@lenne.tech/nest-server 10.0.7 → 10.0.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "10.0.7",
+  "version": "10.0.9",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -62,75 +62,75 @@
     "node": ">= 16.13.0"
   },
   "dependencies": {
-    "@apollo/gateway": "2.5.1",
-    "@nestjs/apollo": "12.0.7",
-    "@nestjs/common": "10.1.3",
-    "@nestjs/core": "10.1.3",
-    "@nestjs/graphql": "12.0.8",
-    "@nestjs/jwt": "10.1.0",
+    "@apollo/gateway": "2.5.6",
+    "@lenne.tech/mongoose-gridfs": "1.4.2",
+    "@lenne.tech/multer-gridfs-storage": "5.0.6",
+    "@nestjs/apollo": "12.0.9",
+    "@nestjs/common": "10.2.7",
+    "@nestjs/core": "10.2.7",
+    "@nestjs/graphql": "12.0.9",
+    "@nestjs/jwt": "10.1.1",
     "@nestjs/mongoose": "10.0.1",
-    "@nestjs/passport": "10.0.0",
-    "@nestjs/platform-express": "10.1.3",
-    "@nestjs/schedule": "3.0.2",
-    "@nestjs/terminus": "10.0.1",
-    "apollo-server-core": "3.11.1",
+    "@nestjs/passport": "10.0.2",
+    "@nestjs/platform-express": "10.2.7",
+    "@nestjs/schedule": "3.0.4",
+    "@nestjs/terminus": "10.1.1",
+    "apollo-server-core": "^3.12.1",
     "apollo-server-express": "3.11.1",
-    "bcrypt": "5.1.0",
+    "bcrypt": "5.1.1",
     "class-transformer": "0.5.1",
     "class-validator": "0.14.0",
     "compression": "1.7.4",
     "cookie-parser": "1.4.6",
     "ejs": "3.1.9",
-    "graphql": "16.7.1",
+    "graphql": "16.8.1",
     "graphql-query-complexity": "0.12.0",
     "graphql-subscriptions": "2.0.0",
     "graphql-upload": "15.0.2",
-    "js-sha256": "0.9.0",
+    "js-sha256": "0.10.1",
     "json-to-graphql-query": "2.2.5",
-    "light-my-request": "5.10.0",
+    "light-my-request": "5.11.0",
     "lodash": "4.17.21",
-    "mongodb": "4.16.0",
-    "mongoose": "6.11.5",
-    "mongoose-gridfs": "1.3.0",
+    "mongodb": "5.9.0",
+    "mongoose": "7.6.3",
     "multer": "1.4.5-lts.1",
-    "multer-gridfs-storage": "5.0.2",
     "node-mailjet": "6.0.4",
-    "nodemailer": "6.9.4",
+    "nodemailer": "6.9.6",
     "nodemon": "3.0.1",
     "passport": "0.6.0",
     "passport-jwt": "4.0.1",
     "reflect-metadata": "0.1.13",
     "rfdc": "1.3.0",
-    "rimraf": "5.0.1",
+    "rimraf": "5.0.5",
     "rxjs": "7.8.1",
     "yuml-diagram": "1.2.0"
   },
   "devDependencies": {
     "@babel/plugin-proposal-private-methods": "7.18.6",
-    "@compodoc/compodoc": "1.1.21",
-    "@lenne.tech/eslint-config-ts": "0.0.9",
-    "@nestjs/cli": "10.1.11",
+    "@compodoc/compodoc": "1.1.22",
+    "@lenne.tech/eslint-config-ts": "0.0.10",
+    "@nestjs/cli": "10.1.18",
     "@nestjs/schematics": "10.0.2",
-    "@nestjs/testing": "10.1.3",
+    "@nestjs/testing": "10.2.7",
     "@swc/cli": "0.1.62",
-    "@swc/core": "1.3.76",
-    "@swc/jest": "0.2.28",
-    "@types/compression": "1.7.2",
-    "@types/cookie-parser": "1.4.3",
+    "@swc/core": "1.3.93",
+    "@swc/jest": "0.2.29",
+    "@types/compression": "1.7.4",
+    "@types/cookie-parser": "1.4.5",
     "@types/cron": "2.0.1",
-    "@types/ejs": "3.1.2",
-    "@types/express": "4.17.17",
-    "@types/jest": "29.5.3",
-    "@types/lodash": "4.14.197",
-    "@types/multer": "1.4.7",
-    "@types/node": "20.4.9",
-    "@types/nodemailer": "6.4.9",
-    "@types/passport": "1.0.12",
-    "@types/supertest": "2.0.12",
-    "@typescript-eslint/eslint-plugin": "6.3.0",
-    "@typescript-eslint/parser": "6.3.0",
+    "@types/ejs": "3.1.4",
+    "@types/express": "4.17.20",
+    "@types/jest": "29.5.6",
+    "@types/lodash": "4.14.200",
+    "@types/multer": "1.4.9",
+    "@types/node": "20.8.7",
+    "@types/nodemailer": "6.4.13",
+    "@types/passport": "1.0.14",
+    "@types/supertest": "2.0.15",
+    "@typescript-eslint/eslint-plugin": "6.8.0",
+    "@typescript-eslint/parser": "6.8.0",
     "coffeescript": "2.7.0",
-    "eslint": "8.46.0",
+    "eslint": "8.51.0",
     "eslint-config-prettier": "9.0.0",
     "eslint-plugin-unused-imports": "3.0.0",
     "find-file-up": "2.0.1",
@@ -140,23 +140,26 @@
     "grunt-contrib-watch": "1.1.0",
     "grunt-sync": "0.8.2",
     "husky": "8.0.3",
-    "jest": "29.6.2",
+    "jest": "29.7.0",
     "npm-watch": "0.11.0",
     "pm2": "5.3.0",
-    "prettier": "3.0.1",
+    "prettier": "3.0.3",
     "pretty-quick": "3.1.3",
     "supertest": "6.3.3",
     "ts-jest": "29.1.1",
-    "ts-loader": "9.4.4",
+    "ts-loader": "9.5.0",
     "ts-morph": "19.0.0",
     "ts-node": "10.9.1",
     "tsconfig-paths": "4.2.0",
-    "typescript": "5.1.6",
+    "typescript": "5.2.2",
     "yalc": "1.0.0-pre.53"
   },
   "overrides": {
     "multer-gridfs-storage": {
       "multer": "$multer"
+    },
+    "@lykmapipo/common": {
+      "flat": "5.0.2"
     }
   },
   "jest": {

