@flusys/nestjs-iam 0.1.0-beta.3 → 1.1.0-beta

package/README.md

@@ -2,7 +2,6 @@
 
 > **Package:** `@flusys/nestjs-iam`
 > **Purpose:** Identity and Access Management with RBAC, ABAC, and permission logic
-> **Version:** 4.4.0 | **Updated:** 2026-01-24
 
 ## Table of Contents
 
@@ -648,7 +647,8 @@ nestjs-iam/src/
 ├── interfaces/
 │   ├── action.interface.ts
 │   ├── role.interface.ts
-│   └── iam-module-options.interface.ts
+│   ├── iam-module-options.interface.ts
+│   └── iam-module-async-options.interface.ts
 ├── enums/
 │   ├── action-type.enum.ts
 │   └── permission-type.enum.ts
@@ -658,8 +658,4 @@ nestjs-iam/src/
 
 ---
 
-**Last Updated:** 2026-02-09 | **Version:** 4.4.1
-
-**Recent Changes (2026-02-09):**
-- Added explicit `@Inject()` decorators to all services for esbuild bundling compatibility
-- All services use REQUEST scope with lazy repository initialization via DataSource Provider pattern
+**Last Updated:** 2026-02-16

package/cjs/controllers/action.controller.js

@@ -41,7 +41,9 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-let ActionController = class ActionController extends (0, _nestjsshared.createApiController)(_actiondto.CreateActionDto, _actiondto.UpdateActionDto, _actiondto.ActionResponseDto) {
+let ActionController = class ActionController extends (0, _nestjsshared.createApiController)(_actiondto.CreateActionDto, _actiondto.UpdateActionDto, _actiondto.ActionResponseDto, {
+    security: 'jwt'
+}) {
     async getActionsForPermission(user) {
         const actions = await this.actionService.getActionsForPermission(user);
         return {

package/cjs/services/action.service.js

@@ -44,38 +44,15 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let ActionService = class ActionService extends _classes.RequestScopedApiService {
-    /**
-   * Resolve entity class for this service
-   * @returns Action entity class
-   */ resolveEntity() {
+    resolveEntity() {
         return _actionentity.Action;
     }
-    /**
-   * Get DataSource provider for this service
-   * @returns IAMDataSourceProvider instance
-   */ getDataSourceProvider() {
+    getDataSourceProvider() {
         return this.dataSourceProvider;
     }
-    // ==================== Entity Conversion ====================
-    async convertSingleDtoToEntity(dto, _user) {
-        if (!('id' in dto) || !dto.id) {
-            return dto;
-        }
-        const existingAction = await this.repository.findOne({
-            where: {
-                id: dto.id
-            }
-        });
-        if (!existingAction) {
-            throw new _common.NotFoundException(`Action with ID ${dto.id} not found`);
-        }
-        return {
-            ...existingAction,
-            ...dto
-        };
-    }
+    // Query Customization
     async getSelectQuery(query, _user, select) {
-        if (!select || !select.length) {
+        if (!select?.length) {
             select = [
                 'id',
                 'name',
@@ -89,14 +66,13 @@ let ActionService = class ActionService extends _classes.RequestScopedApiService
                 'createdAt'
             ];
         }
-        const selectFields = select.map((field)=>`${this.entityName}.${field}`);
-        query.select(selectFields);
+        query.select(select.map((f)=>`${this.entityName}.${f}`));
         return {
             query,
             isRaw: false
         };
     }
-    async getGlobalSearchQuery(query, search, _user) {
+    async getGlobalSearchQuery(query, search) {
         query.andWhere('(action.name LIKE :search OR action.code LIKE :search OR action.description LIKE :search)', {
             search: `%${search}%`
         });
@@ -105,9 +81,8 @@ let ActionService = class ActionService extends _classes.RequestScopedApiService
             isRaw: false
         };
     }
-    /**
-   * Override: Convert entity to response DTO
-   */ convertEntityToResponseDto(entity, _isRaw) {
+    // Response Conversion
+    convertEntityToResponseDto(entity, _isRaw) {
         return {
             id: entity.id,
             readOnly: entity.readOnly,
@@ -128,12 +103,8 @@ let ActionService = class ActionService extends _classes.RequestScopedApiService
             deletedById: entity.deletedById
         };
     }
-    /**
-   * Get actions available for permission assignment (filtered by company whitelist)
-   *
-   * @param user - Logged in user info
-   * @returns Array of actions with id, code, and name fields
-   */ async getActionsForPermission(user) {
+    // Custom Methods
+    /** Get actions available for permission assignment (filtered by company whitelist) */ async getActionsForPermission(user) {
         await this.ensureRepositoryInitialized();
         if (!user) {
             throw new Error('User is required for getActionsForPermission');
@@ -227,10 +198,8 @@ let ActionService = class ActionService extends _classes.RequestScopedApiService
         }
         return rootNodes;
     }
-    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
     constructor(cacheManager, utilsService, iamConfigService, dataSourceProvider, permissionService){
-        // Repository will be set asynchronously by RequestScopedApiService
-        super('action', null, cacheManager, utilsService, ActionService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "iamConfigService", void 0), _define_property(this, "dataSourceProvider", void 0), _define_property(this, "permissionService", void 0), _define_property(this, "logger", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.iamConfigService = iamConfigService, this.dataSourceProvider = dataSourceProvider, this.permissionService = permissionService, this.logger = new _common.Logger(ActionService.name);
+        super('action', null, cacheManager, utilsService, ActionService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "iamConfigService", void 0), _define_property(this, "dataSourceProvider", void 0), _define_property(this, "permissionService", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.iamConfigService = iamConfigService, this.dataSourceProvider = dataSourceProvider, this.permissionService = permissionService;
     }
 };
 ActionService = _ts_decorate([

