@ftisindia/create-app 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/template/.env.example +6 -0
- package/template/README.md +11 -1
- package/template/_package.json +0 -2
- package/template/docs/API_REFERENCE.md +13 -0
- package/template/docs/OAUTH.md +7 -3
- package/template/scripts/gen-module.mjs +2 -0
- package/template/src/app.module.ts +16 -22
- package/template/src/common/dto/error-response.dto.ts +3 -3
- package/template/src/common/dto/membership-response.dto.ts +26 -14
- package/template/src/common/dto/mutation-response.dto.ts +1 -1
- package/template/src/common/dto/pagination-query.dto.ts +37 -0
- package/template/src/common/dto/role-summary.dto.ts +5 -5
- package/template/src/common/dto/user-summary.dto.ts +6 -6
- package/template/src/common/filters/http-exception.filter.ts +9 -19
- package/template/src/common/swagger/api-error-responses.ts +12 -12
- package/template/src/config/app.config.ts +8 -3
- package/template/src/config/auth.config.ts +3 -3
- package/template/src/config/database.config.ts +3 -3
- package/template/src/config/env.validation.ts +78 -40
- package/template/src/config/index.ts +5 -5
- package/template/src/config/rbac.config.ts +3 -3
- package/template/src/database/prisma/prisma-transaction.ts +1 -1
- package/template/src/database/prisma/prisma.module.ts +2 -2
- package/template/src/database/prisma/prisma.service.ts +3 -6
- package/template/src/main.ts +24 -11
- package/template/src/modules/access-control/access-control.module.ts +11 -10
- package/template/src/modules/access-control/application/role-permission-policy.ts +71 -0
- package/template/src/modules/access-control/application/route-registry.validator.ts +34 -63
- package/template/src/modules/access-control/application/services/ability.factory.ts +5 -9
- package/template/src/modules/access-control/application/services/access-control.service.ts +78 -85
- package/template/src/modules/access-control/application/services/permission.guard.ts +16 -21
- package/template/src/modules/access-control/application/services/rbac-cache.service.ts +7 -9
- package/template/src/modules/access-control/dto/access-control-response.dto.ts +32 -20
- package/template/src/modules/access-control/dto/create-role.dto.ts +6 -6
- package/template/src/modules/access-control/dto/current-access-control-response.dto.ts +31 -0
- package/template/src/modules/access-control/dto/update-role-permissions.dto.ts +3 -10
- package/template/src/modules/access-control/dto/update-role.dto.ts +6 -6
- package/template/src/modules/access-control/presentation/access-control.controller.ts +69 -74
- package/template/src/modules/access-control/presentation/current-access-control.controller.ts +40 -0
- package/template/src/modules/access-control/presentation/permissions.decorator.ts +3 -3
- package/template/src/modules/access-control/presentation/public.decorator.ts +2 -2
- package/template/src/modules/access-control/types/permission-key.ts +19 -19
- package/template/src/modules/access-control/types/route-permission-registry.ts +76 -76
- package/template/src/modules/audit/application/services/audit.service.ts +7 -7
- package/template/src/modules/audit/audit.module.ts +4 -4
- package/template/src/modules/audit/dto/audit-response.dto.ts +18 -18
- package/template/src/modules/audit/dto/list-audit-logs-query.dto.ts +14 -14
- package/template/src/modules/audit/presentation/audit.controller.ts +17 -23
