Merge pull request #58 from CS3219-AY2425S1/ms3

Milestone 3

Author: evanyan13

backend/auth-service/.env.example

@@ -11,5 +11,12 @@ GITHUB_CLIENT_ID=GITHUB_CLIENT_ID
 GITHUB_CLIENT_SECRET=GITHUB_CLIENT_SECRET
 GITHUB_CALLBACK_URL=http://localhost:4000/api/auth/github/callback
 
+# Gmail Service
+NODEMAILER_GMAIL_USER=GMAIL_EMAIL
+NODEMAILER_GMAIL_PASSWORD=GMAIL_PASSWORD
+
 # Database
-MONGO_CONNECTION_STRING=MONGO_CONNECTION_STRING
+MONGO_CONNECTION_STRING=MONGO_CONNECTION_STRING
+
+# Frontend
+FRONTEND_URL=http://localhost:3000

backend/auth-service/package-lock.json

@@ -32,6 +32,7 @@
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
     "google-auth-library": "^9.14.1",
+    "nodemailer": "^6.9.15",
     "passport": "^0.7.0",
     "passport-github2": "^0.1.12",
     "passport-google-oauth20": "^2.0.0",
@@ -47,6 +48,7 @@
     "@types/express": "^4.17.17",
     "@types/jest": "^29.5.2",
     "@types/node": "^20.3.1",
+    "@types/nodemailer": "^6.4.16",
     "@types/passport-google-oauth20": "^2.0.16",
     "@types/supertest": "^6.0.0",
     "@typescript-eslint/eslint-plugin": "^8.0.0",

backend/auth-service/package.json

@@ -14,9 +14,4 @@ describe('AppController', () => {
     appController = app.get<AppController>(AppController);
   });
 
-  describe('root', () => {
-    it('should return "Hello World!"', () => {
-      expect(appController.getHello()).toBe('Hello World!');
-    });
-  });
 });

backend/auth-service/src/app.controller.spec.ts

@@ -1,7 +1,13 @@
 import { Controller } from '@nestjs/common';
 import { AppService } from './app.service';
 import { MessagePattern, Payload } from '@nestjs/microservices';
-import { AuthDto, AuthIdDto, RefreshTokenDto } from './dto';
+import {
+  AuthDto,
+  AuthIdDto,
+  RefreshTokenDto,
+  ResetPasswordDto,
+  ResetPasswordRequestDto,
+} from './dto';
 
 @Controller()
 export class AppController {
@@ -22,11 +28,26 @@ export class AppController {
     return this.appService.logout(dto);
   }
 
+  @MessagePattern({ cmd: 'request-reset-password' })
+  requestResetPassword(@Payload() dto: ResetPasswordRequestDto) {
+    return this.appService.generateResetPasswordRequest(dto);
+  }
+
+  @MessagePattern({ cmd: 'reset-password' })
+  resetPassword(@Payload() dto: ResetPasswordDto) {
+    return this.appService.resetPassword(dto);
+  }
+
   @MessagePattern({ cmd: 'refresh-token' })
   refreshToken(@Payload() dto: RefreshTokenDto) {
     return this.appService.refreshToken(dto);
   }
 
+  @MessagePattern({ cmd: 'validate-password-reset-token' })
+  validatePasswordResetToken(token: string) {
+    return this.appService.validatePasswordResetToken(token);
+  }
+
   @MessagePattern({ cmd: 'validate-access-token' })
   validateToken(accessToken: string) {
     return this.appService.validateAccessToken(accessToken);

backend/auth-service/src/app.controller.ts

@@ -1,15 +1,22 @@
 import * as bcrypt from 'bcryptjs';
-import { Inject, Injectable } from '@nestjs/common';
+import { HttpStatus, Inject, Injectable } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { Credentials, OAuth2Client } from 'google-auth-library';
 import { ClientProxy } from '@nestjs/microservices';
-import { AuthDto, AuthIdDto, RefreshTokenDto } from './dto';
+import {
+  AuthDto,
+  AuthIdDto,
+  RefreshTokenDto,
+  ResetPasswordDto,
+  ResetPasswordRequestDto,
+} from './dto';
 import { HttpService } from '@nestjs/axios';
 import { RpcException } from '@nestjs/microservices';
 import { firstValueFrom } from 'rxjs';
 import axios, { AxiosResponse } from 'axios';
 import { Token, TokenPayload } from './interfaces';
 import { AccountProvider } from './constants/account-provider.enum';
+import * as nodemailer from 'nodemailer';
 
 const SALT_ROUNDS = 10;
 
@@ -49,6 +56,8 @@ export class AppService {
       const tokens = await this.generateTokens({
         id: userId,
         email: newUser.email,
+        isOnboarded: newUser.isOnboarded,
+        roles: newUser.roles,
       });
       await this.updateRefreshToken({
         id: userId,
@@ -85,6 +94,8 @@ export class AppService {
       const tokens = await this.generateTokens({
         id: userId,
         email: user.email,
+        isOnboarded: user.isOnboarded,
+        roles: user.roles,
       });
       await this.updateRefreshToken({
         id: userId,
@@ -132,6 +143,8 @@ export class AppService {
       const tokens = await this.generateTokens({
         id: id,
         email: user.email,
+        isOnboarded: user.isOnboarded,
+        roles: user.roles,
       });
       await this.updateRefreshToken({ id, refreshToken: tokens.refresh_token });
 
