mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(api): add WorkspaceGuard to controllers and fix route ordering

Browse Source
This commit is contained in:
Jason Woltje
2026-01-29 20:15:33 -06:00
parent 9977d9bcf4
commit 48abdbba8b
8 changed files with 216 additions and 541 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
apps/api/src/activity/activity.controller.ts
View File

@@ -1,59 +1,44 @@
import { Controller, Get, Query, Param, UseGuards, Request } from "@nestjs/common"; import {
Controller,
Get,
Query,
Param,
UseGuards,
} from "@nestjs/common";
import { ActivityService } from "./activity.service"; import { ActivityService } from "./activity.service";
import { EntityType } from "@prisma/client"; import { EntityType } from "@prisma/client";
import type { QueryActivityLogDto } from "./dto"; import type { QueryActivityLogDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
/**
* Controller for activity log endpoints
* All endpoints require authentication
*/
@Controller("activity") @Controller("activity")
@UseGuards(AuthGuard) @UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class ActivityController { export class ActivityController {
constructor(private readonly activityService: ActivityService) {} constructor(private readonly activityService: ActivityService) {}
/**
* GET /api/activity
* Get paginated activity logs with optional filters
* workspaceId is extracted from authenticated user context
*/
@Get() @Get()
async findAll(@Query() query: QueryActivityLogDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
// Extract workspaceId from authenticated user async findAll(
const workspaceId = req.user?.workspaceId || query.workspaceId; @Query() query: QueryActivityLogDto,
@Workspace() workspaceId: string
) {
return this.activityService.findAll({ ...query, workspaceId }); return this.activityService.findAll({ ...query, workspaceId });
} }
/**
* GET /api/activity/:id
* Get a single activity log by ID
* workspaceId is extracted from authenticated user context
*/
@Get(":id") @Get(":id")
async findOne(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
if (!workspaceId) {
throw new Error("User workspaceId not found");
}
return this.activityService.findOne(id, workspaceId); return this.activityService.findOne(id, workspaceId);
} }
/**
* GET /api/activity/audit/:entityType/:entityId
* Get audit trail for a specific entity
* workspaceId is extracted from authenticated user context
*/
@Get("audit/:entityType/:entityId") @Get("audit/:entityType/:entityId")
@RequirePermission(Permission.WORKSPACE_ANY)
async getAuditTrail( async getAuditTrail(
@Request() req: any,
@Param("entityType") entityType: EntityType, @Param("entityType") entityType: EntityType,
@Param("entityId") entityId: string @Param("entityId") entityId: string,
@Workspace() workspaceId: string
) { ) {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new Error("User workspaceId not found");
}
return this.activityService.getAuditTrail(workspaceId, entityType, entityId); return this.activityService.getAuditTrail(workspaceId, entityType, entityId);
} }
} }

28
apps/api/src/auth/auth.controller.ts
View File

@@ -8,28 +8,6 @@ import { CurrentUser } from "./decorators/current-user.decorator";
export class AuthController { export class AuthController {
constructor(private readonly authService: AuthService) {} constructor(private readonly authService: AuthService) {}
/**
* Handle all BetterAuth routes
* BetterAuth provides built-in handlers for:
* - /auth/sign-in
* - /auth/sign-up
* - /auth/sign-out
* - /auth/callback/authentik
* - /auth/session
* etc.
*
* Note: BetterAuth expects a Fetch API-compatible Request object.
* NestJS converts the incoming Express request to be compatible at runtime.
*/
@All("*")
async handleAuth(@Req() req: Request) {
const auth = this.authService.getAuth();
return auth.handler(req);
}
/**
* Get current user profile (protected route example)
*/
@Get("profile") @Get("profile")
@UseGuards(AuthGuard) @UseGuards(AuthGuard)
getProfile(@CurrentUser() user: AuthUser) { getProfile(@CurrentUser() user: AuthUser) {
@@ -39,4 +17,10 @@ export class AuthController {
name: user.name, name: user.name,
}; };
} }
@All("*")
async handleAuth(@Req() req: Request) {
const auth = this.authService.getAuth();
return auth.handler(req);
}
} }

