@volcanicminds/backend 1.0.4 → 2.0.1

package/dist/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@volcanicminds/backend",
-    "version": "1.0.4",
-    "codename": "turin",
+    "version": "2.0.1",
+    "codename": "rome",
     "license": "MIT",
     "description": "The volcanic (minds) backend",
     "keywords": [
@@ -29,9 +29,6 @@
     ],
     "main": "dist/index",
     "typings": "dist/index",
-    "engines": {
-        "node": ">=16"
-    },
     "scripts": {
         "clean": "rm -rf dist esm",
         "prebuild": "npm run clean",
@@ -44,51 +41,50 @@
         "server": "cd dist && node server.js",
         "start": "ts-node server.ts",
         "dev": "nodemon --exec \"ts-node\" server.ts",
-        "test": "yarn test:full",
+        "test": "npm run test:full",
         "test:full": "cross-env PORT=2231 NODE_ENV=memory BROWSER=false mocha ./test/index.spec.ts -t 100000",
-        "reset": "yarn && yarn up && yarn compile",
-        "upgrade-deps": "yarn upgrade-interactive",
-        "upgrade-pkg": "yarn npm-upgrade",
+        "reset": "npm install && npm update && npm run compile",
+        "upgrade-deps": "npx npm-check-updates -u",
         "combine": "node combine.js"
     },
     "dependencies": {
-        "@apollo/server": "^4.11.0",
-        "@as-integrations/fastify": "^2.1.1",
-        "@fastify/compress": "^7.0.3",
-        "@fastify/cors": "^9.0.1",
-        "@fastify/helmet": "^11.1.1",
-        "@fastify/jwt": "^8.0.1",
-        "@fastify/multipart": "^8.3.0",
-        "@fastify/rate-limit": "^9.1.0",
-        "@fastify/schedule": "^4.1.1",
-        "@fastify/swagger": "^8.15.0",
-        "@fastify/swagger-ui": "^3.1.0",
-        "@types/node": "^20.17.0",
-        "dayjs": "^1.11.13",
-        "dotenv": "^16.4.5",
-        "fastify": "^4.28.1",
-        "fastify-raw-body": "^4.3.0",
-        "glob": "^10.4.5",
-        "graphql": "^16.9.0",
-        "i18n": "^0.15.1",
+        "@apollo/server": "^5.1.0",
+        "@as-integrations/fastify": "^3.1.0",
+        "@fastify/compress": "^8.1.0",
+        "@fastify/cors": "^11.1.0",
+        "@fastify/helmet": "^13.0.2",
+        "@fastify/jwt": "^10.0.0",
+        "@fastify/multipart": "^9.3.0",
+        "@fastify/rate-limit": "^10.3.0",
+        "@fastify/schedule": "^6.0.0",
+        "@fastify/swagger": "^9.5.2",
+        "@fastify/swagger-ui": "^5.2.3",
+        "@types/node": "^24.10.0",
+        "dayjs": "^1.11.19",
+        "dotenv": "^17.2.3",
+        "fastify": "^5.6.1",
+        "fastify-raw-body": "^5.0.0",
+        "glob": "^11.0.3",
+        "graphql": "^16.12.0",
+        "i18n": "^0.15.3",
         "lodash": "^4.17.21",
-        "nanoid": "^5.0.7",
+        "nanoid": "^5.1.6",
         "object-sizeof": "^2.6.5",
-        "pino": "^9.5.0",
-        "pino-pretty": "^11.3.0",
+        "pino": "^10.1.0",
+        "pino-pretty": "^13.1.2",
         "root-require": "^0.3.1",
-        "semver": "^7.6.3",
-        "toad-scheduler": "^3.0.1"
+        "semver": "^7.7.3",
+        "toad-scheduler": "^3.1.0"
     },
     "devDependencies": {
-        "@types/mocha": "^10.0.9",
-        "cross-env": "^7.0.3",
-        "expect": "^29.7.0",
-        "mocha": "^10.7.3",
-        "nodemon": "^3.1.7",
-        "npm-upgrade": "^3.1.0",
+        "@types/mocha": "^10.0.10",
+        "cross-env": "^10.1.0",
+        "expect": "^30.2.0",
+        "mocha": "^11.7.5",
+        "nodemon": "^3.1.10",
+        "npm-upgrade": "^3.1.2",
         "ts-node": "^10.9.2",
-        "typescript": "^5.6.3"
+        "typescript": "^5.9.3"
     },
     "repository": {
         "type": "git",
@@ -106,5 +102,7 @@
         "lib": "lib",
         "test": "test"
     },
-    "packageManager": "yarn@4.1.0"
+    "engines": {
+        "node": ">=24"
+    }
 }

