@solidstarters/solid-core 1.2.143 → 1.2.144

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solidstarters/solid-core",
-  "version": "1.2.143",
+  "version": "1.2.144",
   "description": "This module is a NestJS module containing all the required core providers required by a Solid application",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/constants/error-messages.ts

@@ -0,0 +1,123 @@
+// backend/common/constants/error-messages.ts
+
+export const ERROR_MESSAGES = {
+    //authentication errors
+    USER_NOT_FOUND: 'User does not exist.',
+    USER_NOT_ACTIVE: 'User profile is not activated.',
+    USER_INACTIVE: 'User is inactive.',
+    PASSWORD_INCORRECT: 'Password does not match.',
+    PUBLIC_REGISTRATION_DISABLED: 'Public registrations are disabled.',
+    UNIQUE_CONSTRAINT_VIOLATION: 'A unique constraint violation occurred.',
+    PASSWORDLESS_REGISTRATION_DISABLED: 'Passwordless registration is not enabled.',
+    REGISTRATION_REQUIRES_CONTACT: 'Either mobile or email is required for initiating registration.',
+    EMAIL_REQUIRED_FOR_VALIDATION: 'Email is required for email validation source.',
+    MOBILE_REQUIRED_FOR_VALIDATION: 'Mobile is required for mobile validation source.',
+    USER_ALREADY_EXISTS: 'User already exists. Please sign in.',
+    VALIDATION_SOURCE_REQUIRED: 'At least one validation source is required.',
+    INVALID_OTP: 'Invalid OTP.',
+    OTP_EXPIRED: 'OTP has expired.',
+    INVALID_VERIFICATION_TYPE: 'Invalid type. Must be either email or mobile.',
+    NON_LOCAL_PROVIDER: 'User seems to have used a passwordless mode to authenticate.',
+    USER_ID_MISMATCH: "User ID's do not match.",
+    USERNAME_MISMATCH: "User username's do not match.",
+    INCORRECT_CURRENT_PASSWORD: 'Incorrect current password specified.',
+    PASSWORD_REUSED: 'This password was previously used, please use a different password.',
+    INVALID_VERIFICATION_TOKEN: 'Invalid verification token',
+    ACCESS_DENIED: 'Access denied',
+    INVALID_USER_PROFILE: 'Invalid user profile',
+    GOOGLE_OAUTH_PROFILE_FETCH_FAILED: 'Failed to fetch user profile from Google OAuth service',
+    LOGOUT_FAILED: 'Logout failed due to an unexpected error.',
+
+    INVALID_CREDENTIALS: 'Invalid username or password specified.',
+    LOGIN_FAILED: 'Login Failed',
+    OLD_PASSWORD_INCORRECT: 'You have specified an incorrect old password.',
+    INVALID_NEW_PASSWORD: 'Invalid new password.',
+    PASSWORDS_DO_NOT_MATCH: 'New passwords are not matching.',
+
+    // user management errors
+    DELETE_SELF_NOT_ALLOWED: 'Deleting logged-in user is not allowed.',
+    DELETE_IDS_REQUIRED: 'At least one ID is required for deletion.',
+    USER_MISSING_ID: 'User must exist before initializing roles.',
+    ROLES_NOT_FOUND: (roles: string[]) => `The following roles were not found: ${roles.join(', ')}`,
+    USER_NOT_FOUND_BY_USERNAME: (username: string) => `User with username '${username}' not found.`,
+    ROLE_NOT_FOUND: (roleName: string) => `Role '${roleName}' not found.`,
+    PERMISSION_NOT_EXIST: (permission: string) => `Permission '${permission}' does not exist.`,
+
+    // session errors
+    SESSION_INVALID: 'Your session is no longer valid. Please log in again.',
+    SESSION_EXPIRED: 'Your session has expired. Please log in again.',
+
+    // filter errors
+    GROUP_BY_LIMIT: 'buildFilterQuery: Only 1 Group by field is supported currently.',
+    INVALID_GROUP_BY_COUNT: 'Exactly one groupBy field is required to count grouped records.',
+
+    // general errors
+    FORBIDDEN: 'Forbidden',
+
+
+    // database errors
+    DUPLICATE_ENTRY: 'Duplicate entry. A record with similar unique fields already exists.',
+
+    // validation errors
+    ID_REQUIRED_FOR_UPDATE: 'Id is required for update.',