93
apps/api/src/domains/domains.controller.ts
View File

@@ -8,97 +8,62 @@ import {
Param, Param,
Query, Query,
UseGuards, UseGuards,
Request,
UnauthorizedException,
} from "@nestjs/common"; } from "@nestjs/common";
import { DomainsService } from "./domains.service"; import { DomainsService } from "./domains.service";
import { CreateDomainDto, UpdateDomainDto, QueryDomainsDto } from "./dto"; import { CreateDomainDto, UpdateDomainDto, QueryDomainsDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
/**
* Controller for domain endpoints
* All endpoints require authentication
*/
@Controller("domains") @Controller("domains")
@UseGuards(AuthGuard) @UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class DomainsController { export class DomainsController {
constructor(private readonly domainsService: DomainsService) {} constructor(private readonly domainsService: DomainsService) {}
/**
* POST /api/domains
* Create a new domain
*/
@Post() @Post()
async create(@Body() createDomainDto: CreateDomainDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_MEMBER)
const workspaceId = req.user?.workspaceId; async create(
const userId = req.user?.id; @Body() createDomainDto: CreateDomainDto,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.domainsService.create(workspaceId, user.id, createDomainDto);
return this.domainsService.create(workspaceId, userId, createDomainDto);
} }
/**
* GET /api/domains
* Get paginated domains with optional filters
*/
@Get() @Get()
async findAll(@Query() query: QueryDomainsDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findAll(
if (!workspaceId) { @Query() query: QueryDomainsDto,
throw new UnauthorizedException("Authentication required"); @Workspace() workspaceId: string
} ) {
return this.domainsService.findAll({ ...query, workspaceId }); return this.domainsService.findAll({ ...query, workspaceId });
} }
/**
* GET /api/domains/:id
* Get a single domain by ID
*/
@Get(":id") @Get(":id")
async findOne(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.domainsService.findOne(id, workspaceId); return this.domainsService.findOne(id, workspaceId);
} }
/**
* PATCH /api/domains/:id
* Update a domain
*/
@Patch(":id") @Patch(":id")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update( async update(
@Param("id") id: string, @Param("id") id: string,
@Body() updateDomainDto: UpdateDomainDto, @Body() updateDomainDto: UpdateDomainDto,
@Request() req: any @Workspace() workspaceId: string,
@CurrentUser() user: any
) { ) {
const workspaceId = req.user?.workspaceId; return this.domainsService.update(id, workspaceId, user.id, updateDomainDto);
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.domainsService.update(id, workspaceId, userId, updateDomainDto);
} }
/**
* DELETE /api/domains/:id
* Delete a domain
*/
@Delete(":id") @Delete(":id")
async remove(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ADMIN)
const workspaceId = req.user?.workspaceId; async remove(
const userId = req.user?.id; @Param("id") id: string,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.domainsService.remove(id, workspaceId, user.id);
return this.domainsService.remove(id, workspaceId, userId);
} }
} }

