tychat-contracts 1.0.47 → 1.0.48

package/README.md

@@ -4,7 +4,8 @@ DTOs compartilhados com **class-validator** usados pela **tychat-api** e pelos m
 
 ## Estrutura
 
-- **auth**: `LoginDto`
+- **auth**: `LoginDto`, `RefreshTokenDto`, payloads Kafka (`LoginPayload`, etc.)
+- **users**: `CreateUserDto`, `UserListItemDto`, `UpdateSelfUserDto`, `UpdateUserByAdminDto`, `UpdatedUserDto` (atualização de perfil e por administrador)
 
 ## Uso
 

package/dist/users/at-least-one-of.decorator.d.ts

@@ -0,0 +1,7 @@
+import { ValidationOptions } from 'class-validator';
+/**
+ * Ensures at least one of the listed properties is present and non-empty on the object.
+ * Apply to a dummy property (e.g. `_atLeastOne`) that is not sent by clients.
+ */
+export declare function AtLeastOneOf(propertyNames: string[], validationOptions?: ValidationOptions): (object: object, propertyName: string) => void;
+//# sourceMappingURL=at-least-one-of.decorator.d.ts.map

package/dist/users/at-least-one-of.decorator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"at-least-one-of.decorator.d.ts","sourceRoot":"","sources":["../../src/users/at-least-one-of.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,iBAAiB,EAClB,MAAM,iBAAiB,CAAC;AAEzB;;;GAGG;AACH,wBAAgB,YAAY,CAC1B,aAAa,EAAE,MAAM,EAAE,EACvB,iBAAiB,CAAC,EAAE,iBAAiB,IAEpB,QAAQ,MAAM,EAAE,cAAc,MAAM,UAyBtD"}

package/dist/users/at-least-one-of.decorator.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AtLeastOneOf = AtLeastOneOf;
+const class_validator_1 = require("class-validator");
+/**
+ * Ensures at least one of the listed properties is present and non-empty on the object.
+ * Apply to a dummy property (e.g. `_atLeastOne`) that is not sent by clients.
+ */
+function AtLeastOneOf(propertyNames, validationOptions) {
+    return function (object, propertyName) {
+        (0, class_validator_1.registerDecorator)({
+            name: 'atLeastOneOf',
+            target: object.constructor,
+            propertyName,
+            constraints: [propertyNames],
+            options: validationOptions,
+            validator: {
+                validate(_value, args) {
+                    const obj = args.object;
+                    const props = args.constraints[0];
+                    return props.some((prop) => {
+                        const v = obj[prop];
+                        if (v == null)
+                            return false;
+                        if (typeof v === 'string')
+                            return v.trim().length > 0;
+                        return true;
+                    });
+                },
+                defaultMessage(args) {
+                    const props = args.constraints[0];
+                    return `Provide at least one of: ${props.join(', ')}`;
+                },
+            },
+        });
+    };
+}

package/dist/users/index.d.ts

@@ -1,3 +1,7 @@
 export { CreateUserDto, CREATABLE_USER_ROLES, type CreatableUserRole, } from './create-user.dto';
 export { UserListItemDto } from './user-list-item.dto';
+export { UpdateSelfUserDto } from './update-self-user.dto';
+export { UpdateUserByAdminDto, ALL_USER_ROLES, type AllUserRole, } from './update-user-by-admin.dto';
+export { UpdatedUserDto } from './updated-user.dto';
+export type { AuthUpdateSelfPayload, AuthUpdateUserAdminPayload, } from './user-update-kafka-payloads';
 //# sourceMappingURL=index.d.ts.map

package/dist/users/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/users/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/users/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,KAAK,WAAW,GACjB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EACV,qBAAqB,EACrB,0BAA0B,GAC3B,MAAM,8BAA8B,CAAC"}

