@lenne.tech/nest-server 2.0.4 → 3.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "2.0.4",
+  "version": "3.1.2",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -49,48 +49,40 @@
     "url": "https://github.com/lenneTech/nest-server/issues"
   },
   "engines": {
-    "node": ">= 14.17.0"
-  },
-  "peerDependencies": {
-    "@nestjs/testing": "8.1.2",
-    "@nestjs/core": "8.1.2",
-    "@nestjs/common": "8.1.2",
-    "@nestjs/graphql": "9.1.1",
-    "@nestjs/jwt": "8.0.0",
-    "@nestjs/mongoose": "9.0.1",
-    "@nestjs/passport": "8.0.1",
-    "@nestjs/platform-express": "8.1.2"
+    "node": ">= 16.13.0"
   },
   "dependencies": {
-    "@apollo/federation": "0.33.6",
+    "@apollo/federation": "0.33.9",
     "@apollo/gateway": "0.42.3",
-    "@nestjs/testing": "8.1.2",
-    "@nestjs/core": "8.1.2",
-    "@nestjs/common": "8.1.2",
-    "@nestjs/graphql": "9.1.1",
+    "@nestjs/common": "8.2.6",
+    "@nestjs/core": "8.2.6",
+    "@nestjs/graphql": "9.1.2",
     "@nestjs/jwt": "8.0.0",
-    "@nestjs/mongoose": "9.0.1",
-    "@nestjs/passport": "8.0.1",
-    "@nestjs/platform-express": "8.1.2",
+    "@nestjs/mongoose": "9.0.2",
+    "@nestjs/passport": "8.1.0",
+    "@nestjs/platform-express": "8.2.6",
+    "@nestjs/testing": "8.2.6",
+    "@shelf/jest-mongodb": "2.2.0",
     "@types/ejs": "3.1.0",
-    "@types/jest": "27.0.2",
-    "@types/lodash": "4.14.176",
+    "@types/jest": "27.4.0",
+    "@types/lodash": "4.14.178",
     "@types/multer": "1.4.7",
-    "@types/node": "16.11.6",
+    "@types/node": "16.11.21",
+    "@types/node-mailjet": "3.3.8",
     "@types/nodemailer": "6.4.4",
     "@types/passport": "1.0.7",
     "@types/supertest": "2.0.11",
-    "@typescript-eslint/eslint-plugin": "5.3.0",
-    "@typescript-eslint/parser": "5.3.0",
-    "apollo-server-core": "3.4.0",
-    "apollo-server-express": "3.4.0",
+    "@typescript-eslint/eslint-plugin": "5.10.0",
+    "@typescript-eslint/parser": "5.10.0",
+    "apollo-server-core": "3.6.2",
+    "apollo-server-express": "3.6.2",
     "bcrypt": "5.0.1",
-    "class-transformer": "0.4.0",
-    "class-validator": "0.13.1",
+    "class-transformer": "0.5.1",
+    "class-validator": "0.13.2",
     "coffeescript": "2.6.1",
     "ejs": "3.1.6",
-    "fastify": "3.22.1",
-    "graphql": "15.7.2",
+    "fastify": "3.27.0",
+    "graphql": "15.8.0",
     "graphql-subscriptions": "2.0.0",
     "grunt": "1.4.1",
     "grunt-bg-shell": "2.3.3",
@@ -98,33 +90,35 @@
     "grunt-contrib-watch": "1.1.0",
     "grunt-sync": "0.8.2",
     "husky": "7.0.4",
-    "jest": "27.3.1",
-    "json-to-graphql-query": "2.1.0",
-    "light-my-request": "4.6.0",
+    "jest": "27.4.7",
+    "json-to-graphql-query": "2.2.0",
+    "light-my-request": "4.7.0",
     "lodash": "4.17.21",
-    "mongoose": "6.0.12",
-    "multer": "1.4.3",
-    "nodemailer": "6.7.0",
-    "nodemon": "2.0.14",
-    "passport": "0.4.1",
+    "mongodb": "4.3.0",
+    "mongoose": "6.1.7",
+    "multer": "1.4.4",
+    "node-mailjet": "3.3.5",
+    "nodemailer": "6.7.2",
+    "nodemon": "2.0.15",
+    "passport": "0.5.2",
     "passport-jwt": "4.0.0",
     "reflect-metadata": "0.1.13",
     "rimraf": "3.0.2",
-    "rxjs": "7.4.0",
-    "supertest": "6.1.6",
-    "ts-morph": "12.2.0",
+    "rxjs": "7.5.2",
+    "supertest": "6.2.2",
+    "ts-morph": "13.0.3",
     "ts-node": "10.4.0",
-    "tsconfig-paths": "3.11.0"
+    "tsconfig-paths": "3.12.0"
   },
   "devDependencies": {
-    "eslint": "8.1.0",
+    "eslint": "8.7.0",
     "eslint-config-prettier": "8.3.0",
     "find-file-up": "2.0.1",
     "pm2": "5.1.2",
-    "prettier": "2.4.1",
-    "pretty-quick": "3.1.1",
-    "ts-jest": "27.0.7",
-    "typescript": "4.4.4"
+    "prettier": "2.5.1",
+    "pretty-quick": "3.1.3",
+    "ts-jest": "27.1.3",
+    "typescript": "4.5.5"
   },
   "jest": {
     "collectCoverage": true,

