npm - @lenne.tech/nest-server - Versions diffs - 8.2.0 → 8.3.0 - Mend

@lenne.tech/nest-server 8.2.0 → 8.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "8.2.0",
+  "version": "8.3.0",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -61,8 +61,8 @@
     "@nestjs/mongoose": "9.0.3",
     "@nestjs/passport": "8.2.1",
     "@nestjs/platform-express": "8.4.4",
-    "apollo-server-core": "3.6.7",
-    "apollo-server-express": "3.6.7",
+    "apollo-server-core": "3.6.8",
+    "apollo-server-express": "3.6.8",
     "bcrypt": "5.0.1",
     "class-transformer": "0.5.1",
     "class-validator": "0.13.2",
@@ -75,7 +75,7 @@
     "mongodb": "4.5.0",
     "mongoose": "6.3.2",
     "multer": "1.4.4",
-    "node-mailjet": "3.3.13",
+    "node-mailjet": "3.4.1",
     "nodemailer": "6.7.5",
     "nodemon": "2.0.16",
     "passport": "0.5.2",

package/src/core/common/decorators/restricted.decorator.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import 'reflect-metadata';
 import { UnauthorizedException } from '@nestjs/common';
 import { RoleEnum } from '../enums/role.enum';
-import { getStringIds } from '../helpers/db.helper';
+import { equalIds, getStringIds } from '../helpers/db.helper';
 import { IdsType } from '../types/ids.type';
 /**
@@ -31,12 +31,13 @@ export const getRestricted = (object: unknown, propertyKey: string) => {
 /**
  * Check data for restricted properties (properties with `Restricted` decorator)
  *
- * If restricted roles includes RoleEnum.OWNER, ownerId(s) from current data (in DB) must be set in options.
+ * If restricted roles includes RoleEnum.S_CREATOR, `creator` (createdBy) from current (DB) data must be set in options
+ * If restricted roles includes RoleEnum.S_OWNER, `ownerIds` from current (DB) data must be set in options
  */
 export const checkRestricted = (
   data: any,
   user: { id: any; hasRole: (roles: string[]) => boolean },
-  options: { ignoreUndefined?: boolean; ownerIds?: IdsType; throwError?: boolean } = {},
+  options: { creator?: IdsType; ignoreUndefined?: boolean; ownerIds?: IdsType; throwError?: boolean } = {},
   processedObjects: any[] = []
 ) => {
   const config = {
@@ -76,8 +77,13 @@ export const checkRestricted = (
     if (roles && roles.some((value) => !!value)) {
       // Check user and user roles
       if (!user || !user.hasRole(roles)) {
-        // Check special role for owner
-        if (user && roles.includes(RoleEnum.OWNER)) {
+        // Check special creator role
+        if (user?.id && roles.includes(RoleEnum.S_CREATOR) && equalIds(user.id, config.creator)) {
+          continue;
+        }
+        // Check special owner role
+        else if (user && roles.includes(RoleEnum.S_OWNER)) {
           const userId = getStringIds(user);
           const ownerIds = config.ownerIds ? getStringIds(config.ownerIds) : null;

package/src/core/common/enums/role.enum.ts CHANGED Viewed

@@ -2,12 +2,30 @@
  * Enums for role decorator
  */
 export enum RoleEnum {
-  // User must be an administrator
+  // ===================================================================================================================
+  // Real roles (integrated into user.roles), which can be used via @Roles for Models (properties)
+  // and Resolvers (methods)
+  // ===================================================================================================================
+  // User must be an administrator (see roles of user)
   ADMIN = 'admin',
-  // User must be the owner of the processed object(s)
-  OWNER = 'owner',
+  // ===================================================================================================================
+  // Special system roles, which can be used via @Roles for Models (properties) and Resolvers (methods)
+  // and via ServiceOptions for Resolver methods. This roles should not be integrated into user.roles!
+  // ===================================================================================================================
+  // User must be signed in (see context user, e.g. @GraphQLUser)
+  S_USER = 's_user',
+  // ===================================================================================================================
+  // Special system roles that check rights for DB objects and can be used via @Roles for Models (properties)
+  // and via ServiceOptions for Resolver methods. These roles should not be integrated in user.roles!
+  // ===================================================================================================================
+  // User must be the creator of the processed object(s) (see createdBy property of object(s))
+  S_CREATOR = 's_creator',
-  // User must be signed in
-  USER = 'user',
+  // User must be an owner of the processed object(s) (see owners property of object(s))
+  S_OWNER = 's_owner',
 }