package/dist/users/index.js

@@ -1,8 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.UserListItemDto = exports.CREATABLE_USER_ROLES = exports.CreateUserDto = void 0;
+exports.UpdatedUserDto = exports.ALL_USER_ROLES = exports.UpdateUserByAdminDto = exports.UpdateSelfUserDto = exports.UserListItemDto = exports.CREATABLE_USER_ROLES = exports.CreateUserDto = void 0;
 var create_user_dto_1 = require("./create-user.dto");
 Object.defineProperty(exports, "CreateUserDto", { enumerable: true, get: function () { return create_user_dto_1.CreateUserDto; } });
 Object.defineProperty(exports, "CREATABLE_USER_ROLES", { enumerable: true, get: function () { return create_user_dto_1.CREATABLE_USER_ROLES; } });
 var user_list_item_dto_1 = require("./user-list-item.dto");
 Object.defineProperty(exports, "UserListItemDto", { enumerable: true, get: function () { return user_list_item_dto_1.UserListItemDto; } });
+var update_self_user_dto_1 = require("./update-self-user.dto");
+Object.defineProperty(exports, "UpdateSelfUserDto", { enumerable: true, get: function () { return update_self_user_dto_1.UpdateSelfUserDto; } });
+var update_user_by_admin_dto_1 = require("./update-user-by-admin.dto");
+Object.defineProperty(exports, "UpdateUserByAdminDto", { enumerable: true, get: function () { return update_user_by_admin_dto_1.UpdateUserByAdminDto; } });
+Object.defineProperty(exports, "ALL_USER_ROLES", { enumerable: true, get: function () { return update_user_by_admin_dto_1.ALL_USER_ROLES; } });
+var updated_user_dto_1 = require("./updated-user.dto");
+Object.defineProperty(exports, "UpdatedUserDto", { enumerable: true, get: function () { return updated_user_dto_1.UpdatedUserDto; } });

package/dist/users/update-self-user.dto.d.ts

@@ -0,0 +1,8 @@
+/** Fields the authenticated user may change on their own profile (no role change). */
+export declare class UpdateSelfUserDto {
+    _atLeastOne?: string;
+    name?: string;
+    email?: string;
+    password?: string;
+}
+//# sourceMappingURL=update-self-user.dto.d.ts.map

package/dist/users/update-self-user.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"update-self-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/update-self-user.dto.ts"],"names":[],"mappings":"AAIA,sFAAsF;AACtF,qBAAa,iBAAiB;IAG5B,WAAW,CAAC,EAAE,MAAM,CAAC;IAWrB,IAAI,CAAC,EAAE,MAAM,CAAC;IAUd,KAAK,CAAC,EAAE,MAAM,CAAC;IAWf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/users/update-self-user.dto.js

@@ -0,0 +1,63 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UpdateSelfUserDto = void 0;
+const swagger_1 = require("@nestjs/swagger");
+const class_validator_1 = require("class-validator");
+const at_least_one_of_decorator_1 = require("./at-least-one-of.decorator");
+/** Fields the authenticated user may change on their own profile (no role change). */
+class UpdateSelfUserDto {
+    _atLeastOne;
+    name;
+    email;
+    password;
+}
+exports.UpdateSelfUserDto = UpdateSelfUserDto;
+__decorate([
+    (0, swagger_1.ApiHideProperty)(),
+    (0, at_least_one_of_decorator_1.AtLeastOneOf)(['name', 'email', 'password']),
+    __metadata("design:type", String)
+], UpdateSelfUserDto.prototype, "_atLeastOne", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Full name',
+        example: 'Maria da Silva',
+        maxLength: 255,
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'name cannot be empty when provided' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], UpdateSelfUserDto.prototype, "name", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'E-mail (unique per tenant)',
+        example: 'maria@empresa.com',
+        maxLength: 255,
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsEmail)({}, { message: 'email must be a valid e-mail' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], UpdateSelfUserDto.prototype, "email", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'New password (bcrypt-hashed on the auth service)',
+        example: 'senha123',
+        minLength: 6,
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6, { message: 'password must be at least 6 characters' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], UpdateSelfUserDto.prototype, "password", void 0);

package/dist/users/update-user-by-admin.dto.d.ts

@@ -0,0 +1,11 @@
+export declare const ALL_USER_ROLES: readonly ["administrator", "attendant", "health_professional"];
+export type AllUserRole = (typeof ALL_USER_ROLES)[number];
+/** Fields an administrator may change for any user (including role). */
+export declare class UpdateUserByAdminDto {
+    _atLeastOne?: string;
+    name?: string;
+    email?: string;
+    password?: string;
+    role?: AllUserRole;
+}
+//# sourceMappingURL=update-user-by-admin.dto.d.ts.map

