@dismissible/nestjs-api 0.0.2-canary.8976e84.0 → 0.0.2-canary.d2f56d7.0

package/src/helmet/helmet.config.spec.ts

@@ -0,0 +1,197 @@
+import 'reflect-metadata';
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import { HelmetConfig } from './helmet.config';
+
+describe('HelmetConfig', () => {
+  describe('enabled', () => {
+    it('should transform string "true" to boolean true', () => {
+      const config = plainToInstance(HelmetConfig, { enabled: 'true' });
+      expect(config.enabled).toBe(true);
+    });
+
+    it('should transform string "false" to boolean false', () => {
+      const config = plainToInstance(HelmetConfig, { enabled: 'false' });
+      expect(config.enabled).toBe(false);
+    });
+
+    it('should keep boolean true as true', () => {
+      const config = plainToInstance(HelmetConfig, { enabled: true });
+      expect(config.enabled).toBe(true);
+    });
+
+    it('should keep boolean false as false', () => {
+      const config = plainToInstance(HelmetConfig, { enabled: false });
+      expect(config.enabled).toBe(false);
+    });
+  });
+
+  describe('contentSecurityPolicy', () => {
+    it('should transform string "true" to boolean true', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        contentSecurityPolicy: 'true',
+      });
+      expect(config.contentSecurityPolicy).toBe(true);
+    });
+
+    it('should transform string "false" to boolean false', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        contentSecurityPolicy: 'false',
+      });
+      expect(config.contentSecurityPolicy).toBe(false);
+    });
+
+    it('should keep boolean values unchanged', () => {
+      const configTrue = plainToInstance(HelmetConfig, {
+        enabled: true,
+        contentSecurityPolicy: true,
+      });
+      const configFalse = plainToInstance(HelmetConfig, {
+        enabled: true,
+        contentSecurityPolicy: false,
+      });
+      expect(configTrue.contentSecurityPolicy).toBe(true);
+      expect(configFalse.contentSecurityPolicy).toBe(false);
+    });
+  });
+
+  describe('crossOriginEmbedderPolicy', () => {
+    it('should transform string "true" to boolean true', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        crossOriginEmbedderPolicy: 'true',
+      });
+      expect(config.crossOriginEmbedderPolicy).toBe(true);
+    });
+
+    it('should transform string "false" to boolean false', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        crossOriginEmbedderPolicy: 'false',
+      });
+      expect(config.crossOriginEmbedderPolicy).toBe(false);
+    });
+
+    it('should keep boolean values unchanged', () => {
+      const configTrue = plainToInstance(HelmetConfig, {
+        enabled: true,
+        crossOriginEmbedderPolicy: true,
+      });
+      const configFalse = plainToInstance(HelmetConfig, {
+        enabled: true,
+        crossOriginEmbedderPolicy: false,
+      });
+      expect(configTrue.crossOriginEmbedderPolicy).toBe(true);
+      expect(configFalse.crossOriginEmbedderPolicy).toBe(false);
+    });
+  });
+
+  describe('hstsMaxAge', () => {
+    it('should transform string to number', () => {
+      const config = plainToInstance(HelmetConfig, { enabled: true, hstsMaxAge: '31536000' });
+      expect(config.hstsMaxAge).toBe(31536000);
+    });
+
+    it('should keep number unchanged', () => {
+      const config = plainToInstance(HelmetConfig, { enabled: true, hstsMaxAge: 86400 });
+      expect(config.hstsMaxAge).toBe(86400);
+    });
+  });
+
+  describe('hstsIncludeSubDomains', () => {
+    it('should transform string "true" to boolean true', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsIncludeSubDomains: 'true',
+      });
+      expect(config.hstsIncludeSubDomains).toBe(true);
+    });
+
+    it('should transform string "false" to boolean false', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsIncludeSubDomains: 'false',
+      });
+      expect(config.hstsIncludeSubDomains).toBe(false);
+    });
+
+    it('should keep boolean values unchanged', () => {
+      const configTrue = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsIncludeSubDomains: true,
+      });
+      const configFalse = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsIncludeSubDomains: false,
+      });
+      expect(configTrue.hstsIncludeSubDomains).toBe(true);
+      expect(configFalse.hstsIncludeSubDomains).toBe(false);
+    });
+  });
+
+  describe('hstsPreload', () => {
+    it('should transform string "true" to boolean true', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsPreload: 'true',
+      });
+      expect(config.hstsPreload).toBe(true);
+    });
+
+    it('should transform string "false" to boolean false', () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsPreload: 'false',
+      });
+      expect(config.hstsPreload).toBe(false);
+    });
+
+    it('should keep boolean values unchanged', () => {
+      const configTrue = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsPreload: true,
+      });
+      const configFalse = plainToInstance(HelmetConfig, {
+        enabled: true,
+        hstsPreload: false,
+      });
+      expect(configTrue.hstsPreload).toBe(true);
+      expect(configFalse.hstsPreload).toBe(false);
+    });
+  });
+
+  describe('validation', () => {
+    it('should pass validation with valid config', async () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+        contentSecurityPolicy: true,
+        crossOriginEmbedderPolicy: true,
+        hstsMaxAge: 31536000,
+        hstsIncludeSubDomains: true,
+        hstsPreload: false,
+      });
+
+      const errors = await validate(config);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('should pass validation with only required fields', async () => {
+      const config = plainToInstance(HelmetConfig, {
+        enabled: true,
+      });
+
+      const errors = await validate(config);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('should fail validation when enabled is missing', async () => {
+      const config = plainToInstance(HelmetConfig, {});
+
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('enabled');
+    });
+  });
+});

