feat: remove OTP gate from transactions, fix categories auth, add implementation plan

- Remove OtpGateGuard from transactions controller (OTP verified at login) - Fix categories controller to use authenticated user instead of TEMP_USER_ID - Add comprehensive implementation plan document - Update .env.example with WEB_APP_URL - Prepare for admin dashboard development
2025-10-11 14:00:11 +07:00
parent 0da6071eb3
commit 249f3a9d7d
159 changed files with 13748 additions and 3369 deletions
--- a/apps/api/dist/users/users.service.js
+++ b/apps/api/dist/users/users.service.js
@@ -1,10 +1,43 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
@@ -13,6 +46,7 @@ exports.UsersService = void 0;
 const common_1 = require("@nestjs/common");
 const prisma_service_1 = require("../prisma/prisma.service");
 const user_util_1 = require("../common/user.util");
+const bcrypt = __importStar(require("bcrypt"));
 let UsersService = class UsersService {
    prisma;
    constructor(prisma) {
@@ -22,6 +56,79 @@ let UsersService = class UsersService {
        const userId = (0, user_util_1.getTempUserId)();
        return this.prisma.user.findUnique({ where: { id: userId } });
    }
+    async updateProfile(userId, data) {
+        try {
+            const user = await this.prisma.user.update({
+                where: { id: userId },
+                data: {
+                    ...(data.name !== undefined && { name: data.name }),
+                    ...(data.phone !== undefined && { phone: data.phone }),
+                },
+                select: {
+                    id: true,
+                    email: true,
+                    name: true,
+                    phone: true,
+                    avatarUrl: true,
+                },
+            });
+            return {
+                success: true,
+                message: 'Profile updated successfully',
+                user,
+            };
+        }
+        catch (error) {
+            if (error.code === 'P2002') {
+                throw new common_1.BadRequestException('Phone number already in use');
+            }
+            throw error;
+        }
+    }
+    async getAuthInfo(userId) {
+        const user = await this.prisma.user.findUnique({
+            where: { id: userId },
+            select: {
+                passwordHash: true,
+                avatarUrl: true,
+            },
+        });
+        const hasGoogleAuth = user?.avatarUrl?.includes('googleusercontent.com') ||
+            user?.avatarUrl?.startsWith('/avatars/') ||
+            false;
+        return {
+            hasGoogleAuth,
+            hasPassword: user?.passwordHash !== null,
+        };
+    }
+    async deleteAccount(userId, password) {
+        const user = await this.prisma.user.findUnique({
+            where: { id: userId },
+            select: {
+                passwordHash: true,
+            },
+        });
+        if (!user) {
+            throw new common_1.BadRequestException('User not found');
+        }
+        if (!user.passwordHash) {
+            throw new common_1.BadRequestException('Cannot delete account without password. Please set a password first.');
+        }
+        const isValid = await bcrypt.compare(password, user.passwordHash);
+        if (!isValid) {
+            throw new common_1.UnauthorizedException('Incorrect password');
+        }
+        await this.prisma.authAccount.deleteMany({
+            where: { userId: userId },
+        });
+        await this.prisma.user.delete({
+            where: { id: userId },
+        });
+        return {
+            success: true,
+            message: 'Account deleted successfully',
+        };
+    }
 };
 exports.UsersService = UsersService;
 exports.UsersService = UsersService = __decorate([