@hed-hog/core 0.0.300 → 0.0.301

package/src/ai/ai.service.ts

@@ -7,12 +7,14 @@ import {
     Injectable,
     Logger,
     NotFoundException,
+    OnModuleInit,
 } from '@nestjs/common';
 import axios from 'axios';
 import { createHash } from 'crypto';
 import pdfParse from 'pdf-parse';
 import { DeleteDTO } from '../dto/delete.dto';
 import { FileService } from '../file/file.service';
+import { IntegrationDeveloperApiService } from '../integration/services/integration-developer-api.service';
 import { SettingService } from '../setting/setting.service';
 import { ChatAgentDTO } from './dto/chat-agent.dto';
 import { ChatDTO } from './dto/chat.dto';
@@ -38,8 +40,10 @@ type AiAttachment = {
   buffer: Buffer;
 };
 
+type AiProviderKeySettingSlug = 'ai-openai-api-key' | 'ai-gemini-api-key';
+
 @Injectable()
-export class AiService {
+export class AiService implements OnModuleInit {
   private readonly logger = new Logger(AiService.name);
 
   constructor(
@@ -49,8 +53,29 @@ export class AiService {
     private readonly settingService: SettingService,
     @Inject(forwardRef(() => FileService))
     private readonly fileService: FileService,
+    @Inject(forwardRef(() => IntegrationDeveloperApiService))
+    private readonly integrationApi: IntegrationDeveloperApiService,
   ) {}
 
+  onModuleInit(): void {
+    this.integrationApi.subscribe({
+      eventName: 'core.setting.changed',
+      consumerName: 'core.ai-provider-key-validator',
+      priority: 0,
+      handler: async (event) => {
+        const slug = String(event.payload?.slug || '').trim();
+
+        if (!this.isAiProviderKeySlug(slug)) {
+          return;
+        }
+
+        await this.syncProviderEnabledFlag(slug);
+      },
+    });
+
+    void this.syncAllProviderEnabledFlags();
+  }
+
   async chat(data: ChatDTO, file?: MulterFile) {
     const provider = data.provider || 'openai';
     const attachment = await this.resolveAttachment(file, data.file_id);
@@ -398,6 +423,109 @@ export class AiService {
     return 'gemini-1.5-flash';
   }
 
+  private isAiProviderKeySlug(slug: string): slug is AiProviderKeySettingSlug {
+    return slug === 'ai-openai-api-key' || slug === 'ai-gemini-api-key';
+  }
+
+  private getEnabledSlugFromProviderKey(slug: AiProviderKeySettingSlug) {
+    return slug === 'ai-openai-api-key'
+      ? 'ai-openai-api-key-enabled'
+      : 'ai-gemini-api-key-enabled';
+  }
+
+  private async syncAllProviderEnabledFlags() {
+    const results = await Promise.allSettled([
+      this.syncProviderEnabledFlag('ai-openai-api-key'),
+      this.syncProviderEnabledFlag('ai-gemini-api-key'),
+    ]);
+
+    results.forEach((result, index) => {
+      if (result.status === 'rejected') {
+        const slug = index === 0 ? 'ai-openai-api-key' : 'ai-gemini-api-key';
+        this.logger.warn(
+          `Failed to sync provider availability for ${slug}: ${result.reason instanceof Error ? result.reason.message : String(result.reason)}`,
+        );
+      }
+    });
+  }
+
+  private async syncProviderEnabledFlag(slug: AiProviderKeySettingSlug) {
+    const values = await this.settingService.getSettingValues(slug);
+    const apiKey = String(values?.[slug] || '').trim();
+    const enabledSlug = this.getEnabledSlugFromProviderKey(slug);
+
+    const isValid = slug === 'ai-openai-api-key'
+      ? await this.validateOpenAiKey(apiKey)
+      : await this.validateGeminiKey(apiKey);
+
+    await this.settingService.setValue(enabledSlug, isValid ? 'true' : 'false');
+  }
+
+  private getValidationErrorMessage(error: unknown) {
+    if (axios.isAxiosError(error)) {
+      const providerMessage =
+        error.response?.data?.error?.message ||
+        error.response?.data?.message ||
+        error.message;
+      const status = error.response?.status || 'network';
+      return `${status}: ${providerMessage}`;
+    }
+
+    return error instanceof Error ? error.message : String(error);
+  }
+
+  private async validateOpenAiKey(apiKey?: string | null): Promise<boolean> {
+    const normalizedKey = String(apiKey || '').trim();
+
+    if (!normalizedKey) {
+      return false;
+    }
+
+    try {
+      await axios.get('https://api.openai.com/v1/models', {
+        headers: {
+          Authorization: `Bearer ${normalizedKey}`,
+        },
+        params: {
+          limit: 1,
+        },
+        timeout: 5000,
+      });
+
+      return true;
+    } catch (error) {
+      this.logger.warn(
+        `OpenAI key validation failed: ${this.getValidationErrorMessage(error)}`,
+      );
+      return false;
+    }
+  }
+
+  private async validateGeminiKey(apiKey?: string | null): Promise<boolean> {
+    const normalizedKey = String(apiKey || '').trim();
+
+    if (!normalizedKey) {
+      return false;
+    }
+
+    try {
+      await axios.get('https://generativelanguage.googleapis.com/v1beta/models', {
+        params: {
+          key: normalizedKey,
+          pageSize: 1,
+        },
+        timeout: 5000,
+      });
+
+      return true;
+    } catch (error) {
+      this.logger.warn(
+        `Gemini key validation failed: ${this.getValidationErrorMessage(error)}`,
+      );
+      return false;
+    }
+  }
+
   private async getApiKeys() {
     const settings = await this.settingService.getSettingValues([
       'ai-openai-api-key',