package/lib/api/users/controller/user.ts

@@ -1,19 +1,9 @@
 import { FastifyReply, FastifyRequest } from 'fastify'
 import { AuthenticatedUser } from '../../../../types/global'
 
-export function currentUser(req: FastifyRequest, reply: FastifyReply) {
-  const user: AuthenticatedUser | undefined = req.user
-  reply.send(user ? { ...user, roles: req.roles() } : {})
-}
-
-export function isAdmin(req: FastifyRequest, reply: FastifyReply) {
-  const user: AuthenticatedUser | undefined = req.user
-  reply.send({ isAdmin: user?.getId() && req.hasRole(roles.admin) })
-}
-
-export function getRoles(req: FastifyRequest, reply: FastifyReply) {
+export async function getRoles(req: FastifyRequest, reply: FastifyReply) {
   const allRoles = Object.keys(roles).map((key) => roles[key])
-  reply.send(allRoles)
+  return reply.send(allRoles)
 }
 
 export async function count(req: FastifyRequest, reply: FastifyReply) {
@@ -32,13 +22,24 @@ export async function findOne(req: FastifyRequest, reply: FastifyReply) {
 }
 
 export async function create(req: FastifyRequest, reply: FastifyReply) {
+  if (!req.hasRole(roles.admin)) {
+    return reply.status(403).send(Error('Only admins can create users'))
+  }
+
   const { id, ...data } = req.data()
+
+  if (data.roles && data.roles.includes(roles.admin)) {
+    if (!config.enable || config.options?.allow_multiple_admin !== true) {
+      return reply.status(403).send(Error('Cannot assign admin role to a user'))
+    }
+  }
+
   const user = await req.server['userManager'].createUser(data)
   return user ? entity.User.save(user) : reply.status(400).send(Error('User not creatable'))
 }
 
 export async function update(req: FastifyRequest, reply: FastifyReply) {
-  const { id, ...userData } = req.parameters()
+  const { id, ...userData } = req.data()
   if (!id) {
     return reply.status(400).send('Missing required id parameter')
   }
@@ -53,3 +54,24 @@ export async function remove(req: FastifyRequest, reply: FastifyReply) {
   }
   return await req.server['userManager'].deleteUser(id)
 }
+
+export async function getCurrentUser(req: FastifyRequest, reply: FastifyReply) {
+  const user: AuthenticatedUser | undefined = req.user
+  return reply.send(user ? { ...user, roles: req.roles() } : {})
+}
+
+export async function updateCurrentUser(req: FastifyRequest, reply: FastifyReply) {
+  const user: AuthenticatedUser | undefined = req.user
+  const id = user?.getId()
+  if (!id) {
+    return reply.status(403).send('Cannot update current user')
+  }
+
+  const { id: _id, ...userData } = req.data()
+  return await req.server['userManager'].updateUserById(id, userData)
+}
+
+export async function isAdmin(req: FastifyRequest, reply: FastifyReply) {
+  const user: AuthenticatedUser | undefined = req.user
+  return reply.send({ isAdmin: user?.getId() && req.hasRole(roles.admin) })
+}