package/cjs/services/iam-config.service.js

@@ -41,50 +41,33 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let IAMConfigService = class IAMConfigService {
-    // ==================== Database Mode ====================
-    /**
-   * Get database mode (single or multi-tenant)
-   */ getDatabaseMode() {
+    // Database Mode
+    getDatabaseMode() {
         return this.options.bootstrapAppConfig?.databaseMode ?? 'single';
     }
-    /**
-   * Check if running in multi-tenant mode
-   */ isMultiTenant() {
+    isMultiTenant() {
         return this.getDatabaseMode() === 'multi-tenant';
     }
-    // ==================== Company Feature ====================
-    /**
-   * Get enable company feature flag
-   */ getEnableCompanyFeature() {
+    // Company Feature
+    getEnableCompanyFeature() {
         return this.options.bootstrapAppConfig?.enableCompanyFeature ?? false;
     }
-    /**
-   * Check if company feature is enabled (alias for getEnableCompanyFeature)
-   */ isCompanyFeatureEnabled() {
+    isCompanyFeatureEnabled() {
         return this.getEnableCompanyFeature();
     }
-    // ==================== Permission Mode ====================
-    /**
-   * Get permission mode from bootstrap config
-   *
-   * **Note:** Reads from bootstrapAppConfig (not runtime config)
-   * because permissionMode affects entity/controller registration.
-   */ getPermissionMode() {
+    // Permission Mode
+    getPermissionMode() {
         return _helpers.PermissionModeHelper.fromString(this.options.bootstrapAppConfig?.permissionMode);
     }
-    /**
-   * Check if RBAC (role-based) permissions are enabled
-   */ isRbacEnabled() {
+    isRbacEnabled() {
         const mode = this.getPermissionMode();
         return mode === _permissiontypeenum.IAMPermissionMode.RBAC || mode === _permissiontypeenum.IAMPermissionMode.FULL;
     }
-    /**
-   * Check if direct (user-level) permissions are enabled
-   */ isDirectPermissionEnabled() {
+    isDirectPermissionEnabled() {
         const mode = this.getPermissionMode();
         return mode === _permissiontypeenum.IAMPermissionMode.DIRECT || mode === _permissiontypeenum.IAMPermissionMode.FULL;
     }
-    // ==================== Options ====================
+    // Options
     getOptions() {
         return this.options;
     }