+    ID_REQUIRED_FOR_DELETE: 'Id is required for deletion.',
+
+    // CRUD service errors
+    RELATION_TYPE_NOT_SUPPORTED: 'Relation type not supported in CRUD service.',
+    NO_SOFT_DELETED_RECORD_FOUND: 'No soft-deleted record found with the given ID.',
+    CONFLICTING_RECORD_ON_UNARCHIVE: 'Another record is conflicting with the record you are attempting to Un-Archive, either delete or change the other record so as to avoid this conflict.',
+    NO_SOFT_DELETED_RECORDS_FOUND: 'No matching soft-deleted records found.',
+    EMPTY_PATH_PARTS: 'Path parts cannot be empty',
+
+
+    // CSV/Excel service errors
+    MISSING_HEADERS_OR_FUNCTION: 'Either headers or data records function must be provided.',
+    INVALID_CHUNK_SIZE: 'Chunk size must be greater than 0 when data records function is provided.',
+    INVALID_FORMAT: (format: string) => `Invalid ${format} format`,
+
+
+    //field errors
+    INVALID_INVERSE_FIELD_TYPE: 'Only relation fields can have inverse fields.',
+    MODEL_AND_MODULE_REQUIRED_TO_UPDATE_INVERSE_FIELD: 'Model and module are required to update inverse field.',
+    MODEL_NAME_AND_MODULE_NAME_REQUIRED_TO_CREATE_INVERSE_FIELD: 'Model name and module name are required to create inverse field.',
+    FIELD_NOT_FOUND: (id: number | string) => `No field with id #${id} exists`,
+    PROVIDER_NOT_FOUND: (provider: string) => `Field incorrectly configured. No provider with name ${provider} registered in backend.`,
+    FILE_WRITE_FAILED: 'File creation failed, rolling back transaction',
+
+    // file service errors
+    FILE_NOT_FOUND: 'File not found',
+    FILE_COPY_ERROR: 'Error copying file',
+    S3_CLIENT_NOT_INITIALIZED: 'S3 Client not initialized. Please check the S3 configuration.',
+
+    // model errors
+    MODEL_METADATA_NOT_FOUND: (id: string | number) => `Model metadata with ID ${id} not found.`,
+    MODEL_SERVICE_NOT_FOUND: (model: string) => `Model service for ${model} not found.`,
+    RELATION_CO_MODEL_NOT_DEFINED_FOR_FIELD: (fieldName: string) => `Relation coModelSingularName is not defined for relation field ${fieldName}`,
+    MODEL_NOT_FOUND: (singularName?: string) => `Model${singularName ? ` with singular name "${singularName}"` : ''} not found.`,
+    MODEL_REQUIRED_FOR_CODE_GENERATION: 'Model ID or Model Name is required for generating code.',
+
+    //module errors
+    MODULE_NOT_FOUND: (moduleName: string) => `Module with name ${moduleName} not found.`,
+    MODULE_ID_NOT_FOUND: (id: string | number) => `Module with ID ${id} not found.`,
+
+    //entity errors
+    ENTITY_NOT_FOUND: (entity?: string | number) => `Entity${entity ? ' ' + entity : ''} not found.`,
+    ENTITY_NAME_REQUIRED: 'Entity name is required to find the entity.',
+    ENTITY_ID_REQUIRED: 'Entity ID is required to find the entity.',
+
+    // import errors
+    NO_ERROR_LOG_FOR_IMPORT: (id: string | number) => `No error log entries found for import transaction ID ${id}.`,
+    FILE_READ_FAILED_FROM_URL: (url: string) => `Failed to read file from URL: ${url}`,
+
+    // media storage provider errors
+    MEDIA_STORAGE_PROVIDER_ID_NOT_FOUND: (id: number | string) => `Media Storage Provider with #${id} not found.`,
+    MEDIA_STORAGE_PROVIDER_NOT_FOUND: 'Media Storage Provider not found',
+
+    // SQL errors
+    UNSUPPORTED_SQL_OPERATOR: (operator: string) => `Unsupported SQL operator: ${operator}`,
+
+    // AI interaction errors
+    PYTHON_EXECUTABLE_NOT_CONFIGURED: 'SolidX AI MCP python executable or client path not configured.',
+    UNABLE_TO_RESOLVE_SOLID_COMMAND: 'Unable to resolve a solid_ command that was used to come up with this response.',
+    UNABLE_TO_RESOLVE_MCP_HANDLER: 'Unable to resolve a mcp tool handler.',
+};

