@internetderdinge/api 1.229.32 → 1.229.39

package/dist/src/users/users.service.js

@@ -10,6 +10,10 @@ let updateTimesByIdHook = null;
 export const setUpdateTimesByIdHook = (hook) => {
     updateTimesByIdHook = hook ?? null;
 };
+let buildInviteEmailHook = null;
+export const setBuildInviteEmailHook = (hook) => {
+    buildInviteEmailHook = hook ?? null;
+};
 /**
  * Create a new user
  */
@@ -70,11 +74,8 @@ export const getByIdWithAuth0 = async (id) => {
     json.auth0User = auth0User;
     return json;
 };
-/**
- * Get all users in a given category (and optional organization)
- */
-export const getUsersByCategory = async (category, organization) => {
-    const filter = { category };
+export const getUsersByAppField = async (appName, fieldName, value, organization) => {
+    const filter = { [`apps.${appName}.${fieldName}`]: value };
     if (organization)
         filter.organization = organization;
     return User.find(filter);
@@ -123,15 +124,29 @@ export const sendInviteEmail = async (params) => {
     const organization = await organizationsService.getOrganizationById(user.organization);
     const auth0User = await auth0Service.getUserById(auth.sub);
     const lng = auth0User.data?.app_metadata?.language;
-    const title = `${i18n.t("Invite to ", { lng })}${organization.kind === "private-wirewire" ? "paperlesspaper" : "ANABOX smart"}`;
     const body = i18n.t("You have been invited to join the group. Click on the link to accept the invitation.", { lng });
-    await sendEmail({
-        title,
+    const baseEmail = {
+        title: `${i18n.t("Invite to ", { lng })}${organization?.name || "Application"}`,
         body,
         url: `/${user.organization}/invite/${inviteCode}`,
         actionButtonText: "Accept invite",
-        domain: organization.kind === "private-wirewire" ? "web" : "memo",
+        domain: "web",
+        productName: organization?.name || "Application",
         email,
+        lng,
+    };
+    await sendEmail({
+        ...baseEmail,
+        ...(buildInviteEmailHook
+            ? buildInviteEmailHook({
+                auth,
+                user,
+                inviteCode,
+                email,
+                organization,
+                lng,
+            })
+            : {}),
     });
 };
 /**
@@ -270,7 +285,7 @@ export default {
     createCurrentUser,
     getById,
     getByIdWithAuth0,
-    getUsersByCategory,
+    getUsersByAppField,
     getUsersByOrganization,
     getUsersByOrganizationAndId,
     getUsersByOwner,
@@ -293,4 +308,5 @@ export default {
     populateAuth0User,
     populateAuth0Users,
     setUpdateTimesByIdHook,
+    setBuildInviteEmailHook,
 };

