@internetderdinge/api 1.229.31 → 1.229.37

package/dist/src/users/users.validation.js

@@ -3,38 +3,38 @@ import { z } from "zod";
 import { extendZodWithOpenApi } from "@asteasolutions/zod-to-openapi";
 import { zPagination, zGet, zObjectId, zObjectIdFor, zPatchBody, zUpdate, zDelete, } from "../utils/zValidations.js";
 extendZodWithOpenApi(z);
-export const createUserSchema = {
-    body: z.object({
-        meta: z
-            .object({})
-            .passthrough()
-            .optional()
-            .openapi({
-            example: { key: "value" },
-            description: "Additional metadata for the user",
-        }),
-        organization: zObjectId.openapi({
-            description: "Organization ObjectId",
-        }),
-        email: z.string().email().optional().nullable().openapi({
-            example: "user@example.com",
-            description: "User email address",
-        }),
-        timezone: z.string().optional().openapi({
-            example: "Europe/Berlin",
-            description: "IANA timezone string",
-        }),
-        role: z.enum(["user", "admin", "patient", "onlyself"]).optional().openapi({
-            description: "Role assigned to the user",
-        }),
-        category: z
-            .enum(["doctor", "nurse", "patient", "pharmacist", "relative"])
-            .optional()
-            .openapi({
-            description: "Category of the user",
-        }),
+export const userAppsSchema = z
+    .record(z.string(), z.unknown())
+    .optional()
+    .openapi({ description: "Application-specific user fields" });
+export const createUserBodyShape = {
+    meta: z
+        .object({})
+        .passthrough()
+        .optional()
+        .openapi({
+        example: { key: "value" },
+        description: "Additional metadata for the user",
+    }),
+    apps: userAppsSchema,
+    organization: zObjectId.openapi({
+        description: "Organization ObjectId",
+    }),
+    email: z.string().email().optional().nullable().openapi({
+        example: "user@example.com",
+        description: "User email address",
+    }),
+    timezone: z.string().optional().openapi({
+        example: "Europe/Berlin",
+        description: "IANA timezone string",
+    }),
+    role: z.enum(["user", "admin", "patient", "onlyself"]).optional().openapi({
+        description: "Role assigned to the user",
     }),
 };
+export const createUserSchema = {
+    body: z.object(createUserBodyShape),
+};
 export const createCurrentUserSchema = createUserSchema;
 export const queryUsersSchema = {
     ...zPagination,
@@ -52,39 +52,38 @@ export const getCurrentUserSchema = {
         organization: zObjectId,
     }),
 };
+export const updateUserBodyShape = {
+    name: z.string().optional().openapi({ description: "User full name" }),
+    timezone: z.string().optional().openapi({ description: "IANA timezone" }),
+    avatar: z.string().optional().openapi({ description: "Avatar URL" }),
+    meta: z
+        .object({})
+        .passthrough()
+        .optional()
+        .openapi({ description: "Additional metadata" }),
+    apps: userAppsSchema,
+    email: z
+        .string()
+        .email()
+        .nullable()
+        .optional()
+        .openapi({ description: "User email address" }),
+    role: z
+        .enum(["user", "admin", "patient", "onlyself"])
+        .optional()
+        .openapi({ description: "User role" }),
+    inviteCode: z
+        .string()
+        .nullable()
+        .optional()
+        .openapi({ description: "Invite code" }),
+    organization: zObjectId
+        .optional()
+        .openapi({ description: "Organization ObjectId" }),
+};
 export const updateUserSchema = {
     ...zUpdate("userId"),
-    body: zPatchBody({
-        name: z.string().optional().openapi({ description: "User full name" }),
-        timezone: z.string().optional().openapi({ description: "IANA timezone" }),
-        avatar: z.string().optional().openapi({ description: "Avatar URL" }),
-        meta: z
-            .object({})
-            .optional()
-            .openapi({ description: "Additional metadata" }),
-        category: z
-            .enum(["doctor", "nurse", "patient", "pharmacist", "relative"])
-            .optional()
-            .openapi({ description: "User category" }),
-        email: z
-            .string()
-            .email()
-            .nullable()
-            .optional()
-            .openapi({ description: "User email address" }),
-        role: z
-            .enum(["user", "admin", "patient", "onlyself"])
-            .optional()
-            .openapi({ description: "User role" }),
-        inviteCode: z
-            .string()
-            .nullable()
-            .optional()
-            .openapi({ description: "Invite code" }),
-        organization: zObjectId
-            .optional()
-            .openapi({ description: "Organization ObjectId" }),
-    }),
+    body: zPatchBody(updateUserBodyShape),
 };
 export const deleteUserSchema = zDelete("userId");
 export const organizationInviteSchema = {

