@lenne.tech/nest-server 11.4.6 → 11.4.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "11.4.6",
+  "version": "11.4.8",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",

package/src/core/common/decorators/restricted.decorator.ts

@@ -61,7 +61,7 @@ export const getRestricted = (object: unknown, propertyKey?: string): Restricted
  */
 export const checkRestricted = (
   data: any,
-  user: { hasRole: (roles: string[]) => boolean; id: any },
+  user: { hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
   options: {
     allowCreatorOfParent?: boolean;
     checkObjectItself?: boolean;
@@ -108,9 +108,9 @@ export const checkRestricted = (
   // Array
   if (Array.isArray(data)) {
     // Check array items
-    let result = data.map(item => checkRestricted(item, user, config, processedObjects));
+    let result = data.map((item) => checkRestricted(item, user, config, processedObjects));
     if (!config.throwError && config.removeUndefinedFromResultArray) {
-      result = result.filter(item => item !== undefined);
+      result = result.filter((item) => item !== undefined);
     }
     return result;
   }
@@ -134,8 +134,8 @@ export const checkRestricted = (
       if (typeof item === 'string') {
         roles.push(item);
       } else if (
-        item?.roles?.length
-        && (config.processType && item.processType ? config.processType === item.processType : true)
+        item?.roles?.length &&
+        (config.processType && item.processType ? config.processType === item.processType : true)
       ) {
         if (Array.isArray(item.roles)) {
           roles.push(...item.roles);
@@ -156,13 +156,14 @@ export const checkRestricted = (
 
       // Check access rights
       if (
-        roles.includes(RoleEnum.S_EVERYONE)
-        || user?.hasRole?.(roles)
-        || (user?.id && roles.includes(RoleEnum.S_USER))
-        || (roles.includes(RoleEnum.S_SELF) && equalIds(data, user))
-        || (roles.includes(RoleEnum.S_CREATOR)
-          && (('createdBy' in data && equalIds(data.createdBy, user))
-            || (config.allowCreatorOfParent && !('createdBy' in data) && config.isCreatorOfParent)))
+        roles.includes(RoleEnum.S_EVERYONE) ||
+        user?.hasRole?.(roles) ||
+        (user?.id && roles.includes(RoleEnum.S_USER)) ||
+        (roles.includes(RoleEnum.S_SELF) && equalIds(data, user)) ||
+        (roles.includes(RoleEnum.S_CREATOR) &&
+          (('createdBy' in data && equalIds(data.createdBy, user)) ||
+            (config.allowCreatorOfParent && !('createdBy' in data) && config.isCreatorOfParent))) ||
+        (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt))
       ) {
         valid = true;
       }
@@ -172,11 +173,11 @@ export const checkRestricted = (
       // Get groups
       const groups = restricted.filter((item) => {
         return (
-          typeof item === 'object'
+          typeof item === 'object' &&
           // Check if object is valid
-          && item.memberOf?.length
+          item.memberOf?.length &&
           // Check if processType is specified and is valid for current process
-          && (config.processType && item.processType ? config.processType === item.processType : true)
+          (config.processType && item.processType ? config.processType === item.processType : true)
         );
       }) as { memberOf: string | string[] }[];
 
@@ -252,8 +253,8 @@ export const checkRestricted = (
     // Check rights
     if (valid) {
       // Check if data is user or user is creator of data (for nested plain objects)
-      config.isCreatorOfParent
-        = equalIds(data, user) || ('createdBy' in data ? equalIds(data.createdBy, user) : config.isCreatorOfParent);
+      config.isCreatorOfParent =
+        equalIds(data, user) || ('createdBy' in data ? equalIds(data.createdBy, user) : config.isCreatorOfParent);
 
