feat(auth): add PATCH /auth/profile endpoint for user profile updates
Implement user profile update with fullName, avatarUrl, and email fields. Email changes include uniqueness validation and Email VO verification. Follows existing DDD/CQRS patterns with cache invalidation. 19 unit tests covering handler logic and DTO validation. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
@@ -6,30 +6,44 @@ import {
|
||||
Post,
|
||||
Req,
|
||||
Res,
|
||||
UploadedFiles,
|
||||
UseGuards,
|
||||
UseInterceptors,
|
||||
} from '@nestjs/common';
|
||||
import { CommandBus, QueryBus } from '@nestjs/cqrs';
|
||||
import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth, ApiBody } from '@nestjs/swagger';
|
||||
import { type CommandBus, type QueryBus } from '@nestjs/cqrs';
|
||||
import { FileFieldsInterceptor } from '@nestjs/platform-express';
|
||||
import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth, ApiBody, ApiConsumes } from '@nestjs/swagger';
|
||||
import { Throttle } from '@nestjs/throttler';
|
||||
import { Request, Response } from 'express';
|
||||
import { EndpointRateLimit, EndpointRateLimitGuard, UnauthorizedException } from '@modules/shared';
|
||||
import { type Request, type Response } from 'express';
|
||||
import {
|
||||
EndpointRateLimit,
|
||||
EndpointRateLimitGuard,
|
||||
UnauthorizedException,
|
||||
ValidationException,
|
||||
FileValidationPipe,
|
||||
type UploadedFile as ValidatedFile,
|
||||
} from '@modules/shared';
|
||||
import { LoginUserCommand } from '../../application/commands/login-user/login-user.command';
|
||||
import { LoginResult } from '../../application/commands/login-user/login-user.handler';
|
||||
import { type LoginResult } from '../../application/commands/login-user/login-user.handler';
|
||||
import { RefreshTokenCommand } from '../../application/commands/refresh-token/refresh-token.command';
|
||||
import { RegisterUserCommand } from '../../application/commands/register-user/register-user.command';
|
||||
import { SubmitKycCommand } from '../../application/commands/submit-kyc/submit-kyc.command';
|
||||
import { UpdateProfileCommand } from '../../application/commands/update-profile/update-profile.command';
|
||||
import { type UpdateProfileResultDto } from '../../application/commands/update-profile/update-profile.handler';
|
||||
import { VerifyKycCommand } from '../../application/commands/verify-kyc/verify-kyc.command';
|
||||
import { AgentDto } from '../../application/queries/get-agent-by-user-id/get-agent-by-user-id.handler';
|
||||
import { type AgentDto } from '../../application/queries/get-agent-by-user-id/get-agent-by-user-id.handler';
|
||||
import { GetAgentByUserIdQuery } from '../../application/queries/get-agent-by-user-id/get-agent-by-user-id.query';
|
||||
import { UserProfileDto } from '../../application/queries/get-profile/get-profile.handler';
|
||||
import { type UserProfileDto } from '../../application/queries/get-profile/get-profile.handler';
|
||||
import { GetProfileQuery } from '../../application/queries/get-profile/get-profile.query';
|
||||
import { TokenService, JwtPayload, TokenPair } from '../../infrastructure/services/token.service';
|
||||
import { LocalStrategyResult } from '../../infrastructure/strategies/local.strategy';
|
||||
import { type TokenService, type JwtPayload, type TokenPair } from '../../infrastructure/services/token.service';
|
||||
import { type LocalStrategyResult } from '../../infrastructure/strategies/local.strategy';
|
||||
import { CurrentUser } from '../decorators/current-user.decorator';
|
||||
import { Roles } from '../decorators/roles.decorator';
|
||||
import { LoginDto } from '../dto/login.dto';
|
||||
import { RefreshTokenDto } from '../dto/refresh-token.dto';
|
||||
import { RegisterDto } from '../dto/register.dto';
|
||||