package/src/config.env.ts

@@ -19,10 +19,16 @@ const config: { [env: string]: IServerOptions } = {
         port: 587,
         secure: false,
       },
+      mailjet: {
+        api_key_public: 'MAILJET_API_KEY_PUBLIC',
+        api_key_private: 'MAILJET_API_KEY_PRIVATE',
+      },
       defaultSender: {
         email: 'rebeca68@ethereal.email',
         name: 'Rebeca Sixtyeight',
       },
+      verificationLink: 'http://localhost:4200/user/verification',
+      passwordResetLink: 'http://localhost:4200/user/password-reset',
     },
     env: 'development',
     graphQl: {
@@ -60,10 +66,16 @@ const config: { [env: string]: IServerOptions } = {
         port: 587,
         secure: false,
       },
+      mailjet: {
+        api_key_public: 'MAILJET_API_KEY_PUBLIC',
+        api_key_private: 'MAILJET_API_KEY_PRIVATE',
+      },
       defaultSender: {
         email: 'rebeca68@ethereal.email',
         name: 'Rebeca Sixtyeight',
       },
+      verificationLink: 'http://localhost:4200/user/verification',
+      passwordResetLink: 'http://localhost:4200/user/password-reset',
     },
     env: 'productive',
     graphQl: {
@@ -93,7 +105,8 @@ const config: { [env: string]: IServerOptions } = {
  *
  * default: development
  */
-const envConfig = config[process.env.NODE_ENV || 'development'] || config.development;
+const envConfig = config[process.env['NODE' + '_ENV'] || 'development'] || config.development;
+console.log('Server starts in mode: ', process.env['NODE' + '_ENV'] || 'development');
 
 /**
  * Export envConfig as default

package/src/core/common/helpers/service.helper.ts

@@ -1,4 +1,7 @@
+import { UnauthorizedException } from '@nestjs/common';
 import * as bcrypt from 'bcrypt';
+import * as _ from 'lodash';
+import { RoleEnum } from '../enums/role.enum';
 
 /**
  * Helper class for services
@@ -9,13 +12,15 @@ export class ServiceHelper {
    */
   static async prepareInput(
     input: { [key: string]: any },
-    currentUser: { id: string },
+    currentUser: { [key: string]: any; id: string },
     options: { [key: string]: any; create?: boolean; clone?: boolean } = {},
     ...args: any[]
   ) {
     // Configuration
     const config = {
+      checkRoles: true,
       clone: false,
+      create: false,
       ...options,
     };
 
@@ -24,7 +29,21 @@ export class ServiceHelper {
       input = JSON.parse(JSON.stringify(input));
     }
 
-    // Has password
+    // Process roles
+    if (input.roles && config.checkRoles && (!currentUser?.hasRole || !currentUser.hasRole(RoleEnum.ADMIN))) {
+      if (!(currentUser as any)?.roles) {
+        throw new UnauthorizedException('Missing roles of current user');
+      } else {
+        const allowedRoles = _.intersection(input.roles, (currentUser as any).roles);
+        if (allowedRoles.length !== input.roles.length) {
+          const missingRoles = _.difference(input.roles, (currentUser as any).roles);
+          throw new UnauthorizedException('Current user not allowed setting roles: ' + missingRoles);
+        }
+        input.roles = allowedRoles;
+      }
+    }
+
+    // Hash password
     if (input.password) {
       input.password = await bcrypt.hash((input as any).password, 10);
     }
@@ -46,11 +65,11 @@ export class ServiceHelper {
   /**
    * Prepare output before return
    */
-  static async prepareOutput(
+  static async prepareOutput<T = Record<string, any>>(
     output: any,
     userModel: new () => any,
     userService: any,
-    options: { [key: string]: any; clone?: boolean } = {},
+    options: { [key: string]: any; clone?: boolean; targetModel?: Partial<T> } = {},
     ...args: any[]
   ) {
     // Configuration
@@ -64,9 +83,20 @@ export class ServiceHelper {
       output = JSON.parse(JSON.stringify(output));
     }
 
