feat(POC): add run time config management service

src/admin/admin.service.spec.ts

@@ -51,6 +51,7 @@ const mockConfig: Record<string, unknown> = {
   searchSamples: true,
   sftpHost: "login.esss.dk",
   sourceFolder: "/data/ess",
+  maxFileUploadSizeInMb: "12mb",
   maxDirectDownloadSize: 5000000000,
   maxFileSizeWarning:
     "Some files are above <maxDirectDownloadSize> and cannot be downloaded directly. These file can be downloaded via sftp host: <sftpHost> in directory: <sourceFolder>",
@@ -92,7 +93,6 @@ describe("AdminService", () => {
   const mockConfigService = {
     get: jest.fn((propertyPath: string) => {
       const config = {
-        maxFileUploadSizeInMb: "12mb",
         frontendConfig: mockConfig,
         frontendTheme: mockTheme,
       } as Record<string, unknown>;
@@ -120,13 +120,10 @@ describe("AdminService", () => {
   });
 
   describe("getConfig", () => {
-    it("should return modified config", async () => {
+    it("should return frontend config", async () => {
       const result = await service.getConfig();
 
-      expect(result).toEqual({
-        ...mockConfig,
-        maxFileUploadSizeInMb: "12mb",
-      });
+      expect(result).toEqual(mockConfig);
     });
   });
 

src/admin/admin.service.ts

@@ -6,30 +6,15 @@ export class AdminService {
   constructor(private configService: ConfigService) {}
 
   async getConfig(): Promise<Record<string, unknown> | null> {
-    const modifiedConfig = this.applyBackendConfigAdjustments();
+    const config =
+      this.configService.get<Record<string, unknown>>("frontendConfig") || null;
 
-    return modifiedConfig;
+    return config;
   }
 
   async getTheme(): Promise<Record<string, unknown> | null> {
     const theme =
       this.configService.get<Record<string, unknown>>("frontendTheme") || null;
     return theme;
   }
-
-  // NOTE: Adjusts backend config values for frontend use (e.g., file upload limits).
-  // Add future backend-dependent adjustments here as needed.
-  private applyBackendConfigAdjustments(): Record<string, unknown> | null {
-    const config =
-      this.configService.get<Record<string, unknown>>("frontendConfig") || null;
-    if (!config) {
-      return null;
-    }
-    const postEncodedMaxFileUploadSize =
-      this.configService.get<string>("maxFileUploadSizeInMb") || "16mb";
-    return {
-      ...config,
-      maxFileUploadSizeInMb: postEncodedMaxFileUploadSize,
-    };
-  }
 }

src/app.module.ts

@@ -42,6 +42,7 @@ import {
 } from "./common/schemas/generic-history.schema";
 import { HistoryModule } from "./history/history.module";
 import { MaskSensitiveDataInterceptorModule } from "./common/interceptors/mask-sensitive-data.interceptor";
+import { RuntimeConfigModule } from "./runtime-config/runtime-config.module";
 
 @Module({
   imports: [
@@ -50,6 +51,7 @@ import { MaskSensitiveDataInterceptorModule } from "./common/interceptors/mask-s
       isGlobal: true,
       cache: true,
     }),
+    RuntimeConfigModule,
     AuthModule,
     CaslModule,
     AttachmentsModule,

src/casl/casl-ability.factory.ts

@@ -29,6 +29,7 @@ import { UserIdentity } from "src/users/schemas/user-identity.schema";
 import { UserSettings } from "src/users/schemas/user-settings.schema";
 import { User } from "src/users/schemas/user.schema";
 import { Action } from "./action.enum";
+import { RuntimeConfig } from "src/runtime-config/schemas/runtime-config.schema";
 
 type Subjects =
   | string
@@ -49,6 +50,7 @@ type Subjects =
       | typeof UserSettings
       | typeof ElasticSearchActions
       | typeof Datablock
+      | typeof RuntimeConfig
     >
   | "all";
 type PossibleAbilities = [Action, Subjects];
@@ -84,6 +86,7 @@ export class CaslAbilityFactory {
     attachments: this.attachmentEndpointAccess,
     history: this.historyEndpointAccess,
     datablocks: this.datablockEndpointAccess,
+    runtimeconfig: this.runtimeConfigEndpointAccess,
   };
 
   endpointAccess(endpoint: string, user: JWTUser) {
@@ -908,6 +911,26 @@ export class CaslAbilityFactory {
         item.constructor as ExtractSubjectType<Subjects>,
     });
   }
+  runtimeConfigEndpointAccess(user: JWTUser) {
+    const { can, build } = new AbilityBuilder(
+      createMongoAbility<PossibleAbilities, Conditions>,
+    );
+
+    can(Action.Read, RuntimeConfig);
+    if (
+      user &&
+      user.currentGroups.some((g) => this.accessGroups?.admin.includes(g))
+    ) {
+      /*
+        / user that belongs to any of the group listed in ADMIN_GROUPS
+        */
+      can(Action.Update, RuntimeConfig);
+    }
+    return build({
+      detectSubjectType: (item) =>
+        item.constructor as ExtractSubjectType<Subjects>,
+    });
+  }
 
   policyEndpointAccess(user: JWTUser) {
     const { can, build } = new AbilityBuilder(

src/config/configuration.ts

@@ -193,6 +193,12 @@ const configuration = () => {
   );
 
