceptors/audit.interceptor';
import { MetricsInterceptor } from './common/interceptors/metrics.interceptor';
import { setupSwagger } from './config/swagger';
import { setupCors } from './config/cors';
import { setupThrottler } from './config/throttler';
import { initTracing } from './tracing/tracing';
async function bootstrap() {
initTracing();
const app = await NestFactory.create(AppModule, {
bufferLogs: true,
});
setupCors(app);
setupThrottler(app);
app.useGlobalPipes(new ValidationPipe());
app.useGlobalFilters(new HttpExceptionFilter());
app.useGlobalInterceptors(new MetricsInterceptor(), new AuditInterceptor(), new ResponseInterceptor());
setupSwagger(app);
const port = process.env.PORT || 3000;
await app.listen(port);
// eslint-disable-next-line no-console
console.log(`BFF API listening on http://localhost:${port}`);
}
bootstrap();
src/app.module.ts
import { Module } from '@nestjs/common';
import { ConfigModule } from '@nestjs/config';
import configuration from './config/configuration';
import { validateEnv } from './config/validation';
import { DatabaseModule } from './database/database.module';
import { AuthModule } from './modules/auth/auth.module';
import { UsersModule } from './modules/users/users.module';
import { ProductsModule } from './modules/products/products.module';
import { OrdersModule } from './modules/orders/orders.module';
import { CacheModule as BffCacheModule } from './modules/cache/cache.module';
import { QueueModule } from './modules/queue/queue.module';
import { HealthModule } from './modules/health/health.module';
import { MetricsModule } from './modules/metrics/metrics.module';
import { APP_GUARD } from '@nestjs/core';
import { ThrottlerGuard } from '@nestjs/throttler';
@Module({
imports: [
ConfigModule.forRoot({
isGlobal: true,
load: [configuration],
validate: validateEnv,
envFilePath: ['.env'],
}),
DatabaseModule,
BffCacheModule,
QueueModule,
AuthModule,
UsersModule,
ProductsModule,
OrdersModule,
HealthModule,
MetricsModule,
],
providers: [
{ provide: APP_GUARD, useClass: ThrottlerGuard },
],
})
export class AppModule {}
- 统一响应与错误码
src/common/constants/error-codes.ts
export enum ErrorCode {
OK = 0,
VALIDATION_FAILED = 1001,
UNAUTHORIZED = 1002,
FORBIDDEN = 1003,
NOT_FOUND = 1004,
RATE_LIMITED = 1005,
CONFLICT = 1006,
INTERNAL_ERROR = 1999,
}
src/common/interceptors/response.interceptor.ts
import { CallHandler, ExecutionContext, Injectable, NestInterceptor } from '@nestjs/common';
import { Observable, map } from 'rxjs';
import { ErrorCode } from '../constants/error-codes';
import { getTraceId } from '../utils/trace.util';
@Injectable()
export class ResponseInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
const req = context.switchToHttp().getRequest();
const traceId = getTraceId(req);
return next.handle().pipe(
map((data) => ({
code: ErrorCode.OK,
message: 'success',
data,
traceId,
})),
);
}
}
src/common/filters/http-exception.filter.ts
import { ArgumentsHost, Catch, ExceptionFilter, HttpException, HttpStatus } from '@nestjs/common';
import { ErrorCode } from '../constants/error-codes';
import { getTraceId } from '../utils/trace.util';
@Catch()
export class HttpExceptionFilter implements ExceptionFilter {
catch(exception: any, host: ArgumentsHost) {
const ctx = host.switchToHttp();
const res = ctx.getResponse();
const req = ctx.getRequest();
const traceId = getTraceId(req);
let status = HttpStatus.INTERNAL_SERVER_ERROR;
let message = 'Internal Server Error';
let code = ErrorCode.INTERNAL_ERROR;
if (exception instanceof HttpException) {
status = exception.getStatus();
const response: any = exception.getResponse();
message = response?.message || exception.message;
code = this.mapStatusToCode(status);
}
res.status(status).json({ code, message, traceId });
}
private mapStatusToCode(status: number): ErrorCode {
switch (status) {
case 400: return ErrorCode.VALIDATION_FAILED;
case 401: return ErrorCode.UNAUTHORIZED;
case 403: return ErrorCode.FORBIDDEN;
case 404: return ErrorCode.NOT_FOUND;
case 409: return ErrorCode.CONFLICT;
case 429: return ErrorCode.RATE_LIMITED;
default: return ErrorCode.INTERNAL_ERROR;
}
}
}
src/common/interceptors/audit.interceptor.ts
import { CallHandler, ExecutionContext, Injectable, NestInterceptor } from '@nestjs/common';
import { Observable, tap } from 'rxjs';
@Injectable()
export class AuditInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
const req = context.switchToHttp().getRequest();
const userId = req.user?.sub;
