npm - @lenne.tech/nest-server - Versions diffs - 8.1.0 → 8.3.1 - Mend

@lenne.tech/nest-server 8.1.0 → 8.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/dist/config.env.js +3 -2
package/dist/config.env.js.map +1 -1
package/dist/core/common/decorators/restricted.decorator.d.ts +3 -0
package/dist/core/common/decorators/restricted.decorator.js +14 -8
package/dist/core/common/decorators/restricted.decorator.js.map +1 -1
package/dist/core/common/enums/role.enum.d.ts +3 -2
package/dist/core/common/enums/role.enum.js +3 -2
package/dist/core/common/enums/role.enum.js.map +1 -1
package/dist/core/common/helpers/db.helper.d.ts +2 -0
package/dist/core/common/helpers/db.helper.js +13 -2
package/dist/core/common/helpers/db.helper.js.map +1 -1
package/dist/core/common/helpers/input.helper.d.ts +14 -2
package/dist/core/common/helpers/input.helper.js +53 -11
package/dist/core/common/helpers/input.helper.js.map +1 -1
package/dist/core/common/interfaces/service-options.interface.d.ts +6 -0
package/dist/core/common/models/core-model.model.d.ts +1 -1
package/dist/core/common/models/core-model.model.js.map +1 -1
package/dist/core/common/pipes/check-input.pipe.js +1 -1
package/dist/core/common/pipes/check-input.pipe.js.map +1 -1
package/dist/core/common/services/crud.service.js +17 -19
package/dist/core/common/services/crud.service.js.map +1 -1
package/dist/core/common/services/module.service.d.ts +14 -1
package/dist/core/common/services/module.service.js +43 -4
package/dist/core/common/services/module.service.js.map +1 -1
package/dist/core/common/types/ids.type.d.ts +8 -0
package/dist/core/common/types/ids.type.js +3 -0
package/dist/core/common/types/ids.type.js.map +1 -0
package/dist/core/modules/auth/guards/roles.guard.js +1 -2
package/dist/core/modules/auth/guards/roles.guard.js.map +1 -1
package/dist/core/modules/user/core-user.service.js +34 -36
package/dist/core/modules/user/core-user.service.js.map +1 -1
package/dist/index.d.ts +1 -0
package/dist/index.js +1 -0
package/dist/index.js.map +1 -1
package/dist/server/modules/user/avatar.controller.js +1 -1
package/dist/server/modules/user/avatar.controller.js.map +1 -1
package/dist/server/modules/user/user.model.d.ts +1 -1
package/dist/server/modules/user/user.resolver.d.ts +2 -2
package/dist/server/modules/user/user.resolver.js +30 -14
package/dist/server/modules/user/user.resolver.js.map +1 -1
package/dist/server/modules/user/user.service.js +5 -1
package/dist/server/modules/user/user.service.js.map +1 -1
package/dist/tsconfig.build.tsbuildinfo +1 -1
package/package.json +39 -39
package/src/config.env.ts +3 -2
package/src/core/common/decorators/restricted.decorator.ts +24 -12
package/src/core/common/enums/role.enum.ts +24 -6
package/src/core/common/helpers/db.helper.ts +16 -1
package/src/core/common/helpers/input.helper.ts +65 -14
package/src/core/common/interfaces/service-options.interface.ts +19 -1
package/src/core/common/models/core-model.model.ts +1 -1
package/src/core/common/pipes/check-input.pipe.ts +1 -1
package/src/core/common/services/crud.service.ts +17 -22
package/src/core/common/services/module.service.ts +83 -9
package/src/core/common/types/ids.type.ts +7 -0
package/src/core/modules/auth/guards/roles.guard.ts +5 -7
package/src/core/modules/user/core-user.service.ts +38 -45
package/src/index.ts +1 -0
package/src/server/modules/user/avatar.controller.ts +1 -1
package/src/server/modules/user/user.resolver.ts +26 -20
package/src/server/modules/user/user.service.ts +8 -1

