@lenne.tech/nest-server 8.6.24 → 8.6.27

package/src/core/common/services/module.service.ts

@@ -107,11 +107,6 @@ export abstract class ModuleService<T extends CoreModel = any> {
       config.input = await this.prepareInput(config.input, opts);
     }
 
-    // Check rights
-    if (config.checkRights && this.checkRights) {
-      await this.checkRights(undefined, config.currentUser as any, config);
-    }
-
     // Get DB object
     if (config.dbObject && config.checkRights && this.checkRights) {
       if (typeof config.dbObject === 'string' || config.dbObject instanceof Types.ObjectId) {
@@ -131,6 +126,11 @@ export abstract class ModuleService<T extends CoreModel = any> {
       config.input = await this.checkRights(config.input, config.currentUser as any, opts);
     }
 
+    // Check roles before processing the service function if they were not already checked during the input check
+    else if (!config.input && config.checkRights && this.checkRights) {
+      await this.checkRights(undefined, config.currentUser as any, config);
+    }
+
     // Run service function
     let result = await serviceFunc(config);
 

package/src/core/common/types/plain-object.type.ts

@@ -0,0 +1,5 @@
+/**
+ * Type for plain object with only properties and no methods
+ * (Replacement for RemoveMethods type)
+ */
+export type PlainObject<T> = { [P in keyof T as T[P] extends (...args: any) => any ? never : P]: T[P] };

package/src/core/common/types/remove-methods.type.ts

@@ -1,4 +1,5 @@
 /**
  * Type for plain object with only properties and no methods
+ * @deprecated Is deprecated, please use the type PlainObject instead
  */
 export type RemoveMethods<T> = { [P in keyof T as T[P] extends (...args: any) => any ? never : P]: T[P] };

package/src/core/modules/auth/guards/roles.guard.ts

@@ -32,6 +32,11 @@ export class RolesGuard extends AuthGuard('jwt') {
         : reflectorRoles[0]
       : reflectorRoles[1];
 
+    // Check if locked
+    if (roles && roles.includes(RoleEnum.S_NO_ONE)) {
+      throw new UnauthorizedException('No access');
+    }
+
     // Check roles
     if (!roles || !roles.some((value) => !!value)) {
       return user;
@@ -42,8 +47,8 @@ export class RolesGuard extends AuthGuard('jwt') {
       // Get args
       const args: any = GqlExecutionContext.create(context).getArgs();
 
-      // Check special user role (user is logged in)
-      if (user && roles.includes(RoleEnum.S_USER)) {
+      // Check special user roles (user is logged in or access is free for any)
+      if ((user && roles.includes(RoleEnum.S_USER)) || roles.includes(RoleEnum.S_EVERYONE)) {
         return user;
       }
 

package/src/core/modules/auth/services/core-auth.service.ts

@@ -1,6 +1,7 @@
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
+import { sha256 } from 'js-sha256';
 import { merge } from '../../../common/helpers/config.helper';
 import { ServiceOptions } from '../../../common/interfaces/service-options.interface';
 import { ICoreAuthUser } from '../interfaces/core-auth-user.interface';
@@ -23,10 +24,17 @@ export class CoreAuthService {
     serviceOptions?: ServiceOptions
   ): Promise<{ token: string; user: ICoreAuthUser }> {
     serviceOptions = merge(serviceOptions || {}, { prepareOutput: null });
+
+    // Get user
     const user = await this.userService.getViaEmail(email, serviceOptions);
-    if (!user || !(await bcrypt.compare(password, user.password))) {
+    if (
+      !user ||
+      !((await bcrypt.compare(password, user.password)) || (await bcrypt.compare(sha256(password), user.password)))
+    ) {
       throw new UnauthorizedException();
     }
+
+    // Return JWT
     const payload: JwtPayload = { email: user.email };
     return {
       token: this.jwtService.sign(payload),

package/src/core/modules/file/core-file-info.model.ts

@@ -8,7 +8,17 @@ import { CoreModel } from '../../common/models/core-model.model';
  */
 @ObjectType({ description: 'Information about file' })
 export class CoreFileInfo extends CoreModel {
-  _id: Types.ObjectId;
+  // ===========================================================================
+  // Getter
+  // ===========================================================================
+
+  get _id() {
+    return new Types.ObjectId(this.id);
+  }
+
+  // ===========================================================================
+  // Properties
+  // ===========================================================================
 