package/dist/src/users/users.validation.js

@@ -3,38 +3,38 @@ import { z } from "zod";
 import { extendZodWithOpenApi } from "@asteasolutions/zod-to-openapi";
 import { zPagination, zGet, zObjectId, zObjectIdFor, zPatchBody, zUpdate, zDelete, } from "../utils/zValidations.js";
 extendZodWithOpenApi(z);
-export const createUserSchema = {
-    body: z.object({
-        meta: z
-            .object({})
-            .passthrough()
-            .optional()
-            .openapi({
-            example: { key: "value" },
-            description: "Additional metadata for the user",
-        }),
-        organization: zObjectId.openapi({
-            description: "Organization ObjectId",
-        }),
-        email: z.string().email().optional().nullable().openapi({
-            example: "user@example.com",
-            description: "User email address",
-        }),
-        timezone: z.string().optional().openapi({
-            example: "Europe/Berlin",
-            description: "IANA timezone string",
-        }),
-        role: z.enum(["user", "admin", "patient", "onlyself"]).optional().openapi({
-            description: "Role assigned to the user",
-        }),
-        category: z
-            .enum(["doctor", "nurse", "patient", "pharmacist", "relative"])
-            .optional()
-            .openapi({
-            description: "Category of the user",
-        }),
+export const userAppsSchema = z
+    .record(z.string(), z.unknown())
+    .optional()
+    .openapi({ description: "Application-specific user fields" });
+export const createUserBodyShape = {
+    meta: z
+        .object({})
+        .passthrough()
+        .optional()
+        .openapi({
+        example: { key: "value" },
+        description: "Additional metadata for the user",
+    }),
+    apps: userAppsSchema,
+    organization: zObjectId.openapi({
+        description: "Organization ObjectId",
+    }),
+    email: z.string().email().optional().nullable().openapi({
+        example: "user@example.com",
+        description: "User email address",
+    }),
+    timezone: z.string().optional().openapi({
+        example: "Europe/Berlin",
+        description: "IANA timezone string",
+    }),
+    role: z.enum(["user", "admin", "patient", "onlyself"]).optional().openapi({
+        description: "Role assigned to the user",
     }),
 };
+export const createUserSchema = {
+    body: z.object(createUserBodyShape),
+};
 export const createCurrentUserSchema = createUserSchema;
 export const queryUsersSchema = {
     ...zPagination,
@@ -52,39 +52,38 @@ export const getCurrentUserSchema = {
         organization: zObjectId,
     }),
 };
+export const updateUserBodyShape = {
+    name: z.string().optional().openapi({ description: "User full name" }),
+    timezone: z.string().optional().openapi({ description: "IANA timezone" }),
+    avatar: z.string().optional().openapi({ description: "Avatar URL" }),
+    meta: z
+        .object({})
+        .passthrough()
+        .optional()
+        .openapi({ description: "Additional metadata" }),
+    apps: userAppsSchema,
+    email: z
+        .string()
+        .email()
+        .nullable()
+        .optional()
+        .openapi({ description: "User email address" }),
+    role: z
+        .enum(["user", "admin", "patient", "onlyself"])
+        .optional()
+        .openapi({ description: "User role" }),
+    inviteCode: z
+        .string()
+        .nullable()
+        .optional()
+        .openapi({ description: "Invite code" }),
+    organization: zObjectId
+        .optional()
+        .openapi({ description: "Organization ObjectId" }),
+};
 export const updateUserSchema = {
     ...zUpdate("userId"),
-    body: zPatchBody({
-        name: z.string().optional().openapi({ description: "User full name" }),
-        timezone: z.string().optional().openapi({ description: "IANA timezone" }),
-        avatar: z.string().optional().openapi({ description: "Avatar URL" }),
-        meta: z
-            .object({})
-            .optional()
-            .openapi({ description: "Additional metadata" }),
-        category: z
-            .enum(["doctor", "nurse", "patient", "pharmacist", "relative"])
-            .optional()
-            .openapi({ description: "User category" }),
-        email: z
-            .string()
-            .email()
-            .nullable()
-            .optional()
-            .openapi({ description: "User email address" }),
-        role: z
-            .enum(["user", "admin", "patient", "onlyself"])
-            .optional()
-            .openapi({ description: "User role" }),
-        inviteCode: z
-            .string()
-            .nullable()
-            .optional()
-            .openapi({ description: "Invite code" }),
-        organization: zObjectId
-            .optional()
-            .openapi({ description: "Organization ObjectId" }),
-    }),
+    body: zPatchBody(updateUserBodyShape),
 };
 export const deleteUserSchema = zDelete("userId");
 export const organizationInviteSchema = {