package/dist/src/utils/buildRouterAndDocs.js

@@ -8,8 +8,11 @@ const roleValidatorNames = ["validateAiRole", "validateAdmin"];
 function hasRoleValidation(validators = []) {
     return validators.some((fn) => roleValidatorNames.includes(fn.name));
 }
-export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/", tags = []) {
-    routeSpecs.forEach((spec) => {
+export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/", tags = [], options = {}) {
+    const effectiveRouteSpecs = options.routeSpecs
+        ? options.routeSpecs(routeSpecs)
+        : routeSpecs;
+    effectiveRouteSpecs.forEach((spec) => {
         const validate = spec.validate || [];
         const routeMiddleware = spec.validateWithRequestSchema ||
             (spec.requestSchema
@@ -33,7 +36,7 @@ export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/",
         if (spec.responseSchema &&
             !hasRoleValidation(spec.validateWithRequestSchema || validate) &&
             spec.privateDocs !== true &&
-            spec.memoOnly !== true) {
+            (options.includeInDocs ? options.includeInDocs(spec) : true)) {
             // collect all middleware fn names (falls back to '<anonymous>' if unnamed)
             const middlewareNames = (spec.validateWithRequestSchema || validate).map((fn) => `\`${fn.name}\`` || "<anonymous>");
             const openApiPath = (basePath + spec.path).replace(/:([A-Za-z0-9_]+)/g, "{$1}");
@@ -51,7 +54,7 @@ export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/",
                     .join("\n"),
                 // (optionally) expose them as a custom extension instead:
                 "x-middlewares": middlewareNames,
-                security: [{ [bearerAuth.name]: [] }, { [xApiKey.name]: [] }],
+                security: [{ [xApiKey.name]: [] }, { [bearerAuth.name]: [] }],
                 responses: {
                     200: {
                         description: "Object with user data.",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@internetderdinge/api",
-  "version": "1.229.31",
+  "version": "1.229.37",
   "description": "Shared OpenIoT API modules",
   "main": "dist/src/index.js",
   "type": "module",
@@ -122,5 +122,8 @@
     "vitest": "^4.0.18",
     "zod": "^4.3.6"
   },
-  "gitHead": "9556e8e376045c1e532aded7ec7132818190fa91"
+  "gitHead": "9556e8e376045c1e532aded7ec7132818190fa91",
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/"
+  }
 }

package/scripts/release-and-sync-paperless.mjs

@@ -1,11 +1,13 @@
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { execSync } from "node:child_process";
+import { execFileSync } from "node:child_process";
+import dotenv from "dotenv";
 import semver from "semver";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const repoRoot = path.resolve(__dirname, "..");
+dotenv.config({ path: path.join(repoRoot, ".env") });
 
 const args = process.argv.slice(2);
 const shouldPublish = !args.includes("--no-publish");
@@ -20,6 +22,25 @@ const writeJson = (filePath, data) => {
   fs.writeFileSync(filePath, `${JSON.stringify(data, null, 2)}\n`);
 };
 
