@ftisindia/create-app 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/template/README.md +1 -1
- package/template/_package.json +0 -2
- package/template/docs/API_REFERENCE.md +13 -0
- package/template/docs/OAUTH.md +7 -3
- package/template/scripts/gen-module.mjs +2 -0
- package/template/src/app.module.ts +16 -22
- package/template/src/common/dto/error-response.dto.ts +3 -3
- package/template/src/common/dto/membership-response.dto.ts +26 -14
- package/template/src/common/dto/mutation-response.dto.ts +1 -1
- package/template/src/common/dto/pagination-query.dto.ts +37 -0
- package/template/src/common/dto/role-summary.dto.ts +5 -5
- package/template/src/common/dto/user-summary.dto.ts +6 -6
- package/template/src/common/filters/http-exception.filter.ts +9 -19
- package/template/src/common/swagger/api-error-responses.ts +12 -12
- package/template/src/config/app.config.ts +3 -3
- package/template/src/config/auth.config.ts +3 -3
- package/template/src/config/database.config.ts +3 -3
- package/template/src/config/env.validation.ts +58 -40
- package/template/src/config/index.ts +5 -5
- package/template/src/config/rbac.config.ts +3 -3
- package/template/src/database/prisma/prisma-transaction.ts +1 -1
- package/template/src/database/prisma/prisma.module.ts +2 -2
- package/template/src/database/prisma/prisma.service.ts +3 -6
- package/template/src/main.ts +11 -11
- package/template/src/modules/access-control/access-control.module.ts +9 -9
- package/template/src/modules/access-control/application/role-permission-policy.ts +71 -0
- package/template/src/modules/access-control/application/route-registry.validator.ts +34 -63
- package/template/src/modules/access-control/application/services/ability.factory.ts +5 -9
- package/template/src/modules/access-control/application/services/access-control.service.ts +78 -85
- package/template/src/modules/access-control/application/services/permission.guard.ts +16 -21
- package/template/src/modules/access-control/application/services/rbac-cache.service.ts +7 -9
- package/template/src/modules/access-control/dto/access-control-response.dto.ts +32 -20
- package/template/src/modules/access-control/dto/create-role.dto.ts +6 -6
- package/template/src/modules/access-control/dto/update-role-permissions.dto.ts +3 -10
- package/template/src/modules/access-control/dto/update-role.dto.ts +6 -6
- package/template/src/modules/access-control/presentation/access-control.controller.ts +69 -74
- package/template/src/modules/access-control/presentation/permissions.decorator.ts +3 -3
- package/template/src/modules/access-control/presentation/public.decorator.ts +2 -2
- package/template/src/modules/access-control/types/permission-key.ts +19 -19
- package/template/src/modules/access-control/types/route-permission-registry.ts +76 -76
- package/template/src/modules/audit/application/services/audit.service.ts +7 -7
- package/template/src/modules/audit/audit.module.ts +4 -4
- package/template/src/modules/audit/dto/audit-response.dto.ts +18 -18
- package/template/src/modules/audit/dto/list-audit-logs-query.dto.ts +14 -14
- package/template/src/modules/audit/presentation/audit.controller.ts +17 -23
- package/template/src/modules/auth/application/services/auth.service.ts +147 -110
- package/template/src/modules/auth/application/services/password.service.ts +2 -2
- package/template/src/modules/auth/application/services/token.service.ts +20 -21
- package/template/src/modules/auth/auth.module.ts +20 -47
- package/template/src/modules/auth/dto/auth-response.dto.ts +9 -10
- package/template/src/modules/auth/dto/login.dto.ts +4 -4
- package/template/src/modules/auth/dto/logout.dto.ts +1 -1
- package/template/src/modules/auth/dto/oauth-exchange.dto.ts +4 -5
- package/template/src/modules/auth/dto/refresh-token.dto.ts +4 -5
- package/template/src/modules/auth/dto/signup.dto.ts +5 -11
- package/template/src/modules/auth/infrastructure/passport/google-auth.guard.ts +6 -14
