@lenne.tech/nest-server 9.3.0 → 9.4.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/nest-server",
-  "version": "9.3.0",
+  "version": "9.4.1",
   "description": "Modern, fast, powerful Node.js web framework in TypeScript based on Nest with a GraphQL API and a connection to MongoDB (or other databases).",
   "keywords": [
     "node",
@@ -60,15 +60,15 @@
     "node": ">= 16.13.0"
   },
   "dependencies": {
-    "@apollo/gateway": "2.3.2",
-    "@nestjs/apollo": "10.2.0",
-    "@nestjs/common": "9.3.9",
-    "@nestjs/core": "9.3.9",
-    "@nestjs/graphql": "10.2.0",
+    "@apollo/gateway": "2.4.0",
+    "@nestjs/apollo": "11.0.4",
+    "@nestjs/common": "9.3.12",
+    "@nestjs/core": "9.3.12",
+    "@nestjs/graphql": "11.0.4",
     "@nestjs/jwt": "10.0.2",
-    "@nestjs/mongoose": "9.2.1",
+    "@nestjs/mongoose": "9.2.2",
     "@nestjs/passport": "9.0.3",
-    "@nestjs/platform-express": "9.3.9",
+    "@nestjs/platform-express": "9.3.12",
     "@nestjs/schedule": "2.2.0",
     "apollo-server-core": "3.11.1",
     "apollo-server-express": "3.11.1",
@@ -77,48 +77,48 @@
     "class-validator": "0.14.0",
     "compression": "1.7.4",
     "cookie-parser": "1.4.6",
-    "ejs": "3.1.8",
+    "ejs": "3.1.9",
     "graphql": "16.6.0",
     "graphql-query-complexity": "0.12.0",
     "graphql-subscriptions": "2.0.0",
     "graphql-upload": "15.0.2",
     "js-sha256": "0.9.0",
     "json-to-graphql-query": "2.2.5",
-    "light-my-request": "5.8.0",
+    "light-my-request": "5.9.1",
     "lodash": "4.17.21",
     "mongodb": "4.14.0",
-    "mongoose": "6.9.1",
+    "mongoose": "6.10.4",
     "mongoose-gridfs": "1.3.0",
     "multer": "1.4.5-lts.1",
     "multer-gridfs-storage": "5.0.2",
     "node-mailjet": "6.0.2",
     "nodemailer": "6.9.1",
-    "nodemon": "2.0.20",
+    "nodemon": "2.0.22",
     "passport": "0.6.0",
     "passport-jwt": "4.0.1",
     "reflect-metadata": "0.1.13",
     "rfdc": "1.3.0",
-    "rimraf": "4.1.2",
+    "rimraf": "4.4.1",
     "rxjs": "7.8.0"
   },
   "devDependencies": {
-    "@nestjs/testing": "9.3.9",
+    "@nestjs/testing": "9.3.12",
     "@types/compression": "1.7.2",
     "@types/cookie-parser": "1.4.3",
-    "@types/cron": "2.0.0",
-    "@types/ejs": "3.1.1",
-    "@types/jest": "29.4.0",
-    "@types/lodash": "4.14.191",
+    "@types/cron": "2.0.1",
+    "@types/ejs": "3.1.2",
+    "@types/jest": "29.5.0",
+    "@types/lodash": "4.14.192",
     "@types/multer": "1.4.7",
-    "@types/node": "18.13.0",
+    "@types/node": "18.15.10",
     "@types/nodemailer": "6.4.7",
-    "@types/passport": "1.0.11",
+    "@types/passport": "1.0.12",
     "@types/supertest": "2.0.12",
-    "@typescript-eslint/eslint-plugin": "5.52.0",
-    "@typescript-eslint/parser": "5.52.0",
+    "@typescript-eslint/eslint-plugin": "5.57.0",
+    "@typescript-eslint/parser": "5.57.0",
     "coffeescript": "2.7.0",
-    "eslint": "8.34.0",
-    "eslint-config-prettier": "8.6.0",
+    "eslint": "8.36.0",
+    "eslint-config-prettier": "8.8.0",
     "find-file-up": "2.0.1",
     "grunt": "1.6.1",
     "grunt-bg-shell": "2.3.3",
@@ -126,17 +126,17 @@
     "grunt-contrib-watch": "1.1.0",
     "grunt-sync": "0.8.2",
     "husky": "8.0.3",
-    "jest": "29.4.2",
+    "jest": "29.5.0",
     "npm-watch": "0.11.0",
-    "pm2": "5.2.2",
-    "prettier": "2.8.4",
+    "pm2": "5.3.0",
+    "prettier": "2.8.7",
     "pretty-quick": "3.1.3",
     "supertest": "6.3.3",
     "ts-jest": "29.0.5",
     "ts-morph": "17.0.1",
     "ts-node": "10.9.1",
     "tsconfig-paths": "4.1.2",
-    "typescript": "4.9.5",
+    "typescript": "5.0.2",
     "yalc": "1.0.0-pre.53"
   },
   "overrides": {

