Skip to content

Feature/ds 20: Auth API#16

Open
phamhoangvu2k7 wants to merge 4 commits into
devfrom
feat/DS-20
Open

Feature/ds 20: Auth API#16
phamhoangvu2k7 wants to merge 4 commits into
devfrom
feat/DS-20

Conversation

@phamhoangvu2k7
Copy link
Copy Markdown
Collaborator

@phamhoangvu2k7 phamhoangvu2k7 commented May 12, 2026

No description provided.

@phamhoangvu2k7 phamhoangvu2k7 self-assigned this May 12, 2026

This comment was marked as spam.

Sign in to view

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/api/auth/auth.controller.js Outdated
login = async req => {
login = async (req, res) => {
const data = await this.service.login(LoginDto(req.body));
res.cookie('access_token', data.access_token, { ...cookieOptions, maxAge: ACCESS_TOKEN_MAX_AGE });
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chổ res cookie access refresh lặp lại nhiều lần nè , em thêm hàm để xử lý phần res này

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/api/auth/auth.controller.js Outdated
};

logout = async (req, res) => {
const data = await this.service.logout(LogoutDto(req.body));
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logout thì ko gửi req.body á em . Logout dựa vào refresh token trong cookie hoặc user context

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/api/auth/auth.controller.js Outdated
sameSite: 'lax',
};

const ACCESS_TOKEN_MAX_AGE = 24 * 60 * 60 * 1000; // 1 day
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mấy const này đưa vào file config nha , đừng để ở controller

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/modules/auth/dto/logout.dto.js Outdated

ApiDocument.addModel('LogoutDto',
{
refresh_token: SwaggerDocument.ApiProperty({ type: 'string' }),
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hình như em dùng cookie-based rồi thì logout dto này ko cần nữa

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/api/auth/auth.controller.js Outdated

refresh = async req => {
refresh = async (req, res) => {
const data = await this.service.refresh(RefreshDto(req.body));
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

em đang sài cookie thì lấy từ req.cookies.refresh_token nha

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/modules/auth/service/auth.service.js Outdated
}

return {
message: 'Dang xuat thanh cong.',
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Message tiếng anh nha

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/modules/auth/service/auth.service.js
hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/src/core/modules/auth/service/auth.service.js Outdated
hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/plan/auth_api_guide.md Outdated
// 4. Tao cap token moi (access + refresh)
// 5. Tra ve { access_token, refresh_token }
async refresh(refreshDto) {
const tokenRecord = await this.refreshTokenRepository.findValidToken(refreshDto.refresh_token);
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

refreshDto.refresh_token nên check rỗng trước

hodinhtuankiet
hodinhtuankiet reviewed May 14, 2026
View reviewed changes
Comment thread backend/plan/auth_api_guide.md Outdated
}

const accessToken = this.jwtService.sign(JwtPayload({ id: user.id, roles: [user.role] }));
const refreshToken = await this.#createRefreshToken(user.id);
Copy link
Copy Markdown
Member

@hodinhtuankiet hodinhtuankiet May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trong #createRefreshToken nên lưu nha hash token tránh lưu raw

@dscdut dscdut deleted a comment from vercel Bot May 16, 2026

This comment was marked as duplicate.

Sign in to view

@vercel
Copy link
Copy Markdown

vercel Bot commented May 17, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
d-shiftify Error Error May 17, 2026 2:28am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Anh-Thuw Anh-Thuw Awaiting requested review from Anh-Thuw

@ThuongHoai081 ThuongHoai081 Awaiting requested review from ThuongHoai081

@hodinhtuankiet hodinhtuankiet Awaiting requested review from hodinhtuankiet

Assignees

@phamhoangvu2k7 phamhoangvu2k7

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@phamhoangvu2k7 @hodinhtuankiet