package/src/config.env.ts

@@ -18,6 +18,7 @@ const config: { [env: string]: IServerOptions } = {
       sayHello: {
         cronTime: CronExpression.EVERY_10_SECONDS,
         runOnInit: false,
+        disabled: false,
         runParallel: 1,
         timeZone: 'Europe/Berlin',
         throwException: false,
@@ -65,12 +66,20 @@ const config: { [env: string]: IServerOptions } = {
     },
     ignoreSelectionsForPopulate: true,
     jwt: {
+      // Each secret should be unique and not reused in other environments,
+      // also the JWT secret should be different from the Refresh secret!
+      // crypto.randomBytes(512).toString('base64') (see https://nodejs.org/api/crypto.html#crypto)
+      // tslint:disable-next-line:max-line-length
       secret: 'SECRET_OR_PRIVATE_KEY_LOCAL',
       signInOptions: {
         expiresIn: '15m',
       },
       refresh: {
         renewal: true,
+        // Each secret should be unique and not reused in other environments,
+        // also the JWT secret should be different from the Refresh secret!
+        // crypto.randomBytes(512).toString('base64') (see https://nodejs.org/api/crypto.html#crypto)
+        // tslint:disable-next-line:max-line-length
         secret: 'SECRET_OR_PRIVATE_KEY_LOCAL_REFRESH',
         signInOptions: {
           expiresIn: '7d',
@@ -147,12 +156,20 @@ const config: { [env: string]: IServerOptions } = {
     },
     ignoreSelectionsForPopulate: true,
     jwt: {
+      // Each secret should be unique and not reused in other environments,
+      // also the JWT secret should be different from the Refresh secret!
+      // crypto.randomBytes(512).toString('base64') (see https://nodejs.org/api/crypto.html#crypto)
+      // tslint:disable-next-line:max-line-length
       secret: 'SECRET_OR_PRIVATE_KEY_DEV',
       signInOptions: {
         expiresIn: '15m',
       },
       refresh: {
         renewal: true,
+        // Each secret should be unique and not reused in other environments,
+        // also the JWT secret should be different from the Refresh secret!
+        // crypto.randomBytes(512).toString('base64') (see https://nodejs.org/api/crypto.html#crypto)
+        // tslint:disable-next-line:max-line-length
         secret: 'SECRET_OR_PRIVATE_KEY_DEV_REFRESH',
         signInOptions: {
           expiresIn: '7d',
@@ -229,12 +246,20 @@ const config: { [env: string]: IServerOptions } = {
     },
     ignoreSelectionsForPopulate: true,
     jwt: {
+      // Each secret should be unique and not reused in other environments,
+      // also the JWT secret should be different from the Refresh secret!
+      // crypto.randomBytes(512).toString('base64') (see https://nodejs.org/api/crypto.html#crypto)
+      // tslint:disable-next-line:max-line-length
       secret: 'SECRET_OR_PRIVATE_KEY_PROD',
       signInOptions: {
         expiresIn: '15m',
       },
       refresh: {
         renewal: true,
+        // Each secret should be unique and not reused in other environments,
+        // also the JWT secret should be different from the Refresh secret!
+        // crypto.randomBytes(512).toString('base64') (see https://nodejs.org/api/crypto.html#crypto)
+        // tslint:disable-next-line:max-line-length
         secret: 'SECRET_OR_PRIVATE_KEY_PROD_REFRESH',
         signInOptions: {
           expiresIn: '7d',