package/src/constants/success-messages.ts

@@ -0,0 +1,13 @@
+export const SUCCESS_MESSAGES = {
+    OTP_SENT_SUCCESS_REGISTRATION: 'User registration initiated. OTP sent to the user.',
+    OTP_SENT_SUCCESS_LOGIN: 'User login initiated. OTP sent to the user.',
+    FORGOT_PASSWORD_TOKEN_SENT: 'Forgot password - token generated and sent.',
+    FORGOT_PASSWORD_CONFIRMED: 'Forgot password confirmed.',
+    LOGOUT_SUCCESS: 'Logged out successfully',
+    USER_REGISTERED: 'User registered successfully.',
+
+    // CRUD service messages
+    RECORD_RECOVERED: 'Record successfully recovered',
+    SELECTED_RECORDS_RECOVERED: 'Selected records successfully recovered',
+
+};

package/src/index.ts

@@ -282,4 +282,6 @@ export * from './interfaces'
 export * from './solid-core.module'
 
 export * from './winston.logger'
-export { default as datetimeTransformer } from './transformers/datetime-transformer'
+export { default as datetimeTransformer } from './transformers/datetime-transformer'
+
+export { ERROR_MESSAGES } from './constants/error-messages'

package/src/services/ai-interaction.service.ts

@@ -17,6 +17,7 @@ import { PublisherFactory } from './queues/publisher-factory.service';
 import { RequestContextService } from './request-context.service';
 import { ActiveUserData } from 'src/interfaces/active-user-data.interface';
 import { McpToolResponseHandlerFactory } from './mcp-tool-response-handlers/mcp-tool-response-handler-factory.service';
+import { ERROR_MESSAGES } from 'src/constants/error-messages';
 
 @Injectable()
 export class AiInteractionService extends CRUDService<AiInteraction> {
@@ -78,7 +79,7 @@ export class AiInteractionService extends CRUDService<AiInteraction> {
 
     // TODO: We can return an error if the above env variables are not properly setup...
     if (!pythonExecutable || !mcpClient) {
-      throw new BadRequestException('SolidX AI MCP python executable or client path not configured.');
+      throw new BadRequestException(ERROR_MESSAGES.PYTHON_EXECUTABLE_NOT_CONFIGURED);
     }
 
     // Check if both paths are valid and accessible
@@ -187,7 +188,7 @@ export class AiInteractionService extends CRUDService<AiInteraction> {
     const toolsInvoked = metadata['tools_invoked'];
     if (!toolsInvoked) {
       // TODO: RESPONSE SHAPE ALERT Check if we want to control the shape of the response....
-      throw new Error('Unable to resolve a solid_ command that was used to come up with this response.');
+      throw new Error(ERROR_MESSAGES.UNABLE_TO_RESOLVE_SOLID_COMMAND);
     }
 