package/dist/src/utils/buildRouterAndDocs.js

@@ -8,8 +8,11 @@ const roleValidatorNames = ["validateAiRole", "validateAdmin"];
 function hasRoleValidation(validators = []) {
     return validators.some((fn) => roleValidatorNames.includes(fn.name));
 }
-export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/", tags = []) {
-    routeSpecs.forEach((spec) => {
+export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/", tags = [], options = {}) {
+    const effectiveRouteSpecs = options.routeSpecs
+        ? options.routeSpecs(routeSpecs)
+        : routeSpecs;
+    effectiveRouteSpecs.forEach((spec) => {
         const validate = spec.validate || [];
         const routeMiddleware = spec.validateWithRequestSchema ||
             (spec.requestSchema
@@ -33,7 +36,7 @@ export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/",
         if (spec.responseSchema &&
             !hasRoleValidation(spec.validateWithRequestSchema || validate) &&
             spec.privateDocs !== true &&
-            spec.memoOnly !== true) {
+            (options.includeInDocs ? options.includeInDocs(spec) : true)) {
             // collect all middleware fn names (falls back to '<anonymous>' if unnamed)
             const middlewareNames = (spec.validateWithRequestSchema || validate).map((fn) => `\`${fn.name}\`` || "<anonymous>");
             const openApiPath = (basePath + spec.path).replace(/:([A-Za-z0-9_]+)/g, "{$1}");
@@ -51,7 +54,7 @@ export default function buildAiRouterAndDocs(router, routeSpecs, basePath = "/",
                     .join("\n"),
                 // (optionally) expose them as a custom extension instead:
                 "x-middlewares": middlewareNames,
-                security: [{ [bearerAuth.name]: [] }, { [xApiKey.name]: [] }],
+                security: [{ [xApiKey.name]: [] }, { [bearerAuth.name]: [] }],
                 responses: {
                     200: {
                         description: "Object with user data.",

package/dist/src/utils/zValidations.js

@@ -141,3 +141,10 @@ export const zDelete = (id) => ({
 });
 export const zObjectId = zObjectIdFor();
 export const zDate = () => z.string().pipe(z.coerce.date());
+export const zTypeFilter = z
+    .string()
+    .openapi({
+    description: "Event type filter. Common values include activate and state; any other string is accepted.",
+    example: "activate",
+})
+    .optional();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@internetderdinge/api",
-  "version": "1.229.32",
+  "version": "1.229.39",
   "description": "Shared OpenIoT API modules",
   "main": "dist/src/index.js",
   "type": "module",
@@ -122,5 +122,8 @@
     "vitest": "^4.0.18",
     "zod": "^4.3.6"
   },
-  "gitHead": "9556e8e376045c1e532aded7ec7132818190fa91"
+  "gitHead": "9556e8e376045c1e532aded7ec7132818190fa91",
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/"
+  }
 }

package/scripts/release-and-sync-paperless.mjs

@@ -1,7 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { execSync } from "node:child_process";
+import { execFileSync } from "node:child_process";
 import dotenv from "dotenv";
 import semver from "semver";
 
@@ -22,6 +22,25 @@ const writeJson = (filePath, data) => {
   fs.writeFileSync(filePath, `${JSON.stringify(data, null, 2)}\n`);
 };
 
+const publishPackage = () => {
+  const npmRegistry = "https://registry.npmjs.org/";
+  const npmUserConfig = path.join(repoRoot, ".npmrc");
+
+  execFileSync(
+    "npm",
+    ["publish", `--userconfig=${npmUserConfig}`, `--registry=${npmRegistry}`],
+    {
+      cwd: repoRoot,
+      stdio: "inherit",
+      env: {
+        ...process.env,
+        npm_config_registry: npmRegistry,
+        npm_config_userconfig: npmUserConfig,
+      },
+    },
+  );
+};
+
 const resolveNextVersion = (current, input) => {
   const cleanedCurrent = semver.valid(semver.clean(current));
   if (!cleanedCurrent) {
@@ -144,7 +163,7 @@ writeJson(apiPackagePath, apiPackage);
 
 if (shouldPublish) {
   // Always publish through npm, regardless of the package manager used to run this script.
-  execSync("npm publish", { cwd: repoRoot, stdio: "inherit" });
+  publishPackage();
 }
 
 const updates = updatePackagePaths.map((updatePackagePath) => ({

package/scripts/release-version.mjs

@@ -1,7 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { execSync } from "node:child_process";
+import { execFileSync } from "node:child_process";
 import semver from "semver";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -20,6 +20,25 @@ const writeJson = (filePath, data) => {
   fs.writeFileSync(filePath, `${JSON.stringify(data, null, 2)}\n`);
 };
 
