Changelog

2025-08-22

✨ Added

Blocks

• Organization:
  • buildOrganizationsWithDescendantsQuery: Builds a MongoDB query to find organizations by their own IDs or by ancestor IDs

2025-08-21

✨ Added

Utilities

• Authentication:
  • decryptAndVerifyJWT: decrypt and verify encrypted JWTs
  • tokenPassesSecurityCheck: validate fingerprint/IP/user-agent against token
  • defaultRefreshTokenBodyAuth: validate refresh token from request body
  • defaultRefreshTokenCookieAuth: validate refresh token from cookies
  • retrieveTokenVerification: build verification metadata from Express request
  • validateAuthSecrets: validate auth secrets configuration
  • generateMailBody: interpolate URL and variables into email template
  • authSecretsValidationErrorMessage: helper to map invalid secrets to a message
  • isAccessToken: check for access tokens (user or app)
  • isUserAccessToken: check for user access tokens
  • isAppAccessToken: check for app access tokens
  • isRefreshToken: check for refresh tokens
  • isOnetimeToken: check for one-time tokens
  • isValidAppAccessToken: check app access token has appId present
  • isValidUserAccessToken: check user access token has identityId present

2025-08-20

✨ Added

Validators

• Authentication:
  • isAuthenticated: authenticate requests using bearer token
• Identity:
  • isSelf: ensure authenticated identity matches target identity
• Organization:
  • hasOrgRole: validate organization membership role
• Chat:
  • hasSubscription: require channel subscription
  • ownsSubscription: validate subscription ownership
  • ownsChannel: validate channel ownership
  • ownsMessage: validate message ownership
• Order:
  • ownsOrder: validate order ownership
• User:
  • ownsProfile: validate profile ownership
• Common:
  • checkIdentityType: gate access by identity type
  • ownsResource: generic ownership validator
  • some: compose validators with OR semantics
  • Legacy parameter validators (documented): requireParam, isUUID, isNumber
• Category:
  • doesCategoryExist

2025-08-14

🔄 Changed

Routes

• sendVerificationEmailRoute: path changed to /auth/:identityId/send-verification-email (was :userId)

Features

• emailVerificationFeature: uses /auth/:identityId/send-verification-email endpoint
• lockUserFeatures: API endpoint uses /identities/:identityId/lock
• unlockUserFeatures: API endpoint uses /identities/:identityId/unlock

2025-08-13

✨ Added

Blocks

• User:
  • getUserById: Retrieve user by ID with existence validation
  • normalizeUser: Remove MongoDB _id field from user object
  • normalizeUsers: Remove MongoDB _id fields from array of user objects
• Avatar:
  • normalizeAvatarOfOwner: Generate signed download URL from objectId and remove objectId
  • normalizeAvatarsOfOwners: Normalize avatar data for multiple users
  • deleteAvatarIfReplaced: Delete previous avatar file when objectId changes

🔄 Changed

Handlers (Deprecated)

• Authentication:
  • Marked as deprecated with replacement notes in docs: loginWithCredentials, createAccessToken, createRefreshToken, setResponseCookie, refreshToken, logout, checkToken, loginWithOnetimeToken, generateOnetimeToken, registerCredentials, confirmEmail, loginTerminator, logoutTerminator, registerTerminator, sendVerificationEmailTerminator, sendVerificationEmail
  • Replacement: use Authentication Blocks
• User:
  • Marked as deprecated with replacement notes in docs: createUser, getUserById, findUsers, updateUser, deleteUser, lockUser, unlockUser, normalizeUserTerminator, normalizeUsersListTerminator, deleteUserTerminator, lockUserTerminator, unlockUserTerminator
  • Replacement: use User Blocks

Validators (Deprecated)

• Authentication:
  • verifyAuthentication — Replacement: isAuthenticated
• User:
  • validateUserProfileAccess — Replacement: ownsProfile
• Organization:
  • validateOrganizationAccess — Replacement: hasOrgRole
• Order:
  • validateOrderAccess — Replacement: ownsOrder
• Chat:
  • validateChannelAccess — Replacement: ownsChannel
  • validateMessageAccess — Replacement: ownsMessage
• Common:
  • validateResourceAccess — Replacement: isSelf, checkIdentityType

Authentication Docs

• sendVerificationEmailRoute: path corrected to /auth/:identityId/send-verification-email
• emailVerificationFeature: updated route and API Endpoint to use :identityId
• Authentication Blocks Index: summary updated to :identityId

