npm - @solidxai/core - Versions diffs - 0.1.8-beta.9 → 0.1.9-beta.0 - Mend

@solidxai/core 0.1.8-beta.9 → 0.1.9-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

package/src/dtos/register-private.dto.ts CHANGED Viewed

@@ -1,17 +1,8 @@
-import { IsEmail, IsNotEmpty, IsOptional, MinLength } from 'class-validator';
-export class RegisterPrivateDto {
-    @IsNotEmpty()
-    username: string;
-    @IsEmail()
-    @IsNotEmpty()
-    email: string;
-    @IsOptional()
-    mobile?: string;
+import { IsBoolean, IsOptional } from 'class-validator';
+import { SignUpDto } from './sign-up.dto';
+export class RegisterPrivateDto extends SignUpDto {
+    @IsBoolean()
     @IsOptional()
-    @MinLength(10)
-    password?: string;
+    isAllowedToGenerateApiKeys?: boolean;
 }

package/src/dtos/sso-exchange.dto.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { IsNotEmpty, IsString } from 'class-validator';
+export class SsoExchangeDto {
+    @IsNotEmpty()
+    @IsString()
+    code: string;
+}

package/src/dtos/update-api-key.dto.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsBoolean, IsNotEmpty } from 'class-validator';
+export class UpdateApiKeyDto {
+    @ApiProperty({ example: true })
+    @IsBoolean()
+    @IsNotEmpty()
+    isActive: boolean;
+}

package/src/entities/setting.entity.ts CHANGED Viewed

@@ -19,6 +19,9 @@ export class Setting extends CommonEntity {
     @Column({ name: "level", type: "varchar", nullable: true })
     level: string;
+    @Column({ name: "encrypted", default: false })
+    encrypted: boolean;
     @Index()
     @ManyToOne(() => User, { nullable: true })
     @JoinColumn()

package/src/entities/user-api-key.entity.ts ADDED Viewed

@@ -0,0 +1,37 @@
+import { Exclude, Expose } from "class-transformer";
+import { CommonEntity } from "src/entities/common.entity";
+import { Column, Entity, Index, ManyToOne } from "typeorm";
+import { User } from "./user.entity";
+@Entity("ss_user_api_key")
+@Exclude()
+export class UserApiKey extends CommonEntity {
+    @Expose()
+    @Column()
+    name: string;
+    // SHA-256 hash of the raw key — never exposed, same treatment as User.password
+    @Index({ unique: true })
+    @Column()
+    hashedKey: string;
+    @Expose()
+    @Column()
+    maskedKey: string;
+    @Expose()
+    @Column({ default: true })
+    isActive: boolean;
+    @Expose()
+    @Column({ nullable: true })
+    expiresAt: Date;
+    @Expose()
+    @Column({ nullable: true })
+    lastUsedAt: Date;
+    @ManyToOne(() => User, user => user.apiKeys)
+    user: User;
+}

package/src/entities/user.entity.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { CommonEntity } from "src/entities/common.entity"
 import { Entity, Column, Index, JoinTable, ManyToMany, OneToMany, TableInheritance } from "typeorm";
 import { RoleMetadata } from 'src/entities/role-metadata.entity';
 import { UserViewMetadata } from 'src/entities/user-view-metadata.entity'
+import { UserApiKey } from 'src/entities/user-api-key.entity'
 import { Exclude, Expose } from "class-transformer";
 @Entity("ss_user")
@@ -151,4 +152,11 @@ export class User extends CommonEntity {
     @Expose()
     _media: any;
+    @Column({ default: false })
+    @Expose()
+    isAllowedToGenerateApiKeys: boolean = false;
+    @OneToMany(() => UserApiKey, key => key.user)
+    apiKeys: UserApiKey[];
 }

package/src/enums/auth-type.enum.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 export enum AuthType {
     Bearer,
+    ApiKey,
     None,
 }