+    // Map output if target model exist
+    if (options.targetModel) {
+      (options.targetModel as any).map(output);
+    }
+
     // Remove password if exists
     delete output.password;
 
+    // Remove verification token if exists
+    delete output.verificationToken;
+
+    // Remove password reset token if exists
+    delete output.passwordResetToken;
+
     // Return prepared user
     return output;
   }

package/src/core/common/interfaces/mailjet-options.interface.ts

@@ -0,0 +1,4 @@
+export interface MailjetOptions {
+  api_key_public: string;
+  api_key_private: string;
+}

package/src/core/common/interfaces/server-options.interface.ts

@@ -3,6 +3,7 @@ import { JwtModuleOptions } from '@nestjs/jwt';
 import { ServeStaticOptions } from '@nestjs/platform-express/interfaces/serve-static-options.interface';
 import * as SMTPTransport from 'nodemailer/lib/smtp-transport';
 import { MongooseModuleOptions } from '@nestjs/mongoose/dist/interfaces/mongoose-options.interface';
+import { MailjetOptions } from './mailjet-options.interface';
 
 /**
  * Options for the server
@@ -101,6 +102,17 @@ export interface IServerOptions {
      */
     smtp?: SMTPTransport | SMTPTransport.Options | string;
 
+    mailjet?: MailjetOptions;
+    /**
+     * Verification link for email
+     */
+    verificationLink?: string;
+
+    /**
+     * Password reset link for email
+     */
+    passwordResetLink?: string;
+
     /**
      * Data for default sender
      */

package/src/core/common/services/mailjet.service.ts

@@ -0,0 +1,84 @@
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from './config.service';
+import * as mailjet from 'node-mailjet';
+
+/**
+ * Mailjet service
+ */
+@Injectable()
+export class MailjetService {
+  /**
+   * Inject services
+   */
+  constructor(protected configService: ConfigService) {}
+
+  /**
+   * Send a mail
+   */
+  public async sendMail(
+    recipients: string | string[],
+    subject: string,
+    templateId: number,
+    config: {
+      senderEmail?: string;
+      senderName?: string;
+      attachments?: mailjet.Email.Attachment[];
+      templateData?: { [key: string]: any };
+      sandbox?: boolean;
+    }
+  ): Promise<mailjet.Email.PostResponse> {
+    // Process config
+    const { senderName, senderEmail, templateData, attachments, sandbox } = {
+      senderEmail: this.configService.get('email.defaultSender.email'),
+      senderName: this.configService.get('email.defaultSender.name'),
+      sandbox: false,
+      attachments: null,
+      templateData: null,
+      ...config,
+    };
+
+    // Parse recipients
+    let to;
+    if (Array.isArray(recipients)) {
+      to = [];
+      for (const recipient of recipients) {
+        to.push({ Email: recipient });
+      }
+    } else {
+      to = [{ Email: recipients }];
+    }
+
+    // Parse body for mailjet request
+    const body: mailjet.Email.SendParams = {
+      Messages: [
+        {
+          From: {
+            Email: senderEmail,
+            Name: senderName,
+          },
+          To: to,
+          TemplateID: templateId,
+          TemplateLanguage: true,
+          Variables: templateData,
+          Subject: subject,
+          Attachments: attachments,
+        },
+      ],
+      SandboxMode: sandbox,
+    };
+
+    let connection: mailjet.Email.Client;
+    try {
+      // Connect to mailjet
+      connection = await mailjet.connect(
+        this.configService.get('email.mailjet.api_key_public'),
+        this.configService.get('email.mailjet.api_key_private')
+      );
+    } catch (e) {
+      throw new Error('Cannot connect to mailjet.');
+    }
+
+    // Send mail with mailjet
+    return connection.post('send', { version: 'v3.1' }).request(body);
+  }
+}

package/src/core/modules/user/core-basic-user.service.ts

@@ -16,9 +16,9 @@ const pubSub = new PubSub();
  * User service
  */
 export abstract class CoreBasicUserService<
-  TUser = CoreUserModel,
-  TUserInput = CoreUserInput,
-  TUserCreateInput = CoreUserCreateInput
+  TUser extends CoreUserModel,
+  TUserInput extends CoreUserInput,
+  TUserCreateInput extends CoreUserCreateInput
 > {
   protected readonly model: ICorePersistenceModel;
 

package/src/core/modules/user/core-user.model.ts

@@ -59,6 +59,26 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   @Prop()
   username: string = undefined;
 
