File size: 3,589 Bytes
b185a6d
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
eefe94f
b185a6d
eefe94f
 
 
 
b185a6d
 
eefe94f
7a5560e
eefe94f
 
b185a6d
eefe94f
b185a6d
eefe94f
7a5560e
eefe94f
 
b185a6d
eefe94f
b185a6d
eefe94f
 
 
 
b185a6d
ad26941
b185a6d
ad26941
 
 
 
b185a6d
7a5560e
b185a6d
7a5560e
b185a6d
 
eefe94f
 
 
 
 
b185a6d
7a5560e
 
b185a6d
 
 
 
345d455
eefe94f
 
 
b185a6d
7a5560e
b185a6d
7a5560e
b185a6d
 
eefe94f
 
 
b185a6d
7a5560e
b185a6d
7a5560e
b185a6d
 
eefe94f
 
 
b185a6d
7a5560e
 
b185a6d
345d455
 
eefe94f
 
b185a6d
7a5560e
b185a6d
7a5560e
b185a6d
eefe94f
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import {
  Controller,
  Get,
  Post,
  Body,
  Param,
  Query,
  Put,
  Delete,
  HttpCode,
  UseGuards,
  Req,
  ForbiddenException,
} from "@nestjs/common";
import { UsersService } from "./users.service";
import { ApiTags, ApiOperation, ApiBearerAuth } from "@nestjs/swagger";
import { JwtAuthGuard } from "../auth/jwt-auth.guard";
import { RolesGuard } from "../auth/roles.guard";
import { Roles } from "../auth/roles.decorator";
import { RegisterDto } from "./dto/register.dto";
import { LoginDto } from "./dto/login.dto";
import { GoogleLoginDto } from "./dto/google-login.dto";
import { SupabaseLoginDto } from "./dto/supabase-login.dto";
import { UpdateUserDto } from "./dto/update-user.dto";
import { CreateFeedbackDto } from "./dto/create-feedback.dto";

@ApiTags("Authentication & User Management")
@Controller()
export class UsersController {
  constructor(private usersService: UsersService) {}

  @Post("auth/register")
  @ApiOperation({ summary: "Register a new student account" })
  async register(@Body() dto: RegisterDto) {
    return this.usersService.register(dto.email, dto.name, dto.password);
  }

  @Post("auth/login")
  @HttpCode(200)
  @ApiOperation({ summary: "Login student account" })
  async login(@Body() dto: LoginDto) {
    return this.usersService.login(dto.email, dto.password);
  }

  @Post("auth/google")
  @HttpCode(200)
  @ApiOperation({ summary: "Authenticate with Google ID Token" })
  async googleLogin(@Body() dto: GoogleLoginDto) {
    return this.usersService.googleLogin(dto.idToken);
  }

  @Post("auth/supabase")
  @HttpCode(200)
  @ApiOperation({ summary: "Authenticate with Supabase JWT Token" })
  async supabaseLogin(@Body() dto: SupabaseLoginDto) {
    return this.usersService.supabaseLogin(dto.token);
  }

  @Get("users")
  @UseGuards(JwtAuthGuard, RolesGuard)
  @Roles("admin")
  @ApiBearerAuth()
  @ApiOperation({ summary: "List all users (Admin)" })
  async getUsers(@Query("take") take?: string, @Query("skip") skip?: string) {
    const limit = take ? parseInt(take, 10) : 50;
    const offset = skip ? parseInt(skip, 10) : 0;
    return this.usersService.findAll(limit, offset);
  }

  @Get("users/:id")
  @UseGuards(JwtAuthGuard)
  @ApiBearerAuth()
  @ApiOperation({ summary: "Get details of a single user" })
  async getUserById(@Param("id") id: string, @Req() req: any) {
    if (req.user.role !== "admin" && req.user.id !== id) {
      throw new ForbiddenException("You can only access your own user profile");
    }
    return this.usersService.findById(id);
  }

  @Put("users/:id")
  @UseGuards(JwtAuthGuard, RolesGuard)
  @Roles("admin")
  @ApiBearerAuth()
  @ApiOperation({ summary: "Update a user (Admin)" })
  async updateUser(@Param("id") id: string, @Body() dto: UpdateUserDto) {
    return this.usersService.update(id, dto.name, dto.email, dto.streak);
  }

  @Delete("users/:id")
  @UseGuards(JwtAuthGuard, RolesGuard)
  @Roles("admin")
  @ApiBearerAuth()
  @ApiOperation({ summary: "Delete a user (Admin)" })
  async deleteUser(@Param("id") id: string) {
    return this.usersService.remove(id);
  }

  @Post("feedbacks")
  @UseGuards(JwtAuthGuard)
  @ApiBearerAuth()
  @ApiOperation({ summary: "Submit feedback (Student)" })
  async createFeedback(@Body() dto: CreateFeedbackDto, @Req() req: any) {
    return this.usersService.createFeedback(req.user.id, dto.content);
  }

  @Get("feedbacks")
  @UseGuards(JwtAuthGuard, RolesGuard)
  @Roles("admin")
  @ApiBearerAuth()
  @ApiOperation({ summary: "List all feedbacks (Admin)" })
  async getFeedbacks() {
    return this.usersService.findAllFeedbacks();
  }
}