+const publishPackage = () => {
+  const npmRegistry = "https://registry.npmjs.org/";
+  const npmUserConfig = path.join(repoRoot, ".npmrc");
+
+  execFileSync(
+    "npm",
+    ["publish", `--userconfig=${npmUserConfig}`, `--registry=${npmRegistry}`],
+    {
+      cwd: repoRoot,
+      stdio: "inherit",
+      env: {
+        ...process.env,
+        npm_config_registry: npmRegistry,
+        npm_config_userconfig: npmUserConfig,
+      },
+    },
+  );
+};
+
 const resolveNextVersion = (current, input) => {
   const cleanedCurrent = semver.valid(semver.clean(current));
   if (!cleanedCurrent) {
@@ -44,12 +65,23 @@ const resolveNextVersion = (current, input) => {
   );
 };
 
-const resolvePaperlesspaperWebRoot = () => {
-  if (process.env.PAPERLESSPAPER_WEB_PATH) {
-    return path.resolve(process.env.PAPERLESSPAPER_WEB_PATH);
+const resolveUpdatePackagePaths = () => {
+  const updatePaths = process.env.UPDATE_PATHS?.split(",")
+    .map((value) => value.trim())
+    .filter(Boolean);
+
+  if (!updatePaths?.length) {
+    throw new Error(
+      "UPDATE_PATHS must be set in .env to a comma-separated list of package.json paths.",
+    );
   }
 
-  return path.resolve(repoRoot, "../../paperlesspaper-web");
+  return updatePaths.map((updatePath) => {
+    const resolvedPath = path.resolve(repoRoot, updatePath);
+    return path.basename(resolvedPath) === "package.json"
+      ? resolvedPath
+      : path.join(resolvedPath, "package.json");
+  });
 };
 
 const updateDependencyVersion = (
@@ -88,8 +120,9 @@ const updateDependencyVersion = (
     currentDependencyVersion &&
     currentDependencyVersion !== expectedVersion
   ) {
+    const packageName = path.basename(path.dirname(packageJsonPath));
     throw new Error(
-      `paperlesspaper-api dependency is ${currentRange} (expected ${expectedVersion}). Update it before bumping.`,
+      `${packageName} dependency is ${currentRange} (expected ${expectedVersion}). Update it before bumping.`,
     );
   }
 
@@ -117,34 +150,33 @@ if (!cleanedCurrent) {
 }
 
 const nextVersion = resolveNextVersion(currentVersion, versionInput);
+const updatePackagePaths = resolveUpdatePackagePaths();
+
+for (const updatePackagePath of updatePackagePaths) {
+  if (!fs.existsSync(updatePackagePath)) {
+    throw new Error(`Could not find package.json: ${updatePackagePath}`);
+  }
+}
 
 apiPackage.version = nextVersion;
 writeJson(apiPackagePath, apiPackage);
 
 if (shouldPublish) {
-  execSync("npm publish", { cwd: repoRoot, stdio: "inherit" });
+  // Always publish through npm, regardless of the package manager used to run this script.
+  publishPackage();
 }
 
-const paperlesspaperRoot = resolvePaperlesspaperWebRoot();
-const paperlessApiPath = path.join(
-  paperlesspaperRoot,
-  "packages/paperlesspaper-api/package.json",
-);
-
-if (!fs.existsSync(paperlessApiPath)) {
-  throw new Error(
-    "Could not find paperlesspaper-api package.json. Set PAPERLESSPAPER_WEB_PATH to the repo root.",
-  );
-}
-
-const paperlessUpdate = updateDependencyVersion(
-  paperlessApiPath,
-  "@internetderdinge/api",
-  nextVersion,
-  cleanedCurrent,
-);
+const updates = updatePackagePaths.map((updatePackagePath) => ({
+  packageName: readJson(updatePackagePath).name,
+  ...updateDependencyVersion(
+    updatePackagePath,
+    "@internetderdinge/api",
+    nextVersion,
+    cleanedCurrent,
+  ),
+}));
 
