@hed-hog/core 0.0.85 → 0.0.87

package/src/challenge/challenge.service.ts

@@ -28,12 +28,18 @@ export class ChallengeService {
         user_id: userId,
         type: 'email',
         value: email,
+        verified_at: null,
       },
       select: { id: true }
     });
 
+    if (!identifier) {
+      throw new NotFoundException(getLocaleText('identifierNotFound', locale, 'Email identifier not found or already verified.'));
+    }
+
     const settings = await this.setting.getSettingValues([
-      'mfa-email-code-length'
+      'mfa-email-code-length',
+      'mfa-challenge-expiration-minutes'
     ]);
 
     const user = await this.prisma.user.findUnique({
@@ -53,15 +59,15 @@ export class ChallengeService {
 
     console.log({
       hash: codeHash,
-      expires_at: new Date(Date.now() + 15 * 60000),
-      user_identifier_id: identifier?.id ?? null,
+      expires_at: new Date(Date.now() + (settings['mfa-challenge-expiration-minutes'] || 15) * 60000),
+      user_identifier_id: identifier.id,
     })
 
     const challenge = await this.prisma.user_identifier_challenge.create({
       data: {
         hash: codeHash,
-        expires_at: new Date(Date.now() + 15 * 60000),
-        user_identifier_id: identifier?.id ?? null,
+        expires_at: new Date(Date.now() + (settings['mfa-challenge-expiration-minutes'] || 15) * 60000),
+        user_identifier_id: identifier.id,
       },
       select: {
         id: true,

package/src/install/install.service.ts

@@ -208,6 +208,7 @@ export class InstallService {
             some: {
               type: 'email',
               value: email,
+              enabled: true
             }
           }
         }
@@ -228,6 +229,7 @@ export class InstallService {
             create: {
               type: 'email',
               value: email,
+              enabled: true,
             }
           },
           user_credential: {

package/src/oauth/oauth.service.ts

@@ -128,6 +128,7 @@ export class OAuthService {
         where: {
           type: 'email',
           value: profile.email,
+          enabled: true
         },
         include: { user: true },
       });
@@ -189,6 +190,7 @@ export class OAuthService {
             type: 'email',
             value: profile.email,
             verified_at: new Date(),
+            enabled: true
           },
         },
         user_account: {

package/src/profile/profile.service.ts

@@ -45,11 +45,34 @@ export class ProfileService {
 
   async changeEmail(locale: string, userId: number, { email, password, pin }: ChangeEmailDto) {
 
+    const checkAlreadyExists = await this.prisma.user_identifier.findFirst({
+        where: { type: 'email', value: email, enabled: true},
+    });
+
+    if (checkAlreadyExists) {
+      throw new BadRequestException(getLocaleText('emailAlreadyInUse', locale, 'The provided email is already in use.'));
+    }
+
     const settings = await this.setting.getSettingValues([
       'require-email-verification'
     ]);
 
     if (settings['require-email-verification'] === true && !pin) {
+
+      const checkIfExists = await this.prisma.user_identifier.findFirst({
+        where: { type: 'email', value: email, user_id: userId  },
+      });
+
+      if (!checkIfExists) {
+        await this.prisma.user_identifier.create({
+          data: {
+            type: 'email',
+            value: email,
+            user_id: userId,
+          },
+        })
+      }      
+
       return {
         requireEmailVerification: settings['require-email-verification'] === true
       }
@@ -68,13 +91,33 @@ export class ProfileService {
     
     if (!await this.security.validatePassword(locale, credentials, password)) {
       throw new BadRequestException(getLocaleText('accessDenied', locale, 'Access denied.'));
-    }    
+    }
+
+    await this.prisma.$transaction( async (tx) => {
+
+      const userIdentifier = await tx.user_identifier.findFirst({
+        where: { user_id: userId, type: 'email', enabled: true },
+      });
+
+      if (!userIdentifier) {
+        throw new NotFoundException(getLocaleText('emailIdentifierNotFound', locale, 'Email identifier not found.'));
+      }
+
+      await tx.user_identifier.updateMany({
+        where: { user_id: userId, type: 'email' },
+        data: { value: email, verified_at: null, enabled: true},
+      });
+
+      await tx.user_identifier_challenge.deleteMany({
+        where: {
+          user_identifier_id: userIdentifier.id
+        }
+      });
 
-    await this.prisma.user_identifier.updateMany({
-      where: { user_id: userId, type: 'email' },
-      data: { value: email, verified_at: null},
     });
 
+    
+
     return {
       requireEmailVerification: settings['require-email-verification'] === true
     }
@@ -110,15 +153,42 @@ export class ProfileService {
 
     await this.prisma.$transaction(async (tx) => {
 
+      const challenge = await tx.user_identifier_challenge.findUnique({
+        where: { id: challengeId },
+      })
+
+      let userIdentifierId = challenge.user_identifier_id;
+
+      if (!userIdentifierId) {
+        const userIdentifier = await tx.user_identifier.findFirst({
+          where: { user_id: userId, type: 'email' },
+          select: { id: true }
+        });
+        userIdentifierId = userIdentifier.id;
+        await tx.user_identifier_challenge.update({
+          where: { id: challengeId },
+          data: { user_identifier_id: userIdentifierId },
+        });
+      }
+
       await tx.user_identifier_challenge.update({
         where: { id: challengeId },
         data: { verified_at: verifiedAt },
       });
 
       await tx.user_identifier.update({
-        where: { id: challenge.user_identifier_id },
+        where: { id: userIdentifierId },
         data: {
           verified_at: verifiedAt,
+          enabled: true
+        }
+      });
+
+      await tx.user_identifier.deleteMany({
+        where: {
+          user_id: userId,
+          type: 'email',
+          id: { not: userIdentifierId }
         }
       });
 