package/src/guards/api-key.guard.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { Request } from 'express';
+import { REQUEST_USER_KEY } from 'src/constants';
+import { ApiKeyService } from 'src/services/api-key.service';
+import { ClsService } from 'nestjs-cls';
+@Injectable()
+export class ApiKeyGuard implements CanActivate {
+    constructor(
+        private readonly apiKeyService: ApiKeyService,
+        private readonly cls: ClsService,
+    ) {}
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const request = context.switchToHttp().getRequest<Request>();
+        const rawKey = this.extractKeyFromHeader(request);
+        if (!rawKey) {
+            throw new UnauthorizedException();
+        }
+        const activeUser = await this.apiKeyService.validate(rawKey);
+        request[REQUEST_USER_KEY] = activeUser;
+        this.cls.set(REQUEST_USER_KEY, activeUser);
+        return true;
+    }
+    private extractKeyFromHeader(request: Request): string | undefined {
+        return request.headers['solidx-api-key'] as string | undefined;
+    }
+}

package/src/guards/authentication.guard.ts CHANGED Viewed

@@ -8,23 +8,26 @@ import { Reflector } from '@nestjs/core';
 import { AUTH_TYPE_KEY } from '../decorators/auth.decorator';
 import { AuthType } from '../enums/auth-type.enum';
 import { AccessTokenGuard } from './access-token.guard';
+import { ApiKeyGuard } from './api-key.guard';
 import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
 import { PermissionMetadataService } from '../services/permission-metadata.service';
 import { ClsService } from 'nestjs-cls';
 @Injectable()
 export class AuthenticationGuard implements CanActivate {
-  private static readonly defaultAuthType = AuthType.Bearer;
+  private static readonly defaultAuthTypes = [AuthType.Bearer, AuthType.ApiKey];
   private readonly authTypeGuardMap: Record<
     AuthType,
     CanActivate | CanActivate[]> = {
       [AuthType.Bearer]: this.accessTokenGuard,
+      [AuthType.ApiKey]: this.apiKeyGuard,
       [AuthType.None]: { canActivate: () => true },
     };
   constructor(
     private readonly reflector: Reflector,
     private readonly accessTokenGuard: AccessTokenGuard,
+    private readonly apiKeyGuard: ApiKeyGuard,
     private readonly permissionService: PermissionMetadataService,
     private readonly cls: ClsService,
   ) { }
@@ -49,7 +52,7 @@ export class AuthenticationGuard implements CanActivate {
       return true;
     }
-    // TODO: Check if this permission viz. contextPermission is listed in the Public role.
+    // TODO: Check if this permission viz. contextPermission is listed in the Public role.
     const contextPermission = `${context.getClass().name}.${context.getHandler().name}`;
     const permissionExistsInRole = await this.permissionService.permissionExistsInRole('Public', contextPermission)
@@ -61,7 +64,7 @@ export class AuthenticationGuard implements CanActivate {
     const authTypes = this.reflector.getAllAndOverride<AuthType[]>(
       AUTH_TYPE_KEY,
       [context.getHandler(), context.getClass()],
-    ) ?? [AuthenticationGuard.defaultAuthType];
+    ) ?? AuthenticationGuard.defaultAuthTypes;
     const guards = authTypes.map((type) => this.authTypeGuardMap[type]).flat();
     let error = new UnauthorizedException();

package/src/index.ts CHANGED Viewed

@@ -126,6 +126,7 @@ export * from './entities/permission-metadata.entity'
 export * from './entities/role-metadata.entity'
 export * from './entities/sms-template.entity'
 export * from './entities/user.entity'
+export * from './entities/user-api-key.entity'
 export * from './entities/view-metadata.entity'
 export * from './entities/setting.entity'
 export * from './entities/saved-filters.entity'
@@ -314,6 +315,7 @@ export * from './services/user.service'
 export * from './services/view-metadata.service'
 export * from './services/whatsapp/Msg91WhatsappService' //rename
 export * from './services/setting.service'
+export * from './services/encryption.service'
 export * from './services/info.service'
 export * from './controllers/info.controller'
 export * from './services/settings/default-settings-provider.service'

package/src/interfaces.ts CHANGED Viewed

@@ -70,6 +70,7 @@ export interface SettingDefinition<T = any> {
   key: string;
   value: T;
   level: SettingLevel;
+  encrypted?: boolean;
 }
 // solid-core/settings/settings-provider.interface.ts
@@ -395,3 +396,18 @@ export interface AwsS3Config {
 // Prevents inference so callers must provide explicit type arguments; reusable for other APIs.
 export type NoInfer<T> = [T][T extends any ? 0 : never];
+export type AuditEventType = 'insert' | 'update' | 'delete';
+export interface AuditQueuePayload {
+    eventType: AuditEventType;
+    modelName: string;
+    entityId: string | number | null;
+    occurredAt: string;
+    after?: any;
+    before?: any;
+    updatedColumnNames?: string[];
+    userId?: number | null;
+}

