@ftisindia/create-app 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/template/.env.example +31 -0
- package/template/README.md +61 -0
- package/template/_gitignore +6 -0
- package/template/_package.json +6 -0
- package/template/docs/FORMS.md +169 -0
- package/template/docs/FORMS_CHECKLIST.md +61 -0
- package/template/docs/REPORTS.md +246 -0
- package/template/docs/REPORTS_CHECKLIST.md +97 -0
- package/template/prisma/migrations/20260612000000_add_form_builder/migration.sql +147 -0
- package/template/prisma/migrations/20260613000000_add_report_builder/migration.sql +129 -0
- package/template/prisma/schema.prisma +285 -0
- package/template/scripts/export-openapi.ts +85 -0
- package/template/scripts/gen-form.mjs +149 -0
- package/template/scripts/push-form.ts +124 -0
- package/template/src/app.module.ts +29 -8
- package/template/src/common/dto/membership-response.dto.ts +1 -0
- package/template/src/common/dto/role-summary.dto.ts +3 -3
- package/template/src/common/dto/user-summary.dto.ts +3 -3
- package/template/src/config/app.config.ts +6 -1
- package/template/src/config/env.validation.ts +45 -0
- package/template/src/config/forms.config.ts +12 -0
- package/template/src/config/index.ts +2 -0
- package/template/src/config/openapi.ts +12 -0
- package/template/src/config/reports-secret.ts +15 -0
- package/template/src/config/reports.config.ts +16 -0
- package/template/src/main.ts +16 -12
- package/template/src/modules/access-control/access-control.module.ts +2 -1
- package/template/src/modules/access-control/dto/access-control-response.dto.ts +3 -0
- package/template/src/modules/access-control/dto/current-access-control-response.dto.ts +35 -0
- package/template/src/modules/access-control/presentation/current-access-control.controller.ts +40 -0
- package/template/src/modules/access-control/types/permission-key.ts +27 -0
- package/template/src/modules/access-control/types/route-permission-registry.ts +183 -0
- package/template/src/modules/audit/dto/audit-response.dto.ts +7 -3
- package/template/src/modules/auth/auth.module.ts +3 -1
- package/template/src/modules/auth/dto/auth-response.dto.ts +1 -1
- package/template/src/modules/forms/application/services/file-gc.service.ts +85 -0
- package/template/src/modules/forms/application/services/forms-definitions.service.ts +137 -0
- package/template/src/modules/forms/application/services/forms-error.mapper.ts +64 -0
- package/template/src/modules/forms/application/services/forms-export.service.ts +210 -0
- package/template/src/modules/forms/application/services/forms-files.service.ts +164 -0
- package/template/src/modules/forms/application/services/forms-public.service.ts +49 -0
- package/template/src/modules/forms/application/services/forms-settings-reader.service.ts +53 -0
- package/template/src/modules/forms/application/services/forms-submissions.service.ts +103 -0
- package/template/src/modules/forms/application/services/handlers/authenticate.action.ts +37 -0
- package/template/src/modules/forms/application/services/handlers/logging-email.handler.ts +22 -0
- package/template/src/modules/forms/application/services/handlers/send-confirmation-email.action.ts +40 -0
- package/template/src/modules/forms/application/services/handlers/webhook.handler.ts +41 -0
- package/template/src/modules/forms/application/services/outbox-dispatcher.service.ts +109 -0
- package/template/src/modules/forms/dto/create-form-definition.dto.ts +12 -0
- package/template/src/modules/forms/dto/data-source-response.dto.ts +19 -0
- package/template/src/modules/forms/dto/export-submissions-query.dto.ts +33 -0
- package/template/src/modules/forms/dto/file-upload-response.dto.ts +24 -0
- package/template/src/modules/forms/dto/form-definition-response.dto.ts +50 -0
- package/template/src/modules/forms/dto/form-render-response.dto.ts +17 -0
