@laboratory-one/api-components 0.0.23 → 0.0.25

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@laboratory-one/api-components",
-  "version": "0.0.23",
+  "version": "0.0.25",
   "description": "API components for Laboratory One",
   "author": "Laboratory One",
   "private": false,
@@ -8,41 +8,8 @@
   "type": "commonjs",
   "typesVersions": {
     "*": {
-      "auth": [
-        "src/auth/index.d.ts"
-      ],
-      "cron": [
-        "src/cron/index.d.ts"
-      ],
-      "enums": [
-        "src/enums/index.d.ts"
-      ],
-      "guard": [
-        "src/guard/index.d.ts"
-      ],
-      "health": [
-        "src/health/index.d.ts"
-      ],
-      "middleware": [
-        "src/middleware/index.d.ts"
-      ],
-      "prisma": [
-        "src/prisma/index.d.ts"
-      ],
-      "push": [
-        "src/push/index.d.ts"
-      ],
-      "services": [
-        "src/services/index.d.ts"
-      ],
-      "types": [
-        "src/types/index.d.ts"
-      ],
-      "user": [
-        "src/user/index.d.ts"
-      ],
-      "utils": [
-        "src/utils/index.d.ts"
+      "*": [
+        "dist/src/*/index.d.ts"
       ]
     }
   },
@@ -59,81 +26,27 @@
     "dist"
   ],
   "exports": {
-    "./auth": {
-      "import": "./src/auth/index.js",
-      "require": "./src/auth/index.js",
-      "types": "./src/auth/index.d.ts"
-    },
-    "./cron": {
-      "import": "./src/cron/index.js",
-      "require": "./src/cron/index.js",
-      "types": "./src/cron/index.d.ts"
-    },
-    "./enums": {
-      "import": "./src/enums/index.js",
-      "require": "./src/enums/index.js",
-      "types": "./src/enums/index.d.ts"
-    },
-    "./guard": {
-      "import": "./src/guard/index.js",
-      "require": "./src/guard/index.js",
-      "types": "./src/guard/index.d.ts"
-    },
-    "./health": {
-      "import": "./src/health/index.js",
-      "require": "./src/health/index.js",
-      "types": "./src/health/index.d.ts"
-    },
-    "./middleware": {
-      "import": "./src/middleware/index.js",
-      "require": "./src/middleware/index.js",
-      "types": "./src/middleware/index.d.ts"
-    },
-    "./prisma": {
-      "import": "./src/prisma/index.js",
-      "require": "./src/prisma/index.js",
-      "types": "./src/prisma/index.d.ts"
-    },
-    "./push": {
-      "import": "./src/push/index.js",
-      "require": "./src/push/index.js",
-      "types": "./src/push/index.d.ts"
-    },
-    "./services": {
-      "import": "./src/services/index.js",
-      "require": "./src/services/index.js",
-      "types": "./src/services/index.d.ts"
-    },
-    "./types": {
-      "import": "./src/types/index.js",
-      "require": "./src/types/index.js",
-      "types": "./src/types/index.d.ts"
-    },
-    "./user": {
-      "import": "./src/user/index.js",
-      "require": "./src/user/index.js",
-      "types": "./src/user/index.d.ts"
-    },
-    "./utils": {
-      "import": "./src/utils/index.js",
-      "require": "./src/utils/index.js",
-      "types": "./src/utils/index.d.ts"
+    "./*": {
+      "import": "./dist/src/*/index.js",
+      "require": "./dist/src/*/index.js",
+      "types": "./dist/src/*/index.d.ts"
     }
   },
   "scripts": {
-    "build": "tsc --build tsconfig.build.json",
+    "build": "tsc",
     "format": "prettier --write 'src/**/*.{js,ts}'",
-    "generate": "prisma generate",
+    "types:generate": "npx prisma generate",
     "lint": "eslint 'src/**/*.{js,ts}'",
     "lint:fix": "yarn format && yarn lint --fix",
     "publish:local": "yalc publish",
     "push": "yarn build && yalc push --replace",
-    "typecheck": "tsc -p tsconfig.json",
+    "typecheck": "tsc --noEmit",
     "version:minor": "./scripts/version.sh minor",
     "version:patch": "./scripts/version.sh patch",
     "start:dev": "watchman watch . && watchman -- trigger . yalc-push-trigger \"**/*\" -- ./scripts/yalc-push-trigger.sh"
   },
   "dependencies": {
+    "@casl/ability": "6.7.3",
     "@nestjs/axios": "4.0.1",
     "@nestjs/common": "11.1.6",
     "@nestjs/config": "4.0.2",
@@ -160,8 +73,7 @@
     "prisma": "6.16.2",
     "reflect-metadata": "0.2.2",
     "rxjs": "7.8.2",
-    "stytch": "12.35.0",
-    "zod": "4.1.11"
+    "stytch": "12.35.0"
   },
   "devDependencies": {
     "@babel/core": "7.28.4",