package/dist/users/update-user-by-admin.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"update-user-by-admin.dto.d.ts","sourceRoot":"","sources":["../../src/users/update-user-by-admin.dto.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,cAAc,gEAIjB,CAAC;AACX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1D,wEAAwE;AACxE,qBAAa,oBAAoB;IAG/B,WAAW,CAAC,EAAE,MAAM,CAAC;IAWrB,IAAI,CAAC,EAAE,MAAM,CAAC;IAUd,KAAK,CAAC,EAAE,MAAM,CAAC;IAWf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAYlB,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB"}

package/dist/users/update-user-by-admin.dto.js

@@ -0,0 +1,82 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UpdateUserByAdminDto = exports.ALL_USER_ROLES = void 0;
+const swagger_1 = require("@nestjs/swagger");
+const class_validator_1 = require("class-validator");
+const at_least_one_of_decorator_1 = require("./at-least-one-of.decorator");
+exports.ALL_USER_ROLES = [
+    'administrator',
+    'attendant',
+    'health_professional',
+];
+/** Fields an administrator may change for any user (including role). */
+class UpdateUserByAdminDto {
+    _atLeastOne;
+    name;
+    email;
+    password;
+    role;
+}
+exports.UpdateUserByAdminDto = UpdateUserByAdminDto;
+__decorate([
+    (0, swagger_1.ApiHideProperty)(),
+    (0, at_least_one_of_decorator_1.AtLeastOneOf)(['name', 'email', 'password', 'role']),
+    __metadata("design:type", String)
+], UpdateUserByAdminDto.prototype, "_atLeastOne", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Full name',
+        example: 'Maria da Silva',
+        maxLength: 255,
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'name cannot be empty when provided' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], UpdateUserByAdminDto.prototype, "name", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'E-mail (unique per tenant)',
+        example: 'maria@empresa.com',
+        maxLength: 255,
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsEmail)({}, { message: 'email must be a valid e-mail' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], UpdateUserByAdminDto.prototype, "email", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'New password (bcrypt-hashed on the auth service)',
+        example: 'senha123',
+        minLength: 6,
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6, { message: 'password must be at least 6 characters' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], UpdateUserByAdminDto.prototype, "password", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'User role',
+        enum: exports.ALL_USER_ROLES,
+        example: 'attendant',
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsIn)(exports.ALL_USER_ROLES, {
+        message: 'role must be administrator, attendant, or health_professional',
+    }),
+    __metadata("design:type", String)
+], UpdateUserByAdminDto.prototype, "role", void 0);

package/dist/users/updated-user.dto.d.ts

@@ -0,0 +1,10 @@
+/** User payload returned after create or update (no password). */
+export declare class UpdatedUserDto {
+    userId: string;
+    name: string;
+    email: string;
+    role: 'administrator' | 'attendant' | 'health_professional';
+    createdAt: Date;
+    updatedAt: Date;
+}
+//# sourceMappingURL=updated-user.dto.d.ts.map

package/dist/users/updated-user.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"updated-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/updated-user.dto.ts"],"names":[],"mappings":"AAEA,kEAAkE;AAClE,qBAAa,cAAc;IAMzB,MAAM,EAAE,MAAM,CAAC;IAGf,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAOd,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;IAG5D,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,EAAE,IAAI,CAAC;CACjB"}

package/dist/users/updated-user.dto.js

@@ -0,0 +1,55 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UpdatedUserDto = void 0;
+const swagger_1 = require("@nestjs/swagger");
+/** User payload returned after create or update (no password). */
+class UpdatedUserDto {
+    userId;
+    name;
+    email;
+    role;
+    createdAt;
+    updatedAt;
+}
+exports.UpdatedUserDto = UpdatedUserDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        format: 'uuid',
+        description: 'User identifier',
+        example: '550e8400-e29b-41d4-a716-446655440000',
+    }),
+    __metadata("design:type", String)
+], UpdatedUserDto.prototype, "userId", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Full name', example: 'Maria da Silva' }),
+    __metadata("design:type", String)
+], UpdatedUserDto.prototype, "name", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'E-mail (unique per tenant)', example: 'maria@empresa.com' }),
+    __metadata("design:type", String)
+], UpdatedUserDto.prototype, "email", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'User role',
+        enum: ['administrator', 'attendant', 'health_professional'],
+        example: 'attendant',
+    }),
+    __metadata("design:type", String)
+], UpdatedUserDto.prototype, "role", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Creation timestamp' }),
+    __metadata("design:type", Date)
+], UpdatedUserDto.prototype, "createdAt", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Last update timestamp' }),
+    __metadata("design:type", Date)
+], UpdatedUserDto.prototype, "updatedAt", void 0);