package/src/dashboard/dashboard-core/dashboard-core.controller.ts

@@ -105,12 +105,18 @@ export class DashboardCoreController {
     @User() user,
     @Param('slug') slug: string,
     @Query('search') search: string | undefined,
+    @Query('page') page: string | undefined,
+    @Query('pageSize') pageSize: string | undefined,
     @Locale() locale: string,
   ) {
     return this.dashboardCoreService.getShareableUsers(
       user.id,
       slug,
-      search,
+      {
+        search,
+        page,
+        pageSize,
+      },
       locale,
     );
   }
@@ -119,12 +125,13 @@ export class DashboardCoreController {
   shareDashboard(
     @User() user,
     @Param('slug') slug: string,
-    @Body() body: { userId?: number },
+    @Body() body: { userId?: number; userIds?: number[] },
     @Locale() locale: string,
   ) {
     return this.dashboardCoreService.shareDashboard(
       user.id,
       slug,
+      body.userIds,
       body.userId,
       locale,
     );

package/src/dashboard/dashboard-core/dashboard-core.service.ts

@@ -722,6 +722,94 @@ export class DashboardCoreService {
     return roleUsers.map((roleUser) => roleUser.role_id);
   }
 
+  private async getDashboardComponentRoleRequirements(dashboardId: number) {
+    const dashboardItems = await this.prismaService.dashboard_item.findMany({
+      where: {
+        dashboard_id: dashboardId,
+      },
+      select: {
+        component_id: true,
+        dashboard_component: {
+          select: {
+            dashboard_component_role: {
+              select: {
+                role_id: true,
+              },
+            },
+          },
+        },
+      },
+    });
+
+    const uniqueByComponentId = new Map<number, number[]>();
+
+    for (const item of dashboardItems) {
+      if (uniqueByComponentId.has(item.component_id)) {
+        continue;
+      }
+
+      uniqueByComponentId.set(
+        item.component_id,
+        item.dashboard_component.dashboard_component_role.map(
+          (relation) => relation.role_id,
+        ),
+      );
+    }
+
+    return Array.from(uniqueByComponentId.values());
+  }
+
+  private userHasRequiredRolesForDashboard(
+    componentRoleRequirements: number[][],
+    userRoleIds: number[],
+  ) {
+    if (componentRoleRequirements.length === 0) {
+      return true;
+    }
+
+    if (userRoleIds.length === 0) {
+      return componentRoleRequirements.every(
+        (requiredRoles) => requiredRoles.length === 0,
+      );
+    }
+
+    const userRoleIdSet = new Set(userRoleIds);
+
+    return componentRoleRequirements.every(
+      (requiredRoles) =>
+        requiredRoles.length === 0 ||
+        requiredRoles.some((roleId) => userRoleIdSet.has(roleId)),
+    );
+  }
+
+  private async getDashboardRoleAccessState(dashboardId: number, userId: number) {
+    const [componentRoleRequirements, userRoleIds] = await Promise.all([
+      this.getDashboardComponentRoleRequirements(dashboardId),
+      this.getUserRoleIds(userId),
+    ]);
+
+    const hasRequiredRoles = this.userHasRequiredRolesForDashboard(
+      componentRoleRequirements,
+      userRoleIds,
+    );
+
+    return {
+      hasRequiredRoles,
+      accessStatus: hasRequiredRoles ? 'allowed' : 'missing-roles',
+    };
+  }
+
+  private async assertDashboardRoleAccess(dashboardId: number, userId: number) {
+    const { hasRequiredRoles } = await this.getDashboardRoleAccessState(
+      dashboardId,
+      userId,
+    );
+
+    if (!hasRequiredRoles) {
+      throw new ForbiddenException('Access denied to this dashboard');
+    }
+  }
+
   private async getAccessibleTemplateOrThrow(
     userId: number,
     templateSlug: string,
@@ -1133,6 +1221,8 @@ export class DashboardCoreService {
       return [];
     }
 
