Feature/organization

package.json

@@ -40,6 +40,7 @@
     "@sapphire/snowflake": "^3.5.5",
     "@types/passport-jwt": "^4.0.1",
     "axios": "^1.11.0",
+    "bcrypt": "^6.0.0",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.2",
     "cookie-parser": "^1.4.7",
@@ -60,6 +61,7 @@
     "@nestjs/testing": "^11.0.1",
     "@swc/cli": "^0.7.7",
     "@swc/core": "^1.10.7",
+    "@types/bcrypt": "^6.0.0",
     "@types/cookie-parser": "^1.4.8",
     "@types/express": "^5.0.0",
     "@types/jest": "^29.5.14",

src/analytics/application/auth-event.handler.ts

@@ -1,7 +1,7 @@
 import { EventsHandler, IEventHandler } from '@nestjs/cqrs';
-import { AuthCreatedEvent } from 'src/auth/domain/event/auth-created.event';
+import { AuthCreatedEvent } from 'src/auth/auth-user/domain/event/auth-created.event';
 import { AnalyticsService } from '../infrastructure/analytics.service';
-import { LoginSucceededEvent } from 'src/auth/domain/event/login-succeeded.event';
+import { LoginSucceededEvent } from 'src/auth/auth-user/domain/event/login-succeeded.event';
 
 @EventsHandler(AuthCreatedEvent)
 export class AuthCreatedEventHandler implements IEventHandler<AuthCreatedEvent> {

src/app.module.ts

@@ -13,6 +13,7 @@ import { ScrapModule } from './scrap/scrap.module';
 import mikroOrmConfig from './shared/config/mikro-orm.config';
 import config from 'src/shared/config/configuration';
 import { AnalyticsModule } from './analytics/analytics.module';
+import { OrganizationModule } from './organization/organization.module';
 
 @Module({
   imports: [
@@ -29,6 +30,7 @@ import { AnalyticsModule } from './analytics/analytics.module';
     TagModule,
     MediaModule,
     ScrapModule,
+    OrganizationModule,
   ],
   controllers: [AppController],
   providers: [AppService],

src/auth/auth-organization/application/check-account-id/check-account-id.command.ts

@@ -0,0 +1,5 @@
+import { ICommand } from '@nestjs/cqrs';
+
+export class CheckAccountIdCommand implements ICommand {
+  constructor(public readonly accountId: string) {}
+}

src/auth/auth-organization/application/check-account-id/check-account-id.use-case.ts

@@ -0,0 +1,19 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { AUTH_ORGANIZATION_STORE, AuthOrganizationStore } from '../../domain/auth-organization.store';
+import { CommandHandler } from '@nestjs/cqrs';
+import { CheckAccountIdCommand } from './check-account-id.command';
+
+@Injectable()
+@CommandHandler(CheckAccountIdCommand)
+export class CheckAccountIdUseCase {
+  constructor(
+    @Inject(AUTH_ORGANIZATION_STORE)
+    private readonly authOrganizationStore: AuthOrganizationStore,
+  ) {}
+
+  async execute(command: CheckAccountIdCommand): Promise<boolean> {
+    const { accountId } = command;
+    const exists = await this.authOrganizationStore.existsByAccountId(accountId.trim());
+    return exists;
+  }
+}

src/auth/auth-organization/application/create/create.command.ts

@@ -0,0 +1,10 @@
+import { ICommand } from '@nestjs/cqrs';
+
+export class CreateAuthOrganizationCommand implements ICommand {
+  constructor(
+    public readonly accountId: string,
+    public readonly password: string,
+    public readonly name: string,
+    public readonly contact: string,
+  ) {}
+}