- package/template/src/modules/auth/application/services/auth.service.ts +147 -110
- package/template/src/modules/auth/application/services/password.service.ts +2 -2
- package/template/src/modules/auth/application/services/token.service.ts +20 -21
- package/template/src/modules/auth/auth.module.ts +20 -47
- package/template/src/modules/auth/dto/auth-response.dto.ts +9 -10
- package/template/src/modules/auth/dto/login.dto.ts +4 -4
- package/template/src/modules/auth/dto/logout.dto.ts +1 -1
- package/template/src/modules/auth/dto/oauth-exchange.dto.ts +4 -5
- package/template/src/modules/auth/dto/refresh-token.dto.ts +4 -5
- package/template/src/modules/auth/dto/signup.dto.ts +5 -11
- package/template/src/modules/auth/infrastructure/passport/google-auth.guard.ts +6 -14
- package/template/src/modules/auth/infrastructure/passport/google-oauth-state.store.ts +98 -0
- package/template/src/modules/auth/infrastructure/passport/google.strategy.ts +21 -30
- package/template/src/modules/auth/infrastructure/passport/jwt-auth.guard.ts +3 -3
- package/template/src/modules/auth/infrastructure/passport/jwt.strategy.ts +11 -11
- package/template/src/modules/auth/presentation/auth.controller.ts +45 -45
- package/template/src/modules/auth/presentation/current-user.decorator.ts +3 -5
- package/template/src/modules/auth/presentation/google-oauth-exception.filter.ts +5 -10
- package/template/src/modules/health/dto/health-response.dto.ts +5 -5
- package/template/src/modules/health/health.module.ts +2 -2
- package/template/src/modules/health/presentation/health.controller.ts +13 -13
- package/template/src/modules/invitations/application/services/invitations.service.ts +127 -176
- package/template/src/modules/invitations/dto/accept-invitation.dto.ts +6 -7
- package/template/src/modules/invitations/dto/create-invitation.dto.ts +14 -15
- package/template/src/modules/invitations/dto/invitation-response.dto.ts +37 -29
- package/template/src/modules/invitations/dto/invitation-token.dto.ts +4 -4
- package/template/src/modules/invitations/invitations.module.ts +5 -5
- package/template/src/modules/invitations/presentation/invitations.controller.ts +61 -63
- package/template/src/modules/memberships/application/services/memberships.service.ts +70 -84
- package/template/src/modules/memberships/dto/transfer-owner.dto.ts +4 -4
- package/template/src/modules/memberships/dto/update-billing-contact.dto.ts +2 -2
- package/template/src/modules/memberships/dto/update-membership-owner.dto.ts +2 -2
- package/template/src/modules/memberships/dto/update-membership-role.dto.ts +4 -4
- package/template/src/modules/memberships/dto/update-membership-status.dto.ts +3 -3
- package/template/src/modules/memberships/memberships.module.ts +4 -4
- package/template/src/modules/memberships/presentation/memberships.controller.ts +83 -99
- package/template/src/modules/organisations/application/services/organisations.service.ts +87 -23
- package/template/src/modules/organisations/dto/create-organisation.dto.ts +6 -13
- package/template/src/modules/organisations/dto/organisation-response.dto.ts +65 -14
- package/template/src/modules/organisations/infrastructure/repositories/organisations.repository.ts +4 -7
- package/template/src/modules/organisations/organisations.module.ts +5 -5
- package/template/src/modules/organisations/presentation/organisations.controller.ts +31 -18
- package/template/src/modules/organisations/types/default-organisation-data.ts +3 -9