+const publishPackage = () => {
+  const npmRegistry = "https://registry.npmjs.org/";
+  const npmUserConfig = path.join(repoRoot, ".npmrc");
+
+  execFileSync(
+    "npm",
+    ["publish", `--userconfig=${npmUserConfig}`, `--registry=${npmRegistry}`],
+    {
+      cwd: repoRoot,
+      stdio: "inherit",
+      env: {
+        ...process.env,
+        npm_config_registry: npmRegistry,
+        npm_config_userconfig: npmUserConfig,
+      },
+    },
+  );
+};
+
 const resolveNextVersion = (current, input) => {
   const cleanedCurrent = semver.valid(semver.clean(current));
   if (!cleanedCurrent) {
@@ -141,5 +160,5 @@ console.log(
 );
 
 if (shouldPublish) {
-  execSync("npm publish", { cwd: repoRoot, stdio: "inherit" });
+  publishPackage();
 }

package/src/accounts/accounts.route.ts

@@ -16,9 +16,9 @@ export const accountsRouteSpecs: RouteSpec[] = [
     validate: [auth("manageUsers")],
     requestSchema: accountsValidation.currentAccountSchema,
     responseSchema: accountResponseSchema,
-    privateDocs: true,
     handler: accountsController.current,
     summary: "Get the current account",
+    description: "Fetches the details of the currently authenticated account.",
   },
   {
     method: "post",
@@ -60,15 +60,28 @@ export const accountsRouteSpecs: RouteSpec[] = [
     handler: accountsController.avatar,
     summary: "Fetch account avatar",
   },
+  {
+    method: "delete",
+    path: "/current",
+    validate: [auth("manageUsers")],
+    requestSchema: accountsValidation.deleteCurrentSchema,
+    responseSchema: accountResponseSchema,
+    handler: accountsController.deleteCurrent,
+    summary: "Delete the current user's account",
+    description:
+      "Permanently deletes the current user's account. Will not delete associated data. This action is irreversible.",
+  },
   {
     method: "delete",
     path: "/deleteCurrent",
     validate: [auth("manageUsers")],
     requestSchema: accountsValidation.deleteCurrentSchema,
     responseSchema: accountResponseSchema,
-    privateDocs: true,
     handler: accountsController.deleteCurrent,
-    summary: "Delete the current account",
+    summary: "Delete the current user's account",
+    privateDocs: true,
+    description:
+      "LEGACY: Permanently deletes the current user's account. Will not delete associated data. This action is irreversible. (Replaced by DELETE /current)",
   },
   {
     method: "get",
@@ -78,6 +91,7 @@ export const accountsRouteSpecs: RouteSpec[] = [
     responseSchema: accountResponseSchema,
     handler: accountsController.getAccountById,
     summary: "Get an account by ID",
+    description: "Fetches the details of a single account by its ID.",
   },
   {
     method: "post",
@@ -87,7 +101,8 @@ export const accountsRouteSpecs: RouteSpec[] = [
     responseSchema: accountResponseSchema,
     privateDocs: true,
     handler: accountsController.updateEntry,
-    summary: "Create or replace an account by ID",
+    summary: "Update an account by ID",
+    description: "LEGACY: Updates an existing account with a specified ID.",
   },
   {
     method: "patch",
@@ -95,9 +110,10 @@ export const accountsRouteSpecs: RouteSpec[] = [
     validate: [auth("manageUsers"), validateParamsAccount],
     requestSchema: accountsValidation.updateAccountSchema,
     responseSchema: accountResponseSchema,
-    privateDocs: true,
     handler: accountsController.updateEntry,
     summary: "Update fields on an account by ID",
+    description:
+      "Updates specific fields of an existing account identified by its ID.",
   },
 ];
 

package/src/admin/adminSearch.controller.ts

@@ -9,17 +9,10 @@ import {
   searchAdminCollections,
 } from "./adminSearch.service.js";
 
-const ADMIN_ROLE_CLAIM = "https://memo.wirewire.de/roles";
-
 type AuthRequest = Request & {
   auth?: Record<string, unknown>;
 };
 
