@flusys/nestjs-shared 1.1.0-beta → 2.0.0

package/fesm/constants/permissions.js

@@ -0,0 +1,128 @@
+/**
+ * Centralized Permission Codes
+ *
+ * Single source of truth for all permission codes used across the application.
+ * Use these constants instead of hardcoded strings to prevent typos and enable easy refactoring.
+ *
+ * Naming Convention: <entity>.<action>
+ * - entity: The resource being accessed (e.g., user, role, company)
+ * - action: The operation being performed (create, read, update, delete, assign)
+ */ // ==================== AUTH MODULE ====================
+export const USER_PERMISSIONS = {
+    CREATE: 'user.create',
+    READ: 'user.read',
+    UPDATE: 'user.update',
+    DELETE: 'user.delete'
+};
+export const COMPANY_PERMISSIONS = {
+    CREATE: 'company.create',
+    READ: 'company.read',
+    UPDATE: 'company.update',
+    DELETE: 'company.delete'
+};
+export const BRANCH_PERMISSIONS = {
+    CREATE: 'branch.create',
+    READ: 'branch.read',
+    UPDATE: 'branch.update',
+    DELETE: 'branch.delete'
+};
+// ==================== IAM MODULE ====================
+export const ACTION_PERMISSIONS = {
+    CREATE: 'action.create',
+    READ: 'action.read',
+    UPDATE: 'action.update',
+    DELETE: 'action.delete'
+};
+export const ROLE_PERMISSIONS = {
+    CREATE: 'role.create',
+    READ: 'role.read',
+    UPDATE: 'role.update',
+    DELETE: 'role.delete'
+};
+export const ROLE_ACTION_PERMISSIONS = {
+    READ: 'role-action.read',
+    ASSIGN: 'role-action.assign'
+};
+export const USER_ROLE_PERMISSIONS = {
+    READ: 'user-role.read',
+    ASSIGN: 'user-role.assign'
+};
+export const USER_ACTION_PERMISSIONS = {
+    READ: 'user-action.read',
+    ASSIGN: 'user-action.assign'
+};
+export const COMPANY_ACTION_PERMISSIONS = {
+    READ: 'company-action.read',
+    ASSIGN: 'company-action.assign'
+};
+// ==================== STORAGE MODULE ====================
+export const FILE_PERMISSIONS = {
+    CREATE: 'file.create',
+    READ: 'file.read',
+    UPDATE: 'file.update',
+    DELETE: 'file.delete'
+};
+export const FOLDER_PERMISSIONS = {
+    CREATE: 'folder.create',
+    READ: 'folder.read',
+    UPDATE: 'folder.update',
+    DELETE: 'folder.delete'
+};
+export const STORAGE_CONFIG_PERMISSIONS = {
+    CREATE: 'storage-config.create',
+    READ: 'storage-config.read',
+    UPDATE: 'storage-config.update',
+    DELETE: 'storage-config.delete'
+};
+// ==================== EMAIL MODULE ====================
+export const EMAIL_CONFIG_PERMISSIONS = {
+    CREATE: 'email-config.create',
+    READ: 'email-config.read',
+    UPDATE: 'email-config.update',
+    DELETE: 'email-config.delete'
+};
+export const EMAIL_TEMPLATE_PERMISSIONS = {
+    CREATE: 'email-template.create',
+    READ: 'email-template.read',
+    UPDATE: 'email-template.update',
+    DELETE: 'email-template.delete'
+};
+// ==================== FORM BUILDER MODULE ====================
+export const FORM_PERMISSIONS = {
+    CREATE: 'form.create',
+    READ: 'form.read',
+    UPDATE: 'form.update',
+    DELETE: 'form.delete'
+};
+export const FORM_RESULT_PERMISSIONS = {
+    CREATE: 'form-result.create',
+    READ: 'form-result.read',
+    UPDATE: 'form-result.update',
+    DELETE: 'form-result.delete'
+};
+// ==================== AGGREGATED EXPORTS ====================
+/**
+ * All permission codes grouped by module
+ */ export const PERMISSIONS = {
+    // Auth
+    USER: USER_PERMISSIONS,
+    COMPANY: COMPANY_PERMISSIONS,
+    BRANCH: BRANCH_PERMISSIONS,
+    // IAM
+    ACTION: ACTION_PERMISSIONS,
+    ROLE: ROLE_PERMISSIONS,
+    ROLE_ACTION: ROLE_ACTION_PERMISSIONS,
+    USER_ROLE: USER_ROLE_PERMISSIONS,
+    USER_ACTION: USER_ACTION_PERMISSIONS,
+    COMPANY_ACTION: COMPANY_ACTION_PERMISSIONS,
+    // Storage
+    FILE: FILE_PERMISSIONS,
+    FOLDER: FOLDER_PERMISSIONS,
+    STORAGE_CONFIG: STORAGE_CONFIG_PERMISSIONS,
+    // Email
+    EMAIL_CONFIG: EMAIL_CONFIG_PERMISSIONS,
+    EMAIL_TEMPLATE: EMAIL_TEMPLATE_PERMISSIONS,
+    // Form Builder
+    FORM: FORM_PERMISSIONS,
+    FORM_RESULT: FORM_RESULT_PERMISSIONS
+};

