admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): add PATCH /auth/profile endpoint for user profile updates

Browse Source 
Implement user profile update with fullName, avatarUrl, and email fields.
Email changes include uniqueness validation and Email VO verification.
Follows existing DDD/CQRS patterns with cache invalidation.
19 unit tests covering handler logic and DTO validation.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-15 22:34:40 +07:00
parent 8039b47795
commit 74c52198b3
9 changed files with 496 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
apps/api/src/modules/auth/presentation/__tests__/update-profile.dto.spec.ts Normal file
View File

@@ -0,0 +1,77 @@
import { validate } from 'class-validator';
import { UpdateProfileDto } from '../../presentation/dto/update-profile.dto';
describe('UpdateProfileDto', () => {
it('accepts valid fullName only', async () => {
const dto = new UpdateProfileDto();
dto.fullName = 'Nguyen Van A';
const errors = await validate(dto);
expect(errors).toHaveLength(0);
});
it('accepts valid avatarUrl only', async () => {
const dto = new UpdateProfileDto();
dto.avatarUrl = 'https://cdn.example.com/avatar.jpg';
const errors = await validate(dto);
expect(errors).toHaveLength(0);
});
it('accepts valid email only', async () => {
const dto = new UpdateProfileDto();
dto.email = 'user@example.com';
const errors = await validate(dto);
expect(errors).toHaveLength(0);
});
it('accepts all fields together', async () => {
const dto = new UpdateProfileDto();
dto.fullName = 'Tran Van B';
dto.avatarUrl = 'https://cdn.example.com/avatar.jpg';
dto.email = 'user@example.com';
const errors = await validate(dto);
expect(errors).toHaveLength(0);
});
it('accepts empty dto (all optional)', async () => {
const dto = new UpdateProfileDto();
const errors = await validate(dto);
expect(errors).toHaveLength(0);
});
it('rejects invalid email format', async () => {
const dto = new UpdateProfileDto();
dto.email = 'not-an-email';
const errors = await validate(dto);
expect(errors.some(e => e.property === 'email')).toBe(true);
});
it('rejects invalid avatarUrl format', async () => {
const dto = new UpdateProfileDto();
dto.avatarUrl = 'not-a-url';
const errors = await validate(dto);
expect(errors.some(e => e.property === 'avatarUrl')).toBe(true);
});
it('rejects empty fullName (minLength 1)', async () => {
const dto = new UpdateProfileDto();
dto.fullName = '';
const errors = await validate(dto);
expect(errors.some(e => e.property === 'fullName')).toBe(true);
});
it('rejects non-string fullName', async () => {
const dto = new UpdateProfileDto();
(dto as any).fullName = 123;
const errors = await validate(dto);
expect(errors.some(e => e.property === 'fullName')).toBe(true);
});
});

112
apps/api/src/modules/auth/presentation/controllers/auth.controller.ts
View File