src/auth/auth-organization/application/create/create.use-case.ts

@@ -0,0 +1,50 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { CreateAuthOrganizationCommand } from './create.command';
+import { AUTH_ORGANIZATION_STORE, AuthOrganizationStore } from '../../domain/auth-organization.store';
+import { CustomException } from 'src/shared/exception/custom-exception';
+import { CustomExceptionCode } from 'src/shared/exception/custom-exception-code';
+import { Identifier } from 'src/shared/core/domain/identifier';
+import { AuthOrganization } from '../../domain/auth-organization';
+import { AccountId } from '../../domain/vo/account-id';
+import { PasswordHash } from '../../domain/vo/password-hash';
+import { EventBus } from '@nestjs/cqrs';
+import { AuthOrganizationCreatedEvent } from '../../domain/event/auth-organization-created.event';
+import { PASSWORD_HASHER, PasswordHasher } from '../../domain/password-hasher';
+import { RawPassword } from '../../domain/vo/raw-password';
+
+@Injectable()
+export class CreateAuthOrganizationUseCase {
+  constructor(
+    @Inject(AUTH_ORGANIZATION_STORE)
+    private readonly authOrganizationStore: AuthOrganizationStore,
+    @Inject(PASSWORD_HASHER)
+    private readonly passwordHasher: PasswordHasher,
+    private readonly eventBus: EventBus,
+  ) {}
+
+  async execute(command: CreateAuthOrganizationCommand) {
+    const existingAuth = await this.authOrganizationStore.loadByAccountId(command.accountId.trim());
+    if (existingAuth) throw new CustomException(CustomExceptionCode.AUTH_ORGANIZATION_ACCOUNT_ID_ALREADY_EXISTS);
+
+    const rawPassword = RawPassword.create(command.password.trim());
+    const hashedPassword = await this.passwordHasher.hash(rawPassword.value);
+
+    const authOrganization = AuthOrganization.create({
+      id: Identifier.create(),
+      accountId: AccountId.create(command.accountId.trim()),
+      passwordHash: PasswordHash.create(hashedPassword),
+      refreshToken: null,
+      organizationId: Identifier.create(),
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      isDeleted: false,
+      deletedAt: null,
+    });
+
+    await this.authOrganizationStore.save(authOrganization);
+
+    await this.eventBus.publish(
+      new AuthOrganizationCreatedEvent(authOrganization.organizationId.value, command.name, command.contact),
+    );
+  }
+}

src/auth/auth-organization/application/login/dto/login.response.dto.ts

@@ -0,0 +1,11 @@
+import { IsNotEmpty, IsString } from 'class-validator';
+
+export class LoginResponseDto {
+  @IsString()
+  @IsNotEmpty()
+  accessToken: string;
+
+  @IsString()
+  @IsNotEmpty()
+  refreshToken: string;
+}

src/auth/auth-organization/application/login/login.command.ts

@@ -0,0 +1,8 @@
+import { ICommand } from '@nestjs/cqrs';
+
+export class LoginCommand implements ICommand {
+  constructor(
+    public readonly accountId: string,
+    public readonly password: string,
+  ) {}
+}

src/auth/auth-organization/application/login/login.use-case.ts

@@ -0,0 +1,57 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { CommandHandler } from '@nestjs/cqrs';
+import { LoginCommand } from './login.command';
+import { AUTH_ORGANIZATION_STORE, AuthOrganizationStore } from '../../domain/auth-organization.store';
+import { PASSWORD_HASHER, PasswordHasher } from '../../domain/password-hasher';
+import { CustomException } from 'src/shared/exception/custom-exception';
+import { CustomExceptionCode } from 'src/shared/exception/custom-exception-code';
+import { JwtProvider } from 'src/auth/core/infrastructure/jwt/jwt.provider';
+import { TokenType } from 'src/auth/core/infrastructure/jwt/jwt.factory';
+import { LoginResponseDto } from './dto/login.response.dto';
+import { AuthOrganization } from '../../domain/auth-organization';
+
+@Injectable()
+@CommandHandler(LoginCommand)
+export class LoginUseCase {
+  constructor(
+    @Inject(AUTH_ORGANIZATION_STORE)
+    private readonly authOrganizationStore: AuthOrganizationStore,
+    @Inject(PASSWORD_HASHER)
+    private readonly passwordHasher: PasswordHasher,
+    private readonly jwtProvider: JwtProvider,
+  ) {}
+
+  async execute(command: LoginCommand): Promise<LoginResponseDto> {
+    const { accountId, password } = command;
+
+    const authOrganization = await this.validateAccount(accountId.trim(), password.trim());
+    const { accessToken, refreshToken, jti } = await this.generateTokens(authOrganization.organizationId.value);
+    await this.saveRefreshToken(authOrganization, jti);
+
+    return { accessToken, refreshToken };
+  }
+
+  private async validateAccount(accountId: string, password: string): Promise<AuthOrganization> {
+    const authOrganization = await this.authOrganizationStore.loadByAccountId(accountId);
+    if (!authOrganization) throw new CustomException(CustomExceptionCode.AUTH_ORGANIZATION_NOT_FOUND);
+
+    const isPasswordValid = await this.passwordHasher.compare(password, authOrganization.passwordHash.value);
+    if (!isPasswordValid) throw new CustomException(CustomExceptionCode.AUTH_ORGANIZATION_INVALID_PASSWORD);
+
+    return authOrganization;
+  }
+
+  private async generateTokens(
+    organizationId: string,
+  ): Promise<{ accessToken: string; refreshToken: string; jti: string }> {
+    const { token: accessToken } = await this.jwtProvider.generateToken(TokenType.ACCESS, organizationId);
+    const { token: refreshToken, jti } = await this.jwtProvider.generateToken(TokenType.REFRESH, organizationId);
+
+    return { accessToken, refreshToken, jti };
+  }
+
+  private async saveRefreshToken(authOrganization: AuthOrganization, jti: string): Promise<void> {
+    authOrganization.updateRefreshToken(jti);
+    await this.authOrganizationStore.update(authOrganization);
+  }
+}

