npm - @bpinhosilva/agent-orchestrator - Versions diffs - 1.0.0-alpha.22 → 1.0.0-alpha.24 - Mend

@bpinhosilva/agent-orchestrator 1.0.0-alpha.22 → 1.0.0-alpha.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,19 @@
+# [1.0.0-alpha.24](https://github.com/bpinhosilva/agent-orchestrator/compare/v1.0.0-alpha.23...v1.0.0-alpha.24) (2026-04-02)
+### Features
+* update README and documentation files with additional references and streamlined content ([ae7b1ac](https://github.com/bpinhosilva/agent-orchestrator/commit/ae7b1acbd47eebbc91b154f2b54da83eb8da0be8))
+# [1.0.0-alpha.23](https://github.com/bpinhosilva/agent-orchestrator/compare/v1.0.0-alpha.22...v1.0.0-alpha.23) (2026-04-02)
+### Features
+* enhance project management with user roles and member management ([877832f](https://github.com/bpinhosilva/agent-orchestrator/commit/877832fc4ad8d77499124a4da23c14a1270622a4))
+* implement release workflow with semantic release and build steps; remove old release.yml ([f17eb48](https://github.com/bpinhosilva/agent-orchestrator/commit/f17eb48c64b165c8fd05e142d175716f7990f670))
+* update CI workflow to include E2E and UI tests; bump lodash version ([b8ceee6](https://github.com/bpinhosilva/agent-orchestrator/commit/b8ceee6adf0855b54d4a45d959e87ec338c55887))
 # [1.0.0-alpha.22](https://github.com/bpinhosilva/agent-orchestrator/compare/v1.0.0-alpha.21...v1.0.0-alpha.22) (2026-04-02)

package/README.md CHANGED Viewed

@@ -3,68 +3,230 @@
 [![CI](https://github.com/bpinhosilva/agent-orchestrator/actions/workflows/ci.yml/badge.svg)](https://github.com/bpinhosilva/agent-orchestrator/actions/workflows/ci.yml)
 [![Release](https://github.com/bpinhosilva/agent-orchestrator/actions/workflows/release.yml/badge.svg)](https://github.com/bpinhosilva/agent-orchestrator/actions/workflows/release.yml)
 [![Gitleaks](https://github.com/bpinhosilva/agent-orchestrator/actions/workflows/gitleaks.yml/badge.svg)](https://github.com/bpinhosilva/agent-orchestrator/actions/workflows/gitleaks.yml)
+[![Socket Badge](https://socket.dev/api/badge/npm/package/@bpinhosilva/agent-orchestrator)](https://socket.dev/npm/package/@bpinhosilva/agent-orchestrator)
 Agent Orchestrator is an open-source project designed to manage and orchestrate AI agents using both back-end services and front-end applications. It provides an automated agentic execution environment where you can create multiple agent profiles (e.g., Head Agent, Researcher, CMO) and delegate tasks to them through automated workflows.
 ## Features (In Progress & Planned)
 - **Agent Delegation**: Delegate tasks to specialized AI agents.
+- **Multi-Provider Support**: Google Gemini and Anthropic Claude providers.
 - **Job Scheduler**: Create and schedule recurring agentic tasks.
 - **Workflow Engine**: Drag-and-drop workflow builder supporting triggers, agent chaining, and outputs.
-- **Agent Capabilities**: File reading/writing, web search, email capabilities, and image generation using NanoBanana.
+- **Agent Capabilities**: File reading/writing, web search, email capabilities, and image generation.
+- **Role-Based Access Control**: Admin and member roles with project-level membership.
 - **TUI/CLI Tooling**: CLI executables to manage the installation and local agent configuration.