- package/template/src/modules/auth/infrastructure/passport/google-oauth-state.store.ts +98 -0
- package/template/src/modules/auth/infrastructure/passport/google.strategy.ts +21 -30
- package/template/src/modules/auth/infrastructure/passport/jwt-auth.guard.ts +3 -3
- package/template/src/modules/auth/infrastructure/passport/jwt.strategy.ts +11 -11
- package/template/src/modules/auth/presentation/auth.controller.ts +45 -45
- package/template/src/modules/auth/presentation/current-user.decorator.ts +3 -5
- package/template/src/modules/auth/presentation/google-oauth-exception.filter.ts +5 -10
- package/template/src/modules/health/dto/health-response.dto.ts +5 -5
- package/template/src/modules/health/health.module.ts +2 -2
- package/template/src/modules/health/presentation/health.controller.ts +13 -13
- package/template/src/modules/invitations/application/services/invitations.service.ts +127 -176
- package/template/src/modules/invitations/dto/accept-invitation.dto.ts +6 -7
- package/template/src/modules/invitations/dto/create-invitation.dto.ts +14 -15
- package/template/src/modules/invitations/dto/invitation-response.dto.ts +37 -29
- package/template/src/modules/invitations/dto/invitation-token.dto.ts +4 -4
- package/template/src/modules/invitations/invitations.module.ts +5 -5
- package/template/src/modules/invitations/presentation/invitations.controller.ts +61 -63
- package/template/src/modules/memberships/application/services/memberships.service.ts +70 -84
- package/template/src/modules/memberships/dto/transfer-owner.dto.ts +4 -4
- package/template/src/modules/memberships/dto/update-billing-contact.dto.ts +2 -2
- package/template/src/modules/memberships/dto/update-membership-owner.dto.ts +2 -2
- package/template/src/modules/memberships/dto/update-membership-role.dto.ts +4 -4
- package/template/src/modules/memberships/dto/update-membership-status.dto.ts +3 -3
- package/template/src/modules/memberships/memberships.module.ts +4 -4
- package/template/src/modules/memberships/presentation/memberships.controller.ts +83 -99
- package/template/src/modules/organisations/application/services/organisations.service.ts +21 -23
- package/template/src/modules/organisations/dto/create-organisation.dto.ts +6 -13
- package/template/src/modules/organisations/dto/organisation-response.dto.ts +14 -14
- package/template/src/modules/organisations/infrastructure/repositories/organisations.repository.ts +4 -7
- package/template/src/modules/organisations/organisations.module.ts +5 -5
- package/template/src/modules/organisations/presentation/organisations.controller.ts +14 -23
- package/template/src/modules/organisations/types/default-organisation-data.ts +3 -9
- package/template/src/modules/request-context/application/services/request-context.service.ts +15 -7
- package/template/src/modules/request-context/presentation/org-scope.guard.ts +4 -9
- package/template/src/modules/request-context/presentation/request-context.interceptor.ts +4 -9
- package/template/src/modules/request-context/presentation/request-context.middleware.ts +7 -8
- package/template/src/modules/request-context/request-context.module.ts +7 -7
- package/template/src/modules/request-context/types/request-context.ts +2 -2
- package/template/src/modules/sample/application/services/sample.service.ts +10 -8
- package/template/src/modules/sample/dto/sample-echo.dto.ts +3 -3
- package/template/src/modules/sample/dto/sample-response.dto.ts +12 -12
- package/template/src/modules/sample/presentation/sample.controller.ts +25 -42
- package/template/src/modules/sample/sample.module.ts +4 -4
- package/template/src/modules/settings/application/services/settings.service.ts +15 -27
- package/template/src/modules/settings/dto/setting-response.dto.ts +9 -9
- package/template/src/modules/settings/dto/update-setting.dto.ts +5 -5
- package/template/src/modules/settings/presentation/settings.controller.ts +29 -35
