feat(auth): ✨ add forgot and reset password

lehuygiang28 · lehuygiang28 · commit 53ba6a631213 · 2024-03-30T00:00:20.000+07:00
diff --git a/src/modules/auth/auth.controller.ts b/src/modules/auth/auth.controller.ts
@@ -20,6 +20,8 @@ import {
     RefreshTokenResponseDto,
     ResendConfirmEmail,
     AuthConfirmEmailDto,
+    AuthForgotPasswordDto,
+    AuthResetPasswordDto,
 } from './dtos';
 import { AuthRoles } from './guards';
 import { AuthGuard } from '@nestjs/passport';
@@ -97,4 +99,16 @@ export class AuthController {
     ): Promise<Omit<LoginResponseDto, 'user'>> {
         return this.authService.refreshToken(request.user);
     }
+
+    @Post('forgot/password')
+    @HttpCode(HttpStatus.NO_CONTENT)
+    async forgotPassword(@Body() forgotPasswordDto: AuthForgotPasswordDto): Promise<void> {
+        return this.authService.forgotPassword(forgotPasswordDto.email);
+    }
+
+    @Post('reset/password')
+    @HttpCode(HttpStatus.NO_CONTENT)
+    resetPassword(@Body() resetPasswordDto: AuthResetPasswordDto): Promise<void> {
+        return this.authService.resetPassword(resetPasswordDto.hash, resetPasswordDto.password);
+    }
 }
diff --git a/src/modules/auth/auth.service.ts b/src/modules/auth/auth.service.ts
@@ -80,7 +80,8 @@ export class AuthService {
                 HttpStatus.UNPROCESSABLE_ENTITY,
             );
         }
-        const key = `user:${userFound._id.toString()}:confirmEmailHash`;
+
+        const key = `auth:confirmEmailHash:${userFound._id.toString()}`;
 
         if (userFound.emailVerified === true) {
             throw new HttpException(
@@ -157,7 +158,8 @@ export class AuthService {
                 HttpStatus.NOT_FOUND,
             );
         }
-        const key = `user:${user._id.toString()}:confirmEmailHash`;
+
+        const key = `auth:confirmEmailHash:${user._id.toString()}`;
 
         if (!(await this.redisService.existsUniqueKey(key))) {
             throw new HttpException(
@@ -405,6 +407,111 @@ export class AuthService {
         return { accessToken, refreshToken, accessTokenExpires };
     }
 