- package/template/src/modules/forms/dto/list-form-definitions-query.dto.ts +10 -0
- package/template/src/modules/forms/dto/list-submissions-query.dto.ts +10 -0
- package/template/src/modules/forms/dto/public-submit-form.dto.ts +24 -0
- package/template/src/modules/forms/dto/set-public-access.dto.ts +8 -0
- package/template/src/modules/forms/dto/submission-response.dto.ts +99 -0
- package/template/src/modules/forms/dto/submit-form.dto.ts +50 -0
- package/template/src/modules/forms/dto/update-form-definition.dto.ts +12 -0
- package/template/src/modules/forms/dto/upload-file-query.dto.ts +33 -0
- package/template/src/modules/forms/dto/validate-submission.dto.ts +22 -0
- package/template/src/modules/forms/examples/abstract-submission.form.json +80 -0
- package/template/src/modules/forms/examples/login.form.json +24 -0
- package/template/src/modules/forms/examples/registration.form.json +44 -0
- package/template/src/modules/forms/forms.module.ts +226 -0
- package/template/src/modules/forms/forms.tokens.ts +6 -0
- package/template/src/modules/forms/infrastructure/audit-sink.adapter.ts +30 -0
- package/template/src/modules/forms/infrastructure/casl-forms-authorization.ts +31 -0
- package/template/src/modules/forms/infrastructure/prisma-tx-runner.ts +17 -0
- package/template/src/modules/forms/infrastructure/registry/form-extension.decorators.ts +17 -0
- package/template/src/modules/forms/infrastructure/registry/registry-bootstrap.service.ts +82 -0
- package/template/src/modules/forms/infrastructure/request-forms-context.ts +60 -0
- package/template/src/modules/forms/infrastructure/schema-check/forms-schema-check.service.ts +76 -0
- package/template/src/modules/forms/infrastructure/storage/local-disk-storage.adapter.ts +43 -0
- package/template/src/modules/forms/infrastructure/stores/index.ts +5 -0
- package/template/src/modules/forms/infrastructure/stores/prisma-action-log.store.ts +37 -0
- package/template/src/modules/forms/infrastructure/stores/prisma-file.store.ts +108 -0
- package/template/src/modules/forms/infrastructure/stores/prisma-form-definition.store.ts +147 -0
- package/template/src/modules/forms/infrastructure/stores/prisma-outbox.store.ts +133 -0
- package/template/src/modules/forms/infrastructure/stores/prisma-submission.store.ts +164 -0
- package/template/src/modules/forms/presentation/forms-data-sources.controller.ts +58 -0
- package/template/src/modules/forms/presentation/forms-definitions.controller.ts +191 -0
- package/template/src/modules/forms/presentation/forms-files.controller.ts +79 -0
- package/template/src/modules/forms/presentation/forms-submissions.controller.ts +154 -0
- package/template/src/modules/forms/presentation/forms-upload.interceptor.ts +33 -0
- package/template/src/modules/forms/presentation/public-forms.controller.ts +51 -0
- package/template/src/modules/invitations/dto/invitation-response.dto.ts +4 -0
- package/template/src/modules/organisations/application/services/organisations.service.ts +67 -1
- package/template/src/modules/organisations/dto/organisation-response.dto.ts +52 -0
- package/template/src/modules/organisations/presentation/organisations.controller.ts +25 -3
- package/template/src/modules/reports/application/services/reports-actions.service.ts +54 -0
- package/template/src/modules/reports/application/services/reports-definitions.service.ts +66 -0
- package/template/src/modules/reports/application/services/reports-error.mapper.ts +97 -0
- package/template/src/modules/reports/application/services/reports-export-dispatcher.service.ts +124 -0
- package/template/src/modules/reports/application/services/reports-exports.service.ts +74 -0
- package/template/src/modules/reports/application/services/reports-queries.service.ts +35 -0
- package/template/src/modules/reports/application/services/reports-settings-reader.service.ts +49 -0