-## Current Architecture
-- **Backend Framework**: NestJS + TypeScript
-- **Frontend SPA**: React (Currently served as a single placeholder HTML file by the backend for MVP)
-- **Database**: PostgreSQL (via Docker Compose)
+## Architecture
+- **Backend Framework**: NestJS 11 + TypeScript 5
+- **Frontend SPA**: React (built separately, served as static files)
+- **Database**: PostgreSQL (production) / SQLite (development)
 - **Testing**: Jest (TDD Approach with Unit & E2E)
-- **Architecture**: 3-Tier (Controller, Service, DAL/Adapter Interfaces)
+- **Architecture**: 3-Tier (Controller → Service → Repository)
 ## Prerequisites
 - [Node.js](https://nodejs.org/) (v18+)
-- [Docker](https://www.docker.com/) and Docker Compose (Optional for local PostgreSQL deployment)
-- A [Google Gemini API Key](https://aistudio.google.com/)
+- [Docker](https://www.docker.com/) and Docker Compose (optional, for PostgreSQL)
+- A [Google Gemini API Key](https://aistudio.google.com/) or [Anthropic API Key](https://console.anthropic.com/)
-## Installation
+## Quick Start
+### 1. Install Dependencies
+```bash
+npm install
+```
+> **Note**: The project uses `ignore-scripts=true` in `.npmrc` for supply chain security. After installing, run `npm rebuild` to compile native modules (bcrypt, sqlite3).
+### 2. Configure Environment
+Create a `.env` file in the project root (or set `AGENT_ORCHESTRATOR_HOME` to point to a directory containing `.env`):
+```bash
+# Required
+JWT_SECRET="at-least-32-characters-long-secret-key"
+# AI Providers (at least one required for agent functionality)
+GEMINI_API_KEY="your-gemini-api-key"
+ANTHROPIC_API_KEY="your-anthropic-api-key"
+# Optional
+PORT=3000                           # Server port (default: 3000)
+NODE_ENV=development                # development | production | test
+DATABASE_URL=                       # PostgreSQL connection string (omit for SQLite)
+ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
+SCHEDULER_ENABLED=true              # Enable/disable task scheduler CRON
+DB_LOGGING=false                    # Enable TypeORM query logging
+```
+### 3. Set Up the Database
+**Option A: SQLite (Development — zero config)**
+SQLite is used automatically when `DATABASE_URL` is not set. The database file is created at `local.sqlite` in the project root (or `$AGENT_ORCHESTRATOR_HOME/local.sqlite`).
+**Option B: PostgreSQL (Production)**
+```bash
+# Start PostgreSQL via Docker Compose
+docker compose up -d
+# Set the connection string
+export DATABASE_URL="postgresql://orchestrator:orchestrator_password@localhost:5433/agent_orchestrator"
+```
+Then run migrations and seed the admin user:
+```bash
+# Apply database migrations
+npm run migration:run
+# Create the initial admin user (interactive prompt)
+npm run seed:admin
+```
+### 4. Run the Application
+```bash
+# Development (API + UI with hot reload)
+npm run dev
+# Or API only in watch mode
+npm run start:dev
+# Production build
+npm run build
+npm run start:prod
+```
+The dashboard is available at `http://localhost:3000` and the API at `http://localhost:3000/api/v1/`.
+## Database Management
+The project uses [TypeORM](https://typeorm.io/) migrations to manage schema changes. **Never rely on `synchronize: true`** — it is disabled in all environments.
+### Migration Commands
 ```bash
-$ npm install
+# Generate a new migration from entity changes
+npm run typeorm -- migration:generate src/migrations/DescriptiveName
+# Apply all pending migrations
+npm run migration:run
+# Revert the last applied migration
+npm run migration:revert
+# Drop the entire database schema (use with caution!)
+npm run schema:drop
 ```
-## Running the app
+### Migration Workflow
+1. Modify your entity files in `src/`
+2. Generate a migration: `npm run typeorm -- migration:generate src/migrations/YourMigrationName`
+3. Review the generated file in `src/migrations/`
+4. Apply it: `npm run migration:run`
+5. Verify with tests: `npm run test:all`
-Before running the application, ensure you have set the `GEMINI_API_KEY` in your environment variables, as the default agent is the `GeminiAgent`.
+### Seeding
 ```bash
-# Start the PostgreSQL Database
-$ docker compose up -d
+# Create the initial admin user
+npm run seed:admin
+```
+This creates a user with the `admin` role. All subsequent users registered via `POST /auth/register` (admin-only endpoint) default to `member` role.
