@lenne.tech/nest-server 11.4.7 → 11.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "11.4.7",
+  "version": "11.5.0",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -25,6 +25,14 @@
     "docs:ci": "ts-node ./scripts/init-server.ts && npm run docs:bootstrap && compodoc -p tsconfig.json",
     "format": "prettier --write 'src/**/*.ts'",
     "format:staged": "pretty-quick --staged",
+    "jest": "npm run jest:e2e",
+    "jest:ci": "NODE_ENV=local jest --config jest-e2e.json --ci --forceExit",
+    "jest:cov": "NODE_ENV=local jest --coverage",
+    "jest:debug": "NODE_ENV=local node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "jest:e2e": "NODE_ENV=local jest --config jest-e2e.json --forceExit",
+    "jest:e2e-cov": "NODE_ENV=local jest --config jest-e2e.json --coverage --forceExit",
+    "jest:e2e-doh": "NODE_ENV=local jest --config jest-e2e.json --forceExit --detectOpenHandles",
+    "jest:watch": "NODE_ENV=local jest --watch",
     "lint": "eslint '{src,apps,libs,tests}/**/*.{ts,js}' --cache",
     "lint:fix": "eslint '{src,apps,libs,tests}/**/*.{ts,js}' --fix --cache",
     "prestart:prod": "npm run build",
@@ -42,17 +50,18 @@
     "start:dev:swc": "nest start -b swc -w --type-check",
     "start:local": "NODE_ENV=local nodemon",
     "start:local:swc": "NODE_ENV=local nest start -b swc -w --type-check",
-    "test": "npm run test:e2e",
-    "test:cov": "NODE_ENV=local jest --coverage",
-    "test:debug": "NODE_ENV=local node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
-    "test:e2e": "NODE_ENV=local jest --config jest-e2e.json --forceExit",
-    "test:e2e-cov": "NODE_ENV=local jest --config jest-e2e.json --coverage --forceExit",
-    "test:e2e-doh": "NODE_ENV=local jest --config jest-e2e.json --forceExit --detectOpenHandles",
-    "test:ci": "NODE_ENV=local jest --config jest-e2e.json --ci --forceExit",
-    "test:watch": "NODE_ENV=local jest --watch",
+    "test": "npm run vitest",
+    "test:ci": "npm run vitest:ci",
+    "test:e2e": "npm run vitest",
     "prepack": "npm run prestart:prod",
     "prepublishOnly": "npm run lint && npm run test:ci",
     "preversion": "npm run lint",
+    "vitest": "NODE_ENV=local vitest run --config vitest-e2e.config.ts",
+    "vitest:ci": "NODE_ENV=ci vitest run --config vitest-e2e.config.ts",
+    "vitest:cov": "NODE_ENV=local vitest run --coverage --config vitest-e2e.config.ts",
+    "vitest:watch": "NODE_ENV=local vitest --config vitest-e2e.config.ts",
+    "vitest:unit": "vitest run --config vitest.config.ts",
+    "test:unit:watch": "vitest --config vitest.config.ts",
     "watch": "npm-watch",
     "link:eslint": "yalc add @lenne.tech/eslint-config-ts && yalc link @lenne.tech/eslint-config-ts && npm install",
     "unlink:eslint": "yalc remove @lenne.tech/eslint-config-ts && npm install"
@@ -132,6 +141,9 @@
     "@types/supertest": "6.0.3",
     "@typescript-eslint/eslint-plugin": "8.46.3",
     "@typescript-eslint/parser": "8.46.3",
+    "@vitest/coverage-v8": "4.0.9",
+    "@vitest/ui": "4.0.9",
+    "ansi-colors": "4.1.3",
     "coffeescript": "2.7.0",
     "eslint": "9.39.1",
     "eslint-config-prettier": "10.1.8",
@@ -157,6 +169,11 @@
     "ts-node": "10.9.2",
     "tsconfig-paths": "4.2.0",
     "typescript": "5.9.3",
+    "unplugin-swc": "1.5.8",
+    "vite": "7.2.2",
+    "vite-plugin-node": "7.0.0",
+    "vite-tsconfig-paths": "5.1.4",
+    "vitest": "4.0.9",
     "yalc": "1.0.0-pre.53"
   },
   "overrides": {

