dwindown/tabungin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: remove OTP gate from transactions, fix categories auth, add implementation plan

Browse Source 
- Remove OtpGateGuard from transactions controller (OTP verified at login)
- Fix categories controller to use authenticated user instead of TEMP_USER_ID
- Add comprehensive implementation plan document
- Update .env.example with WEB_APP_URL
- Prepare for admin dashboard development
This commit is contained in:
dwindown
2025-10-11 14:00:11 +07:00
parent 0da6071eb3
commit 249f3a9d7d
159 changed files with 13748 additions and 3369 deletions
Download Patch File Download Diff File Expand all files Collapse all files

404
apps/api/dist/auth/auth.service.js vendored Normal file
View File

@@ -0,0 +1,404 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthService = void 0;
const common_1 = require("@nestjs/common");
const jwt_1 = require("@nestjs/jwt");
const prisma_service_1 = require("../prisma/prisma.service");
const otp_service_1 = require("../otp/otp.service");
const bcrypt = __importStar(require("bcrypt"));
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const axios_1 = __importDefault(require("axios"));
let AuthService = class AuthService {
prisma;
jwtService;
otpService;
constructor(prisma, jwtService, otpService) {
this.prisma = prisma;
this.jwtService = jwtService;
this.otpService = otpService;
}
async register(email, password, name) {
const existing = await this.prisma.user.findUnique({ where: { email } });
if (existing) {
throw new common_1.ConflictException('Email already registered');
}
const passwordHash = await bcrypt.hash(password, 10);
const user = await this.prisma.user.create({
data: {
email,
passwordHash,
name,
emailVerified: false,
},
});
const token = this.generateToken(user.id, user.email);
return {
user: {
id: user.id,
email: user.email,
name: user.name,
avatarUrl: user.avatarUrl,
emailVerified: user.emailVerified,
},
token,
};
}
async login(email, password) {
const user = await this.prisma.user.findUnique({
where: { email },
select: {
id: true,
email: true,
passwordHash: true,
name: true,
avatarUrl: true,
emailVerified: true,
otpEmailEnabled: true,
otpWhatsappEnabled: true,
otpTotpEnabled: true,
},
});
if (!user || !user.passwordHash) {
throw new common_1.UnauthorizedException('Invalid credentials');
}
const isValid = await bcrypt.compare(password, user.passwordHash);
if (!isValid) {
throw new common_1.UnauthorizedException('Invalid credentials');
}
const requiresOtp = user.otpEmailEnabled || user.otpWhatsappEnabled || user.otpTotpEnabled;
if (requiresOtp) {
if (user.otpEmailEnabled) {
try {
await this.otpService.sendEmailOtp(user.id);
}
catch (error) {
console.error('Failed to send email OTP during login:', error);
}
}
if (user.otpWhatsappEnabled) {
try {
await this.otpService.sendWhatsappOtp(user.id, 'live');
}
catch (error) {
console.error('Failed to send WhatsApp OTP during login:', error);
}
}
return {
requiresOtp: true,
availableMethods: {
email: user.otpEmailEnabled,
whatsapp: user.otpWhatsappEnabled,
totp: user.otpTotpEnabled,
},
tempToken: this.generateTempToken(user.id, user.email),
};
}
const token = this.generateToken(user.id, user.email);
return {
user: {
id: user.id,
email: user.email,
name: user.name,
avatarUrl: user.avatarUrl,
emailVerified: user.emailVerified,
},
token,
};
}
async googleLogin(googleProfile) {
let user = await this.prisma.user.findUnique({
where: { email: googleProfile.email },
});
if (!user) {
user = await this.prisma.user.create({
data: {
email: googleProfile.email,
name: googleProfile.name,
avatarUrl: googleProfile.avatarUrl,
emailVerified: true,
authAccounts: {
create: {
provider: 'google',
issuer: 'google.com',
subject: googleProfile.googleId,
},
},
},
});
}
else {
const existingAuth = await this.prisma.authAccount.findUnique({
where: {
issuer_subject: {
issuer: 'google.com',
subject: googleProfile.googleId,
},
},
});
if (!existingAuth) {
await this.prisma.authAccount.create({
data: {
userId: user.id,
provider: 'google',
issuer: 'google.com',
subject: googleProfile.googleId,
},
});
}
console.log('Updating user with Google profile:', {
name: googleProfile.name,
avatarUrl: googleProfile.avatarUrl,
});
let avatarUrl = user.avatarUrl;
if (googleProfile.avatarUrl) {
try {
avatarUrl = await this.downloadAndStoreAvatar(googleProfile.avatarUrl, user.id);
}
catch (error) {
console.error('Failed to download avatar:', error);
avatarUrl = googleProfile.avatarUrl;
}
}
user = await this.prisma.user.update({
where: { id: user.id },
data: {
name: googleProfile.name || user.name,
avatarUrl: avatarUrl || user.avatarUrl,
emailVerified: true,
},
});
console.log('User updated, avatar:', user.avatarUrl);
}
const requiresOtp = user.otpEmailEnabled || user.otpWhatsappEnabled || user.otpTotpEnabled;