package/src/core/common/services/module.service.ts CHANGED Viewed

@@ -1,9 +1,11 @@
-import { Document, Model } from 'mongoose';
-import { popAndMap } from '../helpers/db.helper';
+import { Document, Model, Types } from 'mongoose';
+import { getStringIds, popAndMap } from '../helpers/db.helper';
+import { check } from '../helpers/input.helper';
 import { prepareInput, prepareOutput } from '../helpers/service.helper';
 import { ServiceOptions } from '../interfaces/service-options.interface';
 import { CoreModel } from '../models/core-model.model';
 import { FieldSelection } from '../types/field-selection.type';
+import { IdsType } from '../types/ids.type';
 /**
  * Module service class to be extended by concrete module services
@@ -30,17 +32,49 @@ export abstract class ModuleService<T extends CoreModel = any> {
     this.mainModelConstructor = options?.mainModelConstructor;
   }
+  /**
+   * Check rights of current user for input
+   */
+  checkRights(
+    input: any,
+    currentUser: { id: any; hasRole: (roles: string[]) => boolean },
+    options?: {
+      creator?: IdsType;
+      metatype?: any;
+      ownerIds?: IdsType;
+      roles?: string | string[];
+      throwError?: boolean;
+    }
+  ): Promise<any> {
+    const config = {
+      metatype: this.mainModelConstructor,
+      ...options,
+    };
+    return check(input, currentUser, config);
+  }
+  /**
+   * Get function to get Object via ID, necessary for checkInput
+   */
+  abstract get(id: any, ...args: any[]): any;
   /**
    * Run service function with pre- and post-functions
    */
   async process(
     serviceFunc: (options?: { [key: string]: any; input?: any; serviceOptions?: ServiceOptions }) => any,
-    options?: { [key: string]: any; input?: any; serviceOptions?: ServiceOptions }
+    options?: {
+      [key: string]: any;
+      dbObject?: string | Types.ObjectId | any;
+      input?: any;
+      serviceOptions?: ServiceOptions;
+    }
   ) {
     // Configuration with default values
     const config = {
-      currentUser: null,
-      fieldSelection: null,
+      checkRights: true,
+      dbObject: options?.dbObject,
+      input: options?.input,
       processFieldSelection: {},
       prepareInput: {},
       prepareOutput: {},
@@ -50,11 +84,42 @@ export abstract class ModuleService<T extends CoreModel = any> {
     // Prepare input
     if (config.prepareInput && this.prepareInput) {
-      await this.prepareInput(options?.input, config.prepareInput);
+      await this.prepareInput(config.input, config.prepareInput);
+    }
+    // Get DB object
+    const getDbObject = async () => {
+      if (config.dbObject) {
+        if (typeof config.dbObject === 'string' || config.dbObject instanceof Types.ObjectId) {
+          const dbObject = await this.get(getStringIds(config.dbObject));
+          if (dbObject) {
+            config.dbObject = dbObject;
+          }
+        }
+      }
+      return config.dbObject;
+    };
+    // Get owner IDs
+    let ownerIds = undefined;
+    if (config.checkRights && this.checkRights) {
+      ownerIds = getStringIds(config.ownerIds);
+      if (!ownerIds?.length) {
+        ownerIds = (await getDbObject())?.ownerIds;
+      }
+    }
+    // Check rights for input
+    if (config.input && config.checkRights && this.checkRights) {
+      const opts: any = { creator: (await getDbObject())?.createdBy, ownerIds, roles: config.roles };
+      if (config.inputType) {
+        opts.metatype = config.resultType;
+      }
+      config.input = await this.checkRights(config.input, config.currentUser as any, opts);
     }
     // Run service function
-    const result = await serviceFunc(options);
+    let result = await serviceFunc(config);
     // Pop and map main model
     if (config.processFieldSelection && config.fieldSelection && this.processFieldSelection) {
@@ -67,10 +132,19 @@ export abstract class ModuleService<T extends CoreModel = any> {
       if (config.processFieldSelection && config.fieldSelection && this.processFieldSelection) {
         config.prepareOutput.targetModel = null;
       }
-      return this.prepareOutput(result, config.prepareOutput);
+      result = await this.prepareOutput(result, config.prepareOutput);
+    }
+    // Check output rights
+    if (config.checkRights && this.checkRights) {
+      const opts: any = { creator: (await getDbObject())?.createdBy, ownerIds, roles: config.roles, throwError: false };
+      if (config.resultType) {
+        opts.metatype = config.resultType;
+      }
+      result = await this.checkRights(result, config.currentUser as any, opts);
     }
-    // Return result without output preparation
+    // Return (prepared) result
     return result;
   }