@@ -6,30 +6,44 @@ import {
Post,
Req,
Res,
UploadedFiles,
UseGuards,
UseInterceptors,
} from '@nestjs/common';
import { CommandBus, QueryBus } from '@nestjs/cqrs';
import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth, ApiBody } from '@nestjs/swagger';
import { type CommandBus, type QueryBus } from '@nestjs/cqrs';
import { FileFieldsInterceptor } from '@nestjs/platform-express';
import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth, ApiBody, ApiConsumes } from '@nestjs/swagger';
import { Throttle } from '@nestjs/throttler';
import { Request, Response } from 'express';
import { EndpointRateLimit, EndpointRateLimitGuard, UnauthorizedException } from '@modules/shared';
import { type Request, type Response } from 'express';
import {
EndpointRateLimit,
EndpointRateLimitGuard,
UnauthorizedException,
ValidationException,
FileValidationPipe,
type UploadedFile as ValidatedFile,
} from '@modules/shared';
import { LoginUserCommand } from '../../application/commands/login-user/login-user.command';
import { LoginResult } from '../../application/commands/login-user/login-user.handler';
import { type LoginResult } from '../../application/commands/login-user/login-user.handler';
import { RefreshTokenCommand } from '../../application/commands/refresh-token/refresh-token.command';
import { RegisterUserCommand } from '../../application/commands/register-user/register-user.command';
import { SubmitKycCommand } from '../../application/commands/submit-kyc/submit-kyc.command';
import { UpdateProfileCommand } from '../../application/commands/update-profile/update-profile.command';
import { type UpdateProfileResultDto } from '../../application/commands/update-profile/update-profile.handler';
import { VerifyKycCommand } from '../../application/commands/verify-kyc/verify-kyc.command';
import { AgentDto } from '../../application/queries/get-agent-by-user-id/get-agent-by-user-id.handler';
import { type AgentDto } from '../../application/queries/get-agent-by-user-id/get-agent-by-user-id.handler';
import { GetAgentByUserIdQuery } from '../../application/queries/get-agent-by-user-id/get-agent-by-user-id.query';
import { UserProfileDto } from '../../application/queries/get-profile/get-profile.handler';
import { type UserProfileDto } from '../../application/queries/get-profile/get-profile.handler';
import { GetProfileQuery } from '../../application/queries/get-profile/get-profile.query';
import { TokenService, JwtPayload, TokenPair } from '../../infrastructure/services/token.service';
import { LocalStrategyResult } from '../../infrastructure/strategies/local.strategy';
import { type TokenService, type JwtPayload, type TokenPair } from '../../infrastructure/services/token.service';
import { type LocalStrategyResult } from '../../infrastructure/strategies/local.strategy';
import { CurrentUser } from '../decorators/current-user.decorator';
import { Roles } from '../decorators/roles.decorator';
import { LoginDto } from '../dto/login.dto';
import { RefreshTokenDto } from '../dto/refresh-token.dto';
import { RegisterDto } from '../dto/register.dto';
import { VerifyKycDto } from '../dto/verify-kyc.dto';
import { type RefreshTokenDto } from '../dto/refresh-token.dto';
import { type RegisterDto } from '../dto/register.dto';
import { type VerifyKycDto } from '../dto/verify-kyc.dto';
import { UpdateProfileDto } from '../dto/update-profile.dto';
import { JwtAuthGuard } from '../guards/jwt-auth.guard';
import { LocalAuthGuard } from '../guards/local-auth.guard';
import { RolesGuard } from '../guards/roles.guard';
@@ -201,6 +215,24 @@ export class AuthController {
return this.queryBus.execute(new GetProfileQuery(user.sub));
}
@UseGuards(JwtAuthGuard)
@Patch('profile')
@ApiBearerAuth('JWT')
@ApiOperation({ summary: 'Update current user profile' })
@ApiResponse({ status: 200, description: 'Profile updated successfully' })
@ApiResponse({ status: 400, description: 'Validation error' })
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 409, description: 'Email already in use' })
async updateProfile(
@CurrentUser() user: JwtPayload,
@Body() dto: UpdateProfileDto,
): Promise<{ message: string; data: UpdateProfileResultDto }> {
const result: UpdateProfileResultDto = await this.commandBus.execute(
new UpdateProfileCommand(user.sub, dto.fullName, dto.avatarUrl, dto.email),
);
return { message: 'Cập nhật hồ sơ thành công', data: result };
}
@UseGuards(JwtAuthGuard)
@Get('profile/agent')
@ApiBearerAuth('JWT')
@@ -211,6 +243,62 @@ export class AuthController {
return this.queryBus.execute(new GetAgentByUserIdQuery(user.sub));
}
@UseGuards(JwtAuthGuard)
@UseInterceptors(
FileFieldsInterceptor([
{ name: 'frontImage', maxCount: 1 },
{ name: 'backImage', maxCount: 1 },
{ name: 'selfieImage', maxCount: 1 },
]),
)
@Post('kyc/submit')
@ApiBearerAuth('JWT')
@ApiConsumes('multipart/form-data')
@ApiOperation({ summary: 'Submit KYC documents for verification' })
@ApiResponse({ status: 201, description: 'KYC documents submitted successfully' })
@ApiResponse({ status: 400, description: 'Validation error (missing files or invalid format)' })
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 413, description: 'File too large (max 10MB per image)' })
async submitKyc(
@UploadedFiles()
files: {
frontImage?: ValidatedFile[];
backImage?: ValidatedFile[];
selfieImage?: ValidatedFile[];
},
@Body() body: { documentType: string; documentNumber: string },
@CurrentUser() user: JwtPayload,
): Promise<{ message: string }> {
const kycImagePipe = new FileValidationPipe({
maxSizeBytes: 10 * 1024 * 1024,
allowedMimeTypes: ['image/jpeg', 'image/png', 'image/webp'],
});
const frontImage = files.frontImage?.[0];
if (!frontImage) {
throw new ValidationException('Vui lòng tải ảnh mặt trước giấy tờ');
}
kycImagePipe.transform(frontImage);
if (files.backImage?.[0]) {
kycImagePipe.transform(files.backImage[0]);
}
if (files.selfieImage?.[0]) {
kycImagePipe.transform(files.selfieImage[0]);
}
return this.commandBus.execute(
new SubmitKycCommand(
user.sub,
body.documentType,
body.documentNumber,
frontImage,
files.backImage?.[0],
files.selfieImage?.[0],
),
);
}
@UseGuards(JwtAuthGuard, RolesGuard)
@Roles('ADMIN')
@Patch('kyc')

24
apps/api/src/modules/auth/presentation/dto/update-profile.dto.ts Normal file
View File

@@ -0,0 +1,24 @@
import { ApiPropertyOptional } from '@nestjs/swagger';
import { IsEmail, IsOptional, IsString, IsUrl, MinLength } from 'class-validator';
export class UpdateProfileDto {
@ApiPropertyOptional({ example: 'Nguyen Van A', description: 'Full name' })
@IsOptional()
@IsString()
@MinLength(1)
fullName?: string;
@ApiPropertyOptional({
example: 'https://cdn.goodgo.vn/avatars/user-123.jpg',
description: 'Avatar URL',
})
@IsOptional()
@IsString()
@IsUrl({}, { message: 'Avatar URL không hợp lệ' })
avatarUrl?: string;
@ApiPropertyOptional({ example: 'user@example.com', description: 'Email address' })
@IsOptional()
@IsEmail({}, { message: 'Email không hợp lệ' })
email?: string;
}