Moved auth files.

Author: digitalnomad91

src/auth/auth.controller.ts

@@ -0,0 +1,32 @@
+import { Body, Controller, Post, HttpCode, HttpStatus, BadRequestException } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { GoogleAuthInput } from './dto/google-auth.input';
+import { ApiTags, ApiOperation, ApiResponse, ApiParam } from '@nestjs/swagger';
+import { ApiPaginationQuery } from '../common/decorators/api-nested-query.decorator';
+
+@ApiTags('Auth')
+@Controller('auth')
+export class AuthController {
+  constructor(private readonly authService: AuthService) {}
+
+  /**
+   * Fetch new jobs from Reddit and Web3Career, store them, and send notifications
+   */
+  @Post('google')
+  @ApiOperation({
+    summary: 'Fetch new jobs from Reddit and Web3Career',
+    description: 'Fetches new jobs from both sources, stores them, and sends notifications.',
+  })
+  @ApiParam({ name: 'idToken', description: 'Google ID Token', type: String })
+  @ApiResponse({ status: 200, description: 'Jobs fetched and notifications sent.' })
+  @HttpCode(HttpStatus.OK)
+  async googleAuth(@Body() googleAuthInput: GoogleAuthInput) {
+    const { idToken, buildType } = googleAuthInput;
+
+    if (!idToken) {
+      throw new BadRequestException('ID token is required');
+    }
+
+    return this.authService.googleAuth(idToken, buildType);
+  }
+}

src/auth/auth.module.ts

@@ -0,0 +1,36 @@
+import { Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { PasswordService } from './password.service';
+import { GqlAuthGuard } from './gql-auth.guard';
+import { AuthService } from './auth.service';
+import { AuthResolver } from './auth.resolver';
+import { AuthController } from './auth.controller';
+//import { JwtStrategy } from './jwt.strategy';
+import { SecurityConfig } from '../common/configs/config.interface';
+import { RedisModule } from '../common/redis/redis.module';
+import { ConfigModule } from '../common/configs/config.module';
+import { ConfigService } from '../common/configs/config.service';
+
+@Module({
+  imports: [
+    PassportModule.register({ defaultStrategy: 'jwt' }),
+    RedisModule.forRoot(),
+    ConfigModule,
+    JwtModule.registerAsync({
+      useFactory: (configService: ConfigService) => {
+        return {
+          secret: process.env.JWT_ACCESS_SECRET || 'nestjsPrismaAccessSecret',
+          signOptions: {
+            expiresIn: process.env.JWT_EXPIRATION_TIME || '60m',
+          },
+        };
+      },
+      inject: [ConfigService],
+    }),
+  ],
+  providers: [AuthService, AuthResolver, GqlAuthGuard, PasswordService], //JwtStrategy
+  controllers: [AuthController],
+  exports: [GqlAuthGuard],
+})
+export class AuthModule {}

src/auth/auth.resolver.ts

@@ -0,0 +1,43 @@
+import { Resolver, Mutation, Args, Parent, ResolveField } from '@nestjs/graphql';
+import { AuthService } from './auth.service';
+import { Auth } from './models/auth.model';
+import { Token } from './models/token.model';
+import { LoginInput } from './dto/login.input';
+import { SignupInput } from './dto/signup.input';
+import { RefreshTokenInput } from './dto/refresh-token.input';
+import { User } from '../users/models/user.model';
+
+@Resolver(() => Auth)
+export class AuthResolver {
+  constructor(private readonly authService: AuthService) {}
+
+  @Mutation(() => Auth)
+  async signup(@Args('data') data: SignupInput) {
+    data.email = data.email.toLowerCase();
+    const { accessToken, refreshToken } = await this.authService.createUser(data);
+    return {
+      accessToken,
+      refreshToken,
+    };
+  }
+
+  @Mutation(() => Auth)
+  async login(@Args('data') { email, password }: LoginInput) {
+    const { accessToken, refreshToken } = await this.authService.login(email.toLowerCase(), password);
+
+    return {
+      accessToken,
+      refreshToken,
+    };
+  }
+
+  @Mutation(() => Token)
+  refreshToken(@Args() { token }: RefreshTokenInput) {
+    return this.authService.refreshToken(token);
+  }
+
+  @ResolveField('user', () => User)
+  async user(@Parent() auth: Auth) {
+    return await this.authService.getUserFromToken(auth.accessToken);
+  }
+}

