@lenne.tech/nest-server 11.13.5 → 11.14.0

package/src/core/common/services/config.service.ts

@@ -38,14 +38,14 @@ export class ConfigService {
   /**
    * BehaviorSubject for config
    */
-  protected static _configSubject$: BehaviorSubject<Partial<IServerOptions> & { [key: string]: any }>
-    = new BehaviorSubject(undefined);
+  protected static _configSubject$: BehaviorSubject<Partial<IServerOptions> & { [key: string]: any }> =
+    new BehaviorSubject(undefined);
 
   /**
    * BehaviorSubject for frozen config
    */
-  protected static _frozenConfigSubject$: BehaviorSubject<Partial<IServerOptions> & { [key: string]: any }>
-    = new BehaviorSubject(undefined);
+  protected static _frozenConfigSubject$: BehaviorSubject<Partial<IServerOptions> & { [key: string]: any }> =
+    new BehaviorSubject(undefined);
 
   /**
    * Singleton instance of ConfigService
@@ -82,8 +82,14 @@ export class ConfigService {
     // Set config before setting instance
     if (typeof configObject === 'object') {
       isInitialized
-        ? ConfigService.mergeConfig(configObject, { ...config, ...{ init: false } })
-        : ConfigService.setConfig(configObject, { ...config, ...{ init: false } });
+        ? ConfigService.mergeConfig(configObject, {
+            ...config,
+            init: false,
+          })
+        : ConfigService.setConfig(configObject, {
+            ...config,
+            init: false,
+          });
     }
 
     // Set instance if not yet initialized
@@ -181,8 +187,8 @@ export class ConfigService {
    */
   static get observable() {
     return ConfigService._configSubject$.asObservable().pipe(
-      filter(config => !config),
-      map(config => clone(config, { circles: false })),
+      filter((config) => !config),
+      map((config) => clone(config, { circles: false })),
     );
   }
 
@@ -197,7 +203,7 @@ export class ConfigService {
    * Get observable for faster but read-only deep-frozen configuration
    */
   static get observableFastButReadOnly() {
-    return ConfigService._frozenConfigSubject$.asObservable().pipe(filter(config => !config));
+    return ConfigService._frozenConfigSubject$.asObservable().pipe(filter((config) => !config));
   }
 
   /**
@@ -343,8 +349,8 @@ export class ConfigService {
     // Check for unintentional overwriting
     if (!firstInitialization && !config.reInit) {
       throw new Error(
-        'Unintentional overwriting of the configuration. '
-          + 'If overwriting is desired, please set `reInit` in setConfig of ConfigService to `true`.',
+        'Unintentional overwriting of the configuration. ' +
+          'If overwriting is desired, please set `reInit` in setConfig of ConfigService to `true`.',
       );
     }
 

package/src/core/common/services/core-cron-jobs.service.ts

@@ -68,8 +68,8 @@ export abstract class CoreCronJobs implements OnApplicationBootstrap {
     for (const [name, CronExpressionOrConfig] of Object.entries(this.cronJobs)) {
       // Check config
       if (
-        !CronExpressionOrConfig
-        || (typeof CronExpressionOrConfig === 'object' && (CronExpressionOrConfig as CronJobConfigWithTimeZone).disabled)
+        !CronExpressionOrConfig ||
+        (typeof CronExpressionOrConfig === 'object' && (CronExpressionOrConfig as CronJobConfigWithTimeZone).disabled)
       ) {
         continue;
       }
@@ -116,8 +116,8 @@ export abstract class CoreCronJobs implements OnApplicationBootstrap {
 
           // Check if parallel execution is allowed and if so how many can run in parallel
           if (
-            dates?.length
-            && (!config.runParallel || (typeof config.runParallel === 'number' && dates.length >= config.runParallel))
+            dates?.length &&
+            (!config.runParallel || (typeof config.runParallel === 'number' && dates.length >= config.runParallel))
           ) {
             return;
           }
@@ -134,7 +134,7 @@ export abstract class CoreCronJobs implements OnApplicationBootstrap {
             await this[name]();
           } catch (e) {
             // Remove job from running list
-            this.runningJobs[name] = this.runningJobs[name].filter(item => item !== date);
+            this.runningJobs[name] = this.runningJobs[name].filter((item) => item !== date);
             if (config.throwException) {
               throw e;
             } else {
@@ -143,7 +143,7 @@ export abstract class CoreCronJobs implements OnApplicationBootstrap {
           }
 
