fix(validations): add some required validations and bypass for testing

* feat(verification): add config service for bypassing OTP validation in tests

* feat(validations): add AgeRangeValidator for birth date validation

* refactor(user): remove unnecessary Exclude decorators from user entity fields
and use instanceToPlain for user objects in responses

* feat(validations): add max length validation to various DTOs

Author: MarioRaafat

package-lock.json

@@ -509,18 +509,22 @@ export class AuthController {
         @Body() dto: MobileGitHubAuthDto,
         @Res({ passthrough: true }) response: Response
     ) {
-        const result = await this.auth_service.verifyGitHubMobileToken(dto.code, dto.redirect_uri, dto.code_verifier);
+        const result = await this.auth_service.verifyGitHubMobileToken(
+            dto.code,
+            dto.redirect_uri,
+            dto.code_verifier
+        );
 
         if ('needs_completion' in result && result.needs_completion) {
-            const sessionToken = await this.auth_service.createOAuthSession(result.user);
+            const session_token = await this.auth_service.createOAuthSession(result.user);
             return {
                 needs_completion: true,
-                session_token: sessionToken,
+                session_token: session_token,
                 provider: 'github',
             };
         }
 
-        if (!("user" in result) || !("id" in result.user)) {
+        if (!('user' in result) || !('id' in result.user)) {
             throw new BadRequestException(ERROR_MESSAGES.GITHUB_TOKEN_INVALID);
         }
 

src/auth/auth.controller.ts

@@ -259,7 +259,7 @@ export class AuthService {
         await this.redis_service.del(otp_key);
 
         return {
-            user: created_user,
+            user: instanceToPlain(created_user),
             access_token,
             refresh_token,
         };
@@ -311,7 +311,7 @@ export class AuthService {
         const { access_token, refresh_token } = await this.generateTokens(id);
 
         return {
-            user: user,
+            user: instanceToPlain(user),
             access_token: access_token,
             refresh_token: refresh_token,
         };
@@ -629,7 +629,7 @@ export class AuthService {
 
             if (user) {
                 return {
-                    user: user,
+                    user: instanceToPlain(user),
                     needs_completion: false,
                 };
             }
@@ -655,7 +655,7 @@ export class AuthService {
                     }
 
                     return {
-                        user: updated_user,
+                        user: instanceToPlain(updated_user),
                         needs_completion: false,
                     };
                 }
@@ -736,7 +736,7 @@ export class AuthService {
             let user = await this.user_repository.findByGithubId(github_user.github_id);
             if (user) {
                 return {
-                    user: user,
+                    user: instanceToPlain(user),
                     needs_completion: false,
                 };
             }
@@ -758,7 +758,7 @@ export class AuthService {
                 }
 
                 return {
-                    user: updated_user,
+                    user: instanceToPlain(updated_user),
                     needs_completion: false,
                 };
             }

src/auth/auth.service.ts

@@ -1,5 +1,6 @@
-import { IsNotEmpty, Matches, MinLength } from 'class-validator';
+import { IsNotEmpty, Matches, MaxLength, MinLength } from 'class-validator';
 import { ApiProperty } from '@nestjs/swagger';
+import { STRING_MAX_LENGTH } from 'src/constants/variables';
 
 export class ChangePasswordAuthDTO {
     @ApiProperty({
@@ -10,6 +11,7 @@ export class ChangePasswordAuthDTO {
     })
     @IsNotEmpty()
     @MinLength(8)
+    @MaxLength(STRING_MAX_LENGTH)
     @Matches(/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/, {
         message:
             'Password must contain at least one uppercase letter, one lowercase letter, and one number or special character',
@@ -24,6 +26,7 @@ export class ChangePasswordAuthDTO {
     })
     @IsNotEmpty()
     @MinLength(8)
+    @MaxLength(STRING_MAX_LENGTH)
     @Matches(/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/, {
         message:
             'Password must contain at least one uppercase letter, one lowercase letter, and one number or special character',

src/auth/dto/change-password-auth.dto.ts

@@ -1,5 +1,6 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { IsNotEmpty, IsString } from 'class-validator';
+import { IsNotEmpty, IsString, MaxLength } from 'class-validator';
+import { STRING_MAX_LENGTH } from 'src/constants/variables';
 
 export class CheckIdentifierDto {
     @ApiProperty({
@@ -8,5 +9,6 @@ export class CheckIdentifierDto {
     })
     @IsString()
     @IsNotEmpty()
+    @MaxLength(STRING_MAX_LENGTH)
     identifier: string;
 }

src/auth/dto/check-identifier.dto.ts

@@ -1,21 +1,27 @@
-import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { IsEmail, IsNotEmpty, IsOptional, IsString, MaxLength } from 'class-validator';
+import { STRING_MAX_LENGTH } from 'src/constants/variables';
 
 export class FacebookLoginDTO {
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     facebook_id: string;
 