 console.log(`Updated @internetderdinge/api to ${nextVersion}`);
-console.log(
-  `paperlesspaper-api: ${paperlessUpdate.previous} -> ${paperlessUpdate.next}`,
-);
+for (const update of updates) {
+  console.log(`${update.packageName}: ${update.previous} -> ${update.next}`);
+}

package/scripts/release-version.mjs

@@ -1,7 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { execSync } from "node:child_process";
+import { execFileSync } from "node:child_process";
 import semver from "semver";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -20,6 +20,25 @@ const writeJson = (filePath, data) => {
   fs.writeFileSync(filePath, `${JSON.stringify(data, null, 2)}\n`);
 };
 
+const publishPackage = () => {
+  const npmRegistry = "https://registry.npmjs.org/";
+  const npmUserConfig = path.join(repoRoot, ".npmrc");
+
+  execFileSync(
+    "npm",
+    ["publish", `--userconfig=${npmUserConfig}`, `--registry=${npmRegistry}`],
+    {
+      cwd: repoRoot,
+      stdio: "inherit",
+      env: {
+        ...process.env,
+        npm_config_registry: npmRegistry,
+        npm_config_userconfig: npmUserConfig,
+      },
+    },
+  );
+};
+
 const resolveNextVersion = (current, input) => {
   const cleanedCurrent = semver.valid(semver.clean(current));
   if (!cleanedCurrent) {
@@ -141,5 +160,5 @@ console.log(
 );
 
 if (shouldPublish) {
-  execSync("npm publish", { cwd: repoRoot, stdio: "inherit" });
+  publishPackage();
 }

package/src/accounts/accounts.route.ts

@@ -16,9 +16,9 @@ export const accountsRouteSpecs: RouteSpec[] = [
     validate: [auth("manageUsers")],
     requestSchema: accountsValidation.currentAccountSchema,
     responseSchema: accountResponseSchema,
-    privateDocs: true,
     handler: accountsController.current,
     summary: "Get the current account",
+    description: "Fetches the details of the currently authenticated account.",
   },
   {
     method: "post",
@@ -60,15 +60,28 @@ export const accountsRouteSpecs: RouteSpec[] = [
     handler: accountsController.avatar,
     summary: "Fetch account avatar",
   },
+  {
+    method: "delete",
+    path: "/current",
+    validate: [auth("manageUsers")],
+    requestSchema: accountsValidation.deleteCurrentSchema,
+    responseSchema: accountResponseSchema,
+    handler: accountsController.deleteCurrent,
+    summary: "Delete the current user's account",
+    description:
+      "Permanently deletes the current user's account. Will not delete associated data. This action is irreversible.",
+  },
   {
     method: "delete",
     path: "/deleteCurrent",
     validate: [auth("manageUsers")],
     requestSchema: accountsValidation.deleteCurrentSchema,
     responseSchema: accountResponseSchema,
-    privateDocs: true,
     handler: accountsController.deleteCurrent,
-    summary: "Delete the current account",
+    summary: "Delete the current user's account",
+    privateDocs: true,
+    description:
+      "LEGACY: Permanently deletes the current user's account. Will not delete associated data. This action is irreversible. (Replaced by DELETE /current)",
   },
   {
     method: "get",
@@ -78,6 +91,7 @@ export const accountsRouteSpecs: RouteSpec[] = [
     responseSchema: accountResponseSchema,
     handler: accountsController.getAccountById,
     summary: "Get an account by ID",
+    description: "Fetches the details of a single account by its ID.",
   },
   {
     method: "post",
@@ -87,7 +101,8 @@ export const accountsRouteSpecs: RouteSpec[] = [
     responseSchema: accountResponseSchema,
     privateDocs: true,
     handler: accountsController.updateEntry,
-    summary: "Create or replace an account by ID",
+    summary: "Update an account by ID",
+    description: "LEGACY: Updates an existing account with a specified ID.",
   },
   {
     method: "patch",
@@ -95,9 +110,10 @@ export const accountsRouteSpecs: RouteSpec[] = [
     validate: [auth("manageUsers"), validateParamsAccount],
     requestSchema: accountsValidation.updateAccountSchema,
     responseSchema: accountResponseSchema,
-    privateDocs: true,
     handler: accountsController.updateEntry,
     summary: "Update fields on an account by ID",
+    description:
+      "Updates specific fields of an existing account identified by its ID.",
   },
 ];
 

