From 7436a5fa6a2b3f61b5b2fbb522b79f5f5e515b67 Mon Sep 17 00:00:00 2001 From: Tim Tian Date: Sun, 2 Nov 2025 13:23:13 +1100 Subject: [PATCH 1/8] fix(DIS-158): Add security fix for findByIdAndUpdate and sanitize verification update data --- src/modules/setting/verification.service.ts | 35 +++++++++++++++++++-- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/src/modules/setting/verification.service.ts b/src/modules/setting/verification.service.ts index c29d0dd9..67bbe729 100644 --- a/src/modules/setting/verification.service.ts +++ b/src/modules/setting/verification.service.ts @@ -1,4 +1,8 @@ -import { Injectable, NotFoundException } from '@nestjs/common'; +import { + BadRequestException, + Injectable, + NotFoundException, +} from '@nestjs/common'; import { InjectModel } from '@nestjs/mongoose'; import { Model, Types } from 'mongoose'; @@ -17,6 +21,25 @@ export interface UpdateVerificationDto { emailVerified?: boolean; } +// Only allow primitive values for listed keys, ignore all others +function sanitizeVerificationUpdate(input: Record): Partial { + const allowedKeys = ['type', 'mobile', 'email', 'mobileVerified', 'emailVerified', 'marketingPromotions']; + const output: Record = {}; + for (const key of allowedKeys) { + if (Object.prototype.hasOwnProperty.call(input, key)) { + const value = input[key]; + // Only allow primitive values (string, boolean, number, null/undefined) + if (value === null || value === undefined || + typeof value === 'string' || + typeof value === 'boolean' || + typeof value === 'number') { + output[key] = value; + } + } + } + return output as Partial; +} + @Injectable() export class VerificationService { constructor( @@ -54,17 +77,23 @@ export class VerificationService { ): Promise { // If mobile number is being updated, also update User model if (updateData.mobile !== undefined) { + if (typeof updateData.mobile !== 'string') { + throw new BadRequestException('Mobile number must be a string'); + } await this.userModel.findByIdAndUpdate( - userId, + { _id: { $eq: new Types.ObjectId(userId) } }, { fullPhoneNumber: updateData.mobile }, { new: true }, ); } + // Sanitize updateData to allow only expected fields, preventing operator injection + const safeUpdate = sanitizeVerificationUpdate(updateData as unknown as Record); + const verification = await this.verificationModel .findOneAndUpdate( { userId: new Types.ObjectId(userId) }, - { ...updateData }, + safeUpdate, { new: true, upsert: true }, ) .exec(); From 5ff03c84e55d9f1a2f92fddd48368d48a4f0efbb Mon Sep 17 00:00:00 2001 From: Tim Tian Date: Tue, 4 Nov 2025 23:44:45 +1100 Subject: [PATCH 2/8] feat: Add email and SMS verification endpoints for DIS-158 - Update verification controller routes to match frontend API expectations - Add sendEmailVerification and sendSmsVerification endpoints - Add verifyEmail and verifySms endpoints with code support - Update verification service with stub implementations for code sending --- .../setting/verification.controller.ts | 60 +++++++++++++------ src/modules/setting/verification.service.ts | 56 ++++++++++++----- 2 files changed, 85 insertions(+), 31 deletions(-) diff --git a/src/modules/setting/verification.controller.ts b/src/modules/setting/verification.controller.ts index c27cbeb6..465e4fbe 100644 --- a/src/modules/setting/verification.controller.ts +++ b/src/modules/setting/verification.controller.ts @@ -16,11 +16,11 @@ import { import { Verification } from './schema/verification.schema'; @ApiTags('verification') -@Controller('api/settings/user') +@Controller('verification/user') export class VerificationController { constructor(private readonly verificationService: VerificationService) {} - @Get(':userId/verification') + @Get(':userId') @ApiOperation({ summary: 'Get user verification settings' }) @ApiParam({ name: 'userId', description: 'User ID' }) @ApiOkResponse({ @@ -34,7 +34,7 @@ export class VerificationController { return this.verificationService.getVerification(userId); } - @Put(':userId/verification') + @Put(':userId') @ApiOperation({ summary: 'Update user verification settings' }) @ApiParam({ name: 'userId', description: 'User ID' }) @ApiOkResponse({ description: 'Verification settings updated successfully' }) @@ -47,29 +47,55 @@ export class VerificationController { return this.verificationService.updateVerification(userId, updateData); } - @Post(':userId/verification/mobile') - @ApiOperation({ summary: 'Verify mobile number' }) + @Post(':userId/email/send') + @ApiOperation({ summary: 'Send email verification code' }) @ApiParam({ name: 'userId', description: 'User ID' }) - @ApiOkResponse({ description: 'Mobile number verified successfully' }) - @ApiBadRequestResponse({ description: 'Invalid mobile number' }) - @ApiNotFoundResponse({ description: 'Verification record not found' }) - async verifyMobile( + @ApiOkResponse({ description: 'Verification email sent successfully' }) + @ApiBadRequestResponse({ description: 'Invalid email address' }) + @ApiNotFoundResponse({ description: 'User not found' }) + async sendEmailVerification( @Param('userId') userId: string, - @Body() { mobile }: { mobile: string }, - ): Promise { - return this.verificationService.verifyMobile(userId, mobile); + @Body() { email }: { email: string }, + ): Promise<{ success: boolean; message?: string }> { + return this.verificationService.sendEmailVerification(userId, email); } - @Post(':userId/verification/email') - @ApiOperation({ summary: 'Verify email address' }) + @Post(':userId/email/verify') + @ApiOperation({ summary: 'Verify email address with code' }) @ApiParam({ name: 'userId', description: 'User ID' }) @ApiOkResponse({ description: 'Email address verified successfully' }) - @ApiBadRequestResponse({ description: 'Invalid email address' }) + @ApiBadRequestResponse({ description: 'Invalid verification code' }) @ApiNotFoundResponse({ description: 'Verification record not found' }) async verifyEmail( @Param('userId') userId: string, - @Body() { email }: { email: string }, + @Body() { email, code }: { email: string; code: string }, + ): Promise { + return this.verificationService.verifyEmail(userId, email, code); + } + + @Post(':userId/mobile/send') + @ApiOperation({ summary: 'Send SMS verification code' }) + @ApiParam({ name: 'userId', description: 'User ID' }) + @ApiOkResponse({ description: 'SMS verification sent successfully' }) + @ApiBadRequestResponse({ description: 'Invalid phone number' }) + @ApiNotFoundResponse({ description: 'User not found' }) + async sendSmsVerification( + @Param('userId') userId: string, + @Body() { mobile }: { mobile: string }, + ): Promise<{ success: boolean; message?: string }> { + return this.verificationService.sendSmsVerification(userId, mobile); + } + + @Post(':userId/mobile/verify') + @ApiOperation({ summary: 'Verify mobile number with SMS code' }) + @ApiParam({ name: 'userId', description: 'User ID' }) + @ApiOkResponse({ description: 'Mobile number verified successfully' }) + @ApiBadRequestResponse({ description: 'Invalid verification code' }) + @ApiNotFoundResponse({ description: 'Verification record not found' }) + async verifySms( + @Param('userId') userId: string, + @Body() { mobile, code }: { mobile: string; code: string }, ): Promise { - return this.verificationService.verifyEmail(userId, email); + return this.verificationService.verifySms(userId, mobile, code); } } diff --git a/src/modules/setting/verification.service.ts b/src/modules/setting/verification.service.ts index 67bbe729..6298aed5 100644 --- a/src/modules/setting/verification.service.ts +++ b/src/modules/setting/verification.service.ts @@ -101,35 +101,63 @@ export class VerificationService { return verification; } - async verifyMobile(userId: string, _mobile: string): Promise { + async sendEmailVerification( + userId: string, + email: string, + ): Promise<{ success: boolean; message?: string }> { + // TODO: Implement email verification code sending + // For now, return success to allow frontend to work + return { + success: true, + message: 'Verification email sent (implementation pending)', + }; + } + + async verifyEmail( + userId: string, + email: string, + code: string, + ): Promise { + // TODO: Implement email verification code validation + // For now, verify email without code check const verification = await this.verificationModel .findOneAndUpdate( { userId: new Types.ObjectId(userId) }, - { mobileVerified: true }, - { new: true }, + { emailVerified: true, email }, + { new: true, upsert: true }, ) .exec(); - if (!verification) { - throw new NotFoundException('Verification record not found'); - } - return verification; } - async verifyEmail(userId: string, _email: string): Promise { + async sendSmsVerification( + userId: string, + mobile: string, + ): Promise<{ success: boolean; message?: string }> { + // TODO: Implement SMS verification code sending + // For now, return success to allow frontend to work + return { + success: true, + message: 'SMS verification sent (implementation pending)', + }; + } + + async verifySms( + userId: string, + mobile: string, + code: string, + ): Promise { + // TODO: Implement SMS verification code validation + // For now, verify mobile without code check const verification = await this.verificationModel .findOneAndUpdate( { userId: new Types.ObjectId(userId) }, - { emailVerified: true }, - { new: true }, + { mobileVerified: true, mobile }, + { new: true, upsert: true }, ) .exec(); - if (!verification) { - throw new NotFoundException('Verification record not found'); - } - return verification; } } From 6b1fb2d02cb3a5097cd68942ff7afcdfa3caa153 Mon Sep 17 00:00:00 2001 From: Tim Tian Date: Sun, 16 Nov 2025 09:54:59 +1100 Subject: [PATCH 3/8] =?UTF-8?q?refactor:=20=E6=A8=A1=E5=9D=97=E5=8C=96?= =?UTF-8?q?=E9=82=AE=E4=BB=B6=E5=92=8CSMS=E9=AA=8C=E8=AF=81=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=EF=BC=8C=E6=8F=90=E5=8D=87=E5=8F=AF=E5=A4=8D=E7=94=A8?= =?UTF-8?q?=E6=80=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 创建接口抽象层 (IEmailVerificationService, ISmsVerificationService) - 提取可复用工具函数 (verification-code.util, phone-number.util, email-template.util) - 重构AWS SES和SNS服务实现接口 - 支持依赖注入,便于替换服务提供商 - 添加完整的README文档和使用示例 - 改进代码组织结构,遵循SOLID原则 --- package.json | 4 + pnpm-lock.yaml | 1328 +++++++++++++++++ src/modules/setting/README.md | 258 ++++ .../aws-ses-email-verification.service.ts | 117 ++ .../aws-sns-sms-verification.service.ts | 88 ++ .../setting/helpers/email-template.util.ts | 92 ++ .../setting/helpers/phone-number.util.ts | 69 + .../setting/helpers/verification-code.util.ts | 34 + .../email-verification.interface.ts | 20 + .../interfaces/sms-verification.interface.ts | 18 + .../setting/schema/verification.schema.ts | 35 + src/modules/setting/setting.module.ts | 30 +- src/modules/setting/verification.service.ts | 537 ++++++- 13 files changed, 2583 insertions(+), 47 deletions(-) create mode 100644 src/modules/setting/README.md create mode 100644 src/modules/setting/aws-ses-email-verification.service.ts create mode 100644 src/modules/setting/aws-sns-sms-verification.service.ts create mode 100644 src/modules/setting/helpers/email-template.util.ts create mode 100644 src/modules/setting/helpers/phone-number.util.ts create mode 100644 src/modules/setting/helpers/verification-code.util.ts create mode 100644 src/modules/setting/interfaces/email-verification.interface.ts create mode 100644 src/modules/setting/interfaces/sms-verification.interface.ts diff --git a/package.json b/package.json index 19500151..a62a8b62 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,7 @@ { "dependencies": { + "@aws-sdk/client-sesv2": "^3.930.0", + "@aws-sdk/client-sns": "^3.932.0", "@nestjs/axios": "^4.0.0", "@nestjs/common": "^11.0.11", "@nestjs/config": "^4.0.1", @@ -24,6 +26,7 @@ "mongoose": "^8.11.0", "morgan": "^1.10.0", "nest-winston": "^1.10.2", + "nodemailer": "^7.0.10", "passport": "^0.7.0", "passport-google-oauth20": "^2.0.0", "passport-jwt": "^4.0.1", @@ -64,6 +67,7 @@ "@types/jest": "^29.5.14", "@types/morgan": "^1.9.9", "@types/node": "^22.13.8", + "@types/nodemailer": "^7.0.3", "@types/passport-jwt": "^4.0.1", "@types/supertest": "^6.0.3", "@typescript-eslint/eslint-plugin": "^8.31.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c45a7f56..50d3f989 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -8,6 +8,12 @@ importers: .: dependencies: + '@aws-sdk/client-sesv2': + specifier: ^3.930.0 + version: 3.930.0 + '@aws-sdk/client-sns': + specifier: ^3.932.0 + version: 3.932.0 '@nestjs/axios': specifier: ^4.0.0 version: 4.0.1(@nestjs/common@11.1.6(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(axios@1.12.2)(rxjs@7.8.2) @@ -80,6 +86,9 @@ importers: nest-winston: specifier: ^1.10.2 version: 1.10.2(@nestjs/common@11.1.6(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(winston@3.17.0) + nodemailer: + specifier: ^7.0.10 + version: 7.0.10 passport: specifier: ^0.7.0 version: 0.7.0 @@ -144,6 +153,9 @@ importers: '@types/node': specifier: ^22.13.8 version: 22.18.6 + '@types/nodemailer': + specifier: ^7.0.3 + version: 7.0.3 '@types/passport-jwt': specifier: ^4.0.1 version: 4.0.1 @@ -216,6 +228,192 @@ packages: resolution: {integrity: sha512-kNOJ+3vekJJCQKWihNmxBkarJzNW09kP5a9E1SRNiQVNOUEeSwcRR0qYotM65nx821gNzjjhJXnAZ8OazWldrg==} engines: {node: ^18.19.1 || ^20.11.1 || >=22.0.0, npm: ^6.11.0 || ^7.5.6 || >=8.0.0, yarn: '>= 1.13.0'} + '@aws-crypto/sha256-browser@5.2.0': + resolution: {integrity: sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==} + + '@aws-crypto/sha256-js@5.2.0': + resolution: {integrity: sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==} + engines: {node: '>=16.0.0'} + + '@aws-crypto/supports-web-crypto@5.2.0': + resolution: {integrity: sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==} + + '@aws-crypto/util@5.2.0': + resolution: {integrity: sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==} + + '@aws-sdk/client-sesv2@3.930.0': + resolution: {integrity: sha512-S7Bq8NQe9FzjrOO/X1jx0k2VsBR98kf/AuDIJufaIHnH9N2VXT5/1X1Cb6IsS2tZObjCcBVRhgK/00pMqwxUxQ==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/client-sns@3.932.0': + resolution: {integrity: sha512-xkNxxViG9YOsm4DUYM8wQ8KnkAgc9yktVijbFKhIItEdlyaXl4A4sHATsOzZfhuqz/JGZnVF7gUGfBdntOtukA==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/client-sso@3.930.0': + resolution: {integrity: sha512-sASqgm1iMLcmi+srSH9WJuqaf3GQAKhuB4xIJwkNEPUQ+yGV8HqErOOHJLXXuTUyskcdtK+4uMaBRLT2ESm+QQ==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/client-sso@3.932.0': + resolution: {integrity: sha512-XHqHa5iv2OQsKoM2tUQXs7EAyryploC00Wg0XSFra/KAKqyGizUb5XxXsGlyqhebB29Wqur+zwiRwNmejmN0+Q==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/core@3.930.0': + resolution: {integrity: sha512-E95pWT1ayfRWg0AW2KNOCYM7QQcVeOhMRLX5PXLeDKcdxP7s3x0LHG9t7a3nPbAbvYLRrhC7O2lLWzzMCpqjsw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/core@3.932.0': + resolution: {integrity: sha512-AS8gypYQCbNojwgjvZGkJocC2CoEICDx9ZJ15ILsv+MlcCVLtUJSRSx3VzJOUY2EEIaGLRrPNlIqyn/9/fySvA==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-env@3.930.0': + resolution: {integrity: sha512-5tJyxNQmm9C1XKeiWt/K67mUHtTiU2FxTkVsqVrzAMjNsF3uyA02kyTK70byh5n29oVR9XNValVEl6jk01ipYg==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-env@3.932.0': + resolution: {integrity: sha512-ozge/c7NdHUDyHqro6+P5oHt8wfKSUBN+olttiVfBe9Mw3wBMpPa3gQ0pZnG+gwBkKskBuip2bMR16tqYvUSEA==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-http@3.930.0': + resolution: {integrity: sha512-vw565GctpOPoRJyRvgqXM8U/4RG8wYEPfhe6GHvt9dchebw0OaFeW1mmSYpwEPkMhZs9Z808dkSPScwm8WZBKA==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-http@3.932.0': + resolution: {integrity: sha512-b6N9Nnlg8JInQwzBkUq5spNaXssM3h3zLxGzpPrnw0nHSIWPJPTbZzA5Ca285fcDUFuKP+qf3qkuqlAjGOdWhg==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-ini@3.930.0': + resolution: {integrity: sha512-Ua4T5MWjm7QdHi7ZSUvnPBFwBZmLFP/IEGCLacPKbUT1sQO30hlWuB/uQOj0ns4T6p7V4XsM8bz5+xsW2yRYbQ==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-ini@3.932.0': + resolution: {integrity: sha512-ZBjSAXVGy7danZRHCRMJQ7sBkG1Dz39thYlvTiUaf9BKZ+8ymeiFhuTeV1OkWUBBnY0ki2dVZJvboTqfINhNxA==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-node@3.930.0': + resolution: {integrity: sha512-LTx5G0PsL51hNCCzOIdacGPwqnTp3X2Ck8CjLL4Kz9FTR0mfY02qEJB5y5segU1hlge/WdQYxzBBMhtMUR2h8A==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-node@3.932.0': + resolution: {integrity: sha512-SEG9t2taBT86qe3gTunfrK8BxT710GVLGepvHr+X5Pw+qW225iNRaGN0zJH+ZE/j91tcW9wOaIoWnURkhR5wIg==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-process@3.930.0': + resolution: {integrity: sha512-lqC4lepxgwR2uZp/JROTRjkHld4/FEpSgofmiIOAfUfDx0OWSg7nkWMMS/DzlMpODqATl9tO0DcvmIJ8tMbh6g==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-process@3.932.0': + resolution: {integrity: sha512-BodZYKvT4p/Dkm28Ql/FhDdS1+p51bcZeMMu2TRtU8PoMDHnVDhHz27zASEKSZwmhvquxHrZHB0IGuVqjZUtSQ==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-sso@3.930.0': + resolution: {integrity: sha512-LIs2aaVoFfioRokR1R9SpLS9u8CmbHhrV/gpHO1ED41qNCujn23vAxRNQmWzJ2XoCxSTwvToiHD2i6CjPA6rHQ==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-sso@3.932.0': + resolution: {integrity: