@lenne.tech/nest-server 8.1.0 → 8.3.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "8.1.0",
+  "version": "8.3.1",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -20,7 +20,7 @@
     "format:staged": "pretty-quick --staged",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
     "prestart:prod": "npm run build",
-    "reinit": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i && npm run test:e2e",
+    "reinit": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i && npm run test:e2e && npm run build",
     "reinit:force": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i --force && npm run test:e2e",
     "reinit:legacy": "rimraf package-lock.json && rimraf node_modules && npm cache clean --force && npm i --legacy-peer-deps && npm run test:e2e",
     "start": "./node_modules/.bin/grunt",
@@ -29,13 +29,13 @@
     "start:nodemon": "ts-node -r tsconfig-paths/register src/main.ts",
     "start:debug": "nodemon --config nodemon-debug.json",
     "start:dev": "nodemon",
-    "test": "jest",
-    "test:cov": "jest --coverage",
-    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
-    "test:e2e": "jest --config jest-e2e.json",
-    "test:e2e-cov": "jest --config jest-e2e.json --coverage",
-    "test:ci": "jest --config jest-e2e.json --ci",
-    "test:watch": "jest --watch",
+    "test": "NODE_ENV=local jest",
+    "test:cov": "NODE_ENV=local jest --coverage",
+    "test:debug": "NODE_ENV=local node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "test:e2e": "NODE_ENV=local jest --config jest-e2e.json",
+    "test:e2e-cov": "NODE_ENV=local jest --config jest-e2e.json --coverage",
+    "test:ci": "NODE_ENV=local jest --config jest-e2e.json --ci",
+    "test:watch": "NODE_ENV=local jest --watch",
     "prepack": "npm run prestart:prod",
     "prepare": "husky install",
     "prepublishOnly": "npm run format && npm run lint && npm run test:ci",
@@ -52,39 +52,32 @@
     "node": ">= 16.13.0"
   },
   "dependencies": {
-    "@apollo/gateway": "0.50.1",
-    "@nestjs/apollo": "10.0.9",
+    "@apollo/gateway": "0.50.2",
+    "@nestjs/apollo": "10.0.11",
     "@nestjs/common": "8.4.4",
     "@nestjs/core": "8.4.4",
-    "@nestjs/graphql": "10.0.9",
+    "@nestjs/graphql": "10.0.11",
     "@nestjs/jwt": "8.0.0",
     "@nestjs/mongoose": "9.0.3",
     "@nestjs/passport": "8.2.1",
     "@nestjs/platform-express": "8.4.4",
-    "@types/ejs": "3.1.0",
-    "@types/lodash": "4.14.182",
-    "@types/multer": "1.4.7",
-    "@types/node": "17.0.25",
-    "@types/node-mailjet": "3.3.8",
-    "@types/nodemailer": "6.4.4",
-    "@types/passport": "1.0.7",
-    "apollo-server-core": "3.6.7",
-    "apollo-server-express": "3.6.7",
+    "apollo-server-core": "3.7.0",
+    "apollo-server-express": "3.7.0",
     "bcrypt": "5.0.1",
     "class-transformer": "0.5.1",
     "class-validator": "0.13.2",
-    "ejs": "3.0.2",
-    "graphql": "16.3.0",
+    "ejs": "3.1.7",
+    "graphql": "16.4.0",
     "graphql-subscriptions": "2.0.0",
-    "json-to-graphql-query": "2.2.3",
-    "light-my-request": "4.9.0",
+    "json-to-graphql-query": "2.2.4",
+    "light-my-request": "4.10.1",
     "lodash": "4.17.21",
     "mongodb": "4.5.0",
-    "mongoose": "6.3.0",
+    "mongoose": "6.3.2",
     "multer": "1.4.4",
-    "node-mailjet": "3.3.10",
-    "nodemailer": "6.7.3",
-    "nodemon": "2.0.15",
+    "node-mailjet": "3.4.1",
+    "nodemailer": "6.7.5",
+    "nodemon": "2.0.16",
     "passport": "0.5.2",
     "passport-jwt": "4.0.0",
     "reflect-metadata": "0.1.13",
@@ -93,12 +86,19 @@
   },
   "devDependencies": {
     "@nestjs/testing": "8.4.4",
-    "@types/jest": "27.4.1",
+    "@types/ejs": "3.1.0",
+    "@types/jest": "27.5.0",
+    "@types/lodash": "4.14.182",
+    "@types/multer": "1.4.7",
+    "@types/node": "16.11.33",
+    "@types/node-mailjet": "3.3.8",
+    "@types/nodemailer": "6.4.4",
+    "@types/passport": "1.0.7",
     "@types/supertest": "2.0.12",
-    "@typescript-eslint/eslint-plugin": "5.20.0",
-    "@typescript-eslint/parser": "5.20.0",
-    "coffeescript": "2.6.1",
-    "eslint": "8.13.0",
+    "@typescript-eslint/eslint-plugin": "5.22.0",
+    "@typescript-eslint/parser": "5.22.0",
+    "coffeescript": "2.7.0",
+    "eslint": "8.14.0",
     "eslint-config-prettier": "8.5.0",
     "find-file-up": "2.0.1",
     "grunt": "1.5.2",
@@ -107,16 +107,16 @@
     "grunt-contrib-watch": "1.1.0",
     "grunt-sync": "0.8.2",
     "husky": "7.0.4",
-    "jest": "27.5.1",
+    "jest": "28.0.3",
     "pm2": "5.2.0",
     "prettier": "2.6.2",
     "pretty-quick": "3.1.3",
-    "supertest": "6.2.2",
-    "ts-jest": "27.1.4",
+    "supertest": "6.2.3",
+    "ts-jest": "28.0.1",
     "ts-morph": "14.0.0",
     "ts-node": "10.7.0",
-    "tsconfig-paths": "3.14.1",
-    "typescript": "4.6.3"
+    "tsconfig-paths": "4.0.0",
+    "typescript": "4.6.4"
   },
   "jest": {
     "collectCoverage": true,