package/cjs/services/iam-datasource.provider.js

@@ -83,10 +83,8 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let IAMDataSourceProvider = class IAMDataSourceProvider extends _modules.MultiTenantDataSourceService {
-    // ==================== Factory Methods ====================
-    /**
-   * Build parent options from IAMModuleOptions
-   */ static buildParentOptions(options) {
+    // Factory Methods
+    static buildParentOptions(options) {
         return {
             bootstrapAppConfig: options.bootstrapAppConfig,
             defaultDatabaseConfig: options.config?.defaultDatabaseConfig,
@@ -94,43 +92,29 @@ let IAMDataSourceProvider = class IAMDataSourceProvider extends _modules.MultiTe
             tenants: options.config?.tenants
         };
     }
-    // ==================== Feature Flags ====================
-    /**
-   * Get global enable company feature flag
-   */ getEnableCompanyFeature() {
+    // Feature Flags
+    getEnableCompanyFeature() {
         return this.iamOptions.bootstrapAppConfig?.enableCompanyFeature ?? false;
     }
-    /**
-   * Get enable company feature for specific tenant
-   * Falls back to global setting if not specified per-tenant
-   */ getEnableCompanyFeatureForTenant(tenant) {
+    getEnableCompanyFeatureForTenant(tenant) {
         return tenant?.enableCompanyFeature ?? this.getEnableCompanyFeature();
     }
-    /**
-   * Get enable company feature for current request context
-   */ getEnableCompanyFeatureForCurrentTenant() {
+    getEnableCompanyFeatureForCurrentTenant() {
         return this.getEnableCompanyFeatureForTenant(this.getCurrentTenant() ?? undefined);
     }
-    // ==================== Entity Management ====================
-    /**
-   * Get IAM entities dynamically based on configuration
-   * Returns appropriate entities based on company feature and permission mode
-   */ async getIAMEntities() {
+    // Entity Management
+    async getIAMEntities() {
         const { Action, Role, RoleWithCompany, UserIamPermission, UserIamPermissionWithCompany, getIAMEntitiesByConfig } = await Promise.resolve().then(()=>/*#__PURE__*/ _interop_require_wildcard(require("../entities")));
         const enableCompanyFeature = this.getEnableCompanyFeatureForCurrentTenant();
         const permissionMode = this.iamOptions.bootstrapAppConfig?.permissionMode || 'FULL';
         return getIAMEntitiesByConfig(enableCompanyFeature, permissionMode);
     }
-    // ==================== Overrides ====================
-    /**
-   * Override to dynamically set entities based on tenant config
-   */ async createDataSourceFromConfig(config) {
+    // Overrides
+    async createDataSourceFromConfig(config) {
         const entities = await this.getIAMEntities();
         return super.createDataSourceFromConfig(config, entities);
     }
-    /**
-   * Override to use IAM-specific static cache
-   */ async getSingleDataSource() {
+    async getSingleDataSource() {
         if (!IAMDataSourceProvider.singleDataSource) {
             if (IAMDataSourceProvider.singleConnectionLock) {
                 return IAMDataSourceProvider.singleConnectionLock;
@@ -154,9 +138,7 @@ let IAMDataSourceProvider = class IAMDataSourceProvider extends _modules.MultiTe
         }
         return IAMDataSourceProvider.singleDataSource;
     }
-    /**
-   * Override to use IAM-specific static cache for tenant connections
-   */ async getOrCreateTenantConnection(tenant) {
+    async getOrCreateTenantConnection(tenant) {
         // Return existing initialized connection from IAM-specific cache
         const existing = IAMDataSourceProvider.tenantConnections.get(tenant.id);
         if (existing?.isInitialized) {

