npm - @lenne.tech/nest-server - Versions diffs - 8.6.25 → 8.6.26 - Mend

@lenne.tech/nest-server 8.6.25 → 8.6.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "8.6.25",
+  "version": "8.6.26",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",

package/src/config.env.ts CHANGED Viewed

@@ -55,6 +55,7 @@ const config: { [env: string]: IServerOptions } = {
       uri: 'mongodb://localhost/nest-server-dev',
     },
     port: 3000,
+    sha256: true,
     staticAssets: {
       path: join(__dirname, '..', 'public'),
       options: { prefix: '' },
@@ -105,6 +106,7 @@ const config: { [env: string]: IServerOptions } = {
       uri: 'mongodb://localhost/nest-server-dev',
     },
     port: 3000,
+    sha256: true,
     staticAssets: {
       path: join(__dirname, '..', 'public'),
       options: { prefix: '' },
@@ -155,6 +157,7 @@ const config: { [env: string]: IServerOptions } = {
       uri: 'mongodb://localhost/nest-server-prod',
     },
     port: 3000,
+    sha256: true,
     staticAssets: {
       path: join(__dirname, '..', 'public'),
       options: { prefix: '' },

package/src/core/common/helpers/service.helper.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { plainToInstance } from 'class-transformer';
 import { sha256 } from 'js-sha256';
 import * as _ from 'lodash';
 import { Types } from 'mongoose';
+import envConfig from '../../../config.env';
 import { RoleEnum } from '../enums/role.enum';
 import { PrepareInputOptions } from '../interfaces/prepare-input-options.interface';
 import { PrepareOutputOptions } from '../interfaces/prepare-output-options.interface';
@@ -133,9 +134,10 @@ export async function prepareInput<T = any>(
   if ((input as any).password) {
     // Check if the password was transmitted encrypted
     // If not, the password is encrypted to enable future encrypted and unencrypted transmissions
-    (input as any).password = /^[a-f0-9]{64}$/i.test((input as any).password)
-      ? (input as any).password
-      : sha256((input as any).password);
+    (input as any).password =
+      !envConfig.sha256 || /^[a-f0-9]{64}$/i.test((input as any).password)
+        ? (input as any).password
+        : sha256((input as any).password);
     // Hash password
     (input as any).password = await bcrypt.hash((input as any).password, 10);

package/src/core/common/interfaces/server-options.interface.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { JwtModuleOptions } from '@nestjs/jwt';
 import { MongooseModuleOptions } from '@nestjs/mongoose';
 import { ServeStaticOptions } from '@nestjs/platform-express/interfaces/serve-static-options.interface';
 import { CronExpression } from '@nestjs/schedule';
+import { sha256 } from 'js-sha256';
 import * as SMTPTransport from 'nodemailer/lib/smtp-transport';
 import { Falsy } from '../types/falsy.type';
 import { CronJobConfig } from './cron-job-config.interface';
@@ -156,6 +157,12 @@ export interface IServerOptions {
     path?: string;
   };
+  /**
+   * Whether to enable verification and automatic encryption for received passwords that are not in sha256 format
+   * default = false, sha256 format check: /^[a-f0-9]{64}$/i
+   */
+  sha256?: boolean;
   /**
    * Templates
    */

package/src/core/modules/user/core-user.service.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import * as bcrypt from 'bcrypt';
 import * as crypto from 'crypto';
 import { sha256 } from 'js-sha256';
 import { Document, Model } from 'mongoose';
+import envConfig from '../../../config.env';
 import { merge } from '../../common/helpers/config.helper';
 import { assignPlain } from '../../common/helpers/input.helper';
 import { ServiceOptions } from '../../common/interfaces/service-options.interface';
@@ -131,7 +132,7 @@ export abstract class CoreUserService<
       async () => {
         // Check if the password was transmitted encrypted
         // If not, the password is encrypted to enable future encrypted and unencrypted transmissions
-        newPassword = /^[a-f0-9]{64}$/i.test(newPassword) ? newPassword : sha256(newPassword);
+        newPassword = !envConfig.sha256 || /^[a-f0-9]{64}$/i.test(newPassword) ? newPassword : sha256(newPassword);
         // Update and return user
         return await assignPlain(dbObject, {

package/src/server/modules/user/user.resolver.ts CHANGED Viewed

@@ -54,7 +54,7 @@ export class UserResolver {
   /**
    * Get verified state of user with token
    */
-  @Roles(RoleEnum.S_USER)
+  @Roles(RoleEnum.S_EVERYONE)
   @Query(() => Boolean, { description: 'Get verified state of user with token' })
   async getVerifiedState(@Args('token') token: string) {
     return await this.userService.getVerifiedState(token);
@@ -148,7 +148,6 @@ export class UserResolver {
   /**
    * Subscription for created user
    */
-  @Roles(RoleEnum.ADMIN)
   @Subscription(() => User, {
     filter(this: UserResolver, payload, variables, context) {
       return context?.user?.hasRole?.(RoleEnum.ADMIN);