@internetderdinge/api 1.224.2

package/src/middlewares/validateDeviceUserOrganization.ts

@@ -0,0 +1,54 @@
+import httpStatus from "http-status";
+import ApiError from "../utils/ApiError";
+import devicesService from "../devices/devices.service";
+import { isAdmin } from "./validateAdmin";
+
+import type { Request, Response, NextFunction } from "express";
+import type { Device } from "../devices/devices.types";
+import type { User } from "../users/users.types";
+import userService from "../users/users.service";
+
+export const validateDeviceUserOrganization = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> => {
+  if (isAdmin(res.req.auth)) {
+    next();
+    return;
+  }
+
+  if (req.body.patient) {
+    const currentDevice: Device | null = await devicesService.getById(
+      req.params.deviceId,
+    );
+    if (!currentDevice) {
+      next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          "Device was not found (validateDeviceUserOrganization)",
+        ),
+      );
+      return;
+    }
+
+    const currentUser: User | null =
+      await userService.getUsersByOrganizationAndId(
+        currentDevice.organization,
+        req.body.patient,
+      );
+    if (!currentUser) {
+      next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          "User is not part of the organization which has access to the device (validateDeviceUserOrganization)",
+        ),
+      );
+      return;
+    }
+
+    req.currentUser = currentUser;
+  }
+
+  next();
+};

package/src/middlewares/validateOrganization.ts

@@ -0,0 +1,109 @@
+import type { Request, Response, NextFunction } from "express";
+import type { UserService } from "../users/users.service";
+import userService from "../users/users.service";
+
+import httpStatus from "http-status";
+import ApiError from "../utils/ApiError";
+import { isAdmin } from "./validateAdmin";
+
+export const validateUser = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> => {
+  next();
+};
+
+export const validateOrganization = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> => {
+  if (isAdmin(res.req.auth)) {
+    next();
+  } else {
+    const currentUser = await userService.getUserByOwner(
+      res.req.auth.sub,
+      req.params.organizationId,
+    );
+    if (!currentUser) {
+      next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          "User is not part of the organization (validateOrganization)",
+        ),
+      );
+      return;
+    }
+    /* if (currentUser.role && currentUser.role === 'onlyself') {
+      next(new ApiError(httpStatus.FORBIDDEN, 'User does not have sufficient permissions in the organization'));
+      return;
+    } */
+    req.currentUser = currentUser;
+    next();
+  }
+};
+
+export const validateQueryOrganization = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> => {
+  if (isAdmin(res.req.auth)) {
+    next();
+  } else {
+    const currentUser = await userService.getUserByOwner(
+      res.req.auth.sub,
+      req.query.organization,
+    );
+    if (!currentUser) {
+      next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          "User is not part of the organization (validateQueryOrganization)",
+        ),
+      );
+      return;
+    }
+
+    /* if (currentUser.role && currentUser.role === 'onlyself') {
+      next(new ApiError(httpStatus.FORBIDDEN, 'User does not have sufficient permissions in the organization'));
+      return;
+    } */
+    req.currentUser = currentUser;
+    next();
+  }
+};
+
+export const validateBodyOrganization = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> => {
+  if (isAdmin(res.req.auth)) {
+    next();
+  } else {
+    const currentUser = await userService.getUserByOwner(
+      res.req.auth.sub,
+      req.body.organization,
+    );
+    if (!currentUser) {
+      next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          "User is not part of the organization (validateBodyOrganization)",
+        ),
+      );
+      return;
+    }
+    req.currentUser = currentUser;
+    next();
+  }
+};
+
+export default {
+  validateOrganization,
+  validateQueryOrganization,
+  validateBodyOrganization,
+  validateUser,
+};

