forked from Ynov/ptitspas-ynov-back
129 lines
4.2 KiB
TypeScript
129 lines
4.2 KiB
TypeScript
import {
|
|
ConflictException,
|
|
Injectable,
|
|
UnauthorizedException,
|
|
} from '@nestjs/common';
|
|
import { UserService } from '../user/user.service';
|
|
import { JwtService } from '@nestjs/jwt';
|
|
import * as bcrypt from 'bcrypt';
|
|
import { RegisterDto } from '../user/dto/register.dto';
|
|
import { ConfigService } from '@nestjs/config';
|
|
import { RoleType, StatutUtilisateurType, Users } from 'src/entities/users.entity';
|
|
import { LoginDto } from '../user/dto/login.dto';
|
|
import { DeepPartial } from 'typeorm';
|
|
|
|
@Injectable()
|
|
export class AuthService {
|
|
constructor(
|
|
private readonly usersService: UserService,
|
|
private readonly jwtService: JwtService,
|
|
private readonly configService: ConfigService,
|
|
) { }
|
|
|
|
/**
|
|
* Génère un access_token et un refresh_token
|
|
*/
|
|
async generateTokens(userId: string, email: string, role: RoleType) {
|
|
const secret = this.configService.get<string>('jwt.secret');
|
|
const expiresIn = this.configService.get<string>('jwt.expiresIn');
|
|
|
|
const [accessToken, refreshToken] = await Promise.all([
|
|
this.jwtService.signAsync({ sub: userId, email, role }, { secret, expiresIn }),
|
|
this.jwtService.signAsync({ sub: userId }, { secret, expiresIn }),
|
|
]);
|
|
|
|
return {
|
|
access_token: accessToken,
|
|
refresh_token: refreshToken,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Connexion utilisateur
|
|
*/
|
|
async login(dto: LoginDto) {
|
|
try {
|
|
const user = await this.usersService.findByEmailOrNull(dto.email);
|
|
|
|
if (!user) {
|
|
throw new UnauthorizedException('Email invalide');
|
|
}
|
|
|
|
// const isMatch = await bcrypt.compare(dto.password, user.password);
|
|
// if (!isMatch) {
|
|
// throw new UnauthorizedException('Mot de passe invalide');
|
|
// }
|
|
if (user.password !== dto.password) {
|
|
throw new UnauthorizedException('Mot de passe invalide');
|
|
}
|
|
|
|
return this.generateTokens(user.id, user.email, user.role);
|
|
} catch (error) {
|
|
console.error('Erreur de connexion :', error);
|
|
throw new UnauthorizedException('Identifiants invalides');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Rafraîchir les tokens
|
|
*/
|
|
async refreshTokens(refreshToken: string) {
|
|
try {
|
|
const payload = await this.jwtService.verifyAsync(refreshToken, {
|
|
secret: this.configService.get<string>('jwt.refresh_token_secret'),
|
|
});
|
|
|
|
const user = await this.usersService.findOne(payload.sub);
|
|
if (!user) {
|
|
throw new UnauthorizedException('Utilisateur introuvable');
|
|
}
|
|
|
|
return this.generateTokens(user.id, user.email, user.role);
|
|
} catch {
|
|
throw new UnauthorizedException('Refresh token invalide');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Inscription utilisateur lambda (parent ou assistante maternelle)
|
|
*/
|
|
async register(registerDto: RegisterDto) {
|
|
const exists = await this.usersService.findByEmailOrNull(registerDto.email);
|
|
if (exists) {
|
|
throw new ConflictException('Email déjà utilisé');
|
|
}
|
|
|
|
const allowedRoles = new Set<RoleType>([RoleType.PARENT, RoleType.ASSISTANTE_MATERNELLE]);
|
|
if (!allowedRoles.has(registerDto.role)) {
|
|
registerDto.role = RoleType.PARENT;
|
|
}
|
|
|
|
registerDto.statut = StatutUtilisateurType.EN_ATTENTE;
|
|
|
|
if (!registerDto.consentement_photo) {
|
|
registerDto.date_consentement_photo = null;
|
|
} else if (registerDto.date_consentement_photo) {
|
|
const date = new Date(registerDto.date_consentement_photo);
|
|
if (isNaN(date.getTime())) {
|
|
registerDto.date_consentement_photo = null;
|
|
}
|
|
}
|
|
|
|
const user = await this.usersService.createUser(registerDto);
|
|
|
|
const tokens = await this.generateTokens(user.id, user.email, user.role);
|
|
|
|
return {
|
|
...tokens,
|
|
user: {
|
|
id: user.id,
|
|
email: user.email,
|
|
role: user.role,
|
|
prenom: user.prenom,
|
|
nom: user.nom,
|
|
statut: user.statut,
|
|
},
|
|
};
|
|
}
|
|
}
|