     // TODO: OPTIMISATION for chained tool invocation, for now we are assuming only 1 tool was used.
@@ -198,7 +199,7 @@ export class AiInteractionService extends CRUDService<AiInteraction> {
     const mcpToolHandler = this.mcpToolResponseHandlerFactory.getInstance(toolInvoked);
     if (!mcpToolHandler) {
       // TODO: RESPONSE SHAPE ALERT Check if we want to control the shape of the response....
-      throw new Error('Unable to resolve a mcp tool handler.');
+      throw new Error(ERROR_MESSAGES.UNABLE_TO_RESOLVE_MCP_HANDLER);
     }
 
     const handlerApplicationResponse = await mcpToolHandler.apply(aiInteraction);

package/src/services/authentication.service.ts

@@ -46,6 +46,8 @@ import { RoleMetadataService } from './role-metadata.service';
 import commonConfig from 'src/config/common.config';
 import { UserActivityHistoryService } from './user-activity-history.service';
 import { RequestContextService } from './request-context.service';
+import { ERROR_MESSAGES } from 'src/constants/error-messages';
+import { SUCCESS_MESSAGES } from 'src/constants/success-messages';
 
 
 enum LoginProvider {
@@ -111,17 +113,17 @@ export class AuthenticationService {
         const user = await this.resolveUser(signInDto.username, signInDto.email);
 
         if (!user) {
-            throw new UnauthorizedException('User does not exists');
+            throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
         }
         if (!user.active) {
-            throw new UnauthorizedException('User profile not activated');
+            throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_ACTIVE);
         }
         const isEqual = await this.hashingService.compare(
             signInDto.password,
             user.password,
         );
         if (!isEqual) {
-            throw new UnauthorizedException('Password does not match');
+            throw new UnauthorizedException(ERROR_MESSAGES.PASSWORD_INCORRECT);
         }
 
         return user;
@@ -130,7 +132,7 @@ export class AuthenticationService {
     async signUp(signUpDto: SignUpDto, activeUser: ActiveUserData = null): Promise<User> {
         // If public registrations are disabled and no activeUser is present when invoking signUp then we throw an exception.
         if (!(await this.settingService.getConfigValue('allowPublicRegistration')) && !activeUser) {
-            throw new BadRequestException('Public registrations are disabled.');
+            throw new BadRequestException(ERROR_MESSAGES.PUBLIC_REGISTRATION_DISABLED);
         }
 
         try {
@@ -150,7 +152,7 @@ export class AuthenticationService {
         } catch (err) {
             const pgUniqueViolationErrorCode = '23505';
             if (err.code === pgUniqueViolationErrorCode) {
-                throw new ConflictException();
+                throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);
             }
             throw err;
         }
@@ -172,7 +174,7 @@ export class AuthenticationService {
         catch (err) {
             const pgUniqueViolationErrorCode = '23505';
             if (err.code === pgUniqueViolationErrorCode) {
-                throw new ConflictException(parseUniqueConstraintError(err.detail || 'A unique constraint violation occurred.'));
+                throw new ConflictException(parseUniqueConstraintError(err.detail || ERROR_MESSAGES.UNIQUE_CONSTRAINT_VIOLATION));
             }
             throw err;
         }
@@ -275,17 +277,17 @@ export class AuthenticationService {
     async otpInitiateRegistration(signUpDto: OTPSignUpDto) {
         try {
             if (!this.isPasswordlessRegistrationEnabled()) {
-                throw new BadRequestException('Passwordless registration is not enabled');
+                throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
             }
             // Validate if either mobile or email is present.
             if (isEmpty(signUpDto.mobile) && isEmpty(signUpDto.email)) {
-                throw new BadRequestException('Either mobile or email is required for initiating registration');
+                throw new BadRequestException(ERROR_MESSAGES.REGISTRATION_REQUIRES_CONTACT);
             }
             if (signUpDto.validationSources.includes(TransactionalRegistrationValidationSource.EMAIL) && isEmpty(signUpDto.email)) {
-                throw new BadRequestException('Email is required for email validation source');
+                throw new BadRequestException(ERROR_MESSAGES.EMAIL_REQUIRED_FOR_VALIDATION);
             }
             if (signUpDto.validationSources.includes(TransactionalRegistrationValidationSource.MOBILE) && isEmpty(signUpDto.mobile)) {
-                throw new BadRequestException('Mobile is required for mobile validation source');
+                throw new BadRequestException(ERROR_MESSAGES.MOBILE_REQUIRED_FOR_VALIDATION);
             }
 