const now = Date.now();
return next.handle().pipe(
tap(() => {
// 简化版审计日志,可替换为写入DB或队列
// eslint-disable-next-line no-console
console.log('[AUDIT]', {
userId,
method: req.method,
path: req.originalUrl || req.url,
ip: req.ip,
durationMs: Date.now() - now,
});
}),
);
}
}
src/common/interceptors/metrics.interceptor.ts
import { CallHandler, ExecutionContext, Injectable, NestInterceptor } from '@nestjs/common';
import { Observable, tap } from 'rxjs';
import { Counter, Histogram, register } from 'prom-client';
const httpRequestsTotal = new Counter({
name: 'http_requests_total',
help: 'Total HTTP requests',
labelNames: ['method', 'route', 'status'],
});
const httpRequestDuration = new Histogram({
name: 'http_request_duration_seconds',
help: 'HTTP request duration in seconds',
labelNames: ['method', 'route', 'status'],
buckets: [0.05, 0.1, 0.3, 0.5, 1, 3, 5],
});
register.registerMetric(httpRequestsTotal);
register.registerMetric(httpRequestDuration);
@Injectable()
export class MetricsInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
const request = context.switchToHttp().getRequest();
const method = request.method;
const route = request.route?.path || request.url;
const start = process.hrtime();
return next.handle().pipe(
tap({
next: () => {},
error: (err) => {
const dur = process.hrtime(start);
const seconds = dur[0] + dur[1] / 1e9;
httpRequestsTotal.inc({ method, route, status: err?.status || 500 });
httpRequestDuration.observe({ method, route, status: err?.status || 500 }, seconds);
},
complete: () => {
const response = context.switchToHttp().getResponse();
const status = response.statusCode;
const dur = process.hrtime(start);
const seconds = dur[0] + dur[1] / 1e9;
httpRequestsTotal.inc({ method, route, status });
httpRequestDuration.observe({ method, route, status }, seconds);
},
}),
);
}
}
src/common/pipes/validation.pipe.ts
import { BadRequestException, Injectable, ValidationPipe as NestValidationPipe } from '@nestjs/common';
@Injectable()
export class ValidationPipe extends NestValidationPipe {
constructor() {
super({
whitelist: true,
forbidNonWhitelisted: true,
transform: true,
exceptionFactory: (errors) => new BadRequestException(errors.map(e => Object.values(e.constraints || {})).flat()),
});
}
}
- 安全:JWT 与角色守卫
src/modules/auth/auth.module.ts
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { UsersModule } from '../users/users.module';
import { JwtAccessStrategy } from './strategies/jwt-access.strategy';
import { JwtRefreshStrategy } from './strategies/jwt-refresh.strategy';
@Module({
imports: [
UsersModule,
JwtModule.register({ // 动态在 service 使用 secrets
global: true,
signOptions: { expiresIn: '15m' },
}),
],
controllers: [AuthController],
providers: [AuthService, JwtAccessStrategy, JwtRefreshStrategy],
exports: [AuthService],
})
export class AuthModule {}
src/modules/auth/auth.service.ts
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import * as bcrypt from 'bcryptjs';
import { UsersService } from '../users/users.service';
import { ConfigService } from '@nestjs/config';
import { CacheService } from '../cache/cache.service';
@Injectable()
export class AuthService {
constructor(
private readonly usersService: UsersService,
private readonly jwt: JwtService,
private readonly config: ConfigService,
private readonly cache: CacheService,
) {}
async validateUser(email: string, password: string) {
const user = await this.usersService.findByEmail(email);
if (!user) throw new UnauthorizedException('Invalid credentials');
const ok = await bcrypt.compare(password, user.passwordHash);
if (!ok) throw new UnauthorizedException('Invalid credentials');
return user;
}
async issueTokens(user: { id: string; roles: string[] }, deviceId?: string) {
const accessSecret = this.config.get<string>('security.accessTokenSecret');
const refreshSecret = this.config.get<string>('security.refreshTokenSecret');
const accessToken = await this.jwt.signAsync({ sub: user.id, roles: user.roles }, { secret: accessSecret, expiresIn: '15m' });
const refreshToken = await this.jwt.signAsync({ sub: user.id, deviceId }, { secret: refreshSecret, expiresIn: '7d' });
if (deviceId) {
await this.cache.storeRefreshToken(user.id, deviceId, refreshToken);
}
return { accessToken, refreshToken };
}
async refresh(userId: string, deviceId: string, token: string) {
const stored = await this.cache.getRefreshToken(userId, deviceId);
if (!stored || stored !== token) throw new UnauthorizedException('Invalid refresh token');
