npm - @scryan7371/sdr-security - Versions diffs - 0.1.2 → 0.1.4 - Mend

@scryan7371/sdr-security 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/src/api/migrations/index.ts CHANGED Viewed

@@ -1,21 +1,24 @@
 import { AddRefreshTokens1700000000001 } from "./1700000000001-add-refresh-tokens";
-import { AddGoogleSubjectToUser1739490000000 } from "./1739490000000-add-google-subject-to-user";
 import { CreateSecurityIdentity1739500000000 } from "./1739500000000-create-security-identity";
 import { CreateSecurityRoles1739510000000 } from "./1739510000000-create-security-roles";
+import { CreateSecurityUserRoles1739515000000 } from "./1739515000000-create-security-user-roles";
 import { CreatePasswordResetTokens1739520000000 } from "./1739520000000-create-password-reset-tokens";
+import { CreateSecurityUser1739530000000 } from "./1739530000000-create-security-user";
 export const securityMigrations = [
   AddRefreshTokens1700000000001,
-  AddGoogleSubjectToUser1739490000000,
   CreateSecurityIdentity1739500000000,
   CreateSecurityRoles1739510000000,
+  CreateSecurityUserRoles1739515000000,
   CreatePasswordResetTokens1739520000000,
+  CreateSecurityUser1739530000000,
 ];
 export {
   AddRefreshTokens1700000000001,
-  AddGoogleSubjectToUser1739490000000,
   CreateSecurityIdentity1739500000000,
   CreateSecurityRoles1739510000000,
+  CreateSecurityUserRoles1739515000000,
   CreatePasswordResetTokens1739520000000,
+  CreateSecurityUser1739530000000,
 };