             // Validate if user already exists.
@@ -297,7 +299,7 @@ export class AuthenticationService {
                 ]
             });
             if (isNotEmpty(existingUser) && existingUser.active) {
-                throw new ConflictException('User already exists. Please sign in');
+                throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);
             }
             const finalRegistrationVerificationSources = this.calculateVerificationSources(this.iamConfiguration.passwordlessRegistrationValidateWhat, signUpDto);
             let user = existingUser
@@ -314,11 +316,11 @@ export class AuthenticationService {
 
             // Send OTP to the user through email or SMS, depending on the configuration.
             this.notifyUserOnOtpInitiateRegistration(user, finalRegistrationVerificationSources);
-            return { message: 'User registration initiated. OTP sent to the user.' }
+            return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_REGISTRATION }
         } catch (err) {
             const pgUniqueViolationErrorCode = '23505';
             if (err.code === pgUniqueViolationErrorCode) {
-                throw new ConflictException();
+                throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);
             }
             throw err;
         }
@@ -346,7 +348,7 @@ export class AuthenticationService {
     // Generate the validation tokens for the user i.e (system configured + user provided)
     private populateVerificationTokens(finalRegistrationValidationSources: string[], user: User) {
         if (finalRegistrationValidationSources.length === 0) {
-            throw new BadRequestException('At least one validation source is required');
+            throw new BadRequestException(ERROR_MESSAGES.VALIDATION_SOURCE_REQUIRED);
         }
         if (finalRegistrationValidationSources.includes(TransactionalRegistrationValidationSource.EMAIL)) {
             const { token, expiresAt } = this.otp();
@@ -407,7 +409,7 @@ export class AuthenticationService {
 
     async otpConfirmRegistration(confirmSignUpDto: OTPConfirmOTPDto) {
         if (!this.isPasswordlessRegistrationEnabled()) {
-            throw new BadRequestException('Passwordless registration is not enabled');
+            throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
 
         // Based on the identifier, validate by query the user table.
@@ -418,13 +420,13 @@ export class AuthenticationService {
                 }
             });
             if (!user) {
-                throw new UnauthorizedException('User does not exist');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
             }
             if (user.emailVerificationTokenOnRegistration !== confirmSignUpDto.otp) {
-                throw new UnauthorizedException('Invalid OTP');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
             }
             if (user.emailVerificationTokenOnRegistrationExpiresAt < new Date()) {
-                throw new UnauthorizedException('OTP expired');
+                throw new UnauthorizedException(ERROR_MESSAGES.OTP_EXPIRED);
             }
             user.emailVerifiedOnRegistrationAt = new Date();
             user.emailVerificationTokenOnRegistration = null;
@@ -440,13 +442,13 @@ export class AuthenticationService {
                 }
             });
             if (!user) {
-                throw new UnauthorizedException('User does not exist');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
             }
             if (user.mobileVerificationTokenOnRegistration !== confirmSignUpDto.otp) {
-                throw new UnauthorizedException('Invalid OTP');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
             }
             if (user.mobileVerificationTokenOnRegistrationExpiresAt < new Date()) {
-                throw new UnauthorizedException('Invalid OTP');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
             }
             user.mobileVerifiedOnRegistrationAt = new Date();
             user.mobileVerificationTokenOnRegistration = null;
@@ -456,7 +458,7 @@ export class AuthenticationService {
             this.triggerRegistrationEvent(savedUser);
             return { active: savedUser.active, message: `User registration verified for ${confirmSignUpDto.type}` }
         }
-        throw new BadRequestException('Invalid type. Must be either email or mobile');
+        throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
     }
 
     private triggerRegistrationEvent(savedUser: User) {
@@ -512,7 +514,7 @@ export class AuthenticationService {
 
     async otpInitiateLogin(signInDto: OTPSignInDto) {
         if (!this.isPasswordlessRegistrationEnabled()) {
-            throw new BadRequestException('Passwordless registration is not enabled');
+            throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
 
