@lenne.tech/nest-server 8.1.0 → 8.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "8.1.0",
+  "version": "8.2.0",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -20,7 +20,7 @@
     "format:staged": "pretty-quick --staged",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
     "prestart:prod": "npm run build",
-    "reinit": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i && npm run test:e2e",
+    "reinit": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i && npm run test:e2e && npm run build",
     "reinit:force": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i --force && npm run test:e2e",
     "reinit:legacy": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i --legacy-peer-deps && npm run test:e2e",
     "start": "./node_modules/.bin/grunt",
@@ -29,13 +29,13 @@
     "start:nodemon": "ts-node -r tsconfig-paths/register src/main.ts",
     "start:debug": "nodemon --config nodemon-debug.json",
     "start:dev": "nodemon",
-    "test": "jest",
-    "test:cov": "jest --coverage",
-    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
-    "test:e2e": "jest --config jest-e2e.json",
-    "test:e2e-cov": "jest --config jest-e2e.json --coverage",
-    "test:ci": "jest --config jest-e2e.json --ci",
-    "test:watch": "jest --watch",
+    "test": "NODE_ENV=local jest",
+    "test:cov": "NODE_ENV=local jest --coverage",
+    "test:debug": "NODE_ENV=local node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "test:e2e": "NODE_ENV=local jest --config jest-e2e.json",
+    "test:e2e-cov": "NODE_ENV=local jest --config jest-e2e.json --coverage",
+    "test:ci": "NODE_ENV=local jest --config jest-e2e.json --ci",
+    "test:watch": "NODE_ENV=local jest --watch",
     "prepack": "npm run prestart:prod",
     "prepare": "husky install",
     "prepublishOnly": "npm run format && npm run lint && npm run test:ci",
@@ -52,39 +52,32 @@
     "node": ">= 16.13.0"
   },
   "dependencies": {
-    "@apollo/gateway": "0.50.1",
-    "@nestjs/apollo": "10.0.9",
+    "@apollo/gateway": "0.50.2",
+    "@nestjs/apollo": "10.0.11",
     "@nestjs/common": "8.4.4",
     "@nestjs/core": "8.4.4",
-    "@nestjs/graphql": "10.0.9",
+    "@nestjs/graphql": "10.0.11",
     "@nestjs/jwt": "8.0.0",
     "@nestjs/mongoose": "9.0.3",
     "@nestjs/passport": "8.2.1",
     "@nestjs/platform-express": "8.4.4",
-    "@types/ejs": "3.1.0",
-    "@types/lodash": "4.14.182",
-    "@types/multer": "1.4.7",
-    "@types/node": "17.0.25",
-    "@types/node-mailjet": "3.3.8",
-    "@types/nodemailer": "6.4.4",
-    "@types/passport": "1.0.7",
     "apollo-server-core": "3.6.7",
     "apollo-server-express": "3.6.7",
     "bcrypt": "5.0.1",
     "class-transformer": "0.5.1",
     "class-validator": "0.13.2",
-    "ejs": "3.0.2",
-    "graphql": "16.3.0",
+    "ejs": "3.1.7",
+    "graphql": "16.4.0",
     "graphql-subscriptions": "2.0.0",
-    "json-to-graphql-query": "2.2.3",
-    "light-my-request": "4.9.0",
+    "json-to-graphql-query": "2.2.4",
+    "light-my-request": "4.10.1",
     "lodash": "4.17.21",
     "mongodb": "4.5.0",
-    "mongoose": "6.3.0",
+    "mongoose": "6.3.2",
     "multer": "1.4.4",
-    "node-mailjet": "3.3.10",
-    "nodemailer": "6.7.3",
-    "nodemon": "2.0.15",
+    "node-mailjet": "3.3.13",
+    "nodemailer": "6.7.5",
+    "nodemon": "2.0.16",
     "passport": "0.5.2",
     "passport-jwt": "4.0.0",
     "reflect-metadata": "0.1.13",
@@ -93,12 +86,19 @@
   },
   "devDependencies": {
     "@nestjs/testing": "8.4.4",
-    "@types/jest": "27.4.1",
+    "@types/ejs": "3.1.0",
+    "@types/jest": "27.5.0",
+    "@types/lodash": "4.14.182",
+    "@types/multer": "1.4.7",
+    "@types/node": "16.11.33",
+    "@types/node-mailjet": "3.3.8",
+    "@types/nodemailer": "6.4.4",
+    "@types/passport": "1.0.7",
     "@types/supertest": "2.0.12",
-    "@typescript-eslint/eslint-plugin": "5.20.0",
-    "@typescript-eslint/parser": "5.20.0",
-    "coffeescript": "2.6.1",
-    "eslint": "8.13.0",
+    "@typescript-eslint/eslint-plugin": "5.22.0",
+    "@typescript-eslint/parser": "5.22.0",
+    "coffeescript": "2.7.0",
+    "eslint": "8.14.0",
     "eslint-config-prettier": "8.5.0",
     "find-file-up": "2.0.1",
     "grunt": "1.5.2",
@@ -107,16 +107,16 @@
     "grunt-contrib-watch": "1.1.0",
     "grunt-sync": "0.8.2",
     "husky": "7.0.4",
-    "jest": "27.5.1",
+    "jest": "28.0.3",
     "pm2": "5.2.0",
     "prettier": "2.6.2",
     "pretty-quick": "3.1.3",
-    "supertest": "6.2.2",
-    "ts-jest": "27.1.4",
+    "supertest": "6.2.3",
+    "ts-jest": "28.0.1",
     "ts-morph": "14.0.0",
     "ts-node": "10.7.0",
-    "tsconfig-paths": "3.14.1",
-    "typescript": "4.6.3"
+    "tsconfig-paths": "4.0.0",
+    "typescript": "4.6.4"
   },
   "jest": {
     "collectCoverage": true,