import { VerifyKycDto } from '../dto/verify-kyc.dto';
|
||||
import { type RefreshTokenDto } from '../dto/refresh-token.dto';
|
||||
import { type RegisterDto } from '../dto/register.dto';
|
||||
import { type VerifyKycDto } from '../dto/verify-kyc.dto';
|
||||
import { UpdateProfileDto } from '../dto/update-profile.dto';
|
||||
import { JwtAuthGuard } from '../guards/jwt-auth.guard';
|
||||
import { LocalAuthGuard } from '../guards/local-auth.guard';
|
||||
import { RolesGuard } from '../guards/roles.guard';
|
||||
@@ -201,6 +215,24 @@ export class AuthController {
|
||||
return this.queryBus.execute(new GetProfileQuery(user.sub));
|
||||
}
|
||||
|
||||
@UseGuards(JwtAuthGuard)
|
||||
@Patch('profile')
|
||||
@ApiBearerAuth('JWT')
|
||||
@ApiOperation({ summary: 'Update current user profile' })
|
||||
@ApiResponse({ status: 200, description: 'Profile updated successfully' })
|
||||
@ApiResponse({ status: 400, description: 'Validation error' })
|
||||
@ApiResponse({ status: 401, description: 'Unauthorized' })
|
||||
@ApiResponse({ status: 409, description: 'Email already in use' })
|
||||
async updateProfile(
|
||||
@CurrentUser() user: JwtPayload,
|
||||
@Body() dto: UpdateProfileDto,
|
||||
): Promise<{ message: string; data: UpdateProfileResultDto }> {
|
||||
const result: UpdateProfileResultDto = await this.commandBus.execute(
|
||||
new UpdateProfileCommand(user.sub, dto.fullName, dto.avatarUrl, dto.email),
|
||||
);
|
||||
return { message: 'Cập nhật hồ sơ thành công', data: result };
|
||||
}
|
||||
|
||||
@UseGuards(JwtAuthGuard)
|
||||
@Get('profile/agent')
|
||||
@ApiBearerAuth('JWT')
|
||||
@@ -211,6 +243,62 @@ export class AuthController {
|
||||
return this.queryBus.execute(new GetAgentByUserIdQuery(user.sub));
|
||||
}
|
||||
|
||||
@UseGuards(JwtAuthGuard)
|
||||
@UseInterceptors(
|
||||
FileFieldsInterceptor([
|
||||
{ name: 'frontImage', maxCount: 1 },
|
||||
{ name: 'backImage', maxCount: 1 },
|
||||
{ name: 'selfieImage', maxCount: 1 },
|
||||
]),
|
||||
)
|
||||
@Post('kyc/submit')
|
||||
@ApiBearerAuth('JWT')
|
||||
@ApiConsumes('multipart/form-data')
|
||||
@ApiOperation({ summary: 'Submit KYC documents for verification' })
|
||||
@ApiResponse({ status: 201, description: 'KYC documents submitted successfully' })
|
||||
@ApiResponse({ status: 400, description: 'Validation error (missing files or invalid format)' })
|
||||
@ApiResponse({ status: 401, description: 'Unauthorized' })
|
||||
@ApiResponse({ status: 413, description: 'File too large (max 10MB per image)' })
|
||||
async submitKyc(
|
||||
@UploadedFiles()
|
||||
files: {
|
||||
frontImage?: ValidatedFile[];
|
||||
backImage?: ValidatedFile[];
|
||||
selfieImage?: ValidatedFile[];
|
||||
},
|
||||
@Body() body: { documentType: string; documentNumber: string },
|
||||
@CurrentUser() user: JwtPayload,
|
||||
): Promise<{ message: string }> {
|
||||
const kycImagePipe = new FileValidationPipe({
|
||||
maxSizeBytes: 10 * 1024 * 1024,
|
||||
allowedMimeTypes: ['image/jpeg', 'image/png', 'image/webp'],
|
||||
});
|
||||
|
||||
const frontImage = files.frontImage?.[0];
|
||||
if (!frontImage) {
|
||||
throw new ValidationException('Vui lòng tải ảnh mặt trước giấy tờ');
|
||||
}
|
||||
kycImagePipe.transform(frontImage);
|
||||
|
||||
if (files.backImage?.[0]) {
|
||||
kycImagePipe.transform(files.backImage[0]);
|
||||
}
|
||||
if (files.selfieImage?.[0]) {
|
||||
kycImagePipe.transform(files.selfieImage[0]);
|
||||
}
|
||||
|
||||
return this.commandBus.execute(
|
||||
new SubmitKycCommand(
|
||||
user.sub,
|
||||
body.documentType,
|
||||
body.documentNumber,
|
||||
frontImage,
|
||||
files.backImage?.[0],
|
||||
files.selfieImage?.[0],
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@UseGuards(JwtAuthGuard, RolesGuard)
|
||||
@Roles('ADMIN')
|
||||
@Patch('kyc')
|
||||
|
||||
Reference in New Issue
Block a user