package/src/config.env.ts

@@ -109,8 +109,9 @@ const config: { [env: string]: IServerOptions } = {
  *
  * default: development
  */
-const envConfig = config[process.env['NODE' + '_ENV'] || 'development'] || config.development;
-console.log('Server starts in mode: ', process.env['NODE' + '_ENV'] || 'development');
+const env = process.env['NODE' + '_ENV'] || 'development';
+const envConfig = config[env] || config.development;
+console.log('Configured for: ' + envConfig.env + (env !== envConfig.env ? ' (requested: ' + env + ')' : ''));
 
 /**
  * Export envConfig as default

package/src/core/common/decorators/restricted.decorator.ts

@@ -1,6 +1,8 @@
 import 'reflect-metadata';
 import { UnauthorizedException } from '@nestjs/common';
 import { RoleEnum } from '../enums/role.enum';
+import { equalIds, getStringIds } from '../helpers/db.helper';
+import { IdsType } from '../types/ids.type';
 
 /**
  * Restricted meta key
@@ -28,11 +30,14 @@ export const getRestricted = (object: unknown, propertyKey: string) => {
 
 /**
  * Check data for restricted properties (properties with `Restricted` decorator)
+ *
+ * If restricted roles includes RoleEnum.S_CREATOR, `creator` (createdBy) from current (DB) data must be set in options
+ * If restricted roles includes RoleEnum.S_OWNER, `ownerIds` from current (DB) data must be set in options
  */
 export const checkRestricted = (
   data: any,
   user: { id: any; hasRole: (roles: string[]) => boolean },
-  options: { ignoreUndefined?: boolean; throwError?: boolean } = {},
+  options: { creator?: IdsType; ignoreUndefined?: boolean; ownerIds?: IdsType; throwError?: boolean } = {},
   processedObjects: any[] = []
 ) => {
   const config = {
@@ -55,7 +60,7 @@ export const checkRestricted = (
   // Array
   if (Array.isArray(data)) {
     // Check array items
-    return data.map((item) => checkRestricted(item, user, options, processedObjects));
+    return data.map((item) => checkRestricted(item, user, config, processedObjects));
   }
 