package/src/config.env.ts

@@ -109,8 +109,9 @@ const config: { [env: string]: IServerOptions } = {
  *
  * default: development
  */
-const envConfig = config[process.env['NODE' + '_ENV'] || 'development'] || config.development;
-console.log('Server starts in mode: ', process.env['NODE' + '_ENV'] || 'development');
+const env = process.env['NODE' + '_ENV'] || 'development';
+const envConfig = config[env] || config.development;
+console.log('Configured for: ' + envConfig.env + (env !== envConfig.env ? ' (requested: ' + env + ')' : ''));
 
 /**
  * Export envConfig as default

package/src/core/common/decorators/restricted.decorator.ts

@@ -1,6 +1,8 @@
 import 'reflect-metadata';
 import { UnauthorizedException } from '@nestjs/common';
 import { RoleEnum } from '../enums/role.enum';
+import { getStringIds } from '../helpers/db.helper';
+import { IdsType } from '../types/ids.type';
 
 /**
  * Restricted meta key
@@ -28,11 +30,13 @@ export const getRestricted = (object: unknown, propertyKey: string) => {
 
 /**
  * Check data for restricted properties (properties with `Restricted` decorator)
+ *
+ * If restricted roles includes RoleEnum.OWNER, ownerId(s) from current data (in DB) must be set in options.
  */
 export const checkRestricted = (
   data: any,
   user: { id: any; hasRole: (roles: string[]) => boolean },
-  options: { ignoreUndefined?: boolean; throwError?: boolean } = {},
+  options: { ignoreUndefined?: boolean; ownerIds?: IdsType; throwError?: boolean } = {},
   processedObjects: any[] = []
 ) => {
   const config = {
@@ -55,7 +59,7 @@ export const checkRestricted = (
   // Array
   if (Array.isArray(data)) {
     // Check array items
-    return data.map((item) => checkRestricted(item, user, options, processedObjects));
+    return data.map((item) => checkRestricted(item, user, config, processedObjects));
   }
 
   // Object
@@ -74,18 +78,20 @@ export const checkRestricted = (
       if (!user || !user.hasRole(roles)) {
         // Check special role for owner
         if (user && roles.includes(RoleEnum.OWNER)) {
-          const userId = user.id.toString();
+          const userId = getStringIds(user);
+          const ownerIds = config.ownerIds ? getStringIds(config.ownerIds) : null;
 
           if (
-            !data.ownerIds ||
-            !(
-              data.ownerIds === userId ||
-              (Array.isArray(data.ownerIds) &&
-                data.ownerIds.some((item) => (item.id ? item.id.toString() === userId : item.toString() === userId)))
-            )
+            // No owner IDs
+            !ownerIds ||
+            // User is not the owner
+            !(ownerIds === userId || (Array.isArray(ownerIds) && ownerIds.includes(userId)))
           ) {
             // The user does not have the required rights and is not the owner
             if (config.throwError) {
+              if (!config.ownerIds) {
+                throw new UnauthorizedException('Lack of ownerIds to verify ownership of ' + propertyKey);
+              }
               throw new UnauthorizedException('Current user is not allowed to set ' + propertyKey);
             }
             continue;
@@ -101,7 +107,7 @@ export const checkRestricted = (
     }
 