96
apps/api/src/events/events.controller.ts
View File

@@ -8,97 +8,71 @@ import {
Param, Param,
Query, Query,
UseGuards, UseGuards,
Request,
UnauthorizedException,
} from "@nestjs/common"; } from "@nestjs/common";
import { EventsService } from "./events.service"; import { EventsService } from "./events.service";
import { CreateEventDto, UpdateEventDto, QueryEventsDto } from "./dto"; import { CreateEventDto, UpdateEventDto, QueryEventsDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
/** /**
* Controller for event endpoints * Controller for event endpoints
* All endpoints require authentication * All endpoints require authentication and workspace context
*
* Guards are applied in order:
* 1. AuthGuard - Verifies user authentication
* 2. WorkspaceGuard - Validates workspace access and sets RLS context
* 3. PermissionGuard - Checks role-based permissions
*/ */
@Controller("events") @Controller("events")
@UseGuards(AuthGuard) @UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class EventsController { export class EventsController {
constructor(private readonly eventsService: EventsService) {} constructor(private readonly eventsService: EventsService) {}
/**
* POST /api/events
* Create a new event
*/
@Post() @Post()
async create(@Body() createEventDto: CreateEventDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_MEMBER)
const workspaceId = req.user?.workspaceId; async create(
const userId = req.user?.id; @Body() createEventDto: CreateEventDto,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.eventsService.create(workspaceId, user.id, createEventDto);
return this.eventsService.create(workspaceId, userId, createEventDto);
} }
/**
* GET /api/events
* Get paginated events with optional filters
*/
@Get() @Get()
async findAll(@Query() query: QueryEventsDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findAll(
if (!workspaceId) { @Query() query: QueryEventsDto,
throw new UnauthorizedException("Authentication required"); @Workspace() workspaceId: string
} ) {
return this.eventsService.findAll({ ...query, workspaceId }); return this.eventsService.findAll({ ...query, workspaceId });
} }
/**
* GET /api/events/:id
* Get a single event by ID
*/
@Get(":id") @Get(":id")
async findOne(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.eventsService.findOne(id, workspaceId); return this.eventsService.findOne(id, workspaceId);
} }
/**
* PATCH /api/events/:id
* Update an event
*/
@Patch(":id") @Patch(":id")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update( async update(
@Param("id") id: string, @Param("id") id: string,
@Body() updateEventDto: UpdateEventDto, @Body() updateEventDto: UpdateEventDto,
@Request() req: any @Workspace() workspaceId: string,
@CurrentUser() user: any
) { ) {
const workspaceId = req.user?.workspaceId; return this.eventsService.update(id, workspaceId, user.id, updateEventDto);
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.eventsService.update(id, workspaceId, userId, updateEventDto);
} }
/**
* DELETE /api/events/:id
* Delete an event
*/
@Delete(":id") @Delete(":id")
async remove(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ADMIN)
const workspaceId = req.user?.workspaceId; async remove(
const userId = req.user?.id; @Param("id") id: string,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.eventsService.remove(id, workspaceId, user.id);
return this.eventsService.remove(id, workspaceId, userId);
} }
} }

112
apps/api/src/ideas/ideas.controller.ts
View File

@@ -8,8 +8,6 @@ import {
Param, Param,
Query, Query,
UseGuards, UseGuards,
Request,
UnauthorizedException,
} from "@nestjs/common"; } from "@nestjs/common";
import { IdeasService } from "./ideas.service"; import { IdeasService } from "./ideas.service";
import { import {
@@ -19,112 +17,68 @@ import {
QueryIdeasDto, QueryIdeasDto,
} from "./dto"; } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
/**
* Controller for idea endpoints
* All endpoints require authentication
*/
@Controller("ideas") @Controller("ideas")
@UseGuards(AuthGuard) @UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class IdeasController { export class IdeasController {
constructor(private readonly ideasService: IdeasService) {} constructor(private readonly ideasService: IdeasService) {}
/**
* POST /api/ideas/capture
* Quick capture endpoint for rapid idea capture
* Requires minimal fields: content only (title optional)
*/
@Post("capture") @Post("capture")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async capture( async capture(
@Body() captureIdeaDto: CaptureIdeaDto, @Body() captureIdeaDto: CaptureIdeaDto,
@Request() req: any @Workspace() workspaceId: string,
@CurrentUser() user: any
) { ) {
const workspaceId = req.user?.workspaceId; return this.ideasService.capture(workspaceId, user.id, captureIdeaDto);
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.ideasService.capture(workspaceId, userId, captureIdeaDto);
} }
/**
* POST /api/ideas
* Create a new idea with full categorization options
*/
@Post() @Post()
async create(@Body() createIdeaDto: CreateIdeaDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_MEMBER)
const workspaceId = req.user?.workspaceId; async create(
const userId = req.user?.id; @Body() createIdeaDto: CreateIdeaDto,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.ideasService.create(workspaceId, user.id, createIdeaDto);
return this.ideasService.create(workspaceId, userId, createIdeaDto);
} }
/**
* GET /api/ideas
* Get paginated ideas with optional filters
* Supports status, domain, project, category, and search filters
*/
@Get() @Get()
async findAll(@Query() query: QueryIdeasDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findAll(
if (!workspaceId) { @Query() query: QueryIdeasDto,
throw new UnauthorizedException("Authentication required"); @Workspace() workspaceId: string
} ) {
return this.ideasService.findAll({ ...query, workspaceId }); return this.ideasService.findAll({ ...query, workspaceId });
} }
/**
* GET /api/ideas/:id
* Get a single idea by ID
*/
@Get(":id") @Get(":id")
async findOne(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.ideasService.findOne(id, workspaceId); return this.ideasService.findOne(id, workspaceId);
} }
/**
* PATCH /api/ideas/:id
* Update an idea
*/
@Patch(":id") @Patch(":id")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update( async update(
@Param("id") id: string, @Param("id") id: string,
@Body() updateIdeaDto: UpdateIdeaDto, @Body() updateIdeaDto: UpdateIdeaDto,
@Request() req: any @Workspace() workspaceId: string,
@CurrentUser() user: any
) { ) {
const workspaceId = req.user?.workspaceId; return this.ideasService.update(id, workspaceId, user.id, updateIdeaDto);
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.ideasService.update(id, workspaceId, userId, updateIdeaDto);
} }
/**
* DELETE /api/ideas/:id
* Delete an idea
*/
@Delete(":id") @Delete(":id")
async remove(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ADMIN)
const workspaceId = req.user?.workspaceId; async remove(
const userId = req.user?.id; @Param("id") id: string,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.ideasService.remove(id, workspaceId, user.id);
return this.ideasService.remove(id, workspaceId, userId);
} }
} }

