npm - @lenne.tech/nest-server - Versions diffs - 11.13.0 → 11.13.2 - Mend

@lenne.tech/nest-server 11.13.0 → 11.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "11.13.0",
+  "version": "11.13.2",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -41,9 +41,7 @@
     "reinit:force": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i --force && npm run test:e2e",
     "reinit:legacy": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i --legacy-peer-deps && npm run test:e2e",
     "start": "npm run start:local",
-    "stop": "./node_modules/.bin/pm2 delete nest",
-    "start:pm2": "./node_modules/.bin/grunt",
-    "start:prod": "./node_modules/.bin/grunt production",
+    "start:prod": "NODE_ENV=production node dist/main.js",
     "start:nodemon": "ts-node -r tsconfig-paths/register src/main.ts",
     "start:debug": "nodemon --config nodemon-debug.json",
     "start:dev": "nodemon",
@@ -78,7 +76,7 @@
     "node": ">= 20"
   },
   "dependencies": {
-    "@apollo/server": "5.3.0",
+    "@apollo/server": "5.4.0",
     "@as-integrations/express5": "1.1.2",
     "@better-auth/passkey": "1.4.17",
     "@getbrevo/brevo": "3.0.1",
@@ -152,16 +150,10 @@
     "eslint-config-prettier": "10.1.8",
     "eslint-plugin-unused-imports": "4.3.0",
     "find-file-up": "2.0.1",
-    "grunt": "1.6.1",
-    "grunt-bg-shell": "2.3.3",
-    "grunt-contrib-clean": "2.0.1",
-    "grunt-contrib-watch": "1.1.0",
-    "grunt-sync": "0.8.2",
     "husky": "9.1.7",
     "nodemon": "3.1.11",
     "npm-watch": "0.13.0",
     "otpauth": "9.4.1",
-    "pm2": "6.0.14",
     "prettier": "3.8.1",
     "pretty-quick": "4.2.2",
     "rimraf": "6.1.2",

package/src/config.env.ts CHANGED Viewed

@@ -265,11 +265,20 @@ const config: { [env: string]: IServerOptions } = {
     automaticObjectIdFiltering: true,
     baseUrl: process.env.BASE_URL,
     betterAuth: {
-      rateLimit: { enabled: process.env.RATE_LIMIT_ENABLED !== 'false', max: parseInt(process.env.RATE_LIMIT_MAX || '10', 10) },
+      rateLimit: {
+        enabled: process.env.RATE_LIMIT_ENABLED !== 'false',
+        max: parseInt(process.env.RATE_LIMIT_MAX || '10', 10),
+      },
       secret: process.env.BETTER_AUTH_SECRET,
       socialProviders: {
-        github: { clientId: process.env.SOCIAL_GITHUB_CLIENT_ID || '', clientSecret: process.env.SOCIAL_GITHUB_CLIENT_SECRET || '' },
-        google: { clientId: process.env.SOCIAL_GOOGLE_CLIENT_ID || '', clientSecret: process.env.SOCIAL_GOOGLE_CLIENT_SECRET || '' },
+        github: {
+          clientId: process.env.SOCIAL_GITHUB_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GITHUB_CLIENT_SECRET || '',
+        },
+        google: {
+          clientId: process.env.SOCIAL_GOOGLE_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GOOGLE_CLIENT_SECRET || '',
+        },
       },
       twoFactor: { appName: process.env.TWO_FACTOR_APP_NAME || 'Nest Server' },
     },

package/src/core/common/interfaces/server-options.interface.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { ApolloDriverConfig } from '@nestjs/apollo';
+import { Type } from '@nestjs/common';
 import { GqlModuleAsyncOptions } from '@nestjs/graphql';
 import { JwtModuleOptions } from '@nestjs/jwt';
 import { JwtSignOptions } from '@nestjs/jwt/dist/interfaces';
@@ -1660,6 +1661,25 @@ interface IBetterAuthBase {
    */
   baseUrl?: string;
+  /**
+   * Custom controller class to use instead of the default CoreBetterAuthController.
+   * The class should extend CoreBetterAuthController.
+   *
+   * This allows projects to customize REST endpoints via config instead of creating
+   * a separate module. Use this with CoreModule.forRoot(envConfig) (IAM-only mode).
+   *
+   * @example
+   * ```typescript
+   * // config.env.ts
+   * betterAuth: {
+   *   controller: IamController,
+   * }
+   * ```
+   *
+   * @since 11.14.0
+   */
+  controller?: Type<any>;
   /**
    * Email/password authentication configuration.
    * Enabled by default.
@@ -1795,6 +1815,25 @@ interface IBetterAuthBase {
    */
   rateLimit?: IBetterAuthRateLimit;
+  /**
+   * Custom resolver class to use instead of the default DefaultBetterAuthResolver.
+   * The class should extend CoreBetterAuthResolver.
+   *
+   * This allows projects to customize GraphQL operations via config instead of creating
+   * a separate module. Use this with CoreModule.forRoot(envConfig) (IAM-only mode).
+   *
+   * @example
+   * ```typescript
+   * // config.env.ts
+   * betterAuth: {
+   *   resolver: IamResolver,
+   * }
+   * ```
+   *
+   * @since 11.14.0
+   */
+  resolver?: Type<any>;
   /**
    * Secret for better-auth session cookie signing.
    *