   const config = {
+    configSyncToDb: {
+      enabled: boolean(process.env.CONFIG_SYNC_TO_DB_ENABLED || false),
+      configList: process.env.CONFIG_SYNC_TO_DB_LIST
+        ? process.env.CONFIG_SYNC_TO_DB_LIST.split(",").map((v) => v.trim())
+        : ["frontendConfig", "frontendTheme"],
+    },
     maxFileUploadSizeInMb: process.env.MAX_FILE_UPLOAD_SIZE || "16mb", // 16MB by default
     versions: {
       api: "3",

src/runtime-config/dto/runtime-config.dto.ts

@@ -0,0 +1,36 @@
+import { ApiProperty } from "@nestjs/swagger";
+import { IsString, IsOptional, IsObject } from "class-validator";
+
+export class OutputRuntimeConfigDto {
+  @ApiProperty({
+    type: String,
+    description: "Unique config identifier (e.g. 'frontend', 'backend', etc.)",
+    example: "frontend",
+  })
+  @IsString()
+  _id: string;
+
+  @ApiProperty({
+    type: Object,
+    description: "Configuration content as a JSON object",
+  })
+  @IsObject()
+  data: Record<string, unknown>;
+
+  @ApiProperty({
+    type: String,
+    required: false,
+    description: "Optional description of this configuration entry",
+  })
+  @IsOptional()
+  @IsString()
+  description?: string;
+
+  @ApiProperty({
+    type: String,
+    description: "User or system that last updated the configuration",
+    example: "system",
+  })
+  @IsString()
+  updatedBy: string;
+}

src/runtime-config/runtime-config.controller.ts

@@ -0,0 +1,65 @@
+import {
+  Body,
+  Controller,
+  Get,
+  Param,
+  Put,
+  Req,
+  UseGuards,
+} from "@nestjs/common";
+import {
+  ApiBearerAuth,
+  ApiBody,
+  ApiOkResponse,
+  ApiTags,
+} from "@nestjs/swagger";
+import { Request } from "express";
+import { AllowAny } from "src/auth/decorators/allow-any.decorator";
+import { JWTUser } from "src/auth/interfaces/jwt-user.interface";
+import { OutputRuntimeConfigDto } from "./dto/runtime-config.dto";
+import { RuntimeConfigService } from "./runtime-config.service";
+import { PoliciesGuard } from "src/casl/guards/policies.guard";
+import { Action } from "src/casl/action.enum";
+import { AppAbility } from "src/casl/casl-ability.factory";
+import { CheckPolicies } from "src/casl/decorators/check-policies.decorator";
+import { RuntimeConfig } from "./schemas/runtime-config.schema";
+@ApiBearerAuth()
+@ApiTags("runtime-config")
+@Controller("runtime-config")
+export class RuntimeConfigController {
+  constructor(private readonly runtimeConfigService: RuntimeConfigService) {}
+
+  @AllowAny()
+  @ApiOkResponse({ type: OutputRuntimeConfigDto })
+  @Get("data/:id")
+  async getConfig(
+    @Param("id") id: string,
+  ): Promise<OutputRuntimeConfigDto | null> {
+    const config = await this.runtimeConfigService.getConfig(id);
+
+    return config;
+  }
+
+  @UseGuards(PoliciesGuard)
+  @CheckPolicies("runtimeconfig", (ability: AppAbility) =>
+    ability.can(Action.Update, RuntimeConfig),
+  )
+  @Put("data/:id")
+  @ApiBody({
+    type: Object,
+    description: "Runtime config object",
+  })
+  @ApiOkResponse({ type: OutputRuntimeConfigDto })
+  async updateConfig(
+    @Req() request: Request,
+    @Param("id") id: string,
+    @Body() config: Record<string, unknown>,
+  ): Promise<OutputRuntimeConfigDto | null> {
+    const user: JWTUser = request.user as JWTUser;
+    return await this.runtimeConfigService.updateConfig(
+      id,
+      config,
+      user.username,
+    );
+  }
+}

src/runtime-config/runtime-config.module.ts

@@ -0,0 +1,45 @@
+import { Module } from "@nestjs/common";
+import { MongooseModule } from "@nestjs/mongoose";
+import { RuntimeConfigService } from "./runtime-config.service";
+import { RuntimeConfigController } from "./runtime-config.controller";
+import {
+  RuntimeConfig,
+  RuntimeConfigSchema,
+} from "./schemas/runtime-config.schema";
+import {
+  GenericHistory,
+  GenericHistorySchema,
+} from "src/common/schemas/generic-history.schema";
+import { ConfigModule, ConfigService } from "@nestjs/config";
+import { CaslModule } from "src/casl/casl.module";
+import { applyHistoryPluginOnce } from "src/common/mongoose/plugins/history.plugin.util";
+
+@Module({
+  imports: [
+    CaslModule,
+    ConfigModule,
+    MongooseModule.forFeature([
+      {
+        name: GenericHistory.name,
+        schema: GenericHistorySchema,
+      },
+    ]),
+    MongooseModule.forFeatureAsync([
+      {
+        name: RuntimeConfig.name,
+        imports: [ConfigModule],
+        inject: [ConfigService],
+        useFactory: (configService: ConfigService) => {
+          const schema = RuntimeConfigSchema;
+          applyHistoryPluginOnce(schema, configService);
+
+          return schema;
+        },
+      },
+    ]),
+  ],
+  controllers: [RuntimeConfigController],
+  providers: [RuntimeConfigService],
+  exports: [RuntimeConfigService],
+})
+export class RuntimeConfigModule {}