package/src/jobs/database/chatter-queue-publisher-database.service.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { DatabasePublisher } from 'src/services/queues/database-publisher.servic
 import { MqMessageQueueService } from '../../services/mq-message-queue.service';
 import { MqMessageService } from '../../services/mq-message.service';
 import { QueuesModuleOptions } from "../../interfaces";
-import { AuditQueuePayload } from '../rabbitmq/chatter-queue-publisher.service';
+import { AuditQueuePayload } from '../../interfaces';
 import chatterQueueOptionsDatabase from './chatter-queue-options-database';
 @Injectable()

package/src/jobs/database/chatter-queue-subscriber-database.service.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { MqMessageService } from '../../services/mq-message.service';
 import { MqMessageQueueService } from '../../services/mq-message-queue.service';
 import { QueuesModuleOptions } from "../../interfaces";
 import { PollerService } from 'src/services/poller.service';
-import { AuditQueuePayload } from '../rabbitmq/chatter-queue-publisher.service';
+import { AuditQueuePayload } from '../../interfaces';
 import { ChatterMessageService } from 'src/services/chatter-message.service';
 import chatterQueueOptionsDatabase from './chatter-queue-options-database';

package/src/jobs/rabbitmq/chatter-queue-publisher.service.ts CHANGED Viewed

@@ -4,21 +4,7 @@ import { RabbitMqPublisher } from 'src/services/queues/rabbitmq-publisher.servic
 import chatterQueueOptions from './chatter-queue-options';
 import { MqMessageQueueService } from '../../services/mq-message-queue.service';
 import { MqMessageService } from '../../services/mq-message.service';
-import { QueuesModuleOptions } from "../../interfaces";
-export type AuditEventType = 'insert' | 'update' | 'delete';
-export interface AuditQueuePayload {
-    eventType: AuditEventType;
-    modelName: string;              // TypeORM entity class name (e.g. 'Order')
-    entityId: string | number | null;
-    occurredAt: string;             // ISO timestamp, captured at event time
-    after?: any;                    // entity state after operation (insert/update)
-    before?: any;                   // entity state before operation (update/delete)
-    updatedColumnNames?: string[];  // propertyNames of changed columns (update only)
-    userId?: number | null;         // active user captured at event time
-}
+import { AuditQueuePayload, QueuesModuleOptions } from "../../interfaces";
 @Injectable()
 export class ChatterQueuePublisherRabbitmq extends RabbitMqPublisher<AuditQueuePayload> {

package/src/jobs/rabbitmq/chatter-queue-subscriber.service.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { MqMessageService } from '../../services/mq-message.service';
 import { MqMessageQueueService } from '../../services/mq-message-queue.service';
 import { QueuesModuleOptions } from "../../interfaces";
 import chatterQueueOptions from './chatter-queue-options';
-import { AuditQueuePayload } from './chatter-queue-publisher.service';
+import { AuditQueuePayload } from '../../interfaces';
 import { ChatterMessageService } from 'src/services/chatter-message.service';
 @Injectable()

package/src/jobs/redis/chatter-queue-subscriber-redis.service.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import chatterQueueConfig from './chatter-queue-options-redis';
 import { MqMessageService } from '../../services/mq-message.service';
 import { MqMessageQueueService } from '../../services/mq-message-queue.service';
 import { QueuesModuleOptions } from "../../interfaces";
-import { AuditQueuePayload } from '../rabbitmq/chatter-queue-publisher.service';
+import { AuditQueuePayload } from '../../interfaces';
 import { ChatterMessageService } from '../../services/chatter-message.service';
 @Injectable()

package/src/repository/user-api-key.repository.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { Injectable } from '@nestjs/common';
+import { UserApiKey } from 'src/entities/user-api-key.entity';
+import { RequestContextService } from 'src/services/request-context.service';
+import { DataSource } from 'typeorm';
+import { SecurityRuleRepository } from './security-rule.repository';
+import { SolidBaseRepository } from './solid-base.repository';
+@Injectable()
+export class UserApiKeyRepository extends SolidBaseRepository<UserApiKey> {
+    constructor(
+        readonly dataSource: DataSource,
+        readonly requestContextService: RequestContextService,
+        readonly securityRuleRepository: SecurityRuleRepository,
+    ) {
+        super(UserApiKey, dataSource, requestContextService, securityRuleRepository);
+    }
+}