sha512-XYmkv+ltBjjmPZ6AmR1ZQZkQfD0uzG61M18/Lif3HAGxyg3dmod0aWx9aL6lj9SvxAGqzscrx5j4PkgLqjZruw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-web-identity@3.930.0': + resolution: {integrity: sha512-iIYF8GReLOp16yn2bnRWrc4UOW/vVLifqyRWZ3iAGe8NFzUiHBq+Nok7Edh+2D8zt30QOCOsWCZ31uRrPuXH8w==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/credential-provider-web-identity@3.932.0': + resolution: {integrity: sha512-Yw/hYNnC1KHuVIQF9PkLXbuKN7ljx70OSbJYDRufllQvej3kRwNcqQSnzI1M4KaObccqKaE6srg22DqpPy9p8w==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/middleware-host-header@3.930.0': + resolution: {integrity: sha512-x30jmm3TLu7b/b+67nMyoV0NlbnCVT5DI57yDrhXAPCtdgM1KtdLWt45UcHpKOm1JsaIkmYRh2WYu7Anx4MG0g==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/middleware-logger@3.930.0': + resolution: {integrity: sha512-vh4JBWzMCBW8wREvAwoSqB2geKsZwSHTa0nSt0OMOLp2PdTYIZDi0ZiVMmpfnjcx9XbS6aSluLv9sKx4RrG46A==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/middleware-recursion-detection@3.930.0': + resolution: {integrity: sha512-gv0sekNpa2MBsIhm2cjP3nmYSfI4nscx/+K9u9ybrWZBWUIC4kL2sV++bFjjUz4QxUIlvKByow3/a9ARQyCu7Q==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/middleware-sdk-s3@3.930.0': + resolution: {integrity: sha512-bnVK0xVVmrPyKTbV5MgG6KP7MPe87GngBPD5MrYj9kWmGrJIvnt0qer0UIgWAnsyCi7XrTfw7SMgYRpSxOYEMw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/middleware-user-agent@3.930.0': + resolution: {integrity: sha512-UUItqy02biaHoZDd1Z2CskFon3Lej15ZCIZzW4n2lsJmgLWNvz21jtFA8DQny7ZgCLAOOXI8YK3VLZptZWtIcg==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/middleware-user-agent@3.932.0': + resolution: {integrity: sha512-9BGTbJyA/4PTdwQWE9hAFIJGpsYkyEW20WON3i15aDqo5oRZwZmqaVageOD57YYqG8JDJjvcwKyDdR4cc38dvg==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/nested-clients@3.930.0': + resolution: {integrity: sha512-eEDjTVXNiDkoV0ZV+X+WV40GTpF70xZmDW13CQzQF7rzOC2iFjtTRU+F7MUhy/Vs+e9KvDgiuCDecITtaOXUNw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/nested-clients@3.932.0': + resolution: {integrity: sha512-E2ucBfiXSpxZflHTf3UFbVwao4+7v7ctAeg8SWuglc1UMqMlpwMFFgWiSONtsf0SR3+ZDoWGATyCXOfDWerJuw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/region-config-resolver@3.930.0': + resolution: {integrity: sha512-KL2JZqH6aYeQssu1g1KuWsReupdfOoxD6f1as2VC+rdwYFUu4LfzMsFfXnBvvQWWqQ7rZHWOw1T+o5gJmg7Dzw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/signature-v4-multi-region@3.930.0': + resolution: {integrity: sha512-UOAq1ftbrZc9HRP/nG970OONNykIDWunjth9GvGDODkW0FR7DHJWBmTwj61ZnrSiuSParp1eQfa+JsZ8eXNPcw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/token-providers@3.930.0': + resolution: {integrity: sha512-K+fJFJXA2Tdx10WhhTm+xQmf1WDHu14rUutByyqx6W0iW2rhtl3YeRr188LWSU3/hpz7BPyvigaAb0QyRti6FQ==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/token-providers@3.932.0': + resolution: {integrity: sha512-43u82ulVuHK4zWhcSPyuPS18l0LNHi3QJQ1YtP2MfP8bPf5a6hMYp5e3lUr9oTDEWcpwBYtOW0m1DVmoU/3veA==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/types@3.930.0': + resolution: {integrity: sha512-we/vaAgwlEFW7IeftmCLlLMw+6hFs3DzZPJw7lVHbj/5HJ0bz9gndxEsS2lQoeJ1zhiiLqAqvXxmM43s0MBg0A==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/util-arn-parser@3.893.0': + resolution: {integrity: sha512-u8H4f2Zsi19DGnwj5FSZzDMhytYF/bCh37vAtBsn3cNDL3YG578X5oc+wSX54pM3tOxS+NY7tvOAo52SW7koUA==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/util-endpoints@3.930.0': + resolution: {integrity: sha512-M2oEKBzzNAYr136RRc6uqw3aWlwCxqTP1Lawps9E1d2abRPvl1p1ztQmmXp1Ak4rv8eByIZ+yQyKQ3zPdRG5dw==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/util-locate-window@3.893.0': + resolution: {integrity: sha512-T89pFfgat6c8nMmpI8eKjBcDcgJq36+m9oiXbcUzeU55MP9ZuGgBomGjGnHaEyF36jenW9gmg3NfZDm0AO2XPg==} + engines: {node: '>=18.0.0'} + + '@aws-sdk/util-user-agent-browser@3.930.0': + resolution: {integrity: sha512-q6lCRm6UAe+e1LguM5E4EqM9brQlDem4XDcQ87NzEvlTW6GzmNCO0w1jS0XgCFXQHjDxjdlNFX+5sRbHijwklg==} + + '@aws-sdk/util-user-agent-node@3.930.0': + resolution: {integrity: sha512-tYc5uFKogn0vLukeZ6Zz2dR1/WiTjxZH7+Jjoce6aEYgRVfyrDje1POFb7YxhNZ7Pp1WzHCuwW2KgkmMoYVbxQ==} + engines: {node: '>=18.0.0'} + peerDependencies: + aws-crt: '>=1.0.0' + peerDependenciesMeta: + aws-crt: + optional: true + + '@aws-sdk/util-user-agent-node@3.932.0': + resolution: {integrity: sha512-/kC6cscHrZL74TrZtgiIL5jJNbVsw9duGGPurmaVgoCbP7NnxyaSWEurbNV3VPNPhNE3bV3g4Ci+odq+AlsYQg==} + engines: {node: '>=18.0.0'} + peerDependencies: + aws-crt: '>=1.0.0' + peerDependenciesMeta: + aws-crt: + optional: true + + '@aws-sdk/xml-builder@3.930.0': + resolution: {integrity: sha512-YIfkD17GocxdmlUVc3ia52QhcWuRIUJonbF8A2CYfcWNV3HzvAqpcPeC0bYUhkK+8e8YO1ARnLKZQE0TlwzorA==} + engines: {node: '>=18.0.0'} + + '@aws/lambda-invoke-store@0.1.1': + resolution: {integrity: sha512-RcLam17LdlbSOSp9VxmUu1eI6Mwxp+OwhD2QhiSNmNCzoDb0EeUXTD2n/WbcnrAYMGlmf05th6QYq23VqvJqpA==} + engines: {node: '>=18.0.0'} + '@babel/code-frame@7.27.1': resolution: {integrity: sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==} engines: {node: '>=6.9.0'} @@ -895,6 +1093,178 @@ packages: '@sinonjs/fake-timers@10.3.0': resolution: {integrity: sha512-V4BG07kuYSUkTCSBHG8G8TNhM+F19jXFWnQtzj+we8DrkpSBCee9Z3Ms8yiGer/dlmhe35/Xdgyo3/0rQKg7YA==} + '@smithy/abort-controller@4.2.5': + resolution: {integrity: sha512-j7HwVkBw68YW8UmFRcjZOmssE77Rvk0GWAIN1oFBhsaovQmZWYCIcGa9/pwRB0ExI8Sk9MWNALTjftjHZea7VA==} + engines: {node: '>=18.0.0'} + + '@smithy/config-resolver@4.4.3': + resolution: {integrity: sha512-ezHLe1tKLUxDJo2LHtDuEDyWXolw8WGOR92qb4bQdWq/zKenO5BvctZGrVJBK08zjezSk7bmbKFOXIVyChvDLw==} + engines: {node: '>=18.0.0'} + + '@smithy/core@3.18.3': + resolution: {integrity: sha512-qqpNskkbHOSfrbFbjhYj5o8VMXO26fvN1K/+HbCzUNlTuxgNcPRouUDNm+7D6CkN244WG7aK533Ne18UtJEgAA==} + engines: {node: '>=18.0.0'} + + '@smithy/credential-provider-imds@4.2.5': + resolution: {integrity: sha512-BZwotjoZWn9+36nimwm/OLIcVe+KYRwzMjfhd4QT7QxPm9WY0HiOV8t/Wlh+HVUif0SBVV7ksq8//hPaBC/okQ==} + engines: {node: '>=18.0.0'} + + '@smithy/fetch-http-handler@5.3.6': + resolution: {integrity: sha512-3+RG3EA6BBJ/ofZUeTFJA7mHfSYrZtQIrDP9dI8Lf7X6Jbos2jptuLrAAteDiFVrmbEmLSuRG/bUKzfAXk7dhg==} + engines: {node: '>=18.0.0'} + + '@smithy/hash-node@4.2.5': + resolution: {integrity: sha512-DpYX914YOfA3UDT9CN1BM787PcHfWRBB43fFGCYrZFUH0Jv+5t8yYl+Pd5PW4+QzoGEDvn5d5QIO4j2HyYZQSA==} + engines: {node: '>=18.0.0'} + + '@smithy/invalid-dependency@4.2.5': + resolution: {integrity: sha512-2L2erASEro1WC5nV+plwIMxrTXpvpfzl4e+Nre6vBVRR2HKeGGcvpJyyL3/PpiSg+cJG2KpTmZmq934Olb6e5A==} + engines: {node: '>=18.0.0'} + + '@smithy/is-array-buffer@2.2.0': + resolution: {integrity: sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==} + engines: {node: '>=14.0.0'} + + '@smithy/is-array-buffer@4.2.0': + resolution: {integrity: sha512-DZZZBvC7sjcYh4MazJSGiWMI2L7E0oCiRHREDzIxi/M2LY79/21iXt6aPLHge82wi5LsuRF5A06Ds3+0mlh6CQ==} + engines: {node: '>=18.0.0'} + + '@smithy/middleware-content-length@4.2.5': + resolution: {integrity: sha512-Y/RabVa5vbl5FuHYV2vUCwvh/dqzrEY/K2yWPSqvhFUwIY0atLqO4TienjBXakoy4zrKAMCZwg+YEqmH7jaN7A==} + engines: {node: '>=18.0.0'} + + '@smithy/middleware-endpoint@4.3.10': + resolution: {integrity: sha512-SoAag3QnWBFoXjwa1jenEThkzJYClidZUyqsLKwWZ8kOlZBwehrLBp4ygVDjNEM2a2AamCQ2FBA/HuzKJ/LiTA==} + engines: {node: '>=18.0.0'} + + '@smithy/middleware-retry@4.4.10': + resolution: {integrity: sha512-6fOwX34gXxcqKa3bsG0mR0arc2Cw4ddOS6tp3RgUD2yoTrDTbQ2aVADnDjhUuxaiDZN2iilxndgGDhnpL/XvJA==} + engines: {node: '>=18.0.0'} + + '@smithy/middleware-serde@4.2.5': + resolution: {integrity: sha512-La1ldWTJTZ5NqQyPqnCNeH9B+zjFhrNoQIL1jTh4zuqXRlmXhxYHhMtI1/92OlnoAtp6JoN7kzuwhWoXrBwPqg==} + engines: {node: '>=18.0.0'} + + '@smithy/middleware-stack@4.2.5': + resolution: {integrity: sha512-bYrutc+neOyWxtZdbB2USbQttZN0mXaOyYLIsaTbJhFsfpXyGWUxJpEuO1rJ8IIJm2qH4+xJT0mxUSsEDTYwdQ==} + engines: {node: '>=18.0.0'} + + '@smithy/node-config-provider@4.3.5': + resolution: {integrity: sha512-UTurh1C4qkVCtqggI36DGbLB2Kv8UlcFdMXDcWMbqVY2uRg0XmT9Pb4Vj6oSQ34eizO1fvR0RnFV4Axw4IrrAg==} + engines: {node: '>=18.0.0'} + + '@smithy/node-http-handler@4.4.5': + resolution: {integrity: sha512-CMnzM9R2WqlqXQGtIlsHMEZfXKJVTIrqCNoSd/QpAyp+Dw0a1Vps13l6ma1fH8g7zSPNsA59B/kWgeylFuA/lw==} + engines: {node: '>=18.0.0'} + + '@smithy/property-provider@4.2.5': + resolution: {integrity: sha512-8iLN1XSE1rl4MuxvQ+5OSk/Zb5El7NJZ1td6Tn+8dQQHIjp59Lwl6bd0+nzw6SKm2wSSriH2v/I9LPzUic7EOg==} + engines: {node: '>=18.0.0'} + + '@smithy/protocol-http@5.3.5': + resolution: {integrity: sha512-RlaL+sA0LNMp03bf7XPbFmT5gN+w3besXSWMkA8rcmxLSVfiEXElQi4O2IWwPfxzcHkxqrwBFMbngB8yx/RvaQ==} + engines: {node: '>=18.0.0'} + + '@smithy/querystring-builder@4.2.5': + resolution: {integrity: sha512-y98otMI1saoajeik2kLfGyRp11e5U/iJYH/wLCh3aTV/XutbGT9nziKGkgCaMD1ghK7p6htHMm6b6scl9JRUWg==} + engines: {node: '>=18.0.0'} + + '@smithy/querystring-parser@4.2.5': + resolution: {integrity: sha512-031WCTdPYgiQRYNPXznHXof2YM0GwL6SeaSyTH/P72M1Vz73TvCNH2Nq8Iu2IEPq9QP2yx0/nrw5YmSeAi/AjQ==} + engines: {node: '>=18.0.0'} + + '@smithy/service-error-classification@4.2.5': + resolution: {integrity: sha512-8fEvK+WPE3wUAcDvqDQG1Vk3ANLR8Px979te96m84CbKAjBVf25rPYSzb4xU4hlTyho7VhOGnh5i62D/JVF0JQ==} + engines: {node: '>=18.0.0'} + + '@smithy/shared-ini-file-loader@4.4.0': + resolution: {integrity: sha512-5WmZ5+kJgJDjwXXIzr1vDTG+RhF9wzSODQBfkrQ2VVkYALKGvZX1lgVSxEkgicSAFnFhPj5rudJV0zoinqS0bA==} + engines: {node: '>=18.0.0'} + + '@smithy/signature-v4@5.3.5': + resolution: {integrity: sha512-xSUfMu1FT7ccfSXkoLl/QRQBi2rOvi3tiBZU2Tdy3I6cgvZ6SEi9QNey+lqps/sJRnogIS+lq+B1gxxbra2a/w==} + engines: {node: '>=18.0.0'} + + '@smithy/smithy-client@4.9.6': + resolution: {integrity: sha512-hGz42hggqReicRRZUvrKDQiAmoJnx1Q+XfAJnYAGu544gOfxQCAC3hGGD7+Px2gEUUxB/kKtQV7LOtBRNyxteQ==} + engines: {node: '>=18.0.0'} + + '@smithy/types@4.9.0': + resolution: {integrity: sha512-MvUbdnXDTwykR8cB1WZvNNwqoWVaTRA0RLlLmf/cIFNMM2cKWz01X4Ly6SMC4Kks30r8tT3Cty0jmeWfiuyHTA==} + engines: {node: '>=18.0.0'} + + '@smithy/url-parser@4.2.5': + resolution: {integrity: sha512-VaxMGsilqFnK1CeBX+LXnSuaMx4sTL/6znSZh2829txWieazdVxr54HmiyTsIbpOTLcf5nYpq9lpzmwRdxj6rQ==} + engines: {node: '>=18.0.0'} + + '@smithy/util-base64@4.3.0': + resolution: {integrity: sha512-GkXZ59JfyxsIwNTWFnjmFEI8kZpRNIBfxKjv09+nkAWPt/4aGaEWMM04m4sxgNVWkbt2MdSvE3KF/PfX4nFedQ==} + engines: {node: '>=18.0.0'} + + '@smithy/util-body-length-browser@4.2.0': + resolution: {integrity: sha512-Fkoh/I76szMKJnBXWPdFkQJl2r9SjPt3cMzLdOB6eJ4Pnpas8hVoWPYemX/peO0yrrvldgCUVJqOAjUrOLjbxg==} + engines: {node: '>=18.0.0'} + + '@smithy/util-body-length-node@4.2.1': + resolution: {integrity: sha512-h53dz/pISVrVrfxV1iqXlx5pRg3V2YWFcSQyPyXZRrZoZj4R4DeWRDo1a7dd3CPTcFi3kE+98tuNyD2axyZReA==} + engines: {node: '>=18.0.0'} + + '@smithy/util-buffer-from@2.2.0': + resolution: {integrity: sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==} + engines: {node: '>=14.0.0'} + + '@smithy/util-buffer-from@4.2.0': + resolution: {integrity: sha512-kAY9hTKulTNevM2nlRtxAG2FQ3B2OR6QIrPY3zE5LqJy1oxzmgBGsHLWTcNhWXKchgA0WHW+mZkQrng/pgcCew==} + engines: {node: '>=18.0.0'} + + '@smithy/util-config-provider@4.2.0': + resolution: {integrity: sha512-YEjpl6XJ36FTKmD+kRJJWYvrHeUvm5ykaUS5xK+6oXffQPHeEM4/nXlZPe+Wu0lsgRUcNZiliYNh/y7q9c2y6Q==} + engines: {node: '>=18.0.0'} + + '@smithy/util-defaults-mode-browser@4.3.9': + resolution: {integrity: sha512-Bh5bU40BgdkXE2BcaNazhNtEXi1TC0S+1d84vUwv5srWfvbeRNUKFzwKQgC6p6MXPvEgw+9+HdX3pOwT6ut5aw==} + engines: {node: '>=18.0.0'} + + '@smithy/util-defaults-mode-node@4.2.12': + resolution: {integrity: sha512-EHZwe1E9Q7umImIyCKQg/Cm+S+7rjXxCRvfGmKifqwYvn7M8M4ZcowwUOQzvuuxUUmdzCkqL0Eq0z1m74Pq6pw==} + engines: {node: '>=18.0.0'} + + '@smithy/util-endpoints@3.2.5': + resolution: {integrity: sha512-3O63AAWu2cSNQZp+ayl9I3NapW1p1rR5mlVHcF6hAB1dPZUQFfRPYtplWX/3xrzWthPGj5FqB12taJJCfH6s8A==} + engines: {node: '>=18.0.0'} + + '@smithy/util-hex-encoding@4.2.0': + resolution: {integrity: sha512-CCQBwJIvXMLKxVbO88IukazJD9a4kQ9ZN7/UMGBjBcJYvatpWk+9g870El4cB8/EJxfe+k+y0GmR9CAzkF+Nbw==} + engines: {node: '>=18.0.0'} + + '@smithy/util-middleware@4.2.5': + resolution: {integrity: sha512-6Y3+rvBF7+PZOc40ybeZMcGln6xJGVeY60E7jy9Mv5iKpMJpHgRE6dKy9ScsVxvfAYuEX4Q9a65DQX90KaQ3bA==} + engines: {node: '>=18.0.0'} + + '@smithy/util-retry@4.2.5': + resolution: {integrity: sha512-GBj3+EZBbN4NAqJ/7pAhsXdfzdlznOh8PydUijy6FpNIMnHPSMO2/rP4HKu+UFeikJxShERk528oy7GT79YiJg==} + engines: {node: '>=18.0.0'} + + '@smithy/util-stream@4.5.6': + resolution: {integrity: sha512-qWw/UM59TiaFrPevefOZ8CNBKbYEP6wBAIlLqxn3VAIo9rgnTNc4ASbVrqDmhuwI87usnjhdQrxodzAGFFzbRQ==} + engines: {node: '>=18.0.0'} + + '@smithy/util-uri-escape@4.2.0': + resolution: {integrity: sha512-igZpCKV9+E/Mzrpq6YacdTQ0qTiLm85gD6N/IrmyDvQFA4UnU3d5g3m8tMT/6zG/vVkWSU+VxeUyGonL62DuxA==} + engines: {node: '>=18.0.0'} + + '@smithy/util-utf8@2.3.0': + resolution: {integrity: sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==} + engines: {node: '>=14.0.0'} + + '@smithy/util-utf8@4.2.0': + resolution: {integrity: sha512-zBPfuzoI8xyBtR2P6WQj63Rz8i3AmfAaJLuNG8dWsfvPe8lO4aCPYLn879mEgHndZH1zQ2oXmG8O1GGzzaoZiw==} + engines: {node: '>=18.0.0'} + + '@smithy/uuid@1.1.0': + resolution: {integrity: sha512-4aUIteuyxtBUhVdiQqcDhKFitwfd9hqoSDYY2KRXiWtgoWJ9Bmise+KfEPDiVHWeJepvF8xJO9/9+WDIciMFFw==} + engines: {node: '>=18.0.0'} + '@tokenizer/inflate@0.2.7': resolution: {integrity: sha512-MADQgmZT1eKjp06jpI2yozxaU9uVs4GzzgSL+uEq7bVcJ9V1ZXQkeGNql1fsSI0gMy1vhvNTNbUqrx+pZfJVmg==} engines: {node: '>=18'} @@ -1000,6 +1370,9 @@ packages: '@types/node@22.18.6': resolution: {integrity: sha512-r8uszLPpeIWbNKtvWRt/DbVi5zbqZyj1PTmhRMqBMvDnaz1QpmSKujUtJLrqGZeoM8v72MfYggDceY4K1itzWQ==} + '@types/nodemailer@7.0.3': + resolution: {integrity: sha512-fC8w49YQ868IuPWRXqPfLf+MuTRex5Z1qxMoG8rr70riqqbOp2F5xgOKE9fODEBPzpnvjkJXFgK6IL2xgMSTnA==} + '@types/oauth@0.9.6': resolution: {integrity: sha512-H9TRCVKBNOhZZmyHLqFt9drPM9l+ShWiqqJijU1B8P3DX3ub84NjxDuy+Hjrz+fEca5Kwip3qPMKNyiLgNJtIA==} @@ -1362,6 +1735,9 @@ packages: resolution: {integrity: sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==} engines: {node: '>=18'} + bowser@2.12.1: + resolution: {integrity: sha512-z4rE2Gxh7tvshQ4hluIT7XcFrgLIQaw9X3A+kTTRdovCz5PMukm/0QC/BKSYPj3omF5Qfypn9O/c5kgpmvYUCw==} + brace-expansion@1.1.12: resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==} @@ -1915,6 +2291,10 @@ packages: fast-uri@3.1.0: resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==} + fast-xml-parser@5.2.5: + resolution: {integrity: sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==} + hasBin: true + fastq@1.19.1: resolution: {integrity: sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==} @@ -2767,6 +3147,10 @@ packages: node-releases@2.0.21: resolution: {integrity: sha512-5b0pgg78U3hwXkCM8Z9b2FJdPZlr9Psr9V2gQPESdGHqbntyFJKFW4r5TeWGFzafGY3hzs1JC62VEQMbl1JFkw==} + nodemailer@7.0.10: + resolution: {integrity: sha512-Us/Se1WtT0ylXgNFfyFSx4LElllVLJXQjWi2Xz17xWw7amDKO2MLtFnVp1WACy7GkVGs+oBlRopVNUzlrGSw1w==} + engines: {node: '>=6.0.0'} + normalize-path@3.0.0: resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} engines: {node: '>=0.10.0'} @@ -3249,6 +3633,9 @@ packages: '@types/node': optional: true + strnum@2.1.1: + resolution: {integrity: sha512-7ZvoFTiCnGxBtDqJ//Cu6fWtZtc7Y3x+QOirG15wztbdngGSkht27o2pyGWrVy0b4WAy3jbKmnoK6g5VlVNUUw==} + strtok3@10.3.4: resolution: {integrity: sha512-KIy5nylvC5le1OdaaoCJ07L+8iQzJHGH6pWDuzS+d07Cu7n1MZ2x26P8ZKIWfbK02+XIL8Mp4RkWeqdUCrDMfg==} engines: {node: '>=18'} @@ -3668,6 +4055,656 @@ snapshots: transitivePeerDependencies: - chokidar + '@aws-crypto/sha256-browser@5.2.0': + dependencies: + '@aws-crypto/sha256-js': 5.2.0 + '@aws-crypto/supports-web-crypto': 5.2.0 + '@aws-crypto/util': 5.2.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-locate-window': 3.893.0 + '@smithy/util-utf8': 2.3.0 + tslib: 2.8.1 + + '@aws-crypto/sha256-js@5.2.0': + dependencies: + '@aws-crypto/util': 5.2.0 + '@aws-sdk/types': 3.930.0 + tslib: 2.8.1 + + '@aws-crypto/supports-web-crypto@5.2.0': + dependencies: + tslib: 2.8.1 + + '@aws-crypto/util@5.2.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@smithy/util-utf8': 2.3.0 + tslib: 2.8.1 + + '@aws-sdk/client-sesv2@3.930.0': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.930.0 + '@aws-sdk/credential-provider-node': 3.930.0 + '@aws-sdk/middleware-host-header': 3.930.0 + '@aws-sdk/middleware-logger': 3.930.0 + '@aws-sdk/middleware-recursion-detection': 3.930.0 + '@aws-sdk/middleware-user-agent': 3.930.0 + '@aws-sdk/region-config-resolver': 3.930.0 + '@aws-sdk/signature-v4-multi-region': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@aws-sdk/util-user-agent-browser': 3.930.0 + '@aws-sdk/util-user-agent-node': 3.930.0 + '@smithy/config-resolver': 4.4.3 + '@smithy/core': 3.18.3 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/hash-node': 4.2.5 + '@smithy/invalid-dependency': 4.2.5 + '@smithy/middleware-content-length': 4.2.5 + '@smithy/middleware-endpoint': 4.3.10 + '@smithy/middleware-retry': 4.4.10 + '@smithy/middleware-serde': 4.2.5 + '@smithy/middleware-stack': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/node-http-handler': 4.4.