const user = await this.usersService.findById(userId);
return this.issueTokens({ id: user.id, roles: user.roles }, deviceId);
}
async revoke(userId: string, deviceId: string) {
await this.cache.deleteRefreshToken(userId, deviceId);
return true;
}
}
src/modules/auth/auth.controller.ts
import { Body, Controller, Post } from '@nestjs/common';
import { AuthService } from './auth.service';
import { LoginDto } from './dtos/login.dto';
import { RefreshDto } from './dtos/refresh.dto';
@Controller({ path: 'auth', version: '1' })
export class AuthController {
constructor(private readonly authService: AuthService) {}
@Post('login')
async login(@Body() dto: LoginDto) {
const user = await this.authService.validateUser(dto.email, dto.password);
return this.authService.issueTokens({ id: user.id, roles: user.roles }, dto.deviceId);
}
@Post('refresh')
async refresh(@Body() dto: RefreshDto) {
return this.authService.refresh(dto.userId, dto.deviceId, dto.refreshToken);
}
@Post('logout')
async logout(@Body() dto: RefreshDto) {
await this.authService.revoke(dto.userId, dto.deviceId);
return { ok: true };
}
}
src/modules/auth/strategies/jwt-access.strategy.ts
import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';
import { ConfigService } from '@nestjs/config';
@Injectable()
export class JwtAccessStrategy extends PassportStrategy(Strategy, 'jwt') {
constructor(config: ConfigService) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: config.get<string>('security.accessTokenSecret'),
ignoreExpiration: false,
});
}
async validate(payload: any) {
return payload; // { sub, roles }
}
}
src/modules/auth/strategies/jwt-refresh.strategy.ts
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy } from 'passport-jwt';
import { ConfigService } from '@nestjs/config';
@Injectable()
export class JwtRefreshStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
constructor(config: ConfigService) {
super({
jwtFromRequest: (req) => req.body?.refreshToken,
secretOrKey: config.get<string>('security.refreshTokenSecret'),
ignoreExpiration: false,
});
}
async validate(payload: any) {
if (!payload?.sub) throw new UnauthorizedException();
return payload; // { sub, deviceId }
}
}
src/common/guards/jwt-auth.guard.ts
import { Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class JwtAuthGuard extends AuthGuard('jwt') {}
src/common/decorators/roles.decorator.ts
import { SetMetadata } from '@nestjs/common';
export const ROLES_KEY = 'roles';
export const Roles = (...roles: string[]) => SetMetadata(ROLES_KEY, roles);
src/common/guards/roles.guard.ts
import { CanActivate, ExecutionContext, Injectable, ForbiddenException } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { ROLES_KEY } from '../decorators/roles.decorator';
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const required = this.reflector.get<string[]>(ROLES_KEY, context.getHandler());
if (!required || required.length === 0) return true;
const user = context.switchToHttp().getRequest().user;
const ok = required.some(r => user?.roles?.includes(r));
if (!ok) throw new ForbiddenException('Insufficient role');
return true;
}
}
- CORS 与速率限制
src/config/cors.ts
import { INestApplication } from '@nestjs/common';
export function setupCors(app: INestApplication) {
app.enableCors({
origin: (origin, cb) => cb(null, true),
credentials: true,
exposedHeaders: ['x-trace-id'],
});
}
src/config/throttler.ts
import { INestApplication } from '@nestjs/common';
import { ThrottlerModule } from '@nestjs/throttler';
export function setupThrottler(app: INestApplication) {
// 已在 AppModule 配置 APP_GUARD
}
export const ThrottlerImport = ThrottlerModule.forRoot({
ttl: 60,
limit: 100,
});
- Swagger 文档
src/config/swagger.ts
import { INestApplication } from '@nestjs/common';
import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger';
export function setupSwagger(app: INestApplication) {
const config = new DocumentBuilder()
.setTitle('BFF Gateway API')
.setDescription('Web/Mobile BFF REST API with JWT, RBAC, Cache, Queue and Observability')
.setVersion('1.0.0')
.addBearerAuth()
.build();
const doc = SwaggerModule.createDocument(app, config);
SwaggerModule.setup('/docs', app, doc, {
swaggerOptions: { persistAuthorization: true },
});
}
- 配置与校验
src/config/configuration.ts
export default () => ({
nodeEnv: process.env.NODE_ENV || 'development',
port: parseInt(process.env.PORT || '3000', 10),
security: {
accessTokenSecret: process.env.ACCESS_TOKEN_SECRET || 'change_me',