     // Check property data
-    data[propertyKey] = checkRestricted(data[propertyKey], user, options, processedObjects);
+    data[propertyKey] = checkRestricted(data[propertyKey], user, config, processedObjects);
   }
 
   // Return processed data

package/src/core/common/helpers/input.helper.ts

@@ -1,8 +1,11 @@
-import { BadRequestException } from '@nestjs/common';
+import { BadRequestException, UnauthorizedException } from '@nestjs/common';
 import { plainToInstance } from 'class-transformer';
 import { validate } from 'class-validator';
 import * as _ from 'lodash';
 import { checkRestricted } from '../decorators/restricted.decorator';
+import { RoleEnum } from '../enums/role.enum';
+import { IdsType } from '../types/ids.type';
+import { getStringIds } from './db.helper';
 
 /**
  * Helper class for inputs
@@ -15,9 +18,9 @@ export default class InputHelper {
   public static async check(
     value: any,
     user: { id: any; hasRole: (roles: string[]) => boolean },
-    metatype?
+    options?: { metatype?: any; ownerIds?: IdsType; roles?: string | string[] }
   ): Promise<any> {
-    return check(value, user, metatype);
+    return check(value, user, options);
   }
 
   // Standard error function
@@ -179,34 +182,80 @@ export default class InputHelper {
 export async function check(
   value: any,
   user: { id: any; hasRole: (roles: string[]) => boolean },
-  metatype?
+  options?: { metatype?: any; ownerIds?: IdsType; roles?: string | string[]; throwError?: boolean }
 ): Promise<any> {
+  const config = {
+    throwError: true,
+    ...options,
+  };
+
+  // Check roles
+  if (config.roles?.length && config.throwError) {
+    let roles = config.roles;
+    if (!Array.isArray(roles)) {
+      roles = [roles];
+    }
+    let valid = false;
+    if (roles.includes(RoleEnum.USER) && user?.id) {
+      valid = true;
+    } else if (user.hasRole(roles)) {
+      valid = true;
+    } else if (roles.includes(RoleEnum.OWNER) && user?.id && config.ownerIds) {
+      let ownerIds: string | string[] = getStringIds(config.ownerIds);
+      if (!Array.isArray(ownerIds)) {
+        ownerIds = [ownerIds];
+      }
+      valid = ownerIds.includes(getStringIds(user.id));
+    }
+    if (!valid) {
+      throw new UnauthorizedException('Missing rights');
+    }
+  }
+
   // Return value if it is only a basic type
-  if (typeof value !== 'object' || !metatype || isBasicType(metatype)) {
+  if (typeof value !== 'object') {
     return value;
   }
 
-  // Convert to metatype
-  if (!(value instanceof metatype)) {
-    if ((metatype as any)?.map) {
-      value = (metatype as any)?.map(value);
-    } else {
-      value = plainToInstance(metatype, value);
+  // Check array
+  if (Array.isArray(value)) {
+    for (const [key, item] of Object.entries(value)) {
+      value[key] = await check(item, user, config);
+    }
+    return value;
+  }
+
+  const metatype = config.metatype;
+  if (metatype) {
+    // Check metatype
+    if (isBasicType(metatype)) {
+      return value;
+    }
+
+    // Convert to metatype
+    if (!(value instanceof metatype)) {
+      if ((metatype as any)?.map) {
+        value = (metatype as any)?.map(value);
+      } else {
+        value = plainToInstance(metatype, value);
+      }
     }
   }
 
   // Validate
   const errors = await validate(value);
-  if (errors.length > 0) {
+  if (errors.length > 0 && config.throwError) {
     throw new BadRequestException('Validation failed');
   }
 
   // Remove restricted values if roles are missing
-  value = checkRestricted(value, user);
+  value = checkRestricted(value, user, config);
   return value;
 }
 
-// Standard error function
+/**
+ * Standard error function
+ */
 export function errorFunction(caller: (...params) => any, message = 'Required parameter is missing or invalid') {
   const err = new Error(message);
   Error.captureStackTrace(err, caller);

package/src/core/common/interfaces/service-options.interface.ts

@@ -1,5 +1,6 @@
-import { Model } from 'mongoose';
+import { Model, Types } from 'mongoose';
 import { FieldSelection } from '../types/field-selection.type';
+import { IdsType } from '../types/ids.type';
 
