npm - @lenne.tech/nest-server - Versions diffs - 8.4.0 → 8.5.0 - Mend

@lenne.tech/nest-server 8.4.0 → 8.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "8.4.0",
+  "version": "8.5.0",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",

package/src/core/common/decorators/restricted.decorator.ts CHANGED Viewed

@@ -9,6 +9,10 @@ import { RequireAtLeastOne } from '../types/required-at-least-one.type';
  * Restricted meta key
  */
 const restrictedMetaKey = Symbol('restricted');
+/**
+ * Restricted type
+ */
 export type RestrictedType = (
   | string
   | RequireAtLeastOne<
@@ -31,14 +35,17 @@ export type RestrictedType = (
  *    properties of the processed item, which is specified by the value of `memberOf`
  *    Via processType the restriction can be set for input or output only
  */
-export const Restricted = (...rolesOrMember: RestrictedType): PropertyDecorator => {
+export const Restricted = (...rolesOrMember: RestrictedType): ClassDecorator & PropertyDecorator => {
   return Reflect.metadata(restrictedMetaKey, rolesOrMember);
 };
 /**
- * Get restricted
+ * Get restricted data for (property of) object
  */
-export const getRestricted = (object: unknown, propertyKey: string): RestrictedType => {
+export const getRestricted = (object: unknown, propertyKey?: string): RestrictedType => {
+  if (!propertyKey) {
+    return Reflect.getMetadata(restrictedMetaKey, object);
+  }
   return Reflect.getMetadata(restrictedMetaKey, object, propertyKey);
 };
@@ -49,11 +56,18 @@ export const getRestricted = (object: unknown, propertyKey: string): RestrictedT
 export const checkRestricted = (
   data: any,
   user: { id: any; hasRole: (roles: string[]) => boolean },
-  options: { dbObject?: any; ignoreUndefined?: boolean; processType?: ProcessType; throwError?: boolean } = {},
+  options: {
+    dbObject?: any;
+    ignoreUndefined?: boolean;
+    processType?: ProcessType;
+    removeUndefinedFromResultArray?: boolean;
+    throwError?: boolean;
+  } = {},
   processedObjects: any[] = []
 ) => {
   const config = {
     ignoreUndefined: true,
+    removeUndefinedFromResultArray: true,
     throwError: true,
     ...options,
   };
@@ -72,18 +86,15 @@ export const checkRestricted = (
   // Array
   if (Array.isArray(data)) {
     // Check array items
-    return data.map((item) => checkRestricted(item, user, config, processedObjects));
-  }
-  // Object
-  for (const propertyKey of Object.keys(data)) {
-    // Check undefined
-    if (data[propertyKey] === undefined && config.ignoreUndefined) {
-      continue;
+    let result = data.map((item) => checkRestricted(item, user, config, processedObjects));
+    if (!config.throwError && config.removeUndefinedFromResultArray) {
+      result = result.filter((item) => item !== undefined);
     }
+    return result;
+  }
-    // Check restricted
-    const restricted = getRestricted(data, propertyKey);
+  // Check function
+  const validateRestricted = (restricted) => {
     let valid = true;
     if (restricted?.length) {
       valid = false;
@@ -110,6 +121,7 @@ export const checkRestricted = (
         // Check roles
         if (
           user?.hasRole(roles) ||
+          (user?.id && roles.includes(RoleEnum.S_USER)) ||
           (roles.includes(RoleEnum.S_CREATOR) && getIncludedIds(config.dbObject?.createdBy, user))
         ) {
           valid = true;
@@ -161,6 +173,30 @@ export const checkRestricted = (
         }
       }
     }
+    return valid;
+  };
+  // Check object
+  const objectRestrictions = getRestricted(data.constructor);
+  const objectIsValid = validateRestricted(objectRestrictions);
+  if (!objectIsValid) {
+    // Throw error
+    if (config.throwError) {
+      throw new UnauthorizedException('The current user has no access rights for ' + data.constructor?.name);
+    }
+    return null;
+  }
+  // Check properties of object
+  for (const propertyKey of Object.keys(data)) {
+    // Check undefined
+    if (data[propertyKey] === undefined && config.ignoreUndefined) {
+      continue;
+    }
+    // Check restricted
+    const restricted = getRestricted(data, propertyKey);
+    const valid = validateRestricted(restricted);
     // Check rights
     if (valid) {

