npm - ar-saas - Versions diffs - 0.4.2 → 0.5.0 - Mend

ar-saas 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ar-saas",
-  "version": "0.4.2",
+  "version": "0.5.0",
   "description": "Generador de proyectos SaaS multi-tenant para startups argentinas. Landing page, auth, dashboard y legal listos para producción.",
   "main": "dist/index.js",
   "bin": {
@@ -51,3 +51,4 @@
   }
 }

package/templates/backend/.env.example CHANGED Viewed

@@ -10,7 +10,7 @@
 NODE_ENV=development
 # Puerto donde corre el servidor
-PORT=3000
+PORT=3001
 # Prefijo para todas las rutas de la API
 API_PREFIX=api
@@ -47,7 +47,7 @@ RESEND_FROM_NAME="Tu App"
 # ===== App URL =====
 # URL del frontend (para links en emails de verificación, reset, etc)
-APP_URL=http://localhost:5173
+APP_URL=http://localhost:3000
 # ===== Swagger =====
 # Habilitar documentación Swagger en /api/docs (solo development)
@@ -55,7 +55,7 @@ SWAGGER_ENABLED=true
 # ===== CORS =====
 # Orígenes permitidos (separados por coma)
-CORS_ORIGINS=http://localhost:3001
+CORS_ORIGINS=http://localhost:3000
 # ===== Rate Limiting =====
 # Cantidad máxima de requests por ventana de tiempo
@@ -65,3 +65,13 @@ THROTTLE_LIMIT=100
 # ===== Cookies =====
 # Secreto para firmar cookies (usar openssl rand -hex 32 para generar)
 COOKIE_SECRET=cambiar-por-secreto-seguro
+# ===== GitHub OAuth =====
+# Crear en https://github.com/settings/applications/new
+# Authorization callback URL: http://localhost:3001/api/auth/github/callback
+GITHUB_CLIENT_ID=cambiar-por-client-id
+GITHUB_CLIENT_SECRET=cambiar-por-client-secret
+GITHUB_CALLBACK_URL=http://localhost:3001/api/auth/github/callback
+# URL del frontend (para redirigir después del OAuth)
+FRONTEND_URL=http://localhost:3000