package/src/core/common/decorators/restricted.decorator.ts

@@ -61,7 +61,7 @@ export const getRestricted = (object: unknown, propertyKey?: string): Restricted
  */
 export const checkRestricted = (
   data: any,
-  user: { hasRole: (roles: string[]) => boolean; id: any },
+  user: { hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
   options: {
     allowCreatorOfParent?: boolean;
     checkObjectItself?: boolean;
@@ -108,9 +108,9 @@ export const checkRestricted = (
   // Array
   if (Array.isArray(data)) {
     // Check array items
-    let result = data.map(item => checkRestricted(item, user, config, processedObjects));
+    let result = data.map((item) => checkRestricted(item, user, config, processedObjects));
     if (!config.throwError && config.removeUndefinedFromResultArray) {
-      result = result.filter(item => item !== undefined);
+      result = result.filter((item) => item !== undefined);
     }
     return result;
   }
@@ -134,8 +134,8 @@ export const checkRestricted = (
       if (typeof item === 'string') {
         roles.push(item);
       } else if (
-        item?.roles?.length
-        && (config.processType && item.processType ? config.processType === item.processType : true)
+        item?.roles?.length &&
+        (config.processType && item.processType ? config.processType === item.processType : true)
       ) {
         if (Array.isArray(item.roles)) {
           roles.push(...item.roles);
@@ -156,13 +156,14 @@ export const checkRestricted = (
 
       // Check access rights
       if (
-        roles.includes(RoleEnum.S_EVERYONE)
-        || user?.hasRole?.(roles)
-        || (user?.id && roles.includes(RoleEnum.S_USER))
-        || (roles.includes(RoleEnum.S_SELF) && equalIds(data, user))
-        || (roles.includes(RoleEnum.S_CREATOR)
-          && (('createdBy' in data && equalIds(data.createdBy, user))
-            || (config.allowCreatorOfParent && !('createdBy' in data) && config.isCreatorOfParent)))
+        roles.includes(RoleEnum.S_EVERYONE) ||
+        user?.hasRole?.(roles) ||
+        (user?.id && roles.includes(RoleEnum.S_USER)) ||
+        (roles.includes(RoleEnum.S_SELF) && equalIds(data, user)) ||
+        (roles.includes(RoleEnum.S_CREATOR) &&
+          (('createdBy' in data && equalIds(data.createdBy, user)) ||
+            (config.allowCreatorOfParent && !('createdBy' in data) && config.isCreatorOfParent))) ||
+        (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt))
       ) {
         valid = true;
       }
@@ -172,11 +173,11 @@ export const checkRestricted = (
       // Get groups
       const groups = restricted.filter((item) => {
         return (
-          typeof item === 'object'
+          typeof item === 'object' &&
           // Check if object is valid
-          && item.memberOf?.length
+          item.memberOf?.length &&
           // Check if processType is specified and is valid for current process
-          && (config.processType && item.processType ? config.processType === item.processType : true)
+          (config.processType && item.processType ? config.processType === item.processType : true)
         );
       }) as { memberOf: string | string[] }[];
 
@@ -252,8 +253,8 @@ export const checkRestricted = (
     // Check rights
     if (valid) {
       // Check if data is user or user is creator of data (for nested plain objects)
-      config.isCreatorOfParent
-        = equalIds(data, user) || ('createdBy' in data ? equalIds(data.createdBy, user) : config.isCreatorOfParent);
+      config.isCreatorOfParent =
+        equalIds(data, user) || ('createdBy' in data ? equalIds(data.createdBy, user) : config.isCreatorOfParent);
 
       // Check deep
       data[propertyKey] = checkRestricted(data[propertyKey], user, config, processedObjects);

package/src/core/common/enums/role.enum.ts

@@ -1,3 +1,4 @@
+/* eslint-disable perfectionist/sort-enums */
 /**
  * Enums for Resolver @Role and Model @Restricted decorator and for roles property in ServiceOptions
  *
@@ -42,9 +43,12 @@ export enum RoleEnum {
   // Everyone, including users who are not logged in, can access (see context user, e.g. @CurrentUser)
   S_EVERYONE = 's_everyone',
 
-  // No one has access, not even administrators
+  // No one has access, not even administrators (regardless of which roles are still set, access will always be denied)
   S_NO_ONE = 's_no_one',
 