145
apps/api/src/knowledge/tags.controller.ts
View File

@@ -7,175 +7,70 @@ import {
Body, Body,
Param, Param,
UseGuards, UseGuards,
Request,
UnauthorizedException,
HttpCode, HttpCode,
HttpStatus, HttpStatus,
} from "@nestjs/common"; } from "@nestjs/common";
import { TagsService } from "./tags.service"; import { TagsService } from "./tags.service";
import { CreateTagDto, UpdateTagDto } from "./dto"; import { CreateTagDto, UpdateTagDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
/**
* Controller for knowledge tag endpoints
* All endpoints require authentication and operate within workspace context
*/
@Controller("knowledge/tags") @Controller("knowledge/tags")
@UseGuards(AuthGuard) @UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class TagsController { export class TagsController {
constructor(private readonly tagsService: TagsService) {} constructor(private readonly tagsService: TagsService) {}
/**
* POST /api/knowledge/tags
* Create a new tag
*/
@Post() @Post()
@RequirePermission(Permission.WORKSPACE_MEMBER)
async create( async create(
@Body() createTagDto: CreateTagDto, @Body() createTagDto: CreateTagDto,
@Request() req: any @Workspace() workspaceId: string
): Promise<{ ) {
id: string;
workspaceId: string;
name: string;
slug: string;
color: string | null;
description: string | null;
}> {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.tagsService.create(workspaceId, createTagDto); return this.tagsService.create(workspaceId, createTagDto);
} }
/**
* GET /api/knowledge/tags
* List all tags in the workspace
*/
@Get() @Get()
async findAll(@Request() req: any): Promise< @RequirePermission(Permission.WORKSPACE_ANY)
Array<{ async findAll(@Workspace() workspaceId: string) {
id: string;
workspaceId: string;
name: string;
slug: string;
color: string | null;
description: string | null;
_count: {
entries: number;
};
}>
> {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.tagsService.findAll(workspaceId); return this.tagsService.findAll(workspaceId);
} }
/**
* GET /api/knowledge/tags/:slug
* Get a single tag by slug
*/
@Get(":slug") @Get(":slug")
@RequirePermission(Permission.WORKSPACE_ANY)
async findOne( async findOne(
@Param("slug") slug: string, @Param("slug") slug: string,
@Request() req: any @Workspace() workspaceId: string
): Promise<{ ) {
id: string;
workspaceId: string;
name: string;
slug: string;
color: string | null;
description: string | null;
_count: {
entries: number;
};
}> {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.tagsService.findOne(slug, workspaceId); return this.tagsService.findOne(slug, workspaceId);
} }
/**
* PUT /api/knowledge/tags/:slug
* Update a tag
*/
@Put(":slug") @Put(":slug")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update( async update(
@Param("slug") slug: string, @Param("slug") slug: string,
@Body() updateTagDto: UpdateTagDto, @Body() updateTagDto: UpdateTagDto,
@Request() req: any @Workspace() workspaceId: string
): Promise<{ ) {
id: string;
workspaceId: string;
name: string;
slug: string;
color: string | null;
description: string | null;
}> {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.tagsService.update(slug, workspaceId, updateTagDto); return this.tagsService.update(slug, workspaceId, updateTagDto);
} }
/**
* DELETE /api/knowledge/tags/:slug
* Delete a tag
*/
@Delete(":slug") @Delete(":slug")
@HttpCode(HttpStatus.NO_CONTENT) @HttpCode(HttpStatus.NO_CONTENT)
@RequirePermission(Permission.WORKSPACE_ADMIN)
async remove( async remove(
@Param("slug") slug: string, @Param("slug") slug: string,
@Request() req: any @Workspace() workspaceId: string
): Promise<void> { ) {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
await this.tagsService.remove(slug, workspaceId); await this.tagsService.remove(slug, workspaceId);
} }
/**
* GET /api/knowledge/tags/:slug/entries
* Get all entries with this tag
*/
@Get(":slug/entries") @Get(":slug/entries")
@RequirePermission(Permission.WORKSPACE_ANY)
async getEntries( async getEntries(
@Param("slug") slug: string, @Param("slug") slug: string,
@Request() req: any @Workspace() workspaceId: string
): Promise< ) {
Array<{
id: string;
slug: string;
title: string;
summary: string | null;
status: string;
visibility: string;
createdAt: Date;
updatedAt: Date;
}>
> {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.tagsService.getEntriesWithTag(slug, workspaceId); return this.tagsService.getEntriesWithTag(slug, workspaceId);
} }
} }

