feat: enhance identity search functionality with dynamic fields

- Introduced a new helper for managing identity search fields, allowing for dynamic merging of default and additional search fields.
- Updated the IdentitiesCrudController to utilize the new search fields helper, improving search capabilities.
- Added a new component for displaying available search fields in the UI, enhancing user experience.
- Implemented tests for the new search fields functionality to ensure reliability and correctness.
- Updated the Nuxt.js configuration to support the new identity search fields feature, ensuring proper integration across the application.

Author: tacxou

apps/api/src/management/identities/identities-crud.controller.ts

@@ -28,6 +28,7 @@ import {
   INIT_INVITATION_EXPIRED_QUERY_PARAM,
   parseInitInvitationExpiredQuery,
 } from '~/management/passwd/init-invitation-expiration.helper';
+import { mergeIdentitySearchFields } from '~/management/identities/identities-search-fields.helper';
 
 @ApiTags('management/identities')
 @Controller('identities')
@@ -51,14 +52,6 @@ export class IdentitiesCrudController extends AbstractController {
     lifecycle: 1,
   };
 
-  protected static readonly searchFields: PartialProjectionType<any> = {
-    'inetOrgPerson.cn': 1,
-    'inetOrgPerson.givenName': 1,
-    'inetOrgPerson.sn': 1,
-    'inetOrgPerson.mail': 1,
-    'inetOrgPerson.employeeType': 1,
-  };
-
   @Post()
   @UseRoles({
     resource: '/management/identities',
@@ -152,6 +145,7 @@ export class IdentitiesCrudController extends AbstractController {
     @SearchFilterSchema() searchFilterSchema: FilterSchema,
     @SearchFilterOptions({ allowUnlimited: true }) searchFilterOptions: FilterOptions,
     @Query(INIT_INVITATION_EXPIRED_QUERY_PARAM) initInvitationExpired: string,
+    @Query('searchFields') searchFields: string | string[],
   ): Promise<
     Response<{
       statusCode: number;
@@ -172,8 +166,9 @@ export class IdentitiesCrudController extends AbstractController {
     }
 
     if (search && search.trim().length > 0) {
+      const effectiveSearchFields = mergeIdentitySearchFields(searchFields);
       const searchRequest = {};
-      searchRequest['$or'] = Object.keys(IdentitiesCrudController.searchFields)
+      searchRequest['$or'] = Object.keys(effectiveSearchFields)
         .map((key) => {
           return { [key]: { $regex: `^${search}`, $options: 'i' } };
         })

apps/api/src/management/identities/identities-search-fields.helper.ts

@@ -0,0 +1,52 @@
+import { PartialProjectionType } from '~/_common/types/partial-projection.type';
+
+export const DEFAULT_IDENTITY_SEARCH_FIELD_KEYS = [
+  'inetOrgPerson.cn',
+  'inetOrgPerson.givenName',
+  'inetOrgPerson.sn',
+  'inetOrgPerson.mail',
+  'inetOrgPerson.employeeType',
+  'inetOrgPerson.employeeNumber',
+] as const;
+
+export const DEFAULT_IDENTITY_SEARCH_FIELDS: PartialProjectionType<Record<string, unknown>> = Object.fromEntries(
+  DEFAULT_IDENTITY_SEARCH_FIELD_KEYS.map((key) => [key, 1]),
+) as PartialProjectionType<Record<string, unknown>>;
+
+const SEARCH_FIELD_PATH_PATTERN = /^[a-zA-Z][a-zA-Z0-9_.]*$/;
+
+export function isValidIdentitySearchFieldPath(path: string): boolean {
+  const trimmed = `${path || ''}`.trim();
+  return trimmed.length > 0 && trimmed.length <= 200 && SEARCH_FIELD_PATH_PATTERN.test(trimmed);
+}
+
+export function parseIdentitySearchFieldsQuery(value: unknown): string[] {
+  if (value === undefined || value === null || value === '') {
+    return [];
+  }
+
+  const rawValues = Array.isArray(value) ? value : [`${value}`];
+  const fields: string[] = [];
+
+  for (const raw of rawValues) {
+    if (raw === undefined || raw === null) continue;
+    `${raw}`
+      .split(',')
+      .map((part) => part.trim())
+      .filter(Boolean)
+      .forEach((field) => fields.push(field));
+  }
+
+  return fields;
+}
+
+export function mergeIdentitySearchFields(additionalFields: unknown): PartialProjectionType<Record<string, unknown>> {
+  const merged: PartialProjectionType<Record<string, unknown>> = { ...DEFAULT_IDENTITY_SEARCH_FIELDS };
+
+  for (const field of parseIdentitySearchFieldsQuery(additionalFields)) {
+    if (!isValidIdentitySearchFieldPath(field)) continue;
+    merged[field] = 1;
+  }
+
+  return merged;
+}