package/src/core/common/types/ids.type.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { Types } from 'mongoose';
+export type IdsType =
+  | string
+  | Types.ObjectId
+  | { id?: string | Types.ObjectId; _id?: string | Types.ObjectId }
+  | (string | Types.ObjectId | { id?: string | Types.ObjectId; _id?: string | Types.ObjectId })[];

package/src/core/modules/auth/guards/roles.guard.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { ExecutionContext, Inject, Injectable, UnauthorizedException } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { GqlExecutionContext } from '@nestjs/graphql';
 import { RoleEnum } from '../../../common/enums/role.enum';
@@ -8,7 +8,8 @@ import { AuthGuard } from './auth.guard';
  * Role guard
  *
  * The RoleGuard is activated by the Role decorator. It checks whether the current user has at least one of the
- * specified roles. If this is not the case, an UnauthorizedException is thrown.
+ * specified roles or is logged in when the S_USER role is set.
+ * If this is not the case, an UnauthorizedException is thrown.
  */
 @Injectable()
 export class RolesGuard extends AuthGuard('jwt') {
@@ -41,11 +42,8 @@ export class RolesGuard extends AuthGuard('jwt') {
       // Get args
       const args: any = GqlExecutionContext.create(context).getArgs();
-      // Check special role for user or owner
-      if (
-        user &&
-        (roles.includes(RoleEnum.USER) || (roles.includes(RoleEnum.OWNER) && user.id.toString() === args.id))
-      ) {
+      // Check special user role (user is logged in)
+      if (user && roles.includes(RoleEnum.S_USER)) {
         return user;
       }