         // Validate & generate otp token for the user based on the identifier type.
@@ -523,10 +525,10 @@ export class AuthenticationService {
                 }
             });
             if (!user) {
-                throw new UnauthorizedException('User does not exist');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
             }
             if (!user.active) {
-                throw new UnauthorizedException('User is inactive');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
             }
             const { token, expiresAt } = this.otp();
             user.emailVerificationTokenOnLogin = token;
@@ -540,7 +542,7 @@ export class AuthenticationService {
                 }
             });
             if (!user) {
-                throw new UnauthorizedException('User does not exist');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
             }
 
             const { token, expiresAt } = this.otp();
@@ -550,9 +552,9 @@ export class AuthenticationService {
             this.notifyUserOnOtpInititateLogin(user, RegistrationValidationSource.MOBILE);
         }
         else {
-            throw new BadRequestException('Invalid type. Must be either email or mobile');
+            throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
         }
-        return { message: 'User login initiated. OTP sent to the user.' };
+        return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN };
     }
 
     private async notifyUserOnOtpInititateLogin(user: User, loginType: RegistrationValidationSource) {
@@ -595,7 +597,7 @@ export class AuthenticationService {
 
     async otpConfirmLogin(confirmSignInDto: OTPConfirmOTPDto) {
         if (!this.isPasswordlessRegistrationEnabled()) {
-            throw new BadRequestException('Passwordless registration is not enabled');
+            throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
         if (confirmSignInDto.type === RegistrationValidationSource.EMAIL) {
             const user = await this.userRepository.findOne({
@@ -605,16 +607,16 @@ export class AuthenticationService {
                 relations: ['roles']
             });
             if (!user) {
-                throw new UnauthorizedException('User does not exist');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
             }
             if (!user.active) {
-                throw new UnauthorizedException('User is inactive');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
             }
             if (user.emailVerificationTokenOnLogin !== confirmSignInDto.otp) {
-                throw new UnauthorizedException('Invalid OTP');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
             }
             if (user.emailVerificationTokenOnLoginExpiresAt < new Date()) {
-                throw new UnauthorizedException('Invalid OTP');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
             }
             user.emailVerifiedOnLoginAt = new Date();
             user.emailVerificationTokenOnLogin = null;
@@ -632,16 +634,16 @@ export class AuthenticationService {
                 relations: ['roles']
             });
             if (!user) {
-                throw new UnauthorizedException('User does not exist');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_ACTIVE);
             }
             if (!user.active) {
-                throw new UnauthorizedException('User is inactive');
+                throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
             }
             if (user.mobileVerificationTokenOnLogin !== confirmSignInDto.otp) {
-                throw new UnauthorizedException('Invalid OTP');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
             }
             if (user.mobileVerificationTokenOnLoginExpiresAt < new Date()) {
-                throw new UnauthorizedException('Invalid OTP');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);
             }
             user.mobileVerifiedOnLoginAt = new Date();
             user.mobileVerificationTokenOnLogin = null;
@@ -653,7 +655,7 @@ export class AuthenticationService {
             return { accessToken, refreshToken, user: { id, username, email, mobile, lastLoginProvider, roles } };
 
         }
-        throw new BadRequestException('Invalid type. Must be either email or mobile');
+        throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
     }
 
     async changePassword(changePasswordDto: ChangePasswordDto, activeUser: ActiveUserData) {
@@ -661,26 +663,26 @@ export class AuthenticationService {
             where: { id: changePasswordDto.id }
         });
         if (!user) {
-            throw new NotFoundException('User does not exists');
+            throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);
         }
 
         if (!user.active) {
-            throw new UnauthorizedException('User is inactive');
+            throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
         }
 
         // 2. Validate if user has used a provider which is "local", only then it makes sense for us to initiate the forgot password routine.
         if (user.lastLoginProvider !== 'local') {
-            throw new BadRequestException('User seems to have used a passwordless mode to authenticate.');
+            throw new BadRequestException(ERROR_MESSAGES.NON_LOCAL_PROVIDER);
         }
 
         // Check if ID's match
         if (!(user.id === activeUser.sub)) {
-            throw new BadRequestException("User ID's do not match ");
+            throw new BadRequestException(ERROR_MESSAGES.USER_ID_MISMATCH);
         }
 