-const hasAdminRole = (auth: Record<string, unknown> | undefined): boolean => {
-  const roles = auth?.[ADMIN_ROLE_CLAIM];
-  return Array.isArray(roles) && roles.includes("admin");
-};
-
 const readListQuery = (
   req: Request,
 ): {
@@ -42,13 +35,6 @@ const readListQuery = (
 
 export const searchAdmin = catchAsync(
   async (req: AuthRequest, res: Response) => {
-    if (!hasAdminRole(req.auth)) {
-      throw new ApiError(
-        httpStatus.FORBIDDEN,
-        "User is not part of the admin group",
-      );
-    }
-
     const search = String(req.query.search || "").trim();
     const rawLimit = Number(req.query.limit);
     const limit = Number.isFinite(rawLimit)
@@ -61,26 +47,12 @@ export const searchAdmin = catchAsync(
 );
 
 export const getStats = catchAsync(async (req: AuthRequest, res: Response) => {
-  if (!hasAdminRole(req.auth)) {
-    throw new ApiError(
-      httpStatus.FORBIDDEN,
-      "User is not part of the admin group",
-    );
-  }
-
   const result = await getAdminStats();
   res.send(result);
 });
 
 export const getIotDevices = catchAsync(
   async (req: AuthRequest, res: Response) => {
-    if (!hasAdminRole(req.auth)) {
-      throw new ApiError(
-        httpStatus.FORBIDDEN,
-        "User is not part of the admin group",
-      );
-    }
-
     const result = await getAdminIotDevices(readListQuery(req));
     res.send(result);
   },
@@ -88,13 +60,6 @@ export const getIotDevices = catchAsync(
 
 export const getDevices = catchAsync(
   async (req: AuthRequest, res: Response) => {
-    if (!hasAdminRole(req.auth)) {
-      throw new ApiError(
-        httpStatus.FORBIDDEN,
-        "User is not part of the admin group",
-      );
-    }
-
     const result = await getAdminDevices(readListQuery(req));
     res.send(result);
   },

package/src/admin/adminSearch.route.ts

@@ -1,7 +1,9 @@
 import { Router } from "express";
-import buildRouterAndDocs, { type RouteSpec } from "../utils/buildRouterAndDocs.js";
+import buildRouterAndDocs, {
+  type RouteSpec,
+} from "../utils/buildRouterAndDocs.js";
 import auth from "../middlewares/auth.js";
-import { validateAdmin } from "../middlewares/validateAdmin.js";
+import { validateAdminOrSupport } from "../middlewares/validateAdminOrSupport.js";
 import {
   getDevices,
   getIotDevices,
@@ -25,7 +27,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/stats",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminStatsSchema,
     responseSchema: adminStatsResponseSchema,
     handler: getStats,
@@ -35,7 +37,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/search",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminSearchSchema,
     responseSchema: adminSearchResponseSchema,
     handler: searchAdmin,
@@ -46,7 +48,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/iotDevices",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminIotDevicesSchema,
     responseSchema: adminIotDevicesResponseSchema,
     handler: getIotDevices,
@@ -57,7 +59,7 @@ export const adminSearchRouteSpecs: RouteSpec[] = [
   {
     method: "get",
     path: "/devices",
-    validate: [auth("getUsers"), validateAdmin],
+    validate: [auth("getUsers"), validateAdminOrSupport],
     requestSchema: adminDevicesSchema,
     responseSchema: adminDevicesResponseSchema,
     handler: getDevices,

package/src/admin/adminSearch.service.ts

@@ -89,13 +89,11 @@ type AdminListQuery = {
 
 const IOT_DEVICES_CACHE_TTL_MS = 60_000;
 
