Merge pull request #1807 from rocket-admin/backend_typescript_improvements

refactor: update return types and error handling across various use cases

Author: Artuomka

backend/src/authorization/auth-with-api.middleware.ts

@@ -9,7 +9,7 @@ import {
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import Sentry from '@sentry/minimal';
-import { Request, Response } from 'express';
+import { NextFunction, Request, Response } from 'express';
 import jwt from 'jsonwebtoken';
 import { Repository } from 'typeorm';
 import { JwtScopesEnum } from '../entities/user/enums/jwt-scopes.enum.js';
@@ -29,7 +29,7 @@ export class AuthWithApiMiddleware implements NestMiddleware {
 		private readonly userRepository: Repository<UserEntity>,
 	) {}
 
-	async use(req: IRequestWithCognitoInfo, _res: Response, next: (err?: any, res?: any) => void): Promise<void> {
+	async use(req: IRequestWithCognitoInfo, _res: Response, next: NextFunction): Promise<void> {
 		try {
 			await this.authenticateRequest(req);
 			next();

backend/src/authorization/auth.middleware.ts

@@ -8,7 +8,7 @@ import {
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import Sentry from '@sentry/minimal';
-import { Response } from 'express';
+import { NextFunction, Response } from 'express';
 import jwt from 'jsonwebtoken';
 import { Repository } from 'typeorm';
 import { LogOutEntity } from '../entities/log-out/log-out.entity.js';
@@ -29,7 +29,7 @@ export class AuthMiddleware implements NestMiddleware {
 		@InjectRepository(LogOutEntity)
 		private readonly logOutRepository: Repository<LogOutEntity>,
 	) {}
-	async use(req: IRequestWithCognitoInfo, _res: Response, next: (err?: any, res?: any) => void): Promise<void> {
+	async use(req: IRequestWithCognitoInfo, _res: Response, next: NextFunction): Promise<void> {
 		let token: string;
 		try {
 			token = req.cookies[Constants.JWT_COOKIE_KEY_NAME];

backend/src/authorization/basic-auth.middleware.ts

@@ -1,12 +1,12 @@
 import { Injectable, NestMiddleware, UnauthorizedException } from '@nestjs/common';
 import auth from 'basic-auth';
-import { Request, Response } from 'express';
+import { NextFunction, Request, Response } from 'express';
 import { Messages } from '../exceptions/text/messages.js';
 import { appConfig } from '../shared/config/app-config.js';
 
 @Injectable()
 export class BasicAuthMiddleware implements NestMiddleware {
-	use(req: Request, _res: Response, next: (err?: any, res?: any) => void): void {
+	use(req: Request, _res: Response, next: NextFunction): void {
 		const basicAuthLogin = appConfig.auth.basicAuthLogin;
 		const basicAuthPassword = appConfig.auth.basicAuthPassword;
 		const userCredentials = auth(req);

backend/src/authorization/cognito-decoded.interface.ts

@@ -1,4 +1,5 @@
 import type { Request } from 'express';
+
 export interface ICognitoDecodedData {
 	at_hash: string;
 	sub: string;
@@ -14,8 +15,16 @@ export interface ICognitoDecodedData {
 	email: string;
 }
 
-export interface IRequestWithCognitoInfo extends Request {
-	query: any;
+/**
+ * Request type with the cognito-derived JWT payload attached by auth middleware.
+ *
+ * `params` and `query` are narrowed to `Record<string, string | undefined>`. Express's stock
+ * `query` type is `ParsedQs` (allows arrays and nested objects), but this codebase only
+ * issues simple `?key=value` URLs — narrowing here surfaces accidental multi-value usage
+ * without forcing every callsite to narrow inline.
+ */
+export interface IRequestWithCognitoInfo extends Omit<Request, 'query' | 'params'> {
+	query: Record<string, string | undefined>;
+	params: Record<string, string | undefined>;
 	decoded: Partial<ICognitoDecodedData>;
-	params: any;
 }

backend/src/authorization/non-scoped-auth.middleware.ts

@@ -7,7 +7,7 @@ import {
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import Sentry from '@sentry/minimal';
-import { Response } from 'express';
+import { NextFunction, Response } from 'express';
 import jwt from 'jsonwebtoken';
 import { Repository } from 'typeorm';
 import { LogOutEntity } from '../entities/log-out/log-out.entity.js';
@@ -24,7 +24,7 @@ export class NonScopedAuthMiddleware implements NestMiddleware {
 		@InjectRepository(LogOutEntity)
 		private readonly logOutRepository: Repository<LogOutEntity>,
 	) {}
-	async use(req: IRequestWithCognitoInfo, _res: Response, next: (err?: any, res?: any) => void): Promise<void> {
+	async use(req: IRequestWithCognitoInfo, _res: Response, next: NextFunction): Promise<void> {
 		console.log(`auth middleware triggered ->: ${new Date().toISOString()}`);
 		let token: string;
 		try {