135
apps/api/src/layouts/layouts.controller.ts
View File

@@ -7,122 +7,75 @@ import {
Body, Body,
Param, Param,
UseGuards, UseGuards,
Request,
UnauthorizedException,
} from "@nestjs/common"; } from "@nestjs/common";
import { LayoutsService } from "./layouts.service"; import { LayoutsService } from "./layouts.service";
import { CreateLayoutDto, UpdateLayoutDto } from "./dto"; import { CreateLayoutDto, UpdateLayoutDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
/**
* Controller for user layout endpoints
* All endpoints require authentication
*/
@Controller("layouts") @Controller("layouts")
@UseGuards(AuthGuard) @UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class LayoutsController { export class LayoutsController {
constructor(private readonly layoutsService: LayoutsService) {} constructor(private readonly layoutsService: LayoutsService) {}
/**
* GET /api/layouts
* Get all layouts for the authenticated user
*/
@Get() @Get()
async findAll(@Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findAll(
const userId = req.user?.id; @Workspace() workspaceId: string,
@CurrentUser() user: any
if (!workspaceId || !userId) { ) {
throw new UnauthorizedException("Authentication required"); return this.layoutsService.findAll(workspaceId, user.id);
}
return this.layoutsService.findAll(workspaceId, userId);
} }
/**
* GET /api/layouts/:id
* Get a single layout by ID
*/
@Get(":id")
async findOne(@Param("id") id: string, @Request() req: any) {
const workspaceId = req.user?.workspaceId;
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.layoutsService.findOne(id, workspaceId, userId);
}
/**
* GET /api/layouts/default
* Get the default layout for the authenticated user
* Falls back to the most recently created layout if no default exists
*/
@Get("default") @Get("default")
async findDefault(@Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findDefault(
const userId = req.user?.id; @Workspace() workspaceId: string,
@CurrentUser() user: any
if (!workspaceId || !userId) { ) {
throw new UnauthorizedException("Authentication required"); return this.layoutsService.findDefault(workspaceId, user.id);
} }
return this.layoutsService.findDefault(workspaceId, userId); @Get(":id")
@RequirePermission(Permission.WORKSPACE_ANY)
async findOne(
@Param("id") id: string,
@Workspace() workspaceId: string,
@CurrentUser() user: any
) {
return this.layoutsService.findOne(id, workspaceId, user.id);
} }
/**
* POST /api/layouts
* Create a new layout
* If isDefault is true, any existing default layout will be unset
*/
@Post() @Post()
async create(@Body() createLayoutDto: CreateLayoutDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_MEMBER)
const workspaceId = req.user?.workspaceId; async create(
const userId = req.user?.id; @Body() createLayoutDto: CreateLayoutDto,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.layoutsService.create(workspaceId, user.id, createLayoutDto);
return this.layoutsService.create(workspaceId, userId, createLayoutDto);
} }
/**
* PATCH /api/layouts/:id
* Update a layout
* If isDefault is set to true, any existing default layout will be unset
*/
@Patch(":id") @Patch(":id")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update( async update(
@Param("id") id: string, @Param("id") id: string,
@Body() updateLayoutDto: UpdateLayoutDto, @Body() updateLayoutDto: UpdateLayoutDto,
@Request() req: any @Workspace() workspaceId: string,
@CurrentUser() user: any
) { ) {
const workspaceId = req.user?.workspaceId; return this.layoutsService.update(id, workspaceId, user.id, updateLayoutDto);
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.layoutsService.update(id, workspaceId, userId, updateLayoutDto);
} }
/**
* DELETE /api/layouts/:id
* Delete a layout
*/
@Delete(":id") @Delete(":id")
async remove(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_MEMBER)
const workspaceId = req.user?.workspaceId; async remove(
const userId = req.user?.id; @Param("id") id: string,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.layoutsService.remove(id, workspaceId, user.id);
return this.layoutsService.remove(id, workspaceId, userId);
} }
} }

