Merge pull request #483 from wumibals/auth

initialized the auth module

Author: yusuftomilola

backend/src/auth/auth.controller.ts

@@ -0,0 +1,120 @@
+import {
+  Controller,
+  Post,
+  Get,
+  Body,
+  UseGuards,
+  HttpCode,
+  HttpStatus,
+  Headers,
+  UnauthorizedException,
+} from '@nestjs/common';
+import {
+  ApiTags,
+  ApiOperation,
+  ApiResponse,
+  ApiBearerAuth,
+} from '@nestjs/swagger';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+import { AuthService } from './auth.service';
+import { RegisterDto } from './dto/register.dto';
+import { LoginDto } from './dto/login.dto';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { CurrentUser } from './decorators/current-user.decorator';
+import { User } from '../users/user.entity';
+
+@ApiTags('Auth')
+@Controller('auth')
+export class AuthController {
+  constructor(
+    private readonly authService: AuthService,
+    private readonly jwtService: JwtService,
+    private readonly configService: ConfigService,
+  ) {}
+
+  @Post('register')
+  @ApiOperation({ summary: 'Create a new account' })
+  @ApiResponse({ status: 201, description: 'Account created successfully' })
+  @ApiResponse({ status: 409, description: 'Email already in use' })
+  async register(@Body() dto: RegisterDto) {
+    const { user, tokens } = await this.authService.register(dto);
+    return {
+      user: {
+        id: user.id,
+        email: user.email,
+        firstName: user.firstName,
+        lastName: user.lastName,
+        role: user.role,
+      },
+      ...tokens,
+    };
+  }
+
+  @Post('login')
+  @HttpCode(HttpStatus.OK)
+  @ApiOperation({ summary: 'Sign in with email and password' })
+  @ApiResponse({ status: 200, description: 'Login successful' })
+  @ApiResponse({ status: 401, description: 'Invalid credentials' })
+  async login(@Body() dto: LoginDto) {
+    const { user, tokens } = await this.authService.login(dto);
+    return {
+      user: {
+        id: user.id,
+        email: user.email,
+        firstName: user.firstName,
+        lastName: user.lastName,
+        role: user.role,
+      },
+      ...tokens,
+    };
+  }
+
+  @Post('refresh')
+  @HttpCode(HttpStatus.OK)
+  @ApiOperation({ summary: 'Refresh access token using refresh token' })
+  @ApiResponse({ status: 200, description: 'Tokens refreshed' })
+  @ApiResponse({ status: 401, description: 'Invalid or expired refresh token' })
+  async refresh(@Headers('authorization') authHeader: string) {
+    if (!authHeader?.startsWith('Bearer ')) {
+      throw new UnauthorizedException('Refresh token required');
+    }
+    const refreshToken = authHeader.slice(7);
+
+    let payload: { sub: string };
+    try {
+      payload = await this.jwtService.verifyAsync(refreshToken, {
+        secret: this.configService.get<string>('JWT_REFRESH_SECRET', 'change-me-refresh'),
+      });
+    } catch {
+      throw new UnauthorizedException('Session expired. Please log in again.');
+    }
+
+    const tokens = await this.authService.refresh(payload.sub, refreshToken);
+    return tokens;
+  }
+
+  @Post('logout')
+  @HttpCode(HttpStatus.NO_CONTENT)
+  @UseGuards(JwtAuthGuard)
+  @ApiBearerAuth('JWT-auth')
+  @ApiOperation({ summary: 'Sign out and invalidate tokens' })
+  async logout(@CurrentUser() user: User) {
+    await this.authService.logout(user.id);
+  }
+
+  @Get('me')
+  @UseGuards(JwtAuthGuard)
+  @ApiBearerAuth('JWT-auth')
+  @ApiOperation({ summary: 'Get currently authenticated user' })
+  me(@CurrentUser() user: User) {
+    return {
+      id: user.id,
+      email: user.email,
+      firstName: user.firstName,
+      lastName: user.lastName,
+      role: user.role,
+      createdAt: user.createdAt,
+    };
+  }
+}