+    await this.assertDashboardRoleAccess(dashboard.id, userId);
+
     const dashboardItems = await this.prismaService.dashboard_item.findMany({
       where: {
         dashboard_id: dashboard.id,
@@ -1208,6 +1298,8 @@ export class DashboardCoreService {
       throw new ForbiddenException('Access denied to this dashboard');
     }
 
+    await this.assertDashboardRoleAccess(dashboard.id, userId);
+
     const layoutUpdates = layout.flatMap((item) => {
       const itemId = Number.parseInt(item.i.replace('widget-', ''), 10);
 
@@ -1267,6 +1359,8 @@ export class DashboardCoreService {
       throw new ForbiddenException('Access denied to this dashboard');
     }
 
+    await this.assertDashboardRoleAccess(dashboard.id, userId);
+
     const userRoles = await this.prismaService.role_user.findMany({
       where: { user_id: userId },
       select: { role_id: true },
@@ -1407,6 +1501,8 @@ export class DashboardCoreService {
       throw new ForbiddenException('Access denied to this dashboard');
     }
 
+    await this.assertDashboardRoleAccess(dashboard.id, userId);
+
     const parsedWidgetId = Number(widgetId.replace(/^widget-/, ''));
 
     if (!Number.isInteger(parsedWidgetId) || parsedWidgetId <= 0) {
@@ -1464,9 +1560,20 @@ export class DashboardCoreService {
       },
     });
 
-    const hasAccess = Boolean(dashboardUser);
+    if (!dashboardUser) {
+      return {
+        hasAccess: false,
+        accessStatus: 'not-shared',
+        dashboard: null,
+      };
+    }
+
+    const roleAccess = await this.getDashboardRoleAccessState(dashboard.id, userId);
+    const hasAccess = roleAccess.hasRequiredRoles;
+
     return {
       hasAccess,
+      accessStatus: roleAccess.accessStatus,
       dashboard: hasAccess
         ? {
             id: dashboard.id,
@@ -1772,6 +1879,9 @@ export class DashboardCoreService {
 
   async getDashboardShares(userId: number, slug: string, locale: string) {
     const dashboardUser = await this.getDashboardUserOrThrow(userId, slug, locale);
+    const dashboardRoleRequirements = await this.getDashboardComponentRoleRequirements(
+      dashboardUser.dashboard_id,
+    );
 
     const sharedUsers = await this.prismaService.dashboard_user.findMany({
       where: {
@@ -1782,6 +1892,11 @@ export class DashboardCoreService {
           select: {
             id: true,
             name: true,
+            role_user: {
+              select: {
+                role_id: true,
+              },
+            },
             user_identifier: {
               where: {
                 type: 'email',
@@ -1799,65 +1914,103 @@ export class DashboardCoreService {
       },
     });
 
-    return sharedUsers.map((sharedDashboardUser) => ({
-      id: sharedDashboardUser.user.id,
-      name: sharedDashboardUser.user.name,
-      email: sharedDashboardUser.user.user_identifier[0]?.value ?? null,
-      isCurrentUser: sharedDashboardUser.user.id === userId,
-      isHome: sharedDashboardUser.is_home,
-    }));
+    return sharedUsers.map((sharedDashboardUser) => {
+      const userRoleIds = sharedDashboardUser.user.role_user.map(
+        (roleUser) => roleUser.role_id,
+      );
+      const hasRequiredRoles = this.userHasRequiredRolesForDashboard(
+        dashboardRoleRequirements,
+        userRoleIds,
+      );
+
+      return {
+        id: sharedDashboardUser.user.id,
+        name: sharedDashboardUser.user.name,
+        email: sharedDashboardUser.user.user_identifier[0]?.value ?? null,
+        isCurrentUser: sharedDashboardUser.user.id === userId,
+        isHome: sharedDashboardUser.is_home,
+        hasRequiredRoles,
+        accessStatus: hasRequiredRoles ? 'allowed' : 'missing-roles',
+      };
+    });
   }
 