src/auth/auth-organization/application/logout/logout.command.ts

@@ -0,0 +1,5 @@
+import { ICommand } from '@nestjs/cqrs';
+
+export class LogoutCommand implements ICommand {
+  constructor(public readonly organizationId: string) {}
+}

src/auth/auth-organization/application/logout/logout.use-case.ts

@@ -0,0 +1,25 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { CommandHandler } from '@nestjs/cqrs';
+import { LogoutCommand } from './logout.command';
+import { AUTH_ORGANIZATION_STORE, AuthOrganizationStore } from '../../domain/auth-organization.store';
+import { CustomException } from 'src/shared/exception/custom-exception';
+import { CustomExceptionCode } from 'src/shared/exception/custom-exception-code';
+
+@Injectable()
+@CommandHandler(LogoutCommand)
+export class LogoutUseCase {
+  constructor(
+    @Inject(AUTH_ORGANIZATION_STORE)
+    private readonly authOrganizationStore: AuthOrganizationStore,
+  ) {}
+
+  async execute(command: LogoutCommand): Promise<void> {
+    const { organizationId } = command;
+
+    const authOrganization = await this.authOrganizationStore.loadByOrganizationId(organizationId);
+    if (!authOrganization) throw new CustomException(CustomExceptionCode.AUTH_ORGANIZATION_INVALID_ACCESS_TOKEN);
+
+    authOrganization.updateRefreshToken(null);
+    await this.authOrganizationStore.update(authOrganization);
+  }
+}

src/auth/auth-organization/application/renew-token/renew-token.command.ts

@@ -0,0 +1,8 @@
+import { ICommand } from '@nestjs/cqrs';
+
+export class RenewTokenCommand implements ICommand {
+  constructor(
+    public readonly organizationId: string,
+    public readonly jti: string,
+  ) {}
+}