           // Remove job from running list
-          this.runningJobs[name] = this.runningJobs[name].filter(item => item !== date);
+          this.runningJobs[name] = this.runningJobs[name].filter((item) => item !== date);
         },
         null,
         true,

package/src/core/common/services/crud.service.ts

@@ -313,7 +313,7 @@ export abstract class CrudService<
   async findAndCountForce(
     filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; samples?: number },
     serviceOptions: ServiceOptions = {},
-  ): Promise<{ items: Model[]; pagination: PaginationInfo; totalCount: number; }> {
+  ): Promise<{ items: Model[]; pagination: PaginationInfo; totalCount: number }> {
     serviceOptions.raw = true;
     return this.findAndCount(filter, serviceOptions);
   }
@@ -325,7 +325,7 @@ export abstract class CrudService<
   async findAndCountRaw(
     filter?: FilterArgs | { filterQuery?: QueryFilter<any>; queryOptions?: QueryOptions; samples?: number },
     serviceOptions: ServiceOptions = {},
-  ): Promise<{ items: Model[]; pagination: PaginationInfo; totalCount: number; }> {
+  ): Promise<{ items: Model[]; pagination: PaginationInfo; totalCount: number }> {
     serviceOptions = serviceOptions || {};
     serviceOptions.raw = true;
     return this.findAndCountForce(filter, serviceOptions);
@@ -345,16 +345,7 @@ export abstract class CrudService<
     }
     const promises: Promise<Model>[] = [];
     for (const dbItem of dbItems) {
-      promises.push(
-        new Promise(async (resolve, reject) => {
-          try {
-            const item = await this.update(getStringIds(dbItem as any), update, serviceOptions);
-            resolve(item);
-          } catch (e) {
-            reject(e);
-          }
-        }),
-      );
+      promises.push(this.update(getStringIds(dbItem as any), update, serviceOptions));
     }
     return await Promise.all(promises);
   }

package/src/core/common/services/mailjet.service.ts

@@ -3,7 +3,6 @@ const Mailjet = require('node-mailjet');
 
 import { ConfigService } from './config.service';
 
-
 /**
  * Mailjet service
  */
@@ -83,8 +82,8 @@ export class MailjetService {
       });
     } catch (e) {
       if (
-        this.configService.getFastButReadOnly('email.mailjet.api_key_public')
-        && this.configService.getFastButReadOnly('email.mailjet.api_key_private')
+        this.configService.getFastButReadOnly('email.mailjet.api_key_public') &&
+        this.configService.getFastButReadOnly('email.mailjet.api_key_private')
       ) {
         throw new HttpException('Cannot connect to mailjet.', 502);
       }
@@ -95,8 +94,8 @@ export class MailjetService {
               this.configService.getFastButReadOnly('email.mailjet.api_key_private') || 'missing',
             'email.mailjet.api_key_public':
               this.configService.getFastButReadOnly('email.mailjet.api_key_public') || 'missing',
-            'info': 'Mailjet credentials are missing',
-            'templateData': templateData,
+            info: 'Mailjet credentials are missing',
+            templateData: templateData,
           },
           null,
           2,

package/src/core/common/services/module.service.ts

@@ -96,7 +96,7 @@ export abstract class ModuleService<T extends CoreModel = any> {
       processFieldSelection: {},
       pubSub: true,
       setCreateOrUpdateUserId: false,
-      ...(options?.serviceOptions || {}),
+      ...options?.serviceOptions,
     };
 
     // Note raw configuration
@@ -143,8 +143,8 @@ export abstract class ModuleService<T extends CoreModel = any> {
       const preparedInput = await this.prepareInput(config.input, config);
       new Promise(() => {
         if (
-          inputJSON?.replace(/"password":\s*"[^"]*"/, '')
-          !== JSON.stringify(preparedInput)?.replace(/"password":\s*"[^"]*"/, '')
+          inputJSON?.replace(/"password":\s*"[^"]*"/, '') !==
+          JSON.stringify(preparedInput)?.replace(/"password":\s*"[^"]*"/, '')
         ) {
           console.debug(
             'CheckSecurityInterceptor: securityCheck changed input of type',

package/src/core/common/types/array-element.type.ts

@@ -1,5 +1,6 @@
 /**
  * Get type of array elements
  */
-export type ArrayElement<ArrayType extends (unknown | unknown[])> =
-  ArrayType extends readonly (infer ElementType)[] ? ElementType : ArrayType;
+export type ArrayElement<ArrayType extends unknown | unknown[]> = ArrayType extends readonly (infer ElementType)[]
+  ? ElementType
+  : ArrayType;

package/src/core/common/types/require-only-one.type.ts

@@ -4,5 +4,5 @@
  */
 export type RequireOnlyOne<T, Keys extends keyof T = keyof T> = Pick<T, Exclude<keyof T, Keys>> &
   {
-  [K in Keys]-?: Partial<Record<Exclude<Keys, K>, undefined>> & Required<Pick<T, K>>;
-}[Keys];
+    [K in Keys]-?: Partial<Record<Exclude<Keys, K>, undefined>> & Required<Pick<T, K>>;
+  }[Keys];