package/src/core/common/helpers/db.helper.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { Document, Model, PopulateOptions, Query, SchemaType, Types } from 'mong
 import { ResolveSelector } from '../interfaces/resolve-selector.interface';
 import { CoreModel } from '../models/core-model.model';
 import { FieldSelection } from '../types/field-selection.type';
+import { IdsType } from '../types/ids.type';
 import { StringOrObjectId } from '../types/string-or-object-id.type';
 // =====================================================================================================================
@@ -78,6 +79,20 @@ export function addIds(
   return result;
 }
+/**
+ * Checks if all IDs are equal
+ */
+export function equalIds(...ids: IdsType[]): boolean {
+  if (!ids) {
+    return true;
+  }
+  const compare = getStringIds(ids[0]);
+  if (!compare) {
+    return false;
+  }
+  return ids.every((id) => getStringIds(id) === compare);
+}
 /**
  * Get indexes of IDs in an array
  */
@@ -97,7 +112,7 @@ export function getIndexesViaIds(ids: any | any[], array: any[]): number[] {
   const indexes: number[] = [];
   ids.forEach((id) => {
     array.forEach((element, index) => {
-      if (getStringIds(id) === getStringIds(element)) {
+      if (equalIds(id, element)) {
         indexes.push(index);
       }
     });

package/src/core/common/helpers/input.helper.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import * as _ from 'lodash';
 import { checkRestricted } from '../decorators/restricted.decorator';
 import { RoleEnum } from '../enums/role.enum';
 import { IdsType } from '../types/ids.type';
-import { getStringIds } from './db.helper';
+import { equalIds, getStringIds } from './db.helper';
 /**
  * Helper class for inputs
@@ -18,7 +18,7 @@ export default class InputHelper {
   public static async check(
     value: any,
     user: { id: any; hasRole: (roles: string[]) => boolean },
-    options?: { metatype?: any; ownerIds?: IdsType; roles?: string | string[] }
+    options?: { creator?: IdsType; metatype?: any; ownerIds?: IdsType; roles?: string | string[] }
   ): Promise<any> {
     return check(value, user, options);
   }
@@ -182,7 +182,7 @@ export default class InputHelper {
 export async function check(
   value: any,
   user: { id: any; hasRole: (roles: string[]) => boolean },
-  options?: { metatype?: any; ownerIds?: IdsType; roles?: string | string[]; throwError?: boolean }
+  options?: { creator?: IdsType; metatype?: any; ownerIds?: IdsType; roles?: string | string[]; throwError?: boolean }
 ): Promise<any> {
   const config = {
     throwError: true,
@@ -196,11 +196,13 @@ export async function check(
       roles = [roles];
     }
     let valid = false;
-    if (roles.includes(RoleEnum.USER) && user?.id) {
+    if (roles.includes(RoleEnum.S_USER) && user?.id) {
       valid = true;
     } else if (user.hasRole(roles)) {
       valid = true;
-    } else if (roles.includes(RoleEnum.OWNER) && user?.id && config.ownerIds) {
+    } else if (roles.includes(RoleEnum.S_CREATOR) && user?.id && equalIds(user.id, config.creator)) {
+      valid = true;
+    } else if (roles.includes(RoleEnum.S_OWNER) && user?.id && config.ownerIds) {
       let ownerIds: string | string[] = getStringIds(config.ownerIds);
       if (!Array.isArray(ownerIds)) {
         ownerIds = [ownerIds];

package/src/core/common/services/module.service.ts CHANGED Viewed

@@ -39,6 +39,7 @@ export abstract class ModuleService<T extends CoreModel = any> {
     input: any,
     currentUser: { id: any; hasRole: (roles: string[]) => boolean },
     options?: {
+      creator?: IdsType;
       metatype?: any;
       ownerIds?: IdsType;
       roles?: string | string[];
@@ -86,24 +87,31 @@ export abstract class ModuleService<T extends CoreModel = any> {
       await this.prepareInput(config.input, config.prepareInput);
     }
+    // Get DB object
+    const getDbObject = async () => {
+      if (config.dbObject) {
+        if (typeof config.dbObject === 'string' || config.dbObject instanceof Types.ObjectId) {
+          const dbObject = await this.get(getStringIds(config.dbObject));
+          if (dbObject) {
+            config.dbObject = dbObject;
+          }
+        }
+      }
+      return config.dbObject;
+    };
     // Get owner IDs
     let ownerIds = undefined;
     if (config.checkRights && this.checkRights) {
       ownerIds = getStringIds(config.ownerIds);
       if (!ownerIds?.length) {
-        if (config.dbObject) {
-          if (typeof config.dbObject === 'string' || config.dbObject instanceof Types.ObjectId) {
-            ownerIds = (await this.get(getStringIds(config.dbObject)))?.ownerIds;
-          } else {
-            ownerIds = config.dbObject.ownerIds;
-          }
-        }
+        ownerIds = (await getDbObject())?.ownerIds;
       }
     }
     // Check rights for input
     if (config.input && config.checkRights && this.checkRights) {
-      const opts: any = { ownerIds, roles: config.roles };
+      const opts: any = { creator: (await getDbObject())?.createdBy, ownerIds, roles: config.roles };
       if (config.inputType) {
         opts.metatype = config.resultType;
       }
@@ -129,7 +137,7 @@ export abstract class ModuleService<T extends CoreModel = any> {
     // Check output rights
     if (config.checkRights && this.checkRights) {
-      const opts: any = { ownerIds, roles: config.roles, throwError: false };
+      const opts: any = { creator: (await getDbObject())?.createdBy, ownerIds, roles: config.roles, throwError: false };
       if (config.resultType) {
         opts.metatype = config.resultType;
       }