package/src/seeders/module-test-data.service.ts CHANGED Viewed

@@ -13,8 +13,13 @@ import { MediaStorageProviderType } from 'src/dtos/create-media-storage-provider
 import { getDynamicModuleNamesBasedOnMetadata } from 'src/helpers/module.helper';
 import { SolidRegistry } from 'src/helpers/solid-registry';
 import { MediaRepository } from 'src/repository/media.repository';
+import { PermissionMetadataRepository } from 'src/repository/permission-metadata.repository';
+import { AuthenticationService } from 'src/services/authentication.service';
 import { ModelMetadataService } from 'src/services/model-metadata.service';
+import { RoleMetadataService } from 'src/services/role-metadata.service';
+import { UserService } from 'src/services/user.service';
 import { getMediaStorageProvider } from 'src/services/mediaStorageProviders';
+import { TestingRoleSpec, TestingUserSpec } from 'src/testing/contracts/testing-metadata.types';
 @Injectable()
 export class ModuleTestDataService {
@@ -191,7 +196,17 @@ export class ModuleTestDataService {
     // console.log(JSON.stringify(moduleMetadata, null, 2));
+    const testingRoles: TestingRoleSpec[] = overallMetadata?.testing?.roles ?? [];
+    const testingUsers: TestingUserSpec[] = overallMetadata?.testing?.users ?? [];
     const testingData: Array<{ modelUserKey: string; data: Record<string, any> }> = overallMetadata?.testing?.data ?? [];
+    if (testingRoles.length > 0) {
+      await this.seedTestRoles(testingRoles);
+    }
+    if (testingUsers.length > 0) {
+      await this.seedTestUsers(testingUsers);
+    }
     if (testingData.length === 0) {
       this.logger.debug(`No test data found for ${moduleMetadata.name}`);
       return;
@@ -297,6 +312,97 @@ export class ModuleTestDataService {
     }
   }
+  private async seedTestRoles(roles: TestingRoleSpec[]): Promise<void> {
+    const roleService = this.moduleRef.get(RoleMetadataService, { strict: false });
+    if (!roleService) {
+      throw new Error('RoleMetadataService not available — cannot seed test roles.');
+    }
+    await roleService.createRolesIfNotExists(roles.map((r) => ({ name: r.name } as any)));
+    for (const role of roles) {
+      const perms = role.permissions ?? [];
+      if (perms.length === 0) continue;
+      if (perms.some((p) => p === '*')) {
+        await roleService.addAllPermissionsToRole(role.name);
+        this.logger.log(`Bound all permissions to test role "${role.name}"`);
+        continue;
+      }
+      const expanded = await this.expandPermissionNames(perms);
+      if (expanded.length === 0) {
+        this.logger.warn(`Test role "${role.name}" has permissions declared but none resolved — skipping binding.`);
+        continue;
+      }
+      try {
+        await roleService.addPermissionsToRole(role.name, expanded);
+      } catch (err: any) {
+        throw new Error(
+          `Failed to bind permissions to test role "${role.name}": ${err?.message ?? err}. ` +
+          `Did you run "solid seed" first so controller permissions are registered?`,
+        );
+      }
+      this.logger.log(`Bound ${expanded.length} permissions to test role "${role.name}"`);
+    }
+  }
+  private async expandPermissionNames(permissions: string[]): Promise<string[]> {
+    const permissionRepo = this.moduleRef.get(PermissionMetadataRepository, { strict: false });
+    if (!permissionRepo) {
+      throw new Error('PermissionMetadataRepository not available — cannot resolve test role permissions.');
+    }
+    const exact = new Set<string>();
+    const prefixes: string[] = [];
+    for (const entry of permissions) {
+      if (!entry) continue;
+      if (entry.endsWith('.*')) {
+        prefixes.push(entry.slice(0, -1));
+      } else {
+        exact.add(entry);
+      }
+    }
+    if (prefixes.length > 0) {
+      const allPermissions = await permissionRepo.find();
+      for (const p of allPermissions) {
+        if (prefixes.some((prefix) => p.name.startsWith(prefix))) {
+          exact.add(p.name);
+        }
+      }
+    }
+    return Array.from(exact);
+  }
+  private async seedTestUsers(users: TestingUserSpec[]): Promise<void> {
+    const userService = this.moduleRef.get(UserService, { strict: false });
+    const authService = this.moduleRef.get(AuthenticationService, { strict: false });
+    if (!userService || !authService) {
+      throw new Error('UserService / AuthenticationService not available — cannot seed test users.');
+    }
+    for (const user of users) {
+      const existing = await userService.findOneByUsername(user.username);
+      if (existing) {
+        this.logger.debug(`Test user "${user.username}" already exists — skipping signUp.`);
+        continue;
+      }
+      await authService.signUp({
+        username: user.username,
+        email: user.email,
+        password: user.password,
+        fullName: user.fullName,
+        mobile: user.mobile,
+        roles: user.roles,
+      });
+      this.logger.log(`Created test user "${user.username}"${user.roles?.length ? ` with roles [${user.roles.join(', ')}]` : ''}`);
+    }
+  }
   private async seedMultiRelations(
     entityId: number,
     modelUserKey: string,