package/src/config.env.ts

@@ -51,7 +51,6 @@ const config: { [env: string]: IServerOptions } = {
     },
     graphQl: {
       driver: {
-        debug: true,
         introspection: true,
       },
       maxComplexity: 20,
@@ -125,7 +124,6 @@ const config: { [env: string]: IServerOptions } = {
     },
     graphQl: {
       driver: {
-        debug: true,
         introspection: true,
       },
       maxComplexity: 20,
@@ -199,7 +197,6 @@ const config: { [env: string]: IServerOptions } = {
     },
     graphQl: {
       driver: {
-        debug: false,
         introspection: true,
       },
       maxComplexity: 20,

package/src/core/common/decorators/restricted.decorator.ts

@@ -137,6 +137,7 @@ export const checkRestricted = (
         roles.includes(RoleEnum.S_EVERYONE) ||
         user?.hasRole?.(roles) ||
         (user?.id && roles.includes(RoleEnum.S_USER)) ||
+        (roles.includes(RoleEnum.S_SELF) && getIncludedIds(config.dbObject, user)) ||
         (roles.includes(RoleEnum.S_CREATOR) && getIncludedIds(config.dbObject?.createdBy, user))
       ) {
         valid = true;

package/src/core/common/enums/role.enum.ts

@@ -53,4 +53,7 @@ export enum RoleEnum {
 
   // User must be the creator of the processed object(s) (see createdBy property of object(s))
   S_CREATOR = 's_creator',
+
+  // User must be herself/himself
+  S_SELF = 's_self',
 }

package/src/core/common/helpers/input.helper.ts

@@ -2,6 +2,7 @@ import { BadRequestException, HttpException, UnauthorizedException } from '@nest
 import { plainToInstance } from 'class-transformer';
 import { validate } from 'class-validator';
 import { ValidatorOptions } from 'class-validator/types/validation/ValidatorOptions';
+import { Kind } from 'graphql/index';
 import * as _ from 'lodash';
 import * as rfdc from 'rfdc';
 import { checkRestricted } from '../decorators/restricted.decorator';
@@ -249,6 +250,8 @@ export async function check(
       (roles.includes(RoleEnum.S_USER) && user?.id) ||
       // check if the user has at least one of the required roles
       user?.hasRole?.(roles) ||
+      // check if the user is herself / himself
+      (roles.includes(RoleEnum.S_SELF) && equalIds(config.dbObject, user)) ||
       // check if the user is the creator
       (roles.includes(RoleEnum.S_CREATOR) && equalIds(config.dbObject?.createdBy, user))
     ) {
@@ -300,6 +303,25 @@ export async function check(
   return value;
 }
 