package/templates/backend/README.md CHANGED Viewed

@@ -39,7 +39,7 @@ todo lo genérico ya resuelto, más integraciones reales para operar en Argentin
 | ODM | Mongoose | 9 |
 | Auth (tokens) | JWT + cookies HttpOnly | — |
 | Auth (passwords) | bcrypt | 5.x |
-| Auth (passport) | passport + passport-jwt | 0.7 / 4.x |
+| Auth (passport) | passport + passport-jwt + passport-github2 | 0.7 / 4.x / 0.1.x |
 | Validación | class-validator | 0.14 |
 | Transformación | class-transformer | 0.5 |
 | Emails | Resend | 4.x |
@@ -53,7 +53,7 @@ todo lo genérico ya resuelto, más integraciones reales para operar en Argentin
 - **Multi-tenancy real** — Aislamiento por `workspaceId` garantizado en cada query. El `workspaceId` se extrae del JWT verificado del usuario autenticado. `BaseRepository` fuerza el filtro en toda operación. Imposible leakear datos entre workspaces por error humano.
-- **Auth completo** — Registro, login, refresh token rotativo, email verification, password reset. Access + refresh tokens en cookies `HttpOnly`, `Secure`, `SameSite=Strict`. Con rate limiting en endpoints sensibles y Helmet para headers de seguridad. Nunca en `localStorage` ni en el body.
+- **Auth completo** — Registro, login, refresh token rotativo, email verification, password reset y **OAuth con GitHub**. Access + refresh tokens en cookies `HttpOnly`, `Secure`. `SameSite=none` + `Partitioned` en producción para soporte cross-domain. Con rate limiting en endpoints sensibles y Helmet para headers de seguridad. Nunca en `localStorage` ni en el body.
 - **BaseRepository genérico** — Soft delete, paginación, filtros dinámicos, agregaciones, conteo, upsert. Manejo automático de errores MongoDB (duplicate key, cast error). 12 métodos heredados por todos los repositorios.
@@ -124,6 +124,23 @@ Instalá MongoDB Community Edition siguiendo las instrucciones oficiales:
 | `RESEND_FROM_EMAIL` | Email remitente verificado en Resend |
 | `APP_URL` | URL del frontend: `http://localhost:3001` |
 | `CORS_ORIGINS` | URL del frontend (misma que APP_URL): `http://localhost:3001` |
+| `GITHUB_CLIENT_ID` | Client ID de la GitHub OAuth App |
+| `GITHUB_CLIENT_SECRET` | Client Secret de la GitHub OAuth App |
+| `GITHUB_CALLBACK_URL` | `http://localhost:3001/api/auth/github/callback` en desarrollo |
+| `FRONTEND_URL` | URL del frontend para redirigir después del OAuth: `http://localhost:3000` |
+**Configurar GitHub OAuth:**
+1. Ir a [github.com/settings/applications/new](https://github.com/settings/applications/new)
+2. Completar:
+   - **Application name**: nombre de tu app
+   - **Homepage URL**: `http://localhost:3000`
+   - **Authorization callback URL**: `http://localhost:3001/api/auth/github/callback`
+3. Hacer click en **Register application**
+4. Copiar el **Client ID** → `GITHUB_CLIENT_ID`
+5. Generar un **Client Secret** → `GITHUB_CLIENT_SECRET`
+En producción, crear una segunda OAuth App con las URLs de producción, o actualizar la existente.
 **Generar JWT secrets:**
@@ -167,6 +184,8 @@ El servidor corre en `http://localhost:3000/api`. Swagger en `http://localhost:3
 | `secretOrPrivateKey must have a value` | `JWT_ACCESS_SECRET` o `JWT_REFRESH_SECRET` vacíos en `.env` |
 | Error de CORS en el frontend | `CORS_ORIGINS` en `.env` no incluye `http://localhost:3001` |
 | Emails no llegan | Verificar `RESEND_API_KEY` y que `RESEND_FROM_EMAIL` esté verificado en Resend |
+| GitHub OAuth: `redirect_uri_mismatch` | La callback URL en la GitHub App no coincide con `GITHUB_CALLBACK_URL` en `.env` |
+| GitHub OAuth: `No public email on GitHub account` | El usuario de GitHub tiene el email en privado — debe hacerlo público en [github.com/settings/profile](https://github.com/settings/profile) |
 ## Comandos disponibles
@@ -199,7 +218,7 @@ src/
 │   └── interceptors/
 │       └── workspace-tenant.interceptor.ts  # Extrae workspaceId del JWT verificado
 ├── modules/
-│   ├── auth/           # Registro, login, refresh, email verification, password reset
+│   ├── auth/           # Registro, login, refresh, email verification, password reset, GitHub OAuth
 │   ├── users/          # CRUD de usuarios
 │   ├── workspaces/     # CRUD de workspaces
 │   └── mail/           # Envío de emails con Resend (@Global)