package/src/core/common/helpers/service.helper.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { UnauthorizedException } from '@nestjs/common';
 import * as bcrypt from 'bcrypt';
+import { plainToInstance } from 'class-transformer';
 import * as _ from 'lodash';
 import { RoleEnum } from '../enums/role.enum';
@@ -54,6 +55,7 @@ export async function prepareInput<T = any>(
     clone?: boolean;
     getNewArray?: boolean;
     removeUndefined?: boolean;
+    targetModel?: new (...args: any[]) => T;
   } = {}
 ): Promise<T> {
   // Configuration
@@ -86,6 +88,15 @@ export async function prepareInput<T = any>(
     }
   }
+  // Map input if target model exist
+  if (config.targetModel && !(input instanceof config.targetModel)) {
+    if ((config.targetModel as any)?.map) {
+      input = await (config.targetModel as any).map(input);
+    } else {
+      input = plainToInstance(config.targetModel, input);
+    }
+  }
   // Remove undefined properties to avoid unwanted overwrites
   if (config.removeUndefined) {
     Object.keys(input).forEach((key) => input[key] === undefined && delete input[key]);
@@ -171,8 +182,12 @@ export async function prepareOutput<T = { [key: string]: any; map: (...args: any
   }
   // Map output if target model exist
-  if (config.targetModel) {
-    output = await (config.targetModel as any).map(output);
+  if (config.targetModel && !(output instanceof config.targetModel)) {
+    if ((config.targetModel as any)?.map) {
+      output = await (config.targetModel as any).map(output);
+    } else {
+      output = plainToInstance(config.targetModel, output);
+    }
   }
   // Remove password if exists

package/src/core/common/interfaces/service-options.interface.ts CHANGED Viewed

@@ -26,6 +26,9 @@ export interface ServiceOptions {
   // Overwrites type of input (array items)
   inputType?: new (...params: any[]) => any;
+  // Overwrites type of output (array items)
+  outputType?: new (...params: any[]) => any;
   // Process field selection
   // If {} or not set, then the field selection runs with defaults
   // If falsy, then the field selection will not be automatically executed
@@ -59,9 +62,6 @@ export interface ServiceOptions {
   // Whether to publish action via GraphQL subscription
   pubSub?: boolean;
-  // Overwrites type of result (array items)
-  resultType?: new (...params: any[]) => any;
   // Roles (as string) to check
   roles?: string | string[];
 }

package/src/core/common/services/module.service.ts CHANGED Viewed

@@ -84,7 +84,11 @@ export abstract class ModuleService<T extends CoreModel = any> {
     // Prepare input
     if (config.prepareInput && this.prepareInput) {
-      await this.prepareInput(config.input, config.prepareInput);
+      const opts = config.prepareInput;
+      if (!opts.targetModel && config.inputType) {
+        opts.targetModel = config.inputType;
+      }
+      await this.prepareInput(config.input, opts);
     }
     // Get DB object
@@ -101,7 +105,7 @@ export abstract class ModuleService<T extends CoreModel = any> {
     if (config.input && config.checkRights && this.checkRights) {
       const opts: any = { dbObject: config.dbObject, processType: ProcessType.INPUT, roles: config.roles };
       if (config.inputType) {
-        opts.metatype = config.resultType;
+        opts.metatype = config.inputType;
       }
       config.input = await this.checkRights(config.input, config.currentUser as any, opts);
     }
@@ -116,11 +120,11 @@ export abstract class ModuleService<T extends CoreModel = any> {
     // Prepare output
     if (config.prepareOutput && this.prepareOutput) {
-      // Check if mapping is already done by processFieldSelection
-      if (config.processFieldSelection && config.fieldSelection && this.processFieldSelection) {
-        config.prepareOutput.targetModel = null;
+      const opts = config.prepareOutput;
+      if (!opts.targetModel && config.outputType) {
+        opts.targetModel = config.outputType;
       }
-      result = await this.prepareOutput(result, config.prepareOutput);
+      result = await this.prepareOutput(result, opts);
     }
     // Check output rights
@@ -131,8 +135,8 @@ export abstract class ModuleService<T extends CoreModel = any> {
         roles: config.roles,
         throwError: false,
       };
-      if (config.resultType) {
-        opts.metatype = config.resultType;
+      if (config.outputType) {
+        opts.metatype = config.outputType;
       }
       result = await this.checkRights(result, config.currentUser as any, opts);
     }
@@ -145,7 +149,11 @@ export abstract class ModuleService<T extends CoreModel = any> {
    * Prepare input before save
    */
   async prepareInput(input: Record<string, any>, options: ServiceOptions = {}) {
-    return prepareInput(input, options.currentUser, options.prepareInput);
+    const config = {
+      targetModel: this.mainModelConstructor,
+      ...options?.prepareInput,
+    };
+    return prepareInput(input, options.currentUser, config);
   }
   /**