feat(api/auth): improve methods

.vscode/settings.json

@@ -1,19 +1,20 @@
 {
 	"cSpell.words": [
-		"Adapter",
-		"biomejs",
-		"cnpj",
-		"fastify",
-		"Fastify",
-		"interceptors",
-		"Interceptors",
-		"lcov",
-		"ndix",
-		"NDIX",
-		"Nest",
-		"nestjs",
-		"ultrasecretpassword"
-	],
+    "Adapter",
+    "biomejs",
+    "cnpj",
+    "DTOs",
+    "fastify",
+    "Fastify",
+    "interceptors",
+    "Interceptors",
+    "lcov",
+    "ndix",
+    "NDIX",
+    "Nest",
+    "nestjs",
+    "ultrasecretpassword"
+  ],
 	"search.exclude": {
 		"**/.yarn": true,
 		"**/.pnp.*": true,

apps/api/package.json

@@ -29,7 +29,7 @@
 		"test:e2e": "vitest --config vitest.config-e2e.ts"
 	},
 	"dependencies": {
-		"@fastify/helmet": "^12.0.1",
+		"@fastify/helmet": "^11.1.1",
 		"@fastify/jwt": "^9.0.1",
 		"@fastify/static": "^7.0.4",
 		"@nestjs/common": "^10.3.10",
@@ -44,7 +44,7 @@
 		"bcrypt": "^5.1.1",
 		"class-transformer": "^0.5.1",
 		"class-validator": "^0.14.1",
-		"fastify": "^5.1.0",
+		"fastify": "^4.28.1",
 		"nestjs-prisma": "^0.23.0",
 		"passport": "^0.7.0",
 		"passport-jwt": "^4.0.1",

apps/api/src/app.module.ts

@@ -3,7 +3,7 @@ import { Module } from "@nestjs/common";
 import { ConfigModule } from "@nestjs/config";
 import { ServeStaticModule } from "@nestjs/serve-static";
 import { CustomPrismaModule } from "nestjs-prisma";
-import { TransactionModule, UserModule } from "./modules";
+import { AuthModule, TransactionModule, UserModule } from "./modules";
 import { extendedPrismaClient } from "./modules/database/ExtendedPrismaClient";
 import { Services } from "./types/constants";
 
@@ -24,6 +24,7 @@ import { Services } from "./types/constants";
 			},
 			isGlobal: true,
 		}),
+		AuthModule,
 		UserModule,
 		TransactionModule,
 	],

apps/api/src/common/errors/UserNotFound.error.ts

@@ -0,0 +1,7 @@
+import { NotFoundException } from "@nestjs/common";
+
+export class UserNotFoundError extends NotFoundException {
+	public constructor(message?: string) {
+		super(message || "No User found with this credentials");
+	}
+}

apps/api/src/common/errors/index.ts

@@ -1 +1 @@
-export * from "./Unauthorized.error";
+export * from "./UserNotFound.error";

apps/api/src/common/filters/UserNotFoundError.filter.ts

@@ -0,0 +1,27 @@
+import {
+	type ArgumentsHost,
+	Catch,
+	type ExceptionFilter,
+} from "@nestjs/common";
+import type { FastifyReply } from "fastify";
+import { UserNotFoundError } from "../errors";
+
+@Catch(UserNotFoundError)
+export class UserNotFoundErrorFilter<T extends UserNotFoundError>
+	implements ExceptionFilter
+{
+	public catch(exception: T, host: ArgumentsHost) {
+		const ctx = host.switchToHttp();
+		const response = ctx.getResponse<FastifyReply>();
+		const status = exception.getStatus();
+		const exceptionResponse = exception.getResponse();
+		const error =
+			typeof response === "string"
+				? { message: exceptionResponse }
+				: (exceptionResponse as object);
+
+		response
+			.status(status)
+			.send({ ...error, timestamp: new Date().toISOString() });
+	}
+}

apps/api/src/common/filters/index.ts

@@ -1 +1,2 @@
 export * from "./HttpException.filter";
+export * from "./UserNotFoundError.filter";

apps/api/src/common/interceptors/Unauthorized.interceptor.ts

@@ -6,7 +6,6 @@ import {
 	UnauthorizedException,
 } from "@nestjs/common";
 import { type Observable, catchError } from "rxjs";
-import { UnauthorizedError } from "../errors";
 
 @Injectable()
 export class UnauthorizedInterceptor implements NestInterceptor {
@@ -16,7 +15,7 @@ export class UnauthorizedInterceptor implements NestInterceptor {
 	): Observable<unknown> | Promise<Observable<unknown>> {
 		return next.handle().pipe(
 			catchError((error) => {
-				if (error instanceof UnauthorizedError) {
+				if (error instanceof UnauthorizedException) {
 					throw new UnauthorizedException(error.message);
 				}
 				throw error;

apps/api/src/lib/fastify.ts

@@ -1,11 +1,6 @@
-import fastifyHelmet from "@fastify/helmet";
-import { ConfigService } from "@nestjs/config";
 import { NestFastifyApplication } from "@nestjs/platform-fastify";
 
