npm - @lenne.tech/nest-server - Versions diffs - 11.7.1 → 11.7.3 - Mend

@lenne.tech/nest-server 11.7.1 → 11.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/src/core/modules/user/core-user.service.ts CHANGED Viewed

@@ -91,6 +91,33 @@ export abstract class CoreUserService<
     return this.process(async () => dbObject, { dbObject, serviceOptions });
   }
+  /**
+   * Get user by MongoDB ID or BetterAuth IAM ID
+   *
+   * This method is used by RolesGuard to resolve users from BetterAuth JWT tokens.
+   * The sub claim in BetterAuth JWTs can contain either:
+   * - The MongoDB _id of the user
+   * - The BetterAuth iamId
+   *
+   * @param idOrIamId - MongoDB _id or BetterAuth iamId
+   * @returns User object or null if not found
+   */
+  async getByIdOrIamId(idOrIamId: string): Promise<null | TUser> {
+    try {
+      // First, try to find by MongoDB _id
+      const byId = await this.mainDbModel.findById(idOrIamId).exec();
+      if (byId) {
+        return byId as TUser;
+      }
+    } catch {
+      // Invalid ObjectId format - try iamId instead
+    }
+    // Try to find by iamId
+    const byIamId = await this.mainDbModel.findOne({ iamId: idOrIamId }).exec();
+    return byIamId as null | TUser;
+  }
   /**
    * Get verified state of user by token
    */

package/src/core.module.ts CHANGED Viewed

@@ -233,11 +233,17 @@ export class CoreModule implements NestModule {
     // Add BetterAuthModule based on mode
     // IAM-only mode: Always register BetterAuthModule (required for subscription auth)
     // Legacy mode: Only register if autoRegister is explicitly true
-    if (config.betterAuth?.enabled !== false) {
-      if (isIamOnlyMode || config.betterAuth?.autoRegister === true) {
+    // betterAuth can be: boolean | IBetterAuth | undefined
+    const betterAuthConfig = config.betterAuth;
+    const isBetterAuthEnabled =
+      betterAuthConfig === true || (typeof betterAuthConfig === 'object' && betterAuthConfig?.enabled !== false);
+    const isAutoRegister = typeof betterAuthConfig === 'object' && betterAuthConfig?.autoRegister === true;
+    if (isBetterAuthEnabled) {
+      if (isIamOnlyMode || isAutoRegister) {
         imports.push(
           BetterAuthModule.forRoot({
-            config: config.betterAuth || {},
+            config: betterAuthConfig === true ? {} : betterAuthConfig || {},
             // Pass JWT secrets for backwards compatibility fallback
             fallbackSecrets: [config.jwt?.secret, config.jwt?.refresh?.secret],
           }),

package/src/server/modules/better-auth/better-auth.module.ts CHANGED Viewed

@@ -10,9 +10,13 @@ import { BetterAuthResolver } from './better-auth.resolver';
  */
 export interface ServerBetterAuthModuleOptions {
   /**
-   * Better-auth configuration from environment
+   * Better-auth configuration.
+   * Accepts:
+   * - `true`: Enable with all defaults (including JWT)
+   * - `false`: Disable BetterAuth
+   * - `{ ... }`: Enable with custom configuration
    */
-  config: IBetterAuth;
+  config: boolean | IBetterAuth;
   /**
    * Fallback secrets for backwards compatibility with JWT config.
@@ -63,7 +67,9 @@ export class BetterAuthModule {
     const { config, fallbackSecrets } = options;
     // If better-auth is explicitly disabled, return minimal module
-    if (config?.enabled === false) {
+    // Supports: false, { enabled: false }, or undefined/null
+    const isDisabled = config === false || (typeof config === 'object' && config?.enabled === false);
+    if (isDisabled) {
       return {
         exports: [],
         module: BetterAuthModule,

