chore: Disable security for a specific controller method in NestJS Swagger

Author: tacxou

src/core/backends/_dto/execute-job.dto.ts

@@ -9,8 +9,9 @@ export class ExecuteJobDto {
   public action: ActionType;
 
   @IsMongoId()
+  @IsOptional()
   @ApiProperty({ example: 'paul.bismuth', description: 'User object id', type: String })
-  public id: string;
+  public id?: string;
 
   @IsOptional()
   @IsObject()

src/core/backends/_interfaces/execute-job-options.interface.ts

@@ -4,6 +4,7 @@ import { Types } from 'mongoose';
 export interface ExecuteJobOptions {
   job?: JobsOptions;
   async?: boolean;
+  disableLogs?: boolean;
   syncTimeout?: number;
   timeoutDiscard?: boolean;
   comment?: string;

src/core/backends/backends.controller.ts

@@ -71,6 +71,7 @@ export class BackendsController {
     @Body() body: ExecuteJobDto,
     @Query('async') asyncQuery: string,
     @Query('timeoutDiscard') timeoutDiscardQuery: string,
+    @Query('disableLogs') disableLogsQuery: string,
     @Query(
       'syncTimeout',
       new ParseIntPipe({
@@ -82,14 +83,16 @@ export class BackendsController {
   ): Promise<Response> {
     const async = /true|on|yes|1/i.test(asyncQuery);
     const timeoutDiscard = /true|on|yes|1/i.test(timeoutDiscardQuery);
+    const disableLogs = /true|on|yes|1/i.test(disableLogsQuery);
     const [job, response] = await this.backendsService.executeJob(
       body.action,
-      new Types.ObjectId(body.id),
+      body.id ? new Types.ObjectId(body.id) : null,
       body.payload,
       {
         async,
         syncTimeout,
         timeoutDiscard,
+        disableLogs,
       },
     );
     return res.status(HttpStatus.ACCEPTED).json({ async, job, response });

src/core/backends/backends.service.ts

@@ -3,21 +3,22 @@ import {
   HttpException,
   HttpStatus,
   Injectable,
+  NotFoundException,
   UnprocessableEntityException,
 } from '@nestjs/common';
 import { ModuleRef } from '@nestjs/core';
-import { Types } from 'mongoose';
+import { Document, ModifyResult, Query, Types } from 'mongoose';
 import { AbstractQueueProcessor } from '~/_common/abstracts/abstract.queue.processor';
 import { IdentityState } from '~/management/identities/_enums/states.enum';
 import { Identities } from '~/management/identities/_schemas/identities.schema';
 import { IdentitiesService } from '~/management/identities/identities.service';
 import { JobState } from '../jobs/_enums/state.enum';
 import { Jobs } from '../jobs/_schemas/jobs.schema';
 import { JobsService } from '../jobs/jobs.service';
+import { Tasks } from '../tasks/_schemas/tasks.schema';
 import { TasksService } from '../tasks/tasks.service';
 import { ActionType } from './_enum/action-type.enum';
 import { ExecuteJobOptions } from './_interfaces/execute-job-options.interface';
-import { Tasks } from '../tasks/_schemas/tasks.schema';
 
 const DEFAULT_SYNC_TIMEOUT = 30_000;
 
@@ -115,7 +116,7 @@ export class BackendsService extends AbstractQueueProcessor {
         },
         { upsert: true, new: true },
       );
-      console.log('completedJob', completedJob);
+
       await this.identitiesService.model.findByIdAndUpdate(completedJob?.concernedTo?.id, {
         $set: {
           state: IdentityState.SYNCED,
@@ -205,7 +206,7 @@ export class BackendsService extends AbstractQueueProcessor {
 