package/templates/backend/package-lock.json CHANGED Viewed

@@ -1,11 +1,11 @@
 {
-  "name": "create-saas-ar-backend",
+  "name": "ar-saas-backend",
   "version": "0.0.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
-      "name": "create-saas-ar-backend",
+      "name": "ar-saas-backend",
       "version": "0.0.1",
       "license": "UNLICENSED",
       "dependencies": {
@@ -18,12 +18,16 @@
         "@nestjs/platform-express": "^11.0.1",
         "@nestjs/schedule": "^6.0.1",
         "@nestjs/swagger": "^11.2.1",
+        "@nestjs/throttler": "^6.0.0",
         "bcryptjs": "^2.4.3",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.14.2",
         "cookie-parser": "^1.4.7",
+        "helmet": "^8.0.0",
+        "joi": "^17.13.3",
         "mongoose": "^9.0.1",
         "passport": "^0.7.0",
+        "passport-github2": "^0.1.12",
         "passport-jwt": "^4.0.1",
         "reflect-metadata": "^0.2.2",
         "resend": "^4.1.2",
@@ -40,6 +44,7 @@
         "@types/express": "^5.0.0",
         "@types/jest": "^30.0.0",
         "@types/node": "^22.10.7",
+        "@types/passport-github2": "^1.2.9",
         "@types/passport-jwt": "^4.0.1",
         "@types/supertest": "^6.0.2",
         "eslint": "^9.18.0",
@@ -954,6 +959,21 @@
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
+    "node_modules/@hapi/hoek": {
+      "version": "9.3.0",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz",
+      "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@hapi/topo": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz",
+      "integrity": "sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^9.0.0"
+      }
+    },
     "node_modules/@humanfs/core": {
       "version": "0.19.2",
       "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.2.tgz",
@@ -2595,6 +2615,17 @@
         }
       }
     },
+    "node_modules/@nestjs/throttler": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/@nestjs/throttler/-/throttler-6.5.0.tgz",
+      "integrity": "sha512-9j0ZRfH0QE1qyrj9JjIRDz5gQLPqq9yVC2nHsrosDVAfI5HHw08/aUAWx9DZLSdQf4HDkmhTTEGLrRFHENvchQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "@nestjs/common": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0",
+        "@nestjs/core": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0",
+        "reflect-metadata": "^0.1.13 || ^0.2.0"
+      }
+    },
     "node_modules/@noble/hashes": {
       "version": "1.8.0",
       "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz",
@@ -2696,6 +2727,27 @@
         "url": "https://ko-fi.com/killymxi"
       }
     },
+    "node_modules/@sideway/address": {
+      "version": "4.1.5",
+      "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.5.tgz",
+      "integrity": "sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^9.0.0"
+      }
+    },
+    "node_modules/@sideway/formula": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@sideway/formula/-/formula-3.0.1.tgz",
+      "integrity": "sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@sideway/pinpoint": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@sideway/pinpoint/-/pinpoint-2.0.0.tgz",
+      "integrity": "sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==",
+      "license": "BSD-3-Clause"
+    },
     "node_modules/@sinclair/typebox": {
       "version": "0.34.49",
       "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.34.49.tgz",
@@ -3019,6 +3071,16 @@
         "undici-types": "~6.21.0"
       }
     },
+    "node_modules/@types/oauth": {
+      "version": "0.9.6",
+      "resolved": "https://registry.npmjs.org/@types/oauth/-/oauth-0.9.6.tgz",
+      "integrity": "sha512-H9TRCVKBNOhZZmyHLqFt9drPM9l+ShWiqqJijU1B8P3DX3ub84NjxDuy+Hjrz+fEca5Kwip3qPMKNyiLgNJtIA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/passport": {
       "version": "1.0.17",
       "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.17.tgz",
@@ -3029,6 +3091,18 @@
         "@types/express": "*"
       }
     },
+    "node_modules/@types/passport-github2": {
+      "version": "1.2.9",
+      "resolved": "https://registry.npmjs.org/@types/passport-github2/-/passport-github2-1.2.9.tgz",
+      "integrity": "sha512-/nMfiPK2E6GKttwBzwj0Wjaot8eHrM57hnWxu52o6becr5/kXlH/4yE2v2rh234WGvSgEEzIII02Nc5oC5xEHA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*",
+        "@types/passport": "*",
+        "@types/passport-oauth2": "*"
+      }
+    },