refreshTokenSecret: process.env.REFRESH_TOKEN_SECRET || 'change_me_too',
},
db: {
host: process.env.DB_HOST || 'localhost',
port: parseInt(process.env.DB_PORT || '5432', 10),
user: process.env.DB_USER || 'postgres',
password: process.env.DB_PASSWORD || 'postgres',
database: process.env.DB_NAME || 'bff',
},
redis: {
url: process.env.REDIS_URL || 'redis://localhost:6379',
},
queue: {
prefix: 'bff',
},
});
src/config/validation.ts
import * as Joi from 'joi';
export function validateEnv(config: Record<string, any>) {
const schema = Joi.object({
NODE_ENV: Joi.string().valid('development', 'test', 'production').default('development'),
PORT: Joi.number().default(3000),
ACCESS_TOKEN_SECRET: Joi.string().min(16).required(),
REFRESH_TOKEN_SECRET: Joi.string().min(16).required(),
DB_HOST: Joi.string().required(),
DB_PORT: Joi.number().default(5432),
DB_USER: Joi.string().required(),
DB_PASSWORD: Joi.string().allow(''),
DB_NAME: Joi.string().required(),
REDIS_URL: Joi.string().uri().required(),
}).unknown(true);
const { error } = schema.validate(process.env);
if (error) throw new Error(`Config validation error: ${error.message}`);
return config;
}
- 数据库与实体/迁移/种子
src/database/typeorm.config.ts
import { TypeOrmModuleOptions } from '@nestjs/typeorm';
import { ConfigService } from '@nestjs/config';
import { User } from '../modules/users/entities/user.entity';
import { Product } from '../modules/products/entities/product.entity';
import { Order } from '../modules/orders/entities/order.entity';
export const typeOrmConfig = (config: ConfigService): TypeOrmModuleOptions => ({
type: 'postgres',
host: config.get('db.host'),
port: config.get('db.port'),
username: config.get('db.user'),
password: config.get('db.password'),
database: config.get('db.database'),
entities: [User, Product, Order],
migrations: ['dist/database/migrations/*.js'],
synchronize: false,
logging: ['error', 'warn'],
});
src/database/database.module.ts
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { ConfigService } from '@nestjs/config';
import { typeOrmConfig } from './typeorm.config';
@Module({
imports: [
TypeOrmModule.forRootAsync({
inject: [ConfigService],
useFactory: (config: ConfigService) => typeOrmConfig(config),
}),
],
})
export class DatabaseModule {}
src/modules/users/entities/user.entity.ts
import { Column, CreateDateColumn, Entity, PrimaryGeneratedColumn, UpdateDateColumn } from 'typeorm';
@Entity('users')
export class User {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ unique: true })
email: string;
@Column()
passwordHash: string;
@Column('text', { array: true, default: '{}' })
roles: string[];
@CreateDateColumn()
createdAt: Date;
@UpdateDateColumn()
updatedAt: Date;
}
src/modules/products/entities/product.entity.ts
import { Column, CreateDateColumn, Entity, PrimaryGeneratedColumn, UpdateDateColumn } from 'typeorm';
@Entity('products')
export class Product {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column()
name: string;
@Column('numeric', { precision: 12, scale: 2 })
price: string;
@Column({ default: true })
active: boolean;
@CreateDateColumn()
createdAt: Date;
@UpdateDateColumn()
updatedAt: Date;
}
src/modules/orders/entities/order.entity.ts
import { Column, CreateDateColumn, Entity, ManyToOne, PrimaryGeneratedColumn, UpdateDateColumn } from 'typeorm';
import { User } from '../../users/entities/user.entity';
@Entity('orders')
export class Order {
@PrimaryGeneratedColumn('uuid')
id: string;
@ManyToOne(() => User)
user: User;
@Column('jsonb')
items: Array<{ productId: string; quantity: number; price: string }>;
@Column('numeric', { precision: 12, scale: 2 })
total: string;
@Column({ default: 'PENDING' })
status: 'PENDING' | 'PAID' | 'CANCELLED';
@CreateDateColumn()
createdAt: Date;
@UpdateDateColumn()
updatedAt: Date;
}
迁移示例
src/database/migrations/1700000000000-InitSchema.ts
import { MigrationInterface, QueryRunner } from 'typeorm';
export class InitSchema1700000000000 implements MigrationInterface {
name = 'InitSchema1700000000000';
public async up(q: QueryRunner): Promise<void> {
await q.query(`CREATE EXTENSION IF NOT EXISTS "uuid-ossp";`);
await q.query(`CREATE TABLE IF NOT EXISTS users (
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
email varchar UNIQUE NOT NULL,
password_hash varchar NOT NULL,
roles text[] NOT NULL DEFAULT '{}',
created_at timestamptz DEFAULT now(),
updated_at timestamptz DEFAULT now()
);`);
await q.query(`CREATE TABLE IF NOT EXISTS products (