package/fesm/decorators/api-response.decorator.js

@@ -1,4 +1,4 @@
-import { BulkMetaDto, BulkResponseDto, ListResponseDto, PaginationMetaDto, SingleResponseDto } from '@flusys/nestjs-shared/dtos';
+import { BulkMetaDto, BulkResponseDto, ListResponseDto, PaginationMetaDto, SingleResponseDto } from '../dtos';
 import { applyDecorators } from '@nestjs/common';
 import { ApiExtraModels, ApiOkResponse, getSchemaPath } from '@nestjs/swagger';
 /**

package/fesm/decorators/index.js

@@ -2,3 +2,4 @@ export * from './api-response.decorator';
 export * from './current-user.decorator';
 export * from './public.decorator';
 export * from './require-permission.decorator';
+export * from './sanitize-html.decorator';

package/fesm/decorators/sanitize-html.decorator.js

@@ -0,0 +1,45 @@
+import { Transform } from 'class-transformer';
+import { escapeHtml } from '../utils/html-sanitizer.util';
+/**
+ * Decorator that sanitizes HTML content in string fields to prevent XSS attacks.
+ * Applies HTML escaping during transformation (when class-transformer processes the DTO).
+ *
+ * @example
+ * ```typescript
+ * class CreateCommentDto {
+ *   @SanitizeHtml()
+ *   @IsString()
+ *   content: string;
+ * }
+ * ```
+ *
+ * Input: '<script>alert("xss")</script>'
+ * Output: '&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;'
+ */ export function SanitizeHtml() {
+    return Transform(({ value })=>{
+        if (typeof value === 'string') {
+            return escapeHtml(value);
+        }
+        return value;
+    });
+}
+/**
+ * Decorator that sanitizes HTML and trims whitespace from string fields.
+ * Combines sanitization with trimming for cleaner input handling.
+ *
+ * @example
+ * ```typescript
+ * class CreatePostDto {
+ *   @SanitizeAndTrim()
+ *   @IsString()
+ *   title: string;
+ * }
+ * ```
+ */ export function SanitizeAndTrim() {
+    return Transform(({ value })=>{
+        if (typeof value === 'string') {
+            return escapeHtml(value.trim());
+        }
+        return value;
+    });
+}

package/fesm/dtos/delete.dto.js

@@ -20,12 +20,13 @@ function _ts_decorate(decorators, target, key, desc) {
 function _ts_metadata(k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 }
-import { ApiProperty } from '@nestjs/swagger';
-import { IsIn, IsNotEmpty } from 'class-validator';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { IsIn, IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
 export class DeleteDto {
     constructor(){
         _define_property(this, "id", void 0);
         _define_property(this, "type", void 0);
+        _define_property(this, "deletedById", void 0);
     }
 }
 _ts_decorate([
@@ -70,3 +71,12 @@ _ts_decorate([
     ]),
     _ts_metadata("design:type", String)
 ], DeleteDto.prototype, "type", void 0);
+_ts_decorate([
+    ApiPropertyOptional({
+        description: 'User ID who initiated the deletion (auto-set by interceptor)',
+        example: 'f2e9c8d0-7a2a-11eb-9439-0242ac130002'
+    }),
+    IsOptional(),
+    IsUUID(),
+    _ts_metadata("design:type", String)
+], DeleteDto.prototype, "deletedById", void 0);