     "node_modules/@types/passport-jwt": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/@types/passport-jwt/-/passport-jwt-4.0.1.tgz",
@@ -3040,6 +3114,18 @@
         "@types/passport-strategy": "*"
       }
     },
+    "node_modules/@types/passport-oauth2": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/@types/passport-oauth2/-/passport-oauth2-1.8.0.tgz",
+      "integrity": "sha512-6//z+4orIOy/g3zx17HyQ71GSRK4bs7Sb+zFasRoc2xzlv7ZCJ+vkDBYFci8U6HY+or6Zy7ajf4mz4rK7nsWJQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*",
+        "@types/oauth": "*",
+        "@types/passport": "*"
+      }
+    },
     "node_modules/@types/passport-strategy": {
       "version": "0.2.38",
       "resolved": "https://registry.npmjs.org/@types/passport-strategy/-/passport-strategy-0.2.38.tgz",
@@ -4319,6 +4405,15 @@
       ],
       "license": "MIT"
     },
+    "node_modules/base64url": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz",
+      "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/baseline-browser-mapping": {
       "version": "2.10.34",
       "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.34.tgz",
@@ -6416,6 +6511,18 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/helmet": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-8.2.0.tgz",
+      "integrity": "sha512-DRgTIUgnWcJ62KyarxxziuqYxKGnR6Rgg19BlbucN/dpmJbl1XOit6qvoOX0ZT+HhWe5OUVhU/a1zpGyc1xA0Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/EvanHahn"
+      }
+    },
     "node_modules/html-escaper": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
@@ -7558,6 +7665,19 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
+    "node_modules/joi": {
+      "version": "17.13.3",
+      "resolved": "https://registry.npmjs.org/joi/-/joi-17.13.3.tgz",
+      "integrity": "sha512-otDA4ldcIx+ZXsKHWmp0YizCweVRZG96J10b0FevjfuncLO1oX59THoAmHkNubYJ+9gWsYsp5k8v4ib6oDv1fA==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^9.3.0",
+        "@hapi/topo": "^5.1.0",
+        "@sideway/address": "^4.1.5",
+        "@sideway/formula": "^3.0.1",
+        "@sideway/pinpoint": "^2.0.0"
+      }
+    },
     "node_modules/js-tokens": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@@ -8406,6 +8526,12 @@
         "node": ">=8"
       }
     },
+    "node_modules/oauth": {
+      "version": "0.10.2",
+      "resolved": "https://registry.npmjs.org/oauth/-/oauth-0.10.2.tgz",
+      "integrity": "sha512-JtFnB+8nxDEXgNyniwz573xxbKSOu3R8D40xQKqcjwJ2CDkYqUDI53o6IuzDJBx60Z8VKCm271+t8iFjakrl8Q==",
+      "license": "MIT"
+    },
     "node_modules/object-assign": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
@@ -8627,6 +8753,17 @@
         "url": "https://github.com/sponsors/jaredhanson"
       }
     },
+    "node_modules/passport-github2": {
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/passport-github2/-/passport-github2-0.1.12.tgz",
+      "integrity": "sha512-3nPUCc7ttF/3HSP/k9sAXjz3SkGv5Nki84I05kSQPo01Jqq1NzJACgMblCK0fGcv9pKCG/KXU3AJRDGLqHLoIw==",
+      "dependencies": {
+        "passport-oauth2": "1.x.x"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
     "node_modules/passport-jwt": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/passport-jwt/-/passport-jwt-4.0.1.tgz",
@@ -8637,6 +8774,26 @@
         "passport-strategy": "^1.0.0"
       }
     },
+    "node_modules/passport-oauth2": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/passport-oauth2/-/passport-oauth2-1.8.0.tgz",
+      "integrity": "sha512-cjsQbOrXIDE4P8nNb3FQRCCmJJ/utnFKEz2NX209f7KOHPoX18gF7gBzBbLLsj2/je4KrgiwLLGjf0lm9rtTBA==",
+      "license": "MIT",
+      "dependencies": {
+        "base64url": "3.x.x",
+        "oauth": "0.10.x",
+        "passport-strategy": "1.x.x",
+        "uid2": "0.0.x",
+        "utils-merge": "1.x.x"
+      },
+      "engines": {
+        "node": ">= 0.4.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/jaredhanson"
+      }
+    },
     "node_modules/passport-strategy": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
@@ -10405,6 +10562,12 @@
         "node": ">=8"
       }
     },
+    "node_modules/uid2": {
+      "version": "0.0.4",
+      "resolved": "https://registry.npmjs.org/uid2/-/uid2-0.0.4.tgz",
+      "integrity": "sha512-IevTus0SbGwQzYh3+fRsAMTVVPOoIVufzacXcHPmdlle1jUpq7BRL+mw3dgeLanvGZdwwbWhRV6XrcFNdBmjWA==",
+      "license": "MIT"
+    },
     "node_modules/uint8array-extras": {
       "version": "1.5.0",
       "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz",