package/src/middlewares/validateQuerySearchUserAndOrganization.ts

@@ -0,0 +1,75 @@
+import httpStatus from "http-status";
+import ApiError from "../utils/ApiError";
+import { isAdmin } from "./validateAdmin";
+import type { Request, Response, NextFunction } from "express";
+import userService from "../users/users.service";
+import type { UserService } from "../users/users.service";
+
+const validateQuerySearchUserAndOrganization = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> => {
+  if (isAdmin(res.req.auth)) {
+    next();
+  } else {
+    console.log("validateQuerySearchUserAndOrganization", req.query);
+    if (req.query.organization) {
+      const currentUser = await userService.getUserByOwner(
+        res.req.auth.sub,
+        req.query.organization as string,
+      );
+      if (!currentUser) {
+        next(
+          new ApiError(
+            httpStatus.FORBIDDEN,
+            "User is not part of the organization (validateQuerySearchUserAndOrganization)",
+          ),
+        );
+        return;
+      }
+      /* if (currentUser.role && currentUser.role === 'onlyself') {
+        next(new ApiError(httpStatus.FORBIDDEN, 'User does not have sufficient permissions in the organization'));
+        return;
+      } */
+      req.currentUser = currentUser;
+      next();
+    } else if (req.query.patient) {
+      const activeUser = await userService.getById(req.query.patient as string);
+      if (!activeUser) {
+        next(
+          new ApiError(
+            httpStatus.FORBIDDEN,
+            "User not found (validateQuerySearchUserAndOrganization)",
+          ),
+        );
+        return;
+      }
+      const currentUser = await userService.getUserByOwner(
+        res.req.auth.sub,
+        activeUser.organization,
+      );
+
+      if (!currentUser) {
+        next(
+          new ApiError(
+            httpStatus.FORBIDDEN,
+            "User is not part of the organization which has access to the device (validateDevice)",
+          ),
+        );
+        return;
+      }
+      req.currentUser = currentUser;
+      next();
+    } else {
+      next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          "No filter defined (validateQuerySearchUserAndOrganization)",
+        ),
+      );
+    }
+  }
+};
+
+export { validateQuerySearchUserAndOrganization };

package/src/middlewares/validateTokens.ts

@@ -0,0 +1,36 @@
+import httpStatus from "http-status";
+import type { Request, Response, NextFunction } from "express";
+import ApiError from "../utils/ApiError";
+import { getTokenById } from "../tokens/tokens.service";
+
+export async function validateParamsToken(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  // assume tokenId comes from req.params
+  const tokenId = req.params.tokenId as string | undefined;
+  if (!tokenId) {
+    return next(new ApiError(httpStatus.BAD_REQUEST, "Token ID is required"));
+  }
+
+  // fetch your token entity
+  const token = await getTokenById(tokenId);
+  if (!token) {
+    return next(new ApiError(httpStatus.NOT_FOUND, "Token not found"));
+  }
+
+  // compare owner vs. authenticated sub
+  if (token.owner !== res.req.auth.sub) {
+    return next(
+      new ApiError(
+        httpStatus.FORBIDDEN,
+        "You are not allowed to access this token",
+      ),
+    );
+  }
+
+  // attach for downstream handlers and continue
+  (req as any).token = token;
+  next();
+}