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-base64': 4.3.0 + '@smithy/util-body-length-browser': 4.2.0 + '@smithy/util-body-length-node': 4.2.1 + '@smithy/util-defaults-mode-browser': 4.3.9 + '@smithy/util-defaults-mode-node': 4.2.12 + '@smithy/util-endpoints': 3.2.5 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-retry': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/client-sns@3.932.0': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.932.0 + '@aws-sdk/credential-provider-node': 3.932.0 + '@aws-sdk/middleware-host-header': 3.930.0 + '@aws-sdk/middleware-logger': 3.930.0 + '@aws-sdk/middleware-recursion-detection': 3.930.0 + '@aws-sdk/middleware-user-agent': 3.932.0 + '@aws-sdk/region-config-resolver': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@aws-sdk/util-user-agent-browser': 3.930.0 + '@aws-sdk/util-user-agent-node': 3.932.0 + '@smithy/config-resolver': 4.4.3 + '@smithy/core': 3.18.3 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/hash-node': 4.2.5 + '@smithy/invalid-dependency': 4.2.5 + '@smithy/middleware-content-length': 4.2.5 + '@smithy/middleware-endpoint': 4.3.10 + '@smithy/middleware-retry': 4.4.10 + '@smithy/middleware-serde': 4.2.5 + '@smithy/middleware-stack': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/node-http-handler': 4.4.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-base64': 4.3.0 + '@smithy/util-body-length-browser': 4.2.0 + '@smithy/util-body-length-node': 4.2.1 + '@smithy/util-defaults-mode-browser': 4.3.9 + '@smithy/util-defaults-mode-node': 4.2.12 + '@smithy/util-endpoints': 3.2.5 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-retry': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/client-sso@3.930.0': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.930.0 + '@aws-sdk/middleware-host-header': 3.930.0 + '@aws-sdk/middleware-logger': 3.930.0 + '@aws-sdk/middleware-recursion-detection': 3.930.0 + '@aws-sdk/middleware-user-agent': 3.930.0 + '@aws-sdk/region-config-resolver': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@aws-sdk/util-user-agent-browser': 3.930.0 + '@aws-sdk/util-user-agent-node': 3.930.0 + '@smithy/config-resolver': 4.4.3 + '@smithy/core': 3.18.3 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/hash-node': 4.2.5 + '@smithy/invalid-dependency': 4.2.5 + '@smithy/middleware-content-length': 4.2.5 + '@smithy/middleware-endpoint': 4.3.10 + '@smithy/middleware-retry': 4.4.10 + '@smithy/middleware-serde': 4.2.5 + '@smithy/middleware-stack': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/node-http-handler': 4.4.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-base64': 4.3.0 + '@smithy/util-body-length-browser': 4.2.0 + '@smithy/util-body-length-node': 4.2.1 + '@smithy/util-defaults-mode-browser': 4.3.9 + '@smithy/util-defaults-mode-node': 4.2.12 + '@smithy/util-endpoints': 3.2.5 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-retry': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/client-sso@3.932.0': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.932.0 + '@aws-sdk/middleware-host-header': 3.930.0 + '@aws-sdk/middleware-logger': 3.930.0 + '@aws-sdk/middleware-recursion-detection': 3.930.0 + '@aws-sdk/middleware-user-agent': 3.932.0 + '@aws-sdk/region-config-resolver': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@aws-sdk/util-user-agent-browser': 3.930.0 + '@aws-sdk/util-user-agent-node': 3.932.0 + '@smithy/config-resolver': 4.4.3 + '@smithy/core': 3.18.3 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/hash-node': 4.2.5 + '@smithy/invalid-dependency': 4.2.5 + '@smithy/middleware-content-length': 4.2.5 + '@smithy/middleware-endpoint': 4.3.10 + '@smithy/middleware-retry': 4.4.10 + '@smithy/middleware-serde': 4.2.5 + '@smithy/middleware-stack': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/node-http-handler': 4.4.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-base64': 4.3.0 + '@smithy/util-body-length-browser': 4.2.0 + '@smithy/util-body-length-node': 4.2.1 + '@smithy/util-defaults-mode-browser': 4.3.9 + '@smithy/util-defaults-mode-node': 4.2.12 + '@smithy/util-endpoints': 3.2.5 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-retry': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/core@3.930.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@aws-sdk/xml-builder': 3.930.0 + '@smithy/core': 3.18.3 + '@smithy/node-config-provider': 4.3.5 + '@smithy/property-provider': 4.2.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/signature-v4': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/util-base64': 4.3.0 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + + '@aws-sdk/core@3.932.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@aws-sdk/xml-builder': 3.930.0 + '@smithy/core': 3.18.3 + '@smithy/node-config-provider': 4.3.5 + '@smithy/property-provider': 4.2.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/signature-v4': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/util-base64': 4.3.0 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + + '@aws-sdk/credential-provider-env@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/credential-provider-env@3.932.0': + dependencies: + '@aws-sdk/core': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/credential-provider-http@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/node-http-handler': 4.4.5 + '@smithy/property-provider': 4.2.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/util-stream': 4.5.6 + tslib: 2.8.1 + + '@aws-sdk/credential-provider-http@3.932.0': + dependencies: + '@aws-sdk/core': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/node-http-handler': 4.4.5 + '@smithy/property-provider': 4.2.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/util-stream': 4.5.6 + tslib: 2.8.1 + + '@aws-sdk/credential-provider-ini@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/credential-provider-env': 3.930.0 + '@aws-sdk/credential-provider-http': 3.930.0 + '@aws-sdk/credential-provider-process': 3.930.0 + '@aws-sdk/credential-provider-sso': 3.930.0 + '@aws-sdk/credential-provider-web-identity': 3.930.0 + '@aws-sdk/nested-clients': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/credential-provider-imds': 4.2.5 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/credential-provider-ini@3.932.0': + dependencies: + '@aws-sdk/core': 3.932.0 + '@aws-sdk/credential-provider-env': 3.932.0 + '@aws-sdk/credential-provider-http': 3.932.0 + '@aws-sdk/credential-provider-process': 3.932.0 + '@aws-sdk/credential-provider-sso': 3.932.0 + '@aws-sdk/credential-provider-web-identity': 3.932.0 + '@aws-sdk/nested-clients': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/credential-provider-imds': 4.2.5 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/credential-provider-node@3.930.0': + dependencies: + '@aws-sdk/credential-provider-env': 3.930.0 + '@aws-sdk/credential-provider-http': 3.930.0 + '@aws-sdk/credential-provider-ini': 3.930.0 + '@aws-sdk/credential-provider-process': 3.930.0 + '@aws-sdk/credential-provider-sso': 3.930.0 + '@aws-sdk/credential-provider-web-identity': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/credential-provider-imds': 4.2.5 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/credential-provider-node@3.932.0': + dependencies: + '@aws-sdk/credential-provider-env': 3.932.0 + '@aws-sdk/credential-provider-http': 3.932.0 + '@aws-sdk/credential-provider-ini': 3.932.0 + '@aws-sdk/credential-provider-process': 3.932.0 + '@aws-sdk/credential-provider-sso': 3.932.0 + '@aws-sdk/credential-provider-web-identity': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/credential-provider-imds': 4.2.5 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/credential-provider-process@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/credential-provider-process@3.932.0': + dependencies: + '@aws-sdk/core': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/credential-provider-sso@3.930.0': + dependencies: + '@aws-sdk/client-sso': 3.930.0 + '@aws-sdk/core': 3.930.0 + '@aws-sdk/token-providers': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/credential-provider-sso@3.932.0': + dependencies: + '@aws-sdk/client-sso': 3.932.0 + '@aws-sdk/core': 3.932.0 + '@aws-sdk/token-providers': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/credential-provider-web-identity@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/nested-clients': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/credential-provider-web-identity@3.932.0': + dependencies: + '@aws-sdk/core': 3.932.0 + '@aws-sdk/nested-clients': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/middleware-host-header@3.930.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/middleware-logger@3.930.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/middleware-recursion-detection@3.930.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@aws/lambda-invoke-store': 0.1.1 + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/middleware-sdk-s3@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-arn-parser': 3.893.0 + '@smithy/core': 3.18.3 + '@smithy/node-config-provider': 4.3.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/signature-v4': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/util-config-provider': 4.2.0 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-stream': 4.5.6 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + + '@aws-sdk/middleware-user-agent@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@smithy/core': 3.18.3 + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/middleware-user-agent@3.932.0': + dependencies: + '@aws-sdk/core': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@smithy/core': 3.18.3 + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/nested-clients@3.930.0': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.930.0 + '@aws-sdk/middleware-host-header': 3.930.0 + '@aws-sdk/middleware-logger': 3.930.0 + '@aws-sdk/middleware-recursion-detection': 3.930.0 + '@aws-sdk/middleware-user-agent': 3.930.0 + '@aws-sdk/region-config-resolver': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@aws-sdk/util-user-agent-browser': 3.930.0 + '@aws-sdk/util-user-agent-node': 3.930.0 + '@smithy/config-resolver': 4.4.3 + '@smithy/core': 3.18.3 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/hash-node': 4.2.5 + '@smithy/invalid-dependency': 4.2.5 + '@smithy/middleware-content-length': 4.2.5 + '@smithy/middleware-endpoint': 4.3.10 + '@smithy/middleware-retry': 4.4.10 + '@smithy/middleware-serde': 4.2.5 + '@smithy/middleware-stack': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/node-http-handler': 4.4.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-base64': 4.3.0 + '@smithy/util-body-length-browser': 4.2.0 + '@smithy/util-body-length-node': 4.2.1 + '@smithy/util-defaults-mode-browser': 4.3.9 + '@smithy/util-defaults-mode-node': 4.2.12 + '@smithy/util-endpoints': 3.2.5 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-retry': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/nested-clients@3.932.0': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.932.0 + '@aws-sdk/middleware-host-header': 3.930.0 + '@aws-sdk/middleware-logger': 3.930.0 + '@aws-sdk/middleware-recursion-detection': 3.930.0 + '@aws-sdk/middleware-user-agent': 3.932.0 + '@aws-sdk/region-config-resolver': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@aws-sdk/util-endpoints': 3.930.0 + '@aws-sdk/util-user-agent-browser': 3.930.0 + '@aws-sdk/util-user-agent-node': 3.932.0 + '@smithy/config-resolver': 4.4.3 + '@smithy/core': 3.18.3 + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/hash-node': 4.2.5 + '@smithy/invalid-dependency': 4.2.5 + '@smithy/middleware-content-length': 4.2.5 + '@smithy/middleware-endpoint': 4.3.10 + '@smithy/middleware-retry': 4.4.10 + '@smithy/middleware-serde': 4.2.5 + '@smithy/middleware-stack': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/node-http-handler': 4.4.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-base64': 4.3.0 + '@smithy/util-body-length-browser': 4.2.0 + '@smithy/util-body-length-node': 4.2.1 + '@smithy/util-defaults-mode-browser': 4.3.9 + '@smithy/util-defaults-mode-node': 4.2.12 + '@smithy/util-endpoints': 3.2.5 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-retry': 4.2.5 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/region-config-resolver@3.930.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@smithy/config-resolver': 4.4.3 + '@smithy/node-config-provider': 4.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/signature-v4-multi-region@3.930.0': + dependencies: + '@aws-sdk/middleware-sdk-s3': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/protocol-http': 5.3.5 + '@smithy/signature-v4': 5.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/token-providers@3.930.0': + dependencies: + '@aws-sdk/core': 3.930.0 + '@aws-sdk/nested-clients': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/token-providers@3.932.0': + dependencies: + '@aws-sdk/core': 3.932.0 + '@aws-sdk/nested-clients': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + + '@aws-sdk/types@3.930.0': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/util-arn-parser@3.893.0': + dependencies: + tslib: 2.8.1 + + '@aws-sdk/util-endpoints@3.930.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-endpoints': 3.2.5 + tslib: 2.8.1 + + '@aws-sdk/util-locate-window@3.893.0': + dependencies: + tslib: 2.8.1 + + '@aws-sdk/util-user-agent-browser@3.930.0': + dependencies: + '@aws-sdk/types': 3.930.0 + '@smithy/types': 4.9.0 + bowser: 2.12.1 + tslib: 2.8.1 + + '@aws-sdk/util-user-agent-node@3.930.0': + dependencies: + '@aws-sdk/middleware-user-agent': 3.930.0 + '@aws-sdk/types': 3.930.0 + '@smithy/node-config-provider': 4.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/util-user-agent-node@3.932.0': + dependencies: + '@aws-sdk/middleware-user-agent': 3.932.0 + '@aws-sdk/types': 3.930.0 + '@smithy/node-config-provider': 4.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@aws-sdk/xml-builder@3.930.0': + dependencies: + '@smithy/types': 4.9.0 + fast-xml-parser: 5.2.5 + tslib: 2.8.1 + + '@aws/lambda-invoke-store@0.1.1': {} + '@babel/code-frame@7.27.1': dependencies: '@babel/helper-validator-identifier': 7.27.1 @@ -4492,6 +5529,280 @@ snapshots: dependencies: '@sinonjs/commons': 3.0.1 + '@smithy/abort-controller@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/config-resolver@4.4.3': + dependencies: + '@smithy/node-config-provider': 4.3.5 + '@smithy/types': 4.9.0 + '@smithy/util-config-provider': 4.2.0 + '@smithy/util-endpoints': 3.2.5 + '@smithy/util-middleware': 4.2.5 + tslib: 2.8.1 + + '@smithy/core@3.18.3': + dependencies: + '@smithy/middleware-serde': 4.2.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + '@smithy/util-base64': 4.3.0 + '@smithy/util-body-length-browser': 4.2.0 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-stream': 4.5.6 + '@smithy/util-utf8': 4.2.0 + '@smithy/uuid': 1.1.0 + tslib: 2.8.1 + + '@smithy/credential-provider-imds@4.2.5': + dependencies: + '@smithy/node-config-provider': 4.3.5 + '@smithy/property-provider': 4.2.5 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + tslib: 2.8.1 + + '@smithy/fetch-http-handler@5.3.6': + dependencies: + '@smithy/protocol-http': 5.3.5 + '@smithy/querystring-builder': 4.2.5 + '@smithy/types': 4.9.0 + '@smithy/util-base64': 4.3.0 + tslib: 2.8.1 + + '@smithy/hash-node@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + '@smithy/util-buffer-from': 4.2.0 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + + '@smithy/invalid-dependency@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/is-array-buffer@2.2.0': + dependencies: + tslib: 2.8.1 + + '@smithy/is-array-buffer@4.2.0': + dependencies: + tslib: 2.8.1 + + '@smithy/middleware-content-length@4.2.5': + dependencies: + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/middleware-endpoint@4.3.10': + dependencies: + '@smithy/core': 3.18.3 + '@smithy/middleware-serde': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + '@smithy/url-parser': 4.2.5 + '@smithy/util-middleware': 4.2.5 + tslib: 2.8.1 + + '@smithy/middleware-retry@4.4.10': + dependencies: + '@smithy/node-config-provider': 4.3.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/service-error-classification': 4.2.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-retry': 4.2.5 + '@smithy/uuid': 1.1.0 + tslib: 2.8.1 + + '@smithy/middleware-serde@4.2.5': + dependencies: + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/middleware-stack@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/node-config-provider@4.3.5': + dependencies: + '@smithy/property-provider': 4.2.5 + '@smithy/shared-ini-file-loader': 4.4.0 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/node-http-handler@4.4.5': + dependencies: + '@smithy/abort-controller': 4.2.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/querystring-builder': 4.2.