@@ -141,6 +154,102 @@ export class AppService {
     }
   }
 
+  public async generateResetPasswordRequest(dto: ResetPasswordRequestDto): Promise<boolean> {
+    const user = await firstValueFrom(
+      this.userClient.send(
+        {
+          cmd: 'get-user-by-email',
+        },
+        dto.email,
+      ),
+    );
+
+    if (!user) {
+      throw new RpcException('User not found');
+    }
+
+    const resetToken = this.jwtService.sign(
+      { userId: user._id.toString(), email: dto.email, type: 'reset-password' },
+      {
+        secret: process.env.JWT_SECRET,
+        expiresIn: '1hr',
+      },
+    );
+
+    // Send reset password email
+    await this.sendResetEmail(user.email, resetToken);
+
+    return true;
+  }
+
+  public async resetPassword(dto: ResetPasswordDto): Promise<boolean> {
+    const { userId, email } = await this.validatePasswordResetToken(dto.token);
+
+    const hashedPassword = await bcrypt.hash(dto.password, SALT_ROUNDS);
+
+    const response = await firstValueFrom(
+      this.userClient.send(
+        { cmd: 'update-user-password' },
+        { id: userId, password: hashedPassword },
+      ),
+    );
+
+    if (!response) {
+      throw new RpcException('Error resetting password');
+    }
+
+    return true;
+  }
+
+  public async validatePasswordResetToken(token: string): Promise<any> {
+    try {
+      const decoded = this.jwtService.verify(token, {
+        secret: process.env.JWT_SECRET,
+      });
+      const { userId, email, type } = decoded;
+      if (type !== 'reset-password') {
+        throw new RpcException({
+          statusCode: HttpStatus.UNAUTHORIZED,
+          message: 'Unauthorized: Invalid or expired password reset token',
+        });
+      }
+      return { userId, email };
+    } catch (err) {
+      throw new RpcException({
+        statusCode: HttpStatus.UNAUTHORIZED,
+        message: 'Unauthorized: Invalid or expired password reset token',
+      });
+    }
+  }
+
+  private async sendResetEmail(email: string, token: string) {
+    const resetUrl = `${process.env.FRONTEND_URL}/reset-password?token=${token}`; // To change next time
+
+    const transporter = nodemailer.createTransport({
+      service: 'gmail',
+      host: 'smtp.gmail.com',
+      port: 465,
+      secure: true,
+      auth: {
+        user: process.env.NODEMAILER_GMAIL_USER,
+        pass: process.env.NODEMAILER_GMAIL_PASSWORD,
+      },
+    });
+
+    const mailOptions = {
+      from: '[email protected]',
+      to: email,
+      subject: 'Password Reset for PeerPrep',
+      text: `Click here to reset your password: ${resetUrl}`,
+    };
+
+    transporter.sendMail(mailOptions, (error, info) => {
+      if (error) {
+        throw new RpcException(`Error sending reset email: ${error.message}`);
+      }
+    });
+  }
+
   public async validateAccessToken(accessToken: string): Promise<any> {
     try {
       const decoded = this.jwtService.verify(accessToken, {
@@ -180,23 +289,23 @@ export class AppService {
 
   // Could include other fields like roles in the future
   private async generateTokens(payload: TokenPayload): Promise<Token> {
-    const { id, email } = payload;
+    const { id, ...rest } = payload;
 
     const [accessToken, refreshToken] = await Promise.all([
       this.jwtService.signAsync(
-        {
-          sub: id,
-          email,
-        },
-        {
-          secret: process.env.JWT_SECRET,
-          expiresIn: '15m', // 15 minute
+      {
+        sub: id,
+        ...rest,
+      },
+      {
+        secret: process.env.JWT_SECRET,
+        expiresIn: '1h', // 1 hour
         },
       ),
       this.jwtService.signAsync(
         {
           sub: id,
-          email,
+          ...rest,
         },
         {
           secret: process.env.JWT_REFRESH_SECRET,
@@ -257,6 +366,8 @@ export class AppService {
       const jwtTokens = await this.generateTokens({
         id: user._id.toString(),
         email: user.email,
+        isOnboarded: user.isOnboarded,
+        roles: user.roles,
       });
 
       await this.updateRefreshToken({
@@ -358,6 +469,8 @@ export class AppService {
     const jwtTokens = await this.generateTokens({
       id: user._id.toString(),
       email: user.email,
+      isOnboarded: user.isOnboarded,
+      roles: user.roles,
     });
 
     await this.updateRefreshToken({
@@ -412,7 +525,7 @@ export class AppService {
       return {
         ...response.data,
         email: emailResponse.data.find((email) => email.primary)?.email,
-      }
+      };
     } catch (error) {
       throw new RpcException(
         `Unable to retrieve Github user profile: ${error.message}`,

backend/auth-service/src/app.service.ts

@@ -1,3 +1,5 @@
 export { AuthDto } from './auth.dto';
 export { AuthIdDto } from './auth-id.dto';
 export { RefreshTokenDto } from './refresh-token.dto';
+export { ResetPasswordRequestDto } from './reset-password-request.dto';
+export { ResetPasswordDto } from './reset-password.dto';

backend/auth-service/src/dto/index.ts

@@ -0,0 +1,7 @@
+import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
+
+export class ResetPasswordRequestDto {
+  @IsEmail()
+  @IsNotEmpty()
+  email: string;
+}

backend/auth-service/src/dto/reset-password-request.dto.ts

@@ -0,0 +1,11 @@
+import { IsNotEmpty, IsString } from 'class-validator';
+
+export class ResetPasswordDto {
+  @IsString()
+  @IsNotEmpty()
+  token: string;
+
+  @IsString()
+  @IsNotEmpty()
+  password: string;
+}

backend/auth-service/src/dto/reset-password.dto.ts

@@ -1,4 +1,6 @@
 export interface TokenPayload {
   id: string;
   email: string;
+  isOnboarded: boolean;
+  roles: string[];
 }