npm - @solidstarters/solid-core - Versions diffs - 1.2.165 → 1.2.168 - Mend

@solidstarters/solid-core 1.2.165 → 1.2.168

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist/config/iam.config.d.ts +2 -0
package/dist/config/iam.config.d.ts.map +1 -1
package/dist/config/iam.config.js +1 -0
package/dist/config/iam.config.js.map +1 -1
package/dist/decorators/error-codes-provider.decorator.d.ts +4 -0
package/dist/decorators/error-codes-provider.decorator.d.ts.map +1 -0
package/dist/decorators/error-codes-provider.decorator.js +12 -0
package/dist/decorators/error-codes-provider.decorator.js.map +1 -0
package/dist/dtos/post-chatter-message.dto.js.map +1 -1
package/dist/entities/chatter-message.entity.js.map +1 -1
package/dist/entities/security-rule.entity.js +0 -1
package/dist/entities/security-rule.entity.js.map +1 -1
package/dist/filters/http-exception.filter.d.ts +3 -2
package/dist/filters/http-exception.filter.d.ts.map +1 -1
package/dist/filters/http-exception.filter.js +23 -16
package/dist/filters/http-exception.filter.js.map +1 -1
package/dist/helpers/error-mapper.service.d.ts +12 -2
package/dist/helpers/error-mapper.service.d.ts.map +1 -1
package/dist/helpers/error-mapper.service.js +85 -72
package/dist/helpers/error-mapper.service.js.map +1 -1
package/dist/helpers/security.helper.d.ts +4 -2
package/dist/helpers/security.helper.d.ts.map +1 -1
package/dist/helpers/security.helper.js +38 -23
package/dist/helpers/security.helper.js.map +1 -1
package/dist/helpers/solid-core-error-codes-provider.service.d.ts +7 -0
package/dist/helpers/solid-core-error-codes-provider.service.d.ts.map +1 -0
package/dist/helpers/solid-core-error-codes-provider.service.js +67 -0
package/dist/helpers/solid-core-error-codes-provider.service.js.map +1 -0
package/dist/helpers/solid-registry.d.ts +5 -1
package/dist/helpers/solid-registry.d.ts.map +1 -1
package/dist/helpers/solid-registry.js +16 -0
package/dist/helpers/solid-registry.js.map +1 -1
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -0
package/dist/index.js.map +1 -1
package/dist/interfaces.d.ts +16 -0
package/dist/interfaces.d.ts.map +1 -1
package/dist/interfaces.js.map +1 -1
package/dist/repository/security-rule.repository.js +2 -2
package/dist/repository/security-rule.repository.js.map +1 -1
package/dist/seeders/seed-data/solid-core-metadata.json +2 -2
package/dist/services/authentication.service.js +5 -4
package/dist/services/authentication.service.js.map +1 -1
package/dist/services/chatter-message.service.d.ts.map +1 -1
package/dist/services/chatter-message.service.js.map +1 -1
package/dist/services/model-metadata.service.js +1 -1
package/dist/services/model-metadata.service.js.map +1 -1
package/dist/services/setting.service.d.ts.map +1 -1
package/dist/services/setting.service.js +2 -1
package/dist/services/setting.service.js.map +1 -1
package/dist/services/solid-introspect.service.d.ts +1 -0
package/dist/services/solid-introspect.service.d.ts.map +1 -1
package/dist/services/solid-introspect.service.js +14 -0
package/dist/services/solid-introspect.service.js.map +1 -1
package/dist/solid-core.module.d.ts.map +1 -1
package/dist/solid-core.module.js +2 -0
package/dist/solid-core.module.js.map +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +1 -1
package/src/config/iam.config.ts +1 -0
package/src/decorators/error-codes-provider.decorator.ts +9 -0
package/src/dtos/post-chatter-message.dto.ts +1 -1
package/src/entities/chatter-message.entity.ts +3 -3
package/src/entities/security-rule.entity.ts +1 -1
package/src/filters/http-exception.filter.ts +48 -23
package/src/helpers/error-mapper.service.ts +117 -176
package/src/helpers/security.helper.ts +95 -30
package/src/helpers/solid-core-error-codes-provider.service.ts +63 -0
package/src/helpers/solid-registry.ts +20 -1
package/src/index.ts +1 -0
package/src/interfaces.ts +36 -0
package/src/repository/security-rule.repository.ts +2 -2
package/src/seeders/seed-data/solid-core-metadata.json +2 -2
package/src/services/authentication.service.ts +6 -6
package/src/services/chatter-message.service.ts +373 -374
package/src/services/model-metadata.service.ts +1 -1
package/src/services/setting.service.ts +2 -1
package/src/services/solid-introspect.service.ts +22 -0
package/src/solid-core.module.ts +2 -0