package/src/server/modules/better-auth/better-auth.resolver.ts CHANGED Viewed

@@ -1,11 +1,8 @@
-import { UseGuards } from '@nestjs/common';
 import { Args, Context, Mutation, Query, Resolver } from '@nestjs/graphql';
 import { Request, Response } from 'express';
 import { Roles } from '../../../core/common/decorators/roles.decorator';
 import { RoleEnum } from '../../../core/common/enums/role.enum';
-import { AuthGuardStrategy } from '../../../core/modules/auth/auth-guard-strategy.enum';
-import { AuthGuard } from '../../../core/modules/auth/guards/auth.guard';
 import { BetterAuthAuthModel } from '../../../core/modules/better-auth/better-auth-auth.model';
 import { BetterAuthMigrationStatusModel } from '../../../core/modules/better-auth/better-auth-migration-status.model';
 import {
@@ -62,7 +59,6 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
     nullable: true,
   })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthSession(@Context() ctx: { req: Request }): Promise<BetterAuthSessionModel | null> {
     return super.betterAuthSession(ctx);
   }
@@ -87,12 +83,20 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
     return super.betterAuthMigrationStatus();
   }
+  @Query(() => String, {
+    description: 'Get fresh JWT token for the current session (requires valid session)',
+    nullable: true,
+  })
+  @Roles(RoleEnum.S_USER)
+  override async betterAuthToken(@Context() ctx: { req: Request }): Promise<null | string> {
+    return super.betterAuthToken(ctx);
+  }
   @Query(() => [BetterAuthPasskeyModel], {
     description: 'List passkeys for the current user',
     nullable: true,
   })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthListPasskeys(@Context() ctx: { req: Request }): Promise<BetterAuthPasskeyModel[] | null> {
     return super.betterAuthListPasskeys(ctx);
   }
@@ -127,7 +131,6 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
   @Mutation(() => Boolean, { description: 'Sign out via Better-Auth' })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthSignOut(@Context() ctx: { req: Request }): Promise<boolean> {
     return super.betterAuthSignOut(ctx);
   }
@@ -151,7 +154,6 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
     description: 'Enable 2FA for the current user',
   })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthEnable2FA(
     @Args('password') password: string,
     @Context() ctx: { req: Request },
@@ -163,7 +165,6 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
     description: 'Disable 2FA for the current user',
   })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthDisable2FA(
     @Args('password') password: string,
     @Context() ctx: { req: Request },
@@ -176,7 +177,6 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
     nullable: true,
   })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthGenerateBackupCodes(@Context() ctx: { req: Request }): Promise<null | string[]> {
     return super.betterAuthGenerateBackupCodes(ctx);
   }
@@ -189,7 +189,6 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
     description: 'Get passkey registration challenge for WebAuthn',
   })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthGetPasskeyChallenge(
     @Context() ctx: { req: Request },
   ): Promise<BetterAuthPasskeyChallengeModel> {
@@ -200,7 +199,6 @@ export class BetterAuthResolver extends CoreBetterAuthResolver {
     description: 'Delete a passkey by ID',
   })
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   override async betterAuthDeletePasskey(
     @Args('passkeyId') passkeyId: string,
     @Context() ctx: { req: Request },

package/src/server/modules/user/user.controller.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Body, Controller, Delete, Get, Param, Patch, Post, Query, UseGuards } from '@nestjs/common';
+import { Body, Controller, Delete, Get, Param, Patch, Post, Query } from '@nestjs/common';
 import {
   ApiBearerAuth,
   ApiBody,
@@ -15,8 +15,6 @@ import { CurrentUser } from '../../../core/common/decorators/current-user.decora
 import { Roles } from '../../../core/common/decorators/roles.decorator';
 import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { ServiceOptions } from '../../../core/common/interfaces/service-options.interface';
-import { AuthGuardStrategy } from '../../../core/modules/auth/auth-guard-strategy.enum';
-import { AuthGuard } from '../../../core/modules/auth/guards/auth.guard';
 import { UserCreateInput } from './inputs/user-create.input';
 import { UserInput } from './inputs/user.input';
 import { FindAndCountUsersResult } from './outputs/find-and-count-users-result.output';
@@ -48,7 +46,6 @@ export class UserController {
   @ApiOperation({ description: 'Find users (via filter)', summary: 'Get all users' })
   @Get()
   @Roles(RoleEnum.ADMIN)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   async findUsers(@CurrentUser() currentUser: User): Promise<User[]> {
     const serviceOptions: ServiceOptions = {
       currentUser,
@@ -67,7 +64,6 @@ export class UserController {
   })
   @Get('count')
   @Roles(RoleEnum.ADMIN)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   async findAndCountUsers(@CurrentUser() currentUser: User): Promise<FindAndCountUsersResult> {
     const serviceOptions: ServiceOptions = {
       currentUser,
@@ -99,7 +95,6 @@ export class UserController {
   @ApiParam({ description: 'User ID', name: 'id', type: String })
   @Get(':id')
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   async getUser(@CurrentUser() currentUser: User, @Param('id') id: string): Promise<User> {
     const serviceOptions: ServiceOptions = {
       currentUser,
@@ -121,7 +116,6 @@ export class UserController {
   @ApiOperation({ description: 'Create a new user', summary: 'Create user' })
   @Post()
   @Roles(RoleEnum.ADMIN)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   async createUser(@CurrentUser() currentUser: User, @Body() input: UserCreateInput): Promise<User> {
     const serviceOptions: ServiceOptions = {
       currentUser,
@@ -208,7 +202,6 @@ export class UserController {
   @ApiParam({ description: 'User ID', name: 'id', type: String })
   @Patch(':id')
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   async updateUser(@CurrentUser() currentUser: User, @Param('id') id: string, @Body() input: UserInput): Promise<User> {
     const serviceOptions: ServiceOptions = {
       currentUser,
@@ -231,7 +224,6 @@ export class UserController {
   @ApiParam({ description: 'User ID', name: 'id', type: String })
   @Delete(':id')
   @Roles(RoleEnum.S_USER)
-  @UseGuards(AuthGuard(AuthGuardStrategy.JWT))
   async deleteUser(@CurrentUser() currentUser: User, @Param('id') id: string): Promise<User> {
     const serviceOptions: ServiceOptions = {
       currentUser,