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
name varchar NOT NULL,
price numeric(12,2) NOT NULL,
active boolean DEFAULT true,
created_at timestamptz DEFAULT now(),
updated_at timestamptz DEFAULT now()
);`);
await q.query(`CREATE TABLE IF NOT EXISTS orders (
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
user_id uuid REFERENCES users(id),
items jsonb NOT NULL,
total numeric(12,2) NOT NULL,
status varchar NOT NULL DEFAULT 'PENDING',
created_at timestamptz DEFAULT now(),
updated_at timestamptz DEFAULT now()
);`);
}
public async down(q: QueryRunner): Promise<void> {
await q.query(`DROP TABLE IF EXISTS orders;`);
await q.query(`DROP TABLE IF EXISTS products;`);
await q.query(`DROP TABLE IF EXISTS users;`);
}
}
种子数据
src/database/seeds/factories/user.factory.ts
import { DataSource } from 'typeorm';
import { User } from '../../modules/users/entities/user.entity';
import * as bcrypt from 'bcryptjs';
export async function createAdmin(ds: DataSource) {
const repo = ds.getRepository(User);
const exists = await repo.findOne({ where: { email: 'admin@bff.local' } });
if (exists) return exists;
const passwordHash = await bcrypt.hash('Admin@123', 10);
const admin = repo.create({ email: 'admin@bff.local', passwordHash, roles: ['admin'] });
return repo.save(admin);
}
src/database/seeds/seed.ts
import 'reflect-metadata';
import { DataSource } from 'typeorm';
import { createAdmin } from './factories/user.factory';
import { User } from '../../modules/users/entities/user.entity';
import { Product } from '../../modules/products/entities/product.entity';
import { Order } from '../../modules/orders/entities/order.entity';
const ds = new DataSource({
type: 'postgres',
host: process.env.DB_HOST,
port: parseInt(process.env.DB_PORT || '5432', 10),
username: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
entities: [User, Product, Order],
});
(async () => {
await ds.initialize();
await createAdmin(ds);
await ds.getRepository(Product).save([
{ name: 'Sample A', price: '19.90', active: true },
{ name: 'Sample B', price: '29.90', active: true },
]);
await ds.destroy();
// eslint-disable-next-line no-console
console.log('Seed completed');
})();
- 控制器/服务/DTO 与校验示例
src/modules/users/dtos/create-user.dto.ts
import { ApiProperty } from '@nestjs/swagger';
import { IsEmail, IsNotEmpty, MinLength } from 'class-validator';
export class CreateUserDto {
@ApiProperty() @IsEmail() email: string;
@ApiProperty() @MinLength(8) password: string;
@ApiProperty({ isArray: true, required: false }) roles?: string[];
}
src/modules/users/users.service.ts
import { Injectable, NotFoundException } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { User } from './entities/user.entity';
import * as bcrypt from 'bcryptjs';
@Injectable()
export class UsersService {
constructor(@InjectRepository(User) private readonly repo: Repository<User>) {}
async findByEmail(email: string) {
return this.repo.findOne({ where: { email } });
}
async findById(id: string) {
const u = await this.repo.findOne({ where: { id } });
if (!u) throw new NotFoundException('User not found');
return u;
}
async create(email: string, password: string, roles: string[] = ['user']) {
const passwordHash = await bcrypt.hash(password, 10);
const u = this.repo.create({ email, passwordHash, roles });
return this.repo.save(u);
}
}
src/modules/users/users.controller.ts
import { Body, Controller, Get, Param, Post, UseGuards } from '@nestjs/common';
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
import { RolesGuard } from '../../common/guards/roles.guard';
import { Roles } from '../../common/decorators/roles.decorator';
import { UsersService } from './users.service';
import { CreateUserDto } from './dtos/create-user.dto';
@Controller({ path: 'users', version: '1' })
@UseGuards(JwtAuthGuard, RolesGuard)
export class UsersController {
constructor(private readonly users: UsersService) {}
@Roles('admin')
@Post()
async create(@Body() dto: CreateUserDto) {
return this.users.create(dto.email, dto.password, dto.roles || ['user']);
}
@Get(':id')
async byId(@Param('id') id: string) {
return this.users.findById(id);
}
}
类似提供 products/orders 的模块(省略冗长代码),在 service 中可聚合调用其他后端服务(如通过 HTTP 客户端 axios),并结合 Redis 缓存与失效策略。
- 缓存与 Redis
src/modules/cache/cache.module.ts
import { Module } from '@nestjs/common';
import { CacheModule as NestCacheModule } from '@nestjs/cache-manager';
import { CacheService } from './cache.service';
import { ConfigService } from '@nestjs/config';