package/src/admin/adminSearch.controller.ts

@@ -9,17 +9,10 @@ import {
   searchAdminCollections,
 } from "./adminSearch.service.js";
 
-const ADMIN_ROLE_CLAIM = "https://memo.wirewire.de/roles";
-
 type AuthRequest = Request & {
   auth?: Record<string, unknown>;
 };
 
-const hasAdminRole = (auth: Record<string, unknown> | undefined): boolean => {
-  const roles = auth?.[ADMIN_ROLE_CLAIM];
-  return Array.isArray(roles) && roles.includes("admin");
-};
-
 const readListQuery = (
   req: Request,
 ): {
@@ -42,13 +35,6 @@ const readListQuery = (
 
 export const searchAdmin = catchAsync(
   async (req: AuthRequest, res: Response) => {
-    if (!hasAdminRole(req.auth)) {
-      throw new ApiError(
-        httpStatus.FORBIDDEN,
-        "User is not part of the admin group",
-      );
-    }
-
     const search = String(req.query.search || "").trim();
     const rawLimit = Number(req.query.limit);
     const limit = Number.isFinite(rawLimit)
@@ -61,26 +47,12 @@ export const searchAdmin = catchAsync(
 );
 
 export const getStats = catchAsync(async (req: AuthRequest, res: Response) => {
-  if (!hasAdminRole(req.auth)) {
-    throw new ApiError(
-      httpStatus.FORBIDDEN,
-      "User is not part of the admin group",
-    );
-  }
-
   const result = await getAdminStats();
   res.send(result);
 });
 
 export const getIotDevices = catchAsync(
   async (req: AuthRequest, res: Response) => {
-    if (!hasAdminRole(req.auth)) {
-      throw new ApiError(
-        httpStatus.FORBIDDEN,
-        "User is not part of the admin group",
-      );
-    }
-
     const result = await getAdminIotDevices(readListQuery(req));
     res.send(result);
   },
@@ -88,13 +60,6 @@ export const getIotDevices = catchAsync(
 
 export const getDevices = catchAsync(
   async (req: AuthRequest, res: Response) => {
-    if (!hasAdminRole(req.auth)) {
-      throw new ApiError(
-        httpStatus.FORBIDDEN,
-        "User is not part of the admin group",
-      );
-    }
-
     const result = await getAdminDevices(readListQuery(req));
     res.send(result);
   },

package/src/admin/adminSearch.route.ts

@@ -1,7 +1,9 @@
 import { Router } from "express";
-import buildRouterAndDocs, { type RouteSpec } from "../utils/buildRouterAndDocs.js";
+import buildRouterAndDocs, {
+  type RouteSpec,
+} from "../utils/buildRouterAndDocs.js";
 import auth from "../middlewares/auth.js";
-import { validateAdmin } from "../middlewares/validateAdmin.js";
+import { validateAdminOrSupport } from "../middlewares/validateAdminOrSupport.js";
 import {
   getDevices,
   getIotDevices,
@@ -25,7 +27,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/stats",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminStatsSchema,
     responseSchema: adminStatsResponseSchema,
     handler: getStats,
@@ -35,7 +37,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/search",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminSearchSchema,
     responseSchema: adminSearchResponseSchema,
     handler: searchAdmin,
@@ -46,7 +48,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/iotDevices",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminIotDevicesSchema,
     responseSchema: adminIotDevicesResponseSchema,
     handler: getIotDevices,
@@ -57,7 +59,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/devices",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminDevicesSchema,
     responseSchema: adminDevicesResponseSchema,
     handler: getDevices,

package/src/admin/adminSearch.service.ts

@@ -89,13 +89,11 @@ type AdminListQuery = {
 
 const IOT_DEVICES_CACHE_TTL_MS = 60_000;
 