   async getShareableUsers(
     userId: number,
     slug: string,
-    search: string | undefined,
+    options:
+      | {
+          search?: string;
+          page?: string | number;
+          pageSize?: string | number;
+        }
+      | undefined,
     locale: string,
   ) {
     const dashboardUser = await this.getDashboardUserOrThrow(userId, slug, locale);
-    const normalizedSearch = this.toNullableString(search);
+    const normalizedSearch = this.toNullableString(options?.search);
+    const requestedPage = Number.parseInt(String(options?.page ?? '1'), 10);
+    const requestedPageSize = Number.parseInt(String(options?.pageSize ?? '10'), 10);
+    const page = Number.isFinite(requestedPage) && requestedPage > 0 ? requestedPage : 1;
+    const pageSize = Number.isFinite(requestedPageSize) && requestedPageSize > 0
+      ? Math.min(requestedPageSize, 50)
+      : 10;
+
+    const [existingUsers, dashboardRoleRequirements] = await Promise.all([
+      this.prismaService.dashboard_user.findMany({
+        where: {
+          dashboard_id: dashboardUser.dashboard_id,
+        },
+        select: {
+          user_id: true,
+        },
+      }),
+      this.getDashboardComponentRoleRequirements(dashboardUser.dashboard_id),
+    ]);
 
-    const existingUsers = await this.prismaService.dashboard_user.findMany({
-      where: {
-        dashboard_id: dashboardUser.dashboard_id,
-      },
-      select: {
-        user_id: true,
+    const where: any = {
+      id: {
+        notIn: existingUsers.map((item) => item.user_id),
       },
-    });
-
-    const users = await this.prismaService.user.findMany({
-      where: {
-        id: {
-          notIn: existingUsers.map((item) => item.user_id),
-        },
-        ...(normalizedSearch
-          ? {
-              OR: [
-                {
-                  name: {
-                    contains: normalizedSearch,
-                    mode: 'insensitive',
-                  },
+      ...(normalizedSearch
+        ? {
+            OR: [
+              {
+                name: {
+                  contains: normalizedSearch,
+                  mode: 'insensitive' as const,
                 },
-                {
-                  user_identifier: {
-                    some: {
-                      type: 'email',
-                      value: {
-                        contains: normalizedSearch,
-                        mode: 'insensitive',
-                      },
+              },
+              {
+                user_identifier: {
+                  some: {
+                    type: 'email',
+                    value: {
+                      contains: normalizedSearch,
+                      mode: 'insensitive' as const,
                     },
                   },
                 },
-              ],
-            }
-          : {}),
-      },
+              },
+            ],
+          }
+        : {}),
+    };
+
+    const total = await this.prismaService.user.count({ where });
+    const lastPage = total > 0 ? Math.ceil(total / pageSize) : 1;
+    const safePage = Math.min(page, lastPage);
+
+    const users = await this.prismaService.user.findMany({
+      where,
       select: {
         id: true,
         name: true,
+        role_user: {
+          select: {
+            role_id: true,
+          },
+        },
         user_identifier: {
           where: {
             type: 'email',
@@ -1868,34 +2021,66 @@ export class DashboardCoreService {
           take: 1,
         },
       },
-      take: 20,
-      orderBy: {
-        id: 'desc',
-      },
+      skip: (safePage - 1) * pageSize,
+      take: pageSize,
+      orderBy: [{ name: 'asc' }, { id: 'asc' }],
     });
 
