Assist_Design/apps/bff/src/auth/auth-admin.controller.ts

import { Controller, Get, Post, Body, Param, UseGuards, Query } from '@nestjs/common';
import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth } from '@nestjs/swagger';
import { JwtAuthGuard } from './guards/jwt-auth.guard';
import { AdminGuard } from './guards/admin.guard';
import { AuditService, AuditAction } from '../common/audit/audit.service';
import { UsersService } from '../users/users.service';

@ApiTags('auth-admin')
@ApiBearerAuth()
@UseGuards(JwtAuthGuard, AdminGuard)
@Controller('auth/admin')
export class AuthAdminController {
  constructor(
    private auditService: AuditService,
    private usersService: UsersService,
  ) {}

  @Get('audit-logs')
  @ApiOperation({ summary: 'Get audit logs (admin only)' })
  @ApiResponse({ status: 200, description: 'Audit logs retrieved' })
  async getAuditLogs(
    @Query('page') page: string = '1',
    @Query('limit') limit: string = '50',
    @Query('action') action?: AuditAction,
    @Query('userId') userId?: string
  ) {
    const pageNum = parseInt(page, 10);
    const limitNum = parseInt(limit, 10);
    const skip = (pageNum - 1) * limitNum;

    const where: any = {};
    if (action) where.action = action;
    if (userId) where.userId = userId;

    const [logs, total] = await Promise.all([
      this.auditService.prismaClient.auditLog.findMany({
        where,
        include: {
          user: {
            select: {
              id: true,
              email: true,
              firstName: true,
              lastName: true,
            },
          },
        },
        orderBy: { createdAt: 'desc' },
        skip,
        take: limitNum,
      }),
      this.auditService.prismaClient.auditLog.count({ where }),
    ]);

    return {
      logs,
      pagination: {
        page: pageNum,
        limit: limitNum,
        total,
        totalPages: Math.ceil(total / limitNum),
      },
    };
  }

  @Post('unlock-account/:userId')
  @ApiOperation({ summary: 'Unlock user account (admin only)' })
  @ApiResponse({ status: 200, description: 'Account unlocked' })
  async unlockAccount(@Param('userId') userId: string) {
    const user = await this.usersService.findById(userId);
    if (!user) {
      throw new Error('User not found');
    }

    await this.usersService.update(userId, {
      failedLoginAttempts: 0,
      lockedUntil: null,
    });

    await this.auditService.log({
      userId,
      action: AuditAction.ACCOUNT_UNLOCKED,
      resource: 'auth',
      details: { adminAction: true, email: user.email },
      success: true,
    });

    return { message: 'Account unlocked successfully' };
  }

  @Get('security-stats')
  @ApiOperation({ summary: 'Get security statistics (admin only)' })
  @ApiResponse({ status: 200, description: 'Security stats retrieved' })
  async getSecurityStats() {
    const today = new Date(new Date().setHours(0, 0, 0, 0));
    
    const [
      totalUsers,
      lockedAccounts,
      failedLoginsToday,
      successfulLoginsToday,
    ] = await Promise.all([
      this.auditService.prismaClient.user.count(),
      this.auditService.prismaClient.user.count({
        where: {
          lockedUntil: {
            gt: new Date(),
          },
        },
      }),
      this.auditService.prismaClient.auditLog.count({
        where: {
          action: AuditAction.LOGIN_FAILED,
          createdAt: {
            gte: today,
          },
        },
      }),
      this.auditService.prismaClient.auditLog.count({
        where: {
          action: AuditAction.LOGIN_SUCCESS,
          createdAt: {
            gte: today,
          },
        },
      }),
    ]);

    return {
      totalUsers,
      lockedAccounts,
      failedLoginsToday,
      successfulLoginsToday,
      securityEventsToday: failedLoginsToday + successfulLoginsToday,
    };
  }
}
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`import { Controller, Get, Post, Body, Param, UseGuards, Query } from '@nestjs/common';`
			`import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth } from '@nestjs/swagger';`
			`import { JwtAuthGuard } from './guards/jwt-auth.guard';`
			`import { AdminGuard } from './guards/admin.guard';`
			`import { AuditService, AuditAction } from '../common/audit/audit.service';`
			`import { UsersService } from '../users/users.service';`

