Merge branch 'develop' of github.com:OpenNBS/NoteBlockWorld into feature/zod-db-packages

Author: tomast1337

.github/workflows/tests.yml

@@ -23,7 +23,9 @@ jobs:
       - name: Install bun
         uses: oven-sh/setup-bun@v2
         with:
-          bun-version: latest
+          # Pin to 1.3.5: Bun 1.3.10 has a regression (descriptor.value undefined with NestJS/Swagger).
+          # Fix merged in PR #27527 (Feb 28) but not yet in a release. Revert when 1.3.11+ is latest.
+          bun-version: '1.3.5'
 
       - name: Install dependencies
         run: bun install

.vscode/settings.json

@@ -1,4 +1,7 @@
 {
+  /***********************************
+  Linting and formatting settings
+  **********************************/
   "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.formatOnSave": true,
   "eslint.validate": [
@@ -13,10 +16,27 @@
   "editor.codeActionsOnSave": {
     "source.fixAll.eslint": "always"
   },
+
+  /***********************************
+  Tailwind CSS IntelliSense settings
+  ***********************************/
+  // Enable suggestions inside strings for Tailwind CSS class names
+  // https://github.com/tailwindlabs/tailwindcss-intellisense#editorquicksuggestions
+  "editor.quickSuggestions": {
+    "strings": "on"
+  },
+  "tailwindCSS.experimental.configFile": {
+    "apps/frontend/src/app/globals.css": "apps/frontend/src/**"
+  },
+  "tailwindCSS.classFunctions": ["tw", "clsx", "cn"],
   "files.associations": {
     ".css": "tailwindcss",
     "*.scss": "tailwindcss"
   },
+
+  /***********************************
+  Use the workspace version of TypeScript
+  ***********************************/
   "typescript.tsdk": "./node_modules/typescript/lib",
   "typescript.enablePromptUseWorkspaceTsdk": true
 }

apps/backend/package.json

@@ -48,7 +48,7 @@
     "esm": "^3.2.25",
     "express": "^5.2.1",
     "mongoose": "^9.0.1",
-    "multer": "2.0.2",
+    "multer": "2.1.1",
     "nanoid": "^5.1.6",
     "passport": "^0.7.0",
     "passport-github": "^1.1.0",

apps/backend/src/auth/auth.controller.spec.ts

@@ -22,6 +22,9 @@ describe('AuthController', () => {
   let authService: AuthService;
 
   beforeEach(async () => {
+    // Clear all mocks before each test to ensure test isolation
+    jest.clearAllMocks();
+
     const module: TestingModule = await Test.createTestingModule({
       controllers: [AuthController],
       providers: [
@@ -68,8 +71,13 @@ describe('AuthController', () => {
 
   describe('githubLogin', () => {
     it('should call AuthService.githubLogin', async () => {
-      await controller.githubLogin();
-      expect(authService.githubLogin).toHaveBeenCalled();
+      // githubLogin is just a Passport guard entry point - it doesn't call authService
+      // The actual login is handled by the callback endpoint (githubRedirect)
+      controller.githubLogin();
+      // Verify the method exists and can be called without errors
+      expect(controller.githubLogin).toBeDefined();
+      // Verify authService was NOT called (since this is just a guard entry point)
+      expect(authService.githubLogin).not.toHaveBeenCalled();
     });
   });
 
@@ -97,8 +105,13 @@ describe('AuthController', () => {
 
   describe('googleLogin', () => {
     it('should call AuthService.googleLogin', async () => {
-      await controller.googleLogin();
-      expect(authService.googleLogin).toHaveBeenCalled();
+      // googleLogin is just a Passport guard entry point - it doesn't call authService
+      // The actual login is handled by the callback endpoint (googleRedirect)
+      controller.googleLogin();
+      // Verify the method exists and can be called without errors
+      expect(controller.googleLogin).toBeDefined();
+      // Verify authService was NOT called (since this is just a guard entry point)
+      expect(authService.googleLogin).not.toHaveBeenCalled();
     });
   });
 