package/lib/api/users/routes.ts

@@ -64,9 +64,9 @@ module.exports = {
     {
       method: 'GET',
       path: '/:id',
-      roles: [],
+      roles: [roles.admin],
       handler: 'user.findOne',
-      middlewares: [],
+      middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Find user',
         description: 'Get user by id',
@@ -82,9 +82,9 @@ module.exports = {
     {
       method: 'PUT',
       path: '/:id',
-      roles: [],
+      roles: [roles.admin],
       handler: 'user.update',
-      middlewares: [],
+      middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Update user',
         description: 'Updates a user by id',
@@ -101,9 +101,9 @@ module.exports = {
     {
       method: 'POST',
       path: '/',
-      roles: [],
+      roles: [roles.admin],
       handler: 'user.create',
-      middlewares: [],
+      middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Create a user',
         description: 'Creates a new user',
@@ -119,9 +119,9 @@ module.exports = {
     {
       method: 'DELETE',
       path: '/:id',
-      roles: [],
+      roles: [roles.admin],
       handler: 'user.remove',
-      middlewares: [],
+      middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Delete user',
         description: 'Deletes user by id',
@@ -138,7 +138,7 @@ module.exports = {
       method: 'GET',
       path: '/me',
       roles: [],
-      handler: 'user.currentUser',
+      handler: 'user.getCurrentUser',
       middlewares: ['global.isAuthenticated'],
       config: {
         title: 'Get current user',
@@ -148,6 +148,24 @@ module.exports = {
         }
       }
     },
+    {
+      method: 'PUT',
+      path: '/me',
+      roles: [],
+      handler: 'user.updateCurrentUser',
+      middlewares: ['global.isAuthenticated'],
+      config: {
+        title: 'Update current user',
+        description: 'Update current user',
+        body: { $ref: 'currentUserBodySchema#' },
+        response: {
+          200: {
+            description: 'Default response',
+            $ref: 'userSchema#'
+          }
+        }
+      }
+    },
     {
       method: 'GET',
       path: '/is-admin',

package/lib/config/general.ts

@@ -4,6 +4,7 @@ module.exports = {
   name: 'general',
   enable: true,
   options: {
+    allow_multiple_admin: false,
     reset_external_id_on_login: false,
     scheduler: false,
     embedded_auth: true

package/lib/loader/general.ts

@@ -7,6 +7,7 @@ export function load() {
     name: 'general',
     enable: true,
     options: {
+      allow_multiple_admin: false,
       reset_external_id_on_login: false,
       scheduler: false,
       embedded_auth: true

package/lib/schemas/user.ts

@@ -1,3 +1,12 @@
+export const currentUserBodySchema = {
+  $id: 'currentUserBodySchema',
+  type: 'object',
+  nullable: true,
+  properties: {
+    username: { type: 'string' }
+  }
+}
+
 export const userBodySchema = {
   $id: 'userBodySchema',
   type: 'object',