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/property-provider@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/protocol-http@5.3.5': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/querystring-builder@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + '@smithy/util-uri-escape': 4.2.0 + tslib: 2.8.1 + + '@smithy/querystring-parser@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/service-error-classification@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + + '@smithy/shared-ini-file-loader@4.4.0': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/signature-v4@5.3.5': + dependencies: + '@smithy/is-array-buffer': 4.2.0 + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + '@smithy/util-hex-encoding': 4.2.0 + '@smithy/util-middleware': 4.2.5 + '@smithy/util-uri-escape': 4.2.0 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + + '@smithy/smithy-client@4.9.6': + dependencies: + '@smithy/core': 3.18.3 + '@smithy/middleware-endpoint': 4.3.10 + '@smithy/middleware-stack': 4.2.5 + '@smithy/protocol-http': 5.3.5 + '@smithy/types': 4.9.0 + '@smithy/util-stream': 4.5.6 + tslib: 2.8.1 + + '@smithy/types@4.9.0': + dependencies: + tslib: 2.8.1 + + '@smithy/url-parser@4.2.5': + dependencies: + '@smithy/querystring-parser': 4.2.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/util-base64@4.3.0': + dependencies: + '@smithy/util-buffer-from': 4.2.0 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + + '@smithy/util-body-length-browser@4.2.0': + dependencies: + tslib: 2.8.1 + + '@smithy/util-body-length-node@4.2.1': + dependencies: + tslib: 2.8.1 + + '@smithy/util-buffer-from@2.2.0': + dependencies: + '@smithy/is-array-buffer': 2.2.0 + tslib: 2.8.1 + + '@smithy/util-buffer-from@4.2.0': + dependencies: + '@smithy/is-array-buffer': 4.2.0 + tslib: 2.8.1 + + '@smithy/util-config-provider@4.2.0': + dependencies: + tslib: 2.8.1 + + '@smithy/util-defaults-mode-browser@4.3.9': + dependencies: + '@smithy/property-provider': 4.2.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/util-defaults-mode-node@4.2.12': + dependencies: + '@smithy/config-resolver': 4.4.3 + '@smithy/credential-provider-imds': 4.2.5 + '@smithy/node-config-provider': 4.3.5 + '@smithy/property-provider': 4.2.5 + '@smithy/smithy-client': 4.9.6 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/util-endpoints@3.2.5': + dependencies: + '@smithy/node-config-provider': 4.3.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/util-hex-encoding@4.2.0': + dependencies: + tslib: 2.8.1 + + '@smithy/util-middleware@4.2.5': + dependencies: + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/util-retry@4.2.5': + dependencies: + '@smithy/service-error-classification': 4.2.5 + '@smithy/types': 4.9.0 + tslib: 2.8.1 + + '@smithy/util-stream@4.5.6': + dependencies: + '@smithy/fetch-http-handler': 5.3.6 + '@smithy/node-http-handler': 4.4.5 + '@smithy/types': 4.9.0 + '@smithy/util-base64': 4.3.0 + '@smithy/util-buffer-from': 4.2.0 + '@smithy/util-hex-encoding': 4.2.0 + '@smithy/util-utf8': 4.2.0 + tslib: 2.8.1 + + '@smithy/util-uri-escape@4.2.0': + dependencies: + tslib: 2.8.1 + + '@smithy/util-utf8@2.3.0': + dependencies: + '@smithy/util-buffer-from': 2.2.0 + tslib: 2.8.1 + + '@smithy/util-utf8@4.2.0': + dependencies: + '@smithy/util-buffer-from': 4.2.0 + tslib: 2.8.1 + + '@smithy/uuid@1.1.0': + dependencies: + tslib: 2.8.1 + '@tokenizer/inflate@0.2.7': dependencies: debug: 4.4.3 @@ -4621,6 +5932,13 @@ snapshots: dependencies: undici-types: 6.21.0 + '@types/nodemailer@7.0.3': + dependencies: + '@aws-sdk/client-sesv2': 3.930.0 + '@types/node': 22.18.6 + transitivePeerDependencies: + - aws-crt + '@types/oauth@0.9.6': dependencies: '@types/node': 22.18.6 @@ -5075,6 +6393,8 @@ snapshots: transitivePeerDependencies: - supports-color + bowser@2.12.1: {} + brace-expansion@1.1.12: dependencies: balanced-match: 1.0.2 @@ -5605,6 +6925,10 @@ snapshots: fast-uri@3.1.0: {} + fast-xml-parser@5.2.5: + dependencies: + strnum: 2.1.1 + fastq@1.19.1: dependencies: reusify: 1.1.0 @@ -6640,6 +7964,8 @@ snapshots: node-releases@2.0.21: {} + nodemailer@7.0.10: {} + normalize-path@3.0.0: {} npm-run-path@4.0.1: @@ -7105,6 +8431,8 @@ snapshots: optionalDependencies: '@types/node': 22.18.6 + strnum@2.1.1: {} + strtok3@10.3.4: dependencies: '@tokenizer/token': 0.3.0 diff --git a/src/modules/setting/README.md b/src/modules/setting/README.md new file mode 100644 index 00000000..5c1bba14 --- /dev/null +++ b/src/modules/setting/README.md @@ -0,0 +1,258 @@ +# Verification Module - 模块化设计文档 + +## 概述 + +此验证模块采用模块化设计,具有高度的可复用性和可扩展性。其他同事可以在自己的模块中轻松复用验证功能,或替换不同的服务提供商(如 Twilio、SendGrid 等)。 + +## 模块结构 + +``` +setting/ +├── interfaces/ +│ ├── email-verification.interface.ts # 邮件验证服务接口 +│ └── sms-verification.interface.ts # SMS 验证服务接口 +├── helpers/ +│ ├── verification-code.util.ts # 验证码生成、哈希、验证工具 +│ ├── phone-number.util.ts # 电话号码格式化工具 +│ └── email-template.util.ts # 邮件模板生成工具 +├── aws-ses-email-verification.service.ts # AWS SES 邮件服务实现 +├── aws-sns-sms-verification.service.ts # AWS SNS SMS 服务实现 +├── verification.service.ts # 核心验证业务逻辑 +├── verification.controller.ts # API 控制器 +└── README.md # 本文档 +``` + +## 核心特性 + +### 1. 接口抽象层 + +所有服务都实现了统一的接口,便于替换不同的提供商: + +- **`IEmailVerificationService`** - 邮件验证服务接口 +- **`ISmsVerificationService`** - SMS 验证服务接口 + +### 2. 可复用工具函数 + +- **`verification-code.util.ts`** - 验证码相关工具: + - `generateNumericCode()` - 生成数字验证码 + - `hashVerificationCode()` - 哈希验证码(用于安全存储) + - `verifyVerificationCode()` - 验证验证码 + +- **`phone-number.util.ts`** - 电话号码工具: + - `formatPhoneNumberToE164()` - 格式化为 E.164 格式 + - `normalizePhoneNumber()` - 标准化电话号码 + - `isValidPhoneNumber()` - 验证电话号码有效性 + +- **`email-template.util.ts`** - 邮件模板工具: + - `generateVerificationEmailHtml()` - 生成 HTML 邮件模板 + - `generateVerificationEmailText()` - 生成纯文本邮件模板 + +### 3. Mock 模式支持 + +当 AWS 凭证未配置时,所有服务自动进入 Mock 模式,便于开发和测试。 + +## 使用示例 + +### 在其他模块中使用验证服务 + +#### 方式 1: 使用接口注入(推荐) + +```typescript +import { Injectable, Inject } from '@nestjs/common'; +import { IEmailVerificationService } from '@/modules/setting/interfaces/email-verification.interface'; +import { ISmsVerificationService } from '@/modules/setting/interfaces/sms-verification.interface'; +import { generateNumericCode } from '@/modules/setting/helpers/verification-code.util'; + +@Injectable() +export class YourService { + constructor( + @Inject('IEmailVerificationService') + private readonly emailService: IEmailVerificationService, + @Inject('ISmsVerificationService') + private readonly smsService: ISmsVerificationService, + ) {} + + async sendVerification(userEmail: string, userPhone: string) { + // 生成验证码 + const code = generateNumericCode(); + + // 发送邮件验证码 + await this.emailService.sendVerificationCode(userEmail, code); + + // 发送 SMS 验证码 + await this.smsService.sendVerificationCode(userPhone, code); + } +} +``` + +#### 方式 2: 直接使用工具函数 + +```typescript +import { generateNumericCode, hashVerificationCode } from '@/modules/setting/helpers/verification-code.util'; +import { formatPhoneNumberToE164 } from '@/modules/setting/helpers/phone-number.util'; + +// 生成验证码 +const code = generateNumericCode({ length: 6 }); + +// 哈希验证码用于存储 +const hashedCode = await hashVerificationCode(code); + +// 格式化电话号码 +const formattedPhone = formatPhoneNumberToE164('0491050908'); +// 结果: +61491050908 +``` + +### 替换服务提供商 + +如果需要替换 AWS SES 或 SNS(例如使用 Twilio 或 SendGrid),只需: + +#### 1. 创建新的服务实现 + +```typescript +// twilio-sms-verification.service.ts +import { Injectable } from '@nestjs/common'; +import { ISmsVerificationService } from './interfaces/sms-verification.interface'; +import { Twilio } from 'twilio'; + +@Injectable() +export class TwilioSmsVerificationService implements ISmsVerificationService { + private twilioClient: Twilio; + + constructor(private readonly configService: ConfigService) { + this.twilioClient = new Twilio( + configService.get('TWILIO_ACCOUNT_SID'), + configService.get('TWILIO_AUTH_TOKEN'), + ); + } + + async sendVerificationCode(phoneNumber: string, code: string): Promise { + await this.twilioClient.messages.create({ + body: `Your verification code is: ${code}`, + to: phoneNumber, + from: this.configService.get('TWILIO_PHONE_NUMBER'), + }); + } +} +``` + +#### 2. 更新模块配置 + +```typescript +// your-module.module.ts +@Module({ + providers: [ + { + provide: 'ISmsVerificationService', + useClass: TwilioSmsVerificationService, // 替换为新的实现 + }, + ], +}) +export class YourModule {} +``` + +### 自定义邮件模板 + +```typescript +import { generateVerificationEmailHtml } from '@/modules/setting/helpers/email-template.util'; + +// 自定义模板选项 +const htmlEmail = generateVerificationEmailHtml({ + appName: 'YourApp', + verificationCode: '123456', + firstName: 'John', + expirationMinutes: 15, // 自定义过期时间 +}); +``` + +## 依赖注入配置 + +在 `setting.module.ts` 中,服务通过接口 token 注册: + +```typescript +providers: [ + { + provide: 'IEmailVerificationService', + useClass: AwsSesEmailVerificationService, + }, + { + provide: 'ISmsVerificationService', + useClass: AwsSnsSmsVerificationService, + }, +] +``` + +这样设计的好处: +- **松耦合**:业务逻辑层不依赖具体实现 +- **易测试**:可以轻松注入 Mock 服务进行单元测试 +- **易扩展**:替换服务提供商只需修改模块配置 + +## 环境变量配置 + +```bash +# AWS 凭证(可选,未配置时使用 Mock 模式) +AWS_ACCESS_KEY_ID=your_access_key +AWS_SECRET_ACCESS_KEY=your_secret_key +AWS_REGION=ap-southeast-2 + +# SES 配置 +SES_FROM=noreply@yourdomain.com + +# 应用配置 +APP_NAME=DispatchAI + +# 验证码配置(可选,有默认值) +VERIFICATION_EMAIL_TTL_SECONDS=600 +VERIFICATION_EMAIL_RESEND_SECONDS=60 +VERIFICATION_EMAIL_MAX_ATTEMPTS=5 +VERIFICATION_SMS_TTL_SECONDS=600 +VERIFICATION_SMS_RESEND_SECONDS=60 +VERIFICATION_SMS_MAX_ATTEMPTS=5 +``` + +## 设计原则 + +1. **单一职责原则**:每个服务和工具函数只负责一个明确的功能 +2. **依赖倒置原则**:依赖接口而非具体实现 +3. **开放封闭原则**:对扩展开放,对修改封闭(可扩展新实现,无需修改现有代码) +4. **接口隔离原则**:接口设计简洁,只包含必要的方法 + +## 测试建议 + +```typescript +// 单元测试示例 +describe('YourService', () => { + let service: YourService; + let emailService: jest.Mocked; + let smsService: jest.Mocked; + + beforeEach(() => { + emailService = { + sendVerificationCode: jest.fn(), + }; + smsService = { + sendVerificationCode: jest.fn(), + }; + + service = new YourService(emailService, smsService); + }); + + it('should send verification codes', async () => { + await service.sendVerification('test@example.com', '+61491050908'); + + expect(emailService.sendVerificationCode).toHaveBeenCalled(); + expect(smsService.sendVerificationCode).toHaveBeenCalled(); + }); +}); +``` + +## 总结 + +此验证模块经过精心设计,具有: +- ✅ **高度模块化**:清晰的职责分离 +- ✅ **易于复用**:工具函数和服务可在其他模块直接使用 +- ✅ **易于扩展**:通过接口抽象,可轻松替换服务提供商 +- ✅ **易于测试**:支持 Mock 模式,便于单元测试 +- ✅ **配置灵活**:支持环境变量配置和默认值 + +其他同事可以根据自己的需求,灵活使用工具函数、服务接口或完整服务,无需修改核心代码。 + diff --git a/src/modules/setting/aws-ses-email-verification.service.ts b/src/modules/setting/aws-ses-email-verification.service.ts new file mode 100644 index 00000000..c39793b1 --- /dev/null +++ b/src/modules/setting/aws-ses-email-verification.service.ts @@ -0,0 +1,117 @@ +import { SendEmailCommand, SESv2Client } from '@aws-sdk/client-sesv2'; +import { Injectable, Logger } from '@nestjs/common'; +import { ConfigService } from '@nestjs/config'; + +import { IEmailVerificationService } from './interfaces/email-verification.interface.js'; +import { + generateVerificationEmailHtml, + generateVerificationEmailText, +} from './helpers/email-template.util.js'; + +@Injectable() +export class AwsSesEmailVerificationService implements IEmailVerificationService { + private readonly logger = new Logger(AwsSesEmailVerificationService.name); + private readonly sesClient: SESv2Client; + private readonly region: string; + private readonly emailFrom: string; + private readonly appName: string; + + constructor(private readonly configService: ConfigService) { + this.region = this.configService.get('AWS_REGION') ?? 'ap-southeast-2'; + this.emailFrom = + this.configService.get('SES_FROM') ?? 'noreply@dispatchai.com'; + this.appName = this.configService.get('APP_NAME') ?? 'DispatchAI'; + + const accessKeyId = this.configService.get('AWS_ACCESS_KEY_ID'); + const secretAccessKey = this.configService.get( + 'AWS_SECRET_ACCESS_KEY', + ); + + if (accessKeyId === undefined || secretAccessKey === undefined) { + this.logger.warn( + 'AWS credentials not found in environment variables - using mock mode', + ); + } + + this.sesClient = new SESv2Client({ + region: this.region, + credentials: + accessKeyId !== undefined && secretAccessKey !== undefined + ? { + accessKeyId, + secretAccessKey, + } + : undefined, + }); + } + + async sendVerificationCode( + email: string, + verificationCode: string, + firstName?: string, + ): Promise { + const accessKeyId = this.configService.get('AWS_ACCESS_KEY_ID'); + const secretAccessKey = this.configService.get( + 'AWS_SECRET_ACCESS_KEY', + ); + + // If no API key, use mock mode for testing + if (accessKeyId === undefined || secretAccessKey === undefined) { + this.logger.log( + `[MOCK MODE] Verification email would be sent to ${email} with code: ${verificationCode}`, + ); + return; + } + + try { + const command = new SendEmailCommand({ + FromEmailAddress: this.emailFrom, + Destination: { + ToAddresses: [email], + }, + Content: { + Simple: { + Subject: { + Data: 'DispatchAI Email Verification Code', + }, + Body: { + Text: { + Data: generateVerificationEmailText({ + appName: this.appName, + verificationCode, + firstName, + expirationMinutes: 10, + }), + }, + Html: { + Data: generateVerificationEmailHtml({ + appName: this.appName, + verificationCode, + firstName, + expirationMinutes: 10, + }), + }, + }, + }, + }, + }); + + const result = await this.sesClient.send(command); + + this.logger.log( + `Verification email sent to ${email}: ${String(result.MessageId ?? 'unknown')}`, + ); + } catch (error) { + this.logger.error( + `Failed to send verification email to ${email}:`, + error instanceof Error ? error.stack : undefined, + ); + throw error; + } + } + +} + + + + diff --git a/src/modules/setting/aws-sns-sms-verification.service.ts b/src/modules/setting/aws-sns-sms-verification.service.ts new file mode 100644 index 00000000..41c4cc34 --- /dev/null +++ b/src/modules/setting/aws-sns-sms-verification.service.ts @@ -0,0 +1,88 @@ +import { PublishCommand, SNSClient } from '@aws-sdk/client-sns'; +import { Injectable, Logger } from '@nestjs/common'; +import { ConfigService } from '@nestjs/config'; + +import { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; +import { formatPhoneNumberToE164 } from './helpers/phone-number.util.js'; + +@Injectable() +export class AwsSnsSmsVerificationService implements ISmsVerificationService { + private readonly logger = new Logger(AwsSnsSmsVerificationService.name); + private readonly snsClient: SNSClient; + private readonly region: string; + + constructor(private readonly configService: ConfigService) { + this.region = this.configService.get('AWS_REGION') ?? 'ap-southeast-2'; + + const accessKeyId = this.configService.get('AWS_ACCESS_KEY_ID'); + const secretAccessKey = this.configService.get( + 'AWS_SECRET_ACCESS_KEY', + ); + + if (accessKeyId === undefined || secretAccessKey === undefined) { + this.logger.warn( + 'AWS credentials not found in environment variables - using mock mode', + ); + } + + this.snsClient = new SNSClient({ + region: this.region, + credentials: + accessKeyId !== undefined && secretAccessKey !== undefined + ? { + accessKeyId, + secretAccessKey, + } + : undefined, + }); + } + + async sendVerificationCode( + phoneNumber: string, + verificationCode: string, + ): Promise { + const accessKeyId = this.configService.get('AWS_ACCESS_KEY_ID'); + const secretAccessKey = this.configService.get( + 'AWS_SECRET_ACCESS_KEY', + ); + + // If no API key, use mock mode for testing + if (accessKeyId === undefined || secretAccessKey === undefined) { + this.logger.log( + `[MOCK MODE] SMS verification would be sent to ${phoneNumber} with code: ${verificationCode}`, + ); + return; + } + + try { + // Format phone number to E.164 format if needed + const formattedPhone = formatPhoneNumberToE164(phoneNumber); + + const message = `Your DispatchAI verification code is: ${verificationCode}. This code will expire in 10 minutes.`; + + const command = new PublishCommand({ + Message: message, + PhoneNumber: formattedPhone, + MessageAttributes: { + 'AWS.SNS.SMS.SMSType': { + DataType: 'String', + StringValue: 'Transactional', + }, + }, + }); + + const result = await this.snsClient.send(command); + + this.logger.log( + `SMS verification sent to ${formattedPhone}: ${String(result.MessageId ?? 'unknown')}`, + ); + } catch (error) { + this.logger.error( + `Failed to send SMS verification to ${phoneNumber}:`, + error instanceof Error ? error.stack : undefined, + ); + throw error; + } + } +} + diff --git a/src/modules/setting/helpers/email-template.util.ts b/src/modules/setting/helpers/email-template.util.ts new file mode 100644 index 00000000..73a1cc4f --- /dev/null +++ b/src/modules/setting/helpers/email-template.util.ts @@ -0,0 +1,92 @@ +/** + * Email template generation utilities for verification emails + * These templates can be easily customized or replaced + */ + +export interface EmailTemplateOptions { + appName: string; + verificationCode: string; + firstName?: string; + expirationMinutes?: number; +} + +/** + * Generate HTML email template for verification code + * @param options - Template options + * @returns HTML email body + */ +export function generateVerificationEmailHtml( + options: EmailTemplateOptions, +): string { + const { appName, verificationCode, firstName, expirationMinutes = 10 } = options; + const greeting = firstName ? `Hi ${firstName},` : 'Hi there,'; + + return ` + + + + + + Email Verification + + +
+