package/src/api/migrations/migrations.test.ts CHANGED Viewed

@@ -1,9 +1,10 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
 import { AddRefreshTokens1700000000001 } from "./1700000000001-add-refresh-tokens";
-import { AddGoogleSubjectToUser1739490000000 } from "./1739490000000-add-google-subject-to-user";
 import { CreateSecurityIdentity1739500000000 } from "./1739500000000-create-security-identity";
 import { CreateSecurityRoles1739510000000 } from "./1739510000000-create-security-roles";
+import { CreateSecurityUserRoles1739515000000 } from "./1739515000000-create-security-user-roles";
 import { CreatePasswordResetTokens1739520000000 } from "./1739520000000-create-password-reset-tokens";
+import { CreateSecurityUser1739530000000 } from "./1739530000000-create-security-user";
 import { securityMigrations } from "./index";
 const originalEnv = { ...process.env };
@@ -15,11 +16,18 @@ afterEach(() => {
 describe("security migrations", () => {
   it("exports migration list", () => {
-    expect(securityMigrations.length).toBe(5);
-    expect(securityMigrations[0]).toBe(AddRefreshTokens1700000000001);
+    expect(securityMigrations.length).toBe(6);
+    expect(securityMigrations).toEqual([
+      AddRefreshTokens1700000000001,
+      CreateSecurityIdentity1739500000000,
+      CreateSecurityRoles1739510000000,
+      CreateSecurityUserRoles1739515000000,
+      CreatePasswordResetTokens1739520000000,
+      CreateSecurityUser1739530000000,
+    ]);
   });
-  it("runs add refresh tokens migration up/down", async () => {
+  it("runs refresh token migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
     const migration = new AddRefreshTokens1700000000001();
@@ -34,46 +42,10 @@ describe("security migrations", () => {
     );
   });
-  it("uses schema/table env in refresh token migration", async () => {
-    process.env.USER_TABLE = "users";
-    process.env.USER_TABLE_SCHEMA = "security";
+  it("runs security identity migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
-    await new AddRefreshTokens1700000000001().up({ query });
-    expect(query).toHaveBeenCalledWith(
-      expect.stringContaining('REFERENCES "security"."users" ("id")'),
-    );
-  });
-  it("throws for invalid identifiers in refresh token migration", async () => {
-    process.env.USER_TABLE = "bad-name;drop";
-    const query = vi.fn().mockResolvedValue(undefined);
-    await expect(
-      new AddRefreshTokens1700000000001().up({ query }),
-    ).rejects.toThrow("Invalid SQL identifier");
-  });
-  it("keeps legacy google subject migration as no-op", async () => {
-    const migration = new AddGoogleSubjectToUser1739490000000();
-    await expect(migration.up()).resolves.toBeUndefined();
-    await expect(migration.down()).resolves.toBeUndefined();
-  });
-  it("runs security identity migration path with google_subject present", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([{ "?column?": 1 }])
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined);
     const migration = new CreateSecurityIdentity1739500000000();
     await migration.up({ query });
     await migration.down({ query });
@@ -85,52 +57,28 @@ describe("security migrations", () => {
     );
   });
-  it("skips google_subject migration block when column absent", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([]);
+  it("runs security role migration up/down", async () => {
+    const query = vi.fn().mockResolvedValue(undefined);
+    const migration = new CreateSecurityRoles1739510000000();
-    await new CreateSecurityIdentity1739500000000().up({ query });
+    await migration.up({ query });
+    await migration.down({ query });
-    expect(query).not.toHaveBeenCalledWith(
-      expect.stringContaining('DROP COLUMN IF EXISTS "google_subject"'),
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('CREATE TABLE IF NOT EXISTS "security_role"'),
+    );
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('DROP TABLE IF EXISTS "security_role"'),
     );
   });
-  it("throws for invalid identifiers in identity migration", async () => {
-    process.env.USER_TABLE_SCHEMA = "bad-schema!";
+  it("runs security user role migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
+    const migration = new CreateSecurityUserRoles1739515000000();
-    await expect(
-      new CreateSecurityIdentity1739500000000().up({ query }),
-    ).rejects.toThrow("Invalid SQL identifier");
-  });
-  it("runs security roles migration path with legacy role column", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([{ "?column?": 1 }])
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined);
-    const migration = new CreateSecurityRoles1739510000000();
     await migration.up({ query });
     await migration.down({ query });
-    expect(query).toHaveBeenCalledWith(
-      expect.stringContaining('CREATE TABLE IF NOT EXISTS "security_role"'),
-    );
     expect(query).toHaveBeenCalledWith(
       expect.stringContaining(
         'CREATE TABLE IF NOT EXISTS "security_user_role"',
@@ -141,33 +89,6 @@ describe("security migrations", () => {
     );
   });
-  it("skips legacy role backfill when role column absent", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([]);
-    await new CreateSecurityRoles1739510000000().up({ query });
-    expect(query).not.toHaveBeenCalledWith(
-      expect.stringContaining('DROP COLUMN IF EXISTS "role"'),
-    );
-  });
-  it("throws for invalid identifiers in roles migration", async () => {
-    process.env.USER_TABLE = "bad-name*";
-    const query = vi.fn().mockResolvedValue(undefined);
-    await expect(
-      new CreateSecurityRoles1739510000000().up({ query }),
-    ).rejects.toThrow("Invalid SQL identifier");
-  });
   it("runs password reset token migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
     const migration = new CreatePasswordResetTokens1739520000000();
@@ -187,22 +108,38 @@ describe("security migrations", () => {
     );
   });
-  it("uses default public schema in password reset migration", async () => {
+  it("runs security user migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
+    const migration = new CreateSecurityUser1739530000000();
+    await migration.up({ query });
+    await migration.down({ query });
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('CREATE TABLE IF NOT EXISTS "security_user"'),
+    );
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('DROP TABLE IF EXISTS "security_user"'),
+    );
+  });
-    await new CreatePasswordResetTokens1739520000000().up({ query });
+  it("uses user schema/table env safely", async () => {
+    process.env.USER_TABLE = "users";
+    process.env.USER_TABLE_SCHEMA = "security";
+    const query = vi.fn().mockResolvedValue(undefined);
+    await new CreateSecurityUser1739530000000().up({ query });
     expect(query).toHaveBeenCalledWith(
-      expect.stringContaining('REFERENCES "public"."app_user" ("id")'),
+      expect.stringContaining('REFERENCES "security"."users" ("id")'),
     );
   });
-  it("throws for invalid identifiers in password reset migration", async () => {
-    process.env.USER_TABLE_SCHEMA = "bad.schema";
+  it("throws for invalid identifiers", async () => {
+    process.env.USER_TABLE = "bad-name!";
     const query = vi.fn().mockResolvedValue(undefined);
     await expect(
-      new CreatePasswordResetTokens1739520000000().up({ query }),
+      new CreateSecurityUserRoles1739515000000().up({ query }),
     ).rejects.toThrow("Invalid SQL identifier");
   });
 });

