Skip to content

Releases: rhino-project/rhino-nestjs

v4.3.1

09 Jun 02:35
@github-actions github-actions
v4.3.1
17e18b1

Choose a tag to compare

View all tags
v4.3.1 Latest
Latest

Full Changelog: v4.3.0...v4.3.1

Assets 2
Loading

v4.3.0

08 Jun 21:41
@github-actions github-actions
v4.3.0
2c621ec

Choose a tag to compare

View all tags
v4.3.0

Full Changelog: v4.2.1...v4.3.0

Loading

v4.2.1

08 Jun 14:17
@github-actions github-actions
v4.2.1
a2da295

Choose a tag to compare

View all tags
v4.2.1

Full Changelog: v4.2.0...v4.2.1

Loading

v4.2.0

07 Jun 23:57
@brunocmoreira brunocmoreira
v4.2.0
4fbd661

Choose a tag to compare

View all tags
v4.2.0

@rhino-dev/rhino-nestjs 4.2.0

Added

  • Group-aware auth, membership enforcement & lifecycle hooks (per-group auth / hooks, auth.enforceGroupMembership).
  • Domain route groups ({organization}.example.com) + route-group conflict validation.

Fixed

  • Membership is now enforced at /auth/login — a non-member is rejected with 403 MEMBERSHIP_DENIED (token revoked, never returned) instead of authenticating and only being blocked on the first resource request. Brings NestJS to parity with the Laravel/Rails stacks.
  • Org-less / single-tenant apps can authenticate (guarded userRoles include).

Full Changelog: v4.0.0...v4.2.0

Loading

v4.1.0

04 Jun 03:04
@brunocmoreira brunocmoreira
v4.1.0
fbb8746

Choose a tag to compare

View all tags
v4.1.0

Rhino 4.1.0

Domain-aware route groups

Route groups can declare a domain to scope their routes to a host — literal
(admin.example.com) or parameterized ({organization}.example.com) for
subdomain multitenancy. Combines with prefix; parameterized domains feed
organization resolution.

Route group conflict validation

Boot-time validation throws when two route groups would silently shadow each
other (same prefix + intersecting host-set + overlapping models), with a clear
message and remediation.

Group-aware auth, membership & lifecycle hooks (opt-in)

  • Group membership on user_roles via a nullable route_group column
    (NULL = wildcard), gated by enforce_group_membership. When on, a request's
    group requires a matching membership (else 403) and permissions resolve
    from the matching row.
  • Group-aware auth — groups with auth: true register their own auth route
    set; the legacy auth endpoints are preserved.
  • Invitations carry the route group; accept populates the membership.
  • Lifecycle hooks run after each auth action and may reject, revoking the
    just-issued token. afterPasswordRecover rejection is swallowed to prevent
    email enumeration.

All new behavior is opt-in — with the flags off, behavior is unchanged.

Loading

v4.0.0

26 May 19:13
@brunocmoreira brunocmoreira
v4.0.0
db2514b

Choose a tag to compare

View all tags
v4.0.0

Full Changelog: https://github.com/rhino-project/rhino-nestjs/commits/v4.0.0

Loading