${appName} Email Verification

+ +

${greeting}

+ +

Thank you for signing up with ${appName}! To complete your registration and access all features, please verify your email address.

+ +
+

Your Verification Code

+
+ ${verificationCode} +
+
+ +

Please enter this code in the verification form on our website to complete your email verification.

+

This code will expire in ${expirationMinutes} minutes.

+ +

+ If you didn't create an account with ${appName}, please ignore this email. +

+ +
+

+ © ${new Date().getFullYear()} ${appName}. All rights reserved. +

+
+ + + `; +} + +/** + * Generate plain text email template for verification code + * @param options - Template options + * @returns Plain text email body + */ +export function generateVerificationEmailText( + options: EmailTemplateOptions, +): string { + const { appName, verificationCode, firstName, expirationMinutes = 10 } = options; + const greeting = firstName ? `Hi ${firstName},` : 'Hi there,'; + + return ` +${appName} Email Verification + +${greeting} + +Thank you for signing up with ${appName}! To complete your registration and access all features, please verify your email address. + +Your Verification Code: ${verificationCode} + +Please enter this code in the verification form on our website to complete your email verification. +This code will expire in ${expirationMinutes} minutes. + +If you didn't create an account with ${appName}, please ignore this email. + +© ${new Date().getFullYear()} ${appName}. All rights reserved. + `.trim(); +} + diff --git a/src/modules/setting/helpers/phone-number.util.ts b/src/modules/setting/helpers/phone-number.util.ts new file mode 100644 index 00000000..dfcf769e --- /dev/null +++ b/src/modules/setting/helpers/phone-number.util.ts @@ -0,0 +1,69 @@ +/** + * Utility functions for phone number formatting and validation + */ + +/** + * Format phone number to E.164 format (e.g., +61491050908) + * Supports various input formats: + * - 0491050908 (Australian mobile, leading 0) + * - 491050908 (Australian mobile without leading 0) + * - +61491050908 (E.164 format) + * - 61491050908 (E.164 without +) + * + * @param phoneNumber - Phone number in any common format + * @param defaultCountryCode - Default country code to use if not provided (default: +61 for Australia) + * @returns Phone number in E.164 format + */ +export function formatPhoneNumberToE164( + phoneNumber: string, + defaultCountryCode: string = '+61', +): string { + // Remove all whitespace and common formatting characters except + + const cleaned = phoneNumber.trim().replace(/[\s\-\(\)]/g, ''); + + // If already in E.164 format (starts with +), return as is + if (cleaned.startsWith('+')) { + return cleaned; + } + + // If starts with 0 (Australian format), replace with country code + if (cleaned.startsWith('0')) { + return `${defaultCountryCode}${cleaned.substring(1)}`; + } + + // If starts with country code digits (e.g., 61 for Australia), add + + if (cleaned.match(/^61/)) { + return `+${cleaned}`; + } + + // If starts with mobile prefix (e.g., 4 for Australian mobile), add country code + if (cleaned.match(/^4/)) { + return `${defaultCountryCode}${cleaned}`; + } + + // Default: add country code + return `${defaultCountryCode}${cleaned}`; +} + +/** + * Validate if a phone number looks valid + * @param phoneNumber - Phone number to validate + * @returns true if phone number appears valid + */ +export function isValidPhoneNumber(phoneNumber: string): boolean { + const cleaned = phoneNumber.trim().replace(/[\s\-\(\)]/g, ''); + + // Basic validation: should contain at least 8 digits + const digitCount = cleaned.replace(/\D/g, '').length; + return digitCount >= 8 && digitCount <= 15; +} + +/** + * Normalize phone number for storage (same as E.164 format) + * @param phoneNumber - Phone number in any format + * @returns Normalized phone number + */ +export function normalizePhoneNumber(phoneNumber: string): string { + return formatPhoneNumberToE164(phoneNumber); +} + diff --git a/src/modules/setting/helpers/verification-code.util.ts b/src/modules/setting/helpers/verification-code.util.ts new file mode 100644 index 00000000..ed9016a9 --- /dev/null +++ b/src/modules/setting/helpers/verification-code.util.ts @@ -0,0 +1,34 @@ +import bcrypt from 'bcryptjs'; +import { randomInt } from 'node:crypto'; + +export interface VerificationCodeConfig { + length?: number; +} + +const DEFAULT_CODE_LENGTH = 6; +const SALT_ROUNDS = 10; + +export function generateNumericCode(config: VerificationCodeConfig = {}): string { + const length = config.length ?? DEFAULT_CODE_LENGTH; + if (length <= 0) { + throw new Error('Verification code length must be greater than zero'); + } + + const min = 10 ** (length - 1); + const max = 10 ** length; + return String(randomInt(min, max)); +} + +export async function hashVerificationCode(code: string): Promise { + return bcrypt.hash(code, SALT_ROUNDS); +} + +export async function verifyVerificationCode( + code: string, + hashed: string, +): Promise { + if (!hashed) { + return false; + } + return bcrypt.compare(code, hashed); +} diff --git a/src/modules/setting/interfaces/email-verification.interface.ts b/src/modules/setting/interfaces/email-verification.interface.ts new file mode 100644 index 00000000..a1384706 --- /dev/null +++ b/src/modules/setting/interfaces/email-verification.interface.ts @@ -0,0 +1,20 @@ +/** + * Interface for email verification services. + * This interface allows for easy replacement of email providers (AWS SES, SendGrid, etc.) + */ +export interface IEmailVerificationService { + /** + * Send a verification code via email + * @param email - Recipient email address + * @param verificationCode - The verification code to send + * @param firstName - Optional recipient first name for personalization + * @returns Promise that resolves when email is sent + * @throws Error if email sending fails + */ + sendVerificationCode( + email: string, + verificationCode: string, + firstName?: string, + ): Promise; +} + diff --git a/src/modules/setting/interfaces/sms-verification.interface.ts b/src/modules/setting/interfaces/sms-verification.interface.ts new file mode 100644 index 00000000..762ca060 --- /dev/null +++ b/src/modules/setting/interfaces/sms-verification.interface.ts @@ -0,0 +1,18 @@ +/** + * Interface for SMS verification services. + * This interface allows for easy replacement of SMS providers (AWS SNS, Twilio, etc.) + */ +export interface ISmsVerificationService { + /** + * Send a verification code via SMS + * @param phoneNumber - Recipient phone number (in any format, will be normalized) + * @param verificationCode - The verification code to send + * @returns Promise that resolves when SMS is sent + * @throws Error if SMS sending fails + */ + sendVerificationCode( + phoneNumber: string, + verificationCode: string, + ): Promise; +} + diff --git a/src/modules/setting/schema/verification.schema.ts b/src/modules/setting/schema/verification.schema.ts index b34bfc63..d69307dc 100644 --- a/src/modules/setting/schema/verification.schema.ts +++ b/src/modules/setting/schema/verification.schema.ts @@ -7,6 +7,27 @@ export enum VerificationType { BOTH = 'Both', } +@Schema({ _id: false }) +export class VerificationChannelState { + @Prop() + codeHash?: string; + + @Prop() + expiresAt?: Date; + + @Prop({ default: 0 }) + attemptCount!: number; + + @Prop() + sentAt?: Date; + + @Prop() + nextSendAllowedAt?: Date; +} + +export const VerificationChannelStateSchema = + SchemaFactory.createForClass(VerificationChannelState); + @Schema({ timestamps: true }) export class Verification extends Document { @Prop({ type: Types.ObjectId, ref: 'User', required: true, unique: true }) @@ -35,6 +56,20 @@ export class Verification extends Document { @Prop({ default: false }) marketingPromotions!: boolean; + @Prop({ + type: VerificationChannelStateSchema, + _id: false, + default: undefined, + }) + emailCode?: VerificationChannelState; + + @Prop({ + type: VerificationChannelStateSchema, + _id: false, + default: undefined, + }) + mobileCode?: VerificationChannelState; + @Prop() readonly createdAt!: Date; diff --git a/src/modules/setting/setting.module.ts b/src/modules/setting/setting.module.ts index 723718b5..3aae9d3e 100644 --- a/src/modules/setting/setting.module.ts +++ b/src/modules/setting/setting.module.ts @@ -12,7 +12,11 @@ import { Verification, VerificationSchema } from './schema/verification.schema'; import { SettingController } from './setting.controller'; import { SettingService } from './setting.service'; import { VerificationController } from './verification.controller'; +import { AwsSesEmailVerificationService } from './aws-ses-email-verification.service.js'; +import { AwsSnsSmsVerificationService } from './aws-sns-sms-verification.service.js'; import { VerificationService } from './verification.service'; +import { IEmailVerificationService } from './interfaces/email-verification.interface.js'; +import { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; @Module({ imports: [ @@ -24,7 +28,29 @@ import { VerificationService } from './verification.service'; ]), ], controllers: [SettingController, VerificationController], - providers: [SettingService, VerificationService], - exports: [SettingService, VerificationService, MongooseModule], + providers: [ + SettingService, + VerificationService, + { + provide: 'IEmailVerificationService', + useClass: AwsSesEmailVerificationService, + }, + { + provide: 'ISmsVerificationService', + useClass: AwsSnsSmsVerificationService, + }, + // Also provide concrete implementations for direct use if needed + AwsSesEmailVerificationService, + AwsSnsSmsVerificationService, + ], + exports: [ + SettingService, + VerificationService, + 'IEmailVerificationService', + 'ISmsVerificationService', + AwsSesEmailVerificationService, + AwsSnsSmsVerificationService, + MongooseModule, + ], }) export class SettingModule {} diff --git a/src/modules/setting/verification.service.ts b/src/modules/setting/verification.service.ts index 6298aed5..d4848a75 100644 --- a/src/modules/setting/verification.service.ts +++ b/src/modules/setting/verification.service.ts @@ -1,17 +1,40 @@ import { BadRequestException, + Inject, Injectable, + InternalServerErrorException, + Logger, NotFoundException, } from '@nestjs/common'; +import { ConfigService } from '@nestjs/config'; import { InjectModel } from '@nestjs/mongoose'; -import { Model, Types } from 'mongoose'; +import { isEmail } from 'class-validator'; +import { Model, Types, UpdateQuery } from 'mongoose'; import { Verification, VerificationDocument, + VerificationType, } from '@/modules/setting/schema/verification.schema'; import { User, UserDocument } from '@/modules/user/schema/user.schema'; +import { + generateNumericCode, + hashVerificationCode, + verifyVerificationCode, +} from './helpers/verification-code.util.js'; +import type { IEmailVerificationService } from './interfaces/email-verification.interface.js'; +import type { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; +import { normalizePhoneNumber } from './helpers/phone-number.util.js'; + +const DEFAULT_EMAIL_CODE_TTL_SECONDS = 10 * 60; // 10 minutes +const DEFAULT_EMAIL_RESEND_SECONDS = 60; // 1 minute +const DEFAULT_EMAIL_MAX_ATTEMPTS = 5; + +const DEFAULT_SMS_CODE_TTL_SECONDS = 10 * 60; // 10 minutes +const DEFAULT_SMS_RESEND_SECONDS = 60; // 1 minute +const DEFAULT_SMS_MAX_ATTEMPTS = 5; + export interface UpdateVerificationDto { type: 'SMS' | 'Email' | 'Both'; mobile?: string; @@ -22,17 +45,28 @@ export interface UpdateVerificationDto { } // Only allow primitive values for listed keys, ignore all others -function sanitizeVerificationUpdate(input: Record): Partial { - const allowedKeys = ['type', 'mobile', 'email', 'mobileVerified', 'emailVerified', 'marketingPromotions']; +function sanitizeVerificationUpdate( + input: Record, +): Partial { + const allowedKeys = [ + 'type', + 'mobile', + 'email', + 'mobileVerified', + 'emailVerified', + 'marketingPromotions', + ]; const output: Record = {}; for (const key of allowedKeys) { if (Object.prototype.hasOwnProperty.call(input, key)) { const value = input[key]; - // Only allow primitive values (string, boolean, number, null/undefined) - if (value === null || value === undefined || - typeof value === 'string' || - typeof value === 'boolean' || - typeof value === 'number') { + if ( + value === null || + value === undefined || + typeof value === 'string' || + typeof value === 'boolean' || + typeof value === 'number' + ) { output[key] = value; } } @@ -42,24 +76,64 @@ function sanitizeVerificationUpdate(input: Record): Partial, + private readonly verificationModel: Model, @InjectModel(User.name) - private userModel: Model, - ) {} + private readonly userModel: Model, + @Inject('IEmailVerificationService') + private readonly emailVerificationService: IEmailVerificationService, + @Inject('ISmsVerificationService') + private readonly smsVerificationService: ISmsVerificationService, + private readonly configService: ConfigService, + ) { + this.emailCodeTtlMs = this.resolveDurationMs( + 'VERIFICATION_EMAIL_TTL_SECONDS', + DEFAULT_EMAIL_CODE_TTL_SECONDS, + ); + this.emailResendDelayMs = this.resolveDurationMs( + 'VERIFICATION_EMAIL_RESEND_SECONDS', + DEFAULT_EMAIL_RESEND_SECONDS, + ); + this.emailMaxAttempts = this.resolvePositiveInt( + 'VERIFICATION_EMAIL_MAX_ATTEMPTS', + DEFAULT_EMAIL_MAX_ATTEMPTS, + ); + this.smsCodeTtlMs = this.resolveDurationMs( + 'VERIFICATION_SMS_TTL_SECONDS', + DEFAULT_SMS_CODE_TTL_SECONDS, + ); + this.smsResendDelayMs = this.resolveDurationMs( + 'VERIFICATION_SMS_RESEND_SECONDS', + DEFAULT_SMS_RESEND_SECONDS, + ); + this.smsMaxAttempts = this.resolvePositiveInt( + 'VERIFICATION_SMS_MAX_ATTEMPTS', + DEFAULT_SMS_MAX_ATTEMPTS, + ); + } async getVerification(userId: string): Promise { + const objectId = this.parseUserId(userId); + const verification = await this.verificationModel - .findOne({ userId: new Types.ObjectId(userId) }) + .findOne({ userId: objectId }) .exec(); - // If no verification record exists, return default with User data + if (!verification) { - const user = await this.userModel.findById(userId).exec(); + const user = await this.userModel.findById(objectId).exec(); if (user) { return { - userId: new Types.ObjectId(userId), - type: 'Both', + userId: objectId, + type: VerificationType.BOTH, mobile: user.fullPhoneNumber || '', email: user.email || '', mobileVerified: false, @@ -68,6 +142,7 @@ export class VerificationService { } as Verification; } } + return verification; } @@ -75,27 +150,29 @@ export class VerificationService { userId: string, updateData: UpdateVerificationDto, ): Promise { - // If mobile number is being updated, also update User model + const objectId = this.parseUserId(userId); + if (updateData.mobile !== undefined) { if (typeof updateData.mobile !== 'string') { throw new BadRequestException('Mobile number must be a string'); } await this.userModel.findByIdAndUpdate( - { _id: { $eq: new Types.ObjectId(userId) } }, + { _id: objectId }, { fullPhoneNumber: updateData.mobile }, { new: true }, ); } - // Sanitize updateData to allow only expected fields, preventing operator injection - const safeUpdate = sanitizeVerificationUpdate(updateData as unknown as Record); + const safeUpdate = sanitizeVerificationUpdate( + updateData as unknown as Record, + ); const verification = await this.verificationModel - .findOneAndUpdate( - { userId: new Types.ObjectId(userId) }, - safeUpdate, - { new: true, upsert: true }, - ) + .findOneAndUpdate({ userId: objectId }, safeUpdate, { + new: true, + upsert: true, + setDefaultsOnInsert: true, + }) .exec(); return verification; @@ -105,11 +182,83 @@ export class VerificationService { userId: string, email: string, ): Promise<{ success: boolean; message?: string }> { - // TODO: Implement email verification code sending - // For now, return success to allow frontend to work + const objectId = this.parseUserId(userId); + const normalizedEmail = this.normalizeEmail(email); + + const existing = await this.verificationModel + .findOne({ userId: objectId }) + .lean(); + + const now = new Date(); + + if (existing?.emailCode?.nextSendAllowedAt) { + const nextAllowed = new Date(existing.emailCode.nextSendAllowedAt); + if (nextAllowed > now) { + const seconds = this.secondsRemaining(nextAllowed, now); + throw new BadRequestException( + `Verification code already sent. Please wait ${seconds} second(s) before requesting a new code.