Merge pull request #19 from asepindrak/dev

Dev

Author: asepindrak

backend/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "commitflow-api",
-  "version": "1.1.7",
+  "version": "1.1.8",
   "description": "Backend CommitFlow",
   "author": "asepindrak",
   "private": false,
@@ -34,10 +34,12 @@
     "@nestjs/swagger": "^11.2.1",
     "@nestjs/websockets": "^11.1.6",
     "@prisma/client": "^6.18.0",
+    "@types/cookie-parser": "^1.4.10",
     "axios": "^1.12.2",
     "bcrypt": "^6.0.0",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.2",
+    "cookie-parser": "^1.4.7",
     "dayjs": "^1.11.19",
     "dotenv": "^17.2.3",
     "exceljs": "^4.4.0",

backend/package.json

@@ -1,36 +1,33 @@
 // src/app.module.ts
-import { Module } from '@nestjs/common';
-import { ConfigModule } from '@nestjs/config';
-import { AskModule } from './ai-agent/ask.module';
-import { AppController } from './app.controller';
-import { AppService } from './app.service';
-import { UsersModule } from './users/users.module';
+import { Module } from "@nestjs/common";
+import { ConfigModule } from "@nestjs/config";
+import { AskModule } from "./ai-agent/ask.module";
+import { AppController } from "./app.controller";
+import { AppService } from "./app.service";
+import { UsersModule } from "./users/users.module";
 import { AskController } from "./ai-agent/ask.controller";
 import { AskService } from "./ai-agent/ask.service";
 import { AskGateway } from "./ai-agent/ask.gateway";
-import { ServeStaticModule } from '@nestjs/serve-static';
-import { join } from 'path';
+import { ServeStaticModule } from "@nestjs/serve-static";
+import { join } from "path";
 import { AuthModule } from "./auth/auth.module";
 import { JwtGuard } from "./common/guards/jwt.guard";
 import { SharedModule } from "./common/shared.module";
-import { UploadModule } from './upload/upload.module';
-import { ProjectManagementModule } from './project-management/project-management.module';
-import { EmailModule } from './email/email.module';
+import { UploadModule } from "./upload/upload.module";
+import { ProjectManagementModule } from "./project-management/project-management.module";
+import { EmailModule } from "./email/email.module";
+import { APP_GUARD } from "@nestjs/core";
 
 @Module({
   imports: [
-    // config global (baca .env)
     ConfigModule.forRoot({
       isGlobal: true,
-      envFilePath: '.env',
+      envFilePath: ".env",
     }),
-
-    // Serve folder public sebagai static files
     ServeStaticModule.forRoot({
-      rootPath: join(__dirname, '..', 'public'),
-      serveRoot: '/',
+      rootPath: join(__dirname, "..", "public"),
+      serveRoot: "/",
     }),
-
     AuthModule,
     UsersModule,
     AskModule,
@@ -40,6 +37,15 @@ import { EmailModule } from './email/email.module';
     EmailModule,
   ],
   controllers: [AppController, AskController],
-  providers: [AppService, AskService, AskGateway, JwtGuard],
+  providers: [
+    AppService,
+    AskService,
+    AskGateway,
+    // Register JwtGuard as a global guard via APP_GUARD so Reflector and DI work properly
+    {
+      provide: APP_GUARD,
+      useClass: JwtGuard,
+    },
+  ],
 })
-export class AppModule { }
+export class AppModule {}

backend/src/app.module.ts

@@ -3,6 +3,6 @@ import { Injectable } from "@nestjs/common";
 @Injectable()
 export class AppService {
   getHello(): string {
-    return `CommitFlow API (1.1.7) is running!`;
+    return `CommitFlow API (1.1.8) is running!`;
   }
 }

backend/src/app.service.ts

@@ -12,6 +12,7 @@ import { AuthService } from "./auth.service";
 import { RegisterDto } from "./dto/register.dto";
 import { LoginDto } from "./dto/login.dto";
 import type { Request, Response } from "express";
+import { Public } from "./public.decorator";
 
 const REFRESH_COOKIE_NAME = "refresh_token";
 const COOKIE_MAX_AGE = 7 * 24 * 60 * 60 * 1000; // 7 days in ms
@@ -37,6 +38,7 @@ const COOKIE_OPTIONS = {
 export class AuthController {
   constructor(private authService: AuthService) {}
 
+  @Public()
   @Post("anon")
   async anonLogin(
     @Body("userId") userId?: string,
@@ -56,6 +58,7 @@ export class AuthController {
     return { token: result.token, userId: result.user.id };
   }
 
+  @Public()
   @Post("register")
   async register(
     @Body() dto: RegisterDto,
@@ -77,11 +80,11 @@ export class AuthController {
       userId: result.user.id,
       user: result.user,
       workspaceId: result.workspace.id,
-      teamMemberId: result.teamMember.id,
       clientTempId: result.clientTempId ?? null,
     };
   }
 
+  @Public()
   @Post("login")
   async login(
     @Body() dto: LoginDto,
@@ -104,19 +107,21 @@ export class AuthController {
       token: result.token,
       userId: result?.user?.id ?? "",
       user: result.user,
-      teamMemberId: result?.teamMemberId,
     };
   }
 
   // refresh endpoint: reads refresh_token cookie, verifies, rotates
+  @Public()
   @HttpCode(200)
   @Post("refresh")
   async refresh(
     @Req() req: Request,
     @Res({ passthrough: true }) res: Response
   ) {
     const token = req.cookies?.[REFRESH_COOKIE_NAME];
-    if (!token) throw new UnauthorizedException("No refresh token");
+    if (!token) {
+      throw new UnauthorizedException("No refresh token");
+    }
 
     // attempt to verify and refresh via AuthService
     let payload: any;
@@ -137,9 +142,14 @@ export class AuthController {
     });
 
     // return access token
-    return { token: newTokens.accessToken };
+    return {
+      token: newTokens.token,
+      userId: newTokens?.user?.id ?? "",
+      user: newTokens.user,
+    };
   }
 
+  @Public()
   @Post("logout")
   async logout(@Req() req: Request, @Res({ passthrough: true }) res: Response) {
     const token = req.cookies?.[REFRESH_COOKIE_NAME];