Assist_Design/apps/bff/src/subscriptions/subscriptions.controller.ts

import {
  Controller,
  Get,
  Param,
  Query,
  Request,
  ParseIntPipe,
  BadRequestException,
} from "@nestjs/common";
import {
  ApiTags,
  ApiOperation,
  ApiResponse,
  ApiQuery,
  ApiBearerAuth,
  ApiParam,
} from "@nestjs/swagger";
import { SubscriptionsService } from "./subscriptions.service";

import { Subscription, SubscriptionList, InvoiceList } from "@customer-portal/shared";
import { RequestWithUser } from "../auth/auth.types";

@ApiTags("subscriptions")
@Controller("subscriptions")
@ApiBearerAuth()
export class SubscriptionsController {
  constructor(private readonly subscriptionsService: SubscriptionsService) {}

  @Get()
  @ApiOperation({
    summary: "Get all user subscriptions",
    description: "Retrieves all subscriptions/services for the authenticated user",
  })
  @ApiQuery({
    name: "status",
    required: false,
    type: String,
    description: "Filter by subscription status",
  })
  @ApiResponse({
    status: 200,
    description: "List of user subscriptions",
    type: Object, // Would be SubscriptionList if we had proper DTO decorators
  })
  async getSubscriptions(
    @Request() req: RequestWithUser,
    @Query("status") status?: string
  ): Promise<SubscriptionList | Subscription[]> {
    // Validate status if provided
    if (status && !["Active", "Suspended", "Terminated", "Cancelled", "Pending"].includes(status)) {
      throw new BadRequestException("Invalid status filter");
    }

    if (status) {
      const subscriptions = await this.subscriptionsService.getSubscriptionsByStatus(
        req.user.id,
        status
      );
      return subscriptions;
    }

    return this.subscriptionsService.getSubscriptions(req.user.id);
  }

  @Get("active")
  @ApiOperation({
    summary: "Get active subscriptions only",
    description: "Retrieves only active subscriptions for the authenticated user",
  })
  @ApiResponse({
    status: 200,
    description: "List of active subscriptions",
    type: [Object], // Would be Subscription[] if we had proper DTO decorators
  })
  async getActiveSubscriptions(@Request() req: RequestWithUser): Promise<Subscription[]> {
    return this.subscriptionsService.getActiveSubscriptions(req.user.id);
  }

  @Get("stats")
  @ApiOperation({
    summary: "Get subscription statistics",
    description: "Retrieves subscription count statistics by status",
  })
  @ApiResponse({
    status: 200,
    description: "Subscription statistics",
    type: Object,
  })
  async getSubscriptionStats(@Request() req: RequestWithUser): Promise<{
    total: number;
    active: number;
    suspended: number;
    cancelled: number;
    pending: number;
  }> {
    return this.subscriptionsService.getSubscriptionStats(req.user.id);
  }

  @Get(":id")
  @ApiOperation({
    summary: "Get subscription details by ID",
    description: "Retrieves detailed information for a specific subscription",
  })
  @ApiParam({ name: "id", type: Number, description: "Subscription ID" })
  @ApiResponse({
    status: 200,
    description: "Subscription details",
    type: Object, // Would be Subscription if we had proper DTO decorators
  })
  @ApiResponse({ status: 404, description: "Subscription not found" })
  async getSubscriptionById(
    @Request() req: RequestWithUser,
    @Param("id", ParseIntPipe) subscriptionId: number
  ): Promise<Subscription> {
    if (subscriptionId <= 0) {
      throw new BadRequestException("Subscription ID must be a positive number");
    }

    return this.subscriptionsService.getSubscriptionById(req.user.id, subscriptionId);
  }

  @Get(":id/invoices")
  @ApiOperation({
    summary: "Get invoices for a specific subscription",
    description: "Retrieves all invoices related to a specific subscription",
  })
  @ApiParam({ name: "id", type: Number, description: "Subscription ID" })
  @ApiQuery({
    name: "page",
    required: false,
    type: Number,
    description: "Page number (default: 1)",
  })
  @ApiQuery({
    name: "limit",
    required: false,
    type: Number,
    description: "Items per page (default: 10)",
  })
  @ApiResponse({
    status: 200,
    description: "List of invoices for the subscription",
    type: Object, // Would be InvoiceList if we had proper DTO decorators
  })
  @ApiResponse({ status: 404, description: "Subscription not found" })
  async getSubscriptionInvoices(
    @Request() req: RequestWithUser,
    @Param("id", ParseIntPipe) subscriptionId: number,
    @Query("page") page?: string,
    @Query("limit") limit?: string
  ): Promise<InvoiceList> {
    if (subscriptionId <= 0) {
      throw new BadRequestException("Subscription ID must be a positive number");
    }