package/cjs/services/permission-cache.service.js

@@ -38,33 +38,23 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let PermissionCacheService = class PermissionCacheService {
-    // ==================== Cache Key Generation ====================
-    /**
-   * Generate cache key for user permissions (backend codes for PermissionGuard)
-   * Format matches PermissionGuard in nestjs-shared
-   */ generateCacheKey(options) {
+    // Cache Key Generation
+    generateCacheKey(options) {
         const { userId, companyId, branchId, enableCompanyFeature } = options;
         if (enableCompanyFeature && companyId) {
             return `${this.CACHE_PREFIX}:company:${companyId}:branch:${branchId || 'null'}:user:${userId}`;
         }
         return `${this.CACHE_PREFIX}:user:${userId}`;
     }
-    /**
-   * Generate cache key for full my-permissions response
-   */ generateMyPermissionsCacheKey(options) {
+    generateMyPermissionsCacheKey(options) {
         const { userId, companyId, branchId, enableCompanyFeature } = options;
         if (enableCompanyFeature && companyId) {
             return `${this.MY_PERMISSIONS_PREFIX}:company:${companyId}:branch:${branchId || 'null'}:user:${userId}`;
         }
         return `${this.MY_PERMISSIONS_PREFIX}:user:${userId}`;
     }
-    // ==================== Cache Operations ====================
-    /**
-   * Set user permissions in cache
-   *
-   * @param options - Cache key options
-   * @param permissions - Array of permission codes (action codes)
-   */ async setPermissions(options, permissions) {
+    // Cache Operations
+    async setPermissions(options, permissions) {
         try {
             const key = this.generateCacheKey(options);
             await this.cacheManager.set(key, permissions, this.TTL);
@@ -74,12 +64,7 @@ let PermissionCacheService = class PermissionCacheService {
         // Don't throw - cache failure shouldn't break the operation
         }
     }
-    /**
-   * Get user permissions from cache
-   *
-   * @param options - Cache key options
-   * @returns Array of permission codes or null if not found
-   */ async getPermissions(options) {
+    async getPermissions(options) {
         try {
             const key = this.generateCacheKey(options);
             const result = await this.cacheManager.get(key);
@@ -89,14 +74,8 @@ let PermissionCacheService = class PermissionCacheService {
             return null;
         }
     }
-    // ==================== My-Permissions Cache Operations ====================
-    /**
-   * Set full my-permissions response in cache
-   * Caches frontend actions and backend codes for quick retrieval
-   *
-   * @param options - Cache key options
-   * @param data - Full permissions data to cache
-   */ async setMyPermissions(options, data) {
+    // My-Permissions Cache Operations
+    async setMyPermissions(options, data) {
         try {
             const key = this.generateMyPermissionsCacheKey(options);
             await this.cacheManager.set(key, data, this.TTL);
@@ -105,12 +84,7 @@ let PermissionCacheService = class PermissionCacheService {
             this.logger.error(`Failed to cache my-permissions: ${error}`);
         }
     }
-    /**
-   * Get full my-permissions response from cache
-   *
-   * @param options - Cache key options
-   * @returns Cached permissions data or null if not found
-   */ async getMyPermissions(options) {
+    async getMyPermissions(options) {
         try {
             const key = this.generateMyPermissionsCacheKey(options);
             const result = await this.cacheManager.get(key);
@@ -123,13 +97,8 @@ let PermissionCacheService = class PermissionCacheService {
             return null;
         }
     }
-    // ==================== Action Code Cache Operations ====================
-    /**
-   * Cache action codes to IDs mapping
-   * Used for parentCodes filter to avoid DB query on cache hit
-   *
-   * @param codeToIdMap - Map of action code to action ID
-   */ async setActionCodeMap(codeToIdMap) {
+    // Action Code Cache Operations
+    async setActionCodeMap(codeToIdMap) {
         try {
             const key = `${this.ACTION_CODE_PREFIX}:map`;
             await this.cacheManager.set(key, codeToIdMap, this.ACTION_CODE_TTL);
@@ -138,12 +107,7 @@ let PermissionCacheService = class PermissionCacheService {
             this.logger.error(`Failed to cache action code map: ${error}`);
         }
     }
-    /**
-   * Get action IDs for given codes from cache
-   *
-   * @param codes - Array of action codes
-   * @returns Map of code to ID, or null if not cached