package/src/helpers/security.helper.ts CHANGED Viewed

@@ -1,38 +1,74 @@
+import { HelmetOptions } from "helmet";
 import { Environment } from "src/decorators/disallow-in-production.decorator";
-import { HelmetOptions } from "helmet";
+/**
+ * Default security headers for SolidX apps.
+ * - HSTS only in prod over HTTPS
+ * - CSP with frame-ancestors 'none' (prevents clickjacking)
+ * - X-Frame-Options: DENY (legacy fallback)
+ * - No X-XSS-Protection (deprecated)
+ */
 export function buildDefaultSecurityHeaderOptions(): Readonly<HelmetOptions> {
-    return {
-    referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
+  const isProd = process.env.ENV === Environment.Production;
+  return {
+    // Modern CSP. Add more directives as your app needs (script-src, connect-src, etc.)
+    contentSecurityPolicy: {
+      useDefaults: true,
+      directives: {
+        // sensible secure defaults
+        // "default-src": ["'self'"],
+        // "base-uri": ["'self'"],
+        // "object-src": ["'none'"],
+        // "form-action": ["'self'"],
+        // clickjacking defense (modern)
+        "frame-ancestors": ["'none'"],
+        // add/adjust as needed for your app:
+        // "script-src": ["'self'"],              // add hashes/nonces/CSPRO if needed
+        // "style-src": ["'self'", "'unsafe-inline'"],
+        // "img-src": ["'self'", "data:"],
+        // "connect-src": ["'self'", "https://api.example.com"],
+        // "frame-src": ["'none'"],               // iframes you intentionally allow
+      },
+    },
+    // Legacy clickjacking defense (kept for older UAs)
+    frameguard: { action: "deny" },
+    // Referrer/cross-origin policies
+    referrerPolicy: { policy: "strict-origin-when-cross-origin" },
     crossOriginEmbedderPolicy: false,
-    crossOriginResourcePolicy: { policy: 'same-site' },
-    frameguard: { action: 'sameorigin' }, // or { action: 'deny' }
-    // HSTS: send only in prod over HTTPS
-    hsts:
-      process.env.NODE_ENV === Environment.Production
-        ? { maxAge: 31536000, includeSubDomains: true, preload: true } // 1 year
-        : false,
-  }
+    crossOriginResourcePolicy: { policy: "same-site" },
+    // HSTS only when you’re on HTTPS in production
+    hsts: isProd
+      ? { maxAge: 31536000, includeSubDomains: true, preload: true }
+      : false,
+  };
 }
-type Source = 'self' | 'none' | string; // string = an origin like 'https://cdn.example.com'
-type DirectiveConfig = 'self' | 'none' | Source[];
+/* ---------------- Permissions-Policy (formerly Feature-Policy) ---------------- */
+type Source = "self" | "none" | string;
+type DirectiveConfig = "self" | "none" | Source[];
 export type PermissionsPolicyConfig = Record<string, DirectiveConfig>;
 export const DEFAULT_PERMISSIONS_POLICY: PermissionsPolicyConfig = {
-  camera: 'none',
-  microphone: 'none',
-  geolocation: 'none',
-  fullscreen: 'self',             // allow same-origin fullscreen
-  payment: 'none',
-  accelerometer: 'none',
-  autoplay: 'none',
-  'clipboard-read': 'none',
-  'clipboard-write': 'none',
-  gyroscope: 'none',
-  magnetometer: 'none',
-  usb: 'none',
+  camera: "none",
+  microphone: "none",
+  geolocation: "none",
+  fullscreen: "self",
+  payment: "none",
+  accelerometer: "none",
+  autoplay: "none",
+  "clipboard-read": "none",
+  "clipboard-write": "none",
+  gyroscope: "none",
+  magnetometer: "none",
+  usb: "none",
 };
 export function buildPermissionsPolicyHeader(
@@ -41,13 +77,42 @@ export function buildPermissionsPolicyHeader(
   const merged: PermissionsPolicyConfig = { ...DEFAULT_PERMISSIONS_POLICY, ...overrides };
   return Object.entries(merged)
     .map(([feature, value]) => `${feature}=${serializeValue(value)}`)
-    .join(', ');
+    .join(", ");
 }
 function serializeValue(v: DirectiveConfig): string {
-  if (v === 'none') return '()';
-  if (v === 'self') return '(self)';
-  // array of sources: allow 'self' and/or explicit origins
-  const parts = v.map(src => (src === 'self' ? 'self' : src)).join(' ');
+  if (v === "none") return "()";
+  if (v === "self") return "(self)";
+  const parts = v.map((src) => (src === "self" ? "self" : src)).join(" ");
   return `(${parts})`;
 }
+/* ---------------- Cache-Control helpers ---------------- */
+/**
+ * Default: no-store for HTML/API responses unless you have a reason to cache.
+ * Attach as a global middleware or on selected routes.
+ */
+export const DEFAULT_CACHE_CONTROL =
+  "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0";
+export function setDefaultCacheControl() {
+  return function cacheControlMiddleware(
+    _req: import("express").Request,
+    _res: import("express").Response,
+    next: import("express").NextFunction
+  ) {
+    _res.setHeader("Cache-Control", DEFAULT_CACHE_CONTROL);
+    next();
+  };
+}
+/* ---------------- Example Express wiring ---------------- */
+// import express from "express";
+// const app = express();
+// app.use(helmet(buildDefaultSecurityHeaderOptions()));
+// app.use((req, res, next) => {
+//   res.setHeader("Permissions-Policy", buildPermissionsPolicyHeader());
+//   next();
+// });
+// app.use(setDefaultCacheControl());

