Rykuno
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎apps/api/.env.example‎
Lines changed: 2 additions & 1 deletion b/‎apps/api/.env.example‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎apps/api/src/app.controller.ts‎
Lines changed: 2 additions & 0 deletions b/‎apps/api/src/app.controller.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎apps/api/src/app.module.ts‎
Lines changed: 11 additions & 2 deletions b/‎apps/api/src/app.module.ts‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎apps/api/src/auth/better-auth.provider.ts‎
Lines changed: 1 addition & 1 deletion b/‎apps/api/src/auth/better-auth.provider.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎apps/api/src/auth/dtos/active-user.dto.ts‎
Lines changed: 0 additions & 5 deletions b/‎apps/api/src/auth/dtos/active-user.dto.ts‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎apps/api/src/auth/guards/auth.guard.ts‎
Lines changed: 10 additions & 1 deletion b/‎apps/api/src/auth/guards/auth.guard.ts‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎apps/api/src/common/config/app.config.ts‎
Lines changed: 14 additions & 7 deletions b/‎apps/api/src/common/config/app.config.ts‎
Lines changed: 14 additions & 7 deletions
diff --git a/‎apps/api/src/common/config/auth.config.ts‎
Lines changed: 4 additions & 1 deletion b/‎apps/api/src/common/config/auth.config.ts‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎apps/api/src/common/config/mail.config.ts‎
Lines changed: 6 additions & 4 deletions b/‎apps/api/src/common/config/mail.config.ts‎
Lines changed: 6 additions & 4 deletions
@@ -36,3 +36,5 @@ yarn-error.log*
 # Misc
 .DS_Store
 *.pem
+volume/cache/*.key
+volume/cache/*.crt
@@ -15,10 +15,11 @@ CACHE_URL=redis://localhost:6379
 
 # email
 MAIL_DOMAIN=example.com
+MAILPIT_URL=http://localhost:8025
 
 # storage
 STORAGE_URL=http://localhost:9000
 STORAGE_BUCKET_NAME=public
 STORAGE_REGION=us-east-1
 STORAGE_ACCESS_KEY=admin
-STORAGE_SECRET_KEY=admin
+STORAGE_SECRET_KEY=admin
@@ -1,8 +1,10 @@
 import { Controller, Get } from '@nestjs/common';
+import { Auth, AuthType } from './auth/decorators/auth.decorator';
 
 @Controller()
 export class AppController {
   @Get('/healthz')
+  @Auth(AuthType.Public)
   healthz() {
     return {
       status: 'ok',
 
@@ -24,12 +24,21 @@ import { DRIZZLE_PROVIDER } from './databases/drizzle.provider';
 @Module({
   imports: [
     ConfigifyModule.forRootAsync(),
-    MulterModule,
+    MulterModule.register({
+      limits: {
+        fileSize: 5 * 1024 * 1024,
+      },
+    }),
     ThrottlerModule.forRootAsync({
       inject: [CacheConfig],
       useFactory: (cacheConfig: CacheConfig) => {
         return {
-          throttlers: [],
+          throttlers: [
+            {
+              ttl: 60_000,
+              limit: 100,
+            },
+          ],
           storage: new ThrottlerStorageRedisService(cacheConfig.url),
         };
       },
 
@@ -86,7 +86,7 @@ export const BetterAuthProvider = {
           return mailService.sendVerificationEmail({
             to: user.email,
             props: {
-              expirationHours: 24,
+              expirationHours: 1,
               userEmail: user.email,
               verificationUrl: url,
             },
 
