npm - @lenne.tech/nest-server - Versions diffs - 10.5.0 → 10.7.0 - Mend

@lenne.tech/nest-server 10.5.0 → 10.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "10.5.0",
+  "version": "10.7.0",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -66,14 +66,14 @@
     "@getbrevo/brevo": "1.0.1",
     "@lenne.tech/mongoose-gridfs": "1.4.2",
     "@lenne.tech/multer-gridfs-storage": "5.0.6",
-    "@nestjs/apollo": "12.2.1",
-    "@nestjs/common": "10.4.6",
-    "@nestjs/core": "10.4.6",
-    "@nestjs/graphql": "12.2.1",
+    "@nestjs/apollo": "12.2.2",
+    "@nestjs/common": "10.4.13",
+    "@nestjs/core": "10.4.13",
+    "@nestjs/graphql": "12.2.2",
     "@nestjs/jwt": "10.2.0",
     "@nestjs/mongoose": "10.1.0",
     "@nestjs/passport": "10.0.3",
-    "@nestjs/platform-express": "10.4.6",
+    "@nestjs/platform-express": "10.4.13",
     "@nestjs/schedule": "4.1.1",
     "@nestjs/terminus": "10.2.3",
     "apollo-server-core": "3.13.0",
@@ -81,22 +81,22 @@
     "bcrypt": "5.1.1",
     "class-transformer": "0.5.1",
     "class-validator": "0.14.1",
-    "compression": "1.7.4",
+    "compression": "1.7.5",
     "cookie-parser": "1.4.7",
     "ejs": "3.1.10",
     "graphql": "16.9.0",
     "graphql-query-complexity": "1.0.0",
-    "graphql-subscriptions": "2.0.0",
+    "graphql-subscriptions": "3.0.0",
     "graphql-upload": "15.0.2",
     "js-sha256": "0.11.0",
     "json-to-graphql-query": "2.3.0",
-    "light-my-request": "6.2.0",
+    "light-my-request": "6.3.0",
     "lodash": "4.17.21",
-    "mongodb": "6.10.0",
-    "mongoose": "7.8.2",
+    "mongodb": "6.11.0",
+    "mongoose": "7.8.3",
     "multer": "1.4.5-lts.1",
     "node-mailjet": "6.0.6",
-    "nodemailer": "6.9.15",
+    "nodemailer": "6.9.16",
     "nodemon": "3.1.7",
     "passport": "0.7.0",
     "passport-jwt": "4.0.1",
@@ -110,22 +110,22 @@
     "@babel/plugin-proposal-private-methods": "7.18.6",
     "@compodoc/compodoc": "1.1.26",
     "@lenne.tech/eslint-config-ts": "0.0.16",
-    "@nestjs/cli": "10.4.5",
-    "@nestjs/schematics": "10.2.2",
-    "@nestjs/testing": "10.4.6",
-    "@swc/cli": "0.4.0",
-    "@swc/core": "1.7.39",
-    "@swc/jest": "0.2.36",
+    "@nestjs/cli": "10.4.8",
+    "@nestjs/schematics": "10.2.3",
+    "@nestjs/testing": "10.4.13",
+    "@swc/cli": "0.5.2",
+    "@swc/core": "1.10.0",
+    "@swc/jest": "0.2.37",
     "@types/compression": "1.7.5",
-    "@types/cookie-parser": "1.4.7",
+    "@types/cookie-parser": "1.4.8",
     "@types/ejs": "3.1.5",
     "@types/express": "4.17.21",
     "@types/jest": "29.5.14",
-    "@types/lodash": "4.17.12",
+    "@types/lodash": "4.17.13",
     "@types/multer": "1.4.12",
-    "@types/node": "20.17.0",
-    "@types/nodemailer": "6.4.16",
-    "@types/passport": "1.0.16",
+    "@types/node": "22.10.1",
+    "@types/nodemailer": "6.4.17",
+    "@types/passport": "1.0.17",
     "@types/supertest": "6.0.2",
     "@typescript-eslint/eslint-plugin": "6.21.0",
     "@typescript-eslint/parser": "6.21.0",
@@ -139,19 +139,19 @@
     "grunt-contrib-clean": "2.0.1",
     "grunt-contrib-watch": "1.1.0",
     "grunt-sync": "0.8.2",
-    "husky": "9.1.6",
+    "husky": "9.1.7",
     "jest": "29.7.0",
     "npm-watch": "0.13.0",
-    "pm2": "5.4.2",
-    "prettier": "3.3.3",
+    "pm2": "5.4.3",
+    "prettier": "3.4.2",
     "pretty-quick": "4.0.0",
     "supertest": "7.0.0",
     "ts-jest": "29.2.5",
     "ts-loader": "9.5.1",
-    "ts-morph": "21.0.1",
+    "ts-morph": "24.0.0",
     "ts-node": "10.9.2",
     "tsconfig-paths": "4.2.0",
-    "typescript": "5.3.3",
+    "typescript": "5.7.2",
     "yalc": "1.0.0-pre.53"
   },
   "overrides": {