Services

• Authentication Service:
  • Token check response field corrected from userId to identityId

2025-08-12

✨ Added

Schemas

• OAuth:
  • fpQueryParameter: Fingerprint query param for request correlation
  • purposeQueryParameter: Flow purpose (oauth-login | oauth-signup)
  • redirectUrlQueryParameter: Client redirect destination
  • typeIdQueryParameter: Optional identity type identifier
  • stateQueryParameter: OAuth state for callback verification
  • googleOauthSchema: Initiation schema (empty JSON body)

Blocks

• OAuth:
  • requestGoogleOAuth: Initiate Google OAuth and generate signed state
  • authenticateGoogleOAuth: Process provider callback and extract profile
  • extractOAuthLoginState: Decode and validate state token
  • verifyGoogleOAuth: Resolve/create identity from Google profile
  • generateRedirectURL: Build redirect URL with token
• Common:
  • redirectTo: Issue HTTP redirects
  • generateRandomPassword: Generate secure random passwords
• Organization:
  • generateSignedLogoUploadUrl: Create pre-signed upload URL for organization logo

Routes

• OAuth:
  • googleOAuthRoute: GET /auth/oauth/google
  • googleOAuthCallbackRoute: GET /auth/oauth/google/callback
• Organization:
  • getLogoUploadUrlRoute: GET /organizations/:organizationId/logo-upload-url

Features

• OAuth:
  • googleOAuthFeature: Composed initiation workflow
  • googleOAuthCallbackFeature: Composed callback/redirect workflow
• Organization:
  • getLogoUploadUrlFeature: Composed workflow for organization logo upload URL generation

Drivers

• OAuth:
  • verifyGoogleCallback: Passport verify callback for Google
  • createGoogleOAuthDriver: Configure Passport strategy and helpers

🔄 Changed

Services

• Authentication Service: Quickstart uses SDK drivers and correct stores/args
  • Import drivers from @nodeblocks/backend-sdk
  • Use getMongoClient('mongodb://localhost:27017', 'dev')
  • Provide third argument as { mailService, googleOAuthDriver }
  • Datastore keys corrected to identities, onetimetokens, invitations
  • Endpoint summary: added OAuth endpoints — GET /auth/oauth/google, GET /auth/oauth/google/callback

2025-08-08

✨ Added

Blocks

• getAvatarUploadUrlRoute: GET /user-profiles/:profileId/avatar-upload-url for secure avatar upload URL generation
• getAvatarUploadUrlFeature: Composed workflow for avatar upload URL generation with schema validation

---

2025-08-07

✨ Added

Blocks

• extractTokenFromAuthorizationHeader: Extract Bearer token from the Authorization header
• softDeleteRefreshTokens: Soft-delete all refresh tokens for an identity

Schemas

• completePasswordResetSchema: Validate new password for reset completion

Routes

• deactivateRoute: POST /auth/deactivate to deactivate account and invalidate tokens
• completePasswordResetRoute: POST /auth/reset-password to finalize password reset

Features

• deactivateFeature: Composed workflow to deactivate account
• completePasswordResetFeature: Composed workflow to finalize password reset

⚠️ Deprecated

• requireParam, isUUID, and isNumber validators now use a legacy interface and are deprecated.
  • Prefer standard validators or custom validators using the normal payload signature.
  • Details: see requireParam, isUUID, isNumber.

🧩 Versioning

• Introduced SDK versioning for the backend documentation release.
• You can now select the Nodeblocks Backend SDK version from the right side of the navbar, next to the documentation version selector.

---

2025-08-06

✨ Added

Blocks

• hash: Hash strings (passwords) using bcrypt
• normalizeIdentityWithoutPassword: Remove password and _id from identity objects
• sendEmail: Send emails with optional one-time token
• updateIdentity: Update identity fields in datastore
• buildUpdateIdentityActivatedPayload: Build activation payload to clear deactivation and unlock identity
• isEmailVerified: Ensure email is verified or return forbidden
• checkOneTimeToken: Validate and decrypt one-time tokens
• checkToken: Validate access/one-time tokens with security checks

Schemas

• changePasswordSchema: Validate current and new password
• activateSchema: Validate activation request

Routes

• changePasswordRoute: PATCH /auth/:identityId/change-password to change password
• activateRoute: POST /auth/activate to activate account

