WIP

Author: raphaelblum

.env

@@ -16,6 +16,8 @@ POSTGRESQL_PWD=dml2aWQK
 POSTGRESQL_PWD_DECODED=vivid
 POSTGRESQL_DB=main
 POSTGRESQL_USE_SSL=false
+POSTGRESQL_RLS_USER=rls_user
+POSTGRESQL_RLS_PWD=dml2aWQK
 
 # fileStorage
 FILE_STORAGE_PATH="../uploads"

demo-saas/admin/src/common/apollo/createApolloClient.ts

@@ -1,4 +1,5 @@
 import { ApolloClient, ApolloLink, HttpLink, InMemoryCache } from "@apollo/client";
+import { setContext } from "@apollo/client/link/context";
 import { createErrorDialogApolloLink } from "@comet/admin";
 import { includeInvisibleContentContext } from "@comet/cms-admin";
 import fragmentTypes from "@src/fragmentTypes.json";
@@ -9,7 +10,16 @@ export const createApolloClient = (apiUrl: string) => {
         credentials: "include",
     });
 
-    const link = ApolloLink.from([createErrorDialogApolloLink(), includeInvisibleContentContext, httpLink]);
+    const tenantContext = setContext((_, { headers }) => {
+        return {
+            headers: {
+                ...headers,
+                ...{ "x-tenant-id": "f9c86c6c-0625-46c0-9be5-bee3a14cc7f4" },
+            },
+        };
+    });
+
+    const link = ApolloLink.from([createErrorDialogApolloLink(), includeInvisibleContentContext, tenantContext, httpLink]);
 
     const cache = new InMemoryCache({
         possibleTypes: fragmentTypes.possibleTypes,

demo-saas/api/package.json

@@ -10,11 +10,11 @@
         "build": "pnpm clean && pnpm run intl:compile && pnpm api-generator && nest build",
         "check-node-version": "check-node-version --node $(cat ../../.nvmrc)",
         "clean": "rimraf dist",
-        "console": "NODE_OPTIONS='--max-old-space-size=256' dotenv -e .env.secrets -e .env.local -e .env -e .env.site-configs -- ts-node --transpile-only -r tsconfig-paths/register src/console.ts",
+        "console": "NODE_OPTIONS='--max-old-space-size=256' CALLED_FROM_CLI=true dotenv -e .env.secrets -e .env.local -e .env -e .env.site-configs -- ts-node --transpile-only -r tsconfig-paths/register src/console.ts",
         "console:prod": "node dist/console.js",
         "db:migrate": "pnpm console migrate --",
         "db:migrate:prod": "pnpm console:prod migrate --",
-        "dev:nest": "pnpm clean && pnpm intl:compile && pnpm db:migrate && pnpm console createBlockIndexViews && NODE_OPTIONS='--max-old-space-size=1024' dotenv -e .env.secrets -e .env.local -e .env -e .env.site-configs -- nest start --debug --watch --preserveWatchOutput",
+        "dev:nest": "pnpm clean && pnpm intl:compile && NODE_OPTIONS='--max-old-space-size=1024' dotenv -e .env.secrets -e .env.local -e .env -e .env.site-configs -- nest start --debug --watch --preserveWatchOutput",
         "dev:reload": "rimraf src/reload.ts && chokidar \"node_modules/@comet/cms-api/lib/**\" -s -c \"echo '// change' >> src/reload.ts\"",
         "fixtures": "pnpm console fixtures --",
         "fixtures:prod": "pnpm console:prod fixtures --",

demo-saas/api/schema.gql

@@ -311,6 +311,7 @@ type Manufacturer {
   coordinates: Coordinates
   id: ID!
   name: String!
+  tenant: Tenant!
   updatedAt: DateTime!
 }
 
@@ -551,6 +552,7 @@ type Product {
   status: ProductStatus!
   tags: [ProductTag!]!
   tagsWithStatus: [ProductToTag!]!
+  tenant: Tenant!
   title: String!
   type: ProductType!
   updatedAt: DateTime!