package/dist/users/user-update-constraints.d.ts

@@ -0,0 +1,12 @@
+import { ValidationArguments, ValidatorConstraintInterface } from 'class-validator';
+/** Ensures at least one of name, email, or password is provided for PATCH-style updates. */
+export declare class AtLeastOneUserUpdateFieldConstraint implements ValidatorConstraintInterface {
+    validate(_: unknown, args: ValidationArguments): boolean;
+    defaultMessage(): string;
+}
+/** Same as self-update, plus optional role (for admin PATCH). */
+export declare class AtLeastOneAdminUpdateFieldConstraint implements ValidatorConstraintInterface {
+    validate(_: unknown, args: ValidationArguments): boolean;
+    defaultMessage(): string;
+}
+//# sourceMappingURL=user-update-constraints.d.ts.map

package/dist/users/user-update-constraints.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-update-constraints.d.ts","sourceRoot":"","sources":["../../src/users/user-update-constraints.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC7B,MAAM,iBAAiB,CAAC;AAEzB,4FAA4F;AAC5F,qBACa,mCAAoC,YAAW,4BAA4B;IACtF,QAAQ,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB;IAQ9C,cAAc;CAGf;AAED,iEAAiE;AACjE,qBACa,oCAAqC,YAAW,4BAA4B;IACvF,QAAQ,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB;IAc9C,cAAc;CAGf"}

package/dist/users/user-update-constraints.js

@@ -0,0 +1,45 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AtLeastOneAdminUpdateFieldConstraint = exports.AtLeastOneUserUpdateFieldConstraint = void 0;
+const class_validator_1 = require("class-validator");
+/** Ensures at least one of name, email, or password is provided for PATCH-style updates. */
+let AtLeastOneUserUpdateFieldConstraint = class AtLeastOneUserUpdateFieldConstraint {
+    validate(_, args) {
+        const o = args.object;
+        const hasName = o.name != null && String(o.name).trim() !== '';
+        const hasEmail = o.email != null && String(o.email).trim() !== '';
+        const hasPassword = o.password != null && String(o.password).length > 0;
+        return hasName || hasEmail || hasPassword;
+    }
+    defaultMessage() {
+        return 'Provide at least one of name, email, or password';
+    }
+};
+exports.AtLeastOneUserUpdateFieldConstraint = AtLeastOneUserUpdateFieldConstraint;
+exports.AtLeastOneUserUpdateFieldConstraint = AtLeastOneUserUpdateFieldConstraint = __decorate([
+    (0, class_validator_1.ValidatorConstraint)({ name: 'atLeastOneUserUpdateField', async: false })
+], AtLeastOneUserUpdateFieldConstraint);
+/** Same as self-update, plus optional role (for admin PATCH). */
+let AtLeastOneAdminUpdateFieldConstraint = class AtLeastOneAdminUpdateFieldConstraint {
+    validate(_, args) {
+        const o = args.object;
+        const hasName = o.name != null && String(o.name).trim() !== '';
+        const hasEmail = o.email != null && String(o.email).trim() !== '';
+        const hasPassword = o.password != null && String(o.password).length > 0;
+        const hasRole = o.role != null && String(o.role).trim() !== '';
+        return hasName || hasEmail || hasPassword || hasRole;
+    }
+    defaultMessage() {
+        return 'Provide at least one of name, email, password, or role';
+    }
+};
+exports.AtLeastOneAdminUpdateFieldConstraint = AtLeastOneAdminUpdateFieldConstraint;
+exports.AtLeastOneAdminUpdateFieldConstraint = AtLeastOneAdminUpdateFieldConstraint = __decorate([
+    (0, class_validator_1.ValidatorConstraint)({ name: 'atLeastOneAdminUpdateField', async: false })
+], AtLeastOneAdminUpdateFieldConstraint);