-export function configureFastify(
-	app: NestFastifyApplication,
-	configService: ConfigService,
-): void {
+export function configureFastify(app: NestFastifyApplication): void {
 	const fastifyInstance = app.getHttpAdapter().getInstance();
 	fastifyInstance
 		.addHook("onRequest", async (req, res) => {
@@ -19,5 +14,5 @@ export function configureFastify(
 			this.send("");
 		});
 
-	app.use(fastifyHelmet);
+	app.register(require("@fastify/helmet"));
 }

apps/api/src/main.ts

@@ -18,7 +18,7 @@ async function bootstrap(): Promise<void> {
 	const PORT = configService.getOrThrow<number>("PORT");
 
 	Configure.App(app);
-	Configure.Fastify(app, configService);
+	Configure.Fastify(app);
 	Configure.Globals(app);
 	Configure.Swagger(app);
 

apps/api/src/modules/auth/auth.controller.ts

@@ -1,45 +1,21 @@
-import {
-	Controller,
-	Get,
-	HttpCode,
-	HttpStatus,
-	Req,
-	Res,
-	UseGuards,
-} from "@nestjs/common";
-// biome-ignore lint/style/useImportType: <Cannot useImportType in classes used in Injection>
-import { ConfigService } from "@nestjs/config";
-import type { FastifyReply, FastifyRequest } from "fastify";
+import { Body, Controller, Get, Post, UseGuards } from "@nestjs/common";
 import { AuthUser } from "src/common/decorators/AuthUser.decorator";
 import { JwtAuthGuard } from "src/common/guards/jwt.guard";
 import type { UserEntity } from "../user";
+// biome-ignore lint/style/useImportType: <Cannot useImportType on DTOs>
+import { UserLoginDTO } from "../user/user.dto";
 // biome-ignore lint/style/useImportType: <Cannot useImportType in classes used in Injection>
 import { AuthService } from "./auth.service";
 
 @Controller("auth")
 export class AuthController {
-	public constructor(
-		private readonly authService: AuthService,
-		private readonly configService: ConfigService,
-	) {}
-
-	@Get("login")
-	@UseGuards(JwtAuthGuard)
-	public login(): void {}
+	public constructor(private readonly authService: AuthService) {}
 
-	@Get("redirect")
-	@HttpCode(HttpStatus.CREATED)
-	@UseGuards(JwtAuthGuard)
-	// @Redirect(
-	// 	isInProduction
-	// 		? "http://localhost:4401/@me"
-	// 		: "http://localhost:4400/auth/status",
-	// )
-	public async redirect(
-		@Req() req: FastifyRequest,
-		@Res() res: FastifyReply,
-	): Promise<void> {
-		const jwt = await this.authService.login({ id: req.user.publicId });
+	@Post("login")
+	public async login(@Body() userLoginDTO: UserLoginDTO): Promise<string> {
+		const user = await this.authService.validateUser(userLoginDTO);
+		const jwt = await this.authService.login({ publicId: user.publicId });
+		return jwt;
 	}
 
 	@Get("status")

apps/api/src/modules/auth/auth.module.ts

@@ -2,6 +2,7 @@ import { Module } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
 import { JwtModule } from "@nestjs/jwt";
 import { PassportModule } from "@nestjs/passport";
+import { UserModule } from "../user/user.module";
 import { AuthController } from "./auth.controller";
 import { AuthService } from "./auth.service";
 import { JwtStrategy } from "./jwt.strategy";
@@ -20,6 +21,7 @@ import { JwtStrategy } from "./jwt.strategy";
 		PassportModule.register({
 			session: true,
 		}),
+		UserModule,
 	],
 	controllers: [AuthController],
 	providers: [JwtStrategy, AuthService],

apps/api/src/modules/auth/auth.service.ts

@@ -1,25 +1,33 @@
-import { Injectable } from "@nestjs/common";
+import { Inject, Injectable } from "@nestjs/common";
 // biome-ignore lint/style/useImportType: <Cannot useImportType in classes used in Injection>
 import { JwtService } from "@nestjs/jwt";
+import { UserNotFoundError } from "src/common/errors";
 import type { JwtPayload } from "src/types";
+import { Services } from "src/types/constants";
+import { PasswordUtils } from "src/utils/password";
 // biome-ignore lint/style/useImportType: <Cannot useImportType in classes used in Injection>
 import { type UserEntity, UserService } from "../user";
-import type { UserDTO } from "../user/user.dto";
+// biome-ignore lint/style/useImportType: <Cannot useImportType in DTOs>
+import { UserLoginDTO } from "../user/user.dto";
 