import { redisStore } from 'cache-manager-redis-yet';
@Module({
imports: [
NestCacheModule.registerAsync({
inject: [ConfigService],
useFactory: async (config: ConfigService) => ({
store: await redisStore({
url: config.get<string>('redis.url'),
ttl: 5, // 默认缓存 5s
}),
}),
isGlobal: true,
}),
],
providers: [CacheService],
exports: [CacheService],
})
export class CacheModule {}
src/modules/cache/cache.service.ts
import { Injectable } from '@nestjs/common';
import { Cache } from 'cache-manager';
import { Inject } from '@nestjs/common';
import { CACHE_MANAGER } from '@nestjs/cache-manager';
@Injectable()
export class CacheService {
constructor(@Inject(CACHE_MANAGER) private cache: Cache) {}
async get<T>(key: string): Promise<T | undefined> {
return this.cache.get<T>(key);
}
async set<T>(key: string, val: T, ttlSeconds?: number) {
await this.cache.set(key, val, ttlSeconds ? { ttl: ttlSeconds } : undefined);
}
async del(key: string) {
await this.cache.del(key);
}
async storeRefreshToken(userId: string, deviceId: string, token: string) {
await this.set(`rt:${userId}:${deviceId}`, token, 7 * 24 * 3600);
}
async getRefreshToken(userId: string, deviceId: string) {
return this.get<string>(`rt:${userId}:${deviceId}`);
}
async deleteRefreshToken(userId: string, deviceId: string) {
await this.del(`rt:${userId}:${deviceId}`);
}
}
src/common/decorators/cached.decorator.ts
import { SetMetadata } from '@nestjs/common';
export const CACHED_KEY = 'cached';
export const Cached = (key: string, ttl = 60) => SetMetadata(CACHED_KEY, { key, ttl });
可在拦截器中读取 CACHED_KEY 自动缓存(此处略),或在 service 手动缓存与失效。
- 队列与异步任务(延迟与重试)
src/modules/queue/queue.module.ts
import { Module } from '@nestjs/common';
import { BullModule } from '@nestjs/bullmq';
import { ConfigService } from '@nestjs/config';
import { MailProcessor } from './mail.processor';
import { ReconcileProcessor } from './reconcile.processor';
@Module({
imports: [
BullModule.forRootAsync({
inject: [ConfigService],
useFactory: (config: ConfigService) => ({
connection: { url: config.get<string>('redis.url') },
prefix: config.get<string>('queue.prefix'),
}),
}),
BullModule.registerQueue(
{ name: 'mail' },
{ name: 'reconcile' },
),
],
providers: [MailProcessor, ReconcileProcessor],
exports: [],
})
export class QueueModule {}
src/modules/queue/mail.processor.ts
import { Processor, WorkerHost } from '@nestjs/bullmq';
import { Job } from 'bullmq';
@Processor('mail')
export class MailProcessor extends WorkerHost {
async process(job: Job) {
// 发送邮件逻辑(例如使用 nodemailer)
// 支持重试与延迟由添加任务时配置
// eslint-disable-next-line no-console
console.log('Sending mail', job.id, job.data);
}
}
src/modules/queue/reconcile.processor.ts
import { Processor, WorkerHost } from '@nestjs/bullmq';
import { Job } from 'bullmq';
@Processor('reconcile')
export class ReconcileProcessor extends WorkerHost {
async process(job: Job) {
// 对账处理逻辑
// eslint-disable-next-line no-console
console.log('Reconciling', job.id, job.data);
}
}
在业务 service 中添加任务示例:
// await this.queue.add('reconcile', { orderId }, { delay: 60_000, attempts: 5, backoff: { type: 'exponential', delay: 1000 } });
- 健康检查、指标与链路追踪
src/modules/health/health.module.ts
import { Module } from '@nestjs/common';
import { TerminusModule } from '@nestjs/terminus';
import { HealthController } from './health.controller';
@Module({
imports: [TerminusModule],
controllers: [HealthController],
})
export class HealthModule {}
src/modules/health/health.controller.ts
import { Controller, Get } from '@nestjs/common';
import { HealthCheck, HealthCheckService, TypeOrmHealthIndicator } from '@nestjs/terminus';
@Controller('health')
export class HealthController {
constructor(private health: HealthCheckService, private db: TypeOrmHealthIndicator) {}
@Get()
@HealthCheck()
check() {
return this.health.check([
() => this.db.pingCheck('database'),
]);
}
}
src/modules/metrics/metrics.module.ts
import { Module } from '@nestjs/common';
import { MetricsController } from './metrics.controller';
@Module({
controllers: [MetricsController],
})
export class MetricsModule {}
src/modules/metrics/metrics.controller.ts
import { Controller, Get } from '@nestjs/common';
import { register } from 'prom-client';
@Controller('metrics')
export class MetricsController {
@Get()
async metrics() {
return register.metrics();
}
}
OpenTelemetry 初始化
src/tracing/tracing.ts
import { NodeSDK } from '@opentelemetry/sdk-node';
import { getNodeAutoInstrumentations } from '@opentelemetry/auto-instrumentations-node';