    // Validate and sanitize input
    const pageNum = this.validatePositiveInteger(page, 1, "page");
    const limitNum = this.validatePositiveInteger(limit, 10, "limit");

    // Limit max page size for performance
    if (limitNum > 100) {
      throw new BadRequestException("Limit cannot exceed 100 items per page");
    }

    return this.subscriptionsService.getSubscriptionInvoices(req.user.id, subscriptionId, {
      page: pageNum,
      limit: limitNum,
    });
  }

  private validatePositiveInteger(
    value: string | undefined,
    defaultValue: number,
    fieldName: string
  ): number {
    if (!value) {
      return defaultValue;
    }

    const parsed = parseInt(value, 10);
    if (isNaN(parsed) || parsed <= 0) {
      throw new BadRequestException(`${fieldName} must be a positive integer`);
    }

    return parsed;
  }
}
clean up 2025-08-22 17:02:49 +09:00			`import {`
			`Controller,`
			`Get,`
			`Param,`
			`Query,`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`Request,`
			`ParseIntPipe,`
			`BadRequestException,`
clean up 2025-08-22 17:02:49 +09:00			`} from "@nestjs/common";`
			`import {`
			`ApiTags,`
			`ApiOperation,`
			`ApiResponse,`
			`ApiQuery,`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`ApiBearerAuth,`
			`ApiParam,`
clean up 2025-08-22 17:02:49 +09:00			`} from "@nestjs/swagger";`
			`import { SubscriptionsService } from "./subscriptions.service";`
catalog page consistency fix 2025-08-28 16:57:57 +09:00
clean up 2025-08-22 17:02:49 +09:00			`import { Subscription, SubscriptionList, InvoiceList } from "@customer-portal/shared";`
Add email functionality and update environment configurations - Introduced email configuration for both development and production environments in `.env.dev.example` and `.env.production.example`. - Added SendGrid API key and email settings to support password reset and welcome emails. - Implemented password reset and request password reset endpoints in the AuthController. - Enhanced signup form to include additional fields such as Customer Number, address, nationality, date of birth, and gender. - Updated various services and controllers to integrate email functionality and handle new user data. - Refactored logging and error handling for improved clarity and maintainability. - Adjusted Docker configuration for production deployment. 2025-08-23 17:24:37 +09:00			`import { RequestWithUser } from "../auth/auth.types";`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00
clean up 2025-08-22 17:02:49 +09:00			`@ApiTags("subscriptions")`
			`@Controller("subscriptions")`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`@ApiBearerAuth()`
			`export class SubscriptionsController {`
			`constructor(private readonly subscriptionsService: SubscriptionsService) {}`

			`@Get()`
clean up 2025-08-22 17:02:49 +09:00			`@ApiOperation({`
			`summary: "Get all user subscriptions",`
			`description: "Retrieves all subscriptions/services for the authenticated user",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`})`
clean up 2025-08-22 17:02:49 +09:00			`@ApiQuery({`
			`name: "status",`
			`required: false,`
			`type: String,`
			`description: "Filter by subscription status",`
			`})`
			`@ApiResponse({`
			`status: 200,`
			`description: "List of user subscriptions",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`type: Object, // Would be SubscriptionList if we had proper DTO decorators`
			`})`
			`async getSubscriptions(`
Add email functionality and update environment configurations - Introduced email configuration for both development and production environments in `.env.dev.example` and `.env.production.example`. - Added SendGrid API key and email settings to support password reset and welcome emails. - Implemented password reset and request password reset endpoints in the AuthController. - Enhanced signup form to include additional fields such as Customer Number, address, nationality, date of birth, and gender. - Updated various services and controllers to integrate email functionality and handle new user data. - Refactored logging and error handling for improved clarity and maintainability. - Adjusted Docker configuration for production deployment. 2025-08-23 17:24:37 +09:00			`@Request() req: RequestWithUser,`
clean up 2025-08-22 17:02:49 +09:00			`@Query("status") status?: string`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`): Promise<SubscriptionList \| Subscription[]> {`
			`// Validate status if provided`
clean up 2025-08-22 17:02:49 +09:00			`if (status && !["Active", "Suspended", "Terminated", "Cancelled", "Pending"].includes(status)) {`
			`throw new BadRequestException("Invalid status filter");`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

