@appxdigital/appx-core 0.1.93 → 0.1.95
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/common/interceptors/prisma.interceptor.d.ts.map +1 -1
- package/dist/common/interceptors/prisma.interceptor.js +2 -1
- package/dist/modules/auth/auth.service.d.ts.map +1 -1
- package/dist/modules/auth/auth.service.js +17 -3
- package/dist/modules/auth/refresh-token.strategy.d.ts.map +1 -1
- package/dist/modules/auth/refresh-token.strategy.js +4 -0
- package/dist/prisma/prisma.service.js +3 -3
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prisma.interceptor.d.ts","sourceRoot":"","sources":["../../../src/common/interceptors/prisma.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,WAAW,EAAE,gBAAgB,EAAc,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3F,OAAO,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AACvC,OAAO,EAAC,aAAa,EAAC,MAAM,gBAAgB,CAAC;AAG7C,OAAO,EAAC,UAAU,EAAa,MAAM,MAAM,CAAC;AAK5C,qBACa,iBAAkB,YAAW,eAAe;IAIjD,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,aAAa;IALzB,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAS;gBAG1B,aAAa,EAAE,aAAa,EACrC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,aAAa;IAKxC,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC;
|
|
1
|
+
{"version":3,"file":"prisma.interceptor.d.ts","sourceRoot":"","sources":["../../../src/common/interceptors/prisma.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,WAAW,EAAE,gBAAgB,EAAc,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3F,OAAO,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AACvC,OAAO,EAAC,aAAa,EAAC,MAAM,gBAAgB,CAAC;AAG7C,OAAO,EAAC,UAAU,EAAa,MAAM,MAAM,CAAC;AAK5C,qBACa,iBAAkB,YAAW,eAAe;IAIjD,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,aAAa;IALzB,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAS;gBAG1B,aAAa,EAAE,aAAa,EACrC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,aAAa;IAKxC,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC;CA2D3E"}
|
|
@@ -33,7 +33,8 @@ let PrismaInterceptor = class PrismaInterceptor {
|
|
|
33
33
|
: context.switchToHttp().getRequest(); // HTTP context
|
|
34
34
|
// Attach expose_models metadata if needed
|
|
35
35
|
const permissionMetadata = this.reflector.get(permission_decorator_1.PERMISSION_METADATA_KEY, context.getHandler()) || {};
|
|
36
|
-
nestjs_request_context_1.RequestContext.currentContext
|
|
36
|
+
if (nestjs_request_context_1.RequestContext.currentContext)
|
|
37
|
+
nestjs_request_context_1.RequestContext.currentContext.req.prismaExposedModels = permissionMetadata['expose_models'] || [];
|
|
37
38
|
const useTransaction = this.reflector.get('useTransaction', context.getHandler()) ?? this.defaultUseTransaction === 'true';
|
|
38
39
|
if (useTransaction) {
|
|
39
40
|
return new rxjs_1.Observable((observer) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,WAAW,EAAC,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAE/C,OAAO,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAC,aAAa,EAAC,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAC,UAAU,EAAC,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAC,IAAI,EAAC,MAAM,gBAAgB,CAAC;AAEpC,qBACa,WAAW;IAIhB,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;IAC3C,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa;IACxC,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU;IACzC,SAAS,CAAC,QAAQ,CAAC,aAAa,EAAE,aAAa;IANnD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;gBAGpB,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,aAAa,