`, + ); + } + } + + const code = generateNumericCode(); + + // Get user info for personalized email + const user = await this.userModel.findById(objectId).exec(); + + try { + await this.emailVerificationService.sendVerificationCode( + normalizedEmail, + code, + user?.firstName, + ); + } catch (error) { + this.logger.error( + `Unable to send verification email to ${normalizedEmail}`, + error instanceof Error ? error.stack : undefined, + ); + throw new InternalServerErrorException( + 'Unable to send verification email. Please try again later.', + ); + } + + const codeHash = await hashVerificationCode(code); + const expiresAt = new Date(now.getTime() + this.emailCodeTtlMs); + const nextSendAllowedAt = new Date( + now.getTime() + this.emailResendDelayMs, + ); + + const update: UpdateQuery = { + $set: { + email: normalizedEmail, + emailVerified: false, + emailCode: { + codeHash, + expiresAt, + attemptCount: 0, + sentAt: now, + nextSendAllowedAt, + }, + }, + }; + + if (!existing) { + update.$setOnInsert = { + type: VerificationType.BOTH, + } as Partial; + } + + await this.verificationModel + .findOneAndUpdate({ userId: objectId }, update, { + new: true, + upsert: true, + setDefaultsOnInsert: true, + }) + .exec(); + return { success: true, - message: 'Verification email sent (implementation pending)', + message: 'Verification email sent successfully.', }; } @@ -118,28 +267,172 @@ export class VerificationService { email: string, code: string, ): Promise { - // TODO: Implement email verification code validation - // For now, verify email without code check + const objectId = this.parseUserId(userId); + const normalizedEmail = this.normalizeEmail(email); + const sanitizedCode = this.normalizeCode(code); + const verification = await this.verificationModel - .findOneAndUpdate( - { userId: new Types.ObjectId(userId) }, - { emailVerified: true, email }, - { new: true, upsert: true }, + .findOne({ userId: objectId }) + .exec(); + + if (!verification || !verification.emailCode) { + throw new NotFoundException( + 'No verification request found for this user.', + ); + } + + if ( + verification.email && + verification.email.toLowerCase() !== normalizedEmail.toLowerCase() + ) { + throw new BadRequestException( + 'Email address does not match the pending verification request.', + ); + } + + const { emailCode } = verification; + + if (emailCode.expiresAt && emailCode.expiresAt.getTime() < Date.now()) { + throw new BadRequestException('Verification code has expired.'); + } + + if (emailCode.attemptCount >= this.emailMaxAttempts) { + throw new BadRequestException( + 'Maximum verification attempts exceeded. Please request a new code.', + ); + } + + const isValid = await verifyVerificationCode( + sanitizedCode, + emailCode.codeHash ?? '', + ); + + if (!isValid) { + const nextAttemptCount = emailCode.attemptCount + 1; + await this.verificationModel + .updateOne( + { userId: objectId }, + { $inc: { 'emailCode.attemptCount': 1 } }, + ) + .exec(); + + const remaining = Math.max(this.emailMaxAttempts - nextAttemptCount, 0); + const message = + remaining > 0 + ? `Invalid verification code. ${remaining} attempt(s) remaining.` + : 'Invalid verification code. Maximum attempts exceeded.'; + throw new BadRequestException(message); + } + + await this.verificationModel + .updateOne( + { userId: objectId }, + { + $set: { + emailVerified: true, + email: normalizedEmail, + }, + $unset: { + emailCode: '', + }, + }, ) .exec(); - return verification; + await this.userModel + .findByIdAndUpdate(objectId, { email: normalizedEmail }, { new: true }) + .exec(); + + const updatedVerification = await this.verificationModel + .findOne({ userId: objectId }) + .exec(); + + if (!updatedVerification) { + throw new InternalServerErrorException( + 'Verification record missing after email confirmation.', + ); + } + + return updatedVerification; } async sendSmsVerification( userId: string, mobile: string, ): Promise<{ success: boolean; message?: string }> { - // TODO: Implement SMS verification code sending - // For now, return success to allow frontend to work + const objectId = this.parseUserId(userId); + const normalizedMobile = normalizePhoneNumber(mobile); + + const existing = await this.verificationModel + .findOne({ userId: objectId }) + .lean(); + + const now = new Date(); + + if (existing?.mobileCode?.nextSendAllowedAt) { + const nextAllowed = new Date(existing.mobileCode.nextSendAllowedAt); + if (nextAllowed > now) { + const seconds = this.secondsRemaining(nextAllowed, now); + throw new BadRequestException( + `Verification code already sent. Please wait ${seconds} second(s) before requesting a new code.`, + ); + } + } + + const code = generateNumericCode(); + + try { + await this.smsVerificationService.sendVerificationCode( + normalizedMobile, + code, + ); + } catch (error) { + this.logger.error( + `Unable to send verification SMS to ${normalizedMobile}`, + error instanceof Error ? error.stack : undefined, + ); + throw new InternalServerErrorException( + 'Unable to send verification SMS. Please try again later.', + ); + } + + const codeHash = await hashVerificationCode(code); + const expiresAt = new Date(now.getTime() + this.smsCodeTtlMs); + const nextSendAllowedAt = new Date( + now.getTime() + this.smsResendDelayMs, + ); + + const update: UpdateQuery = { + $set: { + mobile: normalizedMobile, + mobileVerified: false, + mobileCode: { + codeHash, + expiresAt, + attemptCount: 0, + sentAt: now, + nextSendAllowedAt, + }, + }, + }; + + if (!existing) { + update.$setOnInsert = { + type: VerificationType.BOTH, + } as Partial; + } + + await this.verificationModel + .findOneAndUpdate({ userId: objectId }, update, { + new: true, + upsert: true, + setDefaultsOnInsert: true, + }) + .exec(); + return { success: true, - message: 'SMS verification sent (implementation pending)', + message: 'Verification SMS sent successfully.', }; } @@ -148,16 +441,170 @@ export class VerificationService { mobile: string, code: string, ): Promise { - // TODO: Implement SMS verification code validation - // For now, verify mobile without code check + const objectId = this.parseUserId(userId); + const normalizedMobile = normalizePhoneNumber(mobile); + const sanitizedCode = this.normalizeCode(code); + const verification = await this.verificationModel - .findOneAndUpdate( - { userId: new Types.ObjectId(userId) }, - { mobileVerified: true, mobile }, - { new: true, upsert: true }, + .findOne({ userId: objectId }) + .exec(); + + if (!verification || !verification.mobileCode) { + throw new NotFoundException( + 'No verification request found for this user.', + ); + } + + if ( + verification.mobile && + verification.mobile !== normalizedMobile + ) { + throw new BadRequestException( + 'Mobile number does not match the pending verification request.', + ); + } + + const { mobileCode } = verification; + + if (mobileCode.expiresAt && mobileCode.expiresAt.getTime() < Date.now()) { + throw new BadRequestException('Verification code has expired.'); + } + + if (mobileCode.attemptCount >= this.smsMaxAttempts) { + throw new BadRequestException( + 'Maximum verification attempts exceeded. Please request a new code.', + ); + } + + const isValid = await verifyVerificationCode( + sanitizedCode, + mobileCode.codeHash ?? '', + ); + + if (!isValid) { + const nextAttemptCount = mobileCode.attemptCount + 1; + await this.verificationModel + .updateOne( + { userId: objectId }, + { $inc: { 'mobileCode.attemptCount': 1 } }, + ) + .exec(); + + const remaining = Math.max(this.smsMaxAttempts - nextAttemptCount, 0); + const message = + remaining > 0 + ? `Invalid verification code. ${remaining} attempt(s) remaining.` + : 'Invalid verification code. Maximum attempts exceeded.'; + throw new BadRequestException(message); + } + + await this.verificationModel + .updateOne( + { userId: objectId }, + { + $set: { + mobileVerified: true, + mobile: normalizedMobile, + }, + $unset: { + mobileCode: '', + }, + }, ) .exec(); - return verification; + await this.userModel + .findByIdAndUpdate(objectId, { fullPhoneNumber: normalizedMobile }, { new: true }) + .exec(); + + const updatedVerification = await this.verificationModel + .findOne({ userId: objectId }) + .exec(); + + if (!updatedVerification) { + throw new InternalServerErrorException( + 'Verification record missing after SMS confirmation.', + ); + } + + return updatedVerification; + } + + private resolveDurationMs(key: string, fallbackSeconds: number): number { + const raw = this.configService.get(key); + if (raw === undefined || raw === null || raw === '') { + return fallbackSeconds * 1000; + } + + const numeric = Number(raw); + if (Number.isNaN(numeric) || numeric <= 0) { + this.logger.warn( + `Invalid value for ${key}: ${String(raw)}. Falling back to ${fallbackSeconds} seconds.`, + ); + return fallbackSeconds * 1000; + } + + return numeric * 1000; + } + + private resolvePositiveInt(key: string, fallback: number): number { + const raw = this.configService.get(key); + if (raw === undefined || raw === null || raw === '') { + return fallback; + } + + const numeric = Number(raw); + if (!Number.isInteger(numeric) || numeric <= 0) { + this.logger.warn( + `Invalid value for ${key}: ${String(raw)}. Falling back to ${fallback}.`, + ); + return fallback; + } + + return numeric; + } + + private parseUserId(userId: string): Types.ObjectId { + try { + return new Types.ObjectId(userId); + } catch (error) { + throw new BadRequestException('Invalid user id.'); + } + } + + private normalizeEmail(email: string): string { + if (typeof email !== 'string') { + throw new BadRequestException('Email address is required.'); + } + + const normalized = email.trim().toLowerCase(); + if (!isEmail(normalized)) { + throw new BadRequestException('Invalid email address format.'); + } + + return normalized; + } + + + private normalizeCode(code: string): string { + if (typeof code !== 'string') { + throw new BadRequestException('Verification code is required.'); + } + + const trimmed = code.trim(); + if (!/^[0-9]{4,10}$/.test(trimmed)) { + throw new BadRequestException( + 'Verification code must be a numeric value.', + ); + } + + return trimmed; + } + + private secondsRemaining(target: Date, now: Date): number { + return Math.max( + Math.ceil((target.getTime() - now.getTime()) / 1000), + 0, + ); } } From 90d71fa64518e7903488511a632b8034139877f9 Mon Sep 17 00:00:00 2001 From: Tim Tian Date: Sun, 16 Nov 2025 09:59:45 +1100 Subject: [PATCH 4/8] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20lint=20?= =?UTF-8?q?=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 移除不必要的 String() 类型转换 - 修复模板字符串中的 number 类型转换 - 修复不必要的转义字符 - 修复不必要的条件判断 - 移除未使用的导入 --- .../aws-ses-email-verification.service.ts | 16 +++---- .../aws-sns-sms-verification.service.ts | 8 ++-- .../setting/helpers/email-template.util.ts | 23 +++++++--- .../setting/helpers/phone-number.util.ts | 15 +++---- .../setting/helpers/verification-code.util.ts | 7 ++- .../email-verification.interface.ts | 1 - .../interfaces/sms-verification.interface.ts | 1 - .../setting/schema/verification.schema.ts | 5 ++- src/modules/setting/setting.module.ts | 6 +-- src/modules/setting/verification.service.ts | 45 ++++++++----------- 10 files changed, 63 insertions(+), 64 deletions(-) diff --git a/src/modules/setting/aws-ses-email-verification.service.ts b/src/modules/setting/aws-ses-email-verification.service.ts index c39793b1..7df041ba 100644 --- a/src/modules/setting/aws-ses-email-verification.service.ts +++ b/src/modules/setting/aws-ses-email-verification.service.ts @@ -2,14 +2,16 @@ import { SendEmailCommand, SESv2Client } from '@aws-sdk/client-sesv2'; import { Injectable, Logger } from '@nestjs/common'; import { ConfigService } from '@nestjs/config'; -import { IEmailVerificationService } from './interfaces/email-verification.interface.js'; import { generateVerificationEmailHtml, generateVerificationEmailText, } from './helpers/email-template.util.js'; +import { IEmailVerificationService } from './interfaces/email-verification.interface.js'; @Injectable() -export class AwsSesEmailVerificationService implements IEmailVerificationService { +export class AwsSesEmailVerificationService + implements IEmailVerificationService +{ private readonly logger = new Logger(AwsSesEmailVerificationService.name); private readonly sesClient: SESv2Client; private readonly region: string; @@ -17,7 +19,8 @@ export class AwsSesEmailVerificationService implements IEmailVerificationService private readonly appName: string; constructor(private readonly configService: ConfigService) { - this.region = this.configService.get('AWS_REGION') ?? 'ap-southeast-2'; + this.region = + this.configService.get('AWS_REGION') ?? 'ap-southeast-2'; this.emailFrom = this.configService.get('SES_FROM') ?? 'noreply@dispatchai.com'; this.appName = this.configService.get('APP_NAME') ?? 'DispatchAI'; @@ -99,7 +102,7 @@ export class AwsSesEmailVerificationService implements IEmailVerificationService const result = await this.sesClient.send(command); this.logger.log( - `Verification email sent to ${email}: ${String(result.MessageId ?? 'unknown')}`, + `Verification email sent to ${email}: ${result.MessageId ?? 'unknown'}`, ); } catch (error) { this.logger.error( @@ -109,9 +112,4 @@ export class AwsSesEmailVerificationService implements IEmailVerificationService throw error; } } - } - - - - diff --git a/src/modules/setting/aws-sns-sms-verification.service.ts b/src/modules/setting/aws-sns-sms-verification.service.ts index 41c4cc34..f2cea969 100644 --- a/src/modules/setting/aws-sns-sms-verification.service.ts +++ b/src/modules/setting/aws-sns-sms-verification.service.ts @@ -2,8 +2,8 @@ import { PublishCommand, SNSClient } from '@aws-sdk/client-sns'; import { Injectable, Logger } from '@nestjs/common'; import { ConfigService } from '@nestjs/config'; -import { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; import { formatPhoneNumberToE164 } from './helpers/phone-number.util.js'; +import { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; @Injectable() export class AwsSnsSmsVerificationService implements ISmsVerificationService { @@ -12,7 +12,8 @@ export class AwsSnsSmsVerificationService implements ISmsVerificationService { private readonly region: string; constructor(private readonly configService: ConfigService) { - this.region = this.configService.get('AWS_REGION') ?? 'ap-southeast-2'; + this.region = + this.configService.get('AWS_REGION') ?? 'ap-southeast-2'; const accessKeyId = this.configService.get('AWS_ACCESS_KEY_ID'); const secretAccessKey = this.configService.get( @@ -74,7 +75,7 @@ export class AwsSnsSmsVerificationService implements ISmsVerificationService { const result = await this.snsClient.send(command); this.logger.log( - `SMS verification sent to ${formattedPhone}: ${String(result.MessageId ?? 'unknown')}`, + `SMS verification sent to ${formattedPhone}: ${result.MessageId ?? 'unknown'}`, ); } catch (error) { this.logger.error( @@ -85,4 +86,3 @@ export class AwsSnsSmsVerificationService implements ISmsVerificationService { } } } - diff --git a/src/modules/setting/helpers/email-template.util.ts b/src/modules/setting/helpers/email-template.util.ts index 73a1cc4f..91370b76 100644 --- a/src/modules/setting/helpers/email-template.util.ts +++ b/src/modules/setting/helpers/email-template.util.ts @@ -18,7 +18,12 @@ export interface EmailTemplateOptions { export function generateVerificationEmailHtml( options: EmailTemplateOptions, ): string { - const { appName, verificationCode, firstName, expirationMinutes = 10 } = options; + const { + appName, + verificationCode, + firstName, + expirationMinutes = 10, + } = options; const greeting = firstName ? `Hi ${firstName},` : 'Hi there,'; return ` @@ -45,7 +50,7 @@ export function generateVerificationEmailHtml(

