Merge pull request #30 from mju-likelion/feature/improve-admin-auth

어드민 로그인 관련 자잘 수정

src/api/auth/auth.service.ts

@@ -2,8 +2,7 @@ import { JwtService } from '@nestjs/jwt';
 import { Inject, Injectable } from '@nestjs/common';
 import authConfig from 'src/config/authConfig';
 import { ConfigType } from '@nestjs/config';
-import { ManagerService } from '../manager/manager.service';
-import { compare } from 'bcrypt';
+import { compare, hash } from 'bcrypt';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Manager } from '../manager/entities/manager.entity';
 import { Repository } from 'typeorm';
@@ -33,11 +32,17 @@ export class AuthService {
     };
   }
 
+  async encryptPassword(password: string) {
+    return await hash(password, 10);
+  }
+
   async validateUser(email: string, password: string) {
     const user = await this.managerRepository.findOne({
       where: { email },
+      select: { password: true },
     });
-    if (!user || (user && !compare(password, user.password))) return null;
+    const isMatch = await compare(password, user.password);
+    if (!user || (user && !isMatch)) return null;
     return user;
   }
 }

src/api/auth/jwt.strategy.ts

@@ -19,11 +19,6 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
   }
 
   async validate(payload: any) {
-    const { email, password } = payload;
-    const user = await this.authService.validateUser(email, password);
-    if (!user) {
-      throw new UnauthorizedException();
-    }
-    return user;
+    return { userId: payload.sub, username: payload.username };
   }
 }

src/api/manager/dto/manager-login.dto.ts

@@ -1,7 +1,12 @@
-import { PickType } from '@nestjs/mapped-types';
-import { PwRegistrationDto } from './pw-registration.dto';
+import { Transform } from 'class-transformer';
+import { IsEmail, IsString, Matches } from 'class-validator';
 
-export class ManagerLoginDto extends PickType(PwRegistrationDto, [
-  'email',
-  'password',
-] as const) {}
+export class ManagerLoginDto {
+  @IsEmail()
+  email: string;
+
+  @Transform(({ value }) => value.trim())
+  @IsString()
+  @Matches(/^[A-Za-z0-9!@#$%^&*()]{8,30}$/)
+  password: string;
+}

src/api/manager/dto/pw-registration.dto.ts

@@ -1,12 +1,7 @@
-import { PartialType } from '@nestjs/mapped-types';
-import { PickType } from '@nestjs/mapped-types';
 import { Transform } from 'class-transformer';
 import { IsString, Matches } from 'class-validator';
-import { SendEmailDto } from './send-email.dto';
 
-export class PwRegistrationDto extends PickType(SendEmailDto, [
-  'email',
-] as const) {
+export class PwRegistrationDto {
   @Transform(({ value }) => value.trim())
   @IsString()
   @Matches(/^[A-Za-z0-9!@#$%^&*()]{8,30}$/)

src/api/manager/entities/manager.entity.ts

@@ -17,10 +17,10 @@ export class Manager {
   @Column({ unique: true })
   email: string;
 
-  @Column()
+  @Column({ select: false })
   password: string;
 
-  @Column()
+  @Column({ select: false, unique: true })
   verifyToken: string;
 
   static from({ name, email, verifyToken }: ManagerForm): Manager {

src/api/manager/manager.controller.ts

@@ -1,10 +1,10 @@
-import { Controller, Post, Body } from '@nestjs/common';
+import { Controller, Post, Body, HttpCode } from '@nestjs/common';
 import { ManagerService } from './manager.service';
 import { SendEmailDto } from './dto/send-email.dto';
 import { PwRegistrationDto } from './dto/pw-registration.dto';
 import { ManagerLoginDto } from './dto/manager-login.dto';
 
-@Controller('management')
+@Controller('managers')
 export class ManagerController {
   constructor(private readonly managerService: ManagerService) {}
 
@@ -17,15 +17,12 @@ export class ManagerController {
 
   @Post('register')
   async registerManager(@Body() pwRegistrationDto: PwRegistrationDto) {
-    const { email, password, verifyToken } = pwRegistrationDto;
-    return await this.managerService.registerManager(
-      email,
-      password,
-      verifyToken,
-    );
+    const { password, verifyToken } = pwRegistrationDto;
+    return await this.managerService.registerManager(password, verifyToken);
   }
 
   @Post('login')
+  @HttpCode(200)
   async login(@Body() managerLoginDto: ManagerLoginDto) {
     const { email, password } = managerLoginDto;
     return await this.managerService.managerLogin(email, password);

src/api/manager/manager.service.ts

@@ -2,6 +2,7 @@ import {
   BadRequestException,
   Injectable,
   NotFoundException,
+  UnauthorizedException,
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
@@ -47,28 +48,38 @@ export class ManagerService {
     return nanoid.nanoid(6);
   }
 
-  async registerManager(email: string, password: string, verifyToken: string) {
+  async registerManager(password: string, verifyToken: string) {
     const managerExist = await this.managerRepository.findOne({
-      where: { email, verifyToken },
+      where: { verifyToken },
     });
     if (!managerExist) {
       throw new NotFoundException('User is not exist');
     } else if (managerExist.password) {
       throw new BadRequestException('User password is already registered');
     }
-    await this.managerRepository.update({ email }, { password });
+
+    const hashedPassword = await this.authService.encryptPassword(password);
+
+    await this.managerRepository.update(
+      { verifyToken },
+      { password: hashedPassword, verifyToken: null },
+    );
     return {
       id: managerExist.id,
     };
   }
 
   async managerLogin(email: string, password: string) {
-    const manager = await this.managerRepository.findOne({
-      where: { email, password },
+    const emailExist = await this.managerRepository.findOne({
+      where: { email },
     });
-    if (!manager) {
+    if (!emailExist) {
       throw new NotFoundException('User is not exist');
     }
+    const manager = await this.authService.validateUser(email, password);
+    if (!manager) {
+      throw new UnauthorizedException('Password is not correct');
+    }
     return this.authService.login(manager);
   }
 }