apps/api/tests/unit/management/identities/identities-crud.controller.spec.ts

@@ -33,7 +33,7 @@ describe('IdentitiesCrudController invitation expiration filter', () => {
     };
     const options = { limit: 10, skip: 0, sort: {} };
 
-    await controller.search(res as any, '', { initState: InitStatesEnum.SENT } as any, options, 'false');
+    await controller.search(res as any, '', { initState: InitStatesEnum.SENT } as any, options, 'false', undefined);
 
     expect(service.findAndCount).toHaveBeenCalledWith(
       {

apps/api/tests/unit/management/identities/identities-search-fields.helper.spec.ts

@@ -0,0 +1,37 @@
+import {
+  DEFAULT_IDENTITY_SEARCH_FIELD_KEYS,
+  isValidIdentitySearchFieldPath,
+  mergeIdentitySearchFields,
+  parseIdentitySearchFieldsQuery,
+} from '~/management/identities/identities-search-fields.helper';
+
+describe('identities-search-fields.helper', () => {
+  it('parseIdentitySearchFieldsQuery supports arrays and comma-separated values', () => {
+    expect(parseIdentitySearchFieldsQuery(undefined)).toEqual([]);
+    expect(parseIdentitySearchFieldsQuery('inetOrgPerson.uid,inetOrgPerson.mail')).toEqual([
+      'inetOrgPerson.uid',
+      'inetOrgPerson.mail',
+    ]);
+    expect(parseIdentitySearchFieldsQuery(['inetOrgPerson.uid', 'inetOrgPerson.sn'])).toEqual([
+      'inetOrgPerson.uid',
+      'inetOrgPerson.sn',
+    ]);
+  });
+
+  it('mergeIdentitySearchFields keeps defaults and merges extra fields without duplicates', () => {
+    const merged = mergeIdentitySearchFields(['inetOrgPerson.uid', 'inetOrgPerson.cn', 'invalid$field']);
+
+    expect(Object.keys(merged).sort()).toEqual(
+      [...DEFAULT_IDENTITY_SEARCH_FIELD_KEYS, 'inetOrgPerson.uid'].sort(),
+    );
+    expect(merged['inetOrgPerson.cn']).toBe(1);
+    expect(merged['inetOrgPerson.uid']).toBe(1);
+    expect(merged['invalid$field']).toBeUndefined();
+  });
+
+  it('isValidIdentitySearchFieldPath rejects unsafe paths', () => {
+    expect(isValidIdentitySearchFieldPath('inetOrgPerson.uid')).toBe(true);
+    expect(isValidIdentitySearchFieldPath('$ne')).toBe(false);
+    expect(isValidIdentitySearchFieldPath('')).toBe(false);
+  });
+});

apps/web/default/identities-search-fields.yml

@@ -0,0 +1,5 @@
+# Champs de recherche textuelle supplémentaires (en plus des champs par défaut côté API).
+# Ne pas dupliquer : inetOrgPerson.cn, givenName, sn, mail, employeeType, employeeNumber.
+fields:
+  - inetOrgPerson.uid
+  - additionalFields.attributes.supannPerson.edupersonprincipalname

apps/web/nuxt.config.ts

@@ -1,30 +1,11 @@
 import { resolve } from 'path'
 import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from 'fs'
-import { fileURLToPath } from 'node:url'
 import openapiTS, { astToString, COMMENT_HEADER } from 'openapi-typescript'
 import { defineNuxtConfig } from 'nuxt/config'
 import * as consola from 'consola'
 import setupApp from './src/server/extension.setup'
 