package/src/helmet/helmet.config.ts

@@ -0,0 +1,60 @@
+import { IsBoolean, IsNumber, IsOptional } from 'class-validator';
+import { Type } from 'class-transformer';
+import { TransformBoolean } from '@dismissible/nestjs-validation';
+
+/**
+ * @see https://helmetjs.github.io/
+ */
+export class HelmetConfig {
+  /**
+   * Whether to enable Helmet middleware
+   */
+  @IsBoolean()
+  @TransformBoolean()
+  public readonly enabled!: boolean;
+
+  /**
+   * Whether to enable Content-Security-Policy header.
+   * @default true
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly contentSecurityPolicy?: boolean;
+
+  /**
+   * Whether to enable Cross-Origin-Embedder-Policy header.
+   * @default true
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly crossOriginEmbedderPolicy?: boolean;
+
+  /**
+   * HSTS max-age in seconds.
+   * @default 31536000 (1 year)
+   */
+  @IsNumber()
+  @IsOptional()
+  @Type(() => Number)
+  public readonly hstsMaxAge?: number;
+
+  /**
+   * Whether to include subdomains in HSTS header.
+   * @default true
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly hstsIncludeSubDomains?: boolean;
+
+  /**
+   * Whether to add HSTS preload directive.
+   * @default false
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly hstsPreload?: boolean;
+}

package/src/helmet/index.ts

@@ -0,0 +1 @@
+export * from './helmet.config';

package/src/server/server.config.spec.ts

@@ -0,0 +1,65 @@
+import 'reflect-metadata';
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import { ServerConfig } from './server.config';
+
+describe('ServerConfig', () => {
+  describe('port', () => {
+    it('should transform string to number', () => {
+      const config = plainToInstance(ServerConfig, { port: '3001' });
+      expect(config.port).toBe(3001);
+    });
+
+    it('should keep number unchanged', () => {
+      const config = plainToInstance(ServerConfig, { port: 3001 });
+      expect(config.port).toBe(3001);
+    });
+
+    it('should handle different port numbers', () => {
+      const config = plainToInstance(ServerConfig, { port: '8080' });
+      expect(config.port).toBe(8080);
+    });
+  });
+
+  describe('validation', () => {
+    it('should pass validation with valid port number', async () => {
+      const config = plainToInstance(ServerConfig, { port: 3001 });
+      const errors = await validate(config);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('should pass validation with string port that transforms to number', async () => {
+      const config = plainToInstance(ServerConfig, { port: '3001' });
+      const errors = await validate(config);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('should fail validation when port is missing', async () => {
+      const config = plainToInstance(ServerConfig, {});
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('port');
+    });
+
+    it('should fail validation when port is not a number', async () => {
+      const config = plainToInstance(ServerConfig, { port: 'not-a-number' });
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('port');
+    });
+
+    it('should fail validation when port is null', async () => {
+      const config = plainToInstance(ServerConfig, { port: null });
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('port');
+    });
+
+    it('should fail validation when port is undefined', async () => {
+      const config = plainToInstance(ServerConfig, { port: undefined });
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('port');
+    });
+  });
+});