- package/template/src/modules/reports/application/services/reports-views.service.ts +79 -0
- package/template/src/modules/reports/dto/action-result-response.dto.ts +21 -0
- package/template/src/modules/reports/dto/create-report-definition.dto.ts +86 -0
- package/template/src/modules/reports/dto/create-saved-view.dto.ts +26 -0
- package/template/src/modules/reports/dto/execute-action.dto.ts +71 -0
- package/template/src/modules/reports/dto/export-job-response.dto.ts +60 -0
- package/template/src/modules/reports/dto/export-request.dto.ts +34 -0
- package/template/src/modules/reports/dto/list-reports-query.dto.ts +10 -0
- package/template/src/modules/reports/dto/list-views-query.dto.ts +17 -0
- package/template/src/modules/reports/dto/prepare-action-response.dto.ts +14 -0
- package/template/src/modules/reports/dto/prepare-action.dto.ts +27 -0
- package/template/src/modules/reports/dto/query-response.dto.ts +64 -0
- package/template/src/modules/reports/dto/query-spec.dto.ts +120 -0
- package/template/src/modules/reports/dto/report-definition-response.dto.ts +64 -0
- package/template/src/modules/reports/dto/report-meta-query.dto.ts +16 -0
- package/template/src/modules/reports/dto/report-meta-response.dto.ts +113 -0
- package/template/src/modules/reports/dto/saved-view-response.dto.ts +66 -0
- package/template/src/modules/reports/dto/update-report-definition.dto.ts +9 -0
- package/template/src/modules/reports/dto/update-saved-view.dto.ts +27 -0
- package/template/src/modules/reports/examples/abstract-review-board.report.json +54 -0
- package/template/src/modules/reports/examples/org-members.report.json +55 -0
- package/template/src/modules/reports/infrastructure/audit-sink.adapter.ts +31 -0
- package/template/src/modules/reports/infrastructure/casl-reports-authorization.ts +39 -0
- package/template/src/modules/reports/infrastructure/forms-adapter/form-report-source.adapter.ts +292 -0
- package/template/src/modules/reports/infrastructure/forms-adapter/form-row-actions.ts +171 -0
- package/template/src/modules/reports/infrastructure/forms-adapter/forms-bridge-bootstrap.service.ts +32 -0
- package/template/src/modules/reports/infrastructure/prisma-catalog.adapter.ts +95 -0
- package/template/src/modules/reports/infrastructure/prisma-query-executor.ts +103 -0
- package/template/src/modules/reports/infrastructure/prisma-snapshot-runner.ts +47 -0
- package/template/src/modules/reports/infrastructure/prisma-tx-runner.ts +18 -0
- package/template/src/modules/reports/infrastructure/registry/registry-bootstrap.service.ts +61 -0
- package/template/src/modules/reports/infrastructure/registry/report-extension.decorators.ts +14 -0
- package/template/src/modules/reports/infrastructure/reports-job-queue.adapter.ts +28 -0
- package/template/src/modules/reports/infrastructure/request-reports-context.ts +42 -0
- package/template/src/modules/reports/infrastructure/schema-check/reports-schema-check.service.ts +116 -0
- package/template/src/modules/reports/infrastructure/storage/local-disk-export-storage.adapter.ts +79 -0
- package/template/src/modules/reports/infrastructure/stores/index.ts +5 -0
- package/template/src/modules/reports/infrastructure/stores/prisma-bulk-action-run.store.ts +89 -0
- package/template/src/modules/reports/infrastructure/stores/prisma-export-job.store.ts +93 -0
- package/template/src/modules/reports/infrastructure/stores/prisma-report-definition.store.ts +171 -0
- package/template/src/modules/reports/infrastructure/stores/prisma-row-tag.store.ts +110 -0
- package/template/src/modules/reports/infrastructure/stores/prisma-saved-view.store.ts +144 -0
- package/template/src/modules/reports/presentation/reports-actions.controller.ts +83 -0
- package/template/src/modules/reports/presentation/reports-definitions.controller.ts +156 -0