@@ -126,8 +139,13 @@ describe('AuthController', () => {
 
   describe('discordLogin', () => {
     it('should call AuthService.discordLogin', async () => {
-      await controller.discordLogin();
-      expect(authService.discordLogin).toHaveBeenCalled();
+      // discordLogin is just a Passport guard entry point - it doesn't call authService
+      // The actual login is handled by the callback endpoint (discordRedirect)
+      controller.discordLogin();
+      // Verify the method exists and can be called without errors
+      expect(controller.discordLogin).toBeDefined();
+      // Verify authService was NOT called (since this is just a guard entry point)
+      expect(authService.discordLogin).not.toHaveBeenCalled();
     });
   });
 

apps/backend/src/auth/auth.module.ts

@@ -1,6 +1,7 @@
-import { DynamicModule, Logger, Module } from '@nestjs/common';
+import { DynamicModule, Module } from '@nestjs/common';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { JwtModule } from '@nestjs/jwt';
+import ms from 'ms';
 
 import { MailingModule } from '@server/mailing/mailing.module';
 import { UserModule } from '@server/user/user.module';
@@ -26,21 +27,13 @@ export class AuthModule {
           inject: [ConfigService],
           imports: [ConfigModule],
           useFactory: async (config: ConfigService) => {
-            const JWT_SECRET = config.get('JWT_SECRET');
-            const JWT_EXPIRES_IN = config.get('JWT_EXPIRES_IN');
-
-            if (!JWT_SECRET) {
-              Logger.error('JWT_SECRET is not set');
-              throw new Error('JWT_SECRET is not set');
-            }
-
-            if (!JWT_EXPIRES_IN) {
-              Logger.warn('JWT_EXPIRES_IN is not set, using default of 60s');
-            }
+            const JWT_SECRET = config.getOrThrow<ms.StringValue>('JWT_SECRET');
+            const JWT_EXPIRES_IN =
+              config.getOrThrow<ms.StringValue>('JWT_EXPIRES_IN');
 
             return {
               secret: JWT_SECRET,
-              signOptions: { expiresIn: JWT_EXPIRES_IN || '60s' },
+              signOptions: { expiresIn: JWT_EXPIRES_IN },
             };
           },
         }),
@@ -58,7 +51,7 @@ export class AuthModule {
           inject: [ConfigService],
           provide: 'COOKIE_EXPIRES_IN',
           useFactory: (configService: ConfigService) =>
-            configService.getOrThrow<string>('COOKIE_EXPIRES_IN'),
+            configService.getOrThrow<ms.StringValue>('COOKIE_EXPIRES_IN'),
         },
         {
           inject: [ConfigService],
@@ -82,7 +75,7 @@ export class AuthModule {
           inject: [ConfigService],
           provide: 'JWT_EXPIRES_IN',
           useFactory: (configService: ConfigService) =>
-            configService.getOrThrow<string>('JWT_EXPIRES_IN'),
+            configService.getOrThrow<ms.StringValue>('JWT_EXPIRES_IN'),
         },
         {
           inject: [ConfigService],
@@ -94,7 +87,7 @@ export class AuthModule {
           inject: [ConfigService],
           provide: 'JWT_REFRESH_EXPIRES_IN',
           useFactory: (configService: ConfigService) =>
-            configService.getOrThrow<string>('JWT_REFRESH_EXPIRES_IN'),
+            configService.getOrThrow<ms.StringValue>('JWT_REFRESH_EXPIRES_IN'),
         },
         {
           inject: [ConfigService],

apps/backend/src/auth/auth.service.spec.ts

@@ -192,7 +192,7 @@ describe('AuthService', () => {
       const refreshToken = 'refresh-token';
 
       spyOn(jwtService, 'signAsync').mockImplementation(
-        (payload, options: any) => {
+        (payload: any, options: any) => {
           if (options.secret === 'test-jwt-secret') {
             return Promise.resolve(accessToken);
           } else if (options.secret === 'test-jwt-refresh-secret') {
@@ -253,6 +253,7 @@ describe('AuthService', () => {
       expect(res.cookie).toHaveBeenCalledWith('token', 'access-token', {
         domain: '.test.com',
         maxAge: 3600000,
+        path: '/',
       });
 
       expect(res.cookie).toHaveBeenCalledWith(
@@ -261,6 +262,7 @@ describe('AuthService', () => {
         {
           domain: '.test.com',
           maxAge: 3600000,
+          path: '/',
         },
       );
 

apps/backend/src/auth/auth.service.ts

@@ -1,7 +1,8 @@
 import { Inject, Injectable, Logger } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import axios from 'axios';
-import type { Request, Response } from 'express';
+import type { CookieOptions, Request, Response } from 'express';
+import ms from 'ms';
 
 import { CreateUser } from '@nbw/database';
 import type { UserDocument } from '@nbw/database';
@@ -22,18 +23,18 @@ export class AuthService {
     @Inject(JwtService)
     private readonly jwtService: JwtService,
     @Inject('COOKIE_EXPIRES_IN')
-    private readonly COOKIE_EXPIRES_IN: string,
+    private readonly COOKIE_EXPIRES_IN: ms.StringValue,
     @Inject('FRONTEND_URL')
     private readonly FRONTEND_URL: string,
 