Please enter this code in the verification form on our website to complete your email verification.

-

This code will expire in ${expirationMinutes} minutes.

+

This code will expire in ${String(expirationMinutes)} minutes.

If you didn't create an account with ${appName}, please ignore this email. @@ -53,7 +58,7 @@ export function generateVerificationEmailHtml(

- © ${new Date().getFullYear()} ${appName}. All rights reserved. + © ${String(new Date().getFullYear())} ${appName}. All rights reserved.

@@ -69,7 +74,12 @@ export function generateVerificationEmailHtml( export function generateVerificationEmailText( options: EmailTemplateOptions, ): string { - const { appName, verificationCode, firstName, expirationMinutes = 10 } = options; + const { + appName, + verificationCode, + firstName, + expirationMinutes = 10, + } = options; const greeting = firstName ? `Hi ${firstName},` : 'Hi there,'; return ` @@ -82,11 +92,10 @@ Thank you for signing up with ${appName}! To complete your registration and acce Your Verification Code: ${verificationCode} Please enter this code in the verification form on our website to complete your email verification. -This code will expire in ${expirationMinutes} minutes. +This code will expire in ${String(expirationMinutes)} minutes. If you didn't create an account with ${appName}, please ignore this email. -© ${new Date().getFullYear()} ${appName}. All rights reserved. +© ${String(new Date().getFullYear())} ${appName}. All rights reserved. `.trim(); } - diff --git a/src/modules/setting/helpers/phone-number.util.ts b/src/modules/setting/helpers/phone-number.util.ts index dfcf769e..d661dcf5 100644 --- a/src/modules/setting/helpers/phone-number.util.ts +++ b/src/modules/setting/helpers/phone-number.util.ts @@ -9,17 +9,17 @@ * - 491050908 (Australian mobile without leading 0) * - +61491050908 (E.164 format) * - 61491050908 (E.164 without +) - * + * * @param phoneNumber - Phone number in any common format * @param defaultCountryCode - Default country code to use if not provided (default: +61 for Australia) * @returns Phone number in E.164 format */ export function formatPhoneNumberToE164( phoneNumber: string, - defaultCountryCode: string = '+61', + defaultCountryCode = '+61', ): string { // Remove all whitespace and common formatting characters except + - const cleaned = phoneNumber.trim().replace(/[\s\-\(\)]/g, ''); + const cleaned = phoneNumber.trim().replace(/[\s\-()]/g, ''); // If already in E.164 format (starts with +), return as is if (cleaned.startsWith('+')) { @@ -32,12 +32,12 @@ export function formatPhoneNumberToE164( } // If starts with country code digits (e.g., 61 for Australia), add + - if (cleaned.match(/^61/)) { + if (/^61/.exec(cleaned)) { return `+${cleaned}`; } // If starts with mobile prefix (e.g., 4 for Australian mobile), add country code - if (cleaned.match(/^4/)) { + if (/^4/.exec(cleaned)) { return `${defaultCountryCode}${cleaned}`; } @@ -51,8 +51,8 @@ export function formatPhoneNumberToE164( * @returns true if phone number appears valid */ export function isValidPhoneNumber(phoneNumber: string): boolean { - const cleaned = phoneNumber.trim().replace(/[\s\-\(\)]/g, ''); - + const cleaned = phoneNumber.trim().replace(/[\s\-()]/g, ''); + // Basic validation: should contain at least 8 digits const digitCount = cleaned.replace(/\D/g, '').length; return digitCount >= 8 && digitCount <= 15; @@ -66,4 +66,3 @@ export function isValidPhoneNumber(phoneNumber: string): boolean { export function normalizePhoneNumber(phoneNumber: string): string { return formatPhoneNumberToE164(phoneNumber); } - diff --git a/src/modules/setting/helpers/verification-code.util.ts b/src/modules/setting/helpers/verification-code.util.ts index ed9016a9..d743eca2 100644 --- a/src/modules/setting/helpers/verification-code.util.ts +++ b/src/modules/setting/helpers/verification-code.util.ts @@ -1,6 +1,7 @@ -import bcrypt from 'bcryptjs'; import { randomInt } from 'node:crypto'; +import bcrypt from 'bcryptjs'; + export interface VerificationCodeConfig { length?: number; } @@ -8,7 +9,9 @@ export interface VerificationCodeConfig { const DEFAULT_CODE_LENGTH = 6; const SALT_ROUNDS = 10; -export function generateNumericCode(config: VerificationCodeConfig = {}): string { +export function generateNumericCode( + config: VerificationCodeConfig = {}, +): string { const length = config.length ?? DEFAULT_CODE_LENGTH; if (length <= 0) { throw new Error('Verification code length must be greater than zero'); diff --git a/src/modules/setting/interfaces/email-verification.interface.ts b/src/modules/setting/interfaces/email-verification.interface.ts index a1384706..a08b888c 100644 --- a/src/modules/setting/interfaces/email-verification.interface.ts +++ b/src/modules/setting/interfaces/email-verification.interface.ts @@ -17,4 +17,3 @@ export interface IEmailVerificationService { firstName?: string, ): Promise; } - diff --git a/src/modules/setting/interfaces/sms-verification.interface.ts b/src/modules/setting/interfaces/sms-verification.interface.ts index 762ca060..31274ed4 100644 --- a/src/modules/setting/interfaces/sms-verification.interface.ts +++ b/src/modules/setting/interfaces/sms-verification.interface.ts @@ -15,4 +15,3 @@ export interface ISmsVerificationService { verificationCode: string, ): Promise; } - diff --git a/src/modules/setting/schema/verification.schema.ts b/src/modules/setting/schema/verification.schema.ts index d69307dc..79fd73b0 100644 --- a/src/modules/setting/schema/verification.schema.ts +++ b/src/modules/setting/schema/verification.schema.ts @@ -25,8 +25,9 @@ export class VerificationChannelState { nextSendAllowedAt?: Date; } -export const VerificationChannelStateSchema = - SchemaFactory.createForClass(VerificationChannelState); +export const VerificationChannelStateSchema = SchemaFactory.createForClass( + VerificationChannelState, +); @Schema({ timestamps: true }) export class Verification extends Document { diff --git a/src/modules/setting/setting.module.ts b/src/modules/setting/setting.module.ts index 3aae9d3e..21984d52 100644 --- a/src/modules/setting/setting.module.ts +++ b/src/modules/setting/setting.module.ts @@ -7,16 +7,14 @@ import { } from '@/modules/company/schema/company.schema'; import { User, userSchema } from '@/modules/user/schema/user.schema'; +import { AwsSesEmailVerificationService } from './aws-ses-email-verification.service.js'; +import { AwsSnsSmsVerificationService } from './aws-sns-sms-verification.service.js'; import { Setting, settingSchema } from './schema/setting.schema'; import { Verification, VerificationSchema } from './schema/verification.schema'; import { SettingController } from './setting.controller'; import { SettingService } from './setting.service'; import { VerificationController } from './verification.controller'; -import { AwsSesEmailVerificationService } from './aws-ses-email-verification.service.js'; -import { AwsSnsSmsVerificationService } from './aws-sns-sms-verification.service.js'; import { VerificationService } from './verification.service'; -import { IEmailVerificationService } from './interfaces/email-verification.interface.js'; -import { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; @Module({ imports: [ diff --git a/src/modules/setting/verification.service.ts b/src/modules/setting/verification.service.ts index d4848a75..3d647ccb 100644 --- a/src/modules/setting/verification.service.ts +++ b/src/modules/setting/verification.service.ts @@ -18,6 +18,7 @@ import { } from '@/modules/setting/schema/verification.schema'; import { User, UserDocument } from '@/modules/user/schema/user.schema'; +import { normalizePhoneNumber } from './helpers/phone-number.util.js'; import { generateNumericCode, hashVerificationCode, @@ -25,7 +26,6 @@ import { } from './helpers/verification-code.util.js'; import type { IEmailVerificationService } from './interfaces/email-verification.interface.js'; import type { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; -import { normalizePhoneNumber } from './helpers/phone-number.util.js'; const DEFAULT_EMAIL_CODE_TTL_SECONDS = 10 * 60; // 10 minutes const DEFAULT_EMAIL_RESEND_SECONDS = 60; // 1 minute @@ -196,7 +196,7 @@ export class VerificationService { if (nextAllowed > now) { const seconds = this.secondsRemaining(nextAllowed, now); throw new BadRequestException( - `Verification code already sent. Please wait ${seconds} second(s) before requesting a new code.`, + `Verification code already sent. Please wait ${String(seconds)} second(s) before requesting a new code.`, ); } } @@ -224,9 +224,7 @@ export class VerificationService { const codeHash = await hashVerificationCode(code); const expiresAt = new Date(now.getTime() + this.emailCodeTtlMs); - const nextSendAllowedAt = new Date( - now.getTime() + this.emailResendDelayMs, - ); + const nextSendAllowedAt = new Date(now.getTime() + this.emailResendDelayMs); const update: UpdateQuery = { $set: { @@ -319,7 +317,7 @@ export class VerificationService { const remaining = Math.max(this.emailMaxAttempts - nextAttemptCount, 0); const message = remaining > 0 - ? `Invalid verification code. ${remaining} attempt(s) remaining.` + ? `Invalid verification code. ${String(remaining)} attempt(s) remaining.` : 'Invalid verification code. Maximum attempts exceeded.'; throw new BadRequestException(message); } @@ -374,7 +372,7 @@ export class VerificationService { if (nextAllowed > now) { const seconds = this.secondsRemaining(nextAllowed, now); throw new BadRequestException( - `Verification code already sent. Please wait ${seconds} second(s) before requesting a new code.`, + `Verification code already sent. Please wait ${String(seconds)} second(s) before requesting a new code.`, ); } } @@ -398,9 +396,7 @@ export class VerificationService { const codeHash = await hashVerificationCode(code); const expiresAt = new Date(now.getTime() + this.smsCodeTtlMs); - const nextSendAllowedAt = new Date( - now.getTime() + this.smsResendDelayMs, - ); + const nextSendAllowedAt = new Date(now.getTime() + this.smsResendDelayMs); const update: UpdateQuery = { $set: { @@ -455,10 +451,7 @@ export class VerificationService { ); } - if ( - verification.mobile && - verification.mobile !== normalizedMobile - ) { + if (verification.mobile && verification.mobile !== normalizedMobile) { throw new BadRequestException( 'Mobile number does not match the pending verification request.', ); @@ -493,7 +486,7 @@ export class VerificationService { const remaining = Math.max(this.smsMaxAttempts - nextAttemptCount, 0); const message = remaining > 0 - ? `Invalid verification code. ${remaining} attempt(s) remaining.` + ? `Invalid verification code. ${String(remaining)} attempt(s) remaining.` : 'Invalid verification code. Maximum attempts exceeded.'; throw new BadRequestException(message); } @@ -514,7 +507,11 @@ export class VerificationService { .exec(); await this.userModel - .findByIdAndUpdate(objectId, { fullPhoneNumber: normalizedMobile }, { new: true }) + .findByIdAndUpdate( + objectId, + { fullPhoneNumber: normalizedMobile }, + { new: true }, + ) .exec(); const updatedVerification = await this.verificationModel @@ -532,14 +529,14 @@ export class VerificationService { private resolveDurationMs(key: string, fallbackSeconds: number): number { const raw = this.configService.get(key); - if (raw === undefined || raw === null || raw === '') { + if (raw === undefined || (typeof raw === 'string' && raw === '')) { return fallbackSeconds * 1000; } const numeric = Number(raw); if (Number.isNaN(numeric) || numeric <= 0) { this.logger.warn( - `Invalid value for ${key}: ${String(raw)}. Falling back to ${fallbackSeconds} seconds.`, + `Invalid value for ${key}: ${String(raw)}. Falling back to ${String(fallbackSeconds)} seconds.`, ); return fallbackSeconds * 1000; } @@ -549,14 +546,14 @@ export class VerificationService { private resolvePositiveInt(key: string, fallback: number): number { const raw = this.configService.get(key); - if (raw === undefined || raw === null || raw === '') { + if (raw === undefined || (typeof raw === 'string' && raw === '')) { return fallback; } const numeric = Number(raw); if (!Number.isInteger(numeric) || numeric <= 0) { this.logger.warn( - `Invalid value for ${key}: ${String(raw)}. Falling back to ${fallback}.`, + `Invalid value for ${key}: ${String(raw)}. Falling back to ${String(fallback)}.`, ); return fallback; } @@ -567,7 +564,7 @@ export class VerificationService { private parseUserId(userId: string): Types.ObjectId { try { return new Types.ObjectId(userId); - } catch (error) { + } catch { throw new BadRequestException('Invalid user id.'); } } @@ -585,7 +582,6 @@ export class VerificationService { return normalized; } - private normalizeCode(code: string): string { if (typeof code !== 'string') { throw new BadRequestException('Verification code is required.'); @@ -602,9 +598,6 @@ export class VerificationService { } private secondsRemaining(target: Date, now: Date): number { - return Math.max( - Math.ceil((target.getTime() - now.getTime()) / 1000), - 0, - ); + return Math.max(Math.ceil((target.getTime() - now.getTime()) / 1000), 0); } } From 12a85ea2efb9961943493b797e0de5eb4d71c251 Mon Sep 17 00:00:00 2001 From: Tim Tian Date: Sun, 16 Nov 2025 10:08:55 +1100 Subject: [PATCH 5/8] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20Jest=20?= =?UTF-8?q?=E6=B5=8B=E8=AF=95=E9=85=8D=E7=BD=AE=EF=BC=8C=E6=94=AF=E6=8C=81?= =?UTF-8?q?=20.js=20=E6=89=A9=E5=B1=95=E5=90=8D=E6=A8=A1=E5=9D=97=E8=A7=A3?= =?UTF-8?q?=E6=9E=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 添加 moduleNameMapper 规则来解析 .js 扩展名 - 配置 Jest 支持 ESM 模块 - 修复测试中找不到模块的问题 - 所有单元测试和集成测试现在都能通过 --- jest.config.json | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/jest.config.json b/jest.config.json index caf0632c..5db87214 100644 --- a/jest.config.json +++ b/jest.config.json @@ -1,19 +1,25 @@ { - "moduleFileExtensions": ["js", "json", "ts"], - "rootDir": ".", - "testRegex": ".*\\.(test|spec)\\.ts$", - "transform": { - "^.+\\.(t|j)s$": "ts-jest" - }, - "setupFilesAfterEnv": ["/test/setup.ts"], - "testEnvironment": "node", - "testTimeout": 60000, - "forceExit": true, - "maxWorkers": 1, - "moduleNameMapper": { - "^@/(.*)$": "/src/$1", - "^@modules/(.*)$": "/src/modules/$1" - }, - "moduleFileExtensions": ["js", "json", "ts", "d.ts"] + "moduleFileExtensions": ["js", "json", "ts", "d.ts"], + "rootDir": ".", + "testRegex": ".*\\.(test|spec)\\.ts$", + "transform": { + "^.+\\.(t|j)s$": "ts-jest" + }, + "setupFilesAfterEnv": ["/test/setup.ts"], + "testEnvironment": "node", + "testTimeout": 60000, + "forceExit": true, + "maxWorkers": 1, + "moduleNameMapper": { + "^@/(.*)$": "/src/$1", + "^@modules/(.*)$": "/src/modules/$1", + "^(\\.{1,2}/.*)\\.js$": "$1" + }, + "extensionsToTreatAsEsm": [".ts"], + "globals": { + "ts-jest": { + "useESM": true + } } +} \ No newline at end of file From 5c718a53a136771205e1efb055e427c10c69230f Mon Sep 17 00:00:00 2001 From: Whiskey-Taste Date: Sun, 21 Dec 2025 16:37:15 +1100 Subject: [PATCH 6/8] fix(DIS-158): Fix findByIdAndUpdate usage and ObjectId type conversion - Fix findByIdAndUpdate in verification.service.ts: pass objectId directly instead of { _id: objectId } - Fix TypeScript type error in call-processor.service.ts: use .toString() to convert ObjectId to string - Resolves high-risk bug that prevented user data updates - Resolves TypeScript compilation errors --- src/modules/setting/verification.service.ts | 2 +- src/modules/telephony/services/call-processor.service.ts | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/modules/setting/verification.service.ts b/src/modules/setting/verification.service.ts index 3d647ccb..f31ba4dc 100644 --- a/src/modules/setting/verification.service.ts +++ b/src/modules/setting/verification.service.ts @@ -157,7 +157,7 @@ export class VerificationService { throw new BadRequestException('Mobile number must be a string'); } await this.userModel.findByIdAndUpdate( - { _id: objectId }, + objectId, { fullPhoneNumber: updateData.mobile }, { new: true }, ); diff --git a/src/modules/telephony/services/call-processor.service.ts b/src/modules/telephony/services/call-processor.service.ts index 3de4d81f..52a2581b 100644 --- a/src/modules/telephony/services/call-processor.service.ts +++ b/src/modules/telephony/services/call-processor.service.ts @@ -68,12 +68,11 @@ export class CallProcessorService { ); return this.speakAndLog(CallSid, 'User not found', NextAction.HANGUP); } - const services = await this.serviceService.findAllActiveByUserId( - user._id as string, - ); + const userId = user._id.toString(); + const services = await this.serviceService.findAllActiveByUserId(userId); await this.sessionHelper.fillCompanyServices(CallSid, services); - const company = await this.companyService.findByUserId(user._id as string); - const userGreeting = await this.userService.getGreeting(user._id as string); + const company = await this.companyService.findByUserId(userId); + const userGreeting = await this.userService.getGreeting(userId); await this.sessionHelper.fillCompany(CallSid, company, user); const welcome = WelcomeMessageHelper.buildWelcomeMessage( From beaa1e7654fe57abe4acff464a918543926d58bc Mon Sep 17 00:00:00 2001 From: Whiskey-Taste Date: Sun, 21 Dec 2025 23:24:42 +1100 Subject: [PATCH 7/8] fix lint error --- src/modules/auth/auth.controller.ts | 21 +++++--- src/modules/auth/auth.service.ts | 2 +- src/modules/auth/dto/reset-password.dto.ts | 2 +- src/modules/company/schema/company.schema.ts | 2 +- src/modules/health/health.controller.ts | 48 ++++++++++++++----- .../aws-ses-email-verification.service.ts | 4 +- .../services/call-processor.service.ts | 9 ++-- 7 files changed, 60 insertions(+), 28 deletions(-) diff --git a/src/modules/auth/auth.controller.ts b/src/modules/auth/auth.controller.ts index 3ba51b7b..8a012733 100644 --- a/src/modules/auth/auth.controller.ts +++ b/src/modules/auth/auth.controller.ts @@ -16,9 +16,9 @@ import { EUserRole } from '@/common/constants/user.constant'; import { SkipCSRF } from '@/common/decorators/skip-csrf.decorator'; import { AuthService } from '@/modules/auth/auth.service'; import { LoginDto } from '@/modules/auth/dto/login.dto'; +import { ResetPasswordDto } from '@/modules/auth/dto/reset-password.dto'; import { CreateUserDto } from '@/modules/auth/dto/signup.dto'; import { UserResponseDto } from '@/modules/auth/dto/user-response.dto'; -import { ResetPasswordDto } from '@/modules/auth/dto/reset-password.dto'; import { UserStatus } from '@/modules/user/enum/userStatus.enum'; import { generateCSRFToken } from '@/utils/csrf.util'; @@ -216,14 +216,21 @@ export class AuthController { @ApiOperation({ summary: 'Forgot Password', - description: 'Send a password reset link to the user\'s email', + description: "Send a password reset link to the user's email", + }) + @ApiResponse({ + status: 200, + description: 'If that email is registered, a reset link has been sent.', }) - @ApiResponse({ status: 200, description: 'If that email is registered, a reset link has been sent.' }) @Post('forgot-password') @SkipCSRF() - async forgotPassword(@Body('email') email: string): Promise<{ message: string }> { + async forgotPassword( + @Body('email') email: string, + ): Promise<{ message: string }> { await this.authService.forgotPassword(email); - return { message: 'If that email is registered, a reset link has been sent.' }; + return { + message: 'If that email is registered, a reset link has been sent.', + }; } @ApiOperation({ @@ -334,7 +341,9 @@ export class AuthController { @ApiResponse({ status: 400, description: 'Invalid token or password' }) @Post('reset-password') @SkipCSRF() - async resetPassword(@Body() dto: ResetPasswordDto): Promise<{ message: string }> { + async resetPassword( + @Body() dto: ResetPasswordDto, + ): Promise<{ message: string }> { await this.authService.resetPassword(dto); return { message: 'Password reset successful' }; } diff --git a/src/modules/auth/auth.service.ts b/src/modules/auth/auth.service.ts index 51b6869c..9fc1d44a 100644 --- a/src/modules/auth/auth.service.ts +++ b/src/modules/auth/auth.service.ts @@ -1,4 +1,3 @@ -import process from 'process'; import { BadRequestException, ConflictException, @@ -13,6 +12,7 @@ import * as crypto from 'crypto'; import * as fs from 'fs'; import { Model } from 'mongoose'; import * as path from 'path'; +import process from 'process'; import { EUserRole } from '@/common/constants/user.constant'; import { SALT_ROUNDS } from '@/modules/auth/auth.config'; diff --git a/src/modules/auth/dto/reset-password.dto.ts b/src/modules/auth/dto/reset-password.dto.ts index efd4faf7..4acf2d49 100644 --- a/src/modules/auth/dto/reset-password.dto.ts +++ b/src/modules/auth/dto/reset-password.dto.ts @@ -15,4 +15,4 @@ export class ResetPasswordDto { @IsString() @MinLength(6) confirmPassword!: string; -} \ No newline at end of file +} diff --git a/src/modules/company/schema/company.schema.ts b/src/modules/company/schema/company.schema.ts index 37e5e9e1..c05a67dc 100644 --- a/src/modules/company/schema/company.schema.ts +++ b/src/modules/company/schema/company.schema.ts @@ -15,7 +15,7 @@ export class Company { user!: User; @Prop() calendar_access_token?: string; - + _id!: Types.ObjectId; } diff --git a/src/modules/health/health.controller.ts b/src/modules/health/health.controller.ts index 3c211b27..60fe641f 100644 --- a/src/modules/health/health.controller.ts +++ b/src/modules/health/health.controller.ts @@ -18,9 +18,13 @@ export class HealthController { @ApiOperation({ summary: 'API Health Status', - description: 'Endpoint for monitoring service availability and operational status. Returns service metadata, current environment, and timestamp information.', + description: + 'Endpoint for monitoring service availability and operational status. Returns service metadata, current environment, and timestamp information.', + }) + @ApiResponse({ + status: 200, + description: 'Service is operational and healthy', }) - @ApiResponse({ status: 200, description: 'Service is operational and healthy' }) @Get() check(): { status: string; @@ -33,10 +37,17 @@ export class HealthController { @ApiOperation({ summary: 'Database Connectivity Status', - description: 'Validates database connectivity and health. Returns connection status for MongoDB and Redis instances.', + description: + 'Validates database connectivity and health. Returns connection status for MongoDB and Redis instances.', + }) + @ApiResponse({ + status: 200, + description: 'All database connections are healthy', + }) + @ApiResponse({ + status: 503, + description: 'One or more database connections have failed', }) - @ApiResponse({ status: 200, description: 'All database connections are healthy' }) - @ApiResponse({ status: 503, description: 'One or more database connections have failed' }) @Get('db') checkDatabase(): { status: string; @@ -49,7 +60,8 @@ export class HealthController { @ApiOperation({ summary: 'AI Service Chat Integration Test', - description: 'Validates AI service connectivity by sending a test message and measuring response time. Used for integration testing and monitoring.', + description: + 'Validates AI service connectivity by sending a test message and measuring response time. Used for integration testing and monitoring.', }) @ApiBody({ schema: { @@ -96,9 +108,13 @@ export class HealthController { @ApiOperation({ summary: 'MCP Service Health Probe', - description: 'Performs a health check against the MCP (Model Context Protocol) server. Returns connectivity status and response latency.', + description: + 'Performs a health check against the MCP (Model Context Protocol) server. Returns connectivity status and response latency.', + }) + @ApiResponse({ + status: 200, + description: 'MCP service is responding normally', }) - @ApiResponse({ status: 200, description: 'MCP service is responding normally' }) @Get('mcp_ping') mcpPing(): Promise<{ status: string; @@ -112,9 +128,13 @@ export class HealthController { @ApiOperation({ summary: 'AI Service Health Probe', - description: 'Performs a health check against the AI service backend. Returns connectivity status and response latency metrics.', + description: + 'Performs a health check against the AI service backend. Returns connectivity status and response latency metrics.', + }) + @ApiResponse({ + status: 200, + description: 'AI service is responding normally', }) - @ApiResponse({ status: 200, description: 'AI service is responding normally' }) @Get('pingAI') ping(): Promise<{ status: string; @@ -128,9 +148,13 @@ export class HealthController { @ApiOperation({ summary: 'Authentication Error Simulation', - description: 'Test endpoint that simulates an unauthorized access scenario. Used for testing error handling and authentication flows.', + description: + 'Test endpoint that simulates an unauthorized access scenario. Used for testing error handling and authentication flows.', + }) + @ApiResponse({ + status: 401, + description: 'Returns authentication failure response', }) - @ApiResponse({ status: 401, description: 'Returns authentication failure response' }) @Get('unauthorized') unauthorized(): never { throw new UnauthorizedException('JWT token is invalid or expired'); diff --git a/src/modules/setting/aws-ses-email-verification.service.ts b/src/modules/setting/aws-ses-email-verification.service.ts index 7df041ba..e9f8be70 100644 --- a/src/modules/setting/aws-ses-email-verification.service.ts +++ b/src/modules/setting/aws-ses-email-verification.service.ts @@ -9,9 +9,7 @@ import { import { IEmailVerificationService } from './interfaces/email-verification.interface.js'; @Injectable() -export class AwsSesEmailVerificationService - implements IEmailVerificationService -{ +export class AwsSesEmailVerificationService implements IEmailVerificationService { private