feat: remove OTP gate from transactions, fix categories auth, add implementation plan

- Remove OtpGateGuard from transactions controller (OTP verified at login) - Fix categories controller to use authenticated user instead of TEMP_USER_ID - Add comprehensive implementation plan document - Update .env.example with WEB_APP_URL - Prepare for admin dashboard development
2025-10-11 14:00:11 +07:00
parent 0da6071eb3
commit 249f3a9d7d
159 changed files with 13748 additions and 3369 deletions
--- a/apps/api/dist/otp/otp.service.d.ts
+++ b/apps/api/dist/otp/otp.service.d.ts
@@ -0,0 +1,67 @@
+import { PrismaService } from '../prisma/prisma.service';
+export declare class OtpService {
+    private prisma;
+    private emailOtpStore;
+    private whatsappOtpStore;
+    constructor(prisma: PrismaService);
+    sendEmailOtp(userId: string): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    verifyEmailOtpForLogin(userId: string, code: string): boolean;
+    verifyEmailOtp(userId: string, code: string): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    disableEmailOtp(userId: string): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    setupTotp(userId: string): Promise<{
+        secret: string;
+        qrCode: string;
+    }>;
+    verifyTotp(userId: string, code: string): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    disableTotp(userId: string): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    getStatus(userId: string): Promise<{
+        emailEnabled: boolean;
+        whatsappEnabled: boolean;
+        totpEnabled: boolean;
+        phone?: undefined;
+        totpSecret?: undefined;
+    } | {
+        phone: string | null;
+        emailEnabled: boolean;
+        whatsappEnabled: boolean;
+        totpEnabled: boolean;
+        totpSecret: string | null;
+    }>;
+    verifyOtpGate(userId: string, code: string, method: 'email' | 'totp'): Promise<boolean>;
+    private generateOtpCode;
+    private sendOtpViaWebhook;
+    sendWhatsappOtp(userId: string, mode?: 'test' | 'live'): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    verifyWhatsappOtp(userId: string, code: string): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    verifyWhatsappOtpForLogin(userId: string, code: string): boolean;
+    disableWhatsappOtp(userId: string): Promise<{
+        success: boolean;
+        message: string;
+    }>;
+    checkWhatsappNumber(phone: string): Promise<{
+        success: boolean;
+        isRegistered: boolean;
+        message: string;
+    }>;
+    private sendWhatsappOtpViaWebhook;
+}