         // Check if username's match
         if (!(user.username === activeUser.username)) {
-            throw new BadRequestException("User username's do not match");
+            throw new BadRequestException(ERROR_MESSAGES.USERNAME_MISMATCH);
         }
 
         // Check if old password is matching.
@@ -689,7 +691,7 @@ export class AuthenticationService {
             user.password,
         );
         if (!isEqual) {
-            throw new UnauthorizedException('Incorrect current password specified...');
+            throw new UnauthorizedException(ERROR_MESSAGES.INCORRECT_CURRENT_PASSWORD);
         }
 
         // Update Password
@@ -700,7 +702,7 @@ export class AuthenticationService {
         user.forcePasswordChange = false;
 
         if (await this.isPasswordDuplicate(user)) {
-            throw new BadRequestException('Previously used passwords cannot be used again.');
+            throw new BadRequestException(ERROR_MESSAGES.PASSWORD_REUSED);
         }
         await this.deleteOldPasswords(user);
 
@@ -724,15 +726,15 @@ export class AuthenticationService {
         const user = await this.resolveUser(initiateForgotPasswordDto.username, initiateForgotPasswordDto.email);
 
         if (!user) {
-            throw new NotFoundException('User does not exists');
+            throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);
         }
         if (!user.active) {
-            throw new UnauthorizedException('User is inactive');
+            throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
         }
 
         // 2. Validate if user has used a provider which is "local", only then it makes sense for us to initiate the forgot password routine. 
         if (user.lastLoginProvider !== 'local') {
-            throw new BadRequestException('User seems to have used a passwordless mode to authenticate.');
+            throw new BadRequestException(ERROR_MESSAGES.NON_LOCAL_PROVIDER);
         }
 
         // 3. Generate a 6 digit validation token, we send this token to the user over their email & mobile number (controlled using configuration).
@@ -746,7 +748,7 @@ export class AuthenticationService {
         // 5. Return. 
         return {
             status: 'success',
-            message: 'Forgot password - token generated and sent',
+            message: SUCCESS_MESSAGES.FORGOT_PASSWORD_TOKEN_SENT,
             error: '',
             errorCode: '',
             data: {
@@ -807,23 +809,23 @@ export class AuthenticationService {
         const user = await this.resolveUser(confirmForgotPasswordDto.username, confirmForgotPasswordDto.email);
 
         if (!user) {
-            throw new NotFoundException('User does not exists');
+            throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);
         }
 
         // 2. Validate if user has used a provider which is "local", only then it makes sense for us to initiate the forgot password routine. 
         if (user.lastLoginProvider !== 'local') {
-            throw new BadRequestException('User seems to have used a passwordless mode to authenticate.');
+            throw new BadRequestException(ERROR_MESSAGES.NON_LOCAL_PROVIDER);
         }
         if (!user.active) {
-            throw new UnauthorizedException('User is inactive');
+            throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
         }
 
         // 3. Validate the verification token is proper & update the user record. 
         if (user.verificationTokenOnForgotPassword !== confirmForgotPasswordDto.verificationToken) {
-            throw new UnauthorizedException('Invalid verification token');
+            throw new UnauthorizedException(ERROR_MESSAGES.INVALID_VERIFICATION_TOKEN);
         }
         if (user.verificationTokenOnForgotPasswordExpiresAt < new Date()) {
-            throw new UnauthorizedException('Invalid verification token');
+            throw new UnauthorizedException(ERROR_MESSAGES.INVALID_VERIFICATION_TOKEN);
         }
         user.forgotPasswordConfirmedAt = new Date();
         user.verificationTokenOnForgotPassword = null;
@@ -834,7 +836,7 @@ export class AuthenticationService {
         user.password = confirmForgotPasswordDto.password
 
         if (await this.isPasswordDuplicate(user)) {
-            throw new BadRequestException('Previously used passwords cannot be used again.');
+            throw new BadRequestException(ERROR_MESSAGES.PASSWORD_REUSED);
         }
         await this.deleteOldPasswords(user);
 