- package/template/src/modules/reports/presentation/reports-export-jobs.controller.ts +61 -0
- package/template/src/modules/reports/presentation/reports-export.controller.ts +76 -0
- package/template/src/modules/reports/presentation/reports-query.controller.ts +52 -0
- package/template/src/modules/reports/presentation/reports-views.controller.ts +140 -0
- package/template/src/modules/reports/reports-forms.module.ts +33 -0
- package/template/src/modules/reports/reports.module.ts +335 -0
- package/template/src/modules/reports/reports.tokens.ts +11 -0
- package/template/src/modules/reports/sources/org-members.source.ts +112 -0
- package/template/src/modules/settings/types/setting-definitions.ts +94 -0
- package/template/test/forms-definitions.e2e-spec.ts +394 -0
- package/template/test/forms-export.e2e-spec.ts +390 -0
- package/template/test/forms-files.e2e-spec.ts +345 -0
- package/template/test/forms-outbox.e2e-spec.ts +309 -0
- package/template/test/forms-permission-sync.spec.ts +27 -0
- package/template/test/forms-public.e2e-spec.ts +269 -0
- package/template/test/forms-schema-check.e2e-spec.ts +65 -0
- package/template/test/forms-submissions.e2e-spec.ts +500 -0
- package/template/test/forms-webhooks.e2e-spec.ts +261 -0
- package/template/test/frontend-bootstrap.spec.ts +181 -0
- package/template/test/reports-advanced.e2e-spec.ts +368 -0
- package/template/test/reports-permission-sync.spec.ts +30 -0
- package/template/test/reports-query.e2e-spec.ts +350 -0
- package/template/test/reports-tiers.e2e-spec.ts +257 -0
- package/template/test/route-registry.validator.spec.ts +34 -0
- package/template/test/security.e2e-spec.ts +134 -2
|
@@ -72,7 +72,101 @@ describe('Security invariants (e2e)', () => {
|
|
|
72
72
|
.expect(403);
|
|
73
73
|
});
|
|
74
74
|
|
|
75
|
+
it('requires authentication for frontend bootstrap endpoints', async () => {
|
|
76
|
+
const { orgId } = await createUserAndOrg('bootstrap-auth');
|
|
77
|
+
|
|
78
|
+
await request(app.getHttpServer()).get('/organisations/mine').expect(401);
|
|
79
|
+
await request(app.getHttpServer()).get(`/organisations/${orgId}/access-control/me`).expect(401);
|
|
80
|
+
});
|
|
81
|
+
|
|
82
|
+
it('lists only active current-user organisations with cursor pagination shape', async () => {
|
|
83
|
+
const first = await createUserAndOrg('mine-active');
|
|
84
|
+
const second = await createOrganisation(first.accessToken, 'mine-suspended');
|
|
85
|
+
|
|
86
|
+
await prisma.membership.update({
|
|
87
|
+
where: { id: second.membershipId },
|
|
88
|
+
data: { status: MembershipStatus.SUSPENDED },
|
|
89
|
+
});
|
|
90
|
+
|
|
91
|
+
const response = await request(app.getHttpServer())
|
|
92
|
+
.get('/organisations/mine')
|
|
93
|
+
.set('Authorization', `Bearer ${first.accessToken}`)
|
|
94
|
+
.expect(200);
|
|
95
|
+
|
|
96
|
+
expect(response.body).toEqual({
|
|
97
|
+
items: [
|
|
98
|
+
expect.objectContaining({
|
|
99
|
+
id: first.orgId,
|
|
100
|
+
membershipId: first.membershipId,
|
|
101
|
+
roleId: expect.any(String),
|
|
102
|
+
role: expect.objectContaining({ name: 'Owner' }),
|
|
103
|
+
isOwner: true,
|
|
104
|
+
isBillingContact: true,
|
|
105
|
+
}),
|
|
106
|
+
],
|
|
107
|
+
nextCursor: null,
|
|
108
|
+
});
|
|
109
|
+
});
|
|
110
|
+
|
|
111
|
+
it('returns effective access-control context for an active member without roles.read', async () => {
|
|
112
|
+
const owner = await createUserAndOrg('access-me-owner');
|
|
113
|
+
const member = await createMemberInOrg(owner.orgId, 'access-me-member');
|
|
114
|
+
|
|
115
|
+
const response = await request(app.getHttpServer())
|
|
116
|
+
.get(`/organisations/${owner.orgId}/access-control/me`)
|
|
117
|
+
.set('Authorization', `Bearer ${member.accessToken}`)
|
|
118
|
+
.expect(200);
|
|
119
|
+
|
|
120
|
+
expect(response.body).toEqual({
|
|
121
|
+
orgId: owner.orgId,
|
|
122
|
+
membershipId: member.membershipId,