EACrB,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,aAAa;IAK7C,QAAQ,CAAC,WAAW,EAAE,WAAW;;cAgBE,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC;;IAWzD,KAAK,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,GAAG,CAAA;KAAC,CAAC;IA8B1D,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBlD,YAAY,CACd,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,GACtB,OAAO,CAAC,GAAG,CAAC;IAuBT,cAAc,CAAC,GAAG,EAAE,OAAO;IAW3B,iBAAiB,CAAC,GAAG,EAAE,OAAO;IAW9B,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ;IA0BhD,mBAAmB,CAAC,MAAM,EAAE,MAAM;IAMlC,oBAAoB,CAAC,SAAS,EAAE,MAAM;IAOtC,kBAAkB,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,WAAW,EAAC,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAE/C,OAAO,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAC,aAAa,EAAC,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAC,UAAU,EAAC,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAC,IAAI,EAAC,MAAM,gBAAgB,CAAC;AAEpC,qBACa,WAAW;IAIhB,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;IAC3C,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa;IACxC,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU;IACzC,SAAS,CAAC,QAAQ,CAAC,aAAa,EAAE,aAAa;IANnD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;gBAGpB,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,aAAa,EACrB,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,aAAa;IAK7C,QAAQ,CAAC,WAAW,EAAE,WAAW;;cAgBE,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC;;IAWzD,KAAK,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,GAAG,CAAA;KAAC,CAAC;IA8B1D,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBlD,YAAY,CACd,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,GACtB,OAAO,CAAC,GAAG,CAAC;IAuBT,cAAc,CAAC,GAAG,EAAE,OAAO;IAW3B,iBAAiB,CAAC,GAAG,EAAE,OAAO;IAW9B,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ;IA0BhD,mBAAmB,CAAC,MAAM,EAAE,MAAM;IAMlC,oBAAoB,CAAC,SAAS,EAAE,MAAM;IAOtC,kBAAkB,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YActC,cAAc;IAkCtB,aAAa,CAAC,yBAAyB,EAAE,GAAG,GAAG,OAAO,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAC,CAAC;IA4B3G,OAAO,CAAC,WAAW;IAUb,QAAQ,CAAC,iBAAiB,EAAE,GAAG,GAAG,OAAO,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,GAAG,CAAA;KAAC,CAAC;IAcnG,0BAA0B,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAUlE"}
|
|
@@ -192,7 +192,13 @@ let AuthService = class AuthService {
|
|
|
192
192
|
return !!deleted;
|
|
193
193
|
}
|
|
194
194
|
async validateJwtPayload(payload) {
|
|
195
|
-
const user = await this.
|
|
195
|
+
const user = await this.prisma.user.findFirst({
|
|
196
|
+
where: {
|
|
197
|
+
id: payload.sub,
|
|
198
|
+
}
|
|
199
|
+
}, {
|
|
200
|
+
BYPASS_FILTERING: true,
|
|
201
|
+
});
|
|
196
202
|
if (!user) {
|
|
197
203
|
throw new common_1.UnauthorizedException('Invalid token');
|
|
198
204
|
}
|
|
@@ -240,7 +246,11 @@ let AuthService = class AuthService {
|
|
|
240
246
|
{
|
|
241
247
|
BYPASS_FILTERING: true,
|
|
242
248
|
});
|
|
243
|
-
const user = await this.
|
|
249
|
+
const user = await this.prisma.user.findFirst({
|
|
250
|
+
where: { id: userId, }
|
|
251
|
+
}, {
|
|
252
|
+
BYPASS_FILTERING: true,
|
|
253
|
+
});
|
|
244
254
|
if (!user) {
|
|
245
255
|
throw new common_1.ForbiddenException('Access Denied');
|
|
246
256
|
}
|
|
@@ -258,7 +268,11 @@ let AuthService = class AuthService {
|
|
|
258
268
|
return value * 1000;
|
|
259
269
|
}
|
|
260
270
|
async loginJwt(userFromAuthGuard) {
|
|
261
|
-
const user = await this.