package/src/core/common/decorators/restricted.decorator.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import 'reflect-metadata';
 import { ProcessType } from '../enums/process-type.enum';
 import { RoleEnum } from '../enums/role.enum';
-import { getIncludedIds } from '../helpers/db.helper';
+import { equalIds, getIncludedIds } from '../helpers/db.helper';
 import { RequireAtLeastOne } from '../types/required-at-least-one.type';
 import _ = require('lodash');
@@ -22,6 +22,7 @@ export type RestrictedType = (
       'memberOf' | 'roles'
     >
   | string
+  | string[]
 )[];
 /**
@@ -63,11 +64,15 @@ export const checkRestricted = (
   data: any,
   user: { hasRole: (roles: string[]) => boolean; id: any },
   options: {
+    allowCreatorOfParent?: boolean;
     checkObjectItself?: boolean;
     dbObject?: any;
     debug?: boolean;
+    ignoreFunctions?: boolean;
     ignoreUndefined?: boolean;
+    isCreatorOfParent?: boolean;
     mergeRoles?: boolean;
+    noteCheckedObjects?: boolean;
     processType?: ProcessType;
     removeUndefinedFromResultArray?: boolean;
     throwError?: boolean;
@@ -78,16 +83,20 @@ export const checkRestricted = (
   // For Input: throwError = true
   // For Output: throwError = false
   const config = {
+    allowCreatorOfParent: true,
     checkObjectItself: false,
+    ignoreFunctions: true,
     ignoreUndefined: true,
+    isCreatorOfParent: false,
     mergeRoles: true,
+    noteCheckedObjects: true,
     removeUndefinedFromResultArray: true,
     throwError: true,
     ...options,
   };
   // Primitives
-  if (!data || typeof data !== 'object') {
+  if (!data || typeof data !== 'object' || (config.noteCheckedObjects && data._objectAlreadyCheckedForRestrictions)) {
     return data;
   }
@@ -109,6 +118,10 @@ export const checkRestricted = (
   // Check function
   const validateRestricted = (restricted) => {
+    if (config.noteCheckedObjects && data?._objectAlreadyCheckedForRestrictions) {
+      return true;
+    }
     // Check restrictions
     if (!restricted?.length) {
       return true;
@@ -116,7 +129,7 @@ export const checkRestricted = (
     let valid = false;
-    // Get roles
+    // Get roles restricted element
     const roles: string[] = [];
     restricted.forEach((item) => {
       if (typeof item === 'string') {
@@ -130,6 +143,8 @@ export const checkRestricted = (
         } else {
           roles.push(item.roles);
         }
+      } else if (Array.isArray(item)) {
+        roles.push(...item);
       }
     });
@@ -145,8 +160,10 @@ export const checkRestricted = (
         roles.includes(RoleEnum.S_EVERYONE)
         || user?.hasRole?.(roles)
         || (user?.id && roles.includes(RoleEnum.S_USER))
-        || (roles.includes(RoleEnum.S_SELF) && getIncludedIds(config.dbObject, user))
-        || (roles.includes(RoleEnum.S_CREATOR) && getIncludedIds(config.dbObject?.createdBy, user))
+        || (roles.includes(RoleEnum.S_SELF) && equalIds(data, user))
+        || (roles.includes(RoleEnum.S_CREATOR)
+          && (('createdBy' in data && equalIds(data.createdBy, user))
+            || (config.allowCreatorOfParent && !('createdBy' in data) && config.isCreatorOfParent)))
       ) {
         valid = true;
       }
@@ -200,7 +217,7 @@ export const checkRestricted = (
     return valid;
   };
-  // Check object
+  // Check data object
   const objectRestrictions = getRestricted(data.constructor) || [];
   if (config.checkObjectItself) {
     const objectIsValid = validateRestricted(objectRestrictions);
@@ -218,6 +235,11 @@ export const checkRestricted = (
   // Check properties of object
   for (const propertyKey of Object.keys(data)) {
+    // Ignore functions
+    if (typeof data[propertyKey] === 'function' && config.ignoreFunctions) {
+      continue;
+    }
     // Check undefined
     if (data[propertyKey] === undefined && config.ignoreUndefined) {
       continue;
@@ -230,6 +252,10 @@ export const checkRestricted = (
     // Check rights
     if (valid) {
+      // Check if data is user or user is creator of data (for nested plain objects)
+      config.isCreatorOfParent
+        = equalIds(data, user) || ('createdBy' in data ? equalIds(data.createdBy, user) : config.isCreatorOfParent);
       // Check deep
       data[propertyKey] = checkRestricted(data[propertyKey], user, config, processedObjects);
     } else {

