innovationhub-cli 1.1.0 → 2.0.1

package/templates/nest/jest.config.js

@@ -0,0 +1,17 @@
+module.exports = {
+  moduleFileExtensions: [
+    'js',
+    'json',
+    'ts',
+  ],
+  rootDir: 'src',
+  testRegex: '.*\\.spec\\.ts$',
+  transform: {
+    '^.+\.(t|j)s$': 'ts-jest',
+  },
+  collectCoverageFrom: [
+    '**/*.(t|j)s',
+  ],
+  coverageDirectory: '../coverage',
+  testEnvironment: 'node',
+};

package/templates/nest/nest-cli.json

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://json.schemastore.org/nest-cli",
+  "collection": "@nestjs/schematics",
+  "sourceRoot": "src",
+  "compilerOptions": {
+    "deleteOutDir": true,
+    "assets": [
+      "templates/**/*"
+    ],
+    "watchAssets": true
+  }
+}

package/templates/nest/package.json

@@ -0,0 +1,99 @@
+{
+  "name": "site-ih-back",
+  "version": "0.0.1",
+  "description": "",
+  "author": "",
+  "private": true,
+  "license": "UNLICENSED",
+  "scripts": {
+    "build": "nest build",
+    "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+    "start": "npm run migration:run && nest start --watch",
+    "start:dev": "npm run migration:run && nest start --watch",
+    "start:debug": "npm run migration:run && nest start --debug --watch",
+    "start:prod": "npm run migration:run && node dist/main",
+    "heroku-postbuild": "npm run build",
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:cov": "jest --coverage",
+    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "test:e2e": "jest --config ./test/jest-e2e.json",
+    "typeorm": "typeorm-ts-node-commonjs",
+    "migration:generate": "npm run typeorm -- migration:generate -d src/data-source.ts",
+    "migration:create": "npm run typeorm -- migration:create",
+    "migration:run": "npm run typeorm -- migration:run -d src/data-source.ts",
+    "migration:revert": "npm run typeorm -- migration:revert -d src/data-source.ts",
+    "migration:show": "npm run typeorm -- migration:show -d src/data-source.ts",
+    "prepare": "husky"
+  },
+  "dependencies": {
+    "@nestjs-modules/mailer": "^2.0.2",
+    "@nestjs/axios": "^4.0.1",
+    "@nestjs/common": "^11.1.9",
+    "@nestjs/config": "^4.0.2",
+    "@nestjs/core": "^11.1.9",
+    "@nestjs/jwt": "^11.0.0",
+    "@nestjs/passport": "^11.0.5",
+    "@nestjs/platform-express": "^11.0.1",
+    "@nestjs/swagger": "^11.2.0",
+    "@nestjs/typeorm": "^11.0.0",
+    "axios": "^1.13.2",
+    "bcryptjs": "^3.0.3",
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.2",
+    "cloudinary": "^2.9.0",
+    "handlebars": "^4.7.8",
+    "multer": "^2.0.2",
+    "multer-storage-cloudinary": "^4.0.0",
+    "nodemailer": "^8.0.1",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1",
+    "passport-local": "^1.0.0",
+    "pg": "^8.16.3",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.1",
+    "swagger-ui-express": "^5.0.1",
+    "typeorm": "^0.3.27",
+    "uuid": "^13.0.0"
+  },
+  "overrides": {
+    "glob": "^11.0.0",
+    "html-minifier": "^4.0.0",
+    "mjml": "^4.14.1",
+    "multer-storage-cloudinary": {
+      "cloudinary": "^2.9.0"
+    }
+  },
+  "devDependencies": {
+    "@eslint/eslintrc": "^3.2.0",
+    "@eslint/js": "^10.0.1",
+    "@nestjs/cli": "^11.0.0",
+    "@nestjs/schematics": "^11.0.0",
+    "@nestjs/testing": "^11.0.1",
+    "@types/express": "^5.0.0",
+    "@types/jest": "^30.0.0",
+    "@types/multer": "^2.0.0",
+    "@types/node": "^25.2.3",
+    "@types/nodemailer": "^7.0.4",
+    "@types/passport-jwt": "^4.0.1",
+    "@types/passport-local": "^1.0.38",
+    "@types/supertest": "^6.0.2",
+    "@types/uuid": "^11.0.0",
+    "eslint": "^10.0.0",
+    "eslint-config-prettier": "^10.0.1",
+    "eslint-plugin-prettier": "^5.2.2",
+    "globals": "^17.3.0",
+    "husky": "^9.1.7",
+    "jest": "^30.0.0",
+    "prettier": "^3.4.2",
+    "source-map-support": "^0.5.21",
+    "supertest": "^7.0.0",
+    "ts-jest": "^29.2.5",
+    "ts-loader": "^9.5.2",
+    "ts-node": "^10.9.2",
+    "tsconfig-paths": "^4.2.0",
+    "typescript": "^5.7.3",
+    "typescript-eslint": "^8.20.0"
+  }
+}