|
|
271
|
+
const user = await this.prisma.user.findFirst({
|
|
272
|
+
where: { id: userFromAuthGuard.id },
|
|
273
|
+
}, {
|
|
274
|
+
BYPASS_FILTERING: true,
|
|
275
|
+
});
|
|
262
276
|
if (!user) {
|
|
263
277
|
throw new common_1.UnauthorizedException('User not found');
|
|
264
278
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refresh-token.strategy.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/refresh-token.strategy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAa,QAAQ,EAAC,MAAM,cAAc,CAAC;AAClD,OAAO,EAAC,aAAa,EAAC,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAC,OAAO,EAAC,MAAM,SAAS,CAAC;AAChC,OAAO,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAC,WAAW,EAAC,MAAM,sBAAsB,CAAC;;;;AAEjD,qBACa,oBAAqB,SAAQ,yBAAyC;IAE3E,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAFX,aAAa,EAAE,aAAa,EAC5B,MAAM,EAAE,aAAa,EACrB,WAAW,EAAE,WAAW;IAcvC,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG;
|
|
1
|
+
{"version":3,"file":"refresh-token.strategy.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/refresh-token.strategy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAa,QAAQ,EAAC,MAAM,cAAc,CAAC;AAClD,OAAO,EAAC,aAAa,EAAC,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAC,OAAO,EAAC,MAAM,SAAS,CAAC;AAChC,OAAO,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAC,WAAW,EAAC,MAAM,sBAAsB,CAAC;;;;AAEjD,qBACa,oBAAqB,SAAQ,yBAAyC;IAE3E,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAFX,aAAa,EAAE,aAAa,EAC5B,MAAM,EAAE,aAAa,EACrB,WAAW,EAAE,WAAW;IAcvC,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG;CAmC5C"}
|
|
@@ -41,6 +41,8 @@ let RefreshTokenStrategy = class RefreshTokenStrategy extends (0, passport_1.Pas
|
|
|
41
41
|
}
|
|
42
42
|
const tokenRecord = await this.prisma.userRefreshToken.findFirst({
|
|
43
43
|
where: { token: refreshToken },
|
|
44
|
+
}, {
|
|
45
|
+
BYPASS_FILTERING: true,
|
|
44
46
|
});
|
|
45
47
|
if (!tokenRecord) {
|
|
46
48
|
throw new common_1.UnauthorizedException('Refresh token not found in store');
|
|
@@ -49,6 +51,8 @@ let RefreshTokenStrategy = class RefreshTokenStrategy extends (0, passport_1.Pas
|
|
|
49
51
|
await this.prisma.userRefreshToken.updateMany({
|
|
50
52
|
where: { userId: user.id, revokedAt: null },
|
|
51
53
|
data: { revokedAt: new Date() },
|
|
54
|
+
}, {
|
|
55
|
+
BYPASS_FILTERING: true,
|
|
52
56
|
});
|
|
53
57
|
throw new common_1.UnauthorizedException('Refresh token revoked');
|
|
54
58
|
}
|
|
@@ -231,7 +231,7 @@ let PrismaService = class PrismaService {
|
|
|
231
231
|
const permissions = permissionsConfig[normalizedName]?.[userRole];
|
|
232
232
|
let actionPermissions;
|
|
233
233
|
// If model is exposed, permissions is ALL
|
|
234
|
-
if (nestjs_request_context_1.RequestContext.currentContext
|
|
234
|
+
if (nestjs_request_context_1.RequestContext.currentContext?.req.prismaExposedModels?.map((m) => m.toLowerCase()).includes(modelName.toLowerCase())) {
|
|
235
235
|
actionPermissions = 'ALL';
|
|
236
236
|
}
|
|
237
237
|
else {
|
|
@@ -255,7 +255,7 @@ let PrismaService = class PrismaService {
|
|
|
255
255
|
this.debug(`Found 1:1 / *:1 (belongsTo) relation to model '${relation.model}' from model '${modelName}' via field '${field}'. Filter will be applied to main conditions...`);
|
|
256
256
|
const relatedPermissions = this.selectPermission(permissionsConfig[relation.model.toLowerCase()]?.[userRole] || {}, action.toString(), relation.model, userRole);
|
|
257
257
|
// If model is exposed, do not apply conditions
|
|
258
|
-
if (nestjs_request_context_1.RequestContext.currentContext
|
|
258
|
+
if (nestjs_request_context_1.RequestContext.currentContext?.req.prismaExposedModels?.map((m) => m.toLowerCase()).includes(relation.model.toLowerCase())) {
|
|
259
259
|
this.debug(`Related model '${relation.model}' is exposed via @Permission() decorator. Skipping conditions for action '${String(action)}' on role ${userRole}.`);
|
|
260
260
|
continue;
|
|
261
261
|
}
|
|
@@ -310,7 +310,7 @@ let PrismaService = class PrismaService {
|
|
|
310
310
|
};
|
|
311
311
|
}
|
|
312
312
|
// If model is exposed, do not apply conditions
|
|
313
|
-
if (nestjs_request_context_1.RequestContext.currentContext
|
|
313
|
+
if (nestjs_request_context_1.RequestContext.currentContext?.req.prismaExposedModels?.map((m) => m.toLowerCase()).includes(modelName.toLowerCase())) {
|
|
314
314
|
this.debug(`Model '${modelName}' is exposed via @Permission() decorator. Skipping conditions for action '${String(action)}' on role ${userRole}.`);
|
|
315
315
|
return args;
|
|
316
316
|
}
|
package/package.json
CHANGED