import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
import { Resource } from '@opentelemetry/resources';
import { SemanticResourceAttributes } from '@opentelemetry/semantic-conventions';
let sdk: NodeSDK;
export function initTracing() {
if (sdk) return;
const exporter = new OTLPTraceExporter({
url: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'http://localhost:4318/v1/traces',
});
sdk = new NodeSDK({
resource: new Resource({
[SemanticResourceAttributes.SERVICE_NAME]: 'bff-gateway',
[SemanticResourceAttributes.SERVICE_VERSION]: '1.0.0',
}),
traceExporter: exporter,
instrumentations: [getNodeAutoInstrumentations()],
});
sdk.start();
}
src/common/utils/trace.util.ts
import { randomUUID } from 'crypto';
export function getTraceId(req: any): string {
const id = req.headers['x-trace-id'] || req.id || randomUUID();
req.headers['x-trace-id'] = id;
return id;
}
- 测试(Jest 单元/集成,隔离测试数据库)
jest.config.js
module.exports = {
preset: 'ts-jest',
testEnvironment: 'node',
rootDir: '.',
testMatch: ['**/test/**/*.spec.ts'],
moduleFileExtensions: ['ts', 'js', 'json'],
collectCoverage: true,
coveragePathIgnorePatterns: ['/node_modules/', '/test/'],
};
test/unit/users.service.spec.ts
import { UsersService } from '../../src/modules/users/users.service';
import { Repository } from 'typeorm';
import { User } from '../../src/modules/users/entities/user.entity';
const repo = { findOne: jest.fn(), create: jest.fn(), save: jest.fn() } as unknown as Repository<User>;
describe('UsersService', () => {
it('create hashes password', async () => {
const svc = new UsersService(repo);
repo.create = jest.fn().mockReturnValue({ email: 'a@b.com', passwordHash: 'x', roles: ['user'] });
repo.save = jest.fn().mockResolvedValue({ id: 'u1', email: 'a@b.com', roles: ['user'] });
const res = await svc.create('a@b.com', 'Secret123', ['user']);
expect(res.email).toBe('a@b.com');
expect(repo.create).toHaveBeenCalled();
});
});
test/e2e/app.e2e-spec.ts
import { Test } from '@nestjs/testing';
import { INestApplication } from '@nestjs/common';
import { AppModule } from '../../src/app.module';
import * as request from 'supertest';
describe('App E2E', () => {
let app: INestApplication;
beforeAll(async () => {
const moduleRef = await Test.createTestingModule({ imports: [AppModule] }).compile();
app = moduleRef.createNestApplication();
await app.init();
});
afterAll(async () => {
await app.close();
});
it('/health (GET)', async () => {
const res = await request(app.getHttpServer()).get('/health').expect(200);
expect(res.body.status).toBe('ok');
});
});
测试数据库隔离建议使用 testcontainers(可按需增加),或在 CI 启动 docker-compose 的 postgres 与 redis。
- 环境与 .env 模板
.env.example
NODE_ENV=development
PORT=3000
ACCESS_TOKEN_SECRET=replace_with_long_random_string
REFRESH_TOKEN_SECRET=replace_with_long_random_string
DB_HOST=postgres
DB_PORT=5432
DB_USER=postgres
DB_PASSWORD=postgres
DB_NAME=bff
REDIS_URL=redis://redis:6379
OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4318
- 部署:Docker 与 Compose
Dockerfile
FROM node:20-alpine AS builder
WORKDIR /app
COPY package.json yarn.lock ./
RUN yarn install --frozen-lockfile
COPY . .
RUN yarn build
FROM node:20-alpine
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/package.json /app/yarn.lock ./
RUN yarn install --frozen-lockfile --production
COPY --from=builder /app/dist ./dist
COPY .env ./.env
CMD ["node", "dist/main.js"]
docker-compose.yml
services:
api:
build: .
ports:
- "3000:3000"
env_file: .env
depends_on:
- postgres
- redis
command: ["node", "dist/main.js"]
postgres:
image: postgres:16-alpine
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_DB: bff
ports:
- "5432:5432"
redis:
image: redis:7-alpine
ports:
- "6379:6379"
otel-collector:
image: otel/opentelemetry-collector:latest
command: ["--config=/etc/otel-collector-config.yaml"]
volumes:
- ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
ports:
- "4318:4318"
scripts/start-prod.sh
#!/usr/bin/env sh
set -e
node dist/main.js
- CI/CD(GitHub Actions)
.github/workflows/ci.yml
name: CI
on:
push:
branches: [ main ]
pull_request:
jobs:
build-test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_PASSWORD: postgres
POSTGRES_DB: bff_test
ports: ['5432:5432']
redis:
image: redis:7-alpine
ports: ['6379:6379']
env:
NODE_ENV: test
ACCESS_TOKEN_SECRET: test_access_secret_1234567890
REFRESH_TOKEN_SECRET: test_refresh_secret_1234567890
DB_HOST: localhost
DB_PORT: 5432
DB_USER: postgres
DB_PASSWORD: postgres
DB_NAME: bff_test