package/src/core/common/helpers/db.helper.ts

@@ -623,11 +623,17 @@ export async function setPopulates<T = Query<any, any> | Document>(
  * Get ID of element as string
  */
 function getStringId(element: any): string {
+
   // Check element
   if (!element) {
     return element;
   }
 
+  // Buffer handling
+  if (element instanceof Buffer) {
+    return element.toString();
+  }
+
   // String handling
   if (typeof element === 'string') {
     return element;
@@ -640,6 +646,9 @@ function getStringId(element: any): string {
     }
 
     if (element.id) {
+      if (element.id instanceof Buffer && element.toHexString) {
+        return element.toHexString();
+      }
       return getStringId(element.id);
     } else if (element._id) {
       return getStringId(element._id);

package/src/core/common/interfaces/cron-job-config.interface.ts

@@ -18,13 +18,19 @@ export interface CronJobConfig {
    */
   cronTime: CronExpression | string | Date | Falsy;
 
+  /**
+   * Whether the cron job is disabled or not.
+   * This option is set to `false` by default
+   */
+  disabled?: boolean;
+
   /**
    * A function that will fire when the job is complete, when it is stopped.
    */
   onComplete?: CronCommand | null;
 
   /**
-   * This will immediately fire your `onTickfunction` as soon as the requisit initialization has happened.
+   * This will immediately fire the `onTick` function as soon as the requisite initialization has happened.
    * This option is set to `true` by default.
    */
   runOnInit?: boolean;
@@ -58,8 +64,8 @@ export interface CronJobConfig {
   unrefTimeout?: boolean;
 
   /**
-   * This allows you to specify the offset of your timezone rather than using the `timeZoneparam.
-   * Probably don't use both ``timeZone` andutcOffset`` together or weird things may happen.
+   * This allows you to specify the offset of the timezone rather than using the `timeZone` parameter.
+   * Probably don't use both `timeZone` and `utcOffset` together or weird things may happen.
    */
   utcOffset?: string | number;
 }

package/src/core/common/interfaces/server-options.interface.ts

@@ -30,6 +30,8 @@ export interface IJwt {
 
   /**
    * Secret to encrypt the JWT
+   * Each secret should be unique and not reused in other environments,
+   * also the JWT secret should be different from the Refresh secret!
    */
   secret?: string;
 
@@ -288,10 +290,15 @@ export interface IServerOptions {
 
   /**
    * Configuration of JavaScript Web Token (JWT) module
+   *
+   * Hint: The secrets of the different environments should be different, otherwise a JWT can be used in different
+   * environments, which can lead to security vulnerabilities.
    */
   jwt?: {
     /**
      * Configuration for refresh Token (JWT)
+     * Hint: The secret of the JWT and the Refresh Token should be different, otherwise a new RefreshToken can also be
+     * requested with the JWT, which can lead to a security vulnerability.
      */
     refresh?: {
       /**

package/src/core/common/services/core-cron-jobs.service.ts

@@ -62,15 +62,18 @@ export abstract class CoreCronJobs implements OnApplicationBootstrap {
     // Init cron jobs
     for (const [name, CronExpressionOrConfig] of Object.entries(this.cronJobs)) {
       // Check config
-      if (!CronExpressionOrConfig) {
+      if (
+        !CronExpressionOrConfig
+        || (typeof CronExpressionOrConfig === 'object' && (CronExpressionOrConfig as CronJobConfig).disabled)
+      ) {
         continue;
       }
 
