aloux-iam 0.0.146 → 1.0.1

package/lib/config/utils.js

@@ -79,6 +79,23 @@ self.escapeRegex = (str) => {
   return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 };
 
+// Sanitiza un objeto de filtros del cliente: solo permite keys sin $ y valores primitivos o anidados seguros
+self.sanitizeFilters = (obj, depth = 0) => {
+  if (depth > 4 || obj === null || typeof obj !== 'object' || Array.isArray(obj)) return {};
+  const safe = {};
+  for (const [key, val] of Object.entries(obj)) {
+    if (key.startsWith('$')) continue;
+    if (val === null || val === undefined) continue;
+    if (typeof val === 'object' && !Array.isArray(val)) {
+      const nested = self.sanitizeFilters(val, depth + 1);
+      if (Object.keys(nested).length > 0) safe[key] = nested;
+    } else if (typeof val === 'string' || typeof val === 'number' || typeof val === 'boolean') {
+      safe[key] = val;
+    }
+  }
+  return safe;
+};
+
 self.hashToken = (token) => {
   const crypto = require('crypto');
   return crypto.createHash('sha256').update(String(token)).digest('hex');

package/lib/controllers/user.js

@@ -158,7 +158,7 @@ self.get = async (req, res) => {
 
 self.retrieve = async (req, res) => {
   try {
-    const { page, itemsPerPage, search } = req.query
+    const { page, itemsPerPage, search, filters: filtersRaw } = req.query
     const paginate = page != null && itemsPerPage != null
     const attributes = { pwd: 0, tokens: 0 }
     let query = {}
@@ -167,14 +167,28 @@ self.retrieve = async (req, res) => {
       const s = utils.escapeRegex(String(search))
       query.$or = [
         { name: { $regex: s, $options: 'i' } },
-        { lastName: { $regex: s, $options: 'i' } }
+        { lastName: { $regex: s, $options: 'i' } },
+        { email: { $regex: s, $options: 'i' } },
+        { phone: { $regex: s, $options: 'i' } },
+        { 'phoneObj.e164': { $regex: s, $options: 'i' } },
+        { 'phoneObj.international': { $regex: s, $options: 'i' } },
       ]
     }
 
+    if (filtersRaw) {
+      try {
+        const parsed = typeof filtersRaw === 'string' ? JSON.parse(filtersRaw) : filtersRaw
+        Object.assign(query, utils.sanitizeFilters(parsed))
+      } catch (_) {}
+    }
+
     if (paginate) {
       const perPage = Math.min(Number(itemsPerPage), 100)
       const count = await User.countDocuments(query)
       const items = await User.find(query, attributes)
+        .populate({ path: '_functions', select: 'name' })
+        .populate({ path: '_business', select: 'name' })
+        .populate({ path: '_company', select: 'name' })
         .skip(perPage * (Number(page) - 1))
         .limit(perPage)
         .sort({ createdAt: -1 })
@@ -188,7 +202,9 @@ self.retrieve = async (req, res) => {
     }
 
     const result = await User.find(query, attributes)
-      .populate([{ path: '_functions' }, { path: '_company' }, { path: '_business' }])
+      .populate({ path: '_functions', select: 'name' })
+      .populate({ path: '_business', select: 'name' })
+      .populate({ path: '_company', select: 'name' })
       .sort({ createdAt: -1 })
       .lean()
     res.status(200).send(result)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aloux-iam",
-  "version": "0.0.146",
+  "version": "1.0.1",
   "description": "Aloux IAM for APIs ",
   "main": "index.js",
   "scripts": {
@@ -17,7 +17,7 @@
   ],
   "author": "Aloux",
   "license": "MIT",
-  "homepage": "https://github.com/alouxDeveloper/aloux-sdk#readme",
+  "homepage": "https://docs.aloux.mx/iam",
   "dependencies": {
     "bcryptjs": "^3.0.3",
     "cookie-parser": "^1.4.6",