package/src/core/modules/user/core-user.service.ts CHANGED Viewed

@@ -35,7 +35,7 @@ export abstract class CoreUserService<
    * Create user
    */
   async create(input: any, serviceOptions?: ServiceOptions): Promise<TUser> {
-    merge({ prepareInput: { create: true } }, serviceOptions);
+    serviceOptions = merge({ prepareInput: { create: true } }, serviceOptions);
     return this.process(
       async (data) => {
         // Create user with verification token
@@ -68,16 +68,11 @@ export abstract class CoreUserService<
    * Get user via email
    */
   async getViaEmail(email: string, serviceOptions?: ServiceOptions): Promise<TUser> {
-    return this.process(
-      async () => {
-        const user = await this.mainDbModel.findOne({ email }).exec();
-        if (!user) {
-          throw new NotFoundException(`No user found with email: ${email}`);
-        }
-        return user;
-      },
-      { serviceOptions }
-    );
+    const dbObject = await this.mainDbModel.findOne({ email }).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No user found with email: ${email}`);
+    }
+    return this.process(async () => dbObject, { dbObject, serviceOptions });
   }
   /**
@@ -97,30 +92,29 @@ export abstract class CoreUserService<
    * Verify user with token
    */
   async verify(token: string, serviceOptions?: ServiceOptions): Promise<TUser> {
+    // Get user
+    const dbObject = await this.mainDbModel.findOne({ verificationToken: token }).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No user found with verify token: ${token}`);
+    }
+    if (!dbObject.verificationToken) {
+      throw new Error('User has no token');
+    }
+    if (dbObject.verified) {
+      throw new Error('User already verified');
+    }
     return this.process(
       async () => {
-        // Get user
-        const user = await this.mainDbModel.findOne({ verificationToken: token }).exec();
-        if (!user) {
-          throw new NotFoundException(`No user found with verify token: ${token}`);
-        }
-        if (!user.verificationToken) {
-          throw new Error('User has no token');
-        }
-        if (user.verified) {
-          throw new Error('User already verified');
-        }
         // Update user
-        await Object.assign(user, {
+        await Object.assign(dbObject, {
           verified: true,
           verificationToken: null,
         }).save();
         // Return prepared user
-        return user;
+        return dbObject;
       },
-      { serviceOptions }
+      { dbObject, serviceOptions }
     );
   }
@@ -128,24 +122,24 @@ export abstract class CoreUserService<
    * Set newpassword for user with token
    */
   async resetPassword(token: string, newPassword: string, serviceOptions?: ServiceOptions): Promise<TUser> {
+    // Get user
+    const dbObject = await this.mainDbModel.findOne({ passwordResetToken: token }).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No user found with password reset token: ${token}`);
+    }
     return this.process(
       async () => {
-        // Get user
-        const user = await this.mainDbModel.findOne({ passwordResetToken: token }).exec();
-        if (!user) {
-          throw new NotFoundException(`No user found with password reset token: ${token}`);
-        }
         // Update user
-        await Object.assign(user, {
+        await Object.assign(dbObject, {
           password: await bcrypt.hash(newPassword, 10),
           passwordResetToken: null,
         }).save();
         // Return user
-        return user;
+        return dbObject;
       },
-      { serviceOptions }
+      { dbObject, serviceOptions }
     );
   }
@@ -153,23 +147,22 @@ export abstract class CoreUserService<
    * Set password rest token for email
    */
   async setPasswordResetTokenForEmail(email: string, serviceOptions?: ServiceOptions): Promise<TUser> {
+    // Get user
+    const dbObject = await this.mainDbModel.findOne({ email }).exec();
+    if (!dbObject) {
+      throw new NotFoundException(`No user found with email: ${email}`);
+    }
     return this.process(
       async () => {
-        // Get user
-        const user = await this.mainDbModel.findOne({ email }).exec();
-        if (!user) {
-          throw new NotFoundException(`No user found with email: ${email}`);
-        }
         // Set reset token
         const resetToken = crypto.randomBytes(32).toString('hex');
-        user.passwordResetToken = resetToken;
-        await user.save();
+        dbObject.passwordResetToken = resetToken;
+        await dbObject.save();
         // Return user
-        return user;
+        return dbObject;
       },
-      { serviceOptions }
+      { dbObject, serviceOptions }
     );
   }

package/src/index.ts CHANGED Viewed

@@ -52,6 +52,7 @@ export * from './core/common/services/module.service';
 export * from './core/common/services/template.service';
 export * from './core/common/types/core-model-constructor.type';
 export * from './core/common/types/field-selection.type';
+export * from './core/common/types/ids.type';
 export * from './core/common/types/plain-input.type';
 export * from './core/common/types/string-or-object-id.type';

package/src/server/modules/user/avatar.controller.ts CHANGED Viewed

@@ -22,7 +22,7 @@ export class AvatarController {
   /**
    * Upload files
    */
-  @Roles(RoleEnum.USER)
+  @Roles(RoleEnum.S_USER)
   @Post('upload')
   @UseInterceptors(
     FileInterceptor(