   // Object
@@ -72,20 +77,27 @@ export const checkRestricted = (
     if (roles && roles.some((value) => !!value)) {
       // Check user and user roles
       if (!user || !user.hasRole(roles)) {
-        // Check special role for owner
-        if (user && roles.includes(RoleEnum.OWNER)) {
-          const userId = user.id.toString();
+        // Check special creator role
+        if (user?.id && roles.includes(RoleEnum.S_CREATOR) && equalIds(user.id, config.creator)) {
+          continue;
+        }
+
+        // Check special owner role
+        else if (user && roles.includes(RoleEnum.S_OWNER)) {
+          const userId = getStringIds(user);
+          const ownerIds = config.ownerIds ? getStringIds(config.ownerIds) : null;
 
           if (
-            !data.ownerIds ||
-            !(
-              data.ownerIds === userId ||
-              (Array.isArray(data.ownerIds) &&
-                data.ownerIds.some((item) => (item.id ? item.id.toString() === userId : item.toString() === userId)))
-            )
+            // No owner IDs
+            !ownerIds ||
+            // User is not the owner
+            !(ownerIds === userId || (Array.isArray(ownerIds) && ownerIds.includes(userId)))
           ) {
             // The user does not have the required rights and is not the owner
             if (config.throwError) {
+              if (!config.ownerIds) {
+                throw new UnauthorizedException('Lack of ownerIds to verify ownership of ' + propertyKey);
+              }
               throw new UnauthorizedException('Current user is not allowed to set ' + propertyKey);
             }
             continue;
@@ -101,7 +113,7 @@ export const checkRestricted = (
     }
 
     // Check property data
-    data[propertyKey] = checkRestricted(data[propertyKey], user, options, processedObjects);
+    data[propertyKey] = checkRestricted(data[propertyKey], user, config, processedObjects);
   }
 
   // Return processed data

package/src/core/common/enums/role.enum.ts

@@ -1,13 +1,31 @@
 /**
- * Enums for role decorator
+ * Enums for Resolver @Role and Model @Restricted decorator and for roles property in ServiceOptions
  */
 export enum RoleEnum {
-  // User must be an administrator
+  // ===================================================================================================================
+  // Real roles (integrated into user.roles), which can be used via @Restricted for Models (properties),
+  // via @Roles for Resolvers (methods) and via ServiceOptions for Resolver methods.
+  // ===================================================================================================================
+
+  // User must be an administrator (see roles of user)
   ADMIN = 'admin',
 
-  // User must be the owner of the processed object(s)
-  OWNER = 'owner',
+  // ===================================================================================================================
+  // Special system roles, which can be used via @Restricted for Models (properties), via @Roles for Resolvers (methods)
+  // and via ServiceOptions for Resolver methods. This roles should not be integrated into user.roles!
+  // ===================================================================================================================
+
+  // User must be signed in (see context user, e.g. @GraphQLUser)
+  S_USER = 's_user',
+
+  // ===================================================================================================================
+  // Special system roles that check rights for DB objects and can be used via @Restricted for Models (properties)
+  // and via ServiceOptions for Resolver methods. These roles should not be integrated in user.roles!
+  // ===================================================================================================================
+
+  // User must be the creator of the processed object(s) (see createdBy property of object(s))
+  S_CREATOR = 's_creator',
 
-  // User must be signed in
-  USER = 'user',
+  // User must be an owner of the processed object(s) (see owners property of object(s))
+  S_OWNER = 's_owner',
 }

package/src/core/common/helpers/db.helper.ts

@@ -4,6 +4,7 @@ import { Document, Model, PopulateOptions, Query, SchemaType, Types } from 'mong
 import { ResolveSelector } from '../interfaces/resolve-selector.interface';
 import { CoreModel } from '../models/core-model.model';
 import { FieldSelection } from '../types/field-selection.type';
+import { IdsType } from '../types/ids.type';
 import { StringOrObjectId } from '../types/string-or-object-id.type';
 
 // =====================================================================================================================
@@ -78,6 +79,20 @@ export function addIds(
   return result;
 }
 