-# development
-$ GEMINI_API_KEY="your-api-key" npm run start
+## Deployment
-# watch mode
-$ GEMINI_API_KEY="your-api-key" npm run start:dev
+### Production Checklist
-# production mode
-$ GEMINI_API_KEY="your-api-key" npm run start:prod
+1. **Database**: Use PostgreSQL — set `DATABASE_URL` environment variable
+2. **Migrations**: Run `npm run migration:run` before starting the app
+3. **Environment**:
+   - `NODE_ENV=production` — disables Swagger UI and enables secure cookies
+   - `JWT_SECRET` — strong secret, minimum 32 characters
+   - `ALLOWED_ORIGINS` — comma-separated list of allowed CORS origins (required in production)
+4. **Build**: Run `npm run build` to compile TypeScript and bundle the UI
+5. **Start**: `npm run start:prod` (or `node dist/main.js`)
+### Docker
+```bash
+# Build and run with Docker Compose (includes PostgreSQL)
+docker compose up -d
+# Apply migrations
+DATABASE_URL="postgresql://orchestrator:orchestrator_password@localhost:5433/agent_orchestrator" \
+  npm run migration:run
+# Seed admin
+DATABASE_URL="postgresql://orchestrator:orchestrator_password@localhost:5433/agent_orchestrator" \
+  npm run seed:admin
 ```
-Once running, you can access the frontend dashboard container URL at `http://localhost:3000`. The API endpoints are accessible via `http://localhost:3000/api/v1/`.
+### Updating an Existing Deployment
+1. Pull the latest code
+2. Install dependencies: `npm ci && npm rebuild`
+3. Build: `npm run build`
+4. Run new migrations: `npm run migration:run`
+5. Restart the application
 ## Testing
 ```bash
-# unit tests
-$ npm run test
+# Unit tests
+npm test
+# Unit tests in watch mode
+npm run test:watch
+# E2E tests
+npm run test:e2e
-# e2e tests
-$ npm run test:e2e
+# All tests (unit + UI + E2E)
+npm run test:all
-# test coverage
-$ npm run test:cov
+# Test coverage
+npm run test:cov
+# Run a single test file
+npm test -- src/auth/auth.service.spec.ts
+# Run tests matching a name pattern
+npm test -- --testNamePattern="should validate email"
 ```
-## API usage
+## Security
+### Authentication & Authorization
+- **JWT-based authentication** with httpOnly cookie transport (no tokens in response bodies)
+- **Role-Based Access Control (RBAC)**: `admin` and `member` roles
+  - **Admin**: Full access to all resources
+  - **Member**: Access scoped to projects they own or are members of
+- **Project membership**: Many-to-many model with `owner` and `member` roles per project
+- **Rate limiting**: 60 req/min globally, 5 req/min on auth endpoints
+- All routes protected by default — use `@Public()` decorator for public endpoints
+### Supply Chain Protection
+- `.npmrc` hardened: registry pinned to `registry.npmjs.org`, install scripts disabled
+- `lockfile-lint` validates lockfile integrity in CI and pre-commit hooks
+- `npm audit signatures` checks package provenance in CI
+- [Socket.dev](https://socket.dev) monitors dependencies for supply chain risks
+### Additional Hardening
+- Helmet.js security headers with Content Security Policy
+- CORS restricted to `ALLOWED_ORIGINS` (deny-all in production without explicit config)
+- Swagger UI disabled in production
+- File upload validation: MIME type allowlist + 10MB size limit
+- Input length limits on all text fields via class-validator
+## API Usage
 **Endpoint**: `POST /api/v1/agents/process`
 **Payload**:
@@ -73,3 +235,17 @@ $ npm run test:cov
   "input": "Write a short poem about automation."
 }
 ```
+## Contributing
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+## Additional Documentation
+- [CLI reference](docs/CLI.md)
+- [CI/CD pipeline](docs/CI_CD.md)
+- [Release process](docs/RELEASE.md)
+## License
+See [LICENSE](LICENSE) for details.