package/src/ability/ability.factory.ts

@@ -0,0 +1,19 @@
+import { Injectable } from '@nestjs/common';
+import { AbilityBuilder, createMongoAbility } from '@casl/ability';
+import { AppAbility } from './app-ability.type';
+import { mapPermissionToAbility } from './ability.util';
+
+@Injectable()
+export class AbilityFactory {
+  createForUser(permissions: string[]): AppAbility {
+    const { can, build } = new AbilityBuilder<AppAbility>(createMongoAbility);
+
+    const abilities = mapPermissionToAbility(permissions);
+
+    abilities.forEach(({ action, subject }) => {
+      can(action, subject);
+    });
+
+    return build();
+  }
+}

package/src/ability/ability.module.ts

@@ -0,0 +1,8 @@
+import { Module } from '@nestjs/common';
+import { AbilityFactory } from './ability.factory';
+
+@Module({
+  providers: [AbilityFactory],
+  exports: [AbilityFactory],
+})
+export class AbilityModule {}

package/src/ability/ability.util.ts

@@ -0,0 +1,37 @@
+import { Action, ACTIONS } from './action.enum';
+import { Subject } from './services.enum';
+
+export const mapPermissionToAbility = (
+  permissions: string[],
+): { action: Action; subject: Subject }[] => {
+  return permissions.map((permission: string) => {
+    const split: string[] = permission.split(':');
+
+    if (split.length !== 2) {
+      throw new Error(`Invalid permission format: ${permission}`);
+    }
+
+    const action: Action = split[0] as Action;
+    const subject: Subject = split[1] as Subject;
+
+    switch (action) {
+      case ACTIONS.MANAGE:
+        return { action: ACTIONS.MANAGE, subject };
+
+      case ACTIONS.CREATE:
+        return { action: ACTIONS.CREATE, subject };
+
+      case ACTIONS.READ:
+        return { action: ACTIONS.READ, subject };
+
+      case ACTIONS.UPDATE:
+        return { action: ACTIONS.UPDATE, subject };
+
+      case ACTIONS.DELETE:
+        return { action: ACTIONS.DELETE, subject };
+
+      default:
+        throw new Error(`Invalid permission: ${permission}`);
+    }
+  });
+};

package/src/ability/action.enum.ts

@@ -0,0 +1,9 @@
+export const ACTIONS = {
+  MANAGE: 'manage',
+  CREATE: 'create',
+  READ: 'read',
+  UPDATE: 'update',
+  DELETE: 'delete',
+} as const;
+
+export type Action = (typeof ACTIONS)[keyof typeof ACTIONS];

package/src/ability/app-ability.type.ts

@@ -0,0 +1,7 @@
+import { MongoAbility, InferSubjects } from '@casl/ability';
+import { Subject } from './services.enum';
+import { Action } from './action.enum';
+
+type SubjectTypes = InferSubjects<Subject>;
+
+export type AppAbility = MongoAbility<[Action, SubjectTypes]>;

package/src/ability/index.ts

@@ -0,0 +1,6 @@
+export * from './ability.factory';
+export * from './ability.module';
+export * from './action.enum';
+export * from './app-ability.type';
+export * from './services.enum';
+export * from './ability.util';

package/src/ability/services.enum.ts

@@ -0,0 +1,7 @@
+export const SUBJECTS = {
+  SUNG_JINWOO: 'sung-jinwoo',
+  AUTH: 'auth',
+  ALL: 'all',
+} as const;
+
+export type Subject = (typeof SUBJECTS)[keyof typeof SUBJECTS];

package/src/decorator/index.ts

@@ -0,0 +1,2 @@
+export * from './policies.decorator';
+export * from './policies.handler';