@@ -137,7 +207,7 @@ export class ProfileService {
 
   async getEmailIdentifier(userId: number) {
     return this.prisma.user_identifier.findFirst({
-      where: { user_id: userId, type: 'email' },
+      where: { user_id: userId, type: 'email', enabled: true},
     });
   }
 

package/src/setting/setting.service.ts

@@ -7,6 +7,7 @@ import {
   forwardRef,
   Inject,
   Injectable,
+  Logger,
 } from '@nestjs/common';
 import * as pako from 'pako';
 import { CreateDTO } from './dto/create.dto';
@@ -17,6 +18,7 @@ import { UpdateDTO } from './dto/update.dto';
 @Injectable()
 export class SettingService {
 
+  private readonly logger = new Logger(SettingService.name);
   private cachedSettings: Record<string, any> = {};
 
   constructor(
@@ -579,6 +581,8 @@ export class SettingService {
       this.cachedSettings &&
       slugs.every(s => Object.prototype.hasOwnProperty.call(this.cachedSettings, s))
     ) {
+      this.logger.warn('Returning settings from cache');
+
       // Retorna apenas os slugs requisitados do cache
       const cached: Record<string, any> = {};
       slugs.forEach(s => {
@@ -587,6 +591,8 @@ export class SettingService {
       return cached;
     }
 
+    this.logger.warn('Fetching settings from database');
+
     slug = Array.isArray(slug) ? slug : [slug];
 
     let setting = await this.prismaService.setting.findMany({
@@ -661,6 +667,7 @@ export class SettingService {
   }
 
   setCache(value: Record<string, any>) {
+    this.logger.warn(`Setting settings cache with ${Object.keys(value).length} items`);
     Object.keys(value).forEach(key => {
       this.cachedSettings[key] = value[key];
     });
@@ -668,6 +675,7 @@ export class SettingService {
   }
 
   clearCache() {
+    this.logger.warn('Clearing settings cache');
     this.cachedSettings = {};
   }
 

package/src/task/task.service.ts

@@ -1,13 +1,13 @@
+import { PrismaService } from '@hed-hog/api-prisma';
 import { Injectable, Logger } from '@nestjs/common';
 import { Cron, CronExpression } from '@nestjs/schedule';
-import { PrismaService } from '@hed-hog/api-prisma';
 
 @Injectable()
 export class TasksService {
   private readonly logger = new Logger(TasksService.name);
 
   constructor(private readonly prismaService: PrismaService) {
-
+    this.clear();
   }
 
   @Cron(CronExpression.EVERY_DAY_AT_MIDNIGHT)
@@ -49,6 +49,30 @@ export class TasksService {
     `;
     this.logger.verbose(`Expired sessions cleaned up in ${Date.now() - startAt}ms`);
     this.logger.verbose('++++++++++++++++++++++++++++++++++');
+    this.logger.verbose('Starting cleanup of expired user identifier challenges');
+    startAt = Date.now();
+    await this.prismaService.$queryRaw`
+      WITH expired_challenges AS (
+        SELECT user_identifier_id
+        FROM user_identifier_challenge
+        WHERE expires_at < now() AND verified_at IS NULL
+        ORDER BY user_identifier_id
+        LIMIT 20000
+      ),
+      deleted_challenges AS (
+        DELETE FROM user_identifier_challenge c
+        USING expired_challenges
+        WHERE c.user_identifier_id = expired_challenges.user_identifier_id AND c.verified_at IS NULL
+        RETURNING c.user_identifier_id
+      )
+      DELETE FROM user_identifier ui
+      USING deleted_challenges
+      WHERE ui.id = deleted_challenges.user_identifier_id
+        AND ui.verified_at IS NULL;
+    `;
+    this.logger.verbose(`Expired user identifier challenges and unverified identifiers cleaned up in ${Date.now() - startAt}ms`);
+    this.logger.verbose('++++++++++++++++++++++++++++++++++');
+
     this.logger.verbose('Finished scheduled cleanup tasks');
     this.logger.verbose('++++++++++++++++++++++++++++++++++');
   }

package/src/user/user.service.ts

@@ -211,7 +211,7 @@ export class UserService {
         const user = await tx.user.create({
           data: {
             name,
-            user_identifier: { create: { type: 'email', value: email } },
+            user_identifier: { create: { type: 'email', value: email, enabled: true } },
             user_credential: { create: { type: 'password', hash: passwordHash } },
             user_mfa: {
               create: {
@@ -261,7 +261,8 @@ export class UserService {
         user_identifier: {
           some: {
             type: 'email',
-            value: email.toLowerCase().trim()
+            value: email.toLowerCase().trim(),
+            enabled: true
           }
         }
       },