package/src/core/common/types/required-at-least-one.type.ts

@@ -4,5 +4,5 @@
  */
 export type RequireAtLeastOne<T, Keys extends keyof T = keyof T> = Pick<T, Exclude<keyof T, Keys>> &
   {
-  [K in Keys]-?: Partial<Pick<T, Exclude<Keys, K>>> & Required<Pick<T, K>>;
-}[Keys];
+    [K in Keys]-?: Partial<Pick<T, Exclude<Keys, K>>> & Required<Pick<T, K>>;
+  }[Keys];

package/src/core/common/types/scim-comparator.type.ts

@@ -1,2 +1,2 @@
 /** Supported SCIM comparison operators */
-export type Comparator = 'aco' | 'co' | 'eq' | 'ew' | 'ge' | 'gt' | 'le' | 'lt' | 'pr' | 'sw';
+export type Comparator = 'aco' | 'co' | 'eq' | 'ew' | 'ge' | 'gt' | 'le' | 'lt' | 'pr' | 'sw';

package/src/core/common/types/scim-logical-operator.type.ts

@@ -1 +1 @@
-export type LogicalOperator = 'and' | 'or';
+export type LogicalOperator = 'and' | 'or';

package/src/core/common/types/scim-node.type.ts

@@ -3,4 +3,4 @@ import { ConditionNode } from '../interfaces/scim-condition-node.interface';
 import { LogicalNode } from '../interfaces/scim-logical-node.interface';
 
 /** Union type representing any valid SCIM node */
-export type ScimNode = ArrayFilterNode | ConditionNode | LogicalNode;
+export type ScimNode = ArrayFilterNode | ConditionNode | LogicalNode;

package/src/core/modules/auth/guards/auth.guard.ts

@@ -139,8 +139,10 @@ function createAuthGuard(type?: AuthGuardStrategy | string | string[]): Type<IAu
       // Proceed with Passport authentication for other strategies
       const response = context?.switchToHttp()?.getResponse();
       const passportFn = createPassportContext(request, response);
-      const user = await passportFn(type || this.options?.defaultStrategy, options, (err: any, currentUser: any, info: any) =>
-        this.handleRequest(err, currentUser, info, context),
+      const user = await passportFn(
+        type || this.options?.defaultStrategy,
+        options,
+        (err: any, currentUser: any, info: any) => this.handleRequest(err, currentUser, info, context),
       );
       request[options.property || defaultOptions.property] = user;
       return true;

package/src/core/modules/auth/guards/roles.guard.ts

@@ -1,4 +1,12 @@
-import { ExecutionContext, ForbiddenException, Inject, Injectable, Logger, Optional, UnauthorizedException } from '@nestjs/common';
+import {
+  ExecutionContext,
+  ForbiddenException,
+  Inject,
+  Injectable,
+  Logger,
+  Optional,
+  UnauthorizedException,
+} from '@nestjs/common';
 import { ModuleRef, Reflector } from '@nestjs/core';
 import { GqlExecutionContext } from '@nestjs/graphql';
 import { firstValueFrom, isObservable } from 'rxjs';
@@ -122,7 +130,10 @@ export class RolesGuard extends AuthGuard(AuthGuardStrategy.JWT) {
    */
   override async canActivate(context: ExecutionContext): Promise<boolean> {
     // Get roles FIRST to check if authentication is even needed
-    const reflectorRoles = this.ensureReflector().getAll<string[][]>('roles', [context.getHandler(), context.getClass()]);
+    const reflectorRoles = this.ensureReflector().getAll<string[][]>('roles', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
     const roles: string[] = reflectorRoles[0]
       ? reflectorRoles[1]
         ? [...reflectorRoles[0], ...reflectorRoles[1]]
@@ -279,7 +290,10 @@ export class RolesGuard extends AuthGuard(AuthGuardStrategy.JWT) {
    */
   override handleRequest(err: Error | null, user: any, info: any, context: ExecutionContext) {
     // Get roles
-    const reflectorRoles = this.ensureReflector().getAll<string[][]>('roles', [context.getHandler(), context.getClass()]);
+    const reflectorRoles = this.ensureReflector().getAll<string[][]>('roles', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
     const roles: string[] = reflectorRoles[0]
       ? reflectorRoles[1]
         ? [...reflectorRoles[0], ...reflectorRoles[1]]

package/src/core/modules/auth/tokens.decorator.ts

@@ -14,9 +14,9 @@ export const Tokens = createParamDecorator(
     const context = getContextData(ctx);
 
     // Get token from cookie or authorization header
-    const token
-      = context?.request?.cookies?.['token']
-      || context?.request
+    const token =
+      context?.request?.cookies?.['token'] ||
+      context?.request
         ?.get('Authorization')
         ?.replace(/bearer/i, '')
         .trim();

package/src/core/modules/better-auth/ARCHITECTURE.md

@@ -5,6 +5,7 @@ The `CoreBetterAuthController` implements custom endpoints instead of directly u
 ## 1. Hybrid-Auth-System (Legacy + Better-Auth)
 