+/**
+ * Checks if all IDs are equal
+ */
+export function equalIds(...ids: IdsType[]): boolean {
+  if (!ids) {
+    return true;
+  }
+  const compare = getStringIds(ids[0]);
+  if (!compare) {
+    return false;
+  }
+  return ids.every((id) => getStringIds(id) === compare);
+}
+
 /**
  * Get indexes of IDs in an array
  */
@@ -97,7 +112,7 @@ export function getIndexesViaIds(ids: any | any[], array: any[]): number[] {
   const indexes: number[] = [];
   ids.forEach((id) => {
     array.forEach((element, index) => {
-      if (getStringIds(id) === getStringIds(element)) {
+      if (equalIds(id, element)) {
         indexes.push(index);
       }
     });

package/src/core/common/helpers/input.helper.ts

@@ -1,8 +1,11 @@
-import { BadRequestException } from '@nestjs/common';
+import { BadRequestException, UnauthorizedException } from '@nestjs/common';
 import { plainToInstance } from 'class-transformer';
 import { validate } from 'class-validator';
 import * as _ from 'lodash';
 import { checkRestricted } from '../decorators/restricted.decorator';
+import { RoleEnum } from '../enums/role.enum';
+import { IdsType } from '../types/ids.type';
+import { equalIds, getStringIds } from './db.helper';
 
 /**
  * Helper class for inputs
@@ -15,9 +18,9 @@ export default class InputHelper {
   public static async check(
     value: any,
     user: { id: any; hasRole: (roles: string[]) => boolean },
-    metatype?
+    options?: { creator?: IdsType; metatype?: any; ownerIds?: IdsType; roles?: string | string[] }
   ): Promise<any> {
-    return check(value, user, metatype);
+    return check(value, user, options);
   }
 
   // Standard error function
@@ -179,34 +182,82 @@ export default class InputHelper {
 export async function check(
   value: any,
   user: { id: any; hasRole: (roles: string[]) => boolean },
-  metatype?
+  options?: { creator?: IdsType; metatype?: any; ownerIds?: IdsType; roles?: string | string[]; throwError?: boolean }
 ): Promise<any> {
+  const config = {
+    throwError: true,
+    ...options,
+  };
+
+  // Check roles
+  if (config.roles?.length && config.throwError) {
+    let roles = config.roles;
+    if (!Array.isArray(roles)) {
+      roles = [roles];
+    }
+    let valid = false;
+    if (roles.includes(RoleEnum.S_USER) && user?.id) {
+      valid = true;
+    } else if (user.hasRole(roles)) {
+      valid = true;
+    } else if (roles.includes(RoleEnum.S_CREATOR) && user?.id && equalIds(user.id, config.creator)) {
+      valid = true;
+    } else if (roles.includes(RoleEnum.S_OWNER) && user?.id && config.ownerIds) {
+      let ownerIds: string | string[] = getStringIds(config.ownerIds);
+      if (!Array.isArray(ownerIds)) {
+        ownerIds = [ownerIds];
+      }
+      valid = ownerIds.includes(getStringIds(user.id));
+    }
+    if (!valid) {
+      throw new UnauthorizedException('Missing rights');
+    }
+  }
+
   // Return value if it is only a basic type
-  if (typeof value !== 'object' || !metatype || isBasicType(metatype)) {
+  if (typeof value !== 'object') {
     return value;
   }
 
-  // Convert to metatype
-  if (!(value instanceof metatype)) {
-    if ((metatype as any)?.map) {
-      value = (metatype as any)?.map(value);
-    } else {
-      value = plainToInstance(metatype, value);
+  // Check array
+  if (Array.isArray(value)) {
+    for (const [key, item] of Object.entries(value)) {
+      value[key] = await check(item, user, config);
+    }
+    return value;
+  }
+
+  const metatype = config.metatype;
+  if (metatype) {
+    // Check metatype
+    if (isBasicType(metatype)) {
+      return value;
+    }
+
+    // Convert to metatype
+    if (!(value instanceof metatype)) {
+      if ((metatype as any)?.map) {
+        value = (metatype as any)?.map(value);
+      } else {
+        value = plainToInstance(metatype, value);
+      }
     }
   }
 
   // Validate
   const errors = await validate(value);
-  if (errors.length > 0) {
+  if (errors.length > 0 && config.throwError) {
     throw new BadRequestException('Validation failed');
   }
 
   // Remove restricted values if roles are missing
-  value = checkRestricted(value, user);
+  value = checkRestricted(value, user, config);
   return value;
 }
 