package/src/server/modules/user/user.resolver.ts CHANGED Viewed

@@ -6,7 +6,6 @@ import { FilterArgs } from '../../../core/common/args/filter.args';
 import { GraphQLUser } from '../../../core/common/decorators/graphql-user.decorator';
 import { Roles } from '../../../core/common/decorators/roles.decorator';
 import { RoleEnum } from '../../../core/common/enums/role.enum';
-import { check } from '../../../core/common/helpers/input.helper';
 import { UserCreateInput } from './inputs/user-create.input';
 import { UserInput } from './inputs/user.input';
 import { User } from './user.model';
@@ -32,16 +31,23 @@ export class UserResolver {
   @Roles(RoleEnum.ADMIN)
   @Query((returns) => [User], { description: 'Find users (via filter)' })
   async findUsers(@Info() info: GraphQLResolveInfo, @Args() args?: FilterArgs) {
-    return await this.userService.find(args, { fieldSelection: { info, select: 'findUsers' } });
+    return await this.userService.find(args, {
+      fieldSelection: { info, select: 'findUsers' },
+      inputType: FilterArgs,
+    });
   }
   /**
    * Get user via ID
    */
-  @Roles(RoleEnum.OWNER, RoleEnum.ADMIN)
+  @Roles(RoleEnum.S_USER)
   @Query((returns) => User, { description: 'Get user with specified ID' })
-  async getUser(@Args('id') id: string, @Info() info: GraphQLResolveInfo): Promise<User> {
-    return await this.userService.get(id, { fieldSelection: { info, select: 'getUser' } });
+  async getUser(@Args('id') id: string, @Info() info: GraphQLResolveInfo, @GraphQLUser() user: User): Promise<User> {
+    return await this.userService.get(id, {
+      currentUser: user,
+      fieldSelection: { info, select: 'getUser' },
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
+    });
   }
   /**
@@ -73,21 +79,24 @@ export class UserResolver {
     @GraphQLUser() user: User,
     @Info() info: GraphQLResolveInfo
   ): Promise<User> {
-    // Check input
-    // Hint: necessary as long as global CheckInputPipe can't access context for current user
-    // (see https://github.com/nestjs/graphql/issues/325)
-    input = await check(input, user, UserCreateInput);
-    return await this.userService.create(input, { currentUser: user, fieldSelection: { info, select: 'createUser' } });
+    return await this.userService.create(input, {
+      currentUser: user,
+      fieldSelection: { info, select: 'createUser' },
+      inputType: UserCreateInput,
+    });
   }
   /**
    * Delete existing user
    */
-  @Roles(RoleEnum.ADMIN, RoleEnum.OWNER)
+  @Roles(RoleEnum.S_USER)
   @Mutation((returns) => User, { description: 'Delete existing user' })
-  async deleteUser(@Args('id') id: string, @Info() info: GraphQLResolveInfo): Promise<User> {
-    return await this.userService.delete(id, { fieldSelection: { info, select: 'deleteUser' } });
+  async deleteUser(@Args('id') id: string, @Info() info: GraphQLResolveInfo, @GraphQLUser() user: User): Promise<User> {
+    return await this.userService.delete(id, {
+      currentUser: user,
+      fieldSelection: { info, select: 'deleteUser' },
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
+    });
   }
   /**
@@ -101,7 +110,7 @@ export class UserResolver {
   /**
    * Update existing user
    */
-  @Roles(RoleEnum.ADMIN, RoleEnum.OWNER)
+  @Roles(RoleEnum.S_USER)
   @Mutation((returns) => User, { description: 'Update existing user' })
   async updateUser(
     @Args('input') input: UserInput,
@@ -109,15 +118,12 @@ export class UserResolver {
     @GraphQLUser() user: User,
     @Info() info: GraphQLResolveInfo
   ): Promise<User> {
-    // Check input
-    // Hint: necessary as long as global CheckInputPipe can't access context for current user
-    // (see https://github.com/nestjs/graphql/issues/325)
-    input = await check(input, user, UserInput);
     // Update user
     return await this.userService.update(id, input, {
       currentUser: user,
       fieldSelection: { info, select: 'updateUser' },
+      inputType: UserInput,
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
     });
   }

package/src/server/modules/user/user.service.ts CHANGED Viewed

@@ -44,7 +44,14 @@ export class UserService extends CoreUserService<User, UserInput, UserCreateInpu
    */
   async create(input: UserCreateInput, serviceOptions?: ServiceOptions): Promise<User> {
     // Get prepared user
-    const user = await super.create(input, serviceOptions);
+    let user = await super.create(input, serviceOptions);
+    // Add the createdBy information in an additional step if it was not set by the system,
+    // because the user created himself and could not exist as currentUser before
+    if (!user.createdBy) {
+      await this.mainDbModel.findByIdAndUpdate(user.id, { createdBy: user.id });
+      user = await this.get(user.id, serviceOptions);
+    }
     // Publish action
     if (serviceOptions?.pubSub === undefined || serviceOptions.pubSub) {