feat(saas): add endpoint to retrieve companies associated with a user's email#1853
Conversation
📝 WalkthroughWalkthroughAdds a new SaaS use case, ISaasGetUserEmailCompanies interface, and SAAS_GET_USER_EMAIL_COMPANIES DI token to fetch companies by user email. Wires a new GET endpoint in SaasController with email validation, registers the provider in SaasModule, and protects the route via SaaSAuthMiddleware. ChangesGet companies by user email
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant Client
participant SaasController
participant ValidationHelper
participant SaasGetUserEmailCompaniesUseCase
participant CompanyInfoRepository
Client->>SaasController: GET user/email/:email/companies
SaasController->>ValidationHelper: validateOrThrowHttpExceptionEmail(email)
SaasController->>SaasGetUserEmailCompaniesUseCase: execute(email)
SaasGetUserEmailCompaniesUseCase->>CompanyInfoRepository: findCompanyInfosByUserEmail(email)
CompanyInfoRepository-->>SaasGetUserEmailCompaniesUseCase: companies or empty
SaasGetUserEmailCompaniesUseCase-->>SaasController: FoundUserEmailCompaniesInfoDs[]
SaasController-->>Client: companies response
Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 6✅ Passed checks (6 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Adds a new SaaS-microservice “bridge” endpoint that lets rocketadmin-saas retrieve the list of companies associated with a given user email (supporting the multi-company login picker), mirroring existing core behavior.
Changes:
- Introduces
SaasGetUserEmailCompaniesUseCaseto fetch companies by user email viacompanyInfoRepository. - Wires a new controller route
GET /saas/user/email/:email/companies(with email validation) and registers the provider inSaasModule. - Adds a new DI token
UseCaseType.SAAS_GET_USER_EMAIL_COMPANIESand corresponding use-case interface.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/src/microservices/saas-microservice/use-cases/saas-use-cases.interface.ts | Adds the ISaasGetUserEmailCompanies contract and DS import. |
| backend/src/microservices/saas-microservice/use-cases/saas-get-user-email-companies.use.case.ts | Implements the new SaaS bridge use case for email → companies lookup. |
| backend/src/microservices/saas-microservice/saas.module.ts | Registers the new use case and applies SaaS auth middleware to the new route. |
| backend/src/microservices/saas-microservice/saas.controller.ts | Exposes GET /saas/user/email/:email/companies with input validation and Swagger metadata. |
| backend/src/common/data-injection.tokens.ts | Adds the new UseCaseType.SAAS_GET_USER_EMAIL_COMPANIES token. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| /** | ||
| * Returns the companies a given email is registered in. This is the SaaS microservice bridge for the | ||
| * open-source `GET /my/email/:email` endpoint (GetUserEmailCompaniesUseCase) — duplicated here on | ||
| * purpose so rocketadmin-saas can expose the same lookup (used by the multi-company login picker) | ||
| * through its own `/saas/*` surface. The open-source endpoint is left untouched. | ||
| */ |
| @ApiOperation({ summary: 'Get companies where a user with this email is registered' }) | ||
| @ApiResponse({ | ||
| status: 200, | ||
| description: 'Companies where a user with this email is registered.', | ||
| type: FoundUserEmailCompaniesInfoDs, | ||
| isArray: true, | ||
| }) | ||
| @Get('user/email/:email/companies') | ||
| async getUserEmailCompanies(@Param('email') email: string): Promise<Array<FoundUserEmailCompaniesInfoDs>> { | ||
| ValidationHelper.validateOrThrowHttpExceptionEmail(email); | ||
| return await this.getUserEmailCompaniesUseCase.execute(email); | ||
| } |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
backend/src/microservices/saas-microservice/saas.controller.ts (1)
202-213: 🔒 Security & Privacy | 🔵 Trivial | ⚖️ Poor tradeoffEmail passed via URL path will appear in access/proxy logs.
Placing the email in the path (
user/email/:email/companies) means it can end up in server access logs, CDN/proxy logs, or error trackers. This mirrors the existingusers/email/:userEmailroute and the referenced open-source/my/email/:emailendpoint, so it's consistent with established convention here — just flagging for awareness rather than as a new regression.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/src/microservices/saas-microservice/saas.controller.ts` around lines 202 - 213, The `getUserEmailCompanies` endpoint in `saas.controller.ts` exposes the email in the URL path via `@Get('user/email/:email/companies')`, which means it can be captured by access/proxy logs and error tooling. No immediate code change is required if this route is intentionally kept for convention, but if you decide to harden it later, update `getUserEmailCompanies` and `ValidationHelper.validateOrThrowHttpExceptionEmail` to accept the email from a less log-sensitive source (for example, query or request body) while preserving the existing validation and `getUserEmailCompaniesUseCase.execute(email)` flow.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@backend/src/microservices/saas-microservice/saas.controller.ts`:
- Around line 202-213: The `getUserEmailCompanies` endpoint in
`saas.controller.ts` exposes the email in the URL path via
`@Get('user/email/:email/companies')`, which means it can be captured by
access/proxy logs and error tooling. No immediate code change is required if
this route is intentionally kept for convention, but if you decide to harden it
later, update `getUserEmailCompanies` and
`ValidationHelper.validateOrThrowHttpExceptionEmail` to accept the email from a
less log-sensitive source (for example, query or request body) while preserving
the existing validation and `getUserEmailCompaniesUseCase.execute(email)` flow.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ca20a4bf-f56c-4f49-971a-6a0aab6d50f4
📒 Files selected for processing (5)
backend/src/common/data-injection.tokens.tsbackend/src/microservices/saas-microservice/saas.controller.tsbackend/src/microservices/saas-microservice/saas.module.tsbackend/src/microservices/saas-microservice/use-cases/saas-get-user-email-companies.use.case.tsbackend/src/microservices/saas-microservice/use-cases/saas-use-cases.interface.ts
Summary by CodeRabbit
New Features
Bug Fixes
Chores