@@ -849,7 +851,7 @@ export class AuthenticationService {
 
         return {
             status: 'success',
-            message: 'Forgot password confirmed',
+            message: SUCCESS_MESSAGES.FORGOT_PASSWORD_CONFIRMED,
             error: '',
             errorCode: '',
             data: {}
@@ -950,7 +952,7 @@ export class AuthenticationService {
                 }
             });
             if (!user) {
-                throw new UnauthorizedException();
+                throw new UnauthorizedException(ERROR_MESSAGES.SESSION_INVALID);
             }
 
             // TODO: Replace the if else condition below with a call to validateAndRotate - Done
@@ -973,10 +975,10 @@ export class AuthenticationService {
         } catch (err) {
             if (err instanceof InvalidatedRefreshTokenError) {
                 // Take action: notify user that his refresh token might have been stolen?
-                throw new UnauthorizedException('Access denied');
+                throw new UnauthorizedException(ERROR_MESSAGES.ACCESS_DENIED);
             }
 
-            throw new UnauthorizedException();
+            throw new UnauthorizedException(ERROR_MESSAGES.SESSION_EXPIRED);
         }
     }
 
@@ -1007,10 +1009,10 @@ export class AuthenticationService {
                 // TODO: remove the access code both from the database.
                 return userProfile;
             } else {
-                throw new UnauthorizedException('Invalid user profile');
+                throw new UnauthorizedException(ERROR_MESSAGES.INVALID_USER_PROFILE);
             }
         } catch (error) {
-            throw new UnauthorizedException('Failed to fetch user profile from Google OAuth service');
+            throw new UnauthorizedException(ERROR_MESSAGES.GOOGLE_OAUTH_PROFILE_FETCH_FAILED);
         }
     }
 
@@ -1071,11 +1073,11 @@ export class AuthenticationService {
             await this.userActivityHistoryService.logEvent('logout', user);
 
 
-            return { message: 'Logged out successfully' };
+            return { message: SUCCESS_MESSAGES.LOGOUT_SUCCESS};
         } catch (err) {
             throw err instanceof UnauthorizedException || err instanceof InternalServerErrorException
                 ? err
-                : new InternalServerErrorException('Logout failed due to an unexpected error.');
+                : new InternalServerErrorException(ERROR_MESSAGES.LOGOUT_FAILED);
         }
     }
 
@@ -1083,7 +1085,7 @@ export class AuthenticationService {
     async activateUser(userId: number) {
         const user = await this.userService.findOne(userId, {});
         if (!user) {
-            throw new NotFoundException('User not found');
+            throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);
         }
         user.active = true;
         await this.userRepository.save(user);

package/src/services/crud-helper.service.ts

@@ -4,6 +4,7 @@ import { classify } from "@angular-devkit/core/src/utils/strings";
 import { ActiveUserData } from "src/interfaces/active-user-data.interface";
 import { SolidRegistry } from "src/helpers/solid-registry";
 import { Logger } from "@nestjs/common";
+import { ERROR_MESSAGES } from "src/constants/error-messages";
 
 
 export class CrudHelperService {
@@ -174,7 +175,7 @@ export class CrudHelperService {
         const normalizedSort = this.normalize(sort);
         const normalizedGroupBy = this.normalize(groupBy);
         if (normalizedGroupBy.length > 1) {
-            throw new Error('buildFilterQuery: Only 1 Group by field is supported currently');
+            throw new Error(ERROR_MESSAGES.GROUP_BY_LIMIT);
         }
 
         // Depending upon the populate option, apply the join clause
@@ -367,7 +368,7 @@ export class CrudHelperService {
         const groupByField = filteredDto.groupBy;
 
         if (!groupByField || (Array.isArray(groupByField) && groupByField.length !== 1)) {
-            throw new Error('Exactly one groupBy field is required to count grouped records.');
+            throw new Error(ERROR_MESSAGES.INVALID_GROUP_BY_COUNT);
         }
 
          const field = Array.isArray(groupByField) ? groupByField[0] : groupByField;