feat(api): Add resend otp implementation

.env.example

@@ -50,7 +50,3 @@ FEEDBACK_FORWARD_EMAIL=
 BACKEND_URL=http://localhost:4200
 NEXT_PUBLIC_BACKEND_URL=http://localhost:4200
 
-
-# Enter time in secs
-THROTTLE_TTL=
-THROTTLE_LIMIT=

apps/api/src/app/app.module.ts

@@ -26,6 +26,7 @@ import { FeedbackModule } from '@/feedback/feedback.module'
 import { CacheModule } from '@/cache/cache.module'
 import { WorkspaceMembershipModule } from '@/workspace-membership/workspace-membership.module'
 import { seconds, ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler'
+
 @Module({
   controllers: [AppController],
   imports: [
@@ -38,16 +39,7 @@ import { seconds, ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler'
         abortEarly: true
       }
     }),
-    ThrottlerModule.forRootAsync({
-      imports: [ConfigModule],
-      inject: [ConfigService],
-      useFactory: (config: ConfigService) => [
-        {
-          ttl: seconds(config.get('THROTTLE_TTL')),
-          limit: config.get('THROTTLE_LIMIT')
-        }
-      ]
-    }),
+
     ScheduleModule.forRoot(),
     PassportModule,
     AuthModule,
@@ -77,10 +69,6 @@ import { seconds, ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler'
     {
       provide: APP_GUARD,
       useClass: ApiKeyGuard
-    },
-    {
-      provide: APP_GUARD,
-      useClass: ThrottlerGuard
     }
   ]
 })

apps/api/src/auth/auth.module.ts

@@ -9,6 +9,8 @@ import { GoogleOAuthStrategyFactory } from '@/config/factory/google/google-strat
 import { GoogleStrategy } from '@/config/oauth-strategy/google/google.strategy'
 import { GitlabOAuthStrategyFactory } from '@/config/factory/gitlab/gitlab-strategy.factory'
 import { GitlabStrategy } from '@/config/oauth-strategy/gitlab/gitlab.strategy'
+import { seconds, ThrottlerModule } from '@nestjs/throttler'
+import { ConfigModule, ConfigService } from '@nestjs/config'
 
 @Module({
   imports: [
@@ -21,7 +23,17 @@ import { GitlabStrategy } from '@/config/oauth-strategy/gitlab/gitlab.strategy'
         algorithm: 'HS256'
       }
     }),
-    UserModule
+    UserModule,
+    ThrottlerModule.forRootAsync({
+      imports: [ConfigModule],
+      useFactory: (config: ConfigService) => [
+        {
+          ttl: seconds(config.get('THROTTLE_TTL')),
+          limit: config.get('THROTTLE_LIMIT')
+        }
+      ],
+      inject: [ConfigService]
+    })
   ],
   providers: [
     AuthService,

apps/api/src/auth/controller/auth.controller.ts

@@ -25,7 +25,8 @@ import {
   sendOAuthSuccessRedirect
 } from '@/common/redirect'
 import { setCookie } from '@/common/util'
-import { seconds, Throttle, ThrottlerGuard } from '@nestjs/throttler'
+import { ThrottlerGuard } from '@nestjs/throttler'
+
 @Controller('auth')
 export class AuthController {
   private readonly logger = new Logger(AuthController.name)
@@ -49,7 +50,6 @@ export class AuthController {
   @Public()
   @Post('resend-otp/:email')
   @UseGuards(ThrottlerGuard)
-  @Throttle({ default: { ttl: seconds(1), limit: 2 } })
   async resendOtp(
     @Param('email')
     email: string

apps/api/src/auth/service/auth.service.ts

@@ -41,16 +41,10 @@ export class AuthService {
       this.logger.error(`Invalid email address: ${email}`)
       throw new BadRequestException('Please enter a valid email address')
     }
-    try {
-      const user = await this.createUserIfNotExists(
-        email,
-        AuthProvider.EMAIL_OTP
-      )
-      const otp = await generateOtp(email, user.id, this.prisma)
-      await this.mailService.sendOtp(email, otp.code)
-    } catch (e) {
-      throw e
-    }
+
+    const user = await this.createUserIfNotExists(email, AuthProvider.EMAIL_OTP)
+    const otp = await generateOtp(email, user.id, this.prisma)
+    await this.mailService.sendOtp(email, otp.code)
 
     this.logger.log(`Login code sent to ${email}`)
   }
@@ -61,17 +55,9 @@ export class AuthService {
    * @param email The email address to resend the login code to
    */
   async resendOtp(email: string): Promise<void> {
-    /**
-     *TODO Resend the otp based on another function send otp but
-     *TODO with a throttler to rate limit the api
-     */
-    try {
-      const user = await getUserByEmailOrId(email, this.prisma)
-      const otp = await generateOtp(email, user.id, this.prisma)
-      await this.mailService.sendOtp(email, otp.code)
-    } catch (e) {
-      this.logger.error(`Resending OTP failed ${e}`)
-    }
+    const user = await getUserByEmailOrId(email, this.prisma)
+    const otp = await generateOtp(email, user.id, this.prisma)
+    await this.mailService.sendOtp(email, otp.code)
   }
 
   /* istanbul ignore next */

apps/api/src/common/env/env.schema.ts

@@ -78,7 +78,9 @@ const generalSchema = z.object({
   MINIO_BUCKET_NAME: z.string().optional(),
   MINIO_USE_SSL: z.string().optional(),
 
-  FEEDBACK_FORWARD_EMAIL: z.string().email()
+  FEEDBACK_FORWARD_EMAIL: z.string().email(),
+  THROTTLE_TTL: z.string().transform((val) => parseInt(val, 10)), // Convert string to number
+  THROTTLE_LIMIT: z.string().transform((val) => parseInt(val, 10)) // Convert string to number
 })
 
 export type EnvSchemaType = z.infer<typeof generalSchema>