- package/template/src/modules/request-context/application/services/request-context.service.ts +15 -7
- package/template/src/modules/request-context/presentation/org-scope.guard.ts +4 -9
- package/template/src/modules/request-context/presentation/request-context.interceptor.ts +4 -9
- package/template/src/modules/request-context/presentation/request-context.middleware.ts +7 -8
- package/template/src/modules/request-context/request-context.module.ts +7 -7
- package/template/src/modules/request-context/types/request-context.ts +2 -2
- package/template/src/modules/sample/application/services/sample.service.ts +10 -8
- package/template/src/modules/sample/dto/sample-echo.dto.ts +3 -3
- package/template/src/modules/sample/dto/sample-response.dto.ts +12 -12
- package/template/src/modules/sample/presentation/sample.controller.ts +25 -42
- package/template/src/modules/sample/sample.module.ts +4 -4
- package/template/src/modules/settings/application/services/settings.service.ts +15 -27
- package/template/src/modules/settings/dto/setting-response.dto.ts +9 -9
- package/template/src/modules/settings/dto/update-setting.dto.ts +5 -5
- package/template/src/modules/settings/presentation/settings.controller.ts +29 -35
- package/template/src/modules/settings/settings.module.ts +5 -5
- package/template/src/modules/settings/types/setting-definitions.ts +49 -33
- package/template/test/auth-refresh.spec.ts +90 -0
- package/template/test/frontend-bootstrap.spec.ts +181 -0
- package/template/test/role-permission-policy.spec.ts +94 -0
- package/template/test/route-registry.validator.spec.ts +12 -0
- package/template/test/security.e2e-spec.ts +134 -2
|
@@ -8,7 +8,7 @@ import {
|
|
|
8
8
|
Res,
|
|
9
9
|
UseFilters,
|
|
10
10
|
UseGuards,
|
|
11
|
-
} from
|
|
11
|
+
} from '@nestjs/common';
|
|
12
12
|
import {
|
|
13
13
|
ApiBearerAuth,
|
|
14
14
|
ApiCreatedResponse,
|
|
@@ -16,35 +16,35 @@ import {
|
|
|
16
16
|
ApiOkResponse,
|
|
17
17
|
ApiOperation,
|
|
18
18
|
ApiTags,
|
|
19
|
-
} from
|
|
20
|
-
import { Throttle } from
|
|
21
|
-
import { RevokedResponseDto } from
|
|
22
|
-
import { ActiveUserSummaryDto } from
|
|
23
|
-
import { ApiErrorResponses } from
|
|
24
|
-
import { AuthService } from
|
|
25
|
-
import { AuthTokensResponseDto } from
|
|
26
|
-
import { LoginDto } from
|
|
27
|
-
import { LogoutDto } from
|
|
28
|
-
import { OAuthExchangeDto } from
|
|
29
|
-
import { RefreshTokenDto } from
|
|
30
|
-
import { SignupDto } from
|
|
31
|
-
import { GoogleAuthGuard } from
|
|
32
|
-
import { JwtAuthGuard } from
|
|
33
|
-
import { AuthenticatedUser } from
|
|
34
|
-
import { GoogleAuthProfile } from
|
|
35
|
-
import { CurrentUser } from
|
|
36
|
-
import { GoogleOAuthExceptionFilter } from
|
|
19
|
+
} from '@nestjs/swagger';
|
|
20
|
+
import { Throttle } from '@nestjs/throttler';
|
|
21
|
+
import { RevokedResponseDto } from '../../../common/dto/mutation-response.dto';
|
|
22
|
+
import { ActiveUserSummaryDto } from '../../../common/dto/user-summary.dto';
|
|
23
|
+
import { ApiErrorResponses } from '../../../common/swagger/api-error-responses';
|
|
24
|
+
import { AuthService } from '../application/services/auth.service';
|
|
25
|
+
import { AuthTokensResponseDto } from '../dto/auth-response.dto';
|
|
26
|
+
import { LoginDto } from '../dto/login.dto';
|
|
27
|
+
import { LogoutDto } from '../dto/logout.dto';
|
|
28
|
+
import { OAuthExchangeDto } from '../dto/oauth-exchange.dto';