       // Check deep
       data[propertyKey] = checkRestricted(data[propertyKey], user, config, processedObjects);

package/src/core/common/enums/role.enum.ts

@@ -1,3 +1,4 @@
+/* eslint-disable perfectionist/sort-enums */
 /**
  * Enums for Resolver @Role and Model @Restricted decorator and for roles property in ServiceOptions
  *
@@ -42,9 +43,12 @@ export enum RoleEnum {
   // Everyone, including users who are not logged in, can access (see context user, e.g. @CurrentUser)
   S_EVERYONE = 's_everyone',
 
-  // No one has access, not even administrators
+  // No one has access, not even administrators (regardless of which roles are still set, access will always be denied)
   S_NO_ONE = 's_no_one',
 
+  // User must be verified (see verified or verifiedAt property of user)
+  S_VERIFIED = 's_verified',
+
   // ===================================================================================================================
   // Special system roles that check rights for DB objects and can be used via @Restricted for Models
   // (classes and properties) and via ServiceOptions for Resolver methods. These roles should not be integrated in

package/src/core/common/helpers/input.helper.ts

@@ -209,7 +209,7 @@ export function assignPlain(target: Record<any, any>, ...args: Record<any, any>[
  */
 export async function check(
   value: any,
-  user: { hasRole: (roles: string[]) => boolean; id: any },
+  user: { hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
   options?: {
     allowCreatorOfParent?: boolean;
     dbObject?: any;
@@ -262,7 +262,9 @@ export async function check(
           (config.allowCreatorOfParent &&
             config.dbObject &&
             !('createdBy' in config.dbObject) &&
-            config.isCreatorOfParent)))
+            config.isCreatorOfParent))) ||
+      // check if the is verified
+      (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt))
     ) {
       valid = true;
     }

package/src/core/modules/migrate/cli/migrate-cli.ts

@@ -91,7 +91,7 @@ async function listMigrations(options: CliOptions) {
   const stateStore = loadStateStore(options.store);
 
   const runner = new MigrationRunner({
-    migrationsDirectory: options.migrationsDir,
+    migrationsDirectory: path.resolve(process.cwd(), options.migrationsDir),
     stateStore,
   });
 
@@ -255,7 +255,7 @@ async function runDown(options: CliOptions) {
   const stateStore = loadStateStore(options.store);
 
   const runner = new MigrationRunner({
-    migrationsDirectory: options.migrationsDir,
+    migrationsDirectory: path.resolve(process.cwd(), options.migrationsDir),
     stateStore,
   });
 
@@ -270,7 +270,7 @@ async function runUp(options: CliOptions) {
   const stateStore = loadStateStore(options.store);
 
   const runner = new MigrationRunner({
-    migrationsDirectory: options.migrationsDir,
+    migrationsDirectory: path.resolve(process.cwd(), options.migrationsDir),
     stateStore,
   });
 

package/src/core/modules/migrate/helpers/migration.helper.ts

@@ -6,20 +6,64 @@ import * as path from 'path';
  * Migration helper functions for database operations
  */
 
+// Store active connections for auto-cleanup
+const activeConnections = new Set<MongoClient>();
+
+// Track if we're in a migration context
+let inMigrationContext = false;
+
+/**
+ * Mark the start of a migration
+ * @internal Used by migration runner
+ */
+export const _startMigration = () => {
+  inMigrationContext = true;
+};
+
+/**
+ * Mark the end of a migration and close all connections
+ * @internal Used by migration runner
+ */
+export const _endMigration = async () => {
+  inMigrationContext = false;
+  // Close all active connections
+  const promises = Array.from(activeConnections).map((client) => client.close());
+  activeConnections.clear();
+  await Promise.all(promises);
+};
+
 /**
  * Get database connection
  *
+ * When used in migrations, connections are automatically closed after the migration completes.
+ * For manual usage outside migrations, you must close the connection manually.
+ *
  * @param mongoUrl - MongoDB connection URI
  * @returns Promise with database instance
  *
  * @example
  * ```typescript
+ * // In migrations - connection auto-closes after migration
  * const db = await getDb('mongodb://localhost/mydb');
  * await db.collection('users').updateMany(...);
+ *
+ * // Outside migrations - must close manually
+ * const db = await getDb('mongodb://localhost/mydb');
+ * try {
+ *   await db.collection('users').updateMany(...);
+ * } finally {
+ *   await db.client.close();
+ * }
  * ```
  */
 export const getDb = async (mongoUrl: string): Promise<Db> => {
   const client: MongoClient = await MongoClient.connect(mongoUrl);
+
+  // Track connection for auto-cleanup in migrations
+  if (inMigrationContext) {
+    activeConnections.add(client);
+  }
+
   return client.db();
 };
 