- package/template/src/modules/settings/settings.module.ts +5 -5
- package/template/src/modules/settings/types/setting-definitions.ts +49 -33
- package/template/test/auth-refresh.spec.ts +90 -0
- package/template/test/role-permission-policy.spec.ts +94 -0
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
import { ForbiddenException } from '@nestjs/common';
|
|
2
|
+
import {
|
|
3
|
+
assertPermissionChangeWithinActor,
|
|
4
|
+
assertRoleWithinActorPermissions,
|
|
5
|
+
} from '../src/modules/access-control/application/role-permission-policy';
|
|
6
|
+
|
|
7
|
+
describe('assertRoleWithinActorPermissions', () => {
|
|
8
|
+
it('allows owners to assign any role', () => {
|
|
9
|
+
expect(() =>
|
|
10
|
+
assertRoleWithinActorPermissions({
|
|
11
|
+
actorIsOwner: true,
|
|
12
|
+
actorPermissionKeys: [],
|
|
13
|
+
rolePermissionKeys: ['billing.manage', 'roles.manage'],
|
|
14
|
+
}),
|
|
15
|
+
).not.toThrow();
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
it('allows a role whose permissions are a subset of the actor', () => {
|
|
19
|
+
expect(() =>
|
|
20
|
+
assertRoleWithinActorPermissions({
|
|
21
|
+
actorIsOwner: false,
|
|
22
|
+
actorPermissionKeys: ['users.read', 'users.update', 'roles.manage'],
|
|
23
|
+
rolePermissionKeys: ['users.read', 'users.update'],
|
|
24
|
+
}),
|
|
25
|
+
).not.toThrow();
|
|
26
|
+
});
|
|
27
|
+
|
|
28
|
+
it('rejects a role carrying a permission the actor does not hold', () => {
|
|
29
|
+
expect(() =>
|
|
30
|
+
assertRoleWithinActorPermissions({
|
|
31
|
+
actorIsOwner: false,
|
|
32
|
+
actorPermissionKeys: ['users.read'],
|
|
33
|
+
rolePermissionKeys: ['users.read', 'billing.manage'],
|
|
34
|
+
}),
|
|
35
|
+
).toThrow(/billing\.manage/u);
|
|
36
|
+
});
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
describe('assertPermissionChangeWithinActor', () => {
|
|
40
|
+
it('allows owners to make any change', () => {
|
|
41
|
+
expect(() =>
|
|
42
|
+
assertPermissionChangeWithinActor({
|
|
43
|
+
actorIsOwner: true,
|
|
44
|
+
actorPermissionKeys: [],
|
|
45
|
+
previousPermissionKeys: ['users.read'],
|
|
46
|
+
nextPermissionKeys: ['users.read', 'billing.manage'],
|
|
47
|
+
}),
|
|
48
|
+
).not.toThrow();
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
it('allows adding and removing permissions the actor holds', () => {
|
|
52
|
+
expect(() =>
|
|
53
|
+
assertPermissionChangeWithinActor({
|
|
54
|
+
actorIsOwner: false,
|
|
55
|
+
actorPermissionKeys: ['users.read', 'users.update'],
|
|
56
|
+
previousPermissionKeys: ['users.read'],
|
|
57
|
+
nextPermissionKeys: ['users.update'],
|
|
58
|
+
}),
|
|
59
|
+
).not.toThrow();
|
|
60
|
+
});
|
|
61
|
+
|
|
62
|
+
it('rejects adding a permission the actor does not hold', () => {
|
|
63
|
+
expect(() =>
|
|
64
|
+
assertPermissionChangeWithinActor({
|
|
65
|
+
actorIsOwner: false,
|
|
66
|
+
actorPermissionKeys: ['users.read'],
|
|
67
|
+
previousPermissionKeys: ['users.read'],
|
|
68
|
+
nextPermissionKeys: ['users.read', 'billing.manage'],
|
|
69
|
+
}),
|
|
70
|
+
).toThrow(/billing\.manage/u);
|
|
71
|
+
});
|
|
72
|
+
|
|
73
|
+
it('rejects revoking a permission the actor does not hold', () => {
|
|
74
|
+
expect(() =>
|
|
75
|
+
assertPermissionChangeWithinActor({
|
|
76
|
+
actorIsOwner: false,
|
|
77
|
+
actorPermissionKeys: ['users.read'],
|
|
78
|
+
previousPermissionKeys: ['users.read', 'billing.manage'],
|
|
79
|
+
nextPermissionKeys: ['users.read'],
|
|
80
|
+
}),
|
|
81
|
+
).toThrow(ForbiddenException);
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
it('allows an unchanged set even when it contains permissions the actor lacks', () => {
|
|
85
|
+
expect(() =>
|
|
86
|
+
assertPermissionChangeWithinActor({
|
|
87
|
+
actorIsOwner: false,
|
|
88
|
+
actorPermissionKeys: [],
|
|
89
|
+
previousPermissionKeys: ['billing.manage'],
|
|
90
|
+
nextPermissionKeys: ['billing.manage'],
|
|
91
|
+
}),
|
|
92
|
+
).not.toThrow();
|
|
93
|
+
});
|
|
94
|
+
});
|