|
|
29
|
+
import { RefreshTokenDto } from '../dto/refresh-token.dto';
|
|
30
|
+
import { SignupDto } from '../dto/signup.dto';
|
|
31
|
+
import { GoogleAuthGuard } from '../infrastructure/passport/google-auth.guard';
|
|
32
|
+
import { JwtAuthGuard } from '../infrastructure/passport/jwt-auth.guard';
|
|
33
|
+
import { AuthenticatedUser } from '../types/authenticated-user';
|
|
34
|
+
import { GoogleAuthProfile } from '../types/google-auth-profile';
|
|
35
|
+
import { CurrentUser } from './current-user.decorator';
|
|
36
|
+
import { GoogleOAuthExceptionFilter } from './google-oauth-exception.filter';
|
|
37
37
|
|
|
38
|
-
@ApiTags(
|
|
39
|
-
@Controller(
|
|
38
|
+
@ApiTags('Auth')
|
|
39
|
+
@Controller('auth')
|
|
40
40
|
export class AuthController {
|
|
41
41
|
constructor(private readonly authService: AuthService) {}
|
|
42
42
|
|
|
43
|
-
@Post(
|
|
43
|
+
@Post('signup')
|
|
44
44
|
@Throttle({ default: { limit: 5, ttl: 60_000 } })
|
|
45
|
-
@ApiOperation({ summary:
|
|
45
|
+
@ApiOperation({ summary: 'Create an email/password user and issue tokens.' })
|
|
46
46
|
@ApiCreatedResponse({
|
|
47
|
-
description:
|
|
47
|
+
description: 'User created and tokens issued.',
|
|
48
48
|
type: AuthTokensResponseDto,
|
|
49
49
|
})
|
|
50
50
|
@ApiErrorResponses(400, 409, 429)
|
|
@@ -52,12 +52,12 @@ export class AuthController {
|
|
|
52
52
|
return this.authService.signup(dto);
|
|
53
53
|
}
|
|
54
54
|
|
|
55
|
-
@Post(
|
|
55
|
+
@Post('login')
|
|
56
56
|
@HttpCode(200)
|
|
57
57
|
@Throttle({ default: { limit: 5, ttl: 60_000 } })
|
|
58
|
-
@ApiOperation({ summary:
|
|
58
|
+
@ApiOperation({ summary: 'Login with email/password.' })
|
|
59
59
|
@ApiOkResponse({
|
|
60
|
-
description:
|
|
60
|
+
description: 'Login succeeded and tokens were issued.',
|
|
61
61
|
type: AuthTokensResponseDto,
|
|
62
62
|
})
|
|
63
63
|
@ApiErrorResponses(400, 401, 429)
|
|
@@ -65,14 +65,14 @@ export class AuthController {
|
|
|
65
65
|
return this.authService.login(dto);
|
|
66
66
|
}
|
|
67
67
|
|
|
68
|
-
@Post(
|
|
68
|
+
@Post('refresh')
|
|
69
69
|
@HttpCode(200)
|
|
70
70
|
@Throttle({ default: { limit: 10, ttl: 60_000 } })
|
|
71
71
|
@ApiOperation({
|
|
72
|
-
summary:
|
|
72
|
+
summary: 'Rotate a refresh token and issue a new access token.',
|
|
73
73
|
})
|
|
74
74
|
@ApiOkResponse({
|
|
75
|
-
description:
|
|
75
|
+
description: 'Refresh token rotated.',
|
|
76
76
|
type: AuthTokensResponseDto,
|
|
77
77
|
})
|
|
78
78
|
@ApiErrorResponses(400, 401, 429)
|
|
@@ -80,14 +80,14 @@ export class AuthController {
|
|
|
80
80
|
return this.authService.refresh(dto);
|
|
81
81
|
}
|
|
82
82
|
|
|
83
|
-
@Post(
|
|
83
|
+
@Post('oauth/exchange')
|
|
84
84
|
@HttpCode(200)
|
|
85
85
|
@Throttle({ default: { limit: 10, ttl: 60_000 } })
|
|
86
86
|
@ApiOperation({
|
|
87
|
-
summary:
|
|
87
|
+
summary: 'Exchange a Google OAuth one-time code for tokens.',
|
|
88
88
|
})
|
|
89
89
|
@ApiOkResponse({
|
|
90
|
-
description:
|
|
90
|
+
description: 'OAuth exchange succeeded.',
|
|
91
91
|
type: AuthTokensResponseDto,
|
|
92
92
|
})
|
|
93
93
|
@ApiErrorResponses(400, 401, 429)
|
|
@@ -95,11 +95,11 @@ export class AuthController {
|
|
|
95
95
|
return this.authService.exchangeOAuthCode(dto);
|
|
96
96
|
}
|
|
97
97
|
|
|
98
|
-
@Post(
|
|
98
|
+
@Post('logout')
|
|
99
99
|
@HttpCode(200)
|
|
100
|
-
@ApiOperation({ summary:
|
|
100
|
+