+    async forgotPassword(email: string): Promise<void> {
+        const user = await this.usersService.findByEmail(email);
+
+        if (!user) {
+            throw new HttpException(
+                {
+                    status: HttpStatus.UNPROCESSABLE_ENTITY,
+                    errors: {
+                        email: 'emailNotExists',
+                    },
+                },
+                HttpStatus.UNPROCESSABLE_ENTITY,
+            );
+        }
+
+        const tokenExpiresIn = this.configService.getOrThrow('AUTH_FORGOT_TOKEN_EXPIRES_IN');
+
+        const tokenExpires = Date.now() + convertTimeString(tokenExpiresIn);
+
+        const hash = await this.jwtService.signAsync(
+            {
+                forgotUserId: user._id,
+            },
+            {
+                secret: this.configService.getOrThrow('AUTH_FORGOT_SECRET'),
+                expiresIn: tokenExpiresIn,
+            },
+        );
+
+        const key = `auth:forgotPassword:${user._id.toString()}`;
+        await Promise.all([
+            this.redisService.set(key, { hash, tokenExpires }, convertTimeString(tokenExpiresIn)),
+            this.mailService.forgotPassword({
+                to: user.email,
+                data: {
+                    hash,
+                    tokenExpires,
+                },
+            }),
+        ]);
+    }
+
+    async resetPassword(hash: string, password: string): Promise<void> {
+        let userId: User['_id'];
+
+        try {
+            const jwtData = await this.jwtService.verifyAsync<{
+                forgotUserId: User['_id'];
+            }>(hash, {
+                secret: this.configService.getOrThrow('AUTH_FORGOT_SECRET'),
+            });
+
+            userId = jwtData.forgotUserId;
+        } catch {
+            throw new HttpException(
+                {
+                    status: HttpStatus.UNPROCESSABLE_ENTITY,
+                    errors: {
+                        hash: `invalidHash`,
+                    },
+                },
+                HttpStatus.UNPROCESSABLE_ENTITY,
+            );
+        }
+
+        const user = await this.usersService.findById(userId);
+
+        if (!user) {
+            throw new HttpException(
+                {
+                    status: HttpStatus.UNPROCESSABLE_ENTITY,
+                    errors: {
+                        hash: `notFound`,
+                    },
+                },
+                HttpStatus.UNPROCESSABLE_ENTITY,
+            );
+        }
+        const key = `auth:forgotPassword:${user._id.toString()}`;
+
+        if (!this.redisService.existsUniqueKey(key)) {
+            throw new HttpException(
+                {
+                    status: HttpStatus.UNPROCESSABLE_ENTITY,
+                    errors: {
+                        hash: `hashRevoked`,
+                    },
+                },
+                HttpStatus.UNPROCESSABLE_ENTITY,
+            );
+        }
+
+        user.password = password;
+
+        await Promise.all([
+            this.redisService.del(key),
+            this.sessionService.softDelete({
+                user: {
+                    _id: user._id,
+                },
+            }),
+            this.usersService.update(user._id, user),
+        ]);
+    }
+
     private async getTokensData(data: {
         userId: User['_id'];
         role: User['role'];
diff --git a/src/modules/auth/dtos/auth-forgot-password.dto.ts b/src/modules/auth/dtos/auth-forgot-password.dto.ts
@@ -0,0 +1,15 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsEmail } from 'class-validator';
+import { Transform } from 'class-transformer';
+import { lowerCaseTransformer } from '~/common/transformers';
+
+export class AuthForgotPasswordDto {
+    @ApiProperty({
+        example: 'test@techcell.cloud',
+        description: 'User email',
+        required: true,
+    })
+    @Transform(lowerCaseTransformer)
+    @IsEmail()
+    email: string;
+}
diff --git a/src/modules/auth/dtos/auth-reset-password.dto.ts b/src/modules/auth/dtos/auth-reset-password.dto.ts
@@ -0,0 +1,19 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsNotEmpty } from 'class-validator';
+
+export class AuthResetPasswordDto {
+    @ApiProperty({
+        example: 'password',
+        description: 'User new password',
+        required: true,
+    })
+    @IsNotEmpty()
+    password: string;
+
+    @ApiProperty({
+        example: 'hash',
+        required: true,
+    })
+    @IsNotEmpty()
+    hash: string;
+}
diff --git a/src/modules/auth/dtos/index.ts b/src/modules/auth/dtos/index.ts
@@ -4,3 +4,5 @@ export * from './response-login.dto';
 export * from './response-refresh-token.dto';
 export * from './auth-resend-confirm-email.dto';
 export * from './auth-confirm-email.dto';
+export * from './auth-forgot-password.dto';
+export * from './auth-reset-password.dto';
diff --git a/src/modules/mail/mail-data.interface.ts b/src/modules/mail/mail-data.interface.ts
@@ -0,0 +1,4 @@
+export interface MailData<T = never> {
+    to: string;
+    data: T;
+}
diff --git a/src/modules/mail/mail.service.ts b/src/modules/mail/mail.service.ts
@@ -5,6 +5,7 @@ import { MailerConfig } from './mail.config';
 import { I18nContext } from 'nestjs-i18n';
 import { I18nTranslations } from '../i18n';
 import { MaybeType } from '~/common/types';
+import { MailData } from './mail-data.interface';
 
 @Injectable()
 export class MailService {
@@ -136,79 +137,71 @@ export class MailService {
             });
     }
 