package/src/core/common/helpers/db.helper.ts CHANGED Viewed

@@ -670,5 +670,9 @@ function getStringId(element: any): string {
   }
   // Other types
-  return element.toString();
+  if (typeof element.toString === 'function') {
+    return element.toString();
+  }
+  return undefined;
 }

package/src/core/common/helpers/input.helper.ts CHANGED Viewed

@@ -212,7 +212,9 @@ export async function check(
   value: any,
   user: { hasRole: (roles: string[]) => boolean; id: any },
   options?: {
+    allowCreatorOfParent?: boolean;
     dbObject?: any;
+    isCreatorOfParent?: boolean;
     metatype?: any;
     processType?: ProcessType;
     roles?: string | string[];
@@ -221,6 +223,8 @@ export async function check(
   },
 ): Promise<any> {
   const config = {
+    allowCreatorOfParent: true,
+    isCreatorOfParent: false,
     throwError: true,
     ...options,
     validatorOptions: {
@@ -254,7 +258,12 @@ export async function check(
       // check if the user is herself / himself
       || (roles.includes(RoleEnum.S_SELF) && equalIds(config.dbObject, user))
       // check if the user is the creator
-      || (roles.includes(RoleEnum.S_CREATOR) && equalIds(config.dbObject?.createdBy, user))
+      || (roles.includes(RoleEnum.S_CREATOR)
+        && ((config.dbObject && 'createdBy' in config.dbObject && equalIds(config.dbObject.createdBy, user))
+          || (config.allowCreatorOfParent
+            && config.dbObject
+            && !('createdBy' in config.dbObject)
+            && config.isCreatorOfParent)))
     ) {
       valid = true;
     }
@@ -263,6 +272,9 @@ export async function check(
     }
   }
+  // Object check is done
+  delete config.roles;
   // Return value if it is only a basic type
   if (!value || typeof value !== 'object') {
     return value;
@@ -278,12 +290,12 @@ export async function check(
   const metatype = config.metatype;
   if (metatype) {
-    // Check metatype
+    // If metatype is a basic type, additional checks are not possible
     if (isBasicType(metatype)) {
       return value;
     }
-    // Convert to metatype
+    // Convert to metatype, validate rights
     if (!(value instanceof metatype)) {
       if ((metatype as any)?.map) {
         value = (metatype as any)?.map(value);
@@ -293,7 +305,7 @@ export async function check(
     }
   }
-  // Validate
+  // Validate values (like isEmail, isNumber, etc.)
   const errors = await validate(value, config.validatorOptions);
   if (errors.length > 0 && config.throwError) {
     throw new BadRequestException('Validation failed');

package/src/core/common/interceptors/check-response.interceptor.ts CHANGED Viewed