@ApiOperation({ summary: 'Revoke a refresh token.' })
|
|
101
101
|
@ApiOkResponse({
|
|
102
|
-
description:
|
|
102
|
+
description: 'Refresh token is revoked or already unusable.',
|
|
103
103
|
type: RevokedResponseDto,
|
|
104
104
|
})
|
|
105
105
|
@ApiErrorResponses(400)
|
|
@@ -107,22 +107,22 @@ export class AuthController {
|
|
|
107
107
|
return this.authService.logout(dto);
|
|
108
108
|
}
|
|
109
109
|
|
|
110
|
-
@Get(
|
|
110
|
+
@Get('google')
|
|
111
111
|
@UseFilters(GoogleOAuthExceptionFilter)
|
|
112
112
|
@UseGuards(GoogleAuthGuard)
|
|
113
|
-
@ApiOperation({ summary:
|
|
114
|
-
@ApiFoundResponse({ description:
|
|
113
|
+
@ApiOperation({ summary: 'Start the Google OAuth login flow.' })
|
|
114
|
+
@ApiFoundResponse({ description: 'Redirects the browser to Google OAuth.' })
|
|
115
115
|
@ApiErrorResponses(403)
|
|
116
116
|
google() {
|
|
117
117
|
return undefined;
|
|
118
118
|
}
|
|
119
119
|
|
|
120
|
-
@Get(
|
|
120
|
+
@Get('google/callback')
|
|
121
121
|
@UseFilters(GoogleOAuthExceptionFilter)
|
|
122
122
|
@UseGuards(GoogleAuthGuard)
|
|
123
|
-
@ApiOperation({ summary:
|
|
123
|
+
@ApiOperation({ summary: 'Handle the Google OAuth callback.' })
|
|
124
124
|
@ApiFoundResponse({
|
|
125
|
-
description:
|
|
125
|
+
description: 'Redirects to the configured frontend success or error URL.',
|
|
126
126
|
})
|
|
127
127
|
@ApiErrorResponses(401, 403)
|
|
128
128
|
async googleCallback(
|
|
@@ -133,12 +133,12 @@ export class AuthController {
|
|
|
133
133
|
response.redirect(302, redirectUrl);
|
|
134
134
|
}
|
|
135
135
|
|
|
136
|
-
@Get(
|
|
136
|
+
@Get('me')
|
|
137
137
|
@UseGuards(JwtAuthGuard)
|
|
138
138
|
@ApiBearerAuth()
|
|
139
|
-
@ApiOperation({ summary:
|
|
139
|
+
@ApiOperation({ summary: 'Return the current JWT identity.' })
|
|
140
140
|
@ApiOkResponse({
|
|
141
|
-
description:
|
|
141
|
+
description: 'Current authenticated user.',
|
|
142
142
|
type: ActiveUserSummaryDto,
|
|
143
143
|
})
|
|
144
144
|
@ApiErrorResponses(401)
|
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
import { createParamDecorator, ExecutionContext } from
|
|
2
|
-
import { AuthenticatedUser } from
|
|
1
|
+
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { AuthenticatedUser } from '../types/authenticated-user';
|
|
3
3
|
|
|
4
4
|
export const CurrentUser = createParamDecorator(
|
|
5
5
|
(_data: unknown, context: ExecutionContext): AuthenticatedUser => {
|
|
6
|
-
const request = context
|
|
7
|
-
.switchToHttp()
|
|
8
|
-
.getRequest<{ user: AuthenticatedUser }>();
|
|
6
|
+
const request = context.switchToHttp().getRequest<{ user: AuthenticatedUser }>();
|
|
9
7
|
return request.user;
|
|
10
8
|
},
|
|
11
9
|
);
|
|
@@ -1,10 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
3
|
-
Catch,
|
|
4
|
-
ExceptionFilter,
|
|
5
|
-
Injectable,
|
|
6
|
-
} from "@nestjs/common";
|
|
7
|
-
import { ConfigService } from "@nestjs/config";
|
|
1
|
+
import { ArgumentsHost, Catch, ExceptionFilter, Injectable } from '@nestjs/common';
|
|
2
|
+
import { ConfigService } from '@nestjs/config';
|
|
8
3
|
|
|
9
4
|
type RedirectResponse = {
|
|
10
5
|
headersSent?: boolean;
|
|
@@ -23,10 +18,10 @@ export class GoogleOAuthExceptionFilter implements ExceptionFilter {
|
|
|
23
18
|
}
|
|
24
19
|
|
|
25
20
|
const redirectUrl = new URL(
|
|
26
|
-
this.config.get<string>(
|
|
27
|
-
|
|
21
|
+
this.config.get<string>('auth.google.errorRedirectUrl') ??