backend/src/auth/auth.module.ts

@@ -0,0 +1,19 @@
+import { Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+import { JwtStrategy } from './strategies/jwt.strategy';
+import { UsersModule } from '../users/users.module';
+
+@Module({
+  imports: [
+    UsersModule,
+    PassportModule,
+    JwtModule.register({}),
+  ],
+  controllers: [AuthController],
+  providers: [AuthService, JwtStrategy],
+  exports: [AuthService, JwtModule],
+})
+export class AuthModule {}

backend/src/auth/auth.service.ts

@@ -0,0 +1,105 @@
+import {
+  Injectable,
+  ConflictException,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { ConfigService } from '@nestjs/config';
+import * as bcrypt from 'bcrypt';
+import { UsersService } from '../users/users.service';
+import { RegisterDto } from './dto/register.dto';
+import { LoginDto } from './dto/login.dto';
+import { User } from '../users/user.entity';
+
+export interface AuthTokens {
+  accessToken: string;
+  refreshToken: string;
+}
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private readonly usersService: UsersService,
+    private readonly jwtService: JwtService,
+    private readonly configService: ConfigService,
+  ) {}
+
+  async register(dto: RegisterDto): Promise<{ user: User; tokens: AuthTokens }> {
+    const existing = await this.usersService.findByEmail(dto.email);
+    if (existing) {
+      throw new ConflictException('An account with this email already exists');
+    }
+
+    const hashedPassword = await bcrypt.hash(dto.password, 12);
+    const user = await this.usersService.create({
+      email: dto.email.toLowerCase(),
+      firstName: dto.firstName,
+      lastName: dto.lastName,
+      password: hashedPassword,
+    });
+
+    const tokens = await this.signTokens(user);
+    await this.storeRefreshToken(user.id, tokens.refreshToken);
+
+    return { user, tokens };
+  }
+
+  async login(dto: LoginDto): Promise<{ user: User; tokens: AuthTokens }> {
+    const user = await this.usersService.findByEmail(dto.email.toLowerCase());
+    if (!user) {
+      throw new UnauthorizedException('Invalid email or password');
+    }
+
+    const passwordMatch = await bcrypt.compare(dto.password, user.password);
+    if (!passwordMatch) {
+      throw new UnauthorizedException('Invalid email or password');
+    }
+
+    const tokens = await this.signTokens(user);
+    await this.storeRefreshToken(user.id, tokens.refreshToken);
+
+    return { user, tokens };
+  }
+
+  async refresh(userId: string, incomingRefreshToken: string): Promise<AuthTokens> {
+    const user = await this.usersService.findByRefreshToken(userId);
+    if (!user || !user.refreshToken) {
+      throw new UnauthorizedException('Session expired. Please log in again.');
+    }
+
+    const tokenMatch = await bcrypt.compare(incomingRefreshToken, user.refreshToken);
+    if (!tokenMatch) {
+      throw new UnauthorizedException('Session expired. Please log in again.');
+    }
+
+    const tokens = await this.signTokens(user);
+    await this.storeRefreshToken(user.id, tokens.refreshToken);
+    return tokens;
+  }
+
+  async logout(userId: string): Promise<void> {
+    await this.usersService.updateRefreshToken(userId, null);
+  }
+
+  private async signTokens(user: User): Promise<AuthTokens> {
+    const payload = { sub: user.id, email: user.email, role: user.role };
+
+    const [accessToken, refreshToken] = await Promise.all([
+      this.jwtService.signAsync(payload, {
+        secret: this.configService.get<string>('JWT_SECRET', 'change-me-in-env'),
+        expiresIn: '15m',
+      }),
+      this.jwtService.signAsync(payload, {
+        secret: this.configService.get<string>('JWT_REFRESH_SECRET', 'change-me-refresh'),
+        expiresIn: '7d',
+      }),
+    ]);
+
+    return { accessToken, refreshToken };
+  }
+
+  private async storeRefreshToken(userId: string, token: string): Promise<void> {
+    const hashed = await bcrypt.hash(token, 10);
+    await this.usersService.updateRefreshToken(userId, hashed);
+  }
+}