package/dist/agents/agents.controller.js CHANGED Viewed

@@ -19,6 +19,8 @@ const agents_service_1 = require("./agents.service");
 const agent_request_dto_1 = require("./dto/agent-request.dto");
 const create_agent_dto_1 = require("./dto/create-agent.dto");
 const update_agent_dto_1 = require("./dto/update-agent.dto");
+const roles_decorator_1 = require("../auth/decorators/roles.decorator");
+const user_entity_1 = require("../users/entities/user.entity");
 let AgentsController = class AgentsController {
     agentsService;
     constructor(agentsService) {
@@ -48,6 +50,7 @@ let AgentsController = class AgentsController {
 };
 exports.AgentsController = AgentsController;
 __decorate([
+    (0, roles_decorator_1.Roles)(user_entity_1.UserRole.ADMIN),
     (0, common_1.Post)(),
     openapi.ApiResponse({ status: 201, type: require("./entities/agent.entity").AgentEntity }),
     __param(0, (0, common_1.Body)()),
@@ -71,6 +74,7 @@ __decorate([
     __metadata("design:returntype", void 0)
 ], AgentsController.prototype, "findOne", null);
 __decorate([
+    (0, roles_decorator_1.Roles)(user_entity_1.UserRole.ADMIN),
     (0, common_1.Patch)(':id'),
     openapi.ApiResponse({ status: 200, type: require("./entities/agent.entity").AgentEntity }),
     __param(0, (0, common_1.Param)('id')),
@@ -80,6 +84,7 @@ __decorate([
     __metadata("design:returntype", void 0)
 ], AgentsController.prototype, "update", null);
 __decorate([
+    (0, roles_decorator_1.Roles)(user_entity_1.UserRole.ADMIN),
     (0, common_1.Delete)(':id'),
     openapi.ApiResponse({ status: 200 }),
     __param(0, (0, common_1.Param)('id')),

package/dist/agents/dto/agent-request.dto.js CHANGED Viewed

@@ -16,7 +16,7 @@ class AgentRequestDto {
     agentId;
     input;
     static _OPENAPI_METADATA_FACTORY() {
-        return { agentId: { required: true, type: () => String }, input: { required: true, type: () => String } };
+        return { agentId: { required: true, type: () => String }, input: { required: true, type: () => String, maxLength: 50000 } };
     }
 }
 exports.AgentRequestDto = AgentRequestDto;
@@ -28,6 +28,7 @@ __decorate([
 __decorate([
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(50000),
     __metadata("design:type", String)
 ], AgentRequestDto.prototype, "input", void 0);
 //# sourceMappingURL=agent-request.dto.js.map

package/dist/agents/dto/create-agent.dto.js CHANGED Viewed

@@ -21,28 +21,32 @@ class CreateAgentDto {
     status;
     providerId;
     static _OPENAPI_METADATA_FACTORY() {
-        return { name: { required: true, type: () => String }, description: { required: false, type: () => String }, role: { required: false, type: () => String }, systemInstructions: { required: false, type: () => String }, modelId: { required: true, type: () => String }, status: { required: false, type: () => String }, providerId: { required: true, type: () => String, format: "uuid" } };
+        return { name: { required: true, type: () => String, maxLength: 200 }, description: { required: false, type: () => String, maxLength: 2000 }, role: { required: false, type: () => String, maxLength: 200 }, systemInstructions: { required: false, type: () => String, maxLength: 10000 }, modelId: { required: true, type: () => String }, status: { required: false, type: () => String, enum: ['active', 'inactive'] }, providerId: { required: true, type: () => String, format: "uuid" } };
     }
 }
 exports.CreateAgentDto = CreateAgentDto;
 __decorate([
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(200),
     __metadata("design:type", String)
 ], CreateAgentDto.prototype, "name", void 0);
 __decorate([
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.MaxLength)(2000),
     __metadata("design:type", String)
 ], CreateAgentDto.prototype, "description", void 0);
 __decorate([
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.MaxLength)(200),
     __metadata("design:type", String)
 ], CreateAgentDto.prototype, "role", void 0);
 __decorate([
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.MaxLength)(10000),
     __metadata("design:type", String)
 ], CreateAgentDto.prototype, "systemInstructions", void 0);
 __decorate([
@@ -53,6 +57,7 @@ __decorate([
 __decorate([
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsIn)(['active', 'inactive']),
     __metadata("design:type", String)
 ], CreateAgentDto.prototype, "status", void 0);
 __decorate([

package/dist/app.module.js CHANGED Viewed

@@ -28,6 +28,7 @@ const throttler_1 = require("@nestjs/throttler");
 const core_1 = require("@nestjs/core");