package/src/helpers/solid-core-error-codes-provider.service.ts ADDED Viewed

@@ -0,0 +1,63 @@
+// src/common/errors/providers/solidcore-error-code.provider.ts
+import { Injectable } from '@nestjs/common';
+import { ErrorCodeProvider } from 'src/decorators/error-codes-provider.decorator';
+import { ErrorMeta, ErrorRule, IErrorCodeProvider } from 'src/interfaces';
+@ErrorCodeProvider()
+@Injectable()
+export class SolidCoreErrorCodesProvider implements IErrorCodeProvider {
+    name(): string {
+        return 'SolidCoreErrorCodeProvider';
+    }
+    rules(): ReadonlyArray<ErrorRule> {
+        return [
+            {
+                code: 'solidx-mcp-server-unavailable',
+                priority: 100, // run early
+                match: (txt) =>
+                    txt.includes('all connection attempts failed') &&
+                    txt.includes('unhandled errors in a taskgroup (1 sub-exception)'),
+                meta: {
+                    message: 'SolidX MCP server is unreachable. Please verify the MCP endpoint.',
+                    httpStatus: 503,
+                },
+            },
+            {
+                code: 'db-duplicate-key',
+                priority: 90,
+                match: (txt) => txt.includes('unique constraint') || txt.includes('duplicate key'),
+                meta: {
+                    message: 'Duplicate key violation. A record with these values already exists.',
+                    httpStatus: 409,
+                },
+            },
+            {
+                code: 'db-foreign-key-error',
+                priority: 90,
+                match: (txt) => txt.includes('violates foreign key'),
+                meta: {
+                    message:
+                        'Foreign key constraint prevents this operation due to related records.',
+                    httpStatus: 409,
+                },
+            },
+            {
+                code: 'unknown-error',
+                priority: -1, // last resort
+                match: (_txt) => true, // fallback catch-all
+                meta: {
+                    message: 'An unexpected error occurred.',
+                    httpStatus: 500,
+                },
+            },
+        ];
+    }
+    // Optional explicit meta resolution (if you want)
+    resolve(code: string): ErrorMeta | undefined {
+        const rule = this.rules().find((r) => r.code === code);
+        return rule?.meta;
+    }
+}