demo-saas/api/src/app.module.ts

@@ -18,16 +18,17 @@ import {
     UserPermissionsModule,
 } from "@comet/cms-api";
 import { ApolloDriver, ApolloDriverConfig, ValidationError } from "@nestjs/apollo";
-import { DynamicModule, Module } from "@nestjs/common";
-import { ModuleRef } from "@nestjs/core";
+import { DynamicModule, MiddlewareConsumer, Module } from "@nestjs/common";
+import { APP_INTERCEPTOR, ModuleRef } from "@nestjs/core";
 import { Enhancer, GraphQLModule } from "@nestjs/graphql";
 import { AppPermission } from "@src/auth/app-permission.enum";
 import { Config } from "@src/config/config";
 import { ConfigModule } from "@src/config/config.module";
 import { ContentGenerationService } from "@src/content-generation/content-generation.service";
 import { DbModule } from "@src/db/db.module";
 import { TranslationModule } from "@src/translation/translation.module";
-import { Request } from "express";
+import { AsyncLocalStorage } from "async_hooks";
+import { NextFunction, Request } from "express";
 
 import { AccessControlService } from "./auth/access-control.service";
 import { AuthModule, SYSTEM_USER_NAME } from "./auth/auth.module";
@@ -36,14 +37,23 @@ import { DepartmentsModule } from "./department/departments.module";
 import { OpenTelemetryModule } from "./open-telemetry/open-telemetry.module";
 import { ProductsModule } from "./products/products.module";
 import { StatusModule } from "./status/status.module";
+import { TenantInterceptor } from "./tenant/tenant.interceptor";
 import { TenantsModule } from "./tenant/tenants.module";
 
 @Module({})
 export class AppModule {
+    constructor(private readonly asyncLocalStorage: AsyncLocalStorage<{ tenantId?: string }>) {}
+
     static forRoot(config: Config): DynamicModule {
         const authModule = AuthModule.forRoot(config);
 
         return {
+            providers: [
+                {
+                    provide: APP_INTERCEPTOR,
+                    useClass: TenantInterceptor,
+                },
+            ],
             module: AppModule,
             imports: [
                 ConfigModule.forRoot(config),
@@ -83,13 +93,18 @@ export class AppModule {
                 }),
                 authModule,
                 UserPermissionsModule.forRootAsync({
-                    useFactory: (userService: UserService, accessControlService: AccessControlService) => ({
+                    useFactory: (
+                        userService: UserService,
+                        accessControlService: AccessControlService,
+                        asyncLocalStorage: AsyncLocalStorage<{ tenantId?: string }>,
+                    ) => ({
                         availableContentScopes: () => accessControlService.getAvailableContentScopes(),
                         userService,
                         accessControlService,
                         systemUsers: [SYSTEM_USER_NAME],
+                        asyncLocalStorage,
                     }),
-                    inject: [UserService, AccessControlService],
+                    inject: [UserService, AccessControlService, AsyncLocalStorage<{ tenantId?: string }>],
                     imports: [authModule],
                     AppPermission,
                 }),
@@ -151,4 +166,15 @@ export class AppModule {
             ],
         };
     }
+
+    configure(consumer: MiddlewareConsumer) {
+        consumer
+            .apply((req: Request, res: Response, next: NextFunction) => {
+                const tenantIdHeader = req.headers["x-tenant-id"];
+                const tenantId = typeof tenantIdHeader === "string" ? tenantIdHeader : undefined;
+                const store: { tenantId?: string } = tenantId ? { tenantId } : {};
+                this.asyncLocalStorage.run(store, () => next());
+            })
+            .forRoutes("*path");
+    }
 }

demo-saas/api/src/auth/access-control.service.ts

@@ -7,13 +7,17 @@ import {
     User,
     UserPermissions,
 } from "@comet/cms-api";
-import { EntityManager } from "@mikro-orm/core";
+import { EntityManager } from "@mikro-orm/postgresql";
 import { Injectable } from "@nestjs/common";
 import { Department } from "@src/department/entities/department.entity";
+import { AsyncLocalStorage } from "async_hooks";
 
 @Injectable()
 export class AccessControlService extends AbstractAccessControlService {
-    constructor(private readonly entityManager: EntityManager) {
+    constructor(
+        private readonly entityManager: EntityManager,
+        private readonly asyncLocalStorage: AsyncLocalStorage<{ tenantId?: string }>,
+    ) {
         super();
     }
 
