npm - @lenne.tech/nest-server - Versions diffs - 11.6.1 → 11.7.0 - Mend

@lenne.tech/nest-server 11.6.1 → 11.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (120) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "11.6.1",
+  "version": "11.7.0",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -77,11 +77,14 @@
     "node": ">= 20"
   },
   "dependencies": {
+    "@apollo/server": "5.2.0",
+    "@as-integrations/express5": "1.1.2",
+    "@better-auth/passkey": "1.4.8-beta.4",
     "@getbrevo/brevo": "3.0.1",
-    "@nestjs/apollo": "13.1.0",
+    "@nestjs/apollo": "13.2.3",
     "@nestjs/common": "11.1.9",
     "@nestjs/core": "11.1.9",
-    "@nestjs/graphql": "13.2.0",
+    "@nestjs/graphql": "13.2.3",
     "@nestjs/jwt": "11.0.2",
     "@nestjs/mongoose": "11.0.4",
     "@nestjs/passport": "11.0.5",
@@ -89,14 +92,17 @@
     "@nestjs/schedule": "6.1.0",
     "@nestjs/swagger": "11.2.3",
     "@nestjs/terminus": "11.0.0",
+    "@nestjs/websockets": "11.1.9",
     "apollo-server-core": "3.13.0",
     "bcrypt": "6.0.0",
+    "better-auth": "1.4.8-beta.4",
     "class-transformer": "0.5.1",
     "class-validator": "0.14.3",
     "compression": "1.8.1",
     "cookie-parser": "1.4.7",
     "dotenv": "17.2.3",
     "ejs": "3.1.10",
+    "express": "5.1.0",
     "graphql": "16.12.0",
     "graphql-query-complexity": "1.1.0",
     "graphql-subscriptions": "3.0.0",
@@ -105,7 +111,7 @@
     "json-to-graphql-query": "2.3.0",
     "lodash": "4.17.21",
     "mongodb": "7.0.0",
-    "mongoose": "8.19.3",
+    "mongoose": "9.0.2",
     "multer": "2.0.2",
     "node-mailjet": "6.0.11",
     "nodemailer": "7.0.11",
@@ -114,7 +120,6 @@
     "reflect-metadata": "0.2.2",
     "rfdc": "1.4.1",
     "rxjs": "7.8.2",
-    "ts-jest": "29.4.6",
     "yuml-diagram": "1.2.0"
   },
   "devDependencies": {
@@ -124,23 +129,23 @@
     "@nestjs/schematics": "11.0.9",
     "@nestjs/testing": "11.1.9",
     "@swc/cli": "0.7.9",
-    "@swc/core": "1.15.3",
+    "@swc/core": "1.15.7",
     "@types/compression": "1.8.1",
     "@types/cookie-parser": "1.4.10",
     "@types/ejs": "3.1.5",
     "@types/express": "4.17.21",
     "@types/lodash": "4.17.21",
     "@types/multer": "2.0.0",
-    "@types/node": "25.0.1",
+    "@types/node": "25.0.3",
     "@types/nodemailer": "7.0.4",
     "@types/passport": "1.0.17",
     "@types/supertest": "6.0.3",
-    "@typescript-eslint/eslint-plugin": "8.49.0",
-    "@typescript-eslint/parser": "8.49.0",
-    "@vitest/coverage-v8": "4.0.15",
-    "@vitest/ui": "4.0.15",
+    "@typescript-eslint/eslint-plugin": "8.50.0",
+    "@typescript-eslint/parser": "8.50.0",
+    "@vitest/coverage-v8": "4.0.16",
+    "@vitest/ui": "4.0.16",
     "ansi-colors": "4.1.3",
-    "eslint": "9.39.1",
+    "eslint": "9.39.2",
     "eslint-config-prettier": "10.1.8",
     "eslint-plugin-unused-imports": "4.3.0",
     "find-file-up": "2.0.1",
@@ -157,25 +162,19 @@
     "pretty-quick": "4.2.2",
     "rimraf": "6.1.2",
     "supertest": "7.1.4",
+    "ts-jest": "29.4.6",
     "ts-loader": "9.5.4",
     "ts-morph": "27.0.2",
     "ts-node": "10.9.2",
     "tsconfig-paths": "4.2.0",
     "typescript": "5.9.3",
     "unplugin-swc": "1.5.9",
-    "vite": "7.2.7",
+    "vite": "7.3.0",
     "vite-plugin-node": "7.0.0",
-    "vite-tsconfig-paths": "5.1.4",
-    "vitest": "4.0.15",
+    "vite-tsconfig-paths": "6.0.3",
+    "vitest": "4.0.16",
     "yalc": "1.0.0-pre.53"
   },
-  "overrides": {
-    "@lykmapipo/common": {
-      "flat": "5.0.2",
-      "mime": "2.6.0"
-    },
-    "ts-morph": "27.0.2"
-  },
   "jest": {
     "collectCoverage": true,
     "coverageDirectory": "../coverage",