package/dist/users/user-update-kafka-payloads.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Kafka payload for auth.update_self (tychat-api → tychat-auth-service).
+ */
+export interface AuthUpdateSelfPayload {
+    tenant?: string;
+    userId: string;
+    name?: string;
+    email?: string;
+    password?: string;
+}
+/**
+ * Kafka payload for auth.update_user_admin (tychat-api → tychat-auth-service).
+ * actorRole must be "administrator" or the handler rejects the request.
+ */
+export interface AuthUpdateUserAdminPayload {
+    tenant?: string;
+    actorRole: string;
+    targetUserId: string;
+    name?: string;
+    email?: string;
+    password?: string;
+    role?: 'administrator' | 'attendant' | 'health_professional';
+}
+//# sourceMappingURL=user-update-kafka-payloads.d.ts.map

package/dist/users/user-update-kafka-payloads.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-update-kafka-payloads.d.ts","sourceRoot":"","sources":["../../src/users/user-update-kafka-payloads.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;CAC9D"}

package/dist/users/user-update-kafka-payloads.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tychat-contracts",
-  "version": "1.0.47",
+  "version": "1.0.48",
   "description": "DTOs compartilhados com class-validator (API e microserviços)",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/users/at-least-one-of.decorator.ts

@@ -0,0 +1,40 @@
+import {
+  registerDecorator,
+  ValidationArguments,
+  ValidationOptions,
+} from 'class-validator';
+
+/**
+ * Ensures at least one of the listed properties is present and non-empty on the object.
+ * Apply to a dummy property (e.g. `_atLeastOne`) that is not sent by clients.
+ */
+export function AtLeastOneOf(
+  propertyNames: string[],
+  validationOptions?: ValidationOptions,
+) {
+  return function (object: object, propertyName: string) {
+    registerDecorator({
+      name: 'atLeastOneOf',
+      target: object.constructor,
+      propertyName,
+      constraints: [propertyNames],
+      options: validationOptions,
+      validator: {
+        validate(_value: unknown, args: ValidationArguments) {
+          const obj = args.object as Record<string, unknown>;
+          const props = args.constraints[0] as string[];
+          return props.some((prop) => {
+            const v = obj[prop];
+            if (v == null) return false;
+            if (typeof v === 'string') return v.trim().length > 0;
+            return true;
+          });
+        },
+        defaultMessage(args: ValidationArguments) {
+          const props = args.constraints[0] as string[];
+          return `Provide at least one of: ${props.join(', ')}`;
+        },
+      },
+    });
+  };
+}

package/src/users/index.ts

@@ -4,3 +4,14 @@ export {
   type CreatableUserRole,
 } from './create-user.dto';
 export { UserListItemDto } from './user-list-item.dto';
+export { UpdateSelfUserDto } from './update-self-user.dto';
+export {
+  UpdateUserByAdminDto,
+  ALL_USER_ROLES,
+  type AllUserRole,
+} from './update-user-by-admin.dto';
+export { UpdatedUserDto } from './updated-user.dto';
+export type {
+  AuthUpdateSelfPayload,
+  AuthUpdateUserAdminPayload,
+} from './user-update-kafka-payloads';

package/src/users/update-self-user.dto.ts

@@ -0,0 +1,42 @@
+import { ApiHideProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { IsEmail, IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
+import { AtLeastOneOf } from './at-least-one-of.decorator';
+
+/** Fields the authenticated user may change on their own profile (no role change). */
+export class UpdateSelfUserDto {
+  @ApiHideProperty()
+  @AtLeastOneOf(['name', 'email', 'password'])
+  _atLeastOne?: string;
+
+  @ApiPropertyOptional({
+    description: 'Full name',
+    example: 'Maria da Silva',
+    maxLength: 255,
+  })
+  @IsOptional()
+  @IsString()
+  @MinLength(1, { message: 'name cannot be empty when provided' })
+  @MaxLength(255)
+  name?: string;
+
+  @ApiPropertyOptional({
+    description: 'E-mail (unique per tenant)',
+    example: 'maria@empresa.com',
+    maxLength: 255,
+  })
+  @IsOptional()
+  @IsEmail({}, { message: 'email must be a valid e-mail' })
+  @MaxLength(255)
+  email?: string;
+
+  @ApiPropertyOptional({
+    description: 'New password (bcrypt-hashed on the auth service)',
+    example: 'senha123',
+    minLength: 6,
+  })
+  @IsOptional()
+  @IsString()
+  @MinLength(6, { message: 'password must be at least 6 characters' })
+  @MaxLength(255)
+  password?: string;
+}