@@ -1,8 +1,4 @@
 import { User } from 'better-auth';
-import { Transform } from 'class-transformer';
-
-const STORAGE_URL = process.env['STORAGE_URL']?.replace(/\/+$/, '') ?? 'http://localhost:9000';
-const STORAGE_BUCKET = process.env['STORAGE_BUCKET_NAME'] ?? 'public';
 
 export class ActiveUserDto implements User {
   id!: string;
@@ -11,6 +7,5 @@ export class ActiveUserDto implements User {
   email!: string;
   createdAt!: Date;
   updatedAt!: Date;
-  @Transform(({ value }) => (value ? `${STORAGE_URL}/${STORAGE_BUCKET}/${value}` : null))
   image?: string | null;
 }
@@ -2,7 +2,10 @@ import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from
 import { AUTH_TYPE_KEY, AuthType } from '../decorators/auth.decorator';
 import { Reflector } from '@nestjs/core';
 import { Session, User } from 'better-auth';
+import type { Request } from 'express';
 import { BetterAuth, InjectBetterAuth } from '../better-auth.provider';
+import { StorageConfig } from 'src/common/config/storage.config';
+import { toPublicStorageUrl } from 'src/storage/storage.utils';
 
 export interface AuthGuardRequest extends Request {
   session?: Session;
@@ -16,6 +19,7 @@ export class AuthGuard implements CanActivate {
   constructor(
     @InjectBetterAuth() private readonly betterAuth: BetterAuth,
     private readonly reflector: Reflector,
+    private readonly storageConfig: StorageConfig,
   ) {}
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
@@ -35,7 +39,12 @@ export class AuthGuard implements CanActivate {
 
     // set session and user on request
     request.session = session?.session;
-    request.user = session?.user;
+    request.user = session?.user
+      ? {
+          ...session.user,
+          image: toPublicStorageUrl(this.storageConfig, session.user.image),
+        }
+      : undefined;
 
     // if auth type is required, check if session exists
     if (authType === AuthType.Required) {
 
@@ -25,14 +25,21 @@ export class AppConfig {
 
   @IsBoolean()
   @IsNotEmpty()
-  isProduction: boolean = process.env['NODE_ENV'] === 'production';
+  @Value('NODE_ENV', {
+    default: 'development',
+    parse: (value) => value === 'production',
+  })
+  isProduction!: boolean;
 
   @IsObject()
   @IsNotEmpty()
-  cors: CorsOptions = {
-    origin: process.env['APP_WEB_URL']!,
-    credentials: true,
-    methods: ['GET', 'PATCH', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'HEAD'],
-    allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'user-agent', 'Accept'],
-  };
+  @Value('APP_WEB_URL', {
+    parse: (origin: string): CorsOptions => ({
+      origin,
+      credentials: true,
+      methods: ['GET', 'PATCH', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'HEAD'],
+      allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'user-agent', 'Accept'],
+    }),
+  })
+  cors!: CorsOptions;
 }
@@ -14,5 +14,8 @@ export class AuthConfig {
 
   @IsString({ each: true })
   @IsNotEmpty()
-  trustedOrigins = [process.env['APP_WEB_URL']!];
+  @Value('APP_WEB_URL', {
+    parse: (origin: string) => [origin],
+  })
+  trustedOrigins!: string[];
 }
@@ -1,5 +1,5 @@
 import { Configuration, Value } from '@itgorillaz/configify';
-import { IsNotEmpty, IsString } from 'class-validator';
+import { IsNotEmpty, IsString, IsUrl } from 'class-validator';
 
 @Configuration()
 export class MailConfig {
@@ -8,8 +8,10 @@ export class MailConfig {
   @Value('MAIL_DOMAIN')
   domain!: string;
 
+  @IsUrl({ require_tld: false })
   @IsNotEmpty()
-  mailpit = {
-    url: 'http://localhost:8025',
-  };
+  @Value('MAILPIT_URL', {
+    default: 'http://localhost:8025',
+  })
+  mailpitUrl!: string;
 }
Original file line number	Diff line number	Diff line change
`@@ -14,5 +14,8 @@ export class AuthConfig {`
`14`	`14`
`15`	`15`	`@IsString({ each: true })`
`16`	`16`	`@IsNotEmpty()`
`17`		`- trustedOrigins = [process.env['APP_WEB_URL']!];`
	`17`	`+ @Value('APP_WEB_URL', {`
	`18`	`+ parse: (origin: string) => [origin],`
	`19`	`+ })`
	`20`	`+ trustedOrigins!: string[];`
`18`	`21`	`}`