"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.authService = void 0; const bcryptjs_1 = __importDefault(require("bcryptjs")); const jsonwebtoken_1 = __importDefault(require("jsonwebtoken")); const client_1 = require("@prisma/client"); const database_1 = require("../../config/database"); const env_1 = require("../../config/env"); const error_handler_1 = require("../../middleware/error-handler"); const metrics_1 = require("../../utils/metrics"); exports.authService = { async login(email, password) { const user = await database_1.prisma.user.findUnique({ where: { email } }); if (!user) { (0, metrics_1.recordLoginAttempt)('failure'); throw new error_handler_1.AppError(401, 'Invalid email or password', 'INVALID_CREDENTIALS'); } const valid = await bcryptjs_1.default.compare(password, user.password); if (!valid) { (0, metrics_1.recordLoginAttempt)('failure'); throw new error_handler_1.AppError(401, 'Invalid email or password', 'INVALID_CREDENTIALS'); } if (user.status !== client_1.UserStatus.ACTIVE) { (0, metrics_1.recordLoginAttempt)('failure'); throw new error_handler_1.AppError(403, `Account is ${user.status.toLowerCase()}`, 'ACCOUNT_INACTIVE'); } if (user.expiresAt && user.expiresAt < new Date()) { (0, metrics_1.recordLoginAttempt)('failure'); throw new error_handler_1.AppError(403, 'Account has expired', 'ACCOUNT_EXPIRED'); } (0, metrics_1.recordLoginAttempt)('success'); await database_1.prisma.user.update({ where: { id: user.id }, data: { lastLoginAt: new Date() }, }); const tokens = await this.generateTokenPair(user); const { password: _, ...userWithoutPassword } = user; return { user: userWithoutPassword, ...tokens }; }, async register(data) { const existing = await database_1.prisma.user.findUnique({ where: { email: data.email } }); if (existing) { throw new error_handler_1.AppError(409, 'Email already registered', 'EMAIL_EXISTS'); } const hashedPassword = await bcryptjs_1.default.hash(data.password, 12); const user = await database_1.prisma.user.create({ data: { email: data.email, password: hashedPassword, name: data.name, phone: data.phone, role: client_1.UserRole.USER, // Always USER for public registration }, }); const tokens = await this.generateTokenPair(user); const { password: _, ...userWithoutPassword } = user; return { user: userWithoutPassword, ...tokens }; }, async refreshTokens(refreshToken) { let payload; try { payload = jsonwebtoken_1.default.verify(refreshToken, env_1.env.JWT_REFRESH_SECRET); } catch { throw new error_handler_1.AppError(401, 'Invalid refresh token', 'INVALID_REFRESH_TOKEN'); } const stored = await database_1.prisma.refreshToken.findUnique({ where: { token: refreshToken }, include: { user: true }, }); if (!stored) { throw new error_handler_1.AppError(401, 'Refresh token not found', 'INVALID_REFRESH_TOKEN'); } if (stored.expiresAt < new Date()) { await database_1.prisma.refreshToken.delete({ where: { id: stored.id } }); throw new error_handler_1.AppError(401, 'Refresh token expired', 'REFRESH_TOKEN_EXPIRED'); } // Rotate: delete old and create new atomically const tokens = await database_1.prisma.$transaction(async (tx) => { await tx.refreshToken.delete({ where: { id: stored.id } }); // Generate new token pair const accessToken = this.generateAccessToken(stored.user); const refreshPayload = { id: stored.user.id, email: stored.user.email, role: stored.user.role }; const refreshToken = jsonwebtoken_1.default.sign(refreshPayload, env_1.env.JWT_REFRESH_SECRET, { expiresIn: env_1.env.JWT_REFRESH_EXPIRY, }); const decoded = jsonwebtoken_1.default.decode(refreshToken); const expiresAt = new Date(decoded.exp * 1000); await tx.refreshToken.create({ data: { token: refreshToken, userId: stored.user.id, expiresAt, }, }); return { accessToken, refreshToken }; }); const { password: _, ...userWithoutPassword } = stored.user; return { user: userWithoutPassword, ...tokens }; }, async logout(refreshToken) { await database_1.prisma.refreshToken.deleteMany({ where: { token: refreshToken } }); }, generateAccessToken(user) { const payload = { id: user.id, email: user.email, role: user.role }; return jsonwebtoken_1.default.sign(payload, env_1.env.JWT_ACCESS_SECRET, { expiresIn: env_1.env.JWT_ACCESS_EXPIRY, }); }, async generateRefreshToken(user) { const payload = { id: user.id, email: user.email, role: user.role }; const token = jsonwebtoken_1.default.sign(payload, env_1.env.JWT_REFRESH_SECRET, { expiresIn: env_1.env.JWT_REFRESH_EXPIRY, }); // Parse expiry to get a Date const decoded = jsonwebtoken_1.default.decode(token); const expiresAt = new Date(decoded.exp * 1000); await database_1.prisma.refreshToken.create({ data: { token, userId: user.id, expiresAt, }, }); return token; }, async generateTokenPair(user) { const accessToken = this.generateAccessToken(user); const refreshToken = await this.generateRefreshToken(user); return { accessToken, refreshToken }; }, }; //# sourceMappingURL=auth.service.js.map