+/**
+ * Check if input is a valid Date format and return a new Date
+ */
+export function checkAndGetDate(input: any): Date {
+  // Create date from value
+  const date = new Date(input);
+
+  // Check value
+  if (date.toString() === 'Invalid Date') {
+    throw new Error('Invalid value for date');
+  }
+
+  // Check if range is valid
+  date.toISOString();
+
+  // Return date if everything is fine
+  return date;
+}
+
 /**
  * Clone object
  * @param object Any object
@@ -379,6 +401,30 @@ export function filterProperties<T = Record<string, any>>(
     .reduce((res, key) => Object.assign(res, { [key]: obj[key] }), {});
 }
 
+export function getDateFromGraphQL(input: any): Date {
+  // Check value
+  if (input.value === undefined || input.value === null) {
+    return input.value;
+  }
+
+  // Check nullable
+  if (!input.value) {
+    throw new Error('Invalid value for date');
+  }
+
+  // Check value type
+  if (input.kind !== Kind.INT && input.kind !== Kind.STRING) {
+    throw new Error('Invalid value type for date');
+  }
+
+  // Check format if value is a string
+  if (input.kind === Kind.STRING && isNaN(Date.parse(input.value))) {
+    throw new Error('Invalid ISO 8601 format for date');
+  }
+
+  return checkAndGetDate(input.value);
+}
+
 /**
  * Get plain copy of object
  */

package/src/core/common/middlewares/to-lower-case.middleware.ts

@@ -0,0 +1,9 @@
+import { FieldMiddleware, MiddlewareContext, NextFn } from '@nestjs/graphql';
+
+/**
+ * Field middleware to convert string to lowercase letters
+ */
+export const toLowerCase: FieldMiddleware = async (ctx: MiddlewareContext, next: NextFn) => {
+  const value = await next();
+  return value?.toLowerCase();
+};

package/src/core/common/scalars/date-timestamp.scalar.ts

@@ -0,0 +1,32 @@
+import { CustomScalar, Scalar } from '@nestjs/graphql';
+import { Kind } from 'graphql';
+import { checkAndGetDate, getDateFromGraphQL } from '../helpers/input.helper';
+
+/**
+ * Date-Timestamp-Scalar to convert timestamp to date and vice versa
+ */
+@Scalar('Date', (type) => Date)
+export class DateTimestampScalar implements CustomScalar<number, Date> {
+  description = 'Date (by Timestamp) custom scalar type';
+
+  /**
+   * Parse value from the client input variables
+   */
+  parseValue(value: number): Date {
+    return checkAndGetDate(value); // value from the client
+  }
+
+  /**
+   * Serialize value to send to the client
+   */
+  serialize(value: Date): number {
+    return value.getTime(); // value sent to the client
+  }
+
+  /**
+   * Parse value from the client query
+   */
+  parseLiteral(ast: any): Date {
+    return getDateFromGraphQL(ast);
+  }
+}

package/src/core/common/scalars/date.scalar.ts

@@ -1,5 +1,6 @@
 import { CustomScalar, Scalar } from '@nestjs/graphql';
 import { Kind } from 'graphql';
+import { checkAndGetDate, getDateFromGraphQL } from '../helpers/input.helper';
 
 /**
  * Date scalar to convert string into date
@@ -12,7 +13,7 @@ export class DateScalar implements CustomScalar<string, Date> {
    * Parse value from the client input variables
    */
   parseValue(value: number): Date {
-    return new Date(value); // value from the client
+    return checkAndGetDate(value); // value from the client
   }
 