     @IsEmail()
+    @MaxLength(STRING_MAX_LENGTH)
     email: string;
 
     @IsNotEmpty()
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     first_name: string;
 
     @IsNotEmpty()
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     last_name: string;
 
     @IsOptional()
     @IsString()
+    @MaxLength(500)
     avatar_url?: string;
 }

src/auth/dto/facebook-login.dto.ts

@@ -1,5 +1,6 @@
-import { IsNotEmpty, IsString } from 'class-validator';
+import { IsNotEmpty, IsString, MaxLength } from 'class-validator';
 import { ApiProperty } from '@nestjs/swagger';
+import { STRING_MAX_LENGTH } from 'src/constants/variables';
 
 export class ForgetPasswordDto {
     // email - username - phone_number
@@ -9,5 +10,6 @@ export class ForgetPasswordDto {
     })
     @IsString()
     @IsNotEmpty()
+    @MaxLength(STRING_MAX_LENGTH)
     identifier: string;
 }

src/auth/dto/forget-password.dto.ts

@@ -1,19 +1,22 @@
-import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { IsEmail, IsNotEmpty, IsOptional, IsString, MaxLength } from 'class-validator';
 import { ApiProperty } from '@nestjs/swagger';
+import { STRING_MAX_LENGTH } from 'src/constants/variables';
 
 export class GitHubUserDto {
     @ApiProperty({
         description: 'GitHub user ID',
         example: '12345678',
     })
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     github_id: string;
 
     @ApiProperty({
         description: 'User email from GitHub',
         example: 'shady@example.com',
     })
     @IsEmail()
+    @MaxLength(STRING_MAX_LENGTH)
     email: string;
 
     @ApiProperty({
@@ -22,13 +25,15 @@ export class GitHubUserDto {
     })
     @IsString()
     @IsNotEmpty()
+    @MaxLength(STRING_MAX_LENGTH)
     first_name: string;
 
     @ApiProperty({
         description: 'Last name from GitHub profile',
         example: 'Raafat',
     })
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     last_name: string;
 
     @ApiProperty({
@@ -38,5 +43,6 @@ export class GitHubUserDto {
     })
     @IsOptional()
     @IsString()
+    @MaxLength(500)
     avatar_url?: string;
 }

src/auth/dto/github-user.dto.ts

@@ -1,21 +1,27 @@
-import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { IsEmail, IsNotEmpty, IsOptional, IsString, MaxLength } from 'class-validator';
+import { STRING_MAX_LENGTH } from 'src/constants/variables';
 
 export class GoogleLoginDTO {
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     google_id: string;
 
     @IsEmail()
+    @MaxLength(STRING_MAX_LENGTH)
     email: string;
 
     @IsNotEmpty()
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     first_name: string;
 
     @IsNotEmpty()
     @IsString()
+    @MaxLength(STRING_MAX_LENGTH)
     last_name: string;
 
     @IsOptional()
     @IsString()
+    @MaxLength(500)
     avatar_url?: string;
 }

src/auth/dto/google-login.dto.ts

@@ -1,5 +1,6 @@
-import { IsIn, IsNotEmpty, IsString, Matches, MinLength } from 'class-validator';
+import { IsIn, IsNotEmpty, IsString, Matches, MaxLength, MinLength } from 'class-validator';
 import { ApiProperty } from '@nestjs/swagger';
+import { STRING_MAX_LENGTH } from 'src/constants/variables';
 
 export class LoginDTO {
     @ApiProperty({
@@ -9,6 +10,7 @@ export class LoginDTO {
     })
     @IsString()
     @IsNotEmpty()
+    @MaxLength(STRING_MAX_LENGTH)
     identifier: string;
 
     @ApiProperty({
@@ -17,6 +19,7 @@ export class LoginDTO {
     })
     @IsString()
     @IsNotEmpty()
+    @MaxLength(STRING_MAX_LENGTH)
     @IsIn(['email', 'phone_number', 'username'], {
         message: 'Type must be one of: email, phone_number, or username',
     })
@@ -29,5 +32,6 @@ export class LoginDTO {
         minLength: 8,
     })
     @IsNotEmpty()
+    @MaxLength(STRING_MAX_LENGTH)
     password: string;
 }