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@volcanicminds/backend",
-  "version": "1.0.4",
-  "codename": "turin",
+  "version": "2.0.1",
+  "codename": "rome",
   "license": "MIT",
   "description": "The volcanic (minds) backend",
   "keywords": [
@@ -29,9 +29,6 @@
   ],
   "main": "dist/index",
   "typings": "dist/index",
-  "engines": {
-    "node": ">=16"
-  },
   "scripts": {
     "clean": "rm -rf dist esm",
     "prebuild": "npm run clean",
@@ -44,51 +41,50 @@
     "server": "cd dist && node server.js",
     "start": "ts-node server.ts",
     "dev": "nodemon --exec \"ts-node\" server.ts",
-    "test": "yarn test:full",
+    "test": "npm run test:full",
     "test:full": "cross-env PORT=2231 NODE_ENV=memory BROWSER=false mocha ./test/index.spec.ts -t 100000",
-    "reset": "yarn && yarn up && yarn compile",
-    "upgrade-deps": "yarn upgrade-interactive",
-    "upgrade-pkg": "yarn npm-upgrade",
+    "reset": "npm install && npm update && npm run compile",
+    "upgrade-deps": "npx npm-check-updates -u",
     "combine": "node combine.js"
   },
   "dependencies": {
-    "@apollo/server": "^4.11.0",
-    "@as-integrations/fastify": "^2.1.1",
-    "@fastify/compress": "^7.0.3",
-    "@fastify/cors": "^9.0.1",
-    "@fastify/helmet": "^11.1.1",
-    "@fastify/jwt": "^8.0.1",
-    "@fastify/multipart": "^8.3.0",
-    "@fastify/rate-limit": "^9.1.0",
-    "@fastify/schedule": "^4.1.1",
-    "@fastify/swagger": "^8.15.0",
-    "@fastify/swagger-ui": "^3.1.0",
-    "@types/node": "^20.17.0",
-    "dayjs": "^1.11.13",
-    "dotenv": "^16.4.5",
-    "fastify": "^4.28.1",
-    "fastify-raw-body": "^4.3.0",
-    "glob": "^10.4.5",
-    "graphql": "^16.9.0",
-    "i18n": "^0.15.1",
+    "@apollo/server": "^5.1.0",
+    "@as-integrations/fastify": "^3.1.0",
+    "@fastify/compress": "^8.1.0",
+    "@fastify/cors": "^11.1.0",
+    "@fastify/helmet": "^13.0.2",
+    "@fastify/jwt": "^10.0.0",
+    "@fastify/multipart": "^9.3.0",
+    "@fastify/rate-limit": "^10.3.0",
+    "@fastify/schedule": "^6.0.0",
+    "@fastify/swagger": "^9.5.2",
+    "@fastify/swagger-ui": "^5.2.3",
+    "@types/node": "^24.10.0",
+    "dayjs": "^1.11.19",
+    "dotenv": "^17.2.3",
+    "fastify": "^5.6.1",
+    "fastify-raw-body": "^5.0.0",
+    "glob": "^11.0.3",
+    "graphql": "^16.12.0",
+    "i18n": "^0.15.3",
     "lodash": "^4.17.21",
-    "nanoid": "^5.0.7",
+    "nanoid": "^5.1.6",
     "object-sizeof": "^2.6.5",
-    "pino": "^9.5.0",
-    "pino-pretty": "^11.3.0",
+    "pino": "^10.1.0",
+    "pino-pretty": "^13.1.2",
     "root-require": "^0.3.1",
-    "semver": "^7.6.3",
-    "toad-scheduler": "^3.0.1"
+    "semver": "^7.7.3",
+    "toad-scheduler": "^3.1.0"
   },
   "devDependencies": {
-    "@types/mocha": "^10.0.9",
-    "cross-env": "^7.0.3",
-    "expect": "^29.7.0",
-    "mocha": "^10.7.3",
-    "nodemon": "^3.1.7",
-    "npm-upgrade": "^3.1.0",
+    "@types/mocha": "^10.0.10",
+    "cross-env": "^10.1.0",
+    "expect": "^30.2.0",
+    "mocha": "^11.7.5",
+    "nodemon": "^3.1.10",
+    "npm-upgrade": "^3.1.2",
     "ts-node": "^10.9.2",
-    "typescript": "^5.6.3"
+    "typescript": "^5.9.3"
   },
   "repository": {
     "type": "git",
@@ -106,5 +102,7 @@
     "lib": "lib",
     "test": "test"
   },
-  "packageManager": "yarn@4.1.0"
+  "engines": {
+    "node": ">=24"
+  }
 }

package/types/global.d.ts

@@ -57,6 +57,7 @@ export interface GeneralConfig {
   name: string
   enable: boolean
   options: {
+    allow_multiple_admin: boolean
     reset_external_id_on_login: boolean
     scheduler: boolean
     embedded_auth: boolean