-let iotDevicesCache:
-  | {
-      loadedAt: number;
-      devices: unknown[];
-      pending?: Promise<unknown[]>;
-    }
-  | null = null;
+let iotDevicesCache: {
+  loadedAt: number;
+  devices: unknown[];
+  pending?: Promise<unknown[]>;
+} | null = null;
 
 const getCachedIotDevices = async (): Promise<unknown[]> => {
   const now = Date.now();
@@ -112,9 +110,7 @@ const getCachedIotDevices = async (): Promise<unknown[]> => {
 
   const pending = Promise.resolve(
     iotDevicesService.getDeviceStatusList(undefined),
-  ).then(
-    (devices) => (Array.isArray(devices) ? devices : []),
-  );
+  ).then((devices) => (Array.isArray(devices) ? devices : []));
 
   iotDevicesCache = {
     loadedAt: now,

package/src/devices/devices.controller.ts

@@ -195,17 +195,6 @@ export const resetDevice = catchAsync(
   },
 );
 
-const ledLight = catchAsync(
-  async (req: Request, res: Response): Promise<void> => {
-    const device = await devicesService.getByIdWithIoT(req.params.deviceId);
-    const ping = await iotDevicesService.ledLightHint(
-      device.deviceId,
-      req.body,
-    );
-    res.send({ device, ping });
-  },
-);
-
 const rebootDevice = catchAsync(
   async (req: Request, res: Response): Promise<void> => {
     const device = await devicesService.getByIdWithIoT(req.params.deviceId);
@@ -221,7 +210,6 @@ export {
   getEvents,
   registerDevice,
   pingDevice,
-  ledLight,
   rebootDevice,
   getEntry,
   updateEntry,

package/src/devices/devices.route.ts

@@ -20,7 +20,6 @@ import {
   getEventsSchema,
   pingDeviceSchema,
   registerDeviceSchema,
-  ledLightSchema,
   rebootDeviceSchema,
   resetDeviceSchema,
 } from "./devices.validation.js";
@@ -92,9 +91,21 @@ export const devicesRouteSpecs: RouteSpec[] = [
     requestSchema: updateDeviceSchema,
     responseSchema: deviceResponseSchema,
     handler: devicesController.updateEntry,
+    privateDocs: true,
     summary: "Update a device",
     description:
-      "Modify the properties of an existing device identified by its ID.",
+      "LEGACY: Modify the properties of an existing device identified by its ID.",
+  },
+  {
+    method: "patch",
+    path: "/:deviceId",
+    validate: [auth("manageUsers"), validateDevice, validateOrganizationUpdate],
+    requestSchema: updateDeviceSchema,
+    responseSchema: deviceResponseSchema,
+    handler: devicesController.updateEntry,
+    summary: "Update a device",
+    description:
+      "Updates specific fields of an existing device identified by its ID.",
   },
   {
     method: "delete",
@@ -121,18 +132,6 @@ export const devicesRouteSpecs: RouteSpec[] = [
     description:
       "Associate an existing device with the authenticated organization.",
   },
-  {
-    method: "post",
-    path: "/ledlight/:deviceId",
-    validate: [auth("getUsers"), validateDevice],
-    requestSchema: ledLightSchema,
-    responseSchema: genericResponseSchema,
-    handler: devicesController.ledLight,
-    summary: "Set LED light on device",
-    description:
-      "Turn the device’s LED on or off, or set its color/brightness.",
-    memoOnly: true,
-  },
   {
     method: "get",
     path: "/ping/:deviceId",