NestJS Tutorial: Build a Production REST API
Build a production-ready REST API with NestJS — modules, controllers, services, guards, interceptors, and MongoDB integration.
Abdur Razzak
Full-Stack Web Developer
Why NestJS?
NestJS is an opinionated Node.js framework built on top of Express or Fastify, using TypeScript and Angular-inspired architecture patterns (decorators, dependency injection, modules). It enforces a consistent project structure, making it excellent for large teams and enterprise applications. NestJS provides built-in support for validation, authentication, serialization, and OpenAPI documentation generation.
NestJS Project Structure
NestJS organizes code into modules, each containing a module file, controller, service, and DTOs (Data Transfer Objects). The AppModule is the root module that imports all feature modules. Create new modules with the NestJS CLI: nest generate module blog. This generates the module, controller, and service files with proper decorators and wiring. The structured approach eliminates architectural debates on large teams.
Controllers and Services
Controllers handle HTTP requests and delegate business logic to services. Decorate controller methods with @Get(), @Post(), @Put(), @Delete() and extract request data with @Body(), @Param(), @Query(). Services contain your business logic and database queries — inject them into controllers via constructor injection. This separation makes controllers thin and services independently testable.
Validation with class-validator
NestJS integrates with class-validator for DTO validation. Define your DTOs as classes with property decorators: @IsString(), @IsEmail(), @IsNotEmpty(), @Min(), @Max(). Enable the global ValidationPipe in main.ts with whitelist: true (strip unknown properties) and forbidNonWhitelisted: true (reject requests with unknown properties). NestJS automatically validates incoming requests against your DTOs.
Guards for Authentication
Guards implement the CanActivate interface to protect routes. The JwtAuthGuard reads the Authorization header, verifies the JWT using Passport.js strategy, and attaches the decoded user to the request. Apply guards globally with app.useGlobalGuards() or per-route with @UseGuards(JwtAuthGuard). Use @Public() custom decorator to opt specific routes out of global auth guard.
NestJS with MongoDB and Mongoose
Install @nestjs/mongoose and mongoose. Import MongooseModule.forRoot() in AppModule with your MongoDB URI. In feature modules, import MongooseModule.forFeature([{ name: Blog.name, schema: BlogSchema }]) to register your schemas. Inject the model using @InjectModel(Blog.name) in your service. NestJS handles the connection lifecycle, and InjectModel provides type-safe access to your Mongoose models.