 @Injectable()
 export class AuthService {
 	public constructor(
-		private readonly userService: UserService,
+		@Inject(Services.User) private readonly userService: UserService,
 		private readonly jwtService: JwtService,
 	) {}
 
-	public async validateUser(details: UserDTO): Promise<UserEntity> {
+	public async validateUser(details: UserLoginDTO): Promise<UserEntity> {
 		const user = await this.userService.findByDocument(details.document);
-		return user || (await this.userService.create(details));
+		if (await PasswordUtils.compare(details.password, user.password)) {
+			return user;
+		}
+
+		throw new UserNotFoundError();
 	}
 
 	public async find(payload: JwtPayload) {
-		const user = await this.userService.findByPublicId(payload.id);
+		const user = await this.userService.findByPublicId(payload.publicId);
 		return user;
 	}
 

apps/api/src/modules/transaction/transaction.service.ts

@@ -1,5 +1,4 @@
-import { Inject, Injectable } from "@nestjs/common";
-import { UnauthorizedError } from "src/common/errors";
+import { Inject, Injectable, UnauthorizedException } from "@nestjs/common";
 import { Repositories, Services } from "src/types/constants";
 import type {
 	ITransactionRepository,
@@ -24,15 +23,15 @@ export class TransactionService implements ITransactionService {
 		);
 
 		if (sender.money < data.value) {
-			throw new UnauthorizedError("Sender não tem dinheiro o suficiente");
+			throw new UnauthorizedException("Sender não tem dinheiro o suficiente");
 		}
 
 		if (sender.userType === "CNPJ") {
-			throw new UnauthorizedError("CNPJ não pode enviar");
+			throw new UnauthorizedException("CNPJ não pode enviar");
 		}
 
 		if (receiver.document === sender.document) {
-			throw new UnauthorizedError("Não é possível enviar para si mesmo");
+			throw new UnauthorizedException("Não é possível enviar para si mesmo");
 		}
 
 		const transaction = await this.transactionRepository.create(data);

apps/api/src/modules/user/user.dto.ts

@@ -5,8 +5,10 @@ import {
 	IsEmail,
 	IsEnum,
 	IsNotEmpty,
+	IsOptional,
 	IsString,
 	Length,
+	ValidateIf,
 } from "class-validator";
 import { IsCPFOrCNPJ } from "src/common/decorators/IsCPFOrCNPJ.decorator";
 
@@ -78,3 +80,8 @@ export class UserPartialDTO extends PartialType(UserDTO) {}
 export class UserDocumentDTO extends PickType(UserDTO, ["document"] as const) {}
 
 export class UserEmailDTO extends PickType(UserDTO, ["email"] as const) {}
+
+export class UserLoginDTO extends PickType(UserDTO, [
+	"password",
+	"document",
+] as const) {}

apps/api/src/modules/user/user.service.ts

@@ -1,6 +1,7 @@
 import { Inject, Injectable } from "@nestjs/common";
 import { genSalt, hash } from "bcrypt";
 import { Repositories } from "src/types/constants";
+import { PasswordUtils } from "src/utils/password";
 import { type IUserRepository, type IUserService, type UserEntity } from ".";
 import { UserDTO } from "./user.dto";
 
@@ -11,8 +12,12 @@ export class UserService implements IUserService {
 	) {}
 
 	public async create(data: UserDTO): Promise<UserEntity> {
-		const hashedData = await this.hashData(data);
-		return await this.userRepository.create(hashedData);
+		const { password, ...rest } = data;
+		const hashedPassword = await PasswordUtils.hash(password);
+		return await this.userRepository.create({
+			...rest,
+			password: hashedPassword,
+		});
 	}
 
 	public async findByPublicId(publicId: string): Promise<UserEntity> {

apps/api/src/types/index.d.ts

@@ -8,5 +8,5 @@ declare module "fastify" {
 }
 
 export interface JwtPayload {
-	id: UserEntity["publicId"];
+	publicId: UserEntity["publicId"];
 }

apps/api/src/utils/password.ts

@@ -0,0 +1,15 @@
+import { compare, genSalt, hash } from "bcrypt";
+
+// biome-ignore lint/complexity/noStaticOnlyClass: <Utils class>
+export class PasswordUtils {
+	public static async hash(password: string): Promise<string> {
+		return await hash(password, await genSalt());
+	}
+
+	public static async compare(
+		password: string,
+		hash: string,
+	): Promise<boolean> {
+		return await compare(password, hash);
+	}
+}