package/src/users/update-user-by-admin.dto.ts

@@ -0,0 +1,61 @@
+import { ApiHideProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { IsEmail, IsIn, IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
+import { AtLeastOneOf } from './at-least-one-of.decorator';
+
+export const ALL_USER_ROLES = [
+  'administrator',
+  'attendant',
+  'health_professional',
+] as const;
+export type AllUserRole = (typeof ALL_USER_ROLES)[number];
+
+/** Fields an administrator may change for any user (including role). */
+export class UpdateUserByAdminDto {
+  @ApiHideProperty()
+  @AtLeastOneOf(['name', 'email', 'password', 'role'])
+  _atLeastOne?: string;
+
+  @ApiPropertyOptional({
+    description: 'Full name',
+    example: 'Maria da Silva',
+    maxLength: 255,
+  })
+  @IsOptional()
+  @IsString()
+  @MinLength(1, { message: 'name cannot be empty when provided' })
+  @MaxLength(255)
+  name?: string;
+
+  @ApiPropertyOptional({
+    description: 'E-mail (unique per tenant)',
+    example: 'maria@empresa.com',
+    maxLength: 255,
+  })
+  @IsOptional()
+  @IsEmail({}, { message: 'email must be a valid e-mail' })
+  @MaxLength(255)
+  email?: string;
+
+  @ApiPropertyOptional({
+    description: 'New password (bcrypt-hashed on the auth service)',
+    example: 'senha123',
+    minLength: 6,
+  })
+  @IsOptional()
+  @IsString()
+  @MinLength(6, { message: 'password must be at least 6 characters' })
+  @MaxLength(255)
+  password?: string;
+
+  @ApiPropertyOptional({
+    description: 'User role',
+    enum: ALL_USER_ROLES,
+    example: 'attendant',
+  })
+  @IsOptional()
+  @IsString()
+  @IsIn(ALL_USER_ROLES, {
+    message: 'role must be administrator, attendant, or health_professional',
+  })
+  role?: AllUserRole;
+}

package/src/users/updated-user.dto.ts

@@ -0,0 +1,30 @@
+import { ApiProperty } from '@nestjs/swagger';
+
+/** User payload returned after create or update (no password). */
+export class UpdatedUserDto {
+  @ApiProperty({
+    format: 'uuid',
+    description: 'User identifier',
+    example: '550e8400-e29b-41d4-a716-446655440000',
+  })
+  userId: string;
+
+  @ApiProperty({ description: 'Full name', example: 'Maria da Silva' })
+  name: string;
+
+  @ApiProperty({ description: 'E-mail (unique per tenant)', example: 'maria@empresa.com' })
+  email: string;
+
+  @ApiProperty({
+    description: 'User role',
+    enum: ['administrator', 'attendant', 'health_professional'],
+    example: 'attendant',
+  })
+  role: 'administrator' | 'attendant' | 'health_professional';
+
+  @ApiProperty({ description: 'Creation timestamp' })
+  createdAt: Date;
+
+  @ApiProperty({ description: 'Last update timestamp' })
+  updatedAt: Date;
+}

package/src/users/user-update-kafka-payloads.ts

@@ -0,0 +1,24 @@
+/**
+ * Kafka payload for auth.update_self (tychat-api → tychat-auth-service).
+ */
+export interface AuthUpdateSelfPayload {
+  tenant?: string;
+  userId: string;
+  name?: string;
+  email?: string;
+  password?: string;
+}
+
+/**
+ * Kafka payload for auth.update_user_admin (tychat-api → tychat-auth-service).
+ * actorRole must be "administrator" or the handler rejects the request.
+ */
+export interface AuthUpdateUserAdminPayload {
+  tenant?: string;
+  actorRole: string;
+  targetUserId: string;
+  name?: string;
+  email?: string;
+  password?: string;
+  role?: 'administrator' | 'attendant' | 'health_professional';
+}