package/src/core/modules/auth/guards/roles.guard.ts CHANGED Viewed

@@ -8,7 +8,8 @@ import { AuthGuard } from './auth.guard';
  * Role guard
  *
  * The RoleGuard is activated by the Role decorator. It checks whether the current user has at least one of the
- * specified roles. If this is not the case, an UnauthorizedException is thrown.
+ * specified roles or is logged in when the S_USER role is set.
+ * If this is not the case, an UnauthorizedException is thrown.
  */
 @Injectable()
 export class RolesGuard extends AuthGuard('jwt') {
@@ -41,11 +42,8 @@ export class RolesGuard extends AuthGuard('jwt') {
       // Get args
       const args: any = GqlExecutionContext.create(context).getArgs();
-      // Check special role for user or owner
-      if (
-        user &&
-        (roles.includes(RoleEnum.USER) || (roles.includes(RoleEnum.OWNER) && user.id.toString() === args.id))
-      ) {
+      // Check special user role (user is logged in)
+      if (user && roles.includes(RoleEnum.S_USER)) {
         return user;
       }

package/src/core/modules/user/core-user.service.ts CHANGED Viewed

@@ -35,7 +35,7 @@ export abstract class CoreUserService<
    * Create user
    */
   async create(input: any, serviceOptions?: ServiceOptions): Promise<TUser> {
-    merge({ prepareInput: { create: true } }, serviceOptions);
+    serviceOptions = merge({ prepareInput: { create: true } }, serviceOptions);
     return this.process(
       async (data) => {
         // Create user with verification token
@@ -47,11 +47,6 @@ export abstract class CoreUserService<
         // Distinguish between different error messages when saving
         try {
           await createdUser.save();
-          if (!createdUser.ownerIds) {
-            createdUser.ownerIds = [];
-          }
-          createdUser.ownerIds.push(createdUser.id);
-          await createdUser.save();
         } catch (error) {
           if (error.code === 11000) {
             throw new UnprocessableEntityException(

package/src/server/modules/user/avatar.controller.ts CHANGED Viewed

@@ -22,7 +22,7 @@ export class AvatarController {
   /**
    * Upload files
    */
-  @Roles(RoleEnum.USER)
+  @Roles(RoleEnum.S_USER)
   @Post('upload')
   @UseInterceptors(
     FileInterceptor(

package/src/server/modules/user/user.resolver.ts CHANGED Viewed

@@ -40,13 +40,13 @@ export class UserResolver {
   /**
    * Get user via ID
    */
-  @Roles(RoleEnum.USER)
+  @Roles(RoleEnum.S_USER)
   @Query((returns) => User, { description: 'Get user with specified ID' })
   async getUser(@Args('id') id: string, @Info() info: GraphQLResolveInfo, @GraphQLUser() user: User): Promise<User> {
     return await this.userService.get(id, {
       currentUser: user,
       fieldSelection: { info, select: 'getUser' },
-      roles: [RoleEnum.OWNER, RoleEnum.ADMIN],
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
     });
   }
@@ -89,13 +89,13 @@ export class UserResolver {
   /**
    * Delete existing user
    */
-  @Roles(RoleEnum.USER)
+  @Roles(RoleEnum.S_USER)
   @Mutation((returns) => User, { description: 'Delete existing user' })
   async deleteUser(@Args('id') id: string, @Info() info: GraphQLResolveInfo, @GraphQLUser() user: User): Promise<User> {
     return await this.userService.delete(id, {
       currentUser: user,
       fieldSelection: { info, select: 'deleteUser' },
-      roles: [RoleEnum.ADMIN, RoleEnum.OWNER],
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
     });
   }
@@ -110,7 +110,7 @@ export class UserResolver {
   /**
    * Update existing user
    */
-  @Roles(RoleEnum.USER)
+  @Roles(RoleEnum.S_USER)
   @Mutation((returns) => User, { description: 'Update existing user' })
   async updateUser(
     @Args('input') input: UserInput,
@@ -123,7 +123,7 @@ export class UserResolver {
       currentUser: user,
       fieldSelection: { info, select: 'updateUser' },
       inputType: UserInput,
-      roles: [RoleEnum.ADMIN, RoleEnum.OWNER],
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
     });
   }

package/src/server/modules/user/user.service.ts CHANGED Viewed

@@ -44,7 +44,14 @@ export class UserService extends CoreUserService<User, UserInput, UserCreateInpu
    */
   async create(input: UserCreateInput, serviceOptions?: ServiceOptions): Promise<User> {
     // Get prepared user
-    const user = await super.create(input, serviceOptions);
+    let user = await super.create(input, serviceOptions);
+    // Add the createdBy information in an additional step if it was not set by the system,
+    // because the user created himself and could not exist as currentUser before
+    if (!user.createdBy) {
+      await this.mainDbModel.findByIdAndUpdate(user.id, { createdBy: user.id });
+      user = await this.get(user.id, serviceOptions);
+    }
     // Publish action
     if (serviceOptions?.pubSub === undefined || serviceOptions.pubSub) {