package/src/api/notification-workflows.test.ts CHANGED Viewed

@@ -15,8 +15,6 @@ describe("notification-workflows", () => {
       user: {
         id: "user-1",
         email: "user@example.com",
-        firstName: "User",
-        lastName: "One",
       },
       listAdminEmails,
       notifyAdmins,
@@ -55,14 +53,13 @@ describe("notification-workflows", () => {
     const result = await notifyUserOnAdminApproval({
       approved: true,
-      user: { email: "user@example.com", firstName: "User" },
+      user: { email: "user@example.com" },
       notifyUser,
     });
     expect(result).toEqual({ notified: true });
     expect(notifyUser).toHaveBeenCalledWith({
       email: "user@example.com",
-      firstName: "User",
     });
   });

package/src/api/notification-workflows.ts CHANGED Viewed

@@ -1,8 +1,6 @@
 export type VerificationNotificationUser = {
   id: string;
   email: string;
-  firstName?: string | null;
-  lastName?: string | null;
 };
 export const notifyAdminsOnEmailVerified = async (params: {
@@ -26,12 +24,8 @@ export const notifyUserOnAdminApproval = async (params: {
   approved: boolean;
   user: {
     email: string;
-    firstName?: string | null;
   };
-  notifyUser: (payload: {
-    email: string;
-    firstName?: string | null;
-  }) => Promise<void>;
+  notifyUser: (payload: { email: string }) => Promise<void>;
 }) => {
   if (!params.approved) {
     return { notified: false as const };
@@ -39,7 +33,6 @@ export const notifyUserOnAdminApproval = async (params: {
   await params.notifyUser({
     email: params.user.email,
-    firstName: params.user.firstName,
   });
   return { notified: true as const };
 };

package/src/app/client.test.ts CHANGED Viewed

@@ -30,8 +30,6 @@ describe("createSecurityClient", () => {
     await client.register({
       email: "user@example.com",
       password: "Secret123",
-      firstName: "A",
-      lastName: "B",
     });
     expect(fetchImpl).toHaveBeenCalledWith(

package/src/app/client.ts CHANGED Viewed

@@ -52,12 +52,7 @@ export const createSecurityClient = (options: SecurityClientOptions) => {
   };
   return {
-    register: (payload: {
-      email: string;
-      password: string;
-      firstName?: string;
-      lastName?: string;
-    }) =>
+    register: (payload: { email: string; password: string }) =>
       request<RegisterResponse>("/security/auth/register", {
         method: "POST",
         body: JSON.stringify(payload),

package/src/integration/database.integration.test.ts CHANGED Viewed

@@ -121,7 +121,7 @@ describe("database integration", () => {
     await client.query(`SET search_path TO "${schema}", public`);
     await client.query(`
       CREATE TABLE IF NOT EXISTS "${schema}"."app_user" (
-        "id" varchar PRIMARY KEY NOT NULL,
+        "id" uuid PRIMARY KEY NOT NULL,
         "email" varchar NOT NULL
       )
     `);

package/src/nest/contracts.ts CHANGED Viewed

@@ -1,8 +1,6 @@
 export type SecurityWorkflowUser = {
   id: string;
   email: string;
-  firstName: string | null;
-  lastName: string | null;
 };
 export type SecurityWorkflowNotifier = {
@@ -18,8 +16,5 @@ export type SecurityWorkflowNotifier = {
     adminEmails: string[];
     user: SecurityWorkflowUser;
   }) => Promise<void>;
-  sendUserAccountApproved: (params: {
-    email: string;
-    firstName: string | null;
-  }) => Promise<void>;
+  sendUserAccountApproved: (params: { email: string }) => Promise<void>;
 };