package/templates/nest/src/app.controller.ts

@@ -0,0 +1,7 @@
+import { Controller } from '@nestjs/common';
+import { AppService } from './app.service';
+
+@Controller()
+export class AppController {
+  constructor(private readonly appService: AppService) {}
+}

package/templates/nest/src/app.module.ts

@@ -0,0 +1,69 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule, TypeOrmModuleOptions } from '@nestjs/typeorm';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { UserModule } from './user/user.module';
+import { AuthModule } from './auth/auth.module';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+import { MailerModule } from '@nestjs-modules/mailer';
+import { join } from 'path';
+import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter';
+
+@Module({
+  imports: [
+    UserModule,
+    AuthModule,
+
+    ConfigModule.forRoot({
+      isGlobal: true,
+    }),
+    TypeOrmModule.forRootAsync({
+      imports: [ConfigModule],
+      useFactory: (configService: ConfigService): TypeOrmModuleOptions => ({
+        type: configService.get<string>('DATABASE_TYPE') as 'postgres',
+        host: configService.get<string>('DATABASE_HOST'),
+        port: configService.get<number>('DATABASE_PORT'),
+        username: configService.get<string>('DATABASE_USERNAME'),
+        password: configService.get<string>('DATABASE_PASSWORD'),
+        database: configService.get<string>('DATABASE_NAME'),
+        entities: [__dirname + '/**/*.entity{.ts,.js}'],
+        synchronize: false,
+        ssl:
+          configService.get<string>('DATABASE_SSL') === 'true'
+            ? {
+                rejectUnauthorized: false,
+              }
+            : false,
+      }),
+      inject: [ConfigService],
+    }),
+    MailerModule.forRootAsync({
+      imports: [ConfigModule],
+      useFactory: (config: ConfigService) => ({
+        transport: {
+          host: config.get('MAIL_HOST'),
+          port: config.get('MAIL_PORT'),
+          secure: false,
+          auth: {
+            user: config.get('MAIL_USER'),
+            pass: config.get('MAIL_PASSWORD'),
+          },
+        },
+        defaults: {
+          from: config.get('MAIL_FROM'),
+        },
+        template: {
+          dir: join(process.cwd(), 'dist', 'templates'),
+          adapter: new HandlebarsAdapter(),
+          options: {
+            strict: true,
+          },
+        },
+      }),
+      inject: [ConfigService],
+    }),
+  ],
+  controllers: [AppController],
+  providers: [AppService],
+})
+export class AppModule {}

