@lenne.tech/nest-server 11.18.0 → 11.20.0

package/src/core/modules/error-code/INTEGRATION-CHECKLIST.md

@@ -86,7 +86,7 @@ const config = {
 };
 ```
 
-**Done!** Your project errors are now available via `/api/i18n/errors/:locale`.
+**Done!** Your project errors are now available via `/i18n/errors/:locale`.
 
 ---
 
@@ -221,14 +221,14 @@ After integration, verify:
 
 - [ ] `npm run build` succeeds without errors
 - [ ] `npm test` passes
-- [ ] `GET /api/i18n/errors/de` returns your project error codes
-- [ ] `GET /api/i18n/errors/en` returns English translations
+- [ ] `GET /i18n/errors/de` returns your project error codes
+- [ ] `GET /i18n/errors/en` returns English translations
 - [ ] Error codes follow format `PREFIX_XXXX` (e.g., `PROJ_0001`)
 - [ ] Translations include placeholders where needed (`{param}`)
 
 ### For Scenario C only:
 
-- [ ] `GET /api/i18n/errors/codes` returns all error codes (if implemented)
+- [ ] `GET /i18n/errors/codes` returns all error codes (if implemented)
 
 ---
 
@@ -269,10 +269,10 @@ const orderCode = ProjectErrorCode.ORDER_NOT_FOUND; // '#PROJ_0001: Order not fo
 
 ### REST Endpoints
 
-| Endpoint                   | Method | Description                               |
-| -------------------------- | ------ | ----------------------------------------- |
-| `/api/i18n/errors/:locale` | GET    | Get translations for locale (de, en, ...) |
-| `/api/i18n/errors/codes`   | GET    | Get all error codes (Scenario C only)     |
+| Endpoint               | Method | Description                               |
+| ---------------------- | ------ | ----------------------------------------- |
+| `/i18n/errors/:locale` | GET    | Get translations for locale (de, en, ...) |
+| `/i18n/errors/codes`   | GET    | Get all error codes (Scenario C only)     |
 
 ### Response Format (Nuxt i18n compatible)
 

package/src/core/modules/error-code/core-error-code.controller.ts

@@ -12,10 +12,10 @@ import { IErrorTranslationResponse, SupportedLocale } from './interfaces/error-c
  * This controller is publicly accessible (no authentication required).
  *
  * @example
- * GET /api/i18n/errors/de - Get German translations
- * GET /api/i18n/errors/en - Get English translations
+ * GET /i18n/errors/de - Get German translations
+ * GET /i18n/errors/en - Get English translations
  */
-@Controller('api/i18n/errors')
+@Controller('i18n/errors')
 export class CoreErrorCodeController {
   constructor(protected readonly errorCodeService: CoreErrorCodeService) {}
 

package/src/core/modules/error-code/interfaces/error-code.interfaces.ts

@@ -36,7 +36,7 @@ export interface IErrorCodeModuleConfig {
    * @example
    * ```typescript
    * // Standalone controller (RECOMMENDED)
-   * @Controller('api/i18n/errors')
+   * @Controller('i18n/errors')
    * export class ErrorCodeController {
    *   constructor(protected readonly errorCodeService: ErrorCodeService) {}
    *

package/src/core/modules/system-setup/INTEGRATION-CHECKLIST.md

@@ -68,7 +68,7 @@ Only needed if you want to add extra validation, logging, or custom fields.
 import { Controller } from '@nestjs/common';
 import { CoreSystemSetupController, Roles, RoleEnum } from '@lenne.tech/nest-server';
 
-@Controller('api/system-setup')
+@Controller('system-setup')
 @Roles(RoleEnum.ADMIN)
 export class SystemSetupController extends CoreSystemSetupController {
   // Override methods here for custom logic
@@ -83,10 +83,10 @@ export class SystemSetupController extends CoreSystemSetupController {
 
 - [ ] `npm run build` succeeds
 - [ ] `npm test` passes
-- [ ] `GET /api/system-setup/status` returns `{ needsSetup: true }` on empty database
-- [ ] `POST /api/system-setup/init` creates admin user with correct role
-- [ ] `GET /api/system-setup/status` returns `{ needsSetup: false }` after init
-- [ ] `POST /api/system-setup/init` returns 403 when users already exist
+- [ ] `GET /system-setup/status` returns `{ needsSetup: true }` on empty database
+- [ ] `POST /system-setup/init` creates admin user with correct role
+- [ ] `GET /system-setup/status` returns `{ needsSetup: false }` after init
+- [ ] `POST /system-setup/init` returns 403 when users already exist
 
 ---
 

package/src/core/modules/system-setup/README.md

@@ -42,12 +42,12 @@ Once any user exists, the init endpoint is permanently locked (returns 403) and
 
 ## Endpoints
 
-| Method | Endpoint                   | Description                 |
-| ------ | -------------------------- | --------------------------- |
-| GET    | `/api/system-setup/status` | Check if system needs setup |
-| POST   | `/api/system-setup/init`   | Create initial admin user   |
+| Method | Endpoint               | Description                 |
+| ------ | ---------------------- | --------------------------- |
+| GET    | `/system-setup/status` | Check if system needs setup |
+| POST   | `/system-setup/init`   | Create initial admin user   |
 
-### GET /api/system-setup/status
+### GET /system-setup/status
 
 Returns the current setup status.
 
@@ -60,7 +60,7 @@ Returns the current setup status.
 }
 ```
 
-### POST /api/system-setup/init
+### POST /system-setup/init
 
 Creates the initial admin user. Only works when zero users exist.
 