     @Inject('JWT_SECRET')
     private readonly JWT_SECRET: string,
     @Inject('JWT_EXPIRES_IN')
-    private readonly JWT_EXPIRES_IN: string,
+    private readonly JWT_EXPIRES_IN: ms.StringValue,
     @Inject('JWT_REFRESH_SECRET')
     private readonly JWT_REFRESH_SECRET: string,
     @Inject('JWT_REFRESH_EXPIRES_IN')
-    private readonly JWT_REFRESH_EXPIRES_IN: string,
+    private readonly JWT_REFRESH_EXPIRES_IN: ms.StringValue,
     @Inject('APP_DOMAIN')
     private readonly APP_DOMAIN?: string,
   ) {}
@@ -171,11 +172,11 @@ export class AuthService {
 
   public async createJwtPayload(payload: TokenPayload): Promise<Tokens> {
     const [accessToken, refreshToken] = await Promise.all([
-      this.jwtService.signAsync(payload, {
+      this.jwtService.signAsync<TokenPayload>(payload, {
         secret: this.JWT_SECRET,
         expiresIn: this.JWT_EXPIRES_IN,
       }),
-      this.jwtService.signAsync(payload, {
+      this.jwtService.signAsync<TokenPayload>(payload, {
         secret: this.JWT_REFRESH_SECRET,
         expiresIn: this.JWT_REFRESH_EXPIRES_IN,
       }),
@@ -189,7 +190,7 @@ export class AuthService {
 
   private async GenTokenRedirect(
     user_registered: UserDocument,
-    res: Response<any, Record<string, any>>,
+    res: Response<unknown, Record<string, unknown>>,
   ): Promise<void> {
     const token = await this.createJwtPayload({
       id: user_registered._id.toString(),
@@ -198,18 +199,16 @@ export class AuthService {
     });
 
     const frontEndURL = this.FRONTEND_URL;
-    const domain = this.APP_DOMAIN;
-    const maxAge = parseInt(this.COOKIE_EXPIRES_IN) * 1000;
+    const maxAge = ms(this.COOKIE_EXPIRES_IN) * 1000;
 
-    res.cookie('token', token.access_token, {
-      domain: domain,
+    const cookieOptions: CookieOptions = {
       maxAge: maxAge,
-    });
+      domain: this.APP_DOMAIN,
+      path: '/',
+    };
 
-    res.cookie('refresh_token', token.refresh_token, {
-      domain: domain,
-      maxAge: maxAge,
-    });
+    res.cookie('token', token.access_token, cookieOptions);
+    res.cookie('refresh_token', token.refresh_token, cookieOptions);
 
     res.redirect(frontEndURL + '/');
   }

apps/backend/src/auth/strategies/JWT.strategy.spec.ts

@@ -33,7 +33,7 @@ describe('JwtStrategy', () => {
     it('should throw an error if JWT_SECRET is not set', () => {
       jest.spyOn(configService, 'getOrThrow').mockReturnValue(null);
 
-      expect(() => new JwtStrategy(configService)).toThrowError(
+      expect(() => new JwtStrategy(configService)).toThrow(
         'JwtStrategy requires a secret or key',
       );
     });
@@ -84,7 +84,7 @@ describe('JwtStrategy', () => {
 
       const payload = { userId: 'test-user-id' };
 
-      expect(() => jwtStrategy.validate(req, payload)).toThrowError(
+      expect(() => jwtStrategy.validate(req, payload)).toThrow(
         'No refresh token',
       );
     });

apps/backend/src/auth/strategies/discord.strategy/discord.strategy.spec.ts

@@ -43,7 +43,7 @@ describe('DiscordStrategy', () => {
     it('should throw an error if Discord config is missing', () => {
       jest.spyOn(configService, 'getOrThrow').mockReturnValueOnce(null);
 
-      expect(() => new DiscordStrategy(configService)).toThrowError(
+      expect(() => new DiscordStrategy(configService)).toThrow(
         'OAuth2Strategy requires a clientID option',
       );
     });

apps/backend/src/auth/strategies/discord.strategy/index.ts

@@ -27,7 +27,7 @@ export class DiscordStrategy extends PassportStrategy(strategy, 'discord') {
       callbackUrl: `${SERVER_URL}/v1/auth/discord/callback`,
       scope: [DiscordPermissionScope.Email, DiscordPermissionScope.Identify],
       fetchScope: true,
-      prompt: 'none',
+      prompt: 'none' as const,
     };
 
     super(config);