-let iotDevicesCache:
-  | {
-      loadedAt: number;
-      devices: unknown[];
-      pending?: Promise<unknown[]>;
-    }
-  | null = null;
+let iotDevicesCache: {
+  loadedAt: number;
+  devices: unknown[];
+  pending?: Promise<unknown[]>;
+} | null = null;
 
 const getCachedIotDevices = async (): Promise<unknown[]> => {
   const now = Date.now();
@@ -112,9 +110,7 @@ const getCachedIotDevices = async (): Promise<unknown[]> => {
 
   const pending = Promise.resolve(
     iotDevicesService.getDeviceStatusList(undefined),
-  ).then(
-    (devices) => (Array.isArray(devices) ? devices : []),
-  );
+  ).then((devices) => (Array.isArray(devices) ? devices : []));
 
   iotDevicesCache = {
     loadedAt: now,

package/src/devices/devices.controller.ts

@@ -159,6 +159,10 @@ const updateEntry = catchAsync(
 const getEvents = catchAsync(
   async (req: Request, res: Response): Promise<void> => {
     const device = await devicesService.getById(req.params.deviceId);
+    if (!device) {
+      throw new ApiError(httpStatus.NOT_FOUND, "Device not found");
+    }
+
     const events = await iotDevicesService.getEvents({
       ...req.query,
       createdAt: device.createdAt,
@@ -195,17 +199,6 @@ export const resetDevice = catchAsync(
   },
 );
 
-const ledLight = catchAsync(
-  async (req: Request, res: Response): Promise<void> => {
-    const device = await devicesService.getByIdWithIoT(req.params.deviceId);
-    const ping = await iotDevicesService.ledLightHint(
-      device.deviceId,
-      req.body,
-    );
-    res.send({ device, ping });
-  },
-);
-
 const rebootDevice = catchAsync(
   async (req: Request, res: Response): Promise<void> => {
     const device = await devicesService.getByIdWithIoT(req.params.deviceId);
@@ -221,7 +214,6 @@ export {
   getEvents,
   registerDevice,
   pingDevice,
-  ledLight,
   rebootDevice,
   getEntry,
   updateEntry,

package/src/devices/devices.route.ts

@@ -20,7 +20,6 @@ import {
   getEventsSchema,
   pingDeviceSchema,
   registerDeviceSchema,
-  ledLightSchema,
   rebootDeviceSchema,
   resetDeviceSchema,
 } from "./devices.validation.js";
@@ -61,7 +60,7 @@ export const devicesRouteSpecs: RouteSpec[] = [
     handler: devicesController.queryDevicesByUser,
     summary: "Query devices by user",
     description:
-      "Retrieve a paginated list of devices visible to the authenticated user.",
+      "Retrieve a paginated list of devices visible to the authenticated user. Either patient or organization is required.",
   },
   {
     method: "get",
@@ -92,9 +91,21 @@ export const devicesRouteSpecs: RouteSpec[] = [
     requestSchema: updateDeviceSchema,
     responseSchema: deviceResponseSchema,
     handler: devicesController.updateEntry,
+    privateDocs: true,
     summary: "Update a device",
     description:
-      "Modify the properties of an existing device identified by its ID.",
+      "LEGACY: Modify the properties of an existing device identified by its ID.",
+  },
+  {
+    method: "patch",
+    path: "/:deviceId",
+    validate: [auth("manageUsers"), validateDevice, validateOrganizationUpdate],
+    requestSchema: updateDeviceSchema,
+    responseSchema: deviceResponseSchema,
+    handler: devicesController.updateEntry,
+    summary: "Update a device",
+    description:
+      "Updates specific fields of an existing device identified by its ID.",
   },
   {
     method: "delete",
@@ -121,18 +132,6 @@ export const devicesRouteSpecs: RouteSpec[] = [
     description:
       "Associate an existing device with the authenticated organization.",
   },
-  {
-    method: "post",
-    path: "/ledlight/:deviceId",
-    validate: [auth("getUsers"), validateDevice],
-    requestSchema: ledLightSchema,
-    responseSchema: genericResponseSchema,
-    handler: devicesController.ledLight,
-    summary: "Set LED light on device",
-    description:
-      "Turn the device’s LED on or off, or set its color/brightness.",
-    memoOnly: true,
-  },
   {
     method: "get",
     path: "/ping/:deviceId",