@@ -39,11 +43,19 @@ export class AccessControlService extends AbstractAccessControlService {
     }
 
     async getAvailableContentScopes(): Promise<ContentScopeWithLabel[]> {
-        const departments = await this.entityManager.find(Department, {});
+        const store = this.asyncLocalStorage.getStore();
 
-        return departments.map((department) => ({
-            scope: { department: department.id },
-            label: { department: department.name },
-        }));
+        return this.entityManager.transactional(async (entityManager) => {
+            if (store?.tenantId) {
+                await entityManager.execute(`SELECT set_config('app.tenant', '${store.tenantId}', TRUE)`);
+            }
+
+            const departments = await this.entityManager.findAll(Department, { where: { tenant: { id: store?.tenantId } } });
+            return departments.map((department) => ({
+                department: department.id,
+                scope: { department: department.id },
+                label: { department: department.name },
+            }));
+        });
     }
 }

demo-saas/api/src/auth/auth.module.ts

@@ -3,6 +3,7 @@ import { DynamicModule, Module } from "@nestjs/common";
 import { APP_GUARD } from "@nestjs/core";
 import { JwtModule } from "@nestjs/jwt";
 import { Config } from "@src/config/config";
+import { AsyncLocalStorage } from "async_hooks";
 
 import { AccessControlService } from "./access-control.service";
 import { UserService } from "./user.service";
@@ -16,6 +17,10 @@ export class AuthModule {
             module: AuthModule,
             imports: [JwtModule],
             providers: [
+                {
+                    provide: AsyncLocalStorage,
+                    useValue: new AsyncLocalStorage<{ tenantId?: string }>(),
+                },
                 createAuthResolver({
                     postLogoutRedirectUri: config.auth.postLogoutRedirectUri,
                     endSessionEndpoint: config.auth.idpEndSessionEndpoint,
@@ -49,7 +54,7 @@ export class AuthModule {
                     ],
                 ),
             ],
-            exports: [AccessControlService, UserService],
+            exports: [AccessControlService, UserService, AsyncLocalStorage],
         };
     }
 }

demo-saas/api/src/console.ts

@@ -4,6 +4,9 @@ import { CommandFactory } from "nest-commander";
 
 import { createConfig } from "./config/config";
 
+// Set flag to indicate this is running from CLI (must be set before AppModule is created)
+process.env.CALLED_FROM_CLI = "true";
+
 const config = createConfig(process.env);
 const appModule = AppModule.forRoot(config);
 

demo-saas/api/src/db/db.module.ts

@@ -1,12 +1,11 @@
-import { MikroOrmModule } from "@comet/cms-api";
 import { Module } from "@nestjs/common";
 import { FixturesModule } from "@src/db/fixtures/fixtures.module";
 
 import { MigrateCommand } from "./migrate.command";
-import { ormConfig } from "./ormconfig";
+import { createOrmModules } from "./orm-modules.factory";
 
 @Module({
-    imports: [MikroOrmModule.forRoot({ ormConfig }), FixturesModule],
+    imports: [...createOrmModules(), FixturesModule],
     providers: [MigrateCommand],
 })
 export class DbModule {}

demo-saas/api/src/db/fixtures/fixtures.command.ts

@@ -9,6 +9,7 @@ import { Command, CommandRunner } from "nest-commander";
 
 import { FileUploadsFixtureService } from "./generators/file-uploads-fixture.service";
 import { ProductsFixtureService } from "./generators/products-fixture.service";
+import { TenantFixtureService } from "./generators/tenant-fixture.service";
 
 @Command({
     name: "fixtures",
@@ -27,6 +28,7 @@ export class FixturesCommand extends CommandRunner {
         private readonly blobStorageBackendService: BlobStorageBackendService,
         private readonly productsFixtureService: ProductsFixtureService,
         private readonly fileUploadsFixtureService: FileUploadsFixtureService,
+        private readonly tenantFixtureService: TenantFixtureService,
         private readonly orm: MikroORM,
     ) {
         super();
@@ -61,6 +63,7 @@ export class FixturesCommand extends CommandRunner {
         this.logger.log("Generate File Uploads...");
         await this.fileUploadsFixtureService.generateFileUploads();
 
+        await this.tenantFixtureService.generate();
         await this.productsFixtureService.generate();
 
         multiBar.stop();