			`@ApiTags('auth-admin')`
			`@ApiBearerAuth()`
			`@UseGuards(JwtAuthGuard, AdminGuard)`
			`@Controller('auth/admin')`
			`export class AuthAdminController {`
			`constructor(`
			`private auditService: AuditService,`
			`private usersService: UsersService,`
			`) {}`

			`@Get('audit-logs')`
			`@ApiOperation({ summary: 'Get audit logs (admin only)' })`
			`@ApiResponse({ status: 200, description: 'Audit logs retrieved' })`
			`async getAuditLogs(`
			`@Query('page') page: string = '1',`
			`@Query('limit') limit: string = '50',`
			`@Query('action') action?: AuditAction,`
			`@Query('userId') userId?: string`
			`) {`
			`const pageNum = parseInt(page, 10);`
			`const limitNum = parseInt(limit, 10);`
			`const skip = (pageNum - 1) * limitNum;`

			`const where: any = {};`
			`if (action) where.action = action;`
			`if (userId) where.userId = userId;`

			`const [logs, total] = await Promise.all([`
			`this.auditService.prismaClient.auditLog.findMany({`
			`where,`
			`include: {`
			`user: {`
			`select: {`
			`id: true,`
			`email: true,`
			`firstName: true,`
			`lastName: true,`
			`},`
			`},`
			`},`
			`orderBy: { createdAt: 'desc' },`
			`skip,`
			`take: limitNum,`
			`}),`
			`this.auditService.prismaClient.auditLog.count({ where }),`
			`]);`

			`return {`
			`logs,`
			`pagination: {`
			`page: pageNum,`
			`limit: limitNum,`
			`total,`
			`totalPages: Math.ceil(total / limitNum),`
			`},`
			`};`
			`}`

			`@Post('unlock-account/:userId')`
			`@ApiOperation({ summary: 'Unlock user account (admin only)' })`
			`@ApiResponse({ status: 200, description: 'Account unlocked' })`
			`async unlockAccount(@Param('userId') userId: string) {`
			`const user = await this.usersService.findById(userId);`
			`if (!user) {`
			`throw new Error('User not found');`
			`}`

			`await this.usersService.update(userId, {`
			`failedLoginAttempts: 0,`
			`lockedUntil: null,`
			`});`

			`await this.auditService.log({`
			`userId,`
			`action: AuditAction.ACCOUNT_UNLOCKED,`
			`resource: 'auth',`
			`details: { adminAction: true, email: user.email },`
			`success: true,`
			`});`

			`return { message: 'Account unlocked successfully' };`
			`}`

			`@Get('security-stats')`
			`@ApiOperation({ summary: 'Get security statistics (admin only)' })`
			`@ApiResponse({ status: 200, description: 'Security stats retrieved' })`
			`async getSecurityStats() {`
			`const today = new Date(new Date().setHours(0, 0, 0, 0));`

			`const [`
			`totalUsers,`
			`lockedAccounts,`
			`failedLoginsToday,`
			`successfulLoginsToday,`
			`] = await Promise.all([`
			`this.auditService.prismaClient.user.count(),`
			`this.auditService.prismaClient.user.count({`
			`where: {`
			`lockedUntil: {`
			`gt: new Date(),`
			`},`
			`},`
			`}),`
			`this.auditService.prismaClient.auditLog.count({`
			`where: {`
			`action: AuditAction.LOGIN_FAILED,`
			`createdAt: {`
			`gte: today,`
			`},`
			`},`
			`}),`
			`this.auditService.prismaClient.auditLog.count({`
			`where: {`
			`action: AuditAction.LOGIN_SUCCESS,`
			`createdAt: {`
			`gte: today,`
			`},`
			`},`
			`}),`
			`]);`

			`return {`
			`totalUsers,`
			`lockedAccounts,`
			`failedLoginsToday,`
			`successfulLoginsToday,`
			`securityEventsToday: failedLoginsToday + successfulLoginsToday,`
			`};`
			`}`
			`}`