@@ -195,12 +195,12 @@ Typical frontend flow:
 
 ```typescript
 // 1. Check if setup is needed
-const status = await fetch('/api/system-setup/status');
+const status = await fetch('/system-setup/status');
 const { needsSetup } = await status.json();
 
 if (needsSetup) {
   // 2. Show setup form and submit
-  const result = await fetch('/api/system-setup/init', {
+  const result = await fetch('/system-setup/init', {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },
     body: JSON.stringify({
@@ -225,7 +225,7 @@ if (needsSetup) {
 
 **Solutions:**
 
-1. Check `GET /api/system-setup/status` - `needsSetup` should be `true`
+1. Check `GET /system-setup/status` - `needsSetup` should be `true`
 2. If this is a fresh deployment, verify the database is empty
 
 ### Init returns 403 "System setup requires BetterAuth"

package/src/core/modules/system-setup/core-system-setup.controller.ts

@@ -35,7 +35,7 @@ export class SystemSetupInitDto {
  * that no users exist before allowing creation.
  */
 @ApiTags('System Setup')
-@Controller('api/system-setup')
+@Controller('system-setup')
 @Roles(RoleEnum.ADMIN)
 export class CoreSystemSetupController {
   constructor(protected readonly systemSetupService: CoreSystemSetupService) {}

package/src/core.module.ts

@@ -20,6 +20,7 @@ import { mongooseIdPlugin } from './core/common/plugins/mongoose-id.plugin';
 import { mongooseAuditFieldsPlugin } from './core/common/plugins/mongoose-audit-fields.plugin';
 import { mongoosePasswordPlugin } from './core/common/plugins/mongoose-password.plugin';
 import { mongooseRoleGuardPlugin } from './core/common/plugins/mongoose-role-guard.plugin';
+import { mongooseTenantPlugin } from './core/common/plugins/mongoose-tenant.plugin';
 import { ConfigService } from './core/common/services/config.service';
 import { EmailService } from './core/common/services/email.service';
 import { MailjetService } from './core/common/services/mailjet.service';
@@ -214,6 +215,10 @@ export class CoreModule implements NestModule {
       if (config.security?.mongooseAuditFieldsPlugin !== false) {
         connection.plugin(mongooseAuditFieldsPlugin);
       }
+      // Add tenant isolation plugin (opt-in via multiTenancy config)
+      if (config.multiTenancy && config.multiTenancy.enabled !== false) {
+        connection.plugin(mongooseTenantPlugin);
+      }
       return connection;
     };
 

package/src/index.ts

@@ -75,6 +75,7 @@ export * from './core/common/plugins/mongoose-id.plugin';
 export * from './core/common/plugins/mongoose-audit-fields.plugin';
 export * from './core/common/plugins/mongoose-password.plugin';
 export * from './core/common/plugins/mongoose-role-guard.plugin';
+export * from './core/common/plugins/mongoose-tenant.plugin';
 export * from './core/common/scalars/any.scalar';
 export * from './core/common/scalars/date-timestamp.scalar';
 export * from './core/common/scalars/date.scalar';

package/src/server/modules/error-code/README.md

@@ -33,9 +33,9 @@ Demonstrates **Scenario C: Custom Service + Controller via forRoot()** where a p
 │  │  ErrorCodeService   │    │   ErrorCodeController       │  │
 │  │  extends Core...    │    │   (standalone - see below)  │  │
 │  │                     │    │                             │  │
-│  │  - LTNS_* (core)    │    │   GET /api/i18n/errors/codes│  │
-│  │  - SRV_* (server)   │    │   GET /api/i18n/errors/de   │  │
-│  │                     │    │   GET /api/i18n/errors/en   │  │
+│  │  - LTNS_* (core)    │    │   GET /i18n/errors/codes    │  │
+│  │  - SRV_* (server)   │    │   GET /i18n/errors/de       │  │
+│  │                     │    │   GET /i18n/errors/en       │  │
 │  └─────────────────────┘    └─────────────────────────────┘  │
 └──────────────────────────────────────────────────────────────┘
 ```
@@ -107,7 +107,7 @@ static routes (`/codes`), even if you re-declare the methods.
 
 ```typescript
 // DOES NOT WORK - parent route registered first!
-@Controller('api/i18n/errors')
+@Controller('i18n/errors')
 export class ErrorCodeController extends CoreErrorCodeController {
   @Get('codes') // Registered AFTER parent's :locale
   getAllCodes(): string[] {}
@@ -117,7 +117,7 @@ export class ErrorCodeController extends CoreErrorCodeController {
 }
 
 // WORKS - standalone ensures correct order
-@Controller('api/i18n/errors')
+@Controller('i18n/errors')
 export class ErrorCodeController {
   @Get('codes') // Registered first
   getAllCodes(): string[] {}

package/src/server/modules/error-code/error-code.controller.ts

@@ -16,8 +16,8 @@ import { ErrorCodeService } from './error-code.service';
  * correct route registration order.
  *
  * Endpoints:
- * - GET /api/i18n/errors/codes - Get all available error codes (custom)
- * - GET /api/i18n/errors/:locale - Get translations for a locale
+ * - GET /i18n/errors/codes - Get all available error codes (custom)
+ * - GET /i18n/errors/:locale - Get translations for a locale
  *
  * **WHY standalone instead of extending CoreErrorCodeController?**
  * NestJS registers routes from parent classes first, regardless of method declaration
@@ -33,7 +33,7 @@ import { ErrorCodeService } from './error-code.service';
  * })
  * ```
  */
-@Controller('api/i18n/errors')
+@Controller('i18n/errors')
 export class ErrorCodeController {
   constructor(protected readonly errorCodeService: ErrorCodeService) {}