package/src/nest/dto/auth.dto.ts CHANGED Viewed

@@ -6,12 +6,6 @@ export class RegisterDto {
   @ApiProperty({ example: "StrongPass1" })
   password!: string;
-  @ApiProperty({ required: false, nullable: true, example: "John" })
-  firstName?: string | null;
-  @ApiProperty({ required: false, nullable: true, example: "Doe" })
-  lastName?: string | null;
 }
 export class LoginDto {

package/src/nest/entities/app-user.entity.ts CHANGED Viewed

@@ -1,31 +1,10 @@
-import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+import { Column, Entity, PrimaryColumn } from "typeorm";
 @Entity({ name: "app_user" })
 export class AppUserEntity {
-  @PrimaryGeneratedColumn("uuid")
+  @PrimaryColumn({ type: "uuid" })
   id!: string;
   @Column({ type: "varchar" })
   email!: string;
-  @Column({ type: "varchar", name: "password_hash" })
-  passwordHash!: string;
-  @Column({ type: "varchar", name: "first_name", nullable: true })
-  firstName!: string | null;
-  @Column({ type: "varchar", name: "last_name", nullable: true })
-  lastName!: string | null;
-  @Column({ type: "timestamptz", name: "email_verified_at", nullable: true })
-  emailVerifiedAt!: Date | null;
-  @Column({ type: "varchar", name: "email_verification_token", nullable: true })
-  emailVerificationToken!: string | null;
-  @Column({ type: "timestamptz", name: "admin_approved_at", nullable: true })
-  adminApprovedAt!: Date | null;
-  @Column({ type: "boolean", name: "is_active", default: true })
-  isActive!: boolean;
 }

package/src/nest/entities/password-reset-token.entity.ts CHANGED Viewed

@@ -1,16 +1,18 @@
 import {
+  BeforeInsert,
   Column,
   CreateDateColumn,
   Entity,
-  PrimaryGeneratedColumn,
+  PrimaryColumn,
 } from "typeorm";
+import { v7 as uuidv7 } from "uuid";
 @Entity({ name: "security_password_reset_token" })
 export class PasswordResetTokenEntity {
-  @PrimaryGeneratedColumn("uuid")
+  @PrimaryColumn({ type: "uuid" })
   id!: string;
-  @Column({ type: "varchar", name: "user_id" })
+  @Column({ type: "uuid", name: "user_id" })
   userId!: string;
   @Column({ type: "varchar", unique: true })
@@ -24,4 +26,11 @@ export class PasswordResetTokenEntity {
   @CreateDateColumn({ name: "created_at" })
   createdAt!: Date;
+  @BeforeInsert()
+  ensureId() {
+    if (!this.id) {
+      this.id = uuidv7();
+    }
+  }
 }

package/src/nest/entities/refresh-token.entity.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { Column, CreateDateColumn, Entity, PrimaryColumn } from "typeorm";
 @Entity({ name: "refresh_token" })
 export class RefreshTokenEntity {
-  @PrimaryColumn({ type: "varchar" })
+  @PrimaryColumn({ type: "uuid" })
   id!: string;
   @Column({ type: "varchar", name: "token_hash" })
@@ -14,7 +14,7 @@ export class RefreshTokenEntity {
   @Column({ type: "timestamptz", name: "revoked_at", nullable: true })
   revokedAt!: Date | null;
-  @Column({ type: "varchar", name: "userId", nullable: true })
+  @Column({ type: "uuid", name: "userId", nullable: true })
   userId!: string | null;
   @CreateDateColumn({ name: "created_at" })

package/src/nest/entities/security-role.entity.ts CHANGED Viewed

@@ -1,8 +1,9 @@
-import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+import { v7 as uuidv7 } from "uuid";
+import { BeforeInsert, Column, Entity, PrimaryColumn } from "typeorm";
 @Entity({ name: "security_role" })
 export class SecurityRoleEntity {
-  @PrimaryGeneratedColumn("uuid")
+  @PrimaryColumn({ type: "uuid" })
   id!: string;
   @Column({ type: "varchar", name: "role_key", unique: true })
@@ -13,4 +14,11 @@ export class SecurityRoleEntity {
   @Column({ type: "boolean", name: "is_system", default: false })
   isSystem!: boolean;
+  @BeforeInsert()
+  ensureId() {
+    if (!this.id) {
+      this.id = uuidv7();
+    }
+  }
 }

