feat: Add initial implementation for payment, gallery, user, authentication, and product management modules.

Author: beginwebdev2002

backend/src/auth/auth.controller.ts

@@ -1,11 +1,15 @@
-import { Body, Controller, Post, UnauthorizedException, Get, UseGuards, Request } from '@nestjs/common';
+import { Body, Controller, Post, UnauthorizedException } from '@nestjs/common';
 import { TelegramAuthService } from './telegram-auth.service';
 import { AuthService } from './auth.service';
 import { LoginDto } from './dto/login.dto';
 import { RegisterDto } from './dto/register.dto';
-import { JwtAuthGuard } from '../common/guards/jwt-auth.guard';
 import { Public } from '../common/decorators/public.decorator';
 
+import {
+  AuthResponse,
+  TelegramAuthResponse,
+} from './interfaces/auth-response.interface';
+
 @Controller('auth')
 export class AuthController {
   constructor(
@@ -15,26 +19,28 @@ export class AuthController {
 
   @Public()
   @Post('login')
-  async login(@Body() loginDto: LoginDto) {
+  async login(@Body() loginDto: LoginDto): Promise<AuthResponse> {
     return this.authService.login(loginDto);
   }
 
   @Public()
   @Post('register')
-  async register(@Body() registerDto: RegisterDto) {
+  async register(@Body() registerDto: RegisterDto): Promise<AuthResponse> {
     return this.authService.register(registerDto);
   }
 
   @Post('telegram')
-  async telegramAuth(@Body() body: { initData: string }) {
+  async telegramAuth(
+    @Body() body: { initData: string },
+  ): Promise<TelegramAuthResponse> {
     if (!body.initData) {
       throw new UnauthorizedException('No initData provided');
     }
     const user = await this.telegramAuthService.validateInitData(body.initData);
     // Use AuthService logic to return JWT
-    const payload = { sub: user.id, role: user.role };
+    // const payload = { sub: user.id, role: user.role };
     // Assuming we want to return token here too
     // return this.authService.login(user); (need user object with email/id)
-    return { success: true, user }; 
+    return { success: true, user };
   }
 }

backend/src/auth/auth.module.ts

@@ -16,10 +16,11 @@ import { JwtStrategy } from './infrastructure/jwt.strategy';
     AppConfigModule,
     JwtModule.registerAsync({
       imports: [AppConfigModule],
-      useFactory: (configService: AppConfigService) => ({
-        secret: configService.jwtSecret,
-        signOptions: { expiresIn: configService.jwtExpiresIn },
-      } as any),
+      useFactory: (configService: AppConfigService) =>
+        ({
+          secret: configService.jwtSecret,
+          signOptions: { expiresIn: configService.jwtExpiresIn },
+        }) as any,
       inject: [AppConfigService],
     }),
   ],

backend/src/auth/auth.service.ts

@@ -1,81 +1,85 @@
-import { ConflictException, Injectable, UnauthorizedException } from '@nestjs/common';
+import {
+  ConflictException,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
 import { UserService } from '../user/application/user.service';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
 import { LoginDto } from './dto/login.dto';
 import { RegisterDto } from './dto/register.dto';
 
+import { AuthResponse } from './interfaces/auth-response.interface';
+import { User } from '@user/domain/user.entity';
+
 @Injectable()
 export class AuthService {
   constructor(
     private userService: UserService,
     private jwtService: JwtService,
   ) {}
 
-  async validateUser(email: string, pass: string): Promise<any> {
+  async validateUser(
+    email: string,
+    pass: string,
+  ): Promise<Omit<User, 'passwordHash'> | null> {
     const user = await this.userService.findByEmail(email);
     if (user && user.passwordHash) {
       const isMatch = await bcrypt.compare(pass, user.passwordHash);
       if (isMatch) {
-         // eslint-disable-next-line @typescript-eslint/no-unused-vars
-         const { passwordHash, ...result } = user;
-         return result;
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        const { passwordHash, ...result } = user;
+        return result;
       }
     }
     return null;
   }
 
-  async login(loginDto: LoginDto) {
+  async login(loginDto: LoginDto): Promise<AuthResponse> {
     const user = await this.validateUser(loginDto.email, loginDto.password);
     if (!user) {
       throw new UnauthorizedException('Invalid credentials');
     }
-    const payload = { 
-      email: user.email, 
-      sub: user.id, 
+    const payload = {
+      email: user.email,
+      sub: user.id,
       role: user.role,
       firstName: user.firstName,
       lastName: user.lastName,
-      photoUrl: user.photoUrl
+      photoUrl: user.photoUrl,
     };
     return {
       access_token: this.jwtService.sign(payload),
     };
   }
 
-  async register(registerDto: RegisterDto) {
+  async register(registerDto: RegisterDto): Promise<AuthResponse> {
     const existing = await this.userService.findByEmail(registerDto.email);
     if (existing) {
-       throw new ConflictException('User with this email already exists');
+      throw new ConflictException('User with this email already exists');
     }
 
     const salt = await bcrypt.genSalt();
     const passwordHash = await bcrypt.hash(registerDto.password, salt);
 