src/auth/auth-organization/application/renew-token/renew-token.use-case.ts

@@ -0,0 +1,53 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { JwtProvider } from 'src/auth/core/infrastructure/jwt/jwt.provider';
+import { AUTH_ORGANIZATION_STORE, AuthOrganizationStore } from '../../domain/auth-organization.store';
+import { CommandHandler, ICommandHandler } from '@nestjs/cqrs';
+import { RenewTokenCommand } from './renew-token.command';
+import { TokenType } from 'src/auth/core/infrastructure/jwt/jwt.factory';
+import { CustomException } from 'src/shared/exception/custom-exception';
+import { CustomExceptionCode } from 'src/shared/exception/custom-exception-code';
+import { RenewTokenResponseDto } from './dto/renew-token.response.dto';
+import { AuthOrganization } from '../../domain/auth-organization';
+
+@Injectable()
+@CommandHandler(RenewTokenCommand)
+export class RenewTokenUseCase implements ICommandHandler<RenewTokenCommand> {
+  constructor(
+    @Inject(AUTH_ORGANIZATION_STORE)
+    private readonly authOrganizationStore: AuthOrganizationStore,
+    private readonly jwtProvider: JwtProvider,
+  ) {}
+
+  async execute(command: RenewTokenCommand): Promise<RenewTokenResponseDto> {
+    const { organizationId, jti } = command;
+
+    const authOrganization = await this.validateRefreshToken(organizationId, jti);
+    const { accessToken, refreshToken, jti: newJti } = await this.generateTokens(organizationId);
+    await this.saveRefreshToken(authOrganization, newJti);
+
+    return { accessToken, refreshToken };
+  }
+
+  private async validateRefreshToken(organizationId: string, jti: string): Promise<AuthOrganization> {
+    const authOrganization = await this.authOrganizationStore.loadByRefreshToken(jti);
+    if (!authOrganization || authOrganization.organizationId.value !== organizationId) {
+      throw new CustomException(CustomExceptionCode.AUTH_ORGANIZATION_INVALID_REFRESH_TOKEN);
+    }
+
+    return authOrganization;
+  }
+
+  private async generateTokens(
+    organizationId: string,
+  ): Promise<{ accessToken: string; refreshToken: string; jti: string }> {
+    const { token: accessToken } = await this.jwtProvider.generateToken(TokenType.ACCESS, organizationId);
+    const { token: refreshToken, jti } = await this.jwtProvider.generateToken(TokenType.REFRESH, organizationId);
+
+    return { accessToken, refreshToken, jti };
+  }
+
+  private async saveRefreshToken(authOrganization: AuthOrganization, jti: string): Promise<void> {
+    authOrganization.updateRefreshToken(jti);
+    await this.authOrganizationStore.update(authOrganization);
+  }
+}

src/auth/auth-organization/auth-organization.module.ts

@@ -0,0 +1,36 @@
+import { MikroOrmModule } from '@mikro-orm/nestjs';
+import { Module } from '@nestjs/common';
+import { SharedModule } from 'src/shared/shared.module';
+import { AuthOrganizationController } from './presentation/auth-organization.controller';
+import { AUTH_ORGANIZATION_STORE } from './domain/auth-organization.store';
+import { AuthOrganizationStoreImpl } from './infrastructure/auth-organization.store.impl';
+import { AuthCoreModule } from '../core/auth-core.module';
+import { AuthOrganizationEntity } from './infrastructure/auth-organization.entity';
+import { CreateAuthOrganizationUseCase } from './application/create/create.use-case';
+import { CqrsModule } from '@nestjs/cqrs';
+import { PASSWORD_HASHER } from './domain/password-hasher';
+import { PasswordHasherImpl } from './infrastructure/password-hasher.impl';
+import { RenewTokenUseCase } from './application/renew-token/renew-token.use-case';
+import { LogoutUseCase } from './application/logout/logout.use-case';
+import { LoginUseCase } from './application/login/login.use-case';
+import { CheckAccountIdUseCase } from './application/check-account-id/check-account-id.use-case';
+
+const usecases = [CreateAuthOrganizationUseCase, RenewTokenUseCase, LoginUseCase, LogoutUseCase, CheckAccountIdUseCase];
+
+@Module({
+  imports: [SharedModule, MikroOrmModule.forFeature([AuthOrganizationEntity]), AuthCoreModule, CqrsModule],
+  providers: [
+    {
+      provide: AUTH_ORGANIZATION_STORE,
+      useClass: AuthOrganizationStoreImpl,
+    },
+    {
+      provide: PASSWORD_HASHER,
+      useClass: PasswordHasherImpl,
+    },
+    ...usecases,
+  ],
+  controllers: [AuthOrganizationController],
+  exports: [],
+})
+export class AuthOrganizationModule {}

src/auth/auth-organization/domain/auth-organization.store.ts

@@ -0,0 +1,12 @@
+import { AuthOrganization } from './auth-organization';
+
+export interface AuthOrganizationStore {
+  save(authOrganization: AuthOrganization): Promise<void>;
+  update(authOrganization: AuthOrganization): Promise<void>;
+  loadByOrganizationId(organizationId: string): Promise<AuthOrganization | null>;
+  loadByRefreshToken(refreshToken: string): Promise<AuthOrganization | null>;
+  loadByAccountId(accountId: string): Promise<AuthOrganization | null>;
+  existsByAccountId(accountId: string): Promise<boolean>;
+}
+
+export const AUTH_ORGANIZATION_STORE = Symbol('AUTH_ORGANIZATION_STORE');