package/src/decorator/policies.decorator.ts

@@ -0,0 +1,7 @@
+import { SetMetadata } from '@nestjs/common';
+import { PolicyHandler } from '../types/policy.type';
+
+export const CHECK_POLICIES_KEY = 'check_policy';
+
+export const CheckPolicies = (...handlers: PolicyHandler[]) =>
+  SetMetadata(CHECK_POLICIES_KEY, handlers);

package/src/decorator/policies.handler.ts

@@ -0,0 +1,16 @@
+import { AppAbility, Action, Subject } from '../ability';
+import { IPolicyHandler } from '../types';
+
+export class AuthPolicyHandler implements IPolicyHandler {
+  action: Action;
+  subject: Subject;
+
+  constructor(action: Action, subject: Subject) {
+    this.action = action;
+    this.subject = subject;
+  }
+
+  handle(ability: AppAbility) {
+    return ability.can(this.action, this.subject);
+  }
+}

package/src/guard/index.ts

@@ -1 +1,2 @@
 export * from './auth.guard';
+export * from './policies.guard';

package/src/guard/policies.guard.ts

@@ -0,0 +1,65 @@
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { AbilityFactory, AppAbility } from '../ability';
+import { CHECK_POLICIES_KEY } from '../decorator';
+import { Request, Headers } from 'node-fetch';
+import { PolicyHandler } from '../types';
+
+@Injectable()
+export class PoliciesGuard implements CanActivate {
+  constructor(
+    private reflector: Reflector,
+    private abilityFactory: AbilityFactory,
+  ) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const policyHandlers =
+      this.reflector.get<PolicyHandler[]>(
+        CHECK_POLICIES_KEY,
+        context.getHandler(),
+      ) || [];
+
+    const request: Request & { headers: Headers & { permissions: string } } =
+      context.switchToHttp().getRequest();
+
+    if (!request.headers.permissions) {
+      throw new UnauthorizedException('No permissions provided');
+    }
+
+    if (!request.headers['user-id']) {
+      throw new UnauthorizedException('No user provided');
+    }
+
+    request['userId'] = request.headers['user-id'];
+
+    const userPermissions: string[] = JSON.parse(
+      request.headers.permissions,
+    ) as string[];
+
+    if (!Array.isArray(userPermissions)) {
+      throw new BadRequestException('Permissions must be an array of strings');
+    }
+
+    const ability = this.abilityFactory.createForUser(userPermissions);
+
+    return policyHandlers.every((handler) =>
+      this.execPolicyHandler(handler, ability),
+    );
+  }
+
+  private execPolicyHandler(
+    handler: PolicyHandler,
+    ability: AppAbility,
+  ): boolean {
+    if (typeof handler === 'function') {
+      return handler(ability);
+    }
+    return handler.handle(ability);
+  }
+}

package/src/types/index.ts

@@ -1,2 +1,4 @@
 export * from './success.response.dto';
 export * from './req.type';
+export * from './policy.type';
+export * from './reqWithUser.type';

package/src/types/policy.type.ts

@@ -0,0 +1,9 @@
+import { AppAbility } from '../ability';
+
+export interface IPolicyHandler {
+  handle(ability: AppAbility): boolean;
+}
+
+type PolicyHandlerCallback = (ability: AppAbility) => boolean;
+
+export type PolicyHandler = IPolicyHandler | PolicyHandlerCallback;

package/src/types/reqWithUser.type.ts

@@ -0,0 +1,3 @@
+export type reqWithUser = {
+  userId: string;
+};

package/src/utils/index.ts

@@ -3,5 +3,4 @@ export * from './error.util';
 export * from './input.util';
 export * from './string.util';
 export * from './noop.util';
-export * from './schema.util';
 export * from './version.util';

package/src/auth/auth.module.d.ts

@@ -1,3 +0,0 @@
-export declare class AuthModule {
-}
-//# sourceMappingURL=auth.module.d.ts.map

package/src/auth/auth.module.js

@@ -1,18 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthModule = void 0;
-const tslib_1 = require("tslib");
-const common_1 = require("@nestjs/common");
-const auth_service_1 = require("./auth.service");
-const config_1 = require("@nestjs/config");
-let AuthModule = class AuthModule {
-};
-exports.AuthModule = AuthModule;
-exports.AuthModule = AuthModule = tslib_1.__decorate([
-    (0, common_1.Module)({
-        imports: [config_1.ConfigModule],
-        providers: [auth_service_1.AuthService],
-        exports: [auth_service_1.AuthService],
-    })
-], AuthModule);
-//# sourceMappingURL=auth.module.js.map