 const auth_module_1 = require("./auth/auth.module");
 const jwt_auth_guard_1 = require("./auth/guards/jwt-auth.guard");
+const roles_guard_1 = require("./auth/guards/roles.guard");
 const typeorm_2 = require("./config/typeorm");
 const APP_HOME = process.env.AGENT_ORCHESTRATOR_HOME;
 const ENV_PATH = APP_HOME ? (0, path_1.join)(APP_HOME, '.env') : '.env';
@@ -93,6 +94,10 @@ exports.AppModule = AppModule = __decorate([
                 provide: core_1.APP_GUARD,
                 useClass: jwt_auth_guard_1.JwtAuthGuard,
             },
+            {
+                provide: core_1.APP_GUARD,
+                useClass: roles_guard_1.RolesGuard,
+            },
         ],
     })
 ], AppModule);

package/dist/auth/auth.controller.d.ts CHANGED Viewed

@@ -1,14 +1,19 @@
+import { ConfigService } from '@nestjs/config';
 import { AuthService } from './auth.service';
 import { RegisterDto } from './dto/register.dto';
 import { LoginDto } from './dto/login.dto';
+import { UserRole } from '../users/entities/user.entity';
 import type { Response as ExpressResponse, Request as ExpressRequest } from 'express';
 export declare class AuthController {
     private readonly authService;
-    constructor(authService: AuthService);
+    private readonly configService;
+    private readonly isProduction;
+    constructor(authService: AuthService, configService: ConfigService);
     register(registerDto: RegisterDto): Promise<{
         id: string;
         name: string;
         email: string;
+        role: UserRole;
         createdAt: Date;
         updatedAt: Date;
     }>;

package/dist/auth/auth.controller.js CHANGED Viewed

@@ -16,15 +16,23 @@ exports.AuthController = void 0;
 const openapi = require("@nestjs/swagger");
 const common_1 = require("@nestjs/common");
 const throttler_1 = require("@nestjs/throttler");
+const config_1 = require("@nestjs/config");
 const auth_service_1 = require("./auth.service");
 const register_dto_1 = require("./dto/register.dto");
 const login_dto_1 = require("./dto/login.dto");
 const public_decorator_1 = require("./decorators/public.decorator");
+const roles_decorator_1 = require("./decorators/roles.decorator");
+const user_entity_1 = require("../users/entities/user.entity");
 const swagger_1 = require("@nestjs/swagger");
 let AuthController = class AuthController {
     authService;
-    constructor(authService) {
+    configService;
+    isProduction;
+    constructor(authService, configService) {
         this.authService = authService;
+        this.configService = configService;
+        this.isProduction =
+            this.configService.get('NODE_ENV') === 'production';
     }
     register(registerDto) {
         return this.authService.register(registerDto);
@@ -33,14 +41,14 @@ let AuthController = class AuthController {
         const data = await this.authService.login(loginDto);
         res.cookie('auth_token', data.access_token, {
             httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
+            secure: this.isProduction,
             sameSite: 'strict',
             maxAge: data.expires_in * 1000,
             path: '/',
         });
         res.cookie('refresh_token', data.refresh_token, {
             httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
+            secure: this.isProduction,
             sameSite: 'strict',
             maxAge: data.refresh_expires_in * 1000,
             path: '/',
@@ -56,15 +64,22 @@ let AuthController = class AuthController {
         }
         try {
             const data = await this.authService.refresh(refreshToken);
+            res.cookie('auth_token', data.access_token, {
+                httpOnly: true,
+                secure: this.isProduction,
+                sameSite: 'strict',
+                maxAge: data.expires_in * 1000,
+                path: '/',
+            });
             res.cookie('refresh_token', data.refresh_token, {
                 httpOnly: true,
-                secure: process.env.NODE_ENV === 'production',
+                secure: this.isProduction,
                 sameSite: 'strict',
                 maxAge: data.refresh_expires_in * 1000,
                 path: '/',
             });
             return res.json({
-                access_token: data.access_token,
+                message: 'Token refreshed successfully',
                 expires_in: data.expires_in,
                 token_type: data.token_type,
             });
@@ -92,7 +107,7 @@ let AuthController = class AuthController {
 };
 exports.AuthController = AuthController;
