src/auth/auth.controller.ts
auth
Methods |
|
| Async changePassword | |||||||||
changePassword(userId: string, body: literal type)
|
|||||||||
Decorators :
@Post('change-password')
|
|||||||||
|
Defined in src/auth/auth.controller.ts:67
|
|||||||||
|
Parameters :
Returns :
unknown
|
| Async disable2fa | |||||||||
disable2fa(userId: string, body: literal type)
|
|||||||||
Decorators :
@Post('2fa/disable')
|
|||||||||
|
Defined in src/auth/auth.controller.ts:134
|
|||||||||
|
Parameters :
Returns :
unknown
|
| Async forgotPassword | ||||||
forgotPassword(body: literal type)
|
||||||
Decorators :
@Post('forgot-password')
|
||||||
|
Defined in src/auth/auth.controller.ts:51
|
||||||
|
Parameters :
Returns :
unknown
|
| Async login | |||||||||
login(dto: LoginDto, req: Request)
|
|||||||||
Decorators :
@Post('login')
|
|||||||||
|
Defined in src/auth/auth.controller.ts:29
|
|||||||||
|
Parameters :
Returns :
unknown
|
| Async me | ||||||
me(userId: string)
|
||||||
Decorators :
@Get('me')
|
||||||
|
Defined in src/auth/auth.controller.ts:78
|
||||||
|
Parameters :
Returns :
unknown
|
| Async refresh | ||||||
refresh(refreshToken: string)
|
||||||
Decorators :
@Post('refresh')
|
||||||
|
Defined in src/auth/auth.controller.ts:43
|
||||||
|
Parameters :
Returns :
unknown
|
| Async register | ||||||
register(dto: RegisterDto)
|
||||||
Decorators :
@Post('register')
|
||||||
|
Defined in src/auth/auth.controller.ts:36
|
||||||
|
Parameters :
Returns :
unknown
|
| Async registerDeviceToken | |||||||||
registerDeviceToken(userId: string, body: literal type)
|
|||||||||
Decorators :
@Post('device-token')
|
|||||||||
|
Defined in src/auth/auth.controller.ts:87
|
|||||||||
|
Parameters :
Returns :
unknown
|
| Async resetPassword | ||||||
resetPassword(body: literal type)
|
||||||
Decorators :
@Post('reset-password')
|
||||||
|
Defined in src/auth/auth.controller.ts:58
|
||||||
|
Parameters :
Returns :
unknown
|
| Async start2faEnrollment | ||||||
start2faEnrollment(userId: string)
|
||||||
Decorators :
@Post('2fa/enroll')
|
||||||
|
Defined in src/auth/auth.controller.ts:113
|
||||||
|
Parameters :
Returns :
unknown
|
| Async verify2faEnrollment | |||||||||
verify2faEnrollment(userId: string, body: literal type)
|
|||||||||
Decorators :
@Post('2fa/verify-enrollment')
|
|||||||||
|
Defined in src/auth/auth.controller.ts:122
|
|||||||||
|
Parameters :
Returns :
unknown
|
| Async verify2faLogin | |||||||||
verify2faLogin(body: literal type, req: Request)
|
|||||||||
Decorators :
@Post('2fa/verify-login')
|
|||||||||
|
Defined in src/auth/auth.controller.ts:100
|
|||||||||
|
Parameters :
Returns :
unknown
|
import {
Controller,
Post,
Get,
Body,
Req,
UseGuards,
HttpCode,
HttpStatus,
} from '@nestjs/common';
import { Request } from 'express';
import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
import { Throttle } from '@nestjs/throttler';
import { AuthService } from './auth.service';
import { LoginDto } from './dto/login.dto';
import { RegisterDto } from './dto/register.dto';
import { JwtAuthGuard } from './guards/jwt-auth.guard';
import { CurrentUser } from './decorators/current-user.decorator';
@ApiTags('Auth')
@Controller('auth')
export class AuthController {
constructor(private readonly authService: AuthService) {}
@Post('login')
@Throttle({ short: { ttl: 60000, limit: 20 }, medium: { ttl: 600000, limit: 60 } }) // 20 per minute, 60 per 10 min
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Login with email and password' })
async login(@Body() dto: LoginDto, @Req() req: Request) {
const ip = req.headers['x-forwarded-for'] as string || req.ip || 'unknown';
return this.authService.login(dto, ip);
}
@Post('register')
@ApiOperation({ summary: 'Register a new user' })
async register(@Body() dto: RegisterDto) {
return this.authService.register(dto);
}
@Post('refresh')
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Refresh access token' })
async refresh(@Body('refreshToken') refreshToken: string) {
return this.authService.refresh(refreshToken);
}
@Post('forgot-password')
@Throttle({ short: { ttl: 60000, limit: 3 }, medium: { ttl: 600000, limit: 5 } }) // 3 per minute, 5 per 10 min
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Request a password reset link' })
async forgotPassword(@Body() body: { email: string }) {
return this.authService.requestPasswordReset(body.email);
}
@Post('reset-password')
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Reset password with token' })
async resetPassword(@Body() body: { token: string; email: string; password: string }) {
return this.authService.resetPassword(body.token, body.email, body.password);
}
@Post('change-password')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Change password (authenticated)' })
async changePassword(
@CurrentUser('id') userId: string,
@Body() body: { currentPassword: string; newPassword: string },
) {
return this.authService.changePassword(userId, body.currentPassword, body.newPassword);
}
@Get('me')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@ApiOperation({ summary: 'Get current user profile' })
async me(@CurrentUser('id') userId: string) {
return this.authService.getProfile(userId);
}
@Post('device-token')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Register FCM device token for push notifications' })
async registerDeviceToken(
@CurrentUser('id') userId: string,
@Body() body: { token: string; platform?: string },
) {
return this.authService.saveDeviceToken(userId, body.token, body.platform);
}
// ── 2FA / TOTP ───────────────────────────────────────────────────────
@Post('2fa/verify-login')
@Throttle({ short: { ttl: 60000, limit: 10 }, medium: { ttl: 600000, limit: 30 } })
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Verify a TOTP code as the second leg of login' })
async verify2faLogin(
@Body() body: { twoFactorToken: string; code: string },
@Req() req: Request,
) {
const ip = (req.headers['x-forwarded-for'] as string) || req.ip || 'unknown';
return this.authService.verify2faLogin(body.twoFactorToken, body.code, ip);
}
@Post('2fa/enroll')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Begin 2FA enrollment — returns secret + QR code' })
async start2faEnrollment(@CurrentUser('id') userId: string) {
return this.authService.start2faEnrollment(userId);
}
@Post('2fa/verify-enrollment')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Confirm 2FA enrollment by submitting the first code' })
async verify2faEnrollment(
@CurrentUser('id') userId: string,
@Body() body: { code: string },
) {
return this.authService.verify2faEnrollment(userId, body.code);
}
@Post('2fa/disable')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Disable 2FA — requires re-confirming current password' })
async disable2fa(
@CurrentUser('id') userId: string,
@Body() body: { currentPassword: string },
) {
return this.authService.disable2fa(userId, body.currentPassword);
}
}