+  // User must be verified (see verified or verifiedAt property of user)
+  S_VERIFIED = 's_verified',
+
   // ===================================================================================================================
   // Special system roles that check rights for DB objects and can be used via @Restricted for Models
   // (classes and properties) and via ServiceOptions for Resolver methods. These roles should not be integrated in

package/src/core/common/helpers/input.helper.ts

@@ -209,7 +209,7 @@ export function assignPlain(target: Record<any, any>, ...args: Record<any, any>[
  */
 export async function check(
   value: any,
-  user: { hasRole: (roles: string[]) => boolean; id: any },
+  user: { hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
   options?: {
     allowCreatorOfParent?: boolean;
     dbObject?: any;
@@ -262,7 +262,9 @@ export async function check(
           (config.allowCreatorOfParent &&
             config.dbObject &&
             !('createdBy' in config.dbObject) &&
-            config.isCreatorOfParent)))
+            config.isCreatorOfParent))) ||
+      // check if the is verified
+      (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt))
     ) {
       valid = true;
     }

package/src/core/common/plugins/mongoose-id.plugin.ts

@@ -0,0 +1,14 @@
+/**
+ * Mongoose plugin to add a string 'id' field to documents based on the '_id' ObjectId.
+ * @param schema - The Mongoose schema to which the plugin will be applied.
+ */
+export function mongooseIdPlugin(schema) {
+  schema.post(/.*/, (docs) => {
+    const docsArray = Array.isArray(docs) ? docs : [docs];
+    for (const doc of docsArray) {
+      if (doc?._id && typeof doc._id.toHexString === 'function') {
+        doc.id = doc._id.toHexString();
+      }
+    }
+  });
+}

package/src/core.module.ts

@@ -13,6 +13,7 @@ import { CheckSecurityInterceptor } from './core/common/interceptors/check-secur
 import { IServerOptions } from './core/common/interfaces/server-options.interface';
 import { MapAndValidatePipe } from './core/common/pipes/map-and-validate.pipe';
 import { ComplexityPlugin } from './core/common/plugins/complexity.plugin';
+import { mongooseIdPlugin } from './core/common/plugins/mongoose-id.plugin';
 import { ConfigService } from './core/common/services/config.service';
 import { EmailService } from './core/common/services/email.service';
 import { MailjetService } from './core/common/services/mailjet.service';
@@ -98,8 +99,8 @@ export class CoreModule implements NestModule {
                         if (config.graphQl.enableSubscriptionAuth) {
                           // get authToken from authorization header
                           const headers = this.getHeaderFromArray(extra.request?.rawHeaders);
-                          const authToken: string
-                            = connectionParams?.Authorization?.split(' ')[1] ?? headers.Authorization?.split(' ')[1];
+                          const authToken: string =
+                            connectionParams?.Authorization?.split(' ')[1] ?? headers.Authorization?.split(' ')[1];
                           if (authToken) {
                             // verify authToken/getJwtPayLoad
                             const payload = authService.decodeJwt(authToken);
@@ -148,7 +149,7 @@ export class CoreModule implements NestModule {
         mongoose: {
           options: {
             connectionFactory: (connection) => {
-              connection.plugin(require('./core/common/plugins/mongoose-id.plugin'));
+              connection.plugin(mongooseIdPlugin);
               return connection;
             },
           },
@@ -177,11 +178,13 @@ export class CoreModule implements NestModule {
       EmailService,
       TemplateService,
       MailjetService,
-
-      // Plugins
-      ComplexityPlugin,
     ];
 
+    // Add ComplexityPlugin only if not in Vitest (Vitest has dual GraphQL loading issue)
+    if (!process.env.VITEST) {
+      providers.push(ComplexityPlugin);
+    }
+
     if (config.security?.checkResponseInterceptor ?? true) {
       // Check restrictions for output (models and output objects)
       providers.push({
@@ -225,9 +228,15 @@ export class CoreModule implements NestModule {
       imports.push(CoreHealthCheckModule);
     }
 
+    // Set exports
+    const exports: any[] = [ConfigService, EmailService, TemplateService, MailjetService];
+    if (!process.env.VITEST) {
+      exports.push(ComplexityPlugin);
+    }
+
     // Return dynamic module
     return {
-      exports: [ConfigService, EmailService, TemplateService, MailjetService, ComplexityPlugin],
+      exports,
       imports,
       module: CoreModule,
       providers,

package/src/core/common/plugins/mongoose-id.plugin.js

@@ -1,15 +0,0 @@
-export function mongooseIdPlugin(schema) {
-  schema.post(['find', 'findOne', 'save', 'deleteOne'], (docs) => {
-    if (!Array.isArray(docs)) {
-      docs = [docs];
-    }
-
-    for (const doc of docs) {
-      if (doc !== null && doc._id) {
-        doc.id = doc._id.toHexString();
-      }
-    }
-  });
-}
-
-module.exports = mongooseIdPlugin;