package/src/swagger/swagger.config.spec.ts

@@ -0,0 +1,113 @@
+import 'reflect-metadata';
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import { SwaggerConfig } from './swagger.config';
+
+describe('SwaggerConfig', () => {
+  describe('enabled', () => {
+    it('should transform string "true" to boolean true', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: 'true' });
+      expect(config.enabled).toBe(true);
+    });
+
+    it('should transform string "false" to boolean false', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: 'false' });
+      expect(config.enabled).toBe(false);
+    });
+
+    it('should keep boolean true as true', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: true });
+      expect(config.enabled).toBe(true);
+    });
+
+    it('should keep boolean false as false', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: false });
+      expect(config.enabled).toBe(false);
+    });
+
+    it('should transform other string values to false', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: 'yes' });
+      expect(config.enabled).toBe(false);
+    });
+
+    it('should handle case-insensitive "true"', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: 'TRUE' });
+      expect(config.enabled).toBe(true);
+    });
+
+    it('should handle case-insensitive "True"', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: 'True' });
+      expect(config.enabled).toBe(true);
+    });
+  });
+
+  describe('path', () => {
+    it('should accept string path', () => {
+      const config = plainToInstance(SwaggerConfig, {
+        enabled: true,
+        path: 'api-docs',
+      });
+      expect(config.path).toBe('api-docs');
+    });
+
+    it('should allow path to be optional', () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: true });
+      expect(config.path).toBeUndefined();
+    });
+  });
+
+  describe('validation', () => {
+    it('should pass validation with valid config', async () => {
+      const config = plainToInstance(SwaggerConfig, {
+        enabled: true,
+        path: 'docs',
+      });
+      const errors = await validate(config);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('should pass validation with only required fields', async () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: true });
+      const errors = await validate(config);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('should pass validation when enabled is transformed from string', async () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: 'true' });
+      const errors = await validate(config);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('should fail validation when enabled is missing', async () => {
+      const config = plainToInstance(SwaggerConfig, {});
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('enabled');
+    });
+
+    it('should fail validation when enabled is null', async () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: null });
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('enabled');
+    });
+
+    it('should fail validation when enabled is undefined', async () => {
+      const config = plainToInstance(SwaggerConfig, { enabled: undefined });
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0].property).toBe('enabled');
+    });
+
+    it('should fail validation when path is not a string', async () => {
+      const config = plainToInstance(SwaggerConfig, {
+        enabled: true,
+        path: 123,
+      });
+      const errors = await validate(config);
+      expect(errors.length).toBeGreaterThan(0);
+      const pathError = errors.find((e) => e.property === 'path');
+      expect(pathError).toBeDefined();
+    });
+  });
+});

package/src/swagger/swagger.config.ts

@@ -1,17 +1,9 @@
 import { IsBoolean, IsOptional, IsString } from 'class-validator';
-import { Transform } from 'class-transformer';
+import { TransformBoolean } from '@dismissible/nestjs-validation';
 
 export class SwaggerConfig {
   @IsBoolean()
-  @Transform(({ value }) => {
-    if (typeof value === 'boolean') {
-      return value;
-    }
-    if (typeof value === 'string') {
-      return value.toLowerCase() === 'true';
-    }
-    return value;
-  })
+  @TransformBoolean()
   public readonly enabled!: boolean;
 
   @IsString()