if (requiresOtp) {
if (user.otpEmailEnabled) {
try {
await this.otpService.sendEmailOtp(user.id);
}
catch (error) {
console.error('Failed to send email OTP during Google login:', error);
}
}
if (user.otpWhatsappEnabled) {
try {
await this.otpService.sendWhatsappOtp(user.id, 'live');
}
catch (error) {
console.error('Failed to send WhatsApp OTP during Google login:', error);
}
}
return {
requiresOtp: true,
availableMethods: {
email: user.otpEmailEnabled,
whatsapp: user.otpWhatsappEnabled,
totp: user.otpTotpEnabled,
},
tempToken: this.generateTempToken(user.id, user.email),
};
}
const token = this.generateToken(user.id, user.email);
return {
user: {
id: user.id,
email: user.email,
name: user.name,
avatarUrl: user.avatarUrl,
emailVerified: user.emailVerified,
},
token,
};
}
async verifyOtpAndLogin(tempToken, otpCode, method) {
let payload;
try {
payload = this.jwtService.verify(tempToken);
}
catch {
throw new common_1.UnauthorizedException('Invalid or expired token');
}
if (!payload.temp) {
throw new common_1.UnauthorizedException('Invalid token type');
}
const userId = payload.userId || payload.sub;
const email = payload.email;
if (!userId || !email) {
throw new common_1.UnauthorizedException('Invalid token payload');
}
const user = await this.prisma.user.findUnique({
where: { id: userId },
});
if (!user) {
throw new common_1.UnauthorizedException('User not found');
}
if (method === 'email') {
const isValid = this.otpService.verifyEmailOtpForLogin(userId, otpCode);
if (!isValid) {
throw new common_1.UnauthorizedException('Invalid or expired email OTP code');
}
}
else if (method === 'whatsapp') {
const isValid = this.otpService.verifyWhatsappOtpForLogin(userId, otpCode);
if (!isValid) {
throw new common_1.UnauthorizedException('Invalid or expired WhatsApp OTP code');
}
}
else if (method === 'totp') {
if (!user.otpTotpSecret) {
throw new common_1.UnauthorizedException('TOTP not set up');
}
const { authenticator } = await import('otplib');
const isValid = authenticator.verify({
token: otpCode,
secret: user.otpTotpSecret,
});
if (!isValid) {
throw new common_1.UnauthorizedException('Invalid TOTP code');
}
}
const token = this.generateToken(userId, email);
return {
user: {
id: user.id,
email: user.email,
name: user.name,
avatarUrl: user.avatarUrl,
emailVerified: user.emailVerified,
},
token,
};
}
generateToken(userId, email) {
return this.jwtService.sign({
sub: userId,
email,
});
}
generateTempToken(userId, email) {
return this.jwtService.sign({ userId, email, temp: true }, { expiresIn: '5m' });
}
async getUserProfile(userId) {
const user = await this.prisma.user.findUnique({
where: { id: userId },
select: {
id: true,
email: true,
name: true,
avatarUrl: true,
emailVerified: true,
},
});
if (!user) {
throw new common_1.UnauthorizedException('User not found');
}
return user;
}
async changePassword(userId, currentPassword, newPassword, isSettingPassword) {
const user = await this.prisma.user.findUnique({
where: { id: userId },
select: { passwordHash: true },
});
if (!user) {
throw new common_1.BadRequestException('User not found');
}
if (isSettingPassword && !user.passwordHash) {
const newPasswordHash = await bcrypt.hash(newPassword, 10);
await this.prisma.user.update({
where: { id: userId },
data: { passwordHash: newPasswordHash },
});
return { message: 'Password set successfully' };
}
if (!user.passwordHash) {
throw new common_1.BadRequestException('Cannot change password for this account');
}
const isValid = await bcrypt.compare(currentPassword, user.passwordHash);
if (!isValid) {
throw new common_1.UnauthorizedException('Current password is incorrect');
}
const newPasswordHash = await bcrypt.hash(newPassword, 10);
await this.prisma.user.update({
where: { id: userId },
data: { passwordHash: newPasswordHash },
});
return { message: 'Password changed successfully' };
}
async downloadAndStoreAvatar(avatarUrl, userId) {
try {
const uploadsDir = path.join(process.cwd(), 'public', 'avatars');
if (!fs.existsSync(uploadsDir)) {
fs.mkdirSync(uploadsDir, { recursive: true });
}
const response = await axios_1.default.get(avatarUrl, {
responseType: 'arraybuffer',
});
const ext = 'jpg';
const filename = `${userId}.${ext}`;
const filepath = path.join(uploadsDir, filename);
fs.writeFileSync(filepath, response.data);
return `/avatars/${filename}`;
}
catch (error) {
console.error('Error downloading avatar:', error);
throw error;
}
}
};
exports.AuthService = AuthService;
exports.AuthService = AuthService = __decorate([
(0, common_1.Injectable)(),
__param(2, (0, common_1.Inject)((0, common_1.forwardRef)(() => otp_service_1.OtpService))),
__metadata("design:paramtypes", [prisma_service_1.PrismaService,
jwt_1.JwtService,
otp_service_1.OtpService])
], AuthService);
//# sourceMappingURL=auth.service.js.map