package/src/core/modules/auth/core-auth.module.ts CHANGED Viewed

@@ -46,14 +46,20 @@ export class CoreAuthModule {
     // Process providers
     // Only register RolesGuard if not already registered (prevents duplicate with CoreBetterAuthModule)
+    // Note: We register RolesGuard as a regular provider first, then use useExisting
+    // to reference it as APP_GUARD. This ensures proper DI resolution even when
+    // RolesGuard extends a mixin (AuthGuard), which can interfere with useClass DI.
     const rolesGuardProvider = RolesGuardRegistry.isRegistered()
       ? []
       : (() => {
           RolesGuardRegistry.markRegistered('CoreAuthModule');
-          return [{ provide: APP_GUARD, useClass: RolesGuard }];
+          return [
+            RolesGuard, // Register as regular provider first
+            { provide: APP_GUARD, useExisting: RolesGuard }, // Reference the registered provider
+          ];
         })();
-    let providers = [
+    let providers: any[] = [
       // [Global] The GraphQLAuthGuard integrates the user into context
       ...rolesGuardProvider,
       {
@@ -81,7 +87,7 @@ export class CoreAuthModule {
       LegacyAuthRateLimitGuard,
     ];
     if (Array.isArray(options?.providers)) {
-      providers = imports.concat(options.providers);
+      providers = providers.concat(options.providers);
     }
     // Return CoreAuthModule

package/src/core/modules/auth/guards/roles.guard.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { ExecutionContext, ForbiddenException, Injectable, Logger, Optional, UnauthorizedException } from '@nestjs/common';
+import { ExecutionContext, ForbiddenException, Inject, Injectable, Logger, Optional, UnauthorizedException } from '@nestjs/common';
 import { ModuleRef, Reflector } from '@nestjs/core';
 import { GqlExecutionContext } from '@nestjs/graphql';
 import { firstValueFrom, isObservable } from 'rxjs';
@@ -39,17 +39,52 @@ export class RolesGuard extends AuthGuard(AuthGuardStrategy.JWT) {
   private betterAuthService: CoreBetterAuthService | null = null;
   private tokenService: BetterAuthTokenService | null = null;
   private servicesResolved = false;
+  private resolvedReflector: null | Reflector = null;
   /**
    * Integrate reflector and moduleRef for lazy service resolution
+   *
+   * Note: Due to mixin inheritance from AuthGuard, NestJS DI may not inject dependencies correctly
+   * because the mixin generates its own design:paramtypes metadata that can override
+   * the child class's parameter metadata. Using explicit @Inject() decorators ensures
+   * NestJS uses token-based injection rather than positional metadata lookup.
+   *
+   * The ensureReflector() method provides an additional fallback by lazily resolving
+   * Reflector from moduleRef if initial injection fails.
    */
   constructor(
-    protected readonly reflector: Reflector,
-    @Optional() private readonly moduleRef?: ModuleRef,
+    @Inject(Reflector) protected readonly reflector: Reflector,
+    @Optional() @Inject(ModuleRef) private readonly moduleRef?: ModuleRef,
   ) {
     super();
   }
+  /**
+   * Ensure Reflector is available.
+   * Due to mixin inheritance from AuthGuard, NestJS DI may not inject Reflector correctly.
+   * This fallback resolves Reflector from moduleRef if not injected.
+   */
+  private ensureReflector(): Reflector {
+    if (this.reflector) {
+      return this.reflector;
+    }
+    if (this.resolvedReflector) {
+      return this.resolvedReflector;
+    }
+    if (this.moduleRef) {
+      try {
+        this.resolvedReflector = this.moduleRef.get(Reflector, { strict: false });
+        return this.resolvedReflector;
+      } catch {
+        this.logger.error('Failed to resolve Reflector from moduleRef');
+      }
+    }
+    throw new Error('Reflector not available - RolesGuard cannot function without it');
+  }
   /**
    * Lazily resolve BetterAuth services
    */
@@ -87,7 +122,7 @@ export class RolesGuard extends AuthGuard(AuthGuardStrategy.JWT) {
    */
   override async canActivate(context: ExecutionContext): Promise<boolean> {
     // Get roles FIRST to check if authentication is even needed
-    const reflectorRoles = this.reflector.getAll<string[][]>('roles', [context.getHandler(), context.getClass()]);
+    const reflectorRoles = this.ensureReflector().getAll<string[][]>('roles', [context.getHandler(), context.getClass()]);
     const roles: string[] = reflectorRoles[0]
       ? reflectorRoles[1]
         ? [...reflectorRoles[0], ...reflectorRoles[1]]
@@ -244,7 +279,7 @@ export class RolesGuard extends AuthGuard(AuthGuardStrategy.JWT) {
    */
   override handleRequest(err: Error | null, user: any, info: any, context: ExecutionContext) {
     // Get roles
-    const reflectorRoles = this.reflector.getAll<string[][]>('roles', [context.getHandler(), context.getClass()]);
+    const reflectorRoles = this.ensureReflector().getAll<string[][]>('roles', [context.getHandler(), context.getClass()]);
     const roles: string[] = reflectorRoles[0]
       ? reflectorRoles[1]
         ? [...reflectorRoles[0], ...reflectorRoles[1]]
@@ -292,6 +327,9 @@ export class RolesGuard extends AuthGuard(AuthGuardStrategy.JWT) {
    */
   getRequest(context: ExecutionContext) {
     const ctx = GqlExecutionContext.create(context);
-    return ctx.getContext() ? ctx.getContext().req : context.switchToHttp().getRequest();
+    // For GraphQL: ctx.getContext() is the GQL context with `.req` property
+    // For REST/HTTP: ctx.getContext() returns the `next` function (truthy but without `.req`)
+    // Using `?.req ||` ensures we fall back to the HTTP request for REST controllers
+    return ctx.getContext()?.req || context.switchToHttp().getRequest();
   }
 }