package/src/auth/auth.module.ts

@@ -1,10 +0,0 @@
-import { Module } from '@nestjs/common';
-import { AuthService } from './auth.service';
-import { ConfigModule } from '@nestjs/config';
-
-@Module({
-  imports: [ConfigModule],
-  providers: [AuthService],
-  exports: [AuthService],
-})
-export class AuthModule {}

package/src/auth/auth.service.d.ts

@@ -1,18 +0,0 @@
-import * as stytch from 'stytch';
-import { ConfigService } from '@nestjs/config';
-import { RegisterRequestDto } from '../user';
-export declare class AuthService {
-    private configService;
-    private readonly logger;
-    private authClient;
-    constructor(configService: ConfigService);
-    signup(data: RegisterRequestDto): Promise<stytch.PasswordsCreateResponse>;
-    login(data: RegisterRequestDto): Promise<boolean>;
-    phoneLoginOrCreate(phoneNumber: string): Promise<stytch.OTPsSmsLoginOrCreateResponse>;
-    phoneAuthenticate({ methodId, code, }: {
-        methodId: string;
-        code: string;
-    }): Promise<stytch.OTPsAuthenticateResponse>;
-    delete(externalId: string): Promise<void>;
-}
-//# sourceMappingURL=auth.service.d.ts.map

package/src/auth/auth.service.js

@@ -1,65 +0,0 @@
-"use strict";
-var AuthService_1;
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthService = void 0;
-const tslib_1 = require("tslib");
-const common_1 = require("@nestjs/common");
-const stytch = tslib_1.__importStar(require("stytch"));
-const config_1 = require("@nestjs/config");
-const utils_1 = require("../utils");
-let AuthService = AuthService_1 = class AuthService {
-    constructor(configService) {
-        this.configService = configService;
-        this.logger = new common_1.Logger(AuthService_1.name);
-        this.authClient = new stytch.Client({
-            project_id: this.configService.get('STYTCH_PROJECT_ID'),
-            secret: this.configService.get('STYTCH_SECRET'),
-            env: this.configService.get('STYTCH_ENV') === 'test'
-                ? stytch.envs.test
-                : stytch.envs.live,
-        });
-    }
-    async signup(data) {
-        this.logger.debug('signup');
-        return await this.authClient.passwords.create(data);
-    }
-    async login(data) {
-        this.logger.debug('login');
-        try {
-            const res = await this.authClient.passwords.authenticate(data);
-            return res['status_code'] === 200;
-        }
-        catch (error) {
-            if (error.error_type === 'email_not_found') {
-                (0, utils_1.handleError)('Email or password is wrong');
-            }
-            if (error.error_type === 'unauthorized_credentials') {
-                (0, utils_1.handleError)('Email or password is wrong');
-            }
-        }
-    }
-    async phoneLoginOrCreate(phoneNumber) {
-        this.logger.debug('phoneLoginOrCreate');
-        return await this.authClient.otps.sms.loginOrCreate({
-            phone_number: phoneNumber,
-            expiration_minutes: 5,
-        });
-    }
-    async phoneAuthenticate({ methodId, code, }) {
-        this.logger.debug('phoneAuthenticate');
-        return await this.authClient.otps.authenticate({
-            method_id: methodId,
-            code,
-        });
-    }
-    async delete(externalId) {
-        this.logger.debug('delete');
-        await this.authClient.users.delete({ user_id: externalId });
-    }
-};
-exports.AuthService = AuthService;
-exports.AuthService = AuthService = AuthService_1 = tslib_1.__decorate([
-    (0, common_1.Injectable)(),
-    tslib_1.__metadata("design:paramtypes", [config_1.ConfigService])
-], AuthService);
-//# sourceMappingURL=auth.service.js.map

