npm - aloux-iam - Versions diffs - 1.0.1 → 1.0.3 - Mend

aloux-iam 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/.claude/settings.local.json +9 -0
package/lib/config/utils.js +26 -0
package/lib/controllers/business.js +3 -1
package/lib/controllers/company.js +3 -1
package/lib/controllers/functions.js +4 -3
package/lib/controllers/label.js +4 -3
package/lib/controllers/menu.js +4 -3
package/lib/controllers/permission.js +4 -3
package/lib/models/Business.js +2 -0
package/lib/models/Permission.js +1 -0
package/lib/models/User.js +2 -0
package/lib/router.js +1 -0
package/lib/services/auth.js +1 -2
package/lib/services/user.js +6 -6
package/package.json +1 -1

package/.claude/settings.local.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(grep *)",
+      "Bash(npm run *)",
+      "Bash(curl -s http://localhost:5173)"
+    ]
+  }
+}

package/lib/config/utils.js CHANGED Viewed

@@ -106,6 +106,32 @@ self.hashCode = (code) => {
   return crypto.createHash('sha256').update(String(code)).digest('hex');
 };
+// Extrae del body solo los campos definidos en el schema del modelo.
+// Campos de tipo Object libre (ej. data) se aplanan a dot-notation para que
+// $set haga merge en lugar de reemplazar el objeto completo.
+self.pickFromSchema = (Model, body) => {
+  const nonEditable = new Set(Model.schema.options.nonEditable || []);
+  const BASE_BLOCKED = new Set(['_id', '__v', 'createdAt', 'lastUpdate']);
+  const schemaObj = Model.schema.obj;
+  const allowed = Object.keys(schemaObj).filter(k => !BASE_BLOCKED.has(k) && !nonEditable.has(k));
+  const result = {};
+  for (const [k, v] of Object.entries(body)) {
+    if (!allowed.includes(k)) continue;
+    const fieldDef = schemaObj[k];
+    const isFreeObject = (fieldDef === Object || fieldDef?.type === Object) &&
+                         v && typeof v === 'object' && !Array.isArray(v);
+    if (isFreeObject) {
+      for (const [dk, dv] of Object.entries(v)) {
+        result[`${k}.${dk}`] = dv;
+      }
+    } else {
+      result[k] = v;
+    }
+  }
+  return result;
+};
 self.sanitizeSort = (sort, allowedFields) => {
   if (!sort || typeof sort !== 'object' || Array.isArray(sort)) return null;
   const safe = {};

package/lib/controllers/business.js CHANGED Viewed

@@ -143,9 +143,11 @@ self.detail = async (req, res) => {
 self.update = async (req, res) => {
   try {
+    const payload = errorController.pickFromSchema(Business, req.body);
+    payload.lastUpdate = new Date().getTime();
     const update = await Business.updateOne(
       { _id: req.params.BUSINESS_ID },
-      { $set: req.body, lastUpdate: new Date().getTime() }
+      { $set: payload }
     );
     res.status(202).send(update);
   } catch (error) {

package/lib/controllers/company.js CHANGED Viewed

@@ -59,9 +59,11 @@ self.detail = async (req, res) => {
 self.update = async (req, res) => {
   try {
+    const payload = errorController.pickFromSchema(Company, req.body);
+    payload.lastUpdate = new Date().getTime();
     const update = await Company.updateOne(
       { _id: req.params.COMPANY_ID },
-      { $set: req.body, lastUpdate: new Date().getTime() }
+      { $set: payload }
     );
     res.status(202).send(update);
   } catch (error) {

package/lib/controllers/functions.js CHANGED Viewed

@@ -19,9 +19,10 @@ self.update = async (req, res) => {
         const count = await Functions.exists({ _id: req.params.FUNCTION_ID })
         if (!count)
             throw new Error('Upss! No se encontró el registro')
-        req.body.lastUpdate = (new Date()).getTime()
-        await Functions.updateOne({ _id: req.params.FUNCTION_ID }, { $set: req.body })
-        res.status(200).send(req.body)
+        const payload = utils.pickFromSchema(Functions, req.body)
+        payload.lastUpdate = (new Date()).getTime()
+        await Functions.updateOne({ _id: req.params.FUNCTION_ID }, { $set: payload })
+        res.status(200).send(payload)
     } catch (error) {
         utils.responseError(res, error)
     }

package/lib/controllers/label.js CHANGED Viewed

@@ -19,9 +19,10 @@ self.update = async (req, res) => {
     const _id = req.params.LABEL_ID;
     const exists = await Label.exists({ _id });
     if (!exists) throw new Error("Upss! No se encontró el registro");
-    req.body.lastUpdate = new Date().getTime();
-    await Label.updateOne({ _id }, req.body);
-    res.status(200).send(req.body);
+    const payload = utils.pickFromSchema(Label, req.body);
+    payload.lastUpdate = new Date().getTime();
+    await Label.updateOne({ _id }, payload);
+    res.status(200).send(payload);
   } catch (error) {
     utils.responseError(res, error);
   }