package/src/core/modules/migrate/migration-runner.ts

@@ -106,6 +106,8 @@ export class MigrationRunner {
    * Run all pending migrations (up)
    */
   async up(): Promise<void> {
+    const { _endMigration, _startMigration } = await import('./helpers/migration.helper');
+
     const allMigrations = await this.loadMigrationFiles();
     const state = await this.options.stateStore.loadAsync();
     const completedMigrations = (state.migrations || []).map((m) => m.title);
@@ -121,23 +123,32 @@ export class MigrationRunner {
 
     for (const migration of pendingMigrations) {
       console.log(`Running migration: ${migration.title}`);
-      await migration.up();
-
-      // Update state
-      const newState = await this.options.stateStore.loadAsync();
-      const migrations = newState.migrations || [];
-      migrations.push({
-        timestamp: migration.timestamp,
-        title: migration.title,
-      });
-
-      await this.options.stateStore.saveAsync({
-        lastRun: migration.title,
-        migrations,
-        up: () => {},
-      } as any);
 
-      console.log(`✓ Migration completed: ${migration.title}`);
+      // Mark start of migration for auto-cleanup
+      _startMigration();
+
+      try {
+        await migration.up();
+
+        // Update state
+        const newState = await this.options.stateStore.loadAsync();
+        const migrations = newState.migrations || [];
+        migrations.push({
+          timestamp: migration.timestamp,
+          title: migration.title,
+        });
+
+        await this.options.stateStore.saveAsync({
+          lastRun: migration.title,
+          migrations,
+          up: () => {},
+        } as any);
+
+        console.log(`✓ Migration completed: ${migration.title}`);
+      } finally {
+        // Always close connections, even on error
+        await _endMigration();
+      }
     }
 
     console.log('All migrations completed successfully');
@@ -147,6 +158,8 @@ export class MigrationRunner {
    * Rollback the last migration (down)
    */
   async down(): Promise<void> {
+    const { _endMigration, _startMigration } = await import('./helpers/migration.helper');
+
     const state = await this.options.stateStore.loadAsync();
     const completedMigrations = state.migrations || [];
 
@@ -168,17 +181,26 @@ export class MigrationRunner {
     }
 
     console.log(`Rolling back migration: ${migrationToRollback.title}`);
-    await migrationToRollback.down();
 
-    // Update state
-    const newMigrations = completedMigrations.slice(0, -1);
-    await this.options.stateStore.saveAsync({
-      lastRun: newMigrations.length > 0 ? newMigrations[newMigrations.length - 1].title : undefined,
-      migrations: newMigrations,
-      up: () => {},
-    } as any);
+    // Mark start of migration for auto-cleanup
+    _startMigration();
+
+    try {
+      await migrationToRollback.down();
 
-    console.log(`✓ Migration rolled back: ${migrationToRollback.title}`);
+      // Update state
+      const newMigrations = completedMigrations.slice(0, -1);
+      await this.options.stateStore.saveAsync({
+        lastRun: newMigrations.length > 0 ? newMigrations[newMigrations.length - 1].title : undefined,
+        migrations: newMigrations,
+        up: () => {},
+      } as any);
+
+      console.log(`✓ Migration rolled back: ${migrationToRollback.title}`);
+    } finally {
+      // Always close connections, even on error
+      await _endMigration();
+    }
   }
 
   /**