package/src/helpers/solid-registry.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { CommonEntity } from 'src/entities/common.entity';
 import { Locale } from 'src/entities/locale.entity';
 import { SecurityRule } from 'src/entities/security-rule.entity';
 import { IScheduledJob } from 'src/services/scheduled-jobs/scheduled-job.interface';
-import { IDashboardQuestionDataProvider, IDashboardVariableSelectionProvider, ISelectionProvider, ISelectionProviderContext } from "../interfaces";
+import { IDashboardQuestionDataProvider, IDashboardVariableSelectionProvider, IErrorCodeProvider, ISelectionProvider, ISelectionProviderContext } from "../interfaces";
 type ControllerMetadata = {
   name: string;
@@ -67,6 +67,12 @@ export class SolidRegistry {
   private dashboardQuestionDataProviders: Set<InstanceWrapper> = new Set();
   private mailProviders: Set<InstanceWrapper> = new Set();
   private whatsappProviders: Set<InstanceWrapper> = new Set();
+  private errorCodeProviders: Set<InstanceWrapper> = new Set();
+  registerErrorCodeProvider(errorCodeProvider: InstanceWrapper): void {
+    this.errorCodeProviders.add(errorCodeProvider);
+  }
   registerWhatsappProvider(whatsappProvider: InstanceWrapper): void {
     this.whatsappProviders.add(whatsappProvider);
@@ -162,6 +168,19 @@ export class SolidRegistry {
     }
   }
+  getErrorCodeProviders(): Array<InstanceWrapper> {
+    return Array.from(this.errorCodeProviders);
+  }
+  getErrorCodeProviderInstance(name: string): IErrorCodeProvider | undefined {
+    const providers = this.getErrorCodeProviders();
+    for (let i = 0; i < providers.length; i++) {
+      const p = providers[i];
+      if (p.instance?.name?.() === name) return p.instance as IErrorCodeProvider;
+    }
+    return undefined;
+  }
   getDashboardQuestionDataProviders(): Array<InstanceWrapper> {
     return Array.from(this.dashboardQuestionDataProviders)
   }

package/src/index.ts CHANGED Viewed

@@ -19,6 +19,7 @@ export * from './decorators/protocol.decorator'
 export * from './decorators/public.decorator'
 export * from './decorators/roles.decorator'
 export * from './decorators/selection-provider.decorator'
+export * from './decorators/error-codes-provider.decorator'
 export * from './decorators/solid-database-module.decorator'
 export * from './decorators/solid-service.decorator'
 export * from './decorators/mail-provider.decorator'

package/src/interfaces.ts CHANGED Viewed

@@ -238,3 +238,39 @@ export interface QueuesModuleOptions {
 export type MediaWithFullUrl = Media & {
   _full_url: string;
 };
+export type ErrorCode = string;
+export type ErrorMeta = {
+  message: string;
+  httpStatus?: number;
+};
+export type ErrorRule = {
+  /** Canonical error code. Keep them kebab-case for consistency. */
+  code: ErrorCode;
+  /** Higher runs earlier. Defaults to 0 if not provided. */
+  priority?: number;
+  /** Return true if this rule matches the combined error text. */
+  match: (combinedErrorText: string) => boolean;
+  /** Display + HTTP mapping for this code. */
+  meta: ErrorMeta;
+};
+export interface IErrorCodeProvider {
+  /** Used for registry identity & logs */
+  name(): string;
+  /**
+   * Return all rules this provider contributes.
+   * These will be merged with other providers’ rules, then sorted by priority.
+   */
+  rules(): ReadonlyArray<ErrorRule>;
+  /**
+   * Optional fallback meta for codes this provider owns (when called by getMessage/getHttpStatus).
+   * If omitted, the ErrorMapperService will rely on the rule.meta of the first matching rule.
+   */
+  resolve?(code: ErrorCode): ErrorMeta | undefined;
+}

