admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): implement Auth module with register, login, JWT, guards, and CQRS

Browse Source 
- Add RefreshToken and OAuthAccount models to Prisma schema
- Implement clean architecture: domain (entities, VOs, events, repo interfaces),
  infrastructure (Prisma repos, Passport strategies, token service),
  application (CQRS command/query handlers), presentation (controller, guards, DTOs)
- Endpoints: POST /auth/register, /auth/login, /auth/refresh, GET /auth/profile,
  GET /auth/profile/agent, PATCH /auth/kyc
- JWT access + refresh token rotation with family-based revocation
- Role-based guards (BUYER, SELLER, AGENT, ADMIN)
- 16 unit tests (value objects, entity) + integration test suite
- All 80 tests passing, clean TypeScript build

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-08 00:24:42 +07:00
parent c981bff771
commit 391c040100
63 changed files with 2194 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/api/src/modules/auth/application/commands/refresh-token/refresh-token.command.ts Normal file
View File

@@ -0,0 +1,3 @@
export class RefreshTokenCommand {
constructor(public readonly refreshToken: string) {}
}

37
apps/api/src/modules/auth/application/commands/refresh-token/refresh-token.handler.ts Normal file
View File

@@ -0,0 +1,37 @@
import { CommandHandler, type ICommandHandler } from '@nestjs/cqrs';
import { UnauthorizedException, Inject } from '@nestjs/common';
import { RefreshTokenCommand } from './refresh-token.command';
import { TokenService, type TokenPair } from '../../../infrastructure/services/token.service';
import { USER_REPOSITORY, type IUserRepository } from '../../../domain/repositories/user.repository';
@CommandHandler(RefreshTokenCommand)
export class RefreshTokenHandler implements ICommandHandler<RefreshTokenCommand> {
constructor(
private readonly tokenService: TokenService,
@Inject(USER_REPOSITORY) private readonly userRepo: IUserRepository,
) {}
async execute(command: RefreshTokenCommand): Promise<TokenPair> {
const rotated = await this.tokenService.rotateRefreshToken(command.refreshToken);
if (!rotated) {
throw new UnauthorizedException('Refresh token không hợp lệ hoặc đã hết hạn');
}
const user = await this.userRepo.findById(rotated.userId);
if (!user || !user.isActive) {
throw new UnauthorizedException('Tài khoản không tồn tại hoặc đã bị vô hiệu hóa');
}
const accessToken = this.tokenService.generateAccessToken({
sub: user.id,
phone: user.phone.value,
role: user.role,
});
return {
accessToken,
refreshToken: rotated.refreshToken,
expiresIn: 900,
};
}
}