@@ -16,6 +16,7 @@ export class CheckResponseInterceptor implements NestInterceptor {
     debug: false,
     ignoreUndefined: true,
     mergeRoles: true,
+    noteCheckedObjects: true,
     removeUndefinedFromResultArray: true,
     throwError: false,
   };
@@ -38,7 +39,18 @@ export class CheckResponseInterceptor implements NestInterceptor {
     return next.handle().pipe(
       map((data) => {
         // Prepare response data for current user
-        return checkRestricted(data, currentUser, this.config);
+        const start = Date.now();
+        const result = checkRestricted(data, currentUser, this.config);
+        if (
+          this.config.debug
+          && Date.now() - start >= (typeof this.config.debug === 'number' ? this.config.debug : 100)
+        ) {
+          console.warn(
+            `Duration for CheckResponseInterceptor is too long: ${Date.now() - start}ms`,
+            Array.isArray(data) ? `${data[0].constructor.name}[]: ${data.length}` : data?.constructor?.name,
+          );
+        }
+        return result;
       }),
     );
   }

package/src/core/common/interceptors/check-security.interceptor.ts CHANGED Viewed

@@ -5,13 +5,29 @@ import { map } from 'rxjs/operators';
 import { getContextData } from '../helpers/context.helper';
 import { getStringIds } from '../helpers/db.helper';
 import { processDeep } from '../helpers/input.helper';
+import { ConfigService } from '../services/config.service';
 /**
  * Verification of all outgoing data via securityCheck
  */
 @Injectable()
 export class CheckSecurityInterceptor implements NestInterceptor {
+  config = {
+    debug: false,
+    noteCheckedObjects: true,
+  };
+  constructor(private readonly configService: ConfigService) {
+    const configuration = this.configService.getFastButReadOnly('security.checkSecurityInterceptor');
+    if (typeof configuration === 'object') {
+      this.config = { ...this.config, ...configuration };
+    }
+  }
   intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
+    // Start time
+    const start = Date.now();
     // Get current user
     const user = getContextData(context)?.currentUser || null;
@@ -25,7 +41,17 @@ export class CheckSecurityInterceptor implements NestInterceptor {
       }
     }
-    const check = (data) => {
+    // Data from next for check
+    let objectData: any;
+    const check = (data: any) => {
+      objectData = data;
+      // Check if data already checked
+      if (this.config.noteCheckedObjects && data?._objectAlreadyCheckedForRestrictions) {
+        return data;
+      }
       // Check data
       if (data && typeof data === 'object' && typeof data.securityCheck === 'function') {
         const dataJson = JSON.stringify(data);
@@ -73,6 +99,15 @@ export class CheckSecurityInterceptor implements NestInterceptor {
     };
     // Check response
-    return next.handle().pipe(map(check));
+    const result = next.handle().pipe(map(check));
+    if (this.config.debug && Date.now() - start >= (typeof this.config.debug === 'number' ? this.config.debug : 100)) {
+      console.warn(
+        `Duration for CheckResponseInterceptor is too long: ${Date.now() - start}ms`,
+        Array.isArray(objectData)
+          ? `${objectData[0].constructor.name}[]: ${objectData.length}`
+          : objectData?.constructor?.name,
+      );
+    }
+    return result;
   }
 }

package/src/core/common/interfaces/server-options.interface.ts CHANGED Viewed

@@ -421,10 +421,11 @@ export interface IServerOptions {
           checkObjectItself?: boolean;
           /**
-           * Whether to log if a restricted field is found
+           * Whether to log if a restricted field is found or process is slow
+           * boolean or number (time in ms)
            * default = false
            */
-          debug?: boolean;
+          debug?: boolean | number;
           /**
            * Whether to ignore fields with undefined values
@@ -438,6 +439,13 @@ export interface IServerOptions {
            */
           mergeRoles?: boolean;
+          /**
+           * Whether objects that have already been checked should be ignored
+           * Objects with truly property `_objectAlreadyCheckedForRestrictions` will be ignored
+           * default = true
+           */
+          noteCheckedObjects?: boolean;
           /**
            * Remove undefined values from result array
            * default = true
@@ -457,7 +465,22 @@ export interface IServerOptions {
      * See @lenne.tech/nest-server/src/core/common/interceptors/check-security.interceptor.ts
      * default = true
      */
-    checkSecurityInterceptor?: boolean;
+    checkSecurityInterceptor?:
+      | {
+          /**
+           * Whether to log if a process is slow
+           * boolean or number (time in ms)
+           * default = false
+           */
+          debug?: boolean | number;
+          /**
+           * Whether objects with truly property `_objectAlreadyCheckedForRestrictions` will be ignored
+           * default = true
+           */
+          noteCheckedObjects?: boolean;
+        }
+      | boolean;
     /**
      * Map incoming plain objects to meta-type and validate