|
|
22
|
+
'http://localhost:3000/auth/google/error',
|
|
28
23
|
);
|
|
29
|
-
redirectUrl.searchParams.set(
|
|
24
|
+
redirectUrl.searchParams.set('error', 'oauth_failed');
|
|
30
25
|
|
|
31
26
|
response.redirect(302, redirectUrl.toString());
|
|
32
27
|
}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { ApiProperty } from
|
|
1
|
+
import { ApiProperty } from '@nestjs/swagger';
|
|
2
2
|
|
|
3
3
|
export class HealthResponseDto {
|
|
4
|
-
@ApiProperty({ example:
|
|
5
|
-
status!:
|
|
4
|
+
@ApiProperty({ example: 'ok' })
|
|
5
|
+
status!: 'ok';
|
|
6
6
|
|
|
7
|
-
@ApiProperty({ example:
|
|
8
|
-
db!:
|
|
7
|
+
@ApiProperty({ example: 'ok' })
|
|
8
|
+
db!: 'ok';
|
|
9
9
|
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { Module } from
|
|
2
|
-
import { HealthController } from
|
|
1
|
+
import { Module } from '@nestjs/common';
|
|
2
|
+
import { HealthController } from './presentation/health.controller';
|
|
3
3
|
|
|
4
4
|
@Module({
|
|
5
5
|
controllers: [HealthController],
|
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
import { Controller, Get, ServiceUnavailableException } from
|
|
2
|
-
import { ApiOkResponse, ApiOperation, ApiTags } from
|
|
3
|
-
import { ApiErrorResponses } from
|
|
4
|
-
import { PrismaService } from
|
|
5
|
-
import { Public } from
|
|
6
|
-
import { HealthResponseDto } from
|
|
1
|
+
import { Controller, Get, ServiceUnavailableException } from '@nestjs/common';
|
|
2
|
+
import { ApiOkResponse, ApiOperation, ApiTags } from '@nestjs/swagger';
|
|
3
|
+
import { ApiErrorResponses } from '../../../common/swagger/api-error-responses';
|
|
4
|
+
import { PrismaService } from '../../../database/prisma/prisma.service';
|
|
5
|
+
import { Public } from '../../access-control/presentation/public.decorator';
|
|
6
|
+
import { HealthResponseDto } from '../dto/health-response.dto';
|
|
7
7
|
|
|
8
|
-
@ApiTags(
|
|
9
|
-
@Controller(
|
|
8
|
+
@ApiTags('Health')
|
|
9
|
+
@Controller('health')
|
|
10
10
|
export class HealthController {
|
|
11
11
|
constructor(private readonly prisma: PrismaService) {}
|
|
12
12
|
|
|
13
13
|
@Get()
|
|
14
14
|
@Public()
|
|
15
|
-
@ApiOperation({ summary:
|
|
15
|
+
@ApiOperation({ summary: 'Check API and database health.' })
|
|
16
16
|
@ApiOkResponse({
|
|
17
|
-
description:
|
|
17
|
+
description: 'API and database are healthy.',
|
|
18
18
|
type: HealthResponseDto,
|
|
19
19
|
})
|
|
20
20
|
@ApiErrorResponses(503)
|
|
@@ -22,12 +22,12 @@ export class HealthController {
|
|
|
22
22
|
try {
|
|
23
23
|
await this.prisma.$queryRaw`SELECT 1`;
|
|
24
24
|
} catch {
|
|
25
|
-
throw new ServiceUnavailableException(
|
|
25
|
+
throw new ServiceUnavailableException('Database health check failed.');
|
|
26
26
|
}
|
|
27
27
|
|
|
28
28
|
return {
|
|
29
|
-
status:
|
|
30
|
-
db:
|
|
29
|
+
status: 'ok',
|
|
30
|
+
db: 'ok',
|
|
31
31
|
};
|
|
32
32
|
}
|
|
33
33
|
}
|