package/src/seeders/seed-data/solid-core-metadata.json CHANGED Viewed

@@ -2085,6 +2085,35 @@
             "relationModelModuleName": "solid-core",
             "isSystem": true
           },
+          {
+            "name": "isAllowedToGenerateApiKeys",
+            "displayName": "Is Allowed To Generate API Keys",
+            "type": "boolean",
+            "required": true,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "defaultValue": "false",
+            "isSystem": true,
+            "enableAuditTracking": true
+          },
+          {
+            "name": "apiKeys",
+            "displayName": "API Keys",
+            "type": "relation",
+            "required": false,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "relationType": "one-to-many",
+            "relationCoModelSingularName": "userApiKey",
+            "relationCoModelFieldName": "user",
+            "relationCreateInverse": true,
+            "relationModelModuleName": "solid-core",
+            "isSystem": true
+          },
           {
             "name": "passwordScheme",
             "displayName": "Password Scheme",
@@ -2129,6 +2158,105 @@
           }
         ]
       },
+      {
+        "singularName": "userApiKey",
+        "tableName": "ss_user_api_key",
+        "pluralName": "userApiKeys",
+        "displayName": "User API Key",
+        "description": "API keys for programmatic server-to-server access",
+        "dataSource": "default",
+        "dataSourceType": "postgres",
+        "userKeyFieldUserKey": "name",
+        "isSystem": true,
+        "fields": [
+          {
+            "name": "name",
+            "displayName": "Name",
+            "type": "shortText",
+            "length": 512,
+            "required": true,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "isSystem": true
+          },
+          {
+            "name": "hashedKey",
+            "displayName": "Hashed Key",
+            "type": "shortText",
+            "length": 512,
+            "required": true,
+            "unique": true,
+            "index": true,
+            "private": true,
+            "encrypt": false,
+            "isSystem": true
+          },
+          {
+            "name": "maskedKey",
+            "displayName": "Masked Key",
+            "type": "shortText",
+            "length": 512,
+            "required": true,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "isSystem": true
+          },
+          {
+            "name": "isActive",
+            "displayName": "Is Active",
+            "type": "boolean",
+            "required": true,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "defaultValue": "true",
+            "isSystem": true
+          },
+          {
+            "name": "expiresAt",
+            "displayName": "Expires At",
+            "type": "datetime",
+            "required": false,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "isSystem": true
+          },
+          {
+            "name": "lastUsedAt",
+            "displayName": "Last Used At",
+            "type": "datetime",
+            "required": false,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "isSystem": true
+          },
+          {
+            "name": "user",
+            "displayName": "User",
+            "type": "relation",
+            "required": true,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false,
+            "relationType": "many-to-one",
+            "relationCoModelSingularName": "user",
+            "relationCoModelFieldName": "apiKeys",
+            "relationCreateInverse": true,
+            "relationModelModuleName": "solid-core",
+            "isSystem": true
+          }
+        ]
+      },
       {
         "singularName": "userActivityHistory",
         "tableName": "ss_user_activity_history",