package/fesm/dtos/filter-and-pagination.dto.js

@@ -22,27 +22,15 @@ function _ts_metadata(k, v) {
 }
 import { ApiPropertyOptional } from '@nestjs/swagger';
 import { Type } from 'class-transformer';
-import { IsArray, IsBoolean, IsObject, IsOptional, ValidateNested } from 'class-validator';
+import { IsArray, IsBoolean, IsObject, IsOptional, IsString, Matches, MaxLength, ValidateNested } from 'class-validator';
 import { PaginationDto } from './pagination.dto';
-/**
- * DTO for filtering and pagination in get-all requests
- *
- * @example
- * {
- *   "filter": { "isActive": true, "category": "electronics" },
- *   "pagination": { "currentPage": 0, "pageSize": 10 },
- *   "sort": { "createdAt": "DESC" },
- *   "select": ["id", "name", "price"],
- *   "withDeleted": false
- * }
- */ export class FilterAndPaginationDto {
+export class FilterAndPaginationDto {
     constructor(){
         _define_property(this, "filter", void 0);
         _define_property(this, "pagination", void 0);
         _define_property(this, "sort", void 0);
         _define_property(this, "select", void 0);
         _define_property(this, "withDeleted", void 0);
-        _define_property(this, "extraKey", void 0);
     }
 }
 _ts_decorate([
@@ -90,7 +78,7 @@ _ts_decorate([
         type: [
             String
         ],
-        description: 'Fields to return. If empty, returns all fields.',
+        description: 'Fields to return. Must be valid field names (alphanumeric, underscores only). If empty, returns all fields.',
         example: [
             'id',
             'name',
@@ -100,6 +88,17 @@ _ts_decorate([
     }),
     IsOptional(),
     IsArray(),
+    IsString({
+        each: true
+    }),
+    Matches(/^[a-zA-Z_][a-zA-Z0-9_]*$/, {
+        each: true,
+        message: 'Select fields must be valid identifiers (alphanumeric and underscores only)'
+    }),
+    MaxLength(64, {
+        each: true,
+        message: 'Field names must be 64 characters or less'
+    }),
     _ts_metadata("design:type", Array)
 ], FilterAndPaginationDto.prototype, "select", void 0);
 _ts_decorate([
@@ -112,27 +111,11 @@ _ts_decorate([
     IsBoolean(),
     _ts_metadata("design:type", Boolean)
 ], FilterAndPaginationDto.prototype, "withDeleted", void 0);
-_ts_decorate([
-    ApiPropertyOptional({
-        type: [
-            String
-        ],
-        description: 'Additional relation keys to include',
-        example: [
-            'category',
-            'createdBy'
-        ]
-    }),
-    IsOptional(),
-    IsArray(),
-    _ts_metadata("design:type", Array)
-], FilterAndPaginationDto.prototype, "extraKey", void 0);
 /**
  * DTO for get-by-id request body
  */ export class GetByIdBodyDto {
     constructor(){
         _define_property(this, "select", void 0);
-        _define_property(this, "extraKey", void 0);
     }
 }
 _ts_decorate([
@@ -140,7 +123,7 @@ _ts_decorate([
         type: [
             String
         ],
-        description: 'Fields to return. If empty, returns all fields.',
+        description: 'Fields to return. Must be valid field names (alphanumeric, underscores only). If empty, returns all fields.',
         example: [
             'id',
             'name',
@@ -150,20 +133,16 @@ _ts_decorate([
     }),
     IsOptional(),
     IsArray(),
-    _ts_metadata("design:type", Array)
-], GetByIdBodyDto.prototype, "select", void 0);
-_ts_decorate([
-    ApiPropertyOptional({
-        type: [
-            String
-        ],
-        description: 'Additional relation keys to include',
-        example: [
-            'category',
-            'createdBy'
-        ]
+    IsString({
+        each: true
+    }),
+    Matches(/^[a-zA-Z_][a-zA-Z0-9_]*$/, {
+        each: true,
+        message: 'Select fields must be valid identifiers (alphanumeric and underscores only)'
+    }),
+    MaxLength(64, {
+        each: true,
+        message: 'Field names must be 64 characters or less'
     }),
-    IsOptional(),
-    IsArray(),
     _ts_metadata("design:type", Array)
-], GetByIdBodyDto.prototype, "extraKey", void 0);
+], GetByIdBodyDto.prototype, "select", void 0);