src/auth/auth.service.ts

@@ -0,0 +1,198 @@
+import { PrismaService } from 'nestjs-prisma';
+import { Prisma, User } from '@prisma/client';
+import {
+  Injectable,
+  NotFoundException,
+  BadRequestException,
+  ConflictException,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { PasswordService } from './password.service';
+import { SignupInput } from './dto/signup.input';
+import { Token } from './models/token.model';
+import { OAuth2Client } from 'google-auth-library';
+
+@Injectable()
+export class AuthService {
+  private googleClient: OAuth2Client;
+
+  constructor(
+    private readonly jwtService: JwtService,
+    private readonly prisma: PrismaService,
+    private readonly passwordService: PasswordService
+  ) {
+    // Initialize Google OAuth2 client
+    this.googleClient = new OAuth2Client();
+  }
+
+  async createUser(payload: SignupInput): Promise<Token> {
+    const hashedPassword = await this.passwordService.hashPassword(payload.password);
+
+    try {
+      const user = await this.prisma.user.create({
+        data: {
+          ...payload,
+          role: 'USER',
+        },
+      });
+
+      return this.generateTokens({
+        userId: user.id,
+      });
+    } catch (e) {
+      if (e instanceof Prisma.PrismaClientKnownRequestError && e.code === 'P2002') {
+        throw new ConflictException(`Email ${payload.email} already used.`);
+      }
+      throw new Error(e);
+    }
+  }
+
+  async login(wallet: string, password: string): Promise<Token> {
+    console.log('login');
+    const user = await this.prisma.user.findUnique({ where: { wallet } });
+
+    if (!user) {
+      throw new NotFoundException(`No user found for email: ${wallet}`);
+    }
+
+    const passwordValid = await this.passwordService.validatePassword(password, 'password login disabled');
+
+    if (!passwordValid) {
+      throw new BadRequestException('Invalid password');
+    }
+
+    return this.generateTokens({
+      userId: user.id,
+    });
+  }
+
+  validateUser(userId: number): Promise<User> {
+    return this.prisma.user.findUnique({ where: { id: userId } });
+  }
+
+  getUserFromToken(token: string): Promise<User> {
+    const id = this.jwtService.decode(token)['userId'];
+    return this.prisma.user.findUnique({ where: { id } });
+  }
+
+  generateTokens(payload: { userId: number }): Token {
+    return {
+      accessToken: this.generateAccessToken(payload),
+      refreshToken: this.generateRefreshToken(payload),
+    };
+  }
+
+  private generateAccessToken(payload: { userId: number }): string {
+    return this.jwtService.sign(payload);
+  }
+
+  private generateRefreshToken(payload: { userId: number }): string {
+    return this.jwtService.sign(payload, {
+      secret: process.env.JWT_REFRESH_TOKEN_SECRET || 'nestjsPrismaRefreshSecret',
+      expiresIn: process.env.JWT_REFRESH_EXPIRATION_TIME || '60m',
+    });
+  }
+
+  refreshToken(token: string) {
+    try {
+      const { userId } = this.jwtService.verify(token, {
+        secret: process.env.JWT_REFRESH_TOKEN_SECRET || 'nestjsPrismaRefreshSecret',
+      });
+
+      return this.generateTokens({
+        userId,
+      });
+    } catch (e) {
+      throw new UnauthorizedException();
+    }
+  }
+
+  async googleAuth(idToken: string, buildType?: string): Promise<Token> {
+    try {
+      // Determine which client ID to use based on build type
+      const clientId =
+        buildType === 'development' ? process.env.GOOGLE_WEB_CLIENT_ID_DEV : process.env.GOOGLE_WEB_CLIENT_ID;
+
+      if (!clientId) {
+        console.error(`Missing Google OAuth client ID for build type: ${buildType}`);
+        throw new UnauthorizedException('OAuth configuration error');
+      }
+
+      console.log(`🔍 Verifying Google token for ${buildType || 'production'} build`);
+      console.log(`🔑 Using client ID: ${clientId.substring(0, 20)}...`);
+
+      // Verify the Google ID token with the appropriate client ID
+      const ticket = await this.googleClient.verifyIdToken({
+        idToken,
+        audience: clientId,
+      });
+
+      const payload = ticket.getPayload();
+      if (!payload) {
+        throw new UnauthorizedException('Invalid Google token');
+      }
+
+      const { email, name, picture, given_name, family_name, sub: googleId } = payload;
+
+      if (!email) {
+        throw new UnauthorizedException('Email not provided by Google');
+      }
+
+      console.log(`✅ Google token verified successfully for ${email}`);
+
+      // Find or create user based on email or googleId
+      let user = await this.prisma.user.findFirst({
+        where: {
+          OR: [{ email }, { googleId }],
+        },
+      });
+
+      if (!user) {
+        // Create new user with Google info
+        user = await this.prisma.user.create({
+          data: {
+            email,
+            username: name || '', // Google display name (full name)
+            firstname: given_name || '',
+            lastname: family_name || '',
+            profilePicture: picture || null,
+            googleId,
+            role: 'USER',
+            password: '', // No password for Google auth
+            is_active: true,
+          },
+        });
+        console.log(`👤 Created new user: ${email}`);
+      } else {
+        // Update existing user with latest Google info
+        user = await this.prisma.user.update({
+          where: { id: user.id },
+          data: {
+            username: name || user.username,
+            profilePicture: picture || user.profilePicture,
+            googleId: googleId || user.googleId,
+            // Update name fields if they weren't set before
+            firstname: user.firstname || given_name || '',
+            lastname: user.lastname || family_name || '',
+          },
+        });
+        console.log(`👤 Updated existing user: ${email}`);
+      }
+
+      // Generate and return tokens
+      return this.generateTokens({
+        userId: user.id,
+      });
+    } catch (error) {
+      console.error('Google auth error:', error);
+
+      // More specific error handling
+      if (error.message?.includes('audience')) {
+        throw new UnauthorizedException('OAuth client ID mismatch - check your build configuration');
+      }
+
+      throw new UnauthorizedException('Google authentication failed');
+    }
+  }
+}

