Tracking issue for:

• https://github.com/rubiin/ultimate-nest/security/code-scanning/1

Use sharp in a middleware or in pipe to reduce the uploaded image size without any extra code on services.
Also add sharp image resize on cloudinary service

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: renovate.json5
Error type: The renovate configuration file contains some invalid settings
Message: Invalid configuration option: node

Feature Request

Many a time I will need to submit query criteria to search for instances. The PageOptionsDTO instance should be enhanced to submit the complex query criteria that mikro-orm support such as $and, $or, $like, $ge etc. This would allow clients to execute complex queries leveraging the richness of mikro-orm.

Currently using golevelup/modules to create dynamic modules but since v9 of nest it provides configurable modules that eliminates the use of the library

Add sentry which is an application monitoring tools

When a redis instance has username and passowrd enabled, the cache module doesnot connect and hangs up.
Possible solution use URI instead

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• fix(deps): update all non-major dependencies (@aws-sdk/client-s3, @aws-sdk/client-ses, @swc/core, @types/node, pnpm, stripe, traefik, twilio)

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Describe the bug

On clean install, replace variable values in .env.dev and run docker-compose up results in:

time="2023-06-29T22:02:28+02:00" level=warning msg="The \"PASSWORD\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"ENV\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"ENV\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"ENV\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"POSTGRES_USER\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"POSTGRES_PASSWORD\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"POSTGRES_DB\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"API_URL\" variable is not set. Defaulting to a blank string."
time="2023-06-29T22:02:28+02:00" level=warning msg="The \"ENV\" variable is not set. Defaulting to a blank string."
validating C:\dev\ultimate-nest\docker-compose.yml: services.pgweb.environment.0 must be a string

I assume this has to do with not telling which environment you are using, so by using docker-compose --env-file .env.dev up you get following error:

validating C:\dev\ultimate-nest\docker-compose.yml: services.pgweb.environment.0 must be a string

Am I using the incorrect env instantiation?

Reproduction

.

System Info

System:
    OS: Windows 10 10.0.22621
    CPU: (24) x64 AMD Ryzen 9 5900X 12-Core Processor
    Memory: 16.68 GB / 31.93 GB
  Binaries:
    Node: 18.16.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.19 - ~\AppData\Roaming\npm\yarn.CMD
    npm: 9.5.1 - C:\Program Files\nodejs\npm.CMD
    pnpm: 8.5.0 - ~\AppData\Local\pnpm\pnpm.EXE
  Browsers:
    Edge: Spartan (44.22621.1848.0), Chromium (114.0.1823.58)
    Internet Explorer: 11.0.22621.1

Used Package Manager

yarn

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

The recent typings introduced some tests fail cases.

When using the Swagger UI generated , the Authorization header is never sent.

This looks like an awesome template repo. A colleague and I spent quite a bit of time on this, but even though we created a .env.dev file in the env directory (hence ./env/.env.dev) it cannot read from this file. For example, we tried first running:

NODE_ENV=dev make migrate

But, the mikro-orm-cli would ask for the dbName or clientUrl values, meaning it couldn't read them from ./env/.env.dev,

We're sure of this because we then copied ./env/.env.dev to the project root and renamed to .env and once again ran NODE_ENV=dev make migrate which works and the db migration completes successfully.

Furthermore, after this we removed the .env we created from the root project folder and ran NODE_ENV=dev npm run start:dev and we got the below error stating the REDIS_TTL is required, which is indeed correctly set in our ./env/.env.dev but it seems this file is not being read correctly.

Any advice would be appreciated 😄

Below is our ./env/.env.dev file

### Environment File ##################################################################
# This file is a "template" of which env vars need to be defined for your application
########################################################################################
	
APP_PORT=8000
APP_PREFIX=v1
NODE_ENV=dev
API_URL=http://localhost:8000
SWAGGER_USER=cit-dev
SWAGGER_PASSWORD=xW4oH6*fd3u^vi
	
	# database 
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=root
DB_PASSWORD=root
DB_DATABASE=ultimateNest


	# for encryption,decryption stuffs all over the app

ENC_IV=A46B761159225E47
ENC_KEY=EC77F2C6EE0F3611A988921B65CA8776

  # jwt
  # access expiry can be number or 35d

JWT_ACCESS_EXPIRY=365d
JWT_REFRESH_EXPIRY=999999
JWT_SECRET=EC77F2C6EE0F36


	# mail
	# template dir should start from src, mail server values smtp,ses
MAIL_HOST=smtp.gmail.com
MAIL_PASSWORD=password
MAIL_PORT=465
MAIL_SERVER=SMTP
MAIL_PREVIEW_EMAIL=false
[email protected]
MAIL_TEMPLATE_DIR=resources/templates
MAIL_USERNAME=username

	#cloudinary
CLOUDINARY_CLOUD_NAME=your-cloudinary-cloud-name
CLOUDINARY_API_KEY=your-cloudinary-api-key
CLOUDINARY_API_SECRET=your-cloudinary-secret

  #redis
REDIS_URI=redis://default:test@1234@redis:6379
REDIS_TTl=10

  #rabbitmq
RABBITMQ_URI=
RABBITMQ_EXCHANGE=

  #sentry
SENTRY_DSN=https://redacted

  #google ouath
GOOGLE_CLIENT_ID=
GOOGLE_SECRET=
GOOGLE_CALLBACK_URL=http://localhost:8000/v1/auth/google/redirect


  #facebook ouath
FACEBOOK_CLIENT_ID=
FACEBOOK_CLIENT_SECRET=
FACEBOOK_CALLBACK_URL=http://localhost:8000/v1/auth/facebook/redirect

Clear and concise description of the problem

I have seen the codebase uses code these many times. This code is duplicated many places. The code performs nestjs-i118n translating part. Which is mostly boilerplate and is repeated many times.