       // Prepare config
-      let conf: CronExpression | string | Date | Falsy | CronJobConfig = CronExpressionOrConfig;
-      if (typeof conf === 'string' || conf instanceof Date) {
+      let conf: CronJobConfig = (CronExpressionOrConfig as CronJobConfig);
+      if (typeof CronExpressionOrConfig === 'string' || CronExpressionOrConfig instanceof Date) {
         conf = {
-          cronTime: conf,
+          cronTime: CronExpressionOrConfig as string | Date,
         };
       }
 

package/src/core/common/types/wrapper.type.ts

@@ -0,0 +1,10 @@
+/**
+ * Wrapper type used to circumvent ESM modules circular dependency issue
+ * caused by reflection metadata saving the type of the property.
+ *
+ * It is needed if swc is used and ReferenceError occurs:
+ * @Inject(forwardRef(() => CustomService)) private readonly customService: WrapperType<CustomService>,
+ *
+ * See https://docs.nestjs.com/recipes/swc#common-pitfalls
+ */
+export type WrapperType<T> = T; // WrapperType === Relation

package/src/core/modules/auth/services/core-auth.service.ts

@@ -123,16 +123,23 @@ export class CoreAuthService {
     });
 
     // Get and check user
-    const user = await this.userService.create(input, serviceOptionsForUserService);
-    if (!user) {
-      throw new BadRequestException('Email address already in use');
-    }
+    try {
+      const user = await this.userService.create(input, serviceOptionsForUserService);
+      if (!user) {
+        throw new BadRequestException('Email address already in use');
+      }
 
-    // Set device ID
-    const { deviceId, deviceDescription } = input;
+      // Set device ID
+      const { deviceId, deviceDescription } = input;
 
-    // Return tokens and user
-    return this.getResult(user, { deviceId, deviceDescription });
+      // Return tokens and user
+      return this.getResult(user, { deviceId, deviceDescription });
+    } catch (err) {
+      if (err?.message === 'Unprocessable Entity') {
+        throw new BadRequestException('Email address already in use');
+      }
+      throw err;
+    }
   }
 
   /**

package/src/core/modules/file/core-file.service.ts

@@ -1,7 +1,7 @@
 import { NotFoundException } from '@nestjs/common';
 import { GridFSBucket, GridFSBucketReadStream, GridFSBucketReadStreamOptions } from 'mongodb';
 import { Connection, Types } from 'mongoose';
-import { MongoGridFSOptions, MongooseGridFS, createBucket } from 'mongoose-gridfs';
+import { MongoGridFSOptions, MongooseGridFS, createBucket } from '@lenne.tech/mongoose-gridfs';
 import { FilterArgs } from '../../common/args/filter.args';
 import { getObjectIds, getStringIds } from '../../common/helpers/db.helper';
 import { convertFilterArgsToQuery } from '../../common/helpers/filter.helper';

package/src/core.module.ts

@@ -128,6 +128,12 @@ export class CoreModule implements NestModule {
       options,
     );
 
+    // Check secrets
+    const jwtConfig = config.jwt;
+    if (jwtConfig?.secret && jwtConfig.secret && jwtConfig.refresh && jwtConfig.refresh.secret === jwtConfig.secret) {
+      console.warn('JWT secret and refresh secret are equal, this can lead to security vulnerabilities!');
+    }
+
     // Set providers
     const providers: any[] = [
       // The ConfigService provides access to the current configuration of the module

package/src/index.ts

@@ -80,6 +80,7 @@ export * from './core/common/types/remove-methods.type';
 export * from './core/common/types/require-only-one.type';
 export * from './core/common/types/required-at-least-one.type';
 export * from './core/common/types/string-or-object-id.type';
+export * from './core/common/types/wrapper.type';
 
 // =====================================================================================================================
 // Core - Modules - Auth

package/src/server/modules/file/multer-config.service.ts

@@ -1,6 +1,6 @@
 import { Injectable } from '@nestjs/common';
 import { MulterModuleOptions, MulterOptionsFactory } from '@nestjs/platform-express';
-import { GridFsStorage } from 'multer-gridfs-storage';
+import { GridFsStorage } from '@lenne.tech/multer-gridfs-storage';
 import envConfig from '../../../config.env';
 
 @Injectable()