-    return users.map((candidateUser) => ({
-      id: candidateUser.id,
-      name: candidateUser.name,
-      email: candidateUser.user_identifier[0]?.value ?? null,
-    }));
+    return {
+      data: users.map((candidateUser) => {
+        const userRoleIds = candidateUser.role_user.map(
+          (roleUser) => roleUser.role_id,
+        );
+        const hasRequiredRoles = this.userHasRequiredRolesForDashboard(
+          dashboardRoleRequirements,
+          userRoleIds,
+        );
+
+        return {
+          id: candidateUser.id,
+          name: candidateUser.name,
+          email: candidateUser.user_identifier[0]?.value ?? null,
+          hasRequiredRoles,
+          accessStatus: hasRequiredRoles ? 'allowed' : 'missing-roles',
+        };
+      }),
+      total,
+      page: safePage,
+      pageSize,
+      lastPage,
+      prev: safePage > 1 ? safePage - 1 : null,
+      next: safePage < lastPage ? safePage + 1 : null,
+    };
   }
 
   async shareDashboard(
     userId: number,
     slug: string,
+    sharedUserIds: number[] | undefined,
     sharedUserId: number | undefined,
     locale: string,
   ) {
-    if (!sharedUserId || Number.isNaN(Number(sharedUserId))) {
+    const requestedIds = Array.from(
+      new Set(
+        [
+          ...(Array.isArray(sharedUserIds) ? sharedUserIds : []),
+          ...(sharedUserId !== undefined ? [sharedUserId] : []),
+        ]
+          .map((value) => Number(value))
+          .filter((value) => Number.isInteger(value) && value > 0),
+      ),
+    );
+
+    if (requestedIds.length === 0) {
       throw new BadRequestException(
         getLocaleText('validation.fieldRequired', locale, 'User is required.'),
       );
     }
 
     const dashboardUser = await this.getDashboardUserOrThrow(userId, slug, locale);
+    const sanitizedUserIds = requestedIds.filter((candidateUserId) => candidateUserId !== userId);
 
-    if (sharedUserId === userId) {
+    if (sanitizedUserIds.length === 0) {
       throw new BadRequestException(
         getLocaleText(
           'validation.invalidValue',
@@ -1905,40 +2090,56 @@ export class DashboardCoreService {
       );
     }
 
-    const targetUser = await this.prismaService.user.findUnique({
-      where: { id: sharedUserId },
-      select: { id: true },
+    const targetUsers = await this.prismaService.user.findMany({
+      where: {
+        id: {
+          in: sanitizedUserIds,
+        },
+      },
+      select: {
+        id: true,
+      },
     });
 
-    if (!targetUser) {
-      throw new BadRequestException(getLocaleText('userNotFound', locale, 'User not found.'));
+    if (targetUsers.length !== sanitizedUserIds.length) {
+      throw new BadRequestException(
+        getLocaleText('userNotFound', locale, 'User not found.'),
+      );
     }
 
-    const existingShare = await this.prismaService.dashboard_user.findFirst({
+    const existingShares = await this.prismaService.dashboard_user.findMany({
       where: {
         dashboard_id: dashboardUser.dashboard_id,
-        user_id: sharedUserId,
+        user_id: {
+          in: sanitizedUserIds,
+        },
+      },
+      select: {
+        user_id: true,
       },
-      select: { id: true },
     });
 
-    if (existingShare) {
-      return {
-        success: true,
-        alreadyShared: true,
-      };
-    }
+    const alreadySharedUserIds = existingShares.map((item) => item.user_id);
+    const alreadySharedSet = new Set(alreadySharedUserIds);
+    const newUserIds = sanitizedUserIds.filter(
+      (candidateUserId) => !alreadySharedSet.has(candidateUserId),
+    );
 
-    await this.prismaService.dashboard_user.create({
-      data: {
-        dashboard_id: dashboardUser.dashboard_id,
-        user_id: sharedUserId,
-        is_home: false,
-      },
-    });
+    if (newUserIds.length > 0) {
+      await this.prismaService.dashboard_user.createMany({
+        data: newUserIds.map((candidateUserId) => ({
+          dashboard_id: dashboardUser.dashboard_id,
+          user_id: candidateUserId,
+          is_home: false,
+        })),
+      });
+    }
 
     return {
       success: true,
+      sharedCount: newUserIds.length,
+      sharedUserIds: newUserIds,
+      alreadySharedUserIds,
     };
   }
 

package/src/index.ts

@@ -19,12 +19,13 @@ export * from './screen/screen.service';
 export * from './user/constants/user.constants';
 export * from './user/user.service';
 
-export * from './mail/mail.module';
-export * from './mail/mail.service';
-
-export * from './file/file.module';
-export * from './file/file.service';
-export * from './setting/setting.service';
+export * from './mail/mail.module';
+export * from './mail/mail.service';
+
+export * from './file/file.module';
+export * from './file/file.service';
+export * from './setting/setting.module';
+export * from './setting/setting.service';
 
 export * from './ai/ai.module';
 export * from './ai/ai.service';