feat: remove OTP gate from transactions, fix categories auth, add implementation plan

- Remove OtpGateGuard from transactions controller (OTP verified at login) - Fix categories controller to use authenticated user instead of TEMP_USER_ID - Add comprehensive implementation plan document - Update .env.example with WEB_APP_URL - Prepare for admin dashboard development
2025-10-11 14:00:11 +07:00
parent 0da6071eb3
commit 249f3a9d7d
159 changed files with 13748 additions and 3369 deletions
--- a/apps/api/dist/otp/otp-gate.guard.js
+++ b/apps/api/dist/otp/otp-gate.guard.js
@@ -0,0 +1,56 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OtpGateGuard = void 0;
+const common_1 = require("@nestjs/common");
+const otp_service_1 = require("./otp.service");
+let OtpGateGuard = class OtpGateGuard {
+    otpService;
+    constructor(otpService) {
+        this.otpService = otpService;
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const userId = request.user?.userId;
+        if (!userId) {
+            return true;
+        }
+        const status = await this.otpService.getStatus(userId);
+        if (!status.emailEnabled && !status.totpEnabled) {
+            return true;
+        }
+        const otpCode = request.headers['x-otp-code'] || request.body?.otpCode;
+        const otpMethod = (request.headers['x-otp-method'] ||
+            request.body?.otpMethod ||
+            'totp');
+        if (!otpCode) {
+            throw new common_1.UnauthorizedException({
+                message: 'OTP verification required',
+                requiresOtp: true,
+                availableMethods: {
+                    email: status.emailEnabled,
+                    totp: status.totpEnabled,
+                },
+            });
+        }
+        const isValid = await this.otpService.verifyOtpGate(userId, otpCode, otpMethod);
+        if (!isValid) {
+            throw new common_1.UnauthorizedException('Invalid OTP code');
+        }
+        return true;
+    }
+};
+exports.OtpGateGuard = OtpGateGuard;
+exports.OtpGateGuard = OtpGateGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [otp_service_1.OtpService])
+], OtpGateGuard);
+//# sourceMappingURL=otp-gate.guard.js.map