package/src/middlewares/validateUser.ts

@@ -0,0 +1,75 @@
+import httpStatus from "http-status";
+import ApiError from "../utils/ApiError";
+import usersService from "../users/users.service";
+import { isAdmin } from "./validateAdmin";
+
+import type { Request, Response, NextFunction } from "express";
+import type { User } from "../users/users.types";
+
+// extend makeValidateUser to accept an optional key (defaulting to 'patient')
+const makeValidateUser =
+  (source: "query" | "body" | "params", key: string = "patient") =>
+  async (req: Request, res: Response, next: NextFunction): Promise<void> => {
+    const context = `validate${source.charAt(0).toUpperCase() + source.slice(1)}User`;
+    if (isAdmin(res.req.auth)) {
+      return next();
+    }
+
+    // pull the configured key instead of hard‐coded 'patient'
+    const id = (req[source] as any)[key] as string | undefined;
+    if (!id) {
+      return next(new ApiError(httpStatus.FORBIDDEN, `No user (${context})`));
+    }
+
+    const patient: User | null = await usersService.getById(id);
+    if (!patient) {
+      return next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          `User was with id ${id} not found (${context})`,
+        ),
+      );
+    }
+
+    const currentUser: User | null = await usersService.getUserByOwner(
+      res.req.auth.sub,
+      patient.organization,
+    );
+    if (!currentUser) {
+      return next(
+        new ApiError(
+          httpStatus.FORBIDDEN,
+          `Current user is not part of the organization as the requested user (${context})`,
+        ),
+      );
+    }
+
+    (req as any).currentUser = currentUser;
+    next();
+  };
+
+// query and body still use the default 'patient' key
+export function validateQueryUser(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  return makeValidateUser("query")(req, res, next);
+}
+
+export function validateBodyUser(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  return makeValidateUser("body")(req, res, next);
+}
+
+// params now pulls from req.params.userId
+export function validateParamsUser(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  return makeValidateUser("params", "userId")(req, res, next);
+}

package/src/middlewares/validateZod.ts

@@ -0,0 +1,54 @@
+import type { Request, Response, NextFunction } from 'express';
+import type { AnyZodObject } from 'zod';
+import ApiError from '../utils/ApiError';
+import httpStatus from 'http-status';
+import z from 'zod';
+
+interface Schema {
+  body?: AnyZodObject;
+  query?: AnyZodObject;
+  params?: AnyZodObject;
+}
+
+export const validateZod = (schema: Schema) => (req: Request, res: Response, next: NextFunction) => {
+  try {
+    schema.body ||= z.object({});
+    schema.query ||= z.object({});
+    schema.params ||= z.object({});
+
+    // 1) run safeParse on each
+    const result = {
+      body: schema.body.strict().safeParse(req.body || {}),
+      query: schema.query.strict().safeParse(req.query),
+      params: schema.params.strict().safeParse(req.params),
+    };
+
+    // 2) if any failure, short-circuit
+    if (!result.body.success || !result.query.success || !result.params.success) {
+      if (process.env.NODE_ENV === 'development') {
+        return res.status(400).send(result);
+      }
+      return next(new ApiError(httpStatus.BAD_REQUEST, 'Validation error'));
+    }
+
+    // 3) merge parsed data back in
+    req.body = result.body.data;
+    Object.assign(req.query as Record<string, any>, result.query.data);
+    Object.assign(req.params as Record<string, any>, result.params.data);
+
+    return next();
+  } catch (err: any) {
+    console.error('Zod validation error:', err);
+    return next(
+      new ApiError(
+        httpStatus.BAD_REQUEST,
+        'Validation error',
+        undefined,
+        undefined,
+        process.env.NODE_ENV === 'development' ? err : undefined,
+      ),
+    );
+  }
+};
+
+export default validateZod;

package/src/models/plugins/index.ts

@@ -0,0 +1,7 @@
+import type { ToJSONPlugin } from './toJSON.plugin';
+import type { PaginatePlugin } from './paginate.plugin';
+// import type { PaginateNewPlugin } from './paginateNew.plugin';
+
+export { default as toJSON } from './toJSON.plugin';
+export { default as paginate } from './paginate.plugin';
+// export { default as paginateNew } from './paginateNew.plugin';