 The nest-server supports bidirectional authentication:
+
 - **Legacy Auth → Better-Auth**: Users created via Legacy Auth can sign in via Better-Auth
 - **Better-Auth → Legacy Auth**: Users created via Better-Auth can sign in via Legacy Auth
 
@@ -14,14 +15,14 @@ This requires custom logic that cannot be implemented via Better-Auth hooks alon
 
 Better-Auth hooks have fundamental limitations that prevent full implementation of our requirements:
 
-| Requirement | Hook Support | Reason |
-|-------------|--------------|--------|
-| Legacy user migration | ⚠️ Partial | Requires global DB access outside NestJS DI |
-| Password sync to Legacy | ❌ No | **After-hooks don't have access to plaintext password** |
-| Custom response format | ❌ No | **Hooks cannot modify HTTP response** |
-| Multi-cookie setting | ❌ No | **Hooks cannot set cookies** |
-| User mapping with roles | ❌ No | Requires NestJS Dependency Injection |
-| Session token injection | ❌ No | Before-hooks cannot inject tokens into requests |
+| Requirement             | Hook Support | Reason                                                  |
+| ----------------------- | ------------ | ------------------------------------------------------- |
+| Legacy user migration   | ⚠️ Partial   | Requires global DB access outside NestJS DI             |
+| Password sync to Legacy | ❌ No        | **After-hooks don't have access to plaintext password** |
+| Custom response format  | ❌ No        | **Hooks cannot modify HTTP response**                   |
+| Multi-cookie setting    | ❌ No        | **Hooks cannot set cookies**                            |
+| User mapping with roles | ❌ No        | Requires NestJS Dependency Injection                    |
+| Session token injection | ❌ No        | Before-hooks cannot inject tokens into requests         |
 
 ## 3. Hook Limitations Explained
 
@@ -68,35 +69,37 @@ export const auth = betterAuth({
 
 ## 4. What Custom Endpoints Do
 
-| Endpoint | Custom Logic | Why Required |
-|----------|--------------|--------------|
+| Endpoint         | Custom Logic                                     | Why Required                       |
+| ---------------- | ------------------------------------------------ | ---------------------------------- |
 | `/sign-in/email` | Legacy migration, PW normalization, 2FA handling | Migration needs plaintext password |
-| `/sign-up/email` | PW normalization, Legacy sync, User linking | Sync needs plaintext password |
-| `/sign-out` | Multi-cookie clearing | Response modification |
-| `/session` | User mapping with roles | NestJS service access |
-| Plugin routes | Session token injection | Request modification |
+| `/sign-up/email` | PW normalization, Legacy sync, User linking      | Sync needs plaintext password      |
+| `/sign-out`      | Multi-cookie clearing                            | Response modification              |
+| `/session`       | User mapping with roles                          | NestJS service access              |
+| Plugin routes    | Session token injection                          | Request modification               |
 
 ## 5. Native Handler Where Possible
 
 Despite custom endpoints, we use Better-Auth's native handler where appropriate:
+
 - **Plugin routes** (Passkey, 2FA, OAuth) → `authInstance.handler()`
 - **2FA verification flow** → Native handler for correct cookie setting
 - **Passkey authentication** → Native WebAuthn handling
 
 ## 6. Alternative Approaches Considered
 
-| Approach | Evaluation |
-|----------|------------|
-| **Full Hook Approach** | ❌ Not feasible - missing plaintext password, no response modification |
-| **Hybrid with Global DB** | ⚠️ Possible but anti-pattern - bypasses NestJS DI, harder to test |
-| **Custom Controller (current)** | ✅ Best balance - NestJS DI access, testable, maintainable |
+| Approach                        | Evaluation                                                             |
+| ------------------------------- | ---------------------------------------------------------------------- |
+| **Full Hook Approach**          | ❌ Not feasible - missing plaintext password, no response modification |
+| **Hybrid with Global DB**       | ⚠️ Possible but anti-pattern - bypasses NestJS DI, harder to test      |
+| **Custom Controller (current)** | ✅ Best balance - NestJS DI access, testable, maintainable             |
 
 ## Conclusion
 
 The custom controller architecture is **necessary complexity**, not unnecessary overhead. It enables:
+
 - ✅ Legacy Auth compatibility
 - ✅ Bidirectional password synchronization
 - ✅ Multi-cookie support
 - ✅ Custom user mapping with roles
 - ✅ Proper 2FA cookie handling
-- ✅ Full NestJS Dependency Injection access
+- ✅ Full NestJS Dependency Injection access