 /**
  * General service options
@@ -8,6 +9,11 @@ export interface ServiceOptions {
   // All fields are allowed to be compatible as far as possible
   [key: string]: any;
 
+  // Check rights for input data (see check function in InputHelper)
+  // If falsy: input data will not be checked
+  // If truly (default): input data will be checked
+  checkRights?: boolean;
+
   // Current user to set ownership, check roles and other things
   currentUser?: {
     [key: string]: any;
@@ -18,6 +24,12 @@ export interface ServiceOptions {
   // Field selection for results
   fieldSelection?: FieldSelection;
 
+  // Overwrites type of input (array items)
+  inputType?: new (...params: any[]) => any;
+
+  // Owner IDs
+  ownerIds?: IdsType;
+
   // Process field selection
   // If {} or not set, then the field selection runs with defaults
   // If falsy, then the field selection will not be automatically executed
@@ -50,4 +62,10 @@ export interface ServiceOptions {
 
   // Whether to publish action via GraphQL subscription
   pubSub?: boolean;
+
+  // Overwrites type of result (array items)
+  resultType?: new (...params: any[]) => any;
+
+  // Roles (as string) to check
+  roles?: string | string[];
 }

package/src/core/common/models/core-model.model.ts

@@ -78,7 +78,7 @@ export abstract class CoreModel {
    * Initialize instance with default values instead of undefined
    * Should be overwritten in child class to organize the defaults
    */
-  public init<T extends CoreModel>(...args: any[]): this {
+  public init(...args: any[]): this {
     return this;
   }
 

package/src/core/common/pipes/check-input.pipe.ts

@@ -28,6 +28,6 @@ export class CheckInputPipe implements PipeTransform {
     const { user }: any = getContextData(this.context);
 
     // Check and return
-    return check(value, user, metatype);
+    return check(value, user, { metatype });
   }
 }

package/src/core/common/services/crud.service.ts

@@ -24,16 +24,11 @@ export abstract class CrudService<T extends CoreModel = any> extends ModuleServi
    * Get item by ID
    */
   async get(id: string, serviceOptions?: ServiceOptions): Promise<T> {
-    return this.process(
-      async (data) => {
-        const item = await this.mainDbModel.findById(data.input).exec();
-        if (!item) {
-          throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
-        }
-        return item;
-      },
-      { input: id, serviceOptions }
-    );
+    const dbObject = await this.mainDbModel.findById(id).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
+    }
+    return this.process(async () => dbObject, { dbObject, serviceOptions });
   }
 
   /**
@@ -74,15 +69,15 @@ export abstract class CrudService<T extends CoreModel = any> extends ModuleServi
    * Update item via ID
    */
   async update(id: string, input: any, serviceOptions?: ServiceOptions): Promise<T> {
+    const dbObject = await this.mainDbModel.findById(id).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
+    }
     return this.process(
       async (data) => {
-        const item = await this.mainDbModel.findById(id).exec();
-        if (!item) {
-          throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
-        }
-        return await Object.assign(item, data.input).save();
+        return await Object.assign(dbObject, data.input).save();
       },
-      { input, serviceOptions }
+      { dbObject, input, serviceOptions }
     );
   }
 
@@ -90,16 +85,16 @@ export abstract class CrudService<T extends CoreModel = any> extends ModuleServi
    * Delete item via ID
    */
   async delete(id: string, serviceOptions?: ServiceOptions): Promise<T> {
+    const dbObject = await this.mainDbModel.findById(id).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
+    }
     return this.process(
       async (data) => {
-        const item = await this.mainDbModel.findById(id).exec();
-        if (!item) {
-          throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
-        }
         await this.mainDbModel.findByIdAndDelete(id).exec();
-        return item;
+        return dbObject;
       },
-      { input: id, serviceOptions }
+      { dbObject, input: id, serviceOptions }
     );
   }
 }

package/src/core/common/services/module.service.ts

@@ -1,9 +1,11 @@
-import { Document, Model } from 'mongoose';
-import { popAndMap } from '../helpers/db.helper';
+import { Document, Model, Types } from 'mongoose';
+import { getStringIds, popAndMap } from '../helpers/db.helper';
+import { check } from '../helpers/input.helper';
 import { prepareInput, prepareOutput } from '../helpers/service.helper';
 import { ServiceOptions } from '../interfaces/service-options.interface';
 import { CoreModel } from '../models/core-model.model';
 import { FieldSelection } from '../types/field-selection.type';
+import { IdsType } from '../types/ids.type';
 