			`if (status) {`
clean up 2025-08-22 17:02:49 +09:00			`const subscriptions = await this.subscriptionsService.getSubscriptionsByStatus(`
order fix 2025-08-27 10:54:05 +09:00			`req.user.id,`
clean up 2025-08-22 17:02:49 +09:00			`status`
			`);`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`return subscriptions;`
			`}`
clean up 2025-08-22 17:02:49 +09:00
order fix 2025-08-27 10:54:05 +09:00			`return this.subscriptionsService.getSubscriptions(req.user.id);`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

clean up 2025-08-22 17:02:49 +09:00			`@Get("active")`
			`@ApiOperation({`
			`summary: "Get active subscriptions only",`
			`description: "Retrieves only active subscriptions for the authenticated user",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`})`
clean up 2025-08-22 17:02:49 +09:00			`@ApiResponse({`
			`status: 200,`
			`description: "List of active subscriptions",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`type: [Object], // Would be Subscription[] if we had proper DTO decorators`
			`})`
Add email functionality and update environment configurations - Introduced email configuration for both development and production environments in `.env.dev.example` and `.env.production.example`. - Added SendGrid API key and email settings to support password reset and welcome emails. - Implemented password reset and request password reset endpoints in the AuthController. - Enhanced signup form to include additional fields such as Customer Number, address, nationality, date of birth, and gender. - Updated various services and controllers to integrate email functionality and handle new user data. - Refactored logging and error handling for improved clarity and maintainability. - Adjusted Docker configuration for production deployment. 2025-08-23 17:24:37 +09:00			`async getActiveSubscriptions(@Request() req: RequestWithUser): Promise<Subscription[]> {`
order fix 2025-08-27 10:54:05 +09:00			`return this.subscriptionsService.getActiveSubscriptions(req.user.id);`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

clean up 2025-08-22 17:02:49 +09:00			`@Get("stats")`
			`@ApiOperation({`
			`summary: "Get subscription statistics",`
			`description: "Retrieves subscription count statistics by status",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`})`
clean up 2025-08-22 17:02:49 +09:00			`@ApiResponse({`
			`status: 200,`
			`description: "Subscription statistics",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`type: Object,`
			`})`
Add email functionality and update environment configurations - Introduced email configuration for both development and production environments in `.env.dev.example` and `.env.production.example`. - Added SendGrid API key and email settings to support password reset and welcome emails. - Implemented password reset and request password reset endpoints in the AuthController. - Enhanced signup form to include additional fields such as Customer Number, address, nationality, date of birth, and gender. - Updated various services and controllers to integrate email functionality and handle new user data. - Refactored logging and error handling for improved clarity and maintainability. - Adjusted Docker configuration for production deployment. 2025-08-23 17:24:37 +09:00			`async getSubscriptionStats(@Request() req: RequestWithUser): Promise<{`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`total: number;`
			`active: number;`
			`suspended: number;`
			`cancelled: number;`
			`pending: number;`
			`}> {`
order fix 2025-08-27 10:54:05 +09:00			`return this.subscriptionsService.getSubscriptionStats(req.user.id);`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