package/templates/backend/package.json CHANGED Viewed

@@ -38,6 +38,7 @@
     "joi": "^17.13.3",
     "mongoose": "^9.0.1",
     "passport": "^0.7.0",
+    "passport-github2": "^0.1.12",
     "passport-jwt": "^4.0.1",
     "reflect-metadata": "^0.2.2",
     "resend": "^4.1.2",
@@ -54,6 +55,7 @@
     "@types/express": "^5.0.0",
     "@types/jest": "^30.0.0",
     "@types/node": "^22.10.7",
+    "@types/passport-github2": "^1.2.9",
     "@types/passport-jwt": "^4.0.1",
     "@types/supertest": "^6.0.2",
     "eslint": "^9.18.0",

package/templates/backend/src/app.module.ts CHANGED Viewed

@@ -8,7 +8,14 @@ import { AppController } from './app.controller';
 import { AppService } from './app.service';
 import { GlobalExceptionFilter } from './common/filters/global-exception.filter';
 import { AuthModule } from './modules/auth/auth.module';
+import { ClientsModule } from './modules/clients/clients.module';
+import { InvoicesModule } from './modules/invoices/invoices.module';
 import { MailModule } from './modules/mail/mail.module';
+import { NotificationsModule } from './modules/notifications/notifications.module';
+import { PipelineModule } from './modules/pipeline/pipeline.module';
+import { PlannerModule } from './modules/planner/planner.module';
+import { TaskColumnsModule } from './modules/task-columns/task-columns.module';
+import { TasksModule } from './modules/tasks/tasks.module';
 import { UsersModule } from './modules/users/users.module';
 import { WorkspacesModule } from './modules/workspaces/workspaces.module';
@@ -51,6 +58,13 @@ import { WorkspacesModule } from './modules/workspaces/workspaces.module';
     UsersModule,
     WorkspacesModule,
     AuthModule,
+    ClientsModule,
+    NotificationsModule,
+    InvoicesModule,
+    PipelineModule,
+    TaskColumnsModule,
+    TasksModule,
+    PlannerModule,
   ],
   controllers: [AppController],
   providers: [

package/templates/backend/src/common/guards/github-auth.guard.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+@Injectable()
+export class GithubAuthGuard extends AuthGuard('github') {}

package/templates/backend/src/main.ts CHANGED Viewed

@@ -15,7 +15,7 @@ async function bootstrap() {
   app.use(cookieParser(process.env.COOKIE_SECRET));
   app.enableCors({
-    origin: process.env.CORS_ORIGINS?.split(',') ?? ['http://localhost:5173'],
+    origin: process.env.CORS_ORIGINS?.split(',') ?? ['http://localhost:3000'],
     credentials: true,
   });
@@ -42,7 +42,7 @@ async function bootstrap() {
     SwaggerModule.setup(`${apiPrefix}/docs`, app, document);
   }
-  const port = process.env.PORT ?? 3000;
+  const port = process.env.PORT ?? 3001;
   await app.listen(port);
   console.log(`🚀 Servidor corriendo en http://localhost:${port}/${apiPrefix}`);
 }