93
apps/api/src/projects/projects.controller.ts
View File

@@ -8,97 +8,62 @@ import {
Param, Param,
Query, Query,
UseGuards, UseGuards,
Request,
UnauthorizedException,
} from "@nestjs/common"; } from "@nestjs/common";
import { ProjectsService } from "./projects.service"; import { ProjectsService } from "./projects.service";
import { CreateProjectDto, UpdateProjectDto, QueryProjectsDto } from "./dto"; import { CreateProjectDto, UpdateProjectDto, QueryProjectsDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
/**
* Controller for project endpoints
* All endpoints require authentication
*/
@Controller("projects") @Controller("projects")
@UseGuards(AuthGuard) @UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class ProjectsController { export class ProjectsController {
constructor(private readonly projectsService: ProjectsService) {} constructor(private readonly projectsService: ProjectsService) {}
/**
* POST /api/projects
* Create a new project
*/
@Post() @Post()
async create(@Body() createProjectDto: CreateProjectDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_MEMBER)
const workspaceId = req.user?.workspaceId; async create(
const userId = req.user?.id; @Body() createProjectDto: CreateProjectDto,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.projectsService.create(workspaceId, user.id, createProjectDto);
return this.projectsService.create(workspaceId, userId, createProjectDto);
} }
/**
* GET /api/projects
* Get paginated projects with optional filters
*/
@Get() @Get()
async findAll(@Query() query: QueryProjectsDto, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findAll(
if (!workspaceId) { @Query() query: QueryProjectsDto,
throw new UnauthorizedException("Authentication required"); @Workspace() workspaceId: string
} ) {
return this.projectsService.findAll({ ...query, workspaceId }); return this.projectsService.findAll({ ...query, workspaceId });
} }
/**
* GET /api/projects/:id
* Get a single project by ID
*/
@Get(":id") @Get(":id")
async findOne(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ANY)
const workspaceId = req.user?.workspaceId; async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
return this.projectsService.findOne(id, workspaceId); return this.projectsService.findOne(id, workspaceId);
} }
/**
* PATCH /api/projects/:id
* Update a project
*/
@Patch(":id") @Patch(":id")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update( async update(
@Param("id") id: string, @Param("id") id: string,
@Body() updateProjectDto: UpdateProjectDto, @Body() updateProjectDto: UpdateProjectDto,
@Request() req: any @Workspace() workspaceId: string,
@CurrentUser() user: any
) { ) {
const workspaceId = req.user?.workspaceId; return this.projectsService.update(id, workspaceId, user.id, updateProjectDto);
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.projectsService.update(id, workspaceId, userId, updateProjectDto);
} }
/**
* DELETE /api/projects/:id
* Delete a project
*/
@Delete(":id") @Delete(":id")
async remove(@Param("id") id: string, @Request() req: any) { @RequirePermission(Permission.WORKSPACE_ADMIN)
const workspaceId = req.user?.workspaceId; async remove(
const userId = req.user?.id; @Param("id") id: string,
@Workspace() workspaceId: string,
if (!workspaceId || !userId) { @CurrentUser() user: any
throw new UnauthorizedException("Authentication required"); ) {
} return this.projectsService.remove(id, workspaceId, user.id);
return this.projectsService.remove(id, workspaceId, userId);
} }
} }