package/src/config.env.ts CHANGED Viewed

@@ -15,6 +15,51 @@ const config: { [env: string]: IServerOptions } = {
   // ===========================================================================
   development: {
     automaticObjectIdFiltering: true,
+    betterAuth: {
+      basePath: '/iam',
+      baseUrl: 'http://localhost:3000',
+      // enabled: true by default - set false to explicitly disable
+      jwt: {
+        enabled: true,
+        expiresIn: '15m',
+      },
+      passkey: {
+        enabled: false,
+        origin: 'http://localhost:3000',
+        rpId: 'localhost',
+        rpName: 'Nest Server Development',
+      },
+      rateLimit: {
+        enabled: true,
+        max: 20,
+        message: 'Too many requests, please try again later.',
+        skipEndpoints: ['/session', '/callback'],
+        strictEndpoints: ['/sign-in', '/sign-up', '/forgot-password', '/reset-password'],
+        windowSeconds: 60,
+      },
+      secret: 'BETTER_AUTH_SECRET_DEV_32_CHARS_MIN',
+      socialProviders: {
+        apple: {
+          clientId: process.env.SOCIAL_APPLE_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_APPLE_CLIENT_SECRET || '',
+          enabled: false,
+        },
+        github: {
+          clientId: process.env.SOCIAL_GITHUB_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GITHUB_CLIENT_SECRET || '',
+          enabled: false,
+        },
+        google: {
+          clientId: process.env.SOCIAL_GOOGLE_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GOOGLE_CLIENT_SECRET || '',
+          enabled: false,
+        },
+      },
+      twoFactor: {
+        appName: 'Nest Server Development',
+        enabled: false,
+      },
+    },
     compression: true,
     cookies: false,
     email: {
@@ -114,10 +159,55 @@ const config: { [env: string]: IServerOptions } = {
   },
   // ===========================================================================
-  // Development environment
+  // Local environment
   // ===========================================================================
   local: {
     automaticObjectIdFiltering: true,
+    betterAuth: {
+      basePath: '/iam',
+      baseUrl: 'http://localhost:3000',
+      // enabled: true by default - set false to explicitly disable
+      jwt: {
+        enabled: true,
+        expiresIn: '15m',
+      },
+      passkey: {
+        enabled: true,
+        origin: 'http://localhost:3000',
+        rpId: 'localhost',
+        rpName: 'Nest Server Local',
+      },
+      rateLimit: {
+        enabled: true,
+        max: 20,
+        message: 'Too many requests, please try again later.',
+        skipEndpoints: ['/session', '/callback'],
+        strictEndpoints: ['/sign-in', '/sign-up', '/forgot-password', '/reset-password'],
+        windowSeconds: 60,
+      },
+      secret: 'BETTER_AUTH_SECRET_LOCAL_32_CHARS_M',
+      socialProviders: {
+        apple: {
+          clientId: process.env.SOCIAL_APPLE_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_APPLE_CLIENT_SECRET || '',
+          enabled: false,
+        },
+        github: {
+          clientId: process.env.SOCIAL_GITHUB_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GITHUB_CLIENT_SECRET || '',
+          enabled: false,
+        },
+        google: {
+          clientId: process.env.SOCIAL_GOOGLE_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GOOGLE_CLIENT_SECRET || '',
+          enabled: false,
+        },
+      },
+      twoFactor: {
+        appName: 'Nest Server Local',
+        enabled: true,
+      },
+    },
     compression: true,
     cookies: false,
     cronJobs: {
@@ -232,6 +322,54 @@ const config: { [env: string]: IServerOptions } = {
   // ===========================================================================
   production: {
     automaticObjectIdFiltering: true,
+    betterAuth: {
+      basePath: '/iam',
+      baseUrl: process.env.BETTER_AUTH_URL || 'https://example.com',
+      // enabled: true by default - set false to explicitly disable
+      jwt: {
+        enabled: true,
+        expiresIn: '15m',
+      },
+      passkey: {
+        enabled: false,
+        origin: process.env.BETTER_AUTH_URL || 'https://example.com',
+        rpId: process.env.PASSKEY_RP_ID || 'example.com',
+        rpName: process.env.PASSKEY_RP_NAME || 'Nest Server Production',
+      },
+      rateLimit: {
+        enabled: process.env.RATE_LIMIT_ENABLED !== 'false',
+        max: parseInt(process.env.RATE_LIMIT_MAX || '10', 10),
+        message: process.env.RATE_LIMIT_MESSAGE || 'Too many requests, please try again later.',
+        skipEndpoints: ['/session', '/callback'],
+        strictEndpoints: ['/sign-in', '/sign-up', '/forgot-password', '/reset-password'],
+        windowSeconds: parseInt(process.env.RATE_LIMIT_WINDOW_SECONDS || '60', 10),
+      },
+      // IMPORTANT: Set BETTER_AUTH_SECRET in production!
+      // Without it, an insecure default is used which allows session forgery.
+      // Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
+      secret: process.env.BETTER_AUTH_SECRET,
+      socialProviders: {
+        apple: {
+          clientId: process.env.SOCIAL_APPLE_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_APPLE_CLIENT_SECRET || '',
+          enabled: !!process.env.SOCIAL_APPLE_CLIENT_ID,
+        },
+        github: {
+          clientId: process.env.SOCIAL_GITHUB_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GITHUB_CLIENT_SECRET || '',
+          enabled: !!process.env.SOCIAL_GITHUB_CLIENT_ID,
+        },
+        google: {
+          clientId: process.env.SOCIAL_GOOGLE_CLIENT_ID || '',
+          clientSecret: process.env.SOCIAL_GOOGLE_CLIENT_SECRET || '',
+          enabled: !!process.env.SOCIAL_GOOGLE_CLIENT_ID,
+        },
+      },
+      twoFactor: {
+        appName: process.env.TWO_FACTOR_APP_NAME || 'Nest Server',
+        enabled: process.env.TWO_FACTOR_ENABLED === 'true',
+      },
+    },
     compression: true,
     cookies: false,
     email: {