-const WEB_ROOT = fileURLToPath(new URL('.', import.meta.url))
-const CLIENT_MANIFEST_STUB = 'export default {}\n'
-
-/** SPA (`ssr:false`) : Nitro dev peut importer un manifest absent après prepare/reload. */
-function ensureClientManifestStub(rootDir = WEB_ROOT): void {
-  const clientManifestPath = resolve(rootDir, '.nuxt/dist/server/client.manifest.mjs')
-
-  if (existsSync(clientManifestPath)) {
-    return
-  }
-
-  mkdirSync(resolve(rootDir, '.nuxt/dist/server'), { recursive: true })
-  writeFileSync(clientManifestPath, CLIENT_MANIFEST_STUB)
-  consola.info('[Nuxt] Created missing client.manifest.mjs stub')
-}
-
 const SESAME_APP_API_URL = process.env.SESAME_APP_API_URL || 'http://localhost:4002'
-/** URL API exposée au navigateur (WebSocket). Ex. http://mactacx:4002 si SESAME_APP_API_URL pointe vers 127.0.0.1:4000. */
-const SESAME_APP_PUBLIC_API_URL = process.env.SESAME_APP_PUBLIC_API_URL || ''
 const SESAME_ALLOWED_HOSTS = process.env.SESAME_ALLOWED_HOSTS ? process.env.SESAME_ALLOWED_HOSTS.split(',') : []
 const IS_DEV = process.env.NODE_ENV === 'development'
 
@@ -95,7 +76,6 @@ export default defineNuxtConfig({
   runtimeConfig: {
     public: {
       release: process.env.npm_package_name + '@' + process.env.npm_package_version,
-      socketApiUrl: SESAME_APP_PUBLIC_API_URL,
       sentry: {
         dsn: process.env.SESAME_SENTRY_DSN,
       },
@@ -261,7 +241,19 @@ export default defineNuxtConfig({
     typescriptBundlerResolution: true,
   },
   nitro: {
+    experimental: {
+      websocket: false,
+    },
     routeRules: {
+      '/api/core/backends/sse': {
+        proxy: `${SESAME_APP_API_URL}/core/backends/sse`,
+        // Disable compression and caching for SSE
+        headers: {
+          'Cache-Control': 'no-cache, no-transform',
+          'Connection': 'keep-alive',
+          'X-Accel-Buffering': 'no', // Disable buffering in nginx
+        },
+      },
       '/api/**': {
         proxy: `${SESAME_APP_API_URL}/**`,
       },
@@ -280,39 +272,18 @@ export default defineNuxtConfig({
     storesDirs: ['~/stores'],
   },
   hooks: {
-    'nitro:init': (nitro) => {
-      try {
-        ensureClientManifestStub(nitro.options.rootDir)
-      } catch (error) {
-        consola.warn('[Nuxt] Unable to ensure client.manifest.mjs stub (nitro:init)', error)
-      }
-    },
-    'nitro:build:before': (nitro) => {
-      try {
-        ensureClientManifestStub(nitro.options.rootDir)
-      } catch (error) {
-        consola.warn('[Nuxt] Unable to ensure client.manifest.mjs stub (nitro:build:before)', error)
-      }
-    },
-    listen: () => {
-      try {
-        ensureClientManifestStub(WEB_ROOT)
-      } catch (error) {
-        consola.warn('[Nuxt] Unable to ensure client.manifest.mjs stub (listen)', error)
-      }
-    },
-    close: () => {
-      try {
-        ensureClientManifestStub(WEB_ROOT)
-      } catch (error) {
-        consola.warn('[Nuxt] Unable to ensure client.manifest.mjs stub (close)', error)
-      }
-    },
     ready: async (nuxt) => {
+      // Nuxt (Nitro) en SPA (`ssr:false`) peut parfois importer un client manifest absent en dev,
+      // ce qui casse toutes les requêtes. On crée un stub si nécessaire.
       try {
-        ensureClientManifestStub(nuxt.options.rootDir)
+        const clientManifestPath = resolve(process.cwd(), '.nuxt/dist/server/client.manifest.mjs')
+        if (!existsSync(clientManifestPath)) {
+          mkdirSync(resolve(process.cwd(), '.nuxt/dist/server'), { recursive: true })
+          writeFileSync(clientManifestPath, 'export default {}\\n')
+          consola.info('[Nuxt] Created missing client.manifest.mjs stub')
+        }
       } catch (error) {
-        consola.warn('[Nuxt] Unable to ensure client.manifest.mjs stub (ready)', error)
+        consola.warn('[Nuxt] Unable to ensure client.manifest.mjs stub', error)
       }
 
       const forceOpenapiRefresh = /true|on|yes|1/i.test(`${process.env.SESAME_FORCE_OPENAPI_TYPES_REFRESH}`)