package/src/repository/security-rule.repository.ts CHANGED Viewed

@@ -91,7 +91,7 @@ export class SecurityRuleRepository extends Repository<SecurityRule> {
     async upsertWithDto(createDto: CreateSecurityRuleDto) {
         // Populate the role from roleId or roleUserKey
         const roleRepository = this.dataSource.getRepository(RoleMetadata);
-        if (!createDto.roleId) {
+        if (createDto.roleId) {
             const role = await roleRepository.findOne({
                 where: {
                     id: createDto.roleId,
@@ -111,7 +111,7 @@ export class SecurityRuleRepository extends Repository<SecurityRule> {
         // Populate the model from modelMetadataId or modelMetadataUserKey
         const modelMetadataRepository = this.dataSource.getRepository(ModelMetadata);
-        if (!createDto.modelMetadataId) {
+        if (createDto.modelMetadataId) {
             const modelMetadata = await modelMetadataRepository.findOne({
                 where: {
                     id: createDto.modelMetadataId,

package/src/seeders/seed-data/solid-core-metadata.json CHANGED Viewed

@@ -3058,8 +3058,8 @@
             "ormType": "varchar",
             "length": 128,
             "required": true,
-            "unique": true,
-            "index": true,
+            "unique": false,
+            "index": false,
             "private": false,
             "encrypt": false,
             "isSystem": true

package/src/services/authentication.service.ts CHANGED Viewed

@@ -196,7 +196,7 @@ export class AuthenticationService {
     private async populateForSignup<T extends User>(user: T, signUpDto: SignUpDto, isUserActive: boolean = true, onForcePasswordChange?: boolean) {
         // const user = new User();
+        let autoGeneratedPwdPermission = await this.settingService.getConfigValue('iamAutoGeneratedPassword');
         if (signUpDto.roles && signUpDto.roles.length > 0) {
             for (let i = 0; i < signUpDto.roles.length; i++) {
                 const roleName = signUpDto.roles[i];
@@ -217,7 +217,7 @@ export class AuthenticationService {
         if (signUpDto.password) {
             pwd = await this.hashingService.hash(signUpDto.password);
         }
-        else {
+        if(autoGeneratedPwdPermission?.toString().toLowerCase() === 'true'){
             // TODO: If password is not specified then auto-generate a random password, trigger this password over an email to the user.
             // TODO: Also track if the user has to force reset / change their password, and then activate the user.
             autoGeneratedPwd = this.generatePassword();
@@ -764,13 +764,13 @@ export class AuthenticationService {
             isValidUser = false
             // throw new NotFoundException(ERROR_MESSAGES.INVALID_CREDENTIALS);
         }
-        if (!user.active) {
+        if (isValidUser && !user?.active) {
             isValidUser = false
             // throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);
         }
         // 2. Validate if user has used a provider which is "local", only then it makes sense for us to initiate the forgot password routine.
-        if (user.lastLoginProvider !== 'local') {
+        if (isValidUser && user?.lastLoginProvider !== 'local') {
             isValidUser = false
             // throw new BadRequestException(ERROR_MESSAGES.INVALID_CREDENTIALS);
         }
@@ -792,8 +792,8 @@ export class AuthenticationService {
             error: '',
             errorCode: '',
             data: {
-                user: {
-                    email: user.email,
+                user:  {
+                    email: user?.email,
                     // mobile: user.mobile,
                     // username: user.username,
                 },