     // Create user logic using UserService.create
     // UserService.create expects Omit<User, 'id' | 'createdAt'>
-    // User constructor params: firstName, telegramId?, email?, passwordHash?, lastName?, username?, photoUrl?, role?
-    // We strictly follow User type used in UserService
-    
     const newUser = await this.userService.create({
-       firstName: registerDto.firstName,
-       lastName: registerDto.lastName,
-       email: registerDto.email,
-       passwordHash: passwordHash,
-       role: 'user',
-       // Optional fields mapping
-       username: registerDto.username,
-       // Must explicitly undefined or omitting optional fields?
-       // Typescript should allow missing optional fields if they are optional in type.
-    } as any); 
+      firstName: registerDto.firstName,
+      lastName: registerDto.lastName,
+      email: registerDto.email,
+      passwordHash: passwordHash,
+      role: 'user',
+      username: registerDto.username,
+    } as unknown as Omit<User, 'id' | 'createdAt'>);
 
-    const payload = { 
-      email: newUser.email, 
-      sub: newUser.id, 
+    const payload = {
+      email: newUser.email,
+      sub: newUser.id,
       role: newUser.role,
       firstName: newUser.firstName,
       lastName: newUser.lastName,
-      photoUrl: newUser.photoUrl
+      photoUrl: newUser.photoUrl,
     };
     return {
       access_token: this.jwtService.sign(payload),

backend/src/auth/dto/register.dto.ts

@@ -1,4 +1,11 @@
-import { IsString, MinLength, MaxLength, IsNotEmpty, IsEmail, IsOptional } from 'class-validator';
+import {
+  IsString,
+  MinLength,
+  MaxLength,
+  IsNotEmpty,
+  IsEmail,
+  IsOptional,
+} from 'class-validator';
 
 export class RegisterDto {
   @IsNotEmpty()

backend/src/auth/infrastructure/jwt.strategy.ts

@@ -3,6 +3,8 @@ import { PassportStrategy } from '@nestjs/passport';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { AppConfigService } from '../../common/config/app-config.service';
 
+import { JwtPayload } from '../interfaces/jwt-payload.interface';
+
 @Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
   constructor(private configService: AppConfigService) {
@@ -13,13 +15,13 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     });
   }
 
-  async validate(payload: any) {
+  validate(payload: JwtPayload) {
     // Payload contains the decoded JWT. We return the user object (or part of it)
     // which effectively validates the token signature and expiration.
     // The strictness of payload structure depends on what we sign.
     // Assuming { sub: userId, email: email, role: role }
     if (!payload.sub) {
-       throw new UnauthorizedException();
+      throw new UnauthorizedException();
     }
     return { userId: payload.sub, email: payload.email, role: payload.role };
   }

backend/src/auth/interfaces/auth-response.interface.ts

@@ -0,0 +1,10 @@
+import { User } from '@user/domain/user.entity';
+
+export interface AuthResponse {
+  access_token: string;
+}
+
+export interface TelegramAuthResponse {
+  success: boolean;
+  user: User;
+}

backend/src/auth/interfaces/jwt-payload.interface.ts

@@ -0,0 +1,8 @@
+export interface JwtPayload {
+  email: string;
+  sub: string;
+  role: string;
+  firstName?: string;
+  lastName?: string;
+  photoUrl?: string;
+}

backend/src/common/guards/jwt-auth.guard.ts

@@ -1,4 +1,3 @@
-
 import { ExecutionContext, Injectable } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { AuthGuard } from '@nestjs/passport';

backend/src/common/guards/roles.guard.ts

@@ -1,4 +1,9 @@
-import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
+import {
+  Injectable,
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+} from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { ROLES_KEY } from '../decorators/roles.decorator';
 
@@ -7,16 +12,16 @@ export class RolesGuard implements CanActivate {
   constructor(private reflector: Reflector) {}
 
   canActivate(context: ExecutionContext): boolean {
-    const requiredRoles = this.reflector.getAllAndOverride<string[]>(ROLES_KEY, [
-      context.getHandler(),
-      context.getClass(),
-    ]);
+    const requiredRoles = this.reflector.getAllAndOverride<string[]>(
+      ROLES_KEY,
+      [context.getHandler(), context.getClass()],
+    );
     if (!requiredRoles) {
       return true;
     }
     const { user } = context.switchToHttp().getRequest();
     if (!user || !user.role || !requiredRoles.includes(user.role)) {
-       throw new ForbiddenException('Insufficient permissions');
+      throw new ForbiddenException('Insufficient permissions');
     }
     return true;
   }

backend/src/common/interfaces/authenticated-request.interface.ts

@@ -0,0 +1,10 @@
+import { Request } from 'express';
+
+export interface AuthenticatedRequest extends Request {
+  user?: {
+    id: string;
+    email: string;
+    sub?: string;
+    // Add other properties that are attached to the user object by your authentication strategy
+  };
+}