package/templates/backend/src/modules/auth/auth.controller.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import {
   HttpStatus,
   Post,
   Query,
+  Req,
   Res,
   UnauthorizedException,
   UseGuards,
@@ -13,11 +14,12 @@ import {
 import { ConfigService } from '@nestjs/config';
 import { Throttle } from '@nestjs/throttler';
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
-import type { Response } from 'express';
+import type { Request, Response } from 'express';
 import { CurrentUser } from '../../common/decorators/current-user.decorator';
 import type { TokenPayload } from '../../common/decorators/current-user.decorator';
 import { Cookie } from '../../common/decorators/cookie.decorator';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { GithubAuthGuard } from '../../common/guards/github-auth.guard';
 import { AuthService } from './auth.service';
 import { ForgotPasswordDto } from './dto/forgot-password.dto';
 import { LoginDto } from './dto/login.dto';
@@ -25,6 +27,11 @@ import { RefreshTokenDto } from './dto/refresh-token.dto';
 import { RegisterDto } from './dto/register.dto';
 import { ResetPasswordDto } from './dto/reset-password.dto';
 import { VerifyEmailDto } from './dto/verify-email.dto';
+import { GithubProfile } from './strategies/github.strategy';
+interface RequestWithGithubUser extends Request {
+  user: GithubProfile;
+}
 @ApiTags('Auth')
 @Controller('auth')
@@ -121,6 +128,45 @@ export class AuthController {
     return this.authService.getMe(user.userId);
   }
+  @Get('github')
+  @UseGuards(GithubAuthGuard)
+  @ApiOperation({ summary: 'Iniciar autenticación con GitHub' })
+  githubLogin(): void {}
+  @Get('github/callback')
+  @UseGuards(GithubAuthGuard)
+  @ApiOperation({ summary: 'Callback de GitHub OAuth' })
+  async githubCallback(
+    @Req() req: RequestWithGithubUser,
+    @Res() res: Response,
+  ): Promise<void> {
+    const frontendUrl = this.configService.getOrThrow<string>('FRONTEND_URL');
+    try {
+      const { code, alreadyExisted } = await this.authService.githubLogin(req.user);
+      const info = alreadyExisted ? '&info=already_exists' : '';
+      res.redirect(`${frontendUrl}/auth/github/callback?code=${code}${info}`);
+    } catch {
+      res.redirect(`${frontendUrl}/auth/github/callback?error=github_failed`);
+    }
+  }
+  @Post('github/exchange')
+  @HttpCode(HttpStatus.OK)
+  @Throttle({ default: { limit: 10, ttl: 60000 } })
+  @ApiOperation({ summary: 'Intercambiar código OAuth por sesión' })
+  async githubExchange(
+    @Body('code') code: string,
+    @Res({ passthrough: true }) res: Response,
+  ) {
+    if (!code) {
+      throw new UnauthorizedException('Código requerido.');
+    }
+    const { alreadyExisted, accessToken, refreshToken } =
+      await this.authService.exchangeGithubCode(code);
+    this.setTokenCookies(res, accessToken, refreshToken);
+    return { success: true, alreadyExisted };
+  }
   private setTokenCookies(
     res: Response,
     accessToken: string,
@@ -130,7 +176,8 @@ export class AuthController {
     const base = {
       httpOnly: true,
       secure: isProd,
-      sameSite: 'strict' as const,
+      sameSite: (isProd ? 'none' : 'lax') as 'none' | 'lax',
+      ...(isProd && { partitioned: true }),
     };
     res.cookie('access_token', accessToken, {
@@ -150,7 +197,8 @@ export class AuthController {
     const base = {
       httpOnly: true,
       secure: isProd,
-      sameSite: 'strict' as const,
+      sameSite: (isProd ? 'none' : 'lax') as 'none' | 'lax',
+      ...(isProd && { partitioned: true }),
     };
     res.clearCookie('access_token', base);

package/templates/backend/src/modules/auth/auth.module.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import { WorkspacesModule } from '../workspaces/workspaces.module';
 import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
 import { JwtStrategy } from './strategies/jwt.strategy';
+import { GithubStrategy } from './strategies/github.strategy';
 @Module({
   imports: [
@@ -15,6 +16,6 @@ import { JwtStrategy } from './strategies/jwt.strategy';
     WorkspacesModule,
   ],
   controllers: [AuthController],
-  providers: [AuthService, JwtStrategy],
+  providers: [AuthService, JwtStrategy, GithubStrategy],
 })
 export class AuthModule {}