package/src/swagger/swagger.factory.spec.ts

@@ -0,0 +1,126 @@
+import { INestApplication } from '@nestjs/common';
+import { DocumentBuilder } from '@nestjs/swagger';
+import { configureAppWithSwagger } from './swagger.factory';
+import { SwaggerConfig } from './swagger.config';
+
+// Mock SwaggerModule and DocumentBuilder
+const mockCreateDocument = jest.fn();
+const mockSetup = jest.fn();
+const mockSetTitle = jest.fn().mockReturnThis();
+const mockSetDescription = jest.fn().mockReturnThis();
+const mockSetVersion = jest.fn().mockReturnThis();
+const mockBuild = jest.fn().mockReturnValue({});
+
+jest.mock('@nestjs/swagger', () => ({
+  SwaggerModule: {
+    createDocument: (...args: any[]) => mockCreateDocument(...args),
+    setup: (...args: any[]) => mockSetup(...args),
+  },
+  DocumentBuilder: jest.fn().mockImplementation(() => ({
+    setTitle: mockSetTitle,
+    setDescription: mockSetDescription,
+    setVersion: mockSetVersion,
+    build: mockBuild,
+  })),
+}));
+
+describe('configureAppWithSwagger', () => {
+  let mockApp: jest.Mocked<INestApplication>;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockApp = {} as any;
+  });
+
+  it('should configure Swagger when enabled is true', () => {
+    const swaggerConfig: SwaggerConfig = {
+      enabled: true,
+      path: 'docs',
+    };
+
+    configureAppWithSwagger(mockApp, swaggerConfig);
+
+    expect(DocumentBuilder).toHaveBeenCalled();
+    expect(mockSetTitle).toHaveBeenCalledWith('Dismissible');
+    expect(mockSetDescription).toHaveBeenCalledWith('An API to handle dismissible items for users');
+    expect(mockSetVersion).toHaveBeenCalledWith('1.0');
+    expect(mockBuild).toHaveBeenCalled();
+    expect(mockSetup).toHaveBeenCalledWith('docs', mockApp, expect.any(Function), {
+      useGlobalPrefix: true,
+    });
+  });
+
+  it('should use default path "docs" when path is not provided', () => {
+    const swaggerConfig: SwaggerConfig = {
+      enabled: true,
+    };
+
+    configureAppWithSwagger(mockApp, swaggerConfig);
+
+    expect(mockSetup).toHaveBeenCalledWith('docs', mockApp, expect.any(Function), {
+      useGlobalPrefix: true,
+    });
+  });
+
+  it('should use custom path when provided', () => {
+    const swaggerConfig: SwaggerConfig = {
+      enabled: true,
+      path: 'api-docs',
+    };
+
+    configureAppWithSwagger(mockApp, swaggerConfig);
+
+    expect(mockSetup).toHaveBeenCalledWith('api-docs', mockApp, expect.any(Function), {
+      useGlobalPrefix: true,
+    });
+  });
+
+  it('should not configure Swagger when enabled is false', () => {
+    const swaggerConfig: SwaggerConfig = {
+      enabled: false,
+    };
+
+    configureAppWithSwagger(mockApp, swaggerConfig);
+
+    expect(DocumentBuilder).not.toHaveBeenCalled();
+    expect(mockSetup).not.toHaveBeenCalled();
+  });
+
+  it('should create document with correct operationIdFactory', () => {
+    const swaggerConfig: SwaggerConfig = {
+      enabled: true,
+    };
+
+    configureAppWithSwagger(mockApp, swaggerConfig);
+
+    const setupCall = mockSetup.mock.calls[0];
+    const documentFactory = setupCall[2];
+    documentFactory();
+
+    expect(mockCreateDocument).toHaveBeenCalledWith(
+      mockApp,
+      {},
+      expect.objectContaining({
+        operationIdFactory: expect.any(Function),
+      }),
+    );
+  });
+
+  it('should use methodKey as operationId', () => {
+    const swaggerConfig: SwaggerConfig = {
+      enabled: true,
+    };
+
+    configureAppWithSwagger(mockApp, swaggerConfig);
+
+    const setupCall = mockSetup.mock.calls[0];
+    const documentFactory = setupCall[2];
+    documentFactory();
+
+    const createDocumentCall = mockCreateDocument.mock.calls[0];
+    const operationIdFactory = createDocumentCall[2].operationIdFactory;
+
+    expect(operationIdFactory('UserController', 'createUser')).toBe('createUser');
+    expect(operationIdFactory('ItemController', 'getItem')).toBe('getItem');
+  });
+});

package/src/validation/index.ts

@@ -0,0 +1 @@
+export * from './validation.config';

package/src/validation/validation.config.ts

@@ -0,0 +1,47 @@
+import { IsBoolean, IsOptional } from 'class-validator';
+import { TransformBoolean } from '@dismissible/nestjs-validation';
+
+/**
+ * Configuration for NestJS ValidationPipe
+ * @see https://docs.nestjs.com/techniques/validation
+ */
+export class ValidationConfig {
+  /**
+   * Whether to disable error messages in validation responses.
+   * Should be true in production to prevent information disclosure.
+   * @default true in production, false in development
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly disableErrorMessages?: boolean;
+
+  /**
+   * If set to true, validator will strip validated (returned) object of any properties
+   * that do not use any validation decorators.
+   * @default true
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly whitelist?: boolean;
+
+  /**
+   * If set to true, instead of stripping non-whitelisted properties,
+   * validator will throw an error.
+   * @default true
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly forbidNonWhitelisted?: boolean;
+
+  /**
+   * If set to true, class-transformer will attempt transformation based on TS reflected type.
+   * @default true
+   */
+  @IsBoolean()
+  @IsOptional()
+  @TransformBoolean()
+  public readonly transform?: boolean;
+}

package/test/config/.env.yaml

@@ -0,0 +1,23 @@
+server:
+  port: 3001
+
+cors:
+  enabled: false
+
+helmet:
+  enabled: false
+
+swagger:
+  enabled: false
+
+db:
+  connectionString: ${DATABASE_URL:-postgresql://postgres:postgres@localhost:5432/dismissible}
+
+jwtAuth:
+  enabled: false
+
+validation:
+  disableErrorMessages: false
+  whitelist: true
+  forbidNonWhitelisted: true
+  transform: true

package/test/config-jwt-auth/.env.yaml

@@ -0,0 +1,26 @@
+server:
+  port: 3001
+
+cors:
+  enabled: false
+
+helmet:
+  enabled: false
+
+swagger:
+  enabled: false
+
+db:
+  connectionString: ${DATABASE_URL:-postgresql://postgres:postgres@localhost:5432/dismissible}
+
+jwtAuth:
+  enabled: true
+  wellKnownUrl: https://auth.example.com/.well-known/openid-configuration
+  issuer: https://auth.example.com
+  audience: dismissible-api
+
+validation:
+  disableErrorMessages: false
+  whitelist: true
+  forbidNonWhitelisted: true
+  transform: true