|
|
123
|
+
roleId: member.roleId,
|
|
124
|
+
isOwner: false,
|
|
125
|
+
isBillingContact: false,
|
|
126
|
+
permissionKeys: [],
|
|
127
|
+
});
|
|
128
|
+
});
|
|
129
|
+
|
|
130
|
+
it('denies access-control context to non-members', async () => {
|
|
131
|
+
const first = await createUserAndOrg('access-me-a');
|
|
132
|
+
const second = await createUserAndOrg('access-me-b');
|
|
133
|
+
|
|
134
|
+
await request(app.getHttpServer())
|
|
135
|
+
.get(`/organisations/${second.orgId}/access-control/me`)
|
|
136
|
+
.set('Authorization', `Bearer ${first.accessToken}`)
|
|
137
|
+
.expect(403);
|
|
138
|
+
});
|
|
139
|
+
|
|
140
|
+
it.each([MembershipStatus.SUSPENDED, MembershipStatus.REVOKED])(
|
|
141
|
+
'denies access-control context for %s memberships',
|
|
142
|
+
async (status) => {
|
|
143
|
+
const owner = await createUserAndOrg(`access-me-${status.toLowerCase()}`);
|
|
144
|
+
const member = await createMemberInOrg(owner.orgId, `member-${status.toLowerCase()}`);
|
|
145
|
+
|
|
146
|
+
await prisma.membership.update({
|
|
147
|
+
where: { id: member.membershipId },
|
|
148
|
+
data: { status },
|
|
149
|
+
});
|
|
150
|
+
|
|
151
|
+
await request(app.getHttpServer())
|
|
152
|
+
.get(`/organisations/${owner.orgId}/access-control/me`)
|
|
153
|
+
.set('Authorization', `Bearer ${member.accessToken}`)
|
|
154
|
+
.expect(403);
|
|
155
|
+
},
|
|
156
|
+
);
|
|
157
|
+
|
|
75
158
|
async function createUserAndOrg(label: string) {
|
|
159
|
+
const user = await createUser(label);
|
|
160
|
+
const org = await createOrganisation(user.accessToken, label);
|
|
161
|
+
|
|
162
|
+
return {
|
|
163
|
+
...user,
|
|
164
|
+
orgId: org.orgId,
|
|
165
|
+
membershipId: org.membershipId,
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
async function createUser(label: string) {
|
|
76
170
|
const suffix = `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
|
|
77
171
|
const signup = await request(app.getHttpServer())
|
|
78
172
|
.post('/auth/signup')
|
|
@@ -83,7 +177,14 @@ describe('Security invariants (e2e)', () => {
|
|
|
83
177
|
})
|
|
84
178
|
.expect(201);
|
|
85
179
|
|
|
86
|
-
|
|
180
|
+
return {
|
|
181
|
+
accessToken: signup.body.accessToken as string,
|
|
182
|
+
userId: signup.body.user.id as string,
|
|
183
|
+
};
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
async function createOrganisation(accessToken: string, label: string) {
|
|
187
|
+
const suffix = `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
|
|
87
188
|
const org = await request(app.getHttpServer())
|
|
88
189
|
.post('/organisations')
|
|
89
190
|
.set('Authorization', `Bearer ${accessToken}`)
|
|
@@ -94,9 +195,40 @@ describe('Security invariants (e2e)', () => {
|
|
|
94
195
|
.expect(201);
|
|
95
196
|
|
|
96
197
|
return {
|
|
97
|
-
accessToken,
|
|
98
198
|
orgId: org.body.organisation.id as string,
|
|
99
199
|
membershipId: org.body.membership.id as string,
|
|
100
200
|
};
|
|
101
201
|
}
|
|
202
|
+
|
|
203
|
+
async function createMemberInOrg(orgId: string, label: string) {
|
|
204
|
+
const user = await createUser(label);
|
|
205
|
+
const role = await prisma.role.findUniqueOrThrow({
|
|
206
|
+
where: {
|
|
207
|
+
orgId_name: {
|
|
208
|
+
orgId,
|
|
209
|
+
name: 'Viewer',
|
|
210
|
+
},
|
|
211
|
+
},
|
|
212
|
+
select: {
|
|
213
|
+
id: true,
|
|
214
|
+
},
|
|
215
|
+
});
|
|
216
|
+
const membership = await prisma.membership.create({
|
|
217
|
+
data: {
|
|
218
|
+
userId: user.userId,
|
|
219
|
+
orgId,
|
|
220
|
+
roleId: role.id,
|
|
221
|
+
},
|
|
222
|
+
select: {
|
|
223
|
+
id: true,
|
|
224
|
+
roleId: true,
|
|
225
|
+
},
|
|
226
|
+
});
|
|
227
|
+
|
|
228
|
+
return {
|
|
229
|
+
...user,
|
|
230
|
+
membershipId: membership.id,
|
|
231
|
+
roleId: membership.roleId,
|
|
232
|
+
};
|
|
233
|
+
}
|
|
102
234
|
});
|