package/src/models/plugins/paginate.plugin.ts

@@ -0,0 +1,145 @@
+/* eslint-disable no-param-reassign */
+import { Document, Model, Query, Types } from 'mongoose';
+
+export interface QueryResult<T> {
+  results: T[];
+  page: number;
+  limit: number;
+  totalPages: number;
+  totalResults: number;
+}
+
+export interface PaginateOptions {
+  sortBy?: string;
+  populate?: string;
+  limit?: number;
+  page?: number;
+  fuzzySearch?: string;
+  // Add more options as needed
+}
+
+type PluginFunction = (query: Query<any, any>) => Query<any, any>;
+
+function paginate<T extends Document>(schema: any) {
+  schema.statics.paginate = async function (
+    filter: Record<string, any>,
+    options: PaginateOptions = {},
+    plugin?: PluginFunction,
+  ): Promise<QueryResult<T>> {
+    let sort = '';
+    if (options.sortBy) {
+      const sortingCriteria: string[] = [];
+      options.sortBy.split(',').forEach((sortOption) => {
+        const [key, order] = sortOption.split(':');
+        sortingCriteria.push((order === 'desc' ? '-' : '') + key);
+      });
+      sort = sortingCriteria.join(' ');
+    } else {
+      sort = 'createdAt';
+    }
+
+    const limit = options.limit && parseInt(String(options.limit), 10) > 0 ? parseInt(String(options.limit), 10) : 10000;
+    const page = options.page && parseInt(String(options.page), 10) > 0 ? parseInt(String(options.page), 10) : 1;
+    const skip = (page - 1) * limit;
+
+    let results: any[] = [];
+    let totalResults = 0;
+    let totalPages = 0;
+
+    if (options.fuzzySearch && options.fuzzySearch.search) {
+      // Fuzzy search branch
+
+      const fuzzyFields = options.fuzzySearch.fields;
+      const mustClauses = Object.entries(filter).map(([key, value]) => {
+        if (typeof value === 'string' && value.match(/^[a-fA-F0-9]{24}$/)) {
+          return { equals: { path: key, value: new Types.ObjectId(value) } };
+        }
+        return { equals: { path: key, value } };
+      });
+      const pipeline = [
+        {
+          $search: {
+            index: options.fuzzySearch.index,
+            compound: {
+              must: mustClauses,
+              should: [
+                {
+                  text: {
+                    query: options.fuzzySearch.search,
+                    path: fuzzyFields,
+                    fuzzy: {},
+                  },
+                },
+              ],
+              minimumShouldMatch: 1,
+            },
+          },
+        },
+        { $sort: { createdAt: -1 } },
+        { $skip: skip },
+        { $limit: limit },
+        {
+          $facet: {
+            results: [],
+            totalCount: [{ $count: 'count' }],
+          },
+        },
+      ];
+      const aggResult = await this.aggregate(pipeline).exec();
+      results = (aggResult[0]?.results || []).map((doc: any) => new this(doc));
+      totalResults = aggResult[0]?.totalCount[0]?.count || 0;
+      totalPages = Math.ceil(totalResults / limit);
+    } else {
+      // Regular find branch
+      const countPromise = this.countDocuments(filter).exec();
+
+      let docsPromise: any = this.find(filter).sort(sort).skip(skip).limit(limit);
+      if (options.populate) {
+        options.populate.split(',').forEach((populateOption) => {
+          docsPromise = docsPromise.populate(
+            populateOption
+              .split('.')
+              .reverse()
+              .reduce((a, b) => ({ path: b, populate: a })),
+          );
+        });
+      }
+      if (plugin) docsPromise = plugin(docsPromise);
+      docsPromise = docsPromise.exec();
+      const values = await Promise.all([countPromise, docsPromise]);
+      totalResults = values[0];
+      results = values[1];
+      totalPages = Math.ceil(totalResults / limit);
+    }
+
+    // Populate and plugin for both branches (if not already applied)
+    if (options.fuzzySearch && options.fuzzySearch.search) {
+      if (options.populate) {
+        results = await this.populate(
+          results,
+          options.populate.split(',').map((populateOption) =>
+            populateOption
+              .split('.')
+              .reverse()
+              .reduce((a, b) => ({ path: b, populate: a })),
+          ),
+        );
+      }
+      if (plugin) {
+        // plugin expects a Query, so wrap results in a Query if needed
+        // Not possible for array, so skip plugin for fuzzySearch unless you have a custom handler
+      }
+    }
+
+    const result: QueryResult<T> = {
+      results,
+      page,
+      limit,
+      totalPages,
+      totalResults,
+    };
+    return Promise.resolve(result);
+  };
+}
+
+export default paginate;