backend/src/authorization/saas-auth.middleware.ts

@@ -1,5 +1,5 @@
 import { Injectable, NestMiddleware, UnauthorizedException } from '@nestjs/common';
-import { Response } from 'express';
+import { NextFunction, Response } from 'express';
 import jwt from 'jsonwebtoken';
 import { Messages } from '../exceptions/text/messages.js';
 import { appConfig } from '../shared/config/app-config.js';
@@ -8,7 +8,7 @@ import { extractTokenFromHeader } from './utils/extract-token-from-header.js';
 
 @Injectable()
 export class SaaSAuthMiddleware implements NestMiddleware {
-	use(req: IRequestWithCognitoInfo, _res: Response, next: (err?: any, res?: any) => void): void {
+	use(req: IRequestWithCognitoInfo, _res: Response, next: NextFunction): void {
 		console.log(`saas auth middleware triggered ->: ${new Date().toISOString()}`);
 		const token = extractTokenFromHeader(req);
 		if (!token) {

backend/src/authorization/temporary-auth.middleware.ts

@@ -7,7 +7,7 @@ import {
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import Sentry from '@sentry/minimal';
-import { Response } from 'express';
+import { NextFunction, Response } from 'express';
 import jwt from 'jsonwebtoken';
 import { Repository } from 'typeorm';
 import { LogOutEntity } from '../entities/log-out/log-out.entity.js';
@@ -26,7 +26,7 @@ export class TemporaryAuthMiddleware implements NestMiddleware {
 		@InjectRepository(LogOutEntity)
 		private readonly logOutRepository: Repository<LogOutEntity>,
 	) {}
-	async use(req: IRequestWithCognitoInfo, _res: Response, next: (err?: any, res?: any) => void): Promise<void> {
+	async use(req: IRequestWithCognitoInfo, _res: Response, next: NextFunction): Promise<void> {
 		console.log(`temporary auth middleware triggered ->: ${new Date().toISOString()}`);
 		let token: string;
 		try {

backend/src/decorators/body-email.decorator.ts

@@ -4,7 +4,7 @@ import { Messages } from '../exceptions/text/messages.js';
 import { isObjectPropertyExists } from '../helpers/validators/is-object-property-exists-validator.js';
 import { ValidationHelper } from '../helpers/validators/validation-helper.js';
 
-export const BodyEmail = createParamDecorator((_data: any, ctx: ExecutionContext): string => {
+export const BodyEmail = createParamDecorator((_data: unknown, ctx: ExecutionContext): string => {
 	const request: IRequestWithCognitoInfo = ctx.switchToHttp().getRequest();
 	const body = request.body;
 	if (isObjectPropertyExists(body, 'email')) {

backend/src/decorators/gclid-decorator.ts

@@ -1,7 +1,7 @@
 import { createParamDecorator, ExecutionContext } from '@nestjs/common';
 import { IRequestWithCognitoInfo } from '../authorization/cognito-decoded.interface.js';
 
-export const GCLlId = createParamDecorator((_data: any, ctx: ExecutionContext): string => {
+export const GCLlId = createParamDecorator((_data: unknown, ctx: ExecutionContext): string => {
 	const request: IRequestWithCognitoInfo = ctx.switchToHttp().getRequest();
 	if (request.headers) {
 		return (request.headers.gclid as string | undefined) ?? null;

backend/src/decorators/master-password.decorator.ts

@@ -1,7 +1,7 @@
 import { createParamDecorator, ExecutionContext } from '@nestjs/common';
 import { IRequestWithCognitoInfo } from '../authorization/cognito-decoded.interface.js';
 
-export const MasterPassword = createParamDecorator((_data: any, ctx: ExecutionContext): string => {
+export const MasterPassword = createParamDecorator((_data: unknown, ctx: ExecutionContext): string => {
 	const request: IRequestWithCognitoInfo = ctx.switchToHttp().getRequest();
 	const masterPwd = request.headers.masterpwd as string | undefined;
 	return masterPwd ? masterPwd : null;