 /**
  * Module service class to be extended by concrete module services
@@ -30,17 +32,48 @@ export abstract class ModuleService<T extends CoreModel = any> {
     this.mainModelConstructor = options?.mainModelConstructor;
   }
 
+  /**
+   * Check rights of current user for input
+   */
+  checkRights(
+    input: any,
+    currentUser: { id: any; hasRole: (roles: string[]) => boolean },
+    options?: {
+      metatype?: any;
+      ownerIds?: IdsType;
+      roles?: string | string[];
+      throwError?: boolean;
+    }
+  ): Promise<any> {
+    const config = {
+      metatype: this.mainModelConstructor,
+      ...options,
+    };
+    return check(input, currentUser, config);
+  }
+
+  /**
+   * Get function to get Object via ID, necessary for checkInput
+   */
+  abstract get(id: any, ...args: any[]): any;
+
   /**
    * Run service function with pre- and post-functions
    */
   async process(
     serviceFunc: (options?: { [key: string]: any; input?: any; serviceOptions?: ServiceOptions }) => any,
-    options?: { [key: string]: any; input?: any; serviceOptions?: ServiceOptions }
+    options?: {
+      [key: string]: any;
+      dbObject?: string | Types.ObjectId | any;
+      input?: any;
+      serviceOptions?: ServiceOptions;
+    }
   ) {
     // Configuration with default values
     const config = {
-      currentUser: null,
-      fieldSelection: null,
+      checkRights: true,
+      dbObject: options?.dbObject,
+      input: options?.input,
       processFieldSelection: {},
       prepareInput: {},
       prepareOutput: {},
@@ -50,11 +83,35 @@ export abstract class ModuleService<T extends CoreModel = any> {
 
     // Prepare input
     if (config.prepareInput && this.prepareInput) {
-      await this.prepareInput(options?.input, config.prepareInput);
+      await this.prepareInput(config.input, config.prepareInput);
+    }
+
+    // Get owner IDs
+    let ownerIds = undefined;
+    if (config.checkRights && this.checkRights) {
+      ownerIds = getStringIds(config.ownerIds);
+      if (!ownerIds?.length) {
+        if (config.dbObject) {
+          if (typeof config.dbObject === 'string' || config.dbObject instanceof Types.ObjectId) {
+            ownerIds = (await this.get(getStringIds(config.dbObject)))?.ownerIds;
+          } else {
+            ownerIds = config.dbObject.ownerIds;
+          }
+        }
+      }
+    }
+
+    // Check rights for input
+    if (config.input && config.checkRights && this.checkRights) {
+      const opts: any = { ownerIds, roles: config.roles };
+      if (config.inputType) {
+        opts.metatype = config.resultType;
+      }
+      config.input = await this.checkRights(config.input, config.currentUser as any, opts);
     }
 
     // Run service function
-    const result = await serviceFunc(options);
+    let result = await serviceFunc(config);
 
     // Pop and map main model
     if (config.processFieldSelection && config.fieldSelection && this.processFieldSelection) {
@@ -67,10 +124,19 @@ export abstract class ModuleService<T extends CoreModel = any> {
       if (config.processFieldSelection && config.fieldSelection && this.processFieldSelection) {
         config.prepareOutput.targetModel = null;
       }
-      return this.prepareOutput(result, config.prepareOutput);
+      result = await this.prepareOutput(result, config.prepareOutput);
+    }
+
+    // Check output rights
+    if (config.checkRights && this.checkRights) {
+      const opts: any = { ownerIds, roles: config.roles, throwError: false };
+      if (config.resultType) {
+        opts.metatype = config.resultType;
+      }
+      result = await this.checkRights(result, config.currentUser as any, opts);
     }
 
-    // Return result without output preparation
+    // Return (prepared) result
     return result;
   }
 

package/src/core/common/types/ids.type.ts

@@ -0,0 +1,7 @@
+import { Types } from 'mongoose';
+
+export type IdsType =
+  | string
+  | Types.ObjectId
+  | { id?: string | Types.ObjectId; _id?: string | Types.ObjectId }
+  | (string | Types.ObjectId | { id?: string | Types.ObjectId; _id?: string | Types.ObjectId })[];

package/src/core/modules/auth/guards/roles.guard.ts

@@ -1,4 +1,4 @@
-import { ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { ExecutionContext, Inject, Injectable, UnauthorizedException } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { GqlExecutionContext } from '@nestjs/graphql';
 import { RoleEnum } from '../../../common/enums/role.enum';