package/lib/controllers/menu.js CHANGED Viewed

@@ -20,9 +20,10 @@ self.update = async (req, res) => {
         const count = await Menu.exists({ _id })
         if (!count)
             throw new Error('Upss! No se encontró el registro')
-        req.body.lastUpdate = (new Date()).getTime()
-        await Menu.updateOne({ _id }, { $set: req.body })
-        res.status(200).send(req.body)
+        const payload = utils.pickFromSchema(Menu, req.body)
+        payload.lastUpdate = (new Date()).getTime()
+        await Menu.updateOne({ _id }, { $set: payload })
+        res.status(200).send(payload)
     } catch (error) {
         utils.responseError(res, error)
     }

package/lib/controllers/permission.js CHANGED Viewed

@@ -28,9 +28,10 @@ self.update = async (req, res) => {
         const count = await Permission.exists({ _id })
         if (!count)
             throw new Error('Upss! No se encontró el registro')
-        req.body.lastUpdate = (new Date()).getTime()
-        await Permission.updateOne({ _id }, { $set: req.body })
-        res.status(200).send(req.body)
+        const payload = utils.pickFromSchema(Permission, req.body)
+        payload.lastUpdate = (new Date()).getTime()
+        await Permission.updateOne({ _id }, { $set: payload })
+        res.status(200).send(payload)
     } catch (error) {
         utils.responseError(res, error)
     }

package/lib/models/Business.js CHANGED Viewed

@@ -43,5 +43,7 @@ const businessSchema = mongoose.Schema({
   environment: { type: String, enum: ["dev", "qa", "prod"] },
 });
+businessSchema.set('nonEditable', ['gkey']);
 const Business = mongoose.model("Business", businessSchema);
 module.exports = Business;

package/lib/models/Permission.js CHANGED Viewed

@@ -13,6 +13,7 @@ const permissionSchema = mongoose.Schema({
 });
 permissionSchema.index({ method: 1, endpoint: 1 }, { unique: true });
+permissionSchema.set('nonEditable', ['method', 'endpoint']);
 const Permission = mongoose.model("Permission", permissionSchema);
 module.exports = Permission;

package/lib/models/User.js CHANGED Viewed

@@ -94,6 +94,8 @@ const adminSchema = mongoose.Schema({
   lastUpdate: { type: Number },
 });
+adminSchema.set('nonEditable', ['pwd', 'tokens', 'validateKey']);
 adminSchema.pre("save", async function () {
   const user = this;

package/lib/router.js CHANGED Viewed

@@ -47,6 +47,7 @@ router.put("/iam/auth/reset/password", middleware, auth.resetPass);
 router.post("/iam/auth/send/verify/phone", middleware, auth.verifyPhone);
 router.post("/iam/auth/verify/phone", middleware, auth.validatePhone);
 router.post("/iam/auth/logout", middleware, auth.logout);
+router.post("/iam/auth/logout-all", middleware, auth.logoutAll);
 router.patch("/iam/auth/mail", middleware, auth.mailChange);
 router.post("/iam/auth/validate/mail", middleware, auth.validatEmailChange);

package/lib/services/auth.js CHANGED Viewed

@@ -244,8 +244,7 @@ self.logout = async (req, res) => {
 };
 self.logoutAll = async (req, res) => {
-  req.user.tokens = [];
-  await req.user.save();
+  await User.updateOne({ _id: req.user._id }, { $set: { tokens: [] } });
   res.clearCookie("token");
   return true;
 };

package/lib/services/user.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const jwt = require("jsonwebtoken")
 const User = require('../models/User')
-const { hashToken } = require('../config/utils')
+const { hashToken, pickFromSchema } = require('../config/utils')
 const self = module.exports
 self.create = async (body) => {
@@ -27,7 +27,10 @@ self.create = async (body) => {
   user = new User(body)
   user.createdAt = new Date().getTime()
   user.status = body?.status ?? 'Activo'
-  user.data = { changePwd: false }
+  user.data = {
+    ...(body.data || {}),
+    changePwd: body.data?.changePwd ?? false
+  }
   try {
     await user.save()
@@ -111,10 +114,7 @@ self.update = async (USER_ID, body) => {
     await User.updateOne({ _id }, { 'validateKey.validatePhone.validCodePhone': false })
   }
-  const BLOCKED_FIELDS = ['tokens', 'pwd', 'validateKey', 'createdAt', '_id'];
-  const safeBody = Object.fromEntries(
-    Object.entries(body).filter(([key]) => !BLOCKED_FIELDS.includes(key))
-  );
+  const safeBody = pickFromSchema(User, body);
   safeBody.lastUpdate = new Date().getTime();
   const result = await User.updateOne({ _id }, { $set: safeBody })

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aloux-iam",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "Aloux IAM for APIs ",
   "main": "index.js",
   "scripts": {