I18nContext.current<I18nTranslations>()!.t("exception.itemDoesNotExist", { 
     args: { item: "Post" }
})

Suggested solution

I am suggesting a utility function that performs all the translating part using the same pattern. The function that translates the code looks like these and is given below. The code can be used in many places within a request body, but can't be used in dtos for now.

import { I18nContext, Path, TranslateOptions } from "nestjs-i18n";
import { I18nTranslations } from "src/i18n.generated";

export const translate = (
  key: Path<I18nTranslations>,
  options: TranslateOptions = {},
) => I18nContext.current<I18nTranslations>().t(key, options) as string;

This removes all most of the boiler plates and forces the code to use single source of truth pattern, Here is the updated code for getUserForProfile() would look like this

/**
	 * "Get a user by their username, and populate the specified fields."
	 *
	 * The first parameter is the username, which is a string. The second parameter is an array of fields
	 * to populate
	 * @param {string} username - string - The username of the user to get.
	 * @param {AutoPath<User, keyof User>[]} populate - AutoPath<User, keyof User>[] = []
	 * @returns Observable<User>
	 */
	getProfileByUsername(
		username: string,
		populate: AutoPath<User, keyof User>[] = [],
	): Observable<User> {
		return from(
			this.userRepository.findOne(
				{
					username,
				},
				{
					populate,
					populateWhere: {
						favorites: { isActive: true, isDeleted: false },
						followers: { isActive: true, isDeleted: false },
						followed: { isActive: true, isDeleted: false },
						posts: { isActive: true, isDeleted: false },
					},
				},
			),
		).pipe(
			mergeMap(user => {
				if (!user) {
					return throwError(
						() =>
							new NotFoundException(
								translate("exception.itemDoesNotExist",{
								          args: { item: "Profile" },
								})
							),
					);
				}

				return of(user);
			}),
		);
	}

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Now, whenever the data is created, updated or deleted, the redis cache is not updated and the user has to wait for time set in ttl for the data to be reflected back in redis.

Feature Request

Is your feature request related to a problem? Please describe.

On docker deployment, we mostly use yarn or npm. While npm is the defacto and has things like npm ci which doesn't generate lock file rather uses the existing lock file.If you are using other package managers like me in local development (pnpm) , this would create problem as the package-lock.json doesn't exist. Ofcourse you can always run , npm i --package-lock-only but the point is to automate this for docker deployment.

Describe the solution you'd like

Add a make file script, that gets run before deploy script/

Teachability, Documentation, Adoption, Migration Strategy

Ability is depreciated and might be removed from casl. Instead use mongoability

Feature Request

Is your feature request related to a problem? Please describe.

Queuing is very important for cpu intensive ,asynchronous and operations where delivery matters

Describe the solution you'd like

.The issue tracks progress of adding
rabbitmq as a queue

Teachability, Documentation, Adoption, Migration Strategy

What is the motivation / use case for changing the behavior?

Discussed in #202

Right now the there are interfaces here and there . Move the interfaces to the types folder

This feature should include google oauth integration with the app. The user can either login with email/password or google oauth

Fantastic work. Looks great from code/design point of view. However had an issue trying to get it started. Feel that current instructions to getting started and deploying are in-adequate. Per docs couldn't find to the example mikro-orm config file or the file app.module.tasks. Would be great if you could provide more detailed instructions to get started --
-- with minimal components (excluding mail, rabbitmq, etc)
-- with all components (including some direction for installing depending components)

Many thanks.,

Add chat feature with socket.io

Should be able to pass a ssl flag and if set, use the ssl from the given location

Add postgres full text search on fields that store multiple lines of string (eg. description)
More info: https://mikro-orm.io/docs/6.1/query-conditions#full-text-searching

The template still has hard coded strings and values for options like expiry time and some custom messages. Thinking of collecting all such stuffs in a file under src/common/constants/index.ts and using the exported value.
This ensures we are not duplicating code as well as a central control.
Note: Some can be added to env config files

Describe the bug

I'm building blog api with Nest and MikroORM for learning purposes and I'm using this repo for reference, it already helped me a lot, thank you for maintaining it!

I'm stuck at updating article endpoint, I simply can't figure out how to filter article by author id before updating it.

Here is the update method in this repository, it seems it doesn't have such check, so it looks like any user can update any article.

I can see there is a policy decorator in the controller, so it sounds like it performs some checks before running the controller. But how does that work, where are the checks, is it checking if the article belongs to the user or not - I can't figure this out.

Reproduction

no repro

System Info

System

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.