package/src/core/common/decorators/restricted.decorator.ts CHANGED Viewed

@@ -61,7 +61,7 @@ export const getRestricted = (object: unknown, propertyKey?: string): Restricted
  */
 export const checkRestricted = (
   data: any,
-  user: { hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
+  user: { emailVerified?: any; hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
   options: {
     allowCreatorOfParent?: boolean;
     checkObjectItself?: boolean;
@@ -163,7 +163,7 @@ export const checkRestricted = (
         (roles.includes(RoleEnum.S_CREATOR) &&
           (('createdBy' in data && equalIds(data.createdBy, user)) ||
             (config.allowCreatorOfParent && !('createdBy' in data) && config.isCreatorOfParent))) ||
-        (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt))
+        (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt || user?.emailVerified))
       ) {
         valid = true;
       }

package/src/core/common/helpers/filter.helper.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { FilterQuery, QueryOptions } from 'mongoose';
+import { QueryFilter, QueryOptions } from 'mongoose';
 import { FilterArgs } from '../args/filter.args';
 import { ComparisonOperatorEnum } from '../enums/comparison-operator.enum';
@@ -19,14 +19,14 @@ export class Filter {
    * Convert filter arguments to a query array
    * @param filterArgs
    */
-  public static convertFilterArgsToQuery<T = any>(filterArgs: Partial<FilterArgs>): [FilterQuery<T>, QueryOptions] {
-    return convertFilterArgsToQuery(filterArgs);
+  public static convertFilterArgsToQuery<T = Record<string, any>>(filterArgs: Partial<FilterArgs>): [T, QueryOptions] {
+    return convertFilterArgsToQuery<T>(filterArgs);
   }
   /**
    * Generate filter query
    */
-  public static generateFilterQuery<T = any>(filter?: Partial<FilterInput>): any | FilterQuery<T> {
+  public static generateFilterQuery<T = any>(filter?: Partial<FilterInput>): any | QueryFilter<T> {
     return generateFilterQuery(filter);
   }
@@ -41,31 +41,29 @@ export class Filter {
 /**
  * Convert filter arguments to a query array
  */
-export function convertFilterArgsToQuery<T = any>(filterArgs: Partial<FilterArgs>): [FilterQuery<T>, QueryOptions] {
-  return [generateFilterQuery(filterArgs?.filter), generateFindOptions(filterArgs)];
+export function convertFilterArgsToQuery<T = Record<string, any>>(filterArgs: Partial<FilterArgs>): [T, QueryOptions] {
+  return [generateFilterQuery(filterArgs?.filter) as T, generateFindOptions(filterArgs)];
 }
 /**
  * Merge FilterArgs and FilterQueries
  */
-export function filterMerge<T = unknown>(
+export function filterMerge<T = Record<string, any>>(
   filterArgs: Partial<FilterArgs>,
-  filterQuery: Partial<FilterQuery<T>>,
+  filterQuery: Partial<T>,
   options?: {
     operator?: '$and' | '$nor' | '$or';
     queryOptions?: Partial<QueryOptions>;
     samples?: number;
   },
-): { filterQuery: FilterQuery<T>; queryOptions?: QueryOptions; samples?: number } {
+): { filterQuery: T; queryOptions?: QueryOptions; samples?: number } {
   const config = {
     operator: '$and',
     ...options,
   };
   const converted = convertFilterArgsToQuery(filterArgs);
   return {
-    filterQuery: (converted[0]
-      ? { [config.operator]: [converted[0], filterQuery || {}] }
-      : filterQuery) as FilterQuery<T>,
+    filterQuery: (converted[0] ? { [config.operator]: [converted[0], filterQuery || {}] } : filterQuery) as T,
     queryOptions: converted[1] || config.queryOptions ? { ...converted[1], ...config.queryOptions } : undefined,
     samples: config.samples,
   };
@@ -76,18 +74,18 @@ export function filterMerge<T = unknown>(