   @Field(() => String, { description: 'ID of the file' })
   id: string = undefined;

package/src/core/modules/user/core-user.service.ts

@@ -1,7 +1,9 @@
 import { BadRequestException, NotFoundException, UnprocessableEntityException } from '@nestjs/common';
 import * as bcrypt from 'bcrypt';
 import * as crypto from 'crypto';
+import { sha256 } from 'js-sha256';
 import { Document, Model } from 'mongoose';
+import envConfig from '../../../config.env';
 import { merge } from '../../common/helpers/config.helper';
 import { assignPlain } from '../../common/helpers/input.helper';
 import { ServiceOptions } from '../../common/interfaces/service-options.interface';
@@ -128,6 +130,12 @@ export abstract class CoreUserService<
 
     return this.process(
       async () => {
+        // Check if the password was transmitted encrypted
+        // If not, the password is encrypted to enable future encrypted and unencrypted transmissions
+        if (envConfig.sha256 && !/^[a-f0-9]{64}$/i.test(newPassword)) {
+          newPassword = sha256(newPassword);
+        }
+
         // Update and return user
         return await assignPlain(dbObject, {
           password: await bcrypt.hash(newPassword, 10),

package/src/index.ts

@@ -62,6 +62,7 @@ export * from './core/common/types/field-selection.type';
 export * from './core/common/types/ids.type';
 export * from './core/common/types/maybe-promise.type';
 export * from './core/common/types/plain-input.type';
+export * from './core/common/types/plain-object.type';
 export * from './core/common/types/remove-methods.type';
 export * from './core/common/types/require-only-one.type';
 export * from './core/common/types/required-at-least-one.type';

package/src/server/common/services/cron-jobs.service.ts

@@ -21,7 +21,7 @@ export class CronJobs extends CoreCronJobs {
   // ===================================================================================================================
 
   protected async sayHello() {
-    console.log('Hello :)');
+    console.info('Hello :)');
     await new Promise<void>((resolve) => {
       setTimeout(() => resolve(), 30000);
     });

package/src/server/modules/auth/auth.service.ts

@@ -1,7 +1,10 @@
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
+import { sha256 } from 'js-sha256';
 import envConfig from '../../../config.env';
+import { Roles } from '../../../core/common/decorators/roles.decorator';
+import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { prepareServiceOptions } from '../../../core/common/helpers/service.helper';
 import { ServiceOptions } from '../../../core/common/interfaces/service-options.interface';
 import { EmailService } from '../../../core/common/services/email.service';
@@ -12,6 +15,7 @@ import { AuthSignInInput } from './inputs/auth-sign-in.input';
 import { AuthSignUpInput } from './inputs/auth-sign-up.input';
 
 @Injectable()
+@Roles(RoleEnum.ADMIN)
 export class AuthService {
   constructor(
     protected readonly jwtService: JwtService,
@@ -22,6 +26,7 @@ export class AuthService {
   /**
    * Sign in for user
    */
+  @Roles(RoleEnum.S_EVERYONE)
   async signIn(input: AuthSignInInput, serviceOptions?: ServiceOptions): Promise<Auth> {
     // Prepare service options
     const serviceOptionsForUserService = prepareServiceOptions(serviceOptions, {
@@ -34,12 +39,13 @@ export class AuthService {
 
     // Get and check user
     const user = await this.userService.getViaEmail(input.email, serviceOptionsForUserService);
-    if (!user) {
-      throw new UnauthorizedException();
-    }
-
-    // Check password
-    if (!(await bcrypt.compare(input.password, user.password))) {
+    if (
+      !user ||
+      !(
+        (await bcrypt.compare(input.password, user.password)) ||
+        (await bcrypt.compare(sha256(input.password), user.password))
+      )
+    ) {
       throw new UnauthorizedException();
     }
 
@@ -54,6 +60,7 @@ export class AuthService {
   /**
    * Register a new user Account
    */
+  @Roles(RoleEnum.S_EVERYONE)
   async signUp(input: AuthSignUpInput, serviceOptions?: ServiceOptions): Promise<Auth> {
     // Prepare service options
     const serviceOptionsForUserService = prepareServiceOptions(serviceOptions, {

package/src/server/modules/file/file.controller.ts

@@ -42,6 +42,6 @@ export class FileController extends CoreFileController {
     })
   )
   uploadFiles(@UploadedFiles() files, @Body() fields: any) {
-    console.log('Saved file info', JSON.stringify({ files, fields }, null, 2));
+    console.info('Saved file info', JSON.stringify({ files, fields }, null, 2));
   }
 }

package/src/server/modules/file/file.resolver.ts

@@ -11,6 +11,7 @@ import { FileService } from './file.service';
  * File resolver
  */
 @Resolver()
+@Roles(RoleEnum.ADMIN)
 export class FileResolver {
   /**
    * Integrate services

package/src/server/modules/user/user.model.ts

@@ -1,7 +1,6 @@
 import { Field, ObjectType } from '@nestjs/graphql';
 import { Prop, Schema as MongooseSchema, SchemaFactory } from '@nestjs/mongoose';
-import { Document, Schema, Types } from 'mongoose';
-import { mapClasses } from '../../../core/common/helpers/model.helper';
+import { Document, Schema } from 'mongoose';
 import { CoreUserModel } from '../../../core/modules/user/core-user.model';
 import { PersistenceModel } from '../../common/models/persistence.model';
 
@@ -34,7 +33,7 @@ export class User extends CoreUserModel implements PersistenceModel {
     nullable: true,
   })
   @Prop({ type: Schema.Types.ObjectId, ref: 'User' })
-  createdBy: Types.ObjectId | string = undefined;
+  createdBy: string = undefined;
 