package/templates/nest/src/app.service.ts

@@ -0,0 +1,4 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AppService {}

package/templates/nest/src/auth/auth.controller.ts

@@ -0,0 +1,97 @@
+import {
+  Controller,
+  Post,
+  Body,
+  UseGuards,
+  Patch,
+  HttpCode,
+  HttpStatus,
+} from '@nestjs/common';
+import { User } from '../common/decorators/user.decorator';
+import { UserEntity } from '../user/entities/user.entity';
+import {
+  ApiTags,
+  ApiOperation,
+  ApiResponse,
+  ApiBody,
+  ApiBearerAuth,
+} from '@nestjs/swagger';
+import { AuthService } from './auth.service';
+import { AuthGuard } from '@nestjs/passport';
+import { LoginDto } from './dto/login.dto';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { ChangePasswordDto } from './dto/change-password.dto';
+import { RefreshTokenDto } from './dto/refresh-token.dto';
+import { LoginResponseDto } from './dto/login-response.dto';
+import { plainToInstance } from 'class-transformer';
+import { RefreshTokenGuard } from './guards/refresh-token.guard';
+import { RefreshTokenPayload } from './interfaces/jwt-payload.interface';
+
+@ApiTags('auth')
+@Controller('auth')
+export class AuthController {
+  constructor(private readonly authService: AuthService) {}
+
+  @Post('login')
+  @UseGuards(AuthGuard('local'))
+  @ApiOperation({ summary: 'Autentica um usuário' })
+  @ApiBody({ type: LoginDto })
+  @ApiResponse({
+    status: 200,
+    description: 'Usuário autenticado com sucesso.',
+    type: LoginResponseDto,
+  })
+  async login(@User() user: UserEntity): Promise<LoginResponseDto> {
+    const result = await this.authService.login(user);
+    return plainToInstance(LoginResponseDto, result);
+  }
+
+  @Post('logout')
+  @UseGuards(RefreshTokenGuard)
+  @HttpCode(HttpStatus.OK)
+  @ApiOperation({ summary: 'Faz logout do usuário' })
+  @ApiBody({ type: RefreshTokenDto })
+  @ApiResponse({ status: 200, description: 'Logout realizado com sucesso.' })
+  @ApiResponse({ status: 401, description: 'Não autorizado.' })
+  logout(@User() user: RefreshTokenPayload & { refreshToken: string }) {
+    return this.authService.logout(user.jti);
+  }
+
+  @Post('refresh')
+  @UseGuards(RefreshTokenGuard)
+  @HttpCode(HttpStatus.OK)
+  @ApiOperation({ summary: 'Atualiza os tokens de acesso' })
+  @ApiBody({ type: RefreshTokenDto })
+  @ApiResponse({
+    status: 200,
+    description: 'Tokens atualizados com sucesso.',
+    type: LoginResponseDto,
+  })
+  @ApiResponse({
+    status: 401,
+    description: 'O refresh token é inválido ou expirou.',
+  })
+  async refreshTokens(
+    @User() user: RefreshTokenPayload & { refreshToken: string },
+  ): Promise<LoginResponseDto> {
+    const { sub, jti, refreshToken } = user;
+    const result = await this.authService.refreshTokens(sub, jti, refreshToken);
+    return plainToInstance(LoginResponseDto, result);
+  }
+
+  @Patch('change-password')
+  @ApiOperation({ summary: 'Altera a senha do usuário logado' })
+  @ApiBearerAuth()
+  @ApiResponse({ status: 200, description: 'Senha alterada com sucesso.' })
+  @ApiResponse({ status: 401, description: 'Não autorizado.' })
+  @ApiResponse({ status: 400, description: 'Requisição inválida.' })
+  @ApiBody({ type: ChangePasswordDto })
+  @UseGuards(JwtAuthGuard)
+  async changePassword(
+    @User() user: UserEntity,
+    @Body() changePasswordDto: ChangePasswordDto,
+  ): Promise<{ message: string }> {
+    const id = user.id;
+    return this.authService.changePassword(id, changePasswordDto);
+  }
+}

package/templates/nest/src/auth/auth.module.ts

@@ -0,0 +1,46 @@
+import { Module } from '@nestjs/common';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+import { PassportModule } from '@nestjs/passport';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { UserModule } from '../user/user.module';
+import { JwtModule } from '@nestjs/jwt';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { JwtStrategy } from './strategies/jwt.strategy';
+import { LocalStrategy } from './strategies/local.strategy';
+import { RefreshTokenStrategy } from './strategies/refresh-token.strategy';
+import { RefreshTokenGuard } from './guards/refresh-token.guard';
+import type { StringValue } from 'ms';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { RefreshTokenEntity } from './entities/refresh-token.entity';
+
+@Module({
+  imports: [
+    UserModule,
+    PassportModule,
+    ConfigModule,
+    TypeOrmModule.forFeature([RefreshTokenEntity]),
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      useFactory: (configService: ConfigService) => ({
+        secret: configService.getOrThrow<string>('JWT_SECRET'),
+        signOptions: {
+          expiresIn: (configService.get<string>('JWT_EXPIRATION_TIME') ||
+            '20m') as StringValue,
+        },
+      }),
+      inject: [ConfigService],
+    }),
+  ],
+  controllers: [AuthController],
+  providers: [
+    AuthService,
+    JwtAuthGuard,
+    JwtStrategy,
+    LocalStrategy,
+    RefreshTokenStrategy,
+    RefreshTokenGuard,
+  ],
+  exports: [AuthService, JwtAuthGuard],
+})
+export class AuthModule {}