+  /**
+   * Password reset token of the user
+   */
+  @IsOptional()
+  @Prop()
+  passwordResetToken: string = undefined;
+
+  /**
+   * Verification token of the user
+   */
+  @IsOptional()
+  @Prop()
+  verificationToken: string = undefined;
+
+  /**
+   * Verification of the user
+   */
+  @Prop({ type: Boolean })
+  verified = false;
+
   // ===================================================================================================================
   // Methods
   // ===================================================================================================================

package/src/core/modules/user/core-user.service.ts

@@ -1,13 +1,23 @@
-import { NotFoundException, UnprocessableEntityException } from '@nestjs/common';
+import {
+  BadRequestException,
+  NotFoundException,
+  UnauthorizedException,
+  UnprocessableEntityException,
+} from '@nestjs/common';
 import * as bcrypt from 'bcrypt';
 import { PubSub } from 'graphql-subscriptions';
 import { FilterArgs } from '../../common/args/filter.args';
+import { RoleEnum } from '../../common/enums/role.enum';
 import { Filter } from '../../common/helpers/filter.helper';
 import { CoreBasicUserService } from './core-basic-user.service';
 import { CoreUserModel } from './core-user.model';
 import { CoreUserCreateInput } from './inputs/core-user-create.input';
 import { CoreUserInput } from './inputs/core-user.input';
 import { Model } from 'mongoose';
+import * as _ from 'lodash';
+import * as crypto from 'crypto';
+import envConfig from '../../../config.env';
+import { EmailService } from '../../common/services/email.service';
 
 // Subscription
 const pubSub = new PubSub();
@@ -16,11 +26,11 @@ const pubSub = new PubSub();
  * User service
  */
 export abstract class CoreUserService<
-  TUser = CoreUserModel,
-  TUserInput = CoreUserInput,
-  TUserCreateInput = CoreUserCreateInput
+  TUser extends CoreUserModel,
+  TUserInput extends CoreUserInput,
+  TUserCreateInput extends CoreUserCreateInput
 > extends CoreBasicUserService<TUser, TUserInput, TUserCreateInput> {
-  protected constructor(protected readonly userModel: Model<any>) {
+  protected constructor(protected readonly userModel: Model<any>, protected emailService: EmailService) {
     super(userModel);
   }
 
@@ -35,8 +45,11 @@ export abstract class CoreUserService<
     // Prepare input
     await this.prepareInput(input, currentUser, { create: true });
 
+    // Generate verification token
+    const newUser = { ...input, ...{ verificationToken: crypto.randomBytes(32).toString('hex') } };
+
     // Create new user
-    const createdUser = new this.userModel(this.model.map(input));
+    const createdUser = new this.userModel(this.model.map(newUser));
 
     try {
       // Save created user
@@ -108,6 +121,93 @@ export abstract class CoreUserService<
     );
   }
 