  */
 export function findFilter(options?: {
   conditions?: Record<string, any>[];
-  filterOptions?: FilterQuery<any>;
+  filterOptions?: QueryFilter<any>;
   id?: any;
   ids?: any[];
   type?: '$and' | '$nor' | '$or';
-}): FilterQuery<any> {
+}): QueryFilter<any> {
   const config = {
     type: '$and',
     ...options,
   };
   // Init filter Option
-  let filterOptions: FilterQuery<any> = config?.filterOptions;
+  let filterOptions: QueryFilter<any> = config?.filterOptions;
   // Check where condition
   if (!filterOptions) {
@@ -120,7 +118,7 @@ export function findFilter(options?: {
   }
   // Filter falsy values
-  filterOptions[config.type] = filterOptions[config.type].filter(value => value);
+  filterOptions[config.type] = filterOptions[config.type].filter((value) => value);
   // Optimizations
   if (!filterOptions[config.type].length) {
@@ -143,7 +141,7 @@ export function findFilter(options?: {
 export function generateFilterQuery<T = any>(
   filter?: Partial<FilterInput>,
   options?: { automaticObjectIdFiltering?: boolean },
-): any | FilterQuery<T> {
+): any | QueryFilter<T> {
   // Check filter
   if (!filter) {
     return undefined;

package/src/core/common/helpers/gridfs.helper.ts CHANGED Viewed

@@ -166,7 +166,7 @@ export class GridFSHelper {
    */
   static async findFiles(bucket: GridFSBucket, filter: any = {}, options: any = {}): Promise<GridFSFileInfo[]> {
     const files = await bucket.find(filter, options).toArray();
-    return files.map(file => GridFSHelper.normalizeFileInfo(file));
+    return files.map((file) => GridFSHelper.normalizeFileInfo(file));
   }
   /**
@@ -200,12 +200,12 @@ export class GridFSHelper {
     filename: string,
     options?: { contentType?: string },
   ): mongo.GridFSBucketWriteStream {
-    // Store contentType in metadata to avoid deprecation warning
+    // Store contentType in metadata (mongodb 7.x no longer has contentType option)
     if (options?.contentType) {
       const metadata = { contentType: options.contentType };
       return bucket.openUploadStream(filename, { metadata });
     }
-    return bucket.openUploadStream(filename, options);
+    return bucket.openUploadStream(filename);
   }
   /**
@@ -217,11 +217,11 @@ export class GridFSHelper {
     filename: string,
     options?: { contentType?: string },
   ): mongo.GridFSBucketWriteStream {
-    // Store contentType in metadata to avoid deprecation warning
+    // Store contentType in metadata (mongodb 7.x no longer has contentType option)
     if (options?.contentType) {
       const metadata = { contentType: options.contentType };
       return bucket.openUploadStreamWithId(id, filename, { metadata });
     }
-    return bucket.openUploadStreamWithId(id, filename, options);
+    return bucket.openUploadStreamWithId(id, filename);
   }
 }

package/src/core/common/helpers/input.helper.ts CHANGED Viewed

@@ -209,7 +209,7 @@ export function assignPlain(target: Record<any, any>, ...args: Record<any, any>[
  */
 export async function check(
   value: any,
-  user: { hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
+  user: { emailVerified?: any; hasRole: (roles: string[]) => boolean; id: any; verified?: any; verifiedAt?: any },
   options?: {
     allowCreatorOfParent?: boolean;
     dbObject?: any;
@@ -264,7 +264,7 @@ export async function check(
             !('createdBy' in config.dbObject) &&
             config.isCreatorOfParent))) ||
       // check if the is verified
-      (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt))
+      (roles.includes(RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt || user?.emailVerified))
     ) {
       valid = true;
     }