 __decorate([
-    (0, public_decorator_1.Public)(),
+    (0, roles_decorator_1.Roles)(user_entity_1.UserRole.ADMIN),
     (0, throttler_1.Throttle)({ default: { limit: 5, ttl: 60000 } }),
     (0, common_1.Post)('register'),
     openapi.ApiResponse({ status: 201 }),
@@ -145,6 +160,7 @@ __decorate([
 exports.AuthController = AuthController = __decorate([
     (0, swagger_1.ApiTags)('auth'),
     (0, common_1.Controller)('auth'),
-    __metadata("design:paramtypes", [auth_service_1.AuthService])
+    __metadata("design:paramtypes", [auth_service_1.AuthService,
+        config_1.ConfigService])
 ], AuthController);
 //# sourceMappingURL=auth.controller.js.map

package/dist/auth/auth.service.d.ts CHANGED Viewed

@@ -23,6 +23,7 @@ export declare class AuthService {
         id: string;
         name: string;
         email: string;
+        role: import("../users/entities/user.entity").UserRole;
         createdAt: Date;
         updatedAt: Date;
     }>;

package/dist/auth/decorators/current-user.decorator.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const CurrentUser: (...dataOrPipes: unknown[]) => ParameterDecorator;

package/dist/auth/decorators/current-user.decorator.js ADDED Viewed

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CurrentUser = void 0;
+const common_1 = require("@nestjs/common");
+exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user;
+});
+//# sourceMappingURL=current-user.decorator.js.map

package/dist/auth/decorators/roles.decorator.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { UserRole } from '../../users/entities/user.entity';
+export declare const ROLES_KEY = "roles";
+export declare const Roles: (...roles: UserRole[]) => import("@nestjs/common").CustomDecorator<string>;

package/dist/auth/decorators/roles.decorator.js ADDED Viewed

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Roles = exports.ROLES_KEY = void 0;
+const common_1 = require("@nestjs/common");
+exports.ROLES_KEY = 'roles';
+const Roles = (...roles) => (0, common_1.SetMetadata)(exports.ROLES_KEY, roles);
+exports.Roles = Roles;
+//# sourceMappingURL=roles.decorator.js.map

package/dist/auth/entities/refresh-token.entity.js CHANGED Viewed

@@ -67,6 +67,7 @@ __decorate([
 ], RefreshToken.prototype, "revokedAt", void 0);
 exports.RefreshToken = RefreshToken = __decorate([
     (0, typeorm_1.Entity)('refresh_tokens'),
-    (0, typeorm_1.Index)(['userId', 'expiresAt'])
+    (0, typeorm_1.Index)(['userId', 'expiresAt']),
+    (0, typeorm_1.Index)(['userId', 'revokedAt'])
 ], RefreshToken);
 //# sourceMappingURL=refresh-token.entity.js.map

package/dist/auth/guards/roles.guard.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+export declare class RolesGuard implements CanActivate {
+    private reflector;
+    constructor(reflector: Reflector);
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/auth/guards/roles.guard.js ADDED Viewed

@@ -0,0 +1,52 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RolesGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const roles_decorator_1 = require("../decorators/roles.decorator");
+const public_decorator_1 = require("../decorators/public.decorator");
+let RolesGuard = class RolesGuard {
+    reflector;
+    constructor(reflector) {
+        this.reflector = reflector;
+    }
+    canActivate(context) {
+        const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (isPublic) {
+            return true;
+        }
+        const requiredRoles = this.reflector.getAllAndOverride(roles_decorator_1.ROLES_KEY, [context.getHandler(), context.getClass()]);
+        if (!requiredRoles || requiredRoles.length === 0) {
+            return true;
+        }
+        const request = context
+            .switchToHttp()
+            .getRequest();
+        const user = request.user;
+        if (!user || !user.role) {
+            throw new common_1.ForbiddenException('Insufficient permissions');
+        }
+        if (!requiredRoles.includes(user.role)) {
+            throw new common_1.ForbiddenException('Insufficient permissions');
+        }
+        return true;
+    }
+};
+exports.RolesGuard = RolesGuard;
+exports.RolesGuard = RolesGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector])
+], RolesGuard);
+//# sourceMappingURL=roles.guard.js.map

package/dist/common/storage.service.d.ts CHANGED Viewed

@@ -18,4 +18,6 @@ export declare class StorageService {
         filePath: string;
     }>;
     delete(relativePath: string): Promise<void>;
+    private validateMimeType;
+    private validateFileSize;
 }