readonly logger = new Logger(AwsSesEmailVerificationService.name); private readonly sesClient: SESv2Client; private readonly region: string; diff --git a/src/modules/telephony/services/call-processor.service.ts b/src/modules/telephony/services/call-processor.service.ts index 52a2581b..3de4d81f 100644 --- a/src/modules/telephony/services/call-processor.service.ts +++ b/src/modules/telephony/services/call-processor.service.ts @@ -68,11 +68,12 @@ export class CallProcessorService { ); return this.speakAndLog(CallSid, 'User not found', NextAction.HANGUP); } - const userId = user._id.toString(); - const services = await this.serviceService.findAllActiveByUserId(userId); + const services = await this.serviceService.findAllActiveByUserId( + user._id as string, + ); await this.sessionHelper.fillCompanyServices(CallSid, services); - const company = await this.companyService.findByUserId(userId); - const userGreeting = await this.userService.getGreeting(userId); + const company = await this.companyService.findByUserId(user._id as string); + const userGreeting = await this.userService.getGreeting(user._id as string); await this.sessionHelper.fillCompany(CallSid, company, user); const welcome = WelcomeMessageHelper.buildWelcomeMessage( From a37524fde91441803a40fa267d5b134ff4ce1e4e Mon Sep 17 00:00:00 2001 From: Whiskey-Taste Date: Tue, 23 Dec 2025 22:47:19 +1100 Subject: [PATCH 8/8] Fix lint error --- src/modules/auth/auth.controller.ts | 23 +- src/modules/auth/auth.service.ts | 4 +- .../auth/strategies/google.strategy.ts | 2 +- src/modules/company/dto/create-company.dto.ts | 2 +- src/modules/database/database.module.ts | 2 +- .../calendar-token.controller.ts | 2 +- .../google-calendar/calendar-token.service.ts | 2 +- .../schema/calendar-token.schema.ts | 2 +- .../mcp-calendar-integration.service.ts | 2 +- src/modules/setting/setting.service.ts | 2 +- src/modules/setting/verification.service.ts | 563 +----------------- src/modules/user/schema/user.schema.ts | 2 +- 12 files changed, 51 insertions(+), 557 deletions(-) diff --git a/src/modules/auth/auth.controller.ts b/src/modules/auth/auth.controller.ts index 8a012733..4db64617 100644 --- a/src/modules/auth/auth.controller.ts +++ b/src/modules/auth/auth.controller.ts @@ -16,9 +16,9 @@ import { EUserRole } from '@/common/constants/user.constant'; import { SkipCSRF } from '@/common/decorators/skip-csrf.decorator'; import { AuthService } from '@/modules/auth/auth.service'; import { LoginDto } from '@/modules/auth/dto/login.dto'; -import { ResetPasswordDto } from '@/modules/auth/dto/reset-password.dto'; import { CreateUserDto } from '@/modules/auth/dto/signup.dto'; import { UserResponseDto } from '@/modules/auth/dto/user-response.dto'; +import { ResetPasswordDto } from '@/modules/auth/dto/reset-password.dto'; import { UserStatus } from '@/modules/user/enum/userStatus.enum'; import { generateCSRFToken } from '@/utils/csrf.util'; @@ -216,21 +216,14 @@ export class AuthController { @ApiOperation({ summary: 'Forgot Password', - description: "Send a password reset link to the user's email", - }) - @ApiResponse({ - status: 200, - description: 'If that email is registered, a reset link has been sent.', + description: 'Send a password reset link to the user\'s email', }) + @ApiResponse({ status: 200, description: 'If that email is registered, a reset link has been sent.' }) @Post('forgot-password') @SkipCSRF() - async forgotPassword( - @Body('email') email: string, - ): Promise<{ message: string }> { + async forgotPassword(@Body('email') email: string): Promise<{ message: string }> { await this.authService.forgotPassword(email); - return { - message: 'If that email is registered, a reset link has been sent.', - }; + return { message: 'If that email is registered, a reset link has been sent.' }; } @ApiOperation({ @@ -341,10 +334,8 @@ export class AuthController { @ApiResponse({ status: 400, description: 'Invalid token or password' }) @Post('reset-password') @SkipCSRF() - async resetPassword( - @Body() dto: ResetPasswordDto, - ): Promise<{ message: string }> { + async resetPassword(@Body() dto: ResetPasswordDto): Promise<{ message: string }> { await this.authService.resetPassword(dto); return { message: 'Password reset successful' }; } -} +} \ No newline at end of file diff --git a/src/modules/auth/auth.service.ts b/src/modules/auth/auth.service.ts index 9fc1d44a..da6be33b 100644 --- a/src/modules/auth/auth.service.ts +++ b/src/modules/auth/auth.service.ts @@ -1,3 +1,4 @@ +import process from 'process'; import { BadRequestException, ConflictException, @@ -12,7 +13,6 @@ import * as crypto from 'crypto'; import * as fs from 'fs'; import { Model } from 'mongoose'; import * as path from 'path'; -import process from 'process'; import { EUserRole } from '@/common/constants/user.constant'; import { SALT_ROUNDS } from '@/modules/auth/auth.config'; @@ -172,4 +172,4 @@ export class AuthService { user.resetPasswordExpires = undefined; await user.save(); } -} +} \ No newline at end of file diff --git a/src/modules/auth/strategies/google.strategy.ts b/src/modules/auth/strategies/google.strategy.ts index 5d76ec99..9f67d8c6 100644 --- a/src/modules/auth/strategies/google.strategy.ts +++ b/src/modules/auth/strategies/google.strategy.ts @@ -81,4 +81,4 @@ export class GoogleStrategy extends PassportStrategy(Strategy, 'google') { done(new UnauthorizedException('Google authentication failed'), false); } } -} +} \ No newline at end of file diff --git a/src/modules/company/dto/create-company.dto.ts b/src/modules/company/dto/create-company.dto.ts index 098d4c0d..ec2aeb56 100644 --- a/src/modules/company/dto/create-company.dto.ts +++ b/src/modules/company/dto/create-company.dto.ts @@ -42,4 +42,4 @@ export class CreateCompanyDto { @IsString({ message: 'User ID must be a string' }) @IsNotEmpty({ message: 'User ID cannot be empty' }) user!: string; -} +} \ No newline at end of file diff --git a/src/modules/database/database.module.ts b/src/modules/database/database.module.ts index c874325c..748dfde9 100644 --- a/src/modules/database/database.module.ts +++ b/src/modules/database/database.module.ts @@ -27,4 +27,4 @@ import { MongooseModule } from '@nestjs/mongoose'; }), ], }) -export class DatabaseModule {} +export class DatabaseModule {} \ No newline at end of file diff --git a/src/modules/google-calendar/calendar-token.controller.ts b/src/modules/google-calendar/calendar-token.controller.ts index ff223f1e..67e1af7f 100644 --- a/src/modules/google-calendar/calendar-token.controller.ts +++ b/src/modules/google-calendar/calendar-token.controller.ts @@ -75,4 +75,4 @@ export class CalendarTokenController { await this.calendarTokenService.isTokenExpiringSoon(userId); return { isExpiringSoon: isExpiring }; } -} +} \ No newline at end of file diff --git a/src/modules/google-calendar/calendar-token.service.ts b/src/modules/google-calendar/calendar-token.service.ts index 3e8ab77d..0c189211 100644 --- a/src/modules/google-calendar/calendar-token.service.ts +++ b/src/modules/google-calendar/calendar-token.service.ts @@ -255,4 +255,4 @@ export class CalendarTokenService { return timeUntilExpiry < fifteenMinutesInMs; } -} +} \ No newline at end of file diff --git a/src/modules/google-calendar/schema/calendar-token.schema.ts b/src/modules/google-calendar/schema/calendar-token.schema.ts index 0377a1ab..6c3f4162 100644 --- a/src/modules/google-calendar/schema/calendar-token.schema.ts +++ b/src/modules/google-calendar/schema/calendar-token.schema.ts @@ -53,4 +53,4 @@ CalendarTokenSchema.index({ userId: 1 }); CalendarTokenSchema.index({ expiresAt: 1 }); CalendarTokenSchema.index({ provider: 1 }); // Ensure each user has only one active token (provider-agnostic, currently Google only) -CalendarTokenSchema.index({ userId: 1, isActive: 1 }, { unique: true }); +CalendarTokenSchema.index({ userId: 1, isActive: 1 }, { unique: true }); \ No newline at end of file diff --git a/src/modules/google-calendar/services/mcp-calendar-integration.service.ts b/src/modules/google-calendar/services/mcp-calendar-integration.service.ts index 2f2cc1b5..02f2644c 100644 --- a/src/modules/google-calendar/services/mcp-calendar-integration.service.ts +++ b/src/modules/google-calendar/services/mcp-calendar-integration.service.ts @@ -329,4 +329,4 @@ Service: ${callData.serviceType} const end = new Date(start.getTime() + durationMinutes * 60 * 1000); return end.toISOString(); } -} +} \ No newline at end of file diff --git a/src/modules/setting/setting.service.ts b/src/modules/setting/setting.service.ts index f6949319..23422f21 100644 --- a/src/modules/setting/setting.service.ts +++ b/src/modules/setting/setting.service.ts @@ -422,4 +422,4 @@ export class SettingService { return false; } } -} +} \ No newline at end of file diff --git a/src/modules/setting/verification.service.ts b/src/modules/setting/verification.service.ts index f31ba4dc..1f1310a1 100644 --- a/src/modules/setting/verification.service.ts +++ b/src/modules/setting/verification.service.ts @@ -1,40 +1,13 @@ -import { - BadRequestException, - Inject, - Injectable, - InternalServerErrorException, - Logger, - NotFoundException, -} from '@nestjs/common'; -import { ConfigService } from '@nestjs/config'; +import { Injectable, NotFoundException } from '@nestjs/common'; import { InjectModel } from '@nestjs/mongoose'; -import { isEmail } from 'class-validator'; -import { Model, Types, UpdateQuery } from 'mongoose'; +import { Model, Types } from 'mongoose'; import { Verification, VerificationDocument, - VerificationType, } from '@/modules/setting/schema/verification.schema'; import { User, UserDocument } from '@/modules/user/schema/user.schema'; -import { normalizePhoneNumber } from './helpers/phone-number.util.js'; -import { - generateNumericCode, - hashVerificationCode, - verifyVerificationCode, -} from './helpers/verification-code.util.js'; -import type { IEmailVerificationService } from './interfaces/email-verification.interface.js'; -import type { ISmsVerificationService } from './interfaces/sms-verification.interface.js'; - -const DEFAULT_EMAIL_CODE_TTL_SECONDS = 10 * 60; // 10 minutes -const DEFAULT_EMAIL_RESEND_SECONDS = 60; // 1 minute -const DEFAULT_EMAIL_MAX_ATTEMPTS = 5; - -const DEFAULT_SMS_CODE_TTL_SECONDS = 10 * 60; // 10 minutes -const DEFAULT_SMS_RESEND_SECONDS = 60; // 1 minute -const DEFAULT_SMS_MAX_ATTEMPTS = 5; - export interface UpdateVerificationDto { type: 'SMS' | 'Email' | 'Both'; mobile?: string; @@ -44,96 +17,26 @@ export interface UpdateVerificationDto { emailVerified?: boolean; } -// Only allow primitive values for listed keys, ignore all others -function sanitizeVerificationUpdate( - input: Record, -): Partial { - const allowedKeys = [ - 'type', - 'mobile', - 'email', - 'mobileVerified', - 'emailVerified', - 'marketingPromotions', - ]; - const output: Record = {}; - for (const key of allowedKeys) { - if (Object.prototype.hasOwnProperty.call(input, key)) { - const value = input[key]; - if ( - value === null || - value === undefined || - typeof value === 'string' || - typeof value === 'boolean' || - typeof value === 'number' - ) { - output[key] = value; - } - } - } - return output as Partial; -} - @Injectable() export class VerificationService { - private readonly logger = new Logger(VerificationService.name); - private readonly emailCodeTtlMs: number; - private readonly emailResendDelayMs: number; - private readonly emailMaxAttempts: number; - private readonly smsCodeTtlMs: number; - private readonly smsResendDelayMs: number; - private readonly smsMaxAttempts: number; - constructor( @InjectModel(Verification.name) - private readonly verificationModel: Model, + private verificationModel: Model, @InjectModel(User.name) - private readonly userModel: Model, - @Inject('IEmailVerificationService') - private readonly emailVerificationService: IEmailVerificationService, - @Inject('ISmsVerificationService') - private readonly smsVerificationService: ISmsVerificationService, - private readonly configService: ConfigService, - ) { - this.emailCodeTtlMs = this.resolveDurationMs( - 'VERIFICATION_EMAIL_TTL_SECONDS', - DEFAULT_EMAIL_CODE_TTL_SECONDS, - ); - this.emailResendDelayMs = this.resolveDurationMs( - 'VERIFICATION_EMAIL_RESEND_SECONDS', - DEFAULT_EMAIL_RESEND_SECONDS, - ); - this.emailMaxAttempts = this.resolvePositiveInt( - 'VERIFICATION_EMAIL_MAX_ATTEMPTS', - DEFAULT_EMAIL_MAX_ATTEMPTS, - ); - this.smsCodeTtlMs = this.resolveDurationMs( - 'VERIFICATION_SMS_TTL_SECONDS', - DEFAULT_SMS_CODE_TTL_SECONDS, - ); - this.smsResendDelayMs = this.resolveDurationMs( - 'VERIFICATION_SMS_RESEND_SECONDS', - DEFAULT_SMS_RESEND_SECONDS, - ); - this.smsMaxAttempts = this.resolvePositiveInt( - 'VERIFICATION_SMS_MAX_ATTEMPTS', - DEFAULT_SMS_MAX_ATTEMPTS, - ); - } + private userModel: Model, + ) {} async getVerification(userId: string): Promise { - const objectId = this.parseUserId(userId); - const verification = await this.verificationModel - .findOne({ userId: objectId }) + .findOne({ userId: new Types.ObjectId(userId) }) .exec(); - + // If no verification record exists, return default with User data if (!verification) { - const user = await this.userModel.findById(objectId).exec(); + const user = await this.userModel.findById(userId).exec(); if (user) { return { - userId: objectId, - type: VerificationType.BOTH, + userId: new Types.ObjectId(userId), + type: 'Both', mobile: user.fullPhoneNumber || '', email: user.email || '', mobileVerified: false, @@ -142,7 +45,6 @@ export class VerificationService { } as Verification; } } - return verification; } @@ -150,454 +52,55 @@ export class VerificationService { userId: string, updateData: UpdateVerificationDto, ): Promise { - const objectId = this.parseUserId(userId); - + // If mobile number is being updated, also update User model if (updateData.mobile !== undefined) { - if (typeof updateData.mobile !== 'string') { - throw new BadRequestException('Mobile number must be a string'); - } await this.userModel.findByIdAndUpdate( - objectId, + userId, { fullPhoneNumber: updateData.mobile }, { new: true }, ); } - const safeUpdate = sanitizeVerificationUpdate( - updateData as unknown as Record, - ); - const verification = await this.verificationModel - .findOneAndUpdate({ userId: objectId }, safeUpdate, { - new: true, - upsert: true, - setDefaultsOnInsert: true, - }) + .findOneAndUpdate( + { userId: new Types.ObjectId(userId) }, + { ...updateData }, + { new: true, upsert: true }, + ) .exec(); return verification; } - async sendEmailVerification( - userId: string, - email: string, - ): Promise<{ success: boolean; message?: string }> { - const objectId = this.parseUserId(userId); - const normalizedEmail = this.normalizeEmail(email); - - const existing = await this.verificationModel - .findOne({ userId: objectId }) - .lean(); - - const now = new Date(); - - if (existing?.emailCode?.nextSendAllowedAt) { - const nextAllowed = new Date(existing.emailCode.nextSendAllowedAt); - if (nextAllowed > now) { - const seconds = this.secondsRemaining(nextAllowed, now); - throw new BadRequestException( - `Verification code already sent. Please wait ${String(seconds)} second(s) before requesting a new code.`, - ); - } - } - - const code = generateNumericCode(); - - // Get user info for personalized email - const user = await this.userModel.findById(objectId).exec(); - - try { - await this.emailVerificationService.sendVerificationCode( - normalizedEmail, - code, - user?.firstName, - ); - } catch (error) { - this.logger.error( - `Unable to send verification email to ${normalizedEmail}`, - error instanceof Error ? error.stack : undefined, - ); - throw new InternalServerErrorException( - 'Unable to send verification email. Please try again later.', - ); - } - - const codeHash = await hashVerificationCode(code); - const expiresAt = new Date(now.getTime() + this.emailCodeTtlMs); - const nextSendAllowedAt = new Date(now.getTime() + this.emailResendDelayMs); - - const update: UpdateQuery = { - $set: { - email: normalizedEmail, - emailVerified: false, - emailCode: { - codeHash, - expiresAt, - attemptCount: 0, - sentAt: now, - nextSendAllowedAt, - }, - }, - }; - - if (!existing) { - update.$setOnInsert = { - type: VerificationType.BOTH, - } as Partial; - } - - await this.verificationModel - .findOneAndUpdate({ userId: objectId }, update, { - new: true, - upsert: true, - setDefaultsOnInsert: true, - }) - .exec(); - - return { - success: true, - message: 'Verification email sent successfully.', - }; - } - - async verifyEmail( - userId: string, - email: string, - code: string, - ): Promise { - const objectId = this.parseUserId(userId); - const normalizedEmail = this.normalizeEmail(email); - const sanitizedCode = this.normalizeCode(code); - + async verifyMobile(userId: string, _mobile: string): Promise { const verification = await this.verificationModel - .findOne({ userId: objectId }) - .exec(); - - if (!verification || !verification.emailCode) { - throw new NotFoundException( - 'No verification request found for this user.', - ); - } - - if ( - verification.email && - verification.email.toLowerCase() !== normalizedEmail.toLowerCase() - ) { - throw new BadRequestException( - 'Email address does not match the pending verification request.', - ); - } - - const { emailCode } = verification; - - if (emailCode.expiresAt && emailCode.expiresAt.getTime() < Date.now()) { - throw new BadRequestException('Verification code has expired.'); - } - - if (emailCode.attemptCount >= this.emailMaxAttempts) { - throw new BadRequestException( - 'Maximum verification attempts exceeded. Please request a new code.', - ); - } - - const isValid = await verifyVerificationCode( - sanitizedCode, - emailCode.codeHash ?? '', - ); - - if (!isValid) { - const nextAttemptCount = emailCode.attemptCount + 1; - await this.verificationModel - .updateOne( - { userId: objectId }, - { $inc: { 'emailCode.attemptCount': 1 } }, - ) - .exec(); - - const remaining = Math.max(this.emailMaxAttempts - nextAttemptCount, 0); - const message = - remaining > 0 - ? `Invalid verification code. ${String(remaining)} attempt(s) remaining.` - : 'Invalid verification code. Maximum attempts exceeded.'; - throw new BadRequestException(message); - } - - await this.verificationModel - .updateOne( - { userId: objectId }, - { - $set: { - emailVerified: true, - email: normalizedEmail, - }, - $unset: { - emailCode: '', - }, - }, + .findOneAndUpdate( + { userId: new Types.ObjectId(userId) }, + { mobileVerified: true }, + { new: true }, ) .exec(); - await this.userModel - .findByIdAndUpdate(objectId, { email: normalizedEmail }, { new: true }) - .exec(); - - const updatedVerification = await this.verificationModel - .findOne({ userId: objectId }) - .exec(); - - if (!updatedVerification) { - throw new InternalServerErrorException( - 'Verification record missing after email confirmation.', - ); - } - - return updatedVerification; - } - - async sendSmsVerification( - userId: string, - mobile: string, - ): Promise<{ success: boolean; message?: string }> { - const objectId = this.parseUserId(userId); - const normalizedMobile = normalizePhoneNumber(mobile); - - const existing = await this.verificationModel - .findOne({ userId: objectId }) - .lean(); - - const now = new Date(); - - if (existing?.mobileCode?.nextSendAllowedAt) { - const nextAllowed = new Date(existing.mobileCode.nextSendAllowedAt); - if (nextAllowed > now) { - const seconds = this.secondsRemaining(nextAllowed, now); - throw new BadRequestException( - `Verification code already sent. Please wait ${String(seconds)} second(s) before requesting a new code.`, - ); - } - } - - const code = generateNumericCode(); - - try { - await this.smsVerificationService.sendVerificationCode( - normalizedMobile, - code, - ); - } catch (error) { - this.logger.error( - `Unable to send verification SMS to ${normalizedMobile}`, - error instanceof Error ? error.stack : undefined, - ); - throw new InternalServerErrorException( - 'Unable to send verification SMS. Please try again later.', - ); - } - - const codeHash = await hashVerificationCode(code); - const expiresAt = new Date(now.getTime() + this.smsCodeTtlMs); - const nextSendAllowedAt = new Date(now.getTime() + this.smsResendDelayMs); - - const update: UpdateQuery = { - $set: { - mobile: normalizedMobile, - mobileVerified: false, - mobileCode: { - codeHash, - expiresAt, - attemptCount: 0, - sentAt: now, - nextSendAllowedAt, - }, - }, - }; - - if (!existing) { - update.$setOnInsert = { - type: VerificationType.BOTH, - } as Partial; + if (!verification) { + throw new NotFoundException('Verification record not found'); } - await this.verificationModel - .findOneAndUpdate({ userId: objectId }, update, { - new: true, - upsert: true, - setDefaultsOnInsert: true, - }) - .exec(); - - return { - success: true, - message: 'Verification SMS sent successfully.', - }; + return verification; } - async verifySms( - userId: string, - mobile: string, - code: string, - ): Promise { - const objectId = this.parseUserId(userId); - const normalizedMobile = normalizePhoneNumber(mobile); - const sanitizedCode = this.normalizeCode(code); - + async verifyEmail(userId: string, _email: string): Promise { const verification = await this.verificationModel - .findOne({ userId: objectId }) - .exec(); - - if (!verification || !verification.mobileCode) { - throw new NotFoundException( - 'No verification request found for this user.', - ); - } - - if (verification.mobile && verification.mobile !== normalizedMobile) { - throw new BadRequestException( - 'Mobile number does not match the pending verification request.', - ); - } - - const { mobileCode } = verification; - - if (mobileCode.expiresAt && mobileCode.expiresAt.getTime() < Date.now()) { - throw new BadRequestException('Verification code has expired.'); - } - - if (mobileCode.attemptCount >= this.smsMaxAttempts) { - throw new BadRequestException( - 'Maximum verification attempts exceeded. Please request a new code.', - ); - } - - const isValid = await verifyVerificationCode( - sanitizedCode, - mobileCode.codeHash ?? '', - ); - - if (!isValid) { - const nextAttemptCount = mobileCode.attemptCount + 1; - await this.verificationModel - .updateOne( - { userId: objectId }, - { $inc: { 'mobileCode.attemptCount': 1 } }, - ) - .exec(); - - const remaining = Math.max(this.smsMaxAttempts - nextAttemptCount, 0); - const message = - remaining > 0 - ? `Invalid verification code. ${String(remaining)} attempt(s) remaining.` - : 'Invalid verification code. Maximum attempts exceeded.'; - throw new BadRequestException(message); - } - - await this.verificationModel - .updateOne( - { userId: objectId }, - { - $set: { - mobileVerified: true, - mobile: normalizedMobile, - }, - $unset: { - mobileCode: '', - }, - }, - ) - .exec(); - - await this.userModel - .findByIdAndUpdate( - objectId, - { fullPhoneNumber: normalizedMobile }, + .findOneAndUpdate( + { userId: new Types.ObjectId(userId) }, + { emailVerified: true }, { new: true }, ) .exec(); - const updatedVerification = await this.verificationModel - .findOne({ userId: objectId }) - .exec(); - - if (!updatedVerification) { - throw new InternalServerErrorException( - 'Verification record missing after SMS confirmation.', - ); - } - - return updatedVerification; - } - - private resolveDurationMs(key: string, fallbackSeconds: number): number { - const raw = this.configService.get(key); - if (raw === undefined || (typeof raw === 'string' && raw === '')) { - return fallbackSeconds * 1000; - } - - const numeric = Number(raw); - if (Number.isNaN(numeric) || numeric <= 0) { - this.logger.warn( - `Invalid value for ${key}: ${String(raw)}. Falling back to ${String(fallbackSeconds)} seconds.`, - ); - return fallbackSeconds * 1000; - } - - return numeric * 1000; - } - - private resolvePositiveInt(key: string, fallback: number): number { - const raw = this.configService.get(key); - if (raw === undefined || (typeof raw === 'string' && raw === '')) { - return fallback; - } - - const numeric = Number(raw); - if (!Number.isInteger(numeric) || numeric <= 0) { - this.logger.warn( - `Invalid value for ${key}: ${String(raw)}. Falling back to ${String(fallback)}.`, - ); - return fallback; - } - - return numeric; - } - - private parseUserId(userId: string): Types.ObjectId { - try { - return new Types.ObjectId(userId); - } catch { - throw new BadRequestException('Invalid user id.'); - } - } - - private normalizeEmail(email: string): string { - if (typeof email !== 'string') { - throw new BadRequestException('Email address is required.'); - } - - const normalized = email.trim().toLowerCase(); - if (!isEmail(normalized)) { - throw new BadRequestException('Invalid email address format.'); - } - - return normalized; - } - - private normalizeCode(code: string): string { - if (typeof code !== 'string') { - throw new BadRequestException('Verification code is required.'); - } - - const trimmed = code.trim(); - if (!/^[0-9]{4,10}$/.test(trimmed)) { - throw new BadRequestException( - 'Verification code must be a numeric value.', - ); + if (!verification) { + throw new NotFoundException('Verification record not found'); } - return trimmed; - } - - private secondsRemaining(target: Date, now: Date): number { - return Math.max(Math.ceil((target.getTime() - now.getTime()) / 1000), 0); + return verification; } -} +} \ No newline at end of file diff --git a/src/modules/user/schema/user.schema.ts b/src/modules/user/schema/user.schema.ts index 62fa18ea..251c4620 100644 --- a/src/modules/user/schema/user.schema.ts +++ b/src/modules/user/schema/user.schema.ts @@ -110,4 +110,4 @@ export class User extends Document { export type UserDocument = User & Document; export const userSchema = SchemaFactory.createForClass(User); -export { UserStatus }; +export { UserStatus }; \ No newline at end of file