-// Standard error function
+/**
+ * Standard error function
+ */
 export function errorFunction(caller: (...params) => any, message = 'Required parameter is missing or invalid') {
   const err = new Error(message);
   Error.captureStackTrace(err, caller);

package/src/core/common/interfaces/service-options.interface.ts

@@ -1,5 +1,6 @@
-import { Model } from 'mongoose';
+import { Model, Types } from 'mongoose';
 import { FieldSelection } from '../types/field-selection.type';
+import { IdsType } from '../types/ids.type';
 
 /**
  * General service options
@@ -8,6 +9,11 @@ export interface ServiceOptions {
   // All fields are allowed to be compatible as far as possible
   [key: string]: any;
 
+  // Check rights for input data (see check function in InputHelper)
+  // If falsy: input data will not be checked
+  // If truly (default): input data will be checked
+  checkRights?: boolean;
+
   // Current user to set ownership, check roles and other things
   currentUser?: {
     [key: string]: any;
@@ -18,6 +24,12 @@ export interface ServiceOptions {
   // Field selection for results
   fieldSelection?: FieldSelection;
 
+  // Overwrites type of input (array items)
+  inputType?: new (...params: any[]) => any;
+
+  // Owner IDs
+  ownerIds?: IdsType;
+
   // Process field selection
   // If {} or not set, then the field selection runs with defaults
   // If falsy, then the field selection will not be automatically executed
@@ -50,4 +62,10 @@ export interface ServiceOptions {
 
   // Whether to publish action via GraphQL subscription
   pubSub?: boolean;
+
+  // Overwrites type of result (array items)
+  resultType?: new (...params: any[]) => any;
+
+  // Roles (as string) to check
+  roles?: string | string[];
 }

package/src/core/common/models/core-model.model.ts

@@ -78,7 +78,7 @@ export abstract class CoreModel {
    * Initialize instance with default values instead of undefined
    * Should be overwritten in child class to organize the defaults
    */
-  public init<T extends CoreModel>(...args: any[]): this {
+  public init(...args: any[]): this {
     return this;
   }
 

package/src/core/common/pipes/check-input.pipe.ts

@@ -28,6 +28,6 @@ export class CheckInputPipe implements PipeTransform {
     const { user }: any = getContextData(this.context);
 
     // Check and return
-    return check(value, user, metatype);
+    return check(value, user, { metatype });
   }
 }

package/src/core/common/services/crud.service.ts

@@ -24,16 +24,11 @@ export abstract class CrudService<T extends CoreModel = any> extends ModuleServi
    * Get item by ID
    */
   async get(id: string, serviceOptions?: ServiceOptions): Promise<T> {
-    return this.process(
-      async (data) => {
-        const item = await this.mainDbModel.findById(data.input).exec();
-        if (!item) {
-          throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
-        }
-        return item;
-      },
-      { input: id, serviceOptions }
-    );
+    const dbObject = await this.mainDbModel.findById(id).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
+    }
+    return this.process(async () => dbObject, { dbObject, serviceOptions });
   }
 
   /**
@@ -74,15 +69,15 @@ export abstract class CrudService<T extends CoreModel = any> extends ModuleServi
    * Update item via ID
    */
   async update(id: string, input: any, serviceOptions?: ServiceOptions): Promise<T> {
+    const dbObject = await this.mainDbModel.findById(id).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
+    }
     return this.process(
       async (data) => {
-        const item = await this.mainDbModel.findById(id).exec();
-        if (!item) {
-          throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
-        }
-        return await Object.assign(item, data.input).save();
+        return await Object.assign(dbObject, data.input).save();
       },
-      { input, serviceOptions }
+      { dbObject, input, serviceOptions }
     );
   }
 
@@ -90,16 +85,16 @@ export abstract class CrudService<T extends CoreModel = any> extends ModuleServi
    * Delete item via ID
    */
   async delete(id: string, serviceOptions?: ServiceOptions): Promise<T> {
+    const dbObject = await this.mainDbModel.findById(id).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
+    }
     return this.process(
       async (data) => {
-        const item = await this.mainDbModel.findById(id).exec();
-        if (!item) {
-          throw new NotFoundException(`No ${this.mainModelConstructor.name} found with ID: ${id}`);
-        }
         await this.mainDbModel.findByIdAndDelete(id).exec();
-        return item;
+        return dbObject;
       },
-      { input: id, serviceOptions }
+      { dbObject, input: id, serviceOptions }
     );
   }
 }