-    // async sendForgotPasswordMail(
-    //     { userEmail, firstName, otpCode }: ForgotPasswordEmailDTO,
-    //     lang,
-    //     transporter?: string,
-    //     retryCount = 0,
-    // ) {
-    //     const i18Context = new I18nContext(lang, this.i18n);
-    //     if (retryCount > this.MAX_RETRIES) {
-    //         this.logger.debug(`Send mail failed: too many retries`);
-    //         return {
-    //             message: 'Failed to send email',
-    //         };
-    //     }
-
-    //     const transporterName = this.resolveTransporter(transporter);
-    //     const message = `Mail sent: ${userEmail}`;
-    //     this.logger.debug(
-    //         `Sending forgot password mail to ${userEmail} with transporter: ${transporterName}`,
-    //     );
-    //     return this.mailerService
-    //         .sendMail({
-    //             transporterName,
-    //             to: userEmail,
-    //             subject: i18Context.t('emailMessage.RESET_PASSWORD_SUBJECT'),
-    //             template: 'forgot-password',
-    //             context: {
-    //                 userEmail,
-    //                 firstName,
-    //                 otpCode,
-    //                 FORGOT_PASSWORD_TEXT_1: i18Context.t('emailMessage.FORGOT_PASSWORD_TEXT_1'),
-    //                 YOUR_OTP_CODE_TEXT: i18Context.t('emailMessage.YOUR_OTP_CODE_TEXT'),
-    //                 EXPIRED_TIME_OTP_TEXT: i18Context.t('emailMessage.EXPIRED_TIME_OTP_TEXT', {
-    //                     args: {
-    //                         time: '5',
-    //                     },
-    //                 }),
-    //                 INSTRUCTIONS: i18Context.t('emailMessage.INSTRUCTIONS'),
-    //                 INSTRUCTIONS_TEXT_ENTER_OTP_RESET_PASSWORD: i18Context.t(
-    //                     'emailMessage.INSTRUCTIONS_TEXT_ENTER_OTP_RESET_PASSWORD',
-    //                 ),
-    //                 EMAIL_CREDIT: i18Context.t('emailMessage.EMAIL_CREDIT'),
-    //             },
-    //             attachments: [
-    //                 {
-    //                     filename: 'logo-red.png',
-    //                     path: join(this.TEMPLATES_PATH, 'images/logo-red.png'),
-    //                     cid: 'logo_red',
-    //                 },
-    //             ],
-    //         })
-    //         .then(() => {
-    //             this.logger.debug(`Mail sent: ${userEmail}`);
-    //             return {
-    //                 message: message,
-    //             };
-    //         })
-    //         .catch(async (error) => {
-    //             this.logger.debug(`Send mail failed: ${error.message}`);
-    //             transporter = this.getNextTransporter(transporterName);
-    //             this.logger.debug(`Retry send mail with transporter: ${transporter}`);
-    //             return await this.sendForgotPasswordMail(
-    //                 { userEmail, firstName, otpCode },
-    //                 lang,
-    //                 transporter,
-    //                 retryCount + 1,
-    //             );
-    //         })
-    //         .finally(() => {
-    //             return {
-    //                 message: message,
-    //             };
-    //         });
-    // }
+    async forgotPassword(
+        mailData: MailData<{ hash: string; tokenExpires: number }>,
+        retryData: {
+            retryCount?: number;
+            transporter?: string;
+        } = { retryCount: 0, transporter: SENDGRID_TRANSPORT },
+    ) {
+        const { retryCount = 0, transporter = SENDGRID_TRANSPORT } = retryData;
+
+        if (retryCount > this.MAX_RETRIES) {
+            this.logger.debug(`Send mail failed: too many retries`);
+            return {
+                message: 'Failed to send email',
+            };
+        }
+
+        const i18n = I18nContext.current<I18nTranslations>();
+        let resetPasswordTitle: MaybeType<string>;
+        let text1: MaybeType<string>;
+        let text2: MaybeType<string>;
+        let text3: MaybeType<string>;
+        let text4: MaybeType<string>;
+
+        if (i18n) {
+            [resetPasswordTitle, text1, text2, text3, text4] = await Promise.all([
+                i18n.t('mail-context.RESET_PASSWORD.title'),
+                i18n.t('mail-context.RESET_PASSWORD.text1'),
+                i18n.t('mail-context.RESET_PASSWORD.text2'),
+                i18n.t('mail-context.RESET_PASSWORD.text3'),
+                i18n.t('mail-context.RESET_PASSWORD.text4'),
+            ]);
+        }
+
+        const url = new URL(process.env.FE_DOMAIN + '/password-change');
+        url.searchParams.set('hash', mailData.data.hash);
+        url.searchParams.set('expires', mailData.data.tokenExpires.toString());
+
+        let transporterName = this.resolveTransporter(transporter);
+        await this.mailerService
+            .sendMail({
+                to: mailData.to,
+                subject: resetPasswordTitle,
+                text: `${url.toString()} ${resetPasswordTitle}`,
+                template: 'reset-password',
+                context: {
+                    title: resetPasswordTitle,
+                    url: url.toString(),
+                    actionTitle: resetPasswordTitle,
+                    app_name: 'TechCell.cloud',
+                    text1,
+                    text2,
+                    text3,
+                    text4,
+                },
+            })
+            .catch(async (error) => {
+                this.logger.debug(`Send mail failed: ${error.message}`);
+                transporterName = this.getNextTransporter(transporterName);
+                this.logger.debug(`Retry send mail with transporter: ${transporterName}`);
+                await this.forgotPassword(mailData, {
+                    transporter: transporterName,
+                    retryCount: retryCount + 1,
+                });
+            });
+    }
 
     private resolveTransporter(transporter = SENDGRID_TRANSPORT) {
         if (!this.TRANSPORTERS.includes(transporter)) {