   public async executeJob(
     actionType: ActionType,
-    concernedTo: Types.ObjectId,
+    concernedTo?: Types.ObjectId,
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     payload?: Record<string | number, any>,
     options?: ExecuteJobOptions,
@@ -223,63 +224,82 @@ export class BackendsService extends AbstractQueueProcessor {
       optionals['processedAt'] = new Date();
       optionals['state'] = JobState.IN_PROGRESS;
     }
-    const identity = await this.identitiesService.findById<Identities>(concernedTo);
-    const jobStore = await this.jobsService.create<Jobs>({
-      jobId: job.id,
-      action: actionType,
-      params: payload,
-      concernedTo: {
-        $ref: 'identities',
-        id: concernedTo,
-        name: [identity.inetOrgPerson?.cn, identity.inetOrgPerson?.givenName].join(' '),
-      },
-      comment: options?.comment,
-      task: options?.task,
-      state: JobState.CREATED,
-      ...optionals,
-    });
-    await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
-      $set: {
-        state: IdentityState.PROCESSING,
-      },
-    });
+
+    let jobStore: Document<Jobs> = null;
+    if (!options?.disableLogs) {
+      const identity = concernedTo ? await this.identitiesService.findById<Identities>(concernedTo) : null;
+      jobStore = await this.jobsService.create<Jobs>({
+        jobId: job.id,
+        action: actionType,
+        params: payload,
+        concernedTo: identity ? {
+          $ref: 'identities',
+          id: concernedTo,
+          name: [identity?.inetOrgPerson?.cn, identity?.inetOrgPerson?.givenName].join(' '),
+        } : null,
+        comment: options?.comment,
+        task: options?.task,
+        state: JobState.CREATED,
+        ...optionals,
+      });
+    }
+
+    if (concernedTo) {
+      await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
+        $set: {
+          state: IdentityState.PROCESSING,
+        },
+      });
+    }
+
     if (!options?.async) {
       let error: Error;
       try {
         const response = await job.waitUntilFinished(this.queueEvents, options.syncTimeout || DEFAULT_SYNC_TIMEOUT);
-        const jobStoreUpdated = await this.jobsService.update<Jobs>(jobStore._id, {
+        let jobStoreUpdated: ModifyResult<Query<Jobs, Jobs>> = null;
+        if (!options?.disableLogs) {
+          jobStoreUpdated = await this.jobsService.update<Jobs>(jobStore._id, {
+            $set: {
+              state: JobState.COMPLETED,
+              processedAt: new Date(),
+              finishedAt: new Date(),
+              result: response,
+            },
+          });
+        }
+        if (concernedTo) {
+          await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
+            $set: {
+              state: IdentityState.SYNCED,
+            },
+          });
+        }
+        return [jobStoreUpdated as unknown as Jobs, response];
+      } catch (err) {
+        error = err;
+      }
+
+      let jobFailed: ModifyResult<Query<Jobs, Jobs>> = null;
+      if (!options?.disableLogs) {
+        jobFailed = await this.jobsService.update<Jobs>(jobStore._id, {
           $set: {
-            state: JobState.COMPLETED,
-            processedAt: new Date(),
+            state: JobState.FAILED,
             finishedAt: new Date(),
-            result: response,
+            result: {
+              error: {
+                message: error.message,
+              },
+            },
           },
         });
+      }
+      if (concernedTo) {
         await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
           $set: {
-            state: IdentityState.SYNCED,
+            state: IdentityState.ON_ERROR,
           },
         });
-        return [jobStoreUpdated as unknown as Jobs, response];
-      } catch (err) {
-        error = err;
       }
-      const jobFailed = await this.jobsService.update<Jobs>(jobStore._id, {
-        $set: {
-          state: JobState.FAILED,
-          finishedAt: new Date(),
-          result: {
-            error: {
-              message: error.message,
-            },
-          },
-        },
-      });
-      await this.identitiesService.model.findByIdAndUpdate(concernedTo, {
-        $set: {
-          state: IdentityState.ON_ERROR,
-        },
-      });
       if (options?.timeoutDiscard !== false) {
         job.discard();
         throw new BadRequestException({
@@ -296,6 +316,6 @@ export class BackendsService extends AbstractQueueProcessor {
         job: jobFailed as unknown as Jobs,
       });
     }
-    return [jobStore.toObject(), null];
+    return [jobStore?.toObject() || null, null];
   }
 }

src/core/jobs/_schemas/jobs.schema.ts

@@ -22,7 +22,6 @@ export class Jobs extends AbstractSchema {
 
   @Prop({
     type: ConcernedToPartSchema,
-    required: true,
   })
   public concernedTo?: ConcernedToPart;
 

src/core/jobs/jobs.controller.ts

@@ -1,7 +1,7 @@
-import { Controller, Get, HttpStatus, Param, Res } from '@nestjs/common';
+import { Controller, Get, HttpStatus, Param, Req, Res } from '@nestjs/common';
 import { ApiParam, ApiTags } from '@nestjs/swagger';
 import { FilterOptions, FilterSchema, SearchFilterOptions, SearchFilterSchema } from '@streamkits/nestjs_module_scrud';
-import { Response } from 'express';
+import { Request, Response } from 'express';
 import { Types } from 'mongoose';
 import { AbstractController } from '~/_common/abstracts/abstract.controller';
 import { ApiPaginatedDecorator } from '~/_common/decorators/api-paginated.decorator';
@@ -12,7 +12,7 @@ import { PartialProjectionType } from '~/_common/types/partial-projection.type';
 import { JobsDto } from './_dto/jobs.dto';
 import { JobsService } from './jobs.service';
 
-@ApiTags('core')
+@ApiTags('core/jobs')
 @Controller('jobs')
 export class JobsController extends AbstractController {
   protected static readonly projection: PartialProjectionType<JobsDto & { metadata: any }> = {
@@ -32,9 +32,12 @@ export class JobsController extends AbstractController {
   @ApiPaginatedDecorator(PickProjectionHelper(JobsDto, JobsController.projection))
   public async search(
     @Res() res: Response,
+    @Req() req: Request,
     @SearchFilterSchema({ unsafe: true }) searchFilterSchema: FilterSchema,
     @SearchFilterOptions() searchFilterOptions: FilterOptions,
   ): Promise<Response> {
+    console.log('req', req.query)
+
     //TODO: search tree by parentId
     const [data, total] = await this._service.findAndCount(
       searchFilterSchema,