package/fesm/dtos/pagination.dto.js

@@ -25,17 +25,13 @@ import { Transform } from 'class-transformer';
 import { IsNumber, IsOptional } from 'class-validator';
 export class PaginationDto {
     constructor(){
-        /**
-   * Number of items per page. Defaults to 10 when not provided or invalid.
-   */ _define_property(this, "pageSize", 10);
-        /**
-   * Zero-based page index. Defaults to 0 when not provided or invalid.
-   */ _define_property(this, "currentPage", 0);
+        _define_property(this, "pageSize", 10);
+        _define_property(this, "currentPage", 0);
     }
 }
 _ts_decorate([
     ApiPropertyOptional({
-        description: 'Number of items per page. Defaults to 10 when not provided or invalid.',
+        description: 'Number of items per page (default: 10)',
         example: 10
     }),
     IsOptional(),
@@ -48,7 +44,7 @@ _ts_decorate([
 ], PaginationDto.prototype, "pageSize", void 0);
 _ts_decorate([
     ApiPropertyOptional({
-        description: 'Zero-based page index. Defaults to 0 when not provided or invalid.',
+        description: 'Zero-based page index (default: 0)',
         example: 0
     }),
     IsOptional(),

package/fesm/dtos/response-payload.dto.js

@@ -262,110 +262,3 @@ _ts_decorate([
 MessageResponseDto = _ts_decorate([
     ApiExtraModels()
 ], MessageResponseDto);
-export class ValidationErrorDto {
-    constructor(){
-        _define_property(this, "field", void 0);
-        _define_property(this, "message", void 0);
-        _define_property(this, "constraint", void 0);
-    }
-}
-_ts_decorate([
-    ApiProperty({
-        example: 'email'
-    }),
-    _ts_metadata("design:type", String)
-], ValidationErrorDto.prototype, "field", void 0);
-_ts_decorate([
-    ApiProperty({
-        example: 'Invalid email format'
-    }),
-    _ts_metadata("design:type", String)
-], ValidationErrorDto.prototype, "message", void 0);
-_ts_decorate([
-    ApiPropertyOptional({
-        example: 'isEmail'
-    }),
-    _ts_metadata("design:type", String)
-], ValidationErrorDto.prototype, "constraint", void 0);
-export class ErrorResponseDto {
-    constructor(){
-        _define_property(this, "success", void 0);
-        _define_property(this, "message", void 0);
-        _define_property(this, "code", void 0);
-        _define_property(this, "errors", void 0);
-        _define_property(this, "_meta", void 0);
-    }
-}
-_ts_decorate([
-    ApiProperty({
-        example: false
-    }),
-    _ts_metadata("design:type", Boolean)
-], ErrorResponseDto.prototype, "success", void 0);
-_ts_decorate([
-    ApiProperty({
-        example: 'Validation failed'
-    }),
-    _ts_metadata("design:type", String)
-], ErrorResponseDto.prototype, "message", void 0);
-_ts_decorate([
-    ApiPropertyOptional({
-        example: 'VALIDATION_ERROR'
-    }),
-    _ts_metadata("design:type", String)
-], ErrorResponseDto.prototype, "code", void 0);
-_ts_decorate([
-    ApiPropertyOptional({
-        type: [
-            ValidationErrorDto
-        ]
-    }),
-    _ts_metadata("design:type", Array)
-], ErrorResponseDto.prototype, "errors", void 0);
-_ts_decorate([
-    ApiPropertyOptional({
-        type: RequestMetaDto
-    }),
-    _ts_metadata("design:type", typeof RequestMetaDto === "undefined" ? Object : RequestMetaDto)
-], ErrorResponseDto.prototype, "_meta", void 0);
-ErrorResponseDto = _ts_decorate([
-    ApiExtraModels()
-], ErrorResponseDto);
-export class ResponsePayloadDto {
-    constructor(){
-        _define_property(this, "success", void 0);
-        _define_property(this, "message", void 0);
-        _define_property(this, "data", void 0);
-        _define_property(this, "meta", void 0);
-        _define_property(this, "_meta", void 0);
-    }
-}
-_ts_decorate([
-    ApiProperty({
-        example: true
-    }),
-    _ts_metadata("design:type", Boolean)
-], ResponsePayloadDto.prototype, "success", void 0);
-_ts_decorate([
-    ApiProperty({
-        example: 'Operation successful'
-    }),
-    _ts_metadata("design:type", String)
-], ResponsePayloadDto.prototype, "message", void 0);
-_ts_decorate([
-    ApiPropertyOptional(),
-    _ts_metadata("design:type", typeof T === "undefined" ? Object : T)
-], ResponsePayloadDto.prototype, "data", void 0);
-_ts_decorate([
-    ApiPropertyOptional(),
-    _ts_metadata("design:type", Object)
-], ResponsePayloadDto.prototype, "meta", void 0);
-_ts_decorate([
-    ApiPropertyOptional({
-        type: RequestMetaDto
-    }),
-    _ts_metadata("design:type", typeof RequestMetaDto === "undefined" ? Object : RequestMetaDto)
-], ResponsePayloadDto.prototype, "_meta", void 0);
-ResponsePayloadDto = _ts_decorate([
-    ApiExtraModels()
-], ResponsePayloadDto);