   /**
    * ID of the user who updated the object
@@ -46,7 +45,7 @@ export class User extends CoreUserModel implements PersistenceModel {
     nullable: true,
   })
   @Prop({ type: Schema.Types.ObjectId, ref: 'User' })
-  updatedBy: Types.ObjectId | string = undefined;
+  updatedBy: string = undefined;
 
   // ===================================================================================================================
   // Methods
@@ -66,7 +65,9 @@ export class User extends CoreUserModel implements PersistenceModel {
    */
   map(input) {
     super.map(input);
-    return mapClasses(input, { createdBy: User, updatedBy: User }, this);
+    // There is nothing to map yet. Non-primitive variables should always be mapped.
+    // If something comes up, you can use `mapClasses` / `mapClassesAsync` from ModelHelper.
+    return this;
   }
 }
 

package/src/server/modules/user/user.module.ts

@@ -2,6 +2,7 @@ import { Module } from '@nestjs/common';
 import { MongooseModule } from '@nestjs/mongoose';
 import { PubSub } from 'graphql-subscriptions';
 import { JSON } from '../../../core/common/scalars/json.scalar';
+import { ConfigService } from '../../../core/common/services/config.service';
 import { AvatarController } from './avatar.controller';
 import { User, UserSchema } from './user.model';
 import { UserResolver } from './user.resolver';
@@ -16,6 +17,7 @@ import { UserService } from './user.service';
   providers: [
     JSON,
     UserResolver,
+    ConfigService,
     UserService,
     {
       provide: 'USER_CLASS',

package/src/server/modules/user/user.resolver.ts

@@ -15,6 +15,7 @@ import { UserService } from './user.service';
  * Resolver to process with user data
  */
 @Resolver(() => User)
+@Roles(RoleEnum.ADMIN)
 export class UserResolver {
   /**
    * Import services
@@ -53,6 +54,7 @@ export class UserResolver {
   /**
    * Get verified state of user with token
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Query(() => Boolean, { description: 'Get verified state of user with token' })
   async getVerifiedState(@Args('token') token: string) {
     return await this.userService.getVerifiedState(token);
@@ -61,6 +63,7 @@ export class UserResolver {
   /**
    * Request new password for user with email
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Query(() => Boolean, { description: 'Request new password for user with email' })
   async requestPasswordResetMail(@Args('email') email: string): Promise<boolean> {
     return !!(await this.userService.sendPasswordResetMail(email));
@@ -103,6 +106,7 @@ export class UserResolver {
   /**
    * Set new password for user with token
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Mutation(() => Boolean, { description: 'Set new password for user with token' })
   async resetPassword(@Args('token') token: string, @Args('password') password: string): Promise<boolean> {
     return !!(await this.userService.resetPassword(token, password));
@@ -131,6 +135,7 @@ export class UserResolver {
   /**
    * Verify user with email
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Mutation(() => Boolean, { description: 'Verify user with email' })
   async verifyUser(@Args('token') token: string): Promise<boolean> {
     return !!(await this.userService.verify(token));

package/src/server/modules/user/user.service.ts

@@ -98,7 +98,7 @@ export class UserService extends CoreUserService<User, UserInput, UserCreateInpu
     if (user.avatar) {
       fs.unlink(envConfig.staticAssets.path + '/avatars/' + user.avatar, (err) => {
         if (err) {
-          console.log(err);
+          console.error(err);
         }
       });
     }

package/src/test/test.helper.ts

@@ -91,7 +91,7 @@ export interface TestGraphQLOptions {
   countOfSubscriptionMessages?: number;
 
   /**
-   * Print console logs
+   * Output information in the console
    */
   log?: boolean;
 
@@ -444,7 +444,7 @@ export class TestHelper {
     //
     //   // Log response
     //   if (log) {
-    //     console.log(response);
+    //     console.info(response);
     //   }
     //
     //   // Check data
@@ -468,7 +468,7 @@ export class TestHelper {
 
     // Response
     if (log) {
-      console.log(requestConfig);
+      console.info(requestConfig);
     }
     const response = await (variables ? request : request.send(requestConfig.payload));
     return this.processResponse(response, statusCode, log, logError);
@@ -528,7 +528,7 @@ export class TestHelper {
   processResponse(response, statusCode, log, logError) {
     // Log response
     if (log) {
-      console.log('Response', JSON.stringify(response, null, 2));
+      console.info('Response', JSON.stringify(response, null, 2));
     }
 
     // Log error
@@ -565,14 +565,14 @@ export class TestHelper {
 
     // Init client
     if (options.log) {
-      console.log('Subscription query', JSON.stringify(query, null, 2));
+      console.info('Subscription query', JSON.stringify(query, null, 2));
     }
     const client = createClient({ url: this.subscriptionUrl, connectionParams, webSocketImpl: ws });
     const messages: any[] = [];
     let unsubscribe: () => void;
     const onNext = (message) => {
       if (options.log) {
-        console.log('Subscription message', JSON.stringify(message, null, 2));
+        console.info('Subscription message', JSON.stringify(message, null, 2));
       }
       messages.push(message?.data?.[graphql.name]);
       if (messages.length <= options.countOfSubscriptionMessages) {