Features

• changePasswordFeature: Composed workflow to change password

Combinators

• applyPayloadArgs: Map payload data to block parameters
• orThrow: Throw mapped errors or pass value through

---

2025-07-29

✨ Added

• Database Drivers: Comprehensive documentation for database connection and configuration
  • MongoDB driver documentation with connection examples
  • Custom database driver interface requirements
• Mail Service Drivers: Complete documentation for email service configuration
  • SendGrid driver documentation with API key configuration
  • Mail data interface with HTML/text content requirements
  • Mail service interface with status-based success handling
• File Storage Drivers: Detailed documentation for cloud storage operations
  • Google Cloud Storage driver with signed URL generation
  • File upload, download, and deletion URL examples
  • cURL examples for testing signed URLs
  • Content type validation and file size limits
• Driver Architecture: New drivers subdirectory under components
  • Organized driver documentation in docs/v2/backend/components/drivers/
  • Separate documentation for database, mail service, and file storage drivers
  • Consistent interface patterns across all driver types
• Identity Service Documentation: Complete API documentation with live testing validation
  • Full CRUD operations for identity management (GET, PATCH, DELETE)
  • Real API response examples validated through cURL testing
  • Admin-only access requirements with proper authorization documentation
  • Schema-based request validation with actual response format documentation
  • Error handling with HTTP status codes (401, 403, 404, 500)
  • Integration examples using NodeBlocks database drivers

---

2025-07-28

✨ Added

• Organization blocks: pure business logic functions for organization management
• applyPayloadArgs utility for mapping payload data to block parameters
• File storage blocks: pure business logic functions for secure file management
• generateSignedUploadUrl block for creating secure upload URLs
• generateSignedDownloadUrl block for creating secure download URLs
• generateSignedDeleteUrl block for creating secure delete URLs
• generateSignedAvatarUploadUrl block for avatar uploads with UUID generation
• File storage schemas for image upload validation
• Authentication blocks: pure business logic functions for secure authentication
• Identity management blocks for user validation and email operations
• Token management blocks for secure token lifecycle management
• Email authentication blocks for verification and communication
• Security validation blocks for fingerprint tracking and request validation
• New authentication schemas for enhanced functionality:
  • changeEmailSchema for email change validation
  • checkTokenSchema for token validation with target context
  • confirmNewEmailSchema for new email confirmation validation
  • sendResetPasswordLinkEmailSchema for password reset email validation
• New authentication features for complete workflows:
  • changeEmailFeature for email change initiation
  • checkTokenFeature for token validation with target context
  • confirmNewEmailFeature for new email confirmation
  • sendResetPasswordLinkEmailFeature for password reset email generation
• New authentication routes using blocks:
  • changeEmailRoute for email change initiation
  • checkTokenRoute for token validation
  • confirmNewEmailRoute for new email confirmation
  • sendResetPasswordLinkEmailRoute for password reset email sending

🔄 Changed

• Migrated organization handlers to blocks:

  • createOrganization → createOrganization block
  • getOrganizationById → getOrganizationById block
  • findOrganizations → findOrganizations block
  • updateOrganization → updateOrganization block
  • deleteOrganization → deleteOrganization block
  • getOrganizationUserRole → getOrganizationMemberRole block
  • checkOrganizationUserExistence → checkOrganizationMemberExistence block
  • findOrganizationUsers → findOrganizationMembers block
  • upsertOrganizationUsers → upsertOrganizationMembers block
  • deleteOrganizationUser → deleteOrganizationMember block
  • findOrganizationsForUser → findOrganizationsForIdentity block

• Updated organization schema names and terminology:

  • organizationUsersSchema → organizationMembersSchema
  • upsertOrganizationUsersSchema → upsertOrganizationMembersSchema
  • getOrganizationUserRoleSchema → getOrganizationMemberRoleSchema
  • checkOrganizationUserExistenceSchema → checkOrganizationMemberExistenceSchema
  • findOrganizationUsersSchema → findOrganizationMembersSchema
  • deleteOrganizationUserSchema → deleteOrganizationMemberSchema
  • findOrganizationsForUserSchema → findOrganizationsForIdentitySchema
  • Parameter names updated: userId → identityId
  • Member schema structure: id → identityId

🐞 Breaking Changes

• Organization handlers removed - can no longer import them directly
• To use previous handler logic in custom routes, compose blocks using applyPayloadArgs