clean up 2025-08-22 17:02:49 +09:00			`@Get(":id")`
			`@ApiOperation({`
			`summary: "Get subscription details by ID",`
			`description: "Retrieves detailed information for a specific subscription",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`})`
clean up 2025-08-22 17:02:49 +09:00			`@ApiParam({ name: "id", type: Number, description: "Subscription ID" })`
			`@ApiResponse({`
			`status: 200,`
			`description: "Subscription details",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`type: Object, // Would be Subscription if we had proper DTO decorators`
			`})`
clean up 2025-08-22 17:02:49 +09:00			`@ApiResponse({ status: 404, description: "Subscription not found" })`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`async getSubscriptionById(`
Add email functionality and update environment configurations - Introduced email configuration for both development and production environments in `.env.dev.example` and `.env.production.example`. - Added SendGrid API key and email settings to support password reset and welcome emails. - Implemented password reset and request password reset endpoints in the AuthController. - Enhanced signup form to include additional fields such as Customer Number, address, nationality, date of birth, and gender. - Updated various services and controllers to integrate email functionality and handle new user data. - Refactored logging and error handling for improved clarity and maintainability. - Adjusted Docker configuration for production deployment. 2025-08-23 17:24:37 +09:00			`@Request() req: RequestWithUser,`
clean up 2025-08-22 17:02:49 +09:00			`@Param("id", ParseIntPipe) subscriptionId: number`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`): Promise<Subscription> {`
			`if (subscriptionId <= 0) {`
clean up 2025-08-22 17:02:49 +09:00			`throw new BadRequestException("Subscription ID must be a positive number");`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`
clean up 2025-08-22 17:02:49 +09:00
order fix 2025-08-27 10:54:05 +09:00			`return this.subscriptionsService.getSubscriptionById(req.user.id, subscriptionId);`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

clean up 2025-08-22 17:02:49 +09:00			`@Get(":id/invoices")`
			`@ApiOperation({`
			`summary: "Get invoices for a specific subscription",`
			`description: "Retrieves all invoices related to a specific subscription",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`})`
clean up 2025-08-22 17:02:49 +09:00			`@ApiParam({ name: "id", type: Number, description: "Subscription ID" })`
			`@ApiQuery({`
			`name: "page",`
			`required: false,`
			`type: Number,`
			`description: "Page number (default: 1)",`
			`})`
			`@ApiQuery({`
			`name: "limit",`
			`required: false,`
			`type: Number,`
			`description: "Items per page (default: 10)",`
			`})`
			`@ApiResponse({`
			`status: 200,`
			`description: "List of invoices for the subscription",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`type: Object, // Would be InvoiceList if we had proper DTO decorators`
			`})`
clean up 2025-08-22 17:02:49 +09:00			`@ApiResponse({ status: 404, description: "Subscription not found" })`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`async getSubscriptionInvoices(`
Add email functionality and update environment configurations - Introduced email configuration for both development and production environments in `.env.dev.example` and `.env.production.example`. - Added SendGrid API key and email settings to support password reset and welcome emails. - Implemented password reset and request password reset endpoints in the AuthController. - Enhanced signup form to include additional fields such as Customer Number, address, nationality, date of birth, and gender. - Updated various services and controllers to integrate email functionality and handle new user data. - Refactored logging and error handling for improved clarity and maintainability. - Adjusted Docker configuration for production deployment. 2025-08-23 17:24:37 +09:00			`@Request() req: RequestWithUser,`
clean up 2025-08-22 17:02:49 +09:00			`@Param("id", ParseIntPipe) subscriptionId: number,`
			`@Query("page") page?: string,`
			`@Query("limit") limit?: string`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`): Promise<InvoiceList> {`
			`if (subscriptionId <= 0) {`
clean up 2025-08-22 17:02:49 +09:00			`throw new BadRequestException("Subscription ID must be a positive number");`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

			`// Validate and sanitize input`
clean up 2025-08-22 17:02:49 +09:00			`const pageNum = this.validatePositiveInteger(page, 1, "page");`
			`const limitNum = this.validatePositiveInteger(limit, 10, "limit");`

Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`// Limit max page size for performance`
			`if (limitNum > 100) {`
clean up 2025-08-22 17:02:49 +09:00			`throw new BadRequestException("Limit cannot exceed 100 items per page");`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`
clean up 2025-08-22 17:02:49 +09:00
order fix 2025-08-27 10:54:05 +09:00			`return this.subscriptionsService.getSubscriptionInvoices(req.user.id, subscriptionId, {`
clean up 2025-08-22 17:02:49 +09:00			`page: pageNum,`
			`limit: limitNum,`
			`});`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

clean up 2025-08-22 17:02:49 +09:00			`private validatePositiveInteger(`
			`value: string \| undefined,`
			`defaultValue: number,