+  /**
+   * Verify user with token
+   *
+   * @param token
+   */
+  async verify(token: string): Promise<boolean> {
+    const user = await this.userModel.findOne({ verificationToken: token }).exec();
+
+    if (!user) {
+      throw new NotFoundException();
+    }
+
+    if (!user.verificationToken) {
+      throw new Error('User has no token');
+    }
+
+    if (user.verified) {
+      throw new Error('User already verified');
+    }
+
+    await this.userModel.findByIdAndUpdate(user.id, { $set: { verified: true, verificationToken: null } }).exec();
+
+    return true;
+  }
+
+  /**
+   * Set newpassword for user with token
+   *
+   * @param token
+   * @param newPassword
+   */
+  async resetPassword(token: string, newPassword: string): Promise<boolean> {
+    const user = await this.userModel.findOne({ passwordResetToken: token }).exec();
+
+    if (!user) {
+      throw new NotFoundException();
+    }
+
+    const cryptedPassword = await bcrypt.hash(newPassword, 10);
+    await this.userModel
+      .findByIdAndUpdate(user.id, { $set: { password: cryptedPassword, passwordResetToken: null } })
+      .exec();
+
+    return true;
+  }
+
+  /**
+   * Request email with password reset link
+   *
+   * @param email
+   */
+  async requestPasswordResetMail(email: string): Promise<boolean> {
+    const user = await this.userModel.findOne({ email }).exec();
+
+    if (!user) {
+      throw new NotFoundException();
+    }
+
+    const resetToken = crypto.randomBytes(32).toString('hex');
+    await this.userModel.findByIdAndUpdate(user.id, { $set: { passwordResetToken: resetToken } }).exec();
+
+    await this.emailService.sendMail(user.email, 'Password reset', {
+      htmlTemplate: 'password-reset',
+      templateData: { name: user.username, link: envConfig.email.passwordResetLink + '/' + resetToken },
+    });
+
+    return true;
+  }
+
+  /**
+   * Set roles for specified user
+   */
+  async setRoles(userId: string, roles: string[]): Promise<TUser> {
+    // Check roles
+    if (!Array.isArray(roles)) {
+      throw new BadRequestException('Missing roles');
+    }
+
+    // Check roles values
+    if (roles.some((role) => typeof role !== 'string')) {
+      throw new BadRequestException('roles contains invalid values');
+    }
+
+    // Update and return user
+    return this.userModel.findByIdAndUpdate(userId, { roles }).exec();
+  }
+
   /**
    * Update user via ID
    */
@@ -144,22 +244,37 @@ export abstract class CoreUserService<
    */
   protected async prepareInput(
     input: { [key: string]: any },
-    currentUser: TUser,
-    options: { [key: string]: any; create?: boolean; clone?: boolean } = {},
+    currentUser?: TUser,
+    options: { [key: string]: any; checkRoles?: boolean; clone?: boolean } = {},
     ...args: any[]
   ) {
     // Configuration
     const config = {
+      checkRoles: true,
       clone: false,
       ...options,
     };
 
-    // Clone output
+    // Clone input
     if (config.clone) {
       input = JSON.parse(JSON.stringify(input));
     }
 
-    // Has password
+    // Process roles
+    if (input.roles && config.checkRoles && (!currentUser?.hasRole || !currentUser.hasRole(RoleEnum.ADMIN))) {
+      if (!(currentUser as any)?.roles) {
+        throw new UnauthorizedException('Missing roles of current user');
+      } else {
+        const allowedRoles = _.intersection(input.roles, (currentUser as any).roles);
+        if (allowedRoles.length !== input.roles.length) {
+          const missingRoles = _.difference(input.roles, (currentUser as any).roles);
+          throw new UnauthorizedException('Current user not allowed setting roles: ' + missingRoles);
+        }
+        input.roles = allowedRoles;
+      }
+    }
+
+    // Hash password
     if (input.password) {
       input.password = await bcrypt.hash((input as any).password, 10);
     }
@@ -190,6 +305,12 @@ export abstract class CoreUserService<
     // Remove password if exists
     delete (user as any).password;
 
+    // Remove verification token if exists
+    delete (user as any).verificationToken;
+
+    // Remove password reset token if exists
+    delete (user as any).passwordResetToken;
+
     // Return prepared user
     return user;
   }

package/src/core.module.ts

@@ -9,6 +9,7 @@ import { ConfigService } from './core/common/services/config.service';
 import { EmailService } from './core/common/services/email.service';
 import { TemplateService } from './core/common/services/template.service';
 import { MongooseModule } from '@nestjs/mongoose';
+import { MailjetService } from './core/common/services/mailjet.service';
 
 /**
  * Core module (dynamic)
@@ -91,6 +92,7 @@ export class CoreModule {
       // Core Services
       EmailService,
       TemplateService,
+      MailjetService,
     ];
 
     // Return dynamic module
@@ -101,7 +103,7 @@ export class CoreModule {
         GraphQLModule.forRoot(config.graphQl),
       ],
       providers,
-      exports: [ConfigService, EmailService, TemplateService],
+      exports: [ConfigService, EmailService, TemplateService, MailjetService],
     };
   }
 }

package/src/index.ts

@@ -41,6 +41,7 @@ export * from './core/common/scalars/json.scalar';
 export * from './core/common/services/config.service';
 export * from './core/common/services/email.service';
 export * from './core/common/services/template.service';
+export * from './core/common/services/mailjet.service';
 
 // =====================================================================================================================
 // Core - Modules - Auth