package/src/nest/entities/security-user-role.entity.ts CHANGED Viewed

@@ -1,13 +1,21 @@
-import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+import { v7 as uuidv7 } from "uuid";
+import { BeforeInsert, Column, Entity, PrimaryColumn } from "typeorm";
 @Entity({ name: "security_user_role" })
 export class SecurityUserRoleEntity {
-  @PrimaryGeneratedColumn("uuid")
+  @PrimaryColumn({ type: "uuid" })
   id!: string;
-  @Column({ type: "varchar", name: "user_id" })
+  @Column({ type: "uuid", name: "user_id" })
   userId!: string;
   @Column({ type: "uuid", name: "role_id" })
   roleId!: string;
+  @BeforeInsert()
+  ensureId() {
+    if (!this.id) {
+      this.id = uuidv7();
+    }
+  }
 }

package/src/nest/entities/security-user.entity.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { Column, CreateDateColumn, Entity, PrimaryColumn } from "typeorm";
+@Entity({ name: "security_user" })
+export class SecurityUserEntity {
+  @PrimaryColumn({ type: "uuid", name: "user_id" })
+  userId!: string;
+  @Column({ type: "varchar", name: "password_hash" })
+  passwordHash!: string;
+  @Column({ type: "timestamptz", name: "email_verified_at", nullable: true })
+  emailVerifiedAt!: Date | null;
+  @Column({ type: "varchar", name: "email_verification_token", nullable: true })
+  emailVerificationToken!: string | null;
+  @Column({ type: "timestamptz", name: "admin_approved_at", nullable: true })
+  adminApprovedAt!: Date | null;
+  @Column({ type: "boolean", name: "is_active", default: true })
+  isActive!: boolean;
+  @CreateDateColumn({ name: "created_at" })
+  createdAt!: Date;
+}

package/src/nest/index.ts CHANGED Viewed

@@ -15,4 +15,5 @@ export * from "./entities/app-user.entity";
 export * from "./entities/refresh-token.entity";
 export * from "./entities/password-reset-token.entity";
 export * from "./entities/security-role.entity";
+export * from "./entities/security-user.entity";
 export * from "./entities/security-user-role.entity";

package/src/nest/security-auth.controller.test.ts CHANGED Viewed

@@ -34,15 +34,11 @@ describe("SecurityAuthController", () => {
     const result = await controller.register({
       email: "user@example.com",
       password: "Secret123",
-      firstName: "A",
-      lastName: "B",
     });
     expect(result).toEqual({ success: true });
     expect(service.register).toHaveBeenCalledWith({
       email: "user@example.com",
       password: "Secret123",
-      firstName: "A",
-      lastName: "B",
     });
   });

package/src/nest/security-auth.controller.ts CHANGED Viewed

@@ -44,8 +44,6 @@ export class SecurityAuthController {
     body: {
       email?: string;
       password?: string;
-      firstName?: string;
-      lastName?: string;
     },
   ) {
     if (!body.email || !body.password) {
@@ -54,8 +52,6 @@ export class SecurityAuthController {
     return this.authService.register({
       email: body.email,
       password: body.password,
-      firstName: body.firstName ?? null,
-      lastName: body.lastName ?? null,
     });
   }

package/src/nest/security-auth.module.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import { AppUserEntity } from "./entities/app-user.entity";
 import { PasswordResetTokenEntity } from "./entities/password-reset-token.entity";
 import { RefreshTokenEntity } from "./entities/refresh-token.entity";
 import { SecurityRoleEntity } from "./entities/security-role.entity";
+import { SecurityUserEntity } from "./entities/security-user.entity";
 import { SecurityUserRoleEntity } from "./entities/security-user-role.entity";
 import { SecurityAdminGuard } from "./security-admin.guard";
 import { SecurityAuthController } from "./security-auth.controller";
@@ -39,6 +40,7 @@ export class SecurityAuthModule {
       imports: [
         TypeOrmModule.forFeature([
           AppUserEntity,
+          SecurityUserEntity,
           RefreshTokenEntity,
           PasswordResetTokenEntity,
           SecurityRoleEntity,