feat(api): Add resend otp implementation

.env.example

@@ -48,4 +48,5 @@ DOMAIN=localhost
 FEEDBACK_FORWARD_EMAIL=
 
 BACKEND_URL=http://localhost:4200
-NEXT_PUBLIC_BACKEND_URL=http://localhost:4200
+NEXT_PUBLIC_BACKEND_URL=http://localhost:4200
+

apps/api/package.json

@@ -32,6 +32,7 @@
     "@nestjs/platform-socket.io": "^10.3.7",
     "@nestjs/schedule": "^4.0.1",
     "@nestjs/swagger": "^7.3.0",
+    "@nestjs/throttler": "^6.2.1",
     "@nestjs/websockets": "^10.3.7",
     "@socket.io/redis-adapter": "^8.3.0",
     "@supabase/supabase-js": "^2.39.6",
@@ -50,7 +51,6 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "reflect-metadata": "^0.2.2",
     "@nestjs/cli": "^10.0.0",
     "@nestjs/schematics": "^10.0.0",
     "@nestjs/testing": "^10.0.0",
@@ -67,6 +67,7 @@
     "jest-mock-extended": "^3.0.5",
     "prettier": "^3.0.0",
     "prisma": "5.19.1",
+    "reflect-metadata": "^0.2.2",
     "source-map-support": "^0.5.21",
     "supertest": "^6.3.3",
     "ts-jest": "^29.1.0",

apps/api/src/app/app.module.ts

@@ -1,6 +1,6 @@
 import { Module } from '@nestjs/common'
 import { AppController } from './app.controller'
-import { ConfigModule } from '@nestjs/config'
+import { ConfigModule, ConfigService } from '@nestjs/config'
 import { PassportModule } from '@nestjs/passport'
 import { AuthModule } from '@/auth/auth.module'
 import { PrismaModule } from '@/prisma/prisma.module'
@@ -25,6 +25,7 @@ import { IntegrationModule } from '@/integration/integration.module'
 import { FeedbackModule } from '@/feedback/feedback.module'
 import { CacheModule } from '@/cache/cache.module'
 import { WorkspaceMembershipModule } from '@/workspace-membership/workspace-membership.module'
+import { seconds, ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler'
 
 @Module({
   controllers: [AppController],
@@ -38,6 +39,7 @@ import { WorkspaceMembershipModule } from '@/workspace-membership/workspace-memb
         abortEarly: true
       }
     }),
+
     ScheduleModule.forRoot(),
     PassportModule,
     AuthModule,

apps/api/src/auth/auth.module.ts

@@ -9,6 +9,8 @@ import { GoogleOAuthStrategyFactory } from '@/config/factory/google/google-strat
 import { GoogleStrategy } from '@/config/oauth-strategy/google/google.strategy'
 import { GitlabOAuthStrategyFactory } from '@/config/factory/gitlab/gitlab-strategy.factory'
 import { GitlabStrategy } from '@/config/oauth-strategy/gitlab/gitlab.strategy'
+import { seconds, ThrottlerModule } from '@nestjs/throttler'
+import { ConfigModule, ConfigService } from '@nestjs/config'
 
 @Module({
   imports: [
@@ -21,7 +23,17 @@ import { GitlabStrategy } from '@/config/oauth-strategy/gitlab/gitlab.strategy'
         algorithm: 'HS256'
       }
     }),
-    UserModule
+    UserModule,
+    ThrottlerModule.forRootAsync({
+      imports: [ConfigModule],
+      useFactory: (config: ConfigService) => [
+        {
+          ttl: seconds(config.get('THROTTLE_TTL')),
+          limit: config.get('THROTTLE_LIMIT')
+        }
+      ],
+      inject: [ConfigService]
+    })
   ],
   providers: [
     AuthService,

apps/api/src/auth/controller/auth.controller.ts

@@ -25,6 +25,7 @@ import {
   sendOAuthSuccessRedirect
 } from '@/common/redirect'
 import { setCookie } from '@/common/util'
+import { ThrottlerGuard } from '@nestjs/throttler'
 
 @Controller('auth')
 export class AuthController {
@@ -46,6 +47,16 @@ export class AuthController {
     await this.authService.sendOtp(email)
   }
 
+  @Public()
+  @Post('resend-otp/:email')
+  @UseGuards(ThrottlerGuard)
+  async resendOtp(
+    @Param('email')
+    email: string
+  ): Promise<void> {
+    return await this.authService.resendOtp(email)
+  }
+
   /* istanbul ignore next */
   @Public()
   @Post('validate-otp')

apps/api/src/auth/service/auth.service.ts

@@ -43,13 +43,23 @@ export class AuthService {
     }
 
     const user = await this.createUserIfNotExists(email, AuthProvider.EMAIL_OTP)
-
     const otp = await generateOtp(email, user.id, this.prisma)
-
     await this.mailService.sendOtp(email, otp.code)
+
     this.logger.log(`Login code sent to ${email}`)
   }
 
+  /**
+   * resend a login code to the given email address after resend otp button is pressed
+   * @throws {BadRequestException} If the email address is invalid
+   * @param email The email address to resend the login code to
+   */
+  async resendOtp(email: string): Promise<void> {
+    const user = await getUserByEmailOrId(email, this.prisma)
+    const otp = await generateOtp(email, user.id, this.prisma)
+    await this.mailService.sendOtp(email, otp.code)
+  }
+
   /* istanbul ignore next */
   /**
    * Validates a login code sent to the given email address

apps/api/src/common/env/env.schema.ts

@@ -78,7 +78,9 @@ const generalSchema = z.object({
   MINIO_BUCKET_NAME: z.string().optional(),
   MINIO_USE_SSL: z.string().optional(),
 
-  FEEDBACK_FORWARD_EMAIL: z.string().email()
+  FEEDBACK_FORWARD_EMAIL: z.string().email(),
+  THROTTLE_TTL: z.string().transform((val) => parseInt(val, 10)), // Convert string to number
+  THROTTLE_LIMIT: z.string().transform((val) => parseInt(val, 10)) // Convert string to number
 })
 
 export type EnvSchemaType = z.infer<typeof generalSchema>