package/templates/nest/src/auth/auth.service.ts

@@ -0,0 +1,231 @@
+import {
+  Injectable,
+  BadRequestException,
+  UnauthorizedException,
+  ForbiddenException,
+} from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { UserService } from '../user/user.service';
+import { JwtService } from '@nestjs/jwt';
+import { ERRORS } from '../common/constants/errors.constants';
+import { UserEntity } from '../user/entities/user.entity';
+import { ChangePasswordDto } from './dto/change-password.dto';
+import * as bcrypt from 'bcryptjs';
+import { UsersRepository } from '../user/user.repository';
+import { InjectRepository } from '@nestjs/typeorm';
+import { RefreshTokenEntity } from './entities/refresh-token.entity';
+import { Repository } from 'typeorm';
+import { v4 as uuidv4 } from 'uuid';
+import { LoginResponseDto } from './dto/login-response.dto';
+import { parseDurationToSeconds } from '../common/utils/duration.utils';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private userService: UserService,
+    private jwtService: JwtService,
+    private configService: ConfigService,
+    private usersRepository: UsersRepository,
+    @InjectRepository(RefreshTokenEntity)
+    private refreshTokenRepository: Repository<RefreshTokenEntity>,
+  ) {}
+
+  async validateUser(email: string, pass: string): Promise<UserEntity | null> {
+    const user = await this.userService.findOneByEmailWithPassword(email);
+
+    if (user && user.password) {
+      const isMatch = await this.userService.comparePassword(
+        pass,
+        user.password,
+      );
+
+      if (isMatch) {
+        if (user.deletedAt) {
+          throw new UnauthorizedException(ERRORS.AUTH.ACCOUNT_DELETED);
+        }
+        if (!user.isActive) {
+          throw new UnauthorizedException(ERRORS.AUTH.ACCOUNT_DISABLED);
+        }
+        return user;
+      }
+    }
+    return null;
+  }
+
+  async login(user: UserEntity): Promise<LoginResponseDto> {
+    return this.generateAuthResponse(user);
+  }
+
+  async logout(jti: string): Promise<void> {
+    if (!jti) {
+      return;
+    }
+    const token = await this.refreshTokenRepository.findOne({
+      where: { jti },
+    });
+    if (token) {
+      token.isRevoked = true;
+      await this.refreshTokenRepository.save(token);
+    }
+  }
+
+  async refreshTokens(
+    id: string,
+    oldJti: string,
+    refreshToken: string,
+  ): Promise<LoginResponseDto> {
+    const tokenRecord = await this.refreshTokenRepository.findOne({
+      where: { jti: oldJti },
+    });
+
+    if (!tokenRecord || tokenRecord.isRevoked) {
+      throw new ForbiddenException(ERRORS.AUTH.ACCESS_DENIED);
+    }
+
+    const tokenMatches = await bcrypt.compare(
+      refreshToken,
+      tokenRecord.hashedToken,
+    );
+
+    if (!tokenMatches) {
+      throw new ForbiddenException(ERRORS.AUTH.ACCESS_DENIED);
+    }
+
+    tokenRecord.isRevoked = true;
+    await this.refreshTokenRepository.save(tokenRecord);
+
+    const user = await this.userService.findById(id);
+    if (!user) {
+      throw new UnauthorizedException(ERRORS.AUTH.NOT_FOUND);
+    }
+
+    return this.generateAuthResponse(user);
+  }
+
+  private async generateAuthResponse(
+    user: UserEntity,
+  ): Promise<LoginResponseDto> {
+    const jti = uuidv4();
+    const { accessTokenExpiresIn, refreshTokenExpiresIn } =
+      this.getExpirationTimes();
+
+    const tokens = await this.getTokens(
+      user,
+      jti,
+      accessTokenExpiresIn,
+      refreshTokenExpiresIn,
+    );
+
+    await this.createRefreshToken(user, jti, tokens.refreshToken);
+
+    return {
+      ...tokens,
+      expiresIn: accessTokenExpiresIn,
+      refreshExpiresIn: refreshTokenExpiresIn,
+      user,
+    };
+  }
+
+  private getExpirationTimes() {
+    const expiresInConfig = this.configService.get<string>(
+      'JWT_EXPIRATION_TIME',
+    );
+    const refreshExpiresInConfig = this.configService.get<string>(
+      'JWT_REFRESH_EXPIRATION_TIME',
+    );
+
+    return {
+      accessTokenExpiresIn: parseDurationToSeconds(expiresInConfig, 15 * 60),
+      refreshTokenExpiresIn: parseDurationToSeconds(
+        refreshExpiresInConfig,
+        7 * 24 * 60 * 60,
+      ),
+    };
+  }
+
+  async createRefreshToken(
+    user: UserEntity,
+    jti: string,
+    token: string,
+  ): Promise<void> {
+    const hashedToken = await bcrypt.hash(token, 10);
+    const newRefreshToken = this.refreshTokenRepository.create({
+      user: user,
+      jti,
+      hashedToken,
+      isRevoked: false,
+    });
+    await this.refreshTokenRepository.save(newRefreshToken);
+  }
+
+  private async getTokens(
+    user: UserEntity,
+    jti: string,
+    accessTokenExpiresIn: number,
+    refreshTokenExpiresIn: number,
+  ): Promise<{ accessToken: string; refreshToken: string }> {
+    const [accessToken, refreshToken] = await Promise.all([
+      this.jwtService.signAsync(
+        {
+          sub: user.id,
+          email: user.email,
+          role: user.role,
+        },
+        {
+          secret: this.configService.get<string>('JWT_SECRET'),
+          expiresIn: accessTokenExpiresIn,
+        },
+      ),
+      this.jwtService.signAsync(
+        {
+          sub: user.id,
+          email: user.email,
+          role: user.role,
+          jti,
+        },
+        {
+          secret: this.configService.get<string>('JWT_REFRESH_SECRET'),
+          expiresIn: refreshTokenExpiresIn,
+        },
+      ),
+    ]);
+
+    return {
+      accessToken,
+      refreshToken,
+    };
+  }
+
+  async changePassword(
+    id: string,
+    changePasswordDto: ChangePasswordDto,
+  ): Promise<{ message: string }> {
+    const user = await this.userService.findOneByIdWithPassword(id);
+
+    if (!user) {
+      throw new UnauthorizedException(ERRORS.AUTH.NOT_FOUND);
+    }
+
+    const isMatch = await this.userService.comparePassword(
+      changePasswordDto.oldPassword,
+      user.password,
+    );
+
+    if (!isMatch) {
+      throw new UnauthorizedException(ERRORS.AUTH.OLD_PASSWORD_INCORRECT);
+    }
+
+    if (changePasswordDto.oldPassword === changePasswordDto.newPassword) {
+      throw new BadRequestException(ERRORS.AUTH.PASSWORD_SAME_AS_OLD);
+    }
+
+    const hashedPassword = await bcrypt.hash(changePasswordDto.newPassword, 12);
+
+    await this.userService.updatePassword(id, hashedPassword);
+
+    if (user.mustChangePassword) {
+      await this.userService.disableMustChangePasswordFlag(id);
+    }
+    return { message: ERRORS.AUTH.PASSWORD_CHANGED };
+  }
+}