REDIS_URL: redis://localhost:6379
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'yarn'
- run: yarn install --frozen-lockfile
- run: yarn lint
- run: yarn build
- run: yarn test --coverage
docker:
needs: build-test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:latest
- package.json 与脚本(yarn)
package.json
{
"name": "bff-gateway",
"version": "1.0.0",
"private": true,
"scripts": {
"start": "nest start",
"start:dev": "nest start --watch",
"build": "nest build",
"lint": "eslint . --ext .ts",
"test": "jest",
"test:e2e": "jest --config test/e2e/jest-e2e.json",
"typeorm:migration:generate": "typeorm migration:generate ./src/database/migrations/AutoMigration -d ormconfig.ts",
"typeorm:migration:run": "typeorm migration:run -d ormconfig.ts",
"seed": "ts-node ./src/database/seeds/seed.ts",
"docker:up": "docker-compose up -d --build",
"docker:down": "docker-compose down"
},
"dependencies": {
"@nestjs/bullmq": "^2.0.0",
"@nestjs/cache-manager": "^2.2.0",
"@nestjs/common": "^10.0.0",
"@nestjs/config": "^3.0.0",
"@nestjs/core": "^10.0.0",
"@nestjs/jwt": "^10.2.0",
"@nestjs/passport": "^10.0.0",
"@nestjs/platform-express": "^10.0.0",
"@nestjs/swagger": "^7.3.0",
"@nestjs/terminus": "^10.2.0",
"@nestjs/throttler": "^4.2.0",
"bcryptjs": "^2.4.3",
"bullmq": "^5.5.0",
"cache-manager": "^5.2.0",
"cache-manager-redis-yet": "^3.0.2",
"class-transformer": "^0.5.1",
"class-validator": "^0.14.0",
"ioredis": "^5.4.1",
"passport": "^0.7.0",
"passport-jwt": "^4.0.1",
"pg": "^8.12.0",
"prom-client": "^15.1.1",
"reflect-metadata": "^0.1.13",
"rxjs": "^7.8.1",
"typeorm": "^0.3.20",
"@opentelemetry/sdk-node": "^0.49.1",
"@opentelemetry/auto-instrumentations-node": "^0.49.1",
"@opentelemetry/exporter-trace-otlp-http": "^0.49.1"
},
"devDependencies": {
"@nestjs/testing": "^10.0.0",
"@types/bcryptjs": "^2.4.2",
"@types/jest": "^29.5.4",
"@types/node": "^20.8.10",
"@types/passport-jwt": "^3.0.10",
"@types/supertest": "^2.0.12",
"eslint": "^8.57.0",
"eslint-config-standard-with-typescript": "^38.0.0",
"eslint-plugin-import": "^2.29.1",
"eslint-plugin-n": "^16.3.1",
"eslint-plugin-promise": "^6.1.1",
"jest": "^29.7.0",
"supertest": "^6.3.3",
"ts-jest": "^29.1.1",
"ts-node": "^10.9.2",
"typescript": "^5.4.0"
}
}
.eslintrc.js(Standard 风格)
module.exports = {
root: true,
parser: '@typescript-eslint/parser',
plugins: ['@typescript-eslint'],
extends: [
'standard-with-typescript'
],
parserOptions: {
project: './tsconfig.json'
},
rules: {
'@typescript-eslint/explicit-function-return-type': 'off'
}
};
ormconfig.ts(TypeORM CLI)
import { DataSource } from 'typeorm';
import { User } from './src/modules/users/entities/user.entity';
import { Product } from './src/modules/products/entities/product.entity';
import { Order } from './src/modules/orders/entities/order.entity';
export default new DataSource({
type: 'postgres',
host: process.env.DB_HOST || 'localhost',
port: parseInt(process.env.DB_PORT || '5432', 10),
username: process.env.DB_USER || 'postgres',
password: process.env.DB_PASSWORD || 'postgres',
database: process.env.DB_NAME || 'bff',
entities: [User, Product, Order],
migrations: ['dist/database/migrations/*.js'],
});
- BFF 聚合示例(订单创建聚合产品价格与用户)
src/modules/orders/orders.service.ts
import { Injectable, BadRequestException } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { Order } from './entities/order.entity';
import { ProductsService } from '../products/products.service';
@Injectable()
export class OrdersService {
constructor(
@InjectRepository(Order) private repo: Repository<Order>,
private products: ProductsService,
) {}
async create(userId: string, items: Array<{ productId: string; quantity: number }>) {
if (!items?.length) throw new BadRequestException('Items required');
const priced = await Promise.all(items.map(async i => {
const p = await this.products.getById(i.productId);
return { ...i, price: p.price };
}));
const total = priced.reduce((sum, i) => sum + Number(i.price) * i.quantity, 0).toFixed(2);
const order = this.repo.create({ user: { id: userId } as any, items: priced, total, status: 'PENDING' });
return this.repo.save(order);
}
}
- Swagger 示例请求在 DTO 上使用 ApiProperty,控制器上提供示例,或使用 @ApiBody/@ApiResponse(略)。
运行指南
可扩展建议
- 在 common/interceptors 中添加缓存拦截器读取 @Cached 元数据统一缓存控制。
- 审计日志写入专用表或通过队列异步写入以免阻塞。
- 将 OpenTelemetry 与 Prometheus 结合 Grafana 展示。
- 对接外部用户、商品、订单服务时,在 modules 下新增 client 子模块(HTTP/gRPC),并在 BFF service 进行聚合与容错(重试、熔断)。
若需要我生成完整项目仓库的压缩包或根据你的域模型补全 products/orders 的 DTO/Controller/Service 代码,请告知。