src/auth/dto/google-auth.input.ts

@@ -0,0 +1,16 @@
+import { IsIn, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { InputType, Field } from '@nestjs/graphql';
+
+@InputType()
+export class GoogleAuthInput {
+  @Field()
+  @IsString()
+  @IsNotEmpty()
+  idToken: string;
+
+  @Field({ nullable: true })
+  @IsString()
+  @IsOptional()
+  @IsIn(['development', 'production'])
+  buildType?: string;
+}

src/auth/dto/jwt.dto.ts

@@ -0,0 +1,11 @@
+export interface JwtDto {
+  userId: number;
+  /**
+   * Issued at
+   */
+  iat: number;
+  /**
+   * Expiration time
+   */
+  exp: number;
+}

src/auth/dto/login.input.ts

@@ -0,0 +1,14 @@
+import { IsEmail, IsNotEmpty, MinLength } from 'class-validator';
+import { InputType, Field } from '@nestjs/graphql';
+
+@InputType()
+export class LoginInput {
+  @Field()
+  @IsEmail()
+  email: string;
+
+  @Field()
+  @IsNotEmpty()
+  @MinLength(8)
+  password: string;
+}

src/auth/dto/refresh-token.input.ts

@@ -0,0 +1,11 @@
+import { ArgsType, Field } from '@nestjs/graphql';
+import { IsJWT, IsNotEmpty } from 'class-validator';
+import { GraphQLJWT } from 'graphql-scalars';
+
+@ArgsType()
+export class RefreshTokenInput {
+  @IsNotEmpty()
+  @IsJWT()
+  @Field(() => GraphQLJWT)
+  token: string;
+}

src/auth/dto/signup.input.ts

@@ -0,0 +1,20 @@
+import { IsEmail, IsNotEmpty, MinLength } from 'class-validator';
+import { InputType, Field } from '@nestjs/graphql';
+
+@InputType()
+export class SignupInput {
+  @Field()
+  @IsEmail()
+  email: string;
+
+  @Field()
+  @IsNotEmpty()
+  @MinLength(8)
+  password: string;
+
+  @Field({ nullable: true })
+  firstname?: string;
+
+  @Field({ nullable: true })
+  lastname?: string;
+}