package/templates/nest/src/auth/decorators/roles.decorator.ts

@@ -0,0 +1,5 @@
+import { SetMetadata } from '@nestjs/common';
+import { Role } from '../enums/role.enum';
+
+export const ROLES_KEY = 'roles';
+export const Roles = (...roles: Role[]) => SetMetadata(ROLES_KEY, roles);

package/templates/nest/src/auth/dto/change-password.dto.ts

@@ -0,0 +1,21 @@
+import { IsString, MinLength } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+import { ERRORS } from '../../common/constants/errors.constants';
+
+export class ChangePasswordDto {
+  @ApiProperty({
+    description: 'A senha atual (antiga) do usuário.',
+    example: 'MinhaSenhaAntiga123',
+  })
+  @IsString()
+  oldPassword!: string;
+
+  @ApiProperty({
+    description:
+      'A nova senha que o usuário deseja definir. Deve ter no mínimo 8 caracteres.',
+    example: 'NovaSenhaForte@2025',
+  })
+  @IsString()
+  @MinLength(8, { message: ERRORS.AUTH.PASSWORD_MIN_LENGTH })
+  newPassword!: string;
+}

package/templates/nest/src/auth/dto/login-response.dto.ts

@@ -0,0 +1,25 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { Expose } from 'class-transformer';
+import { UserEntity } from '../../user/entities/user.entity';
+
+export class LoginResponseDto {
+  @ApiProperty()
+  @Expose()
+  accessToken: string;
+
+  @ApiProperty()
+  @Expose()
+  refreshToken: string;
+
+  @ApiProperty({ type: 'number' })
+  @Expose()
+  expiresIn: number;
+
+  @ApiProperty({ type: 'number' })
+  @Expose()
+  refreshExpiresIn: number;
+
+  @ApiProperty({ type: () => UserEntity })
+  @Expose()
+  user: UserEntity;
+}

package/templates/nest/src/auth/dto/login.dto.ts

@@ -0,0 +1,15 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsEmail, IsNotEmpty } from 'class-validator';
+
+export class LoginDto {
+  @ApiProperty({
+    description: 'O endereço de e-mail do usuário',
+    example: 'joao.silva@exemplo.com',
+  })
+  @IsEmail()
+  email!: string;
+
+  @ApiProperty({ description: 'A senha do usuário' })
+  @IsNotEmpty()
+  password!: string;
+}

package/templates/nest/src/auth/dto/refresh-token.dto.ts

@@ -0,0 +1,12 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsNotEmpty, IsString } from 'class-validator';
+
+export class RefreshTokenDto {
+  @ApiProperty({
+    description: 'Refresh token recebido no login',
+    example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
+  })
+  @IsNotEmpty()
+  @IsString()
+  refreshToken!: string;
+}