   /**
@@ -26,38 +27,6 @@ export class DateScalar implements CustomScalar<string, Date> {
    * Parse value from the client query
    */
   parseLiteral(ast: any): Date {
-    // Check value
-    if (ast.value === undefined || ast.value === null) {
-      return ast.value;
-    }
-
-    // Check nullable
-    if (!ast.value) {
-      throw new Error('Invalid value for date');
-    }
-
-    // Check value type
-    if (ast.kind !== Kind.INT && ast.kind !== Kind.STRING) {
-      throw new Error('Invalid value type for date');
-    }
-
-    // Check format if value is a string
-    if (ast.kind === Kind.STRING && isNaN(Date.parse(ast.value))) {
-      throw new Error('Invalid ISO 8601 format for date');
-    }
-
-    // Create date from value
-    const date = new Date(ast.value);
-
-    // Check value
-    if (date.toString() === 'Invalid Date') {
-      throw new Error('Invalid value for date');
-    }
-
-    // Check if range is valid
-    date.toISOString();
-
-    // Return date if everything is fine
-    return date;
+    return getDateFromGraphQL(ast);
   }
 }

package/src/core/modules/user/core-user.model.ts

@@ -22,7 +22,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
    */
   @Field({ description: 'Email of the user', nullable: true })
   @IsEmail()
-  @Prop({ unique: true })
+  @Prop({ unique: true, lowercase: true, trim: true })
   email: string = undefined;
 
   /**

package/src/core/modules/user/inputs/core-user.input.ts

@@ -4,6 +4,7 @@ import { Restricted } from '../../../common/decorators/restricted.decorator';
 import { ProcessType } from '../../../common/enums/process-type.enum';
 import { RoleEnum } from '../../../common/enums/role.enum';
 import { CoreInput } from '../../../common/inputs/core-input.input';
+import { toLowerCase } from '../../../common/middlewares/to-lower-case.middleware';
 
 /**
  * User input to update a user

package/src/index.ts

@@ -48,6 +48,7 @@ export * from './core/common/interfaces/prepare-output-options.interface';
 export * from './core/common/interfaces/resolve-selector.interface';
 export * from './core/common/interfaces/server-options.interface';
 export * from './core/common/interfaces/service-options.interface';
+export * from './core/common/middlewares/to-lower-case.middleware';
 export * from './core/common/models/core-model.model';
 export * from './core/common/models/core-persistence.model';
 export * from './core/common/pipes/check-input.pipe';
@@ -56,6 +57,7 @@ export * from './core/common/plugins/complexity.plugin';
 export * from './core/common/plugins/mongoose-id.plugin';
 export * from './core/common/scalars/any.scalar';
 export * from './core/common/scalars/date.scalar';
+export * from './core/common/scalars/date-timestamp.scalar';
 export * from './core/common/scalars/json.scalar';
 export * from './core/common/services/config.service';
 export * from './core/common/services/core-cron-jobs.service';

package/src/server/modules/user/user.resolver.ts

@@ -62,7 +62,7 @@ export class UserResolver {
   async getUser(@GraphQLServiceOptions() serviceOptions: ServiceOptions, @Args('id') id: string): Promise<User> {
     return await this.userService.get(id, {
       ...serviceOptions,
-      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR, RoleEnum.S_SELF],
     });
   }
 
@@ -111,7 +111,7 @@ export class UserResolver {
   async deleteUser(@GraphQLServiceOptions() serviceOptions: ServiceOptions, @Args('id') id: string): Promise<User> {
     return await this.userService.delete(id, {
       ...serviceOptions,
-      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR, RoleEnum.S_SELF],
     });
   }
 
@@ -138,7 +138,7 @@ export class UserResolver {
     return await this.userService.update(id, input, {
       ...serviceOptions,
       inputType: UserInput,
-      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR],
+      roles: [RoleEnum.ADMIN, RoleEnum.S_CREATOR, RoleEnum.S_SELF],
     });
   }
 

package/src/test/test.helper.ts

@@ -520,6 +520,8 @@ export class TestHelper {
     // Add variables as attachment or field
     mapArray.forEach((variable, i) => {
       if (variable.type === 'attachment') {
+        // See https://stackoverflow.com/questions/74581070/apollo-client-this-operation-has-been-blocked-as-a-potential-cross-site-request
+        request.set('Apollo-Require-Preflight', 'true');
         if (typeof variable.value === 'object' && variable.value.file) {
           request.attach(`${i}`, variable.value.file, variable.value.options);
         } else {