From 41b4e2092ea6babedf77297d08e411fd850be07f Mon Sep 17 00:00:00 2001 From: hoanninh123 Date: Fri, 3 Jul 2026 00:53:41 +0700 Subject: [PATCH] fix(FI-12): add role and status to profile and fix refresh token endpoint --- backend/src/core/api/auth/auth.controller.js | 3 ++- backend/src/core/api/auth/auth.resolver.js | 3 +-- backend/src/core/modules/auth/auth.repository.js | 6 ++++++ .../src/core/modules/auth/service/auth.service.js | 12 +++++++++++- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/backend/src/core/api/auth/auth.controller.js b/backend/src/core/api/auth/auth.controller.js index 6b36f6a..a7f2d79 100644 --- a/backend/src/core/api/auth/auth.controller.js +++ b/backend/src/core/api/auth/auth.controller.js @@ -43,10 +43,11 @@ class Controller { } refreshToken = async req => { - const data = await this.service.refreshToken(RefreshTokenDto(req.body), req.user.payload.id); + const data = await this.service.refreshToken(RefreshTokenDto(req.body)); return ValidHttpResponse.toOkResponse(data); } + logout = async req => { const data = await this.service.logout(LogoutDto(req.body)); return ValidHttpResponse.toOkResponse(data); diff --git a/backend/src/core/api/auth/auth.resolver.js b/backend/src/core/api/auth/auth.resolver.js index 52be7de..7fdb300 100644 --- a/backend/src/core/api/auth/auth.resolver.js +++ b/backend/src/core/api/auth/auth.resolver.js @@ -76,11 +76,10 @@ export const AuthResolver = Module.builder() route: '/refresh-token', method: 'post', interceptors: [RefreshTokenInterceptor], - middleware: [authMiddleware], body: 'RefreshTokenDto', controller: AuthController.refreshToken, - preAuthorization: true, }, + { route: '/logout', method: 'post', diff --git a/backend/src/core/modules/auth/auth.repository.js b/backend/src/core/modules/auth/auth.repository.js index 4896184..1df2139 100644 --- a/backend/src/core/modules/auth/auth.repository.js +++ b/backend/src/core/modules/auth/auth.repository.js @@ -11,9 +11,15 @@ const PROFILE_SELECT = { subscriptions: { select: { plan_name: true }, }, + roles: { + select: { name: true }, + }, + banned_by: true, + is_email_confirmed: true, created_at: true, }; + const ROLE_SELECT = { roles: { select: { name: true }, diff --git a/backend/src/core/modules/auth/service/auth.service.js b/backend/src/core/modules/auth/service/auth.service.js index 425190a..fb44310 100644 --- a/backend/src/core/modules/auth/service/auth.service.js +++ b/backend/src/core/modules/auth/service/auth.service.js @@ -238,7 +238,7 @@ class Service { }; } - async refreshToken(refreshTokenDto, userId) { + async refreshToken(refreshTokenDto) { const result = await this.repository.findRefreshToken(refreshTokenDto.refresh_token); if (!result) { throw new UnAuthorizedException('Invalid or expired refresh token'); @@ -247,6 +247,7 @@ class Service { throw new UnAuthorizedException('Invalid or expired refresh token'); } + const userId = result.user_id; const roleNames = await this.#getRoleNames(userId); const { accessToken, refreshToken } = await this.#issueTokens(userId, roleNames); @@ -316,6 +317,13 @@ class Service { } #mapProfile(user) { + let status = 'ACTIVE'; + if (user.banned_by) { + status = 'BANNED'; + } else if (!user.is_email_confirmed) { + status = 'INACTIVE'; + } + return { id: user.id, avatarUrl: user.avatar_url ?? null, @@ -324,6 +332,8 @@ class Service { phone: user.phone ?? null, dateOfBirth: user.date_of_birth ?? null, location: user.location ?? null, + roleName: user.roles?.name ? user.roles.name.toUpperCase() : null, + status, subscriptions: user.subscriptions ? { planName: user.subscriptions.plan_name ?? null } : undefined,