-   */ async getActionIdsByCodes(codes) {
+    async getActionIdsByCodes(codes) {
         try {
             const key = `${this.ACTION_CODE_PREFIX}:map`;
             const fullMap = await this.cacheManager.get(key);
@@ -163,10 +127,7 @@ let PermissionCacheService = class PermissionCacheService {
             return null;
         }
     }
-    /**
-   * Invalidate action code cache
-   * Call when actions are created, updated, or deleted
-   */ async invalidateActionCodeCache() {
+    async invalidateActionCodeCache() {
         try {
             const key = `${this.ACTION_CODE_PREFIX}:map`;
             await this.cacheManager.del(key);
@@ -175,15 +136,8 @@ let PermissionCacheService = class PermissionCacheService {
             this.logger.warn(`Failed to invalidate action code cache: ${error}`);
         }
     }
-    // ==================== Cache Invalidation ====================
-    /**
-   * Invalidate cache for specific user
-   * Clears both permission codes and my-permissions cache for ALL branches
-   *
-   * @param userId - User ID
-   * @param companyId - Optional company ID
-   * @param branchIds - Optional array of branch IDs to invalidate (if not provided, only null branch is cleared)
-   */ async invalidateUser(userId, companyId, branchIds) {
+    // Cache Invalidation
+    async invalidateUser(userId, companyId, branchIds) {
         try {
             const keysToDelete = [
                 // Permission codes cache (for PermissionGuard) - user-based key
@@ -209,15 +163,7 @@ let PermissionCacheService = class PermissionCacheService {
             this.logger.warn(`Failed to invalidate user cache for ${userId}: ${error}`);
         }
     }
-    /**
-   * Invalidate cache for multiple users
-   * Useful when role or company permissions change
-   *
-   * @param userIds - Array of user IDs
-   * @param companyId - Optional company ID
-   * @param branchIds - Optional array of branch IDs to invalidate for each user
-   * @returns Number of users whose cache was invalidated
-   */ async invalidateUsers(userIds, companyId, branchIds) {
+    async invalidateUsers(userIds, companyId, branchIds) {
         if (userIds.length === 0) {
             return 0;
         }
@@ -233,30 +179,14 @@ let PermissionCacheService = class PermissionCacheService {
         }
         return successCount;
     }
-    /**
-   * Invalidate cache for all users in company
-   * WARNING: Without pattern matching support in HybridCache, this method
-   * invalidates individual user caches passed in the userIds array.
-   * For true company-wide invalidation, consider upgrading HybridCache with keys() support.
-   *
-   * @param companyId - Company ID
-   * @returns Number of cache entries deleted (always 0 without keys() support)
-   */ async invalidateCompany(companyId) {
+    /** Invalidate cache for all users in company (requires userIds via invalidateUsers) */ async invalidateCompany(companyId) {
         // Note: HybridCache doesn't support pattern matching (keys() method)
         // Company-wide invalidation requires passing individual user IDs
         // This is a placeholder that logs a warning
         this.logger.warn(`invalidateCompany called for ${companyId}, but pattern matching is not supported. ` + `Use invalidateUsers() with specific user IDs instead.`);
         return 0;
     }
-    /**
-   * Invalidate cache for all users with specific role
-   *
-   * @param roleId - Role ID (for logging)
-   * @param userIds - Array of user IDs who have this role
-   * @param companyId - Optional company ID
-   * @param branchIds - Optional array of branch IDs to invalidate
-   * @returns Number of users whose cache was invalidated
-   */ async invalidateRole(roleId, userIds, companyId, branchIds) {
+    async invalidateRole(roleId, userIds, companyId, branchIds) {
         if (userIds.length === 0) {
             this.logger.debug(`No users found for role ${roleId}`);
             return 0;
@@ -267,12 +197,8 @@ let PermissionCacheService = class PermissionCacheService {
         }
         return count;
     }
-    // ==================== Administrative Operations ====================
-    /**
-   * Clear all permission caches
-   * Uses HybridCache reset methods (memory and redis)
-   * WARNING: Use with caution - this affects all caches, not just permissions
-   */ async clearAll() {
+    // Administrative Operations
+    /** Clear all permission caches (memory and redis) */ async clearAll() {
         try {
             await this.cacheManager.reset(); // Clear memory cache
             await this.cacheManager.resetL2(); // Clear redis cache