package/src/core/common/models/core-persistence.model.ts CHANGED Viewed

@@ -57,28 +57,6 @@ export abstract class CorePersistenceModel extends CoreModel {
   @Prop({ onCreate: () => new Date() })
   createdAt: Date = undefined;
-  /**
-   * Labels of the object
-   */
-  @Restricted(RoleEnum.S_EVERYONE)
-  @Field(type => [String], {
-    description: 'Labels of the object',
-    nullable: true,
-  })
-  @Prop([String])
-  labels: string[] = undefined;
-  /**
-   * Tags for the object
-   */
-  @Restricted(RoleEnum.S_EVERYONE)
-  @Field(type => [String], {
-    description: 'Tags for the object',
-    nullable: true,
-  })
-  @Prop([String])
-  tags: string[] = undefined;
   /**
    * Updated date is set automatically by mongoose
    */
@@ -97,9 +75,7 @@ export abstract class CorePersistenceModel extends CoreModel {
   override init() {
     super.init();
     this.createdAt = this.createdAt === undefined ? new Date() : this.createdAt;
-    this.labels = this.labels === undefined ? [] : this.labels;
-    this.tags = this.tags === undefined ? [] : this.tags;
-    this.updatedAt = this.tags === undefined ? this.createdAt : this.updatedAt;
+    this.updatedAt = this.updatedAt === undefined ? this.createdAt : this.updatedAt;
     return this;
   }

package/src/core/modules/user/core-user.model.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Field, ObjectType } from '@nestjs/graphql';
 import { Schema as MongooseSchema, Prop, raw } from '@nestjs/mongoose';
-import { IsEmail, IsOptional } from 'class-validator';
+import { IsOptional } from 'class-validator';
 import { Document } from 'mongoose';
 import { Restricted } from '../../common/decorators/restricted.decorator';
@@ -26,8 +26,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
    */
   @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Email of the user', nullable: true })
-  @IsEmail()
-  @Prop({ lowercase: true, trim: true, unique: true })
+  @Prop({ index: true, lowercase: true, trim: true })
   email: string = undefined;
   /**

package/src/server/modules/user/user.model.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Field, ObjectType } from '@nestjs/graphql';
 import { Schema as MongooseSchema, Prop, SchemaFactory } from '@nestjs/mongoose';
-import { IsOptional } from 'class-validator';
+import { IsEmail, IsOptional } from 'class-validator';
 import { Document, Schema } from 'mongoose';
 import { Restricted } from '../../../core/common/decorators/restricted.decorator';
@@ -42,6 +42,15 @@ export class User extends CoreUserModel implements PersistenceModel {
   @Prop({ ref: 'User', type: Schema.Types.ObjectId })
   createdBy: string = undefined;
+  /**
+   * E-Mail address of the user
+   */
+  @Restricted(RoleEnum.S_EVERYONE)
+  @Field({ description: 'Email of the user', nullable: true })
+  @IsEmail()
+  @Prop({ lowercase: true, trim: true, unique: true })
+  override email: string = undefined;
   /**
    * Roles of the user
    */
@@ -105,8 +114,6 @@ export class User extends CoreUserModel implements PersistenceModel {
       // PersistenceModel and CorePersistenceModel
       this.createdAt = null;
       this.createdBy = null;
-      this.labels = null;
-      this.tags = null;
       this.updatedAt = null;
       this.updatedBy = null;
     }

package/src/server/modules/user/user.resolver.ts CHANGED Viewed

@@ -169,6 +169,6 @@ export class UserResolver {
     resolve: user => user,
   })
   async userCreated() {
-    return this.pubSub.asyncIterator('userCreated');
+    return this.pubSub.asyncIterableIterator('userCreated');
   }
 }