package/src/auth/auth.service.ts

@@ -1,80 +0,0 @@
-import { Injectable, Logger } from '@nestjs/common';
-import * as stytch from 'stytch';
-import { ConfigService } from '@nestjs/config';
-
-import { RegisterRequestDto } from '../user';
-import { handleError } from '../utils';
-
-@Injectable()
-export class AuthService {
-  private readonly logger: Logger = new Logger(AuthService.name);
-  private authClient: stytch.Client;
-
-  constructor(private configService: ConfigService) {
-    this.authClient = new stytch.Client({
-      project_id: this.configService.get<string>('STYTCH_PROJECT_ID'),
-      secret: this.configService.get<string>('STYTCH_SECRET'),
-      env:
-        this.configService.get<string>('STYTCH_ENV') === 'test'
-          ? stytch.envs.test
-          : stytch.envs.live,
-    });
-  }
-
-  async signup(
-    data: RegisterRequestDto,
-  ): Promise<stytch.PasswordsCreateResponse> {
-    this.logger.debug('signup');
-
-    return await this.authClient.passwords.create(data);
-  }
-
-  async login(data: RegisterRequestDto): Promise<boolean> {
-    this.logger.debug('login');
-
-    try {
-      const res = await this.authClient.passwords.authenticate(data);
-      return res['status_code'] === 200;
-    } catch (error: any) {
-      if (error.error_type === 'email_not_found') {
-        handleError('Email or password is wrong');
-      }
-
-      if (error.error_type === 'unauthorized_credentials') {
-        handleError('Email or password is wrong');
-      }
-    }
-  }
-
-  async phoneLoginOrCreate(
-    phoneNumber: string,
-  ): Promise<stytch.OTPsSmsLoginOrCreateResponse> {
-    this.logger.debug('phoneLoginOrCreate');
-
-    return await this.authClient.otps.sms.loginOrCreate({
-      phone_number: phoneNumber,
-      expiration_minutes: 5,
-    });
-  }
-
-  async phoneAuthenticate({
-    methodId,
-    code,
-  }: {
-    methodId: string;
-    code: string;
-  }): Promise<stytch.OTPsAuthenticateResponse> {
-    this.logger.debug('phoneAuthenticate');
-
-    return await this.authClient.otps.authenticate({
-      method_id: methodId,
-      code,
-    });
-  }
-
-  async delete(externalId: string): Promise<void> {
-    this.logger.debug('delete');
-
-    await this.authClient.users.delete({ user_id: externalId });
-  }
-}

package/src/auth/index.d.ts

@@ -1,3 +0,0 @@
-export * from './auth.module';
-export * from './auth.service';
-//# sourceMappingURL=index.d.ts.map

package/src/auth/index.js

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-tslib_1.__exportStar(require("./auth.module"), exports);
-tslib_1.__exportStar(require("./auth.service"), exports);
-//# sourceMappingURL=index.js.map

package/src/auth/index.ts

@@ -1,2 +0,0 @@
-export * from './auth.module';
-export * from './auth.service';

package/src/guard/index.d.ts

@@ -1,2 +0,0 @@
-export * from './auth.guard';
-//# sourceMappingURL=index.d.ts.map

package/src/types/index.d.ts

@@ -1,3 +0,0 @@
-export * from './success.response.dto';
-export * from './req.type';
-//# sourceMappingURL=index.d.ts.map

package/src/user/dtos/delete-user.request.dto.d.ts

@@ -1,4 +0,0 @@
-export declare class DeleteUserRequestDto {
-    phoneNumber: string;
-}
-//# sourceMappingURL=delete-user.request.dto.d.ts.map

package/src/user/dtos/delete-user.request.dto.js

@@ -1,15 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DeleteUserRequestDto = void 0;
-const tslib_1 = require("tslib");
-const class_validator_1 = require("class-validator");
-const swagger_1 = require("@nestjs/swagger");
-class DeleteUserRequestDto {
-}
-exports.DeleteUserRequestDto = DeleteUserRequestDto;
-tslib_1.__decorate([
-    (0, class_validator_1.IsString)(),
-    (0, swagger_1.ApiProperty)(),
-    tslib_1.__metadata("design:type", String)
-], DeleteUserRequestDto.prototype, "phoneNumber", void 0);
-//# sourceMappingURL=delete-user.request.dto.js.map

package/src/user/dtos/delete-user.request.dto.ts

@@ -1,8 +0,0 @@
-import { IsString } from 'class-validator';
-import { ApiProperty } from '@nestjs/swagger';
-
-export class DeleteUserRequestDto {
-  @IsString()
-  @ApiProperty()
-  phoneNumber: string;
-}

package/src/user/dtos/get-user.response.dto.d.ts

@@ -1,7 +0,0 @@
-export declare class GetUserResponseDto {
-    id: string;
-    email: string;
-    phoneNumber?: string | undefined;
-    fullName?: string | undefined;
-}
-//# sourceMappingURL=get-user.response.dto.d.ts.map