package/fesm/entities/identity.js

@@ -26,10 +26,10 @@ export class Identity {
         _define_property(this, "id", void 0);
         _define_property(this, "createdAt", void 0);
         _define_property(this, "updatedAt", void 0);
-        _define_property(this, "deletedAt", void 0);
-        _define_property(this, "createdById", void 0);
-        _define_property(this, "updatedById", void 0);
-        _define_property(this, "deletedById", void 0);
+        _define_property(this, "deletedAt", null);
+        _define_property(this, "createdById", null);
+        _define_property(this, "updatedById", null);
+        _define_property(this, "deletedById", null);
     }
 }
 _ts_decorate([

package/fesm/entities/user-root.js

@@ -24,23 +24,22 @@ import { Column, CreateDateColumn, DeleteDateColumn, PrimaryGeneratedColumn, Upd
 export class UserRoot {
     constructor(){
         _define_property(this, "id", void 0);
-        _define_property(this, "name", void 0);
-        _define_property(this, "password", void 0);
+        _define_property(this, "name", null);
+        _define_property(this, "password", null);
         _define_property(this, "email", void 0);
-        _define_property(this, "phone", void 0);
-        _define_property(this, "isActive", void 0);
-        _define_property(this, "emailVerified", void 0);
-        _define_property(this, "phoneVerified", void 0);
-        _define_property(this, "profilePictureId", void 0);
-        _define_property(this, "lastLoginAt", void 0);
-        _define_property(this, "additionalFields", void 0);
+        _define_property(this, "phone", null);
+        _define_property(this, "isActive", true);
+        _define_property(this, "emailVerified", false);
+        _define_property(this, "phoneVerified", false);
+        _define_property(this, "profilePictureId", null);
+        _define_property(this, "lastLoginAt", null);
+        _define_property(this, "additionalFields", null);
         _define_property(this, "createdAt", void 0);
         _define_property(this, "updatedAt", void 0);
-        _define_property(this, "deletedAt", void 0);
-        // Audit columns (for ApiService compatibility)
-        _define_property(this, "createdById", void 0);
-        _define_property(this, "updatedById", void 0);
-        _define_property(this, "deletedById", void 0);
+        _define_property(this, "deletedAt", null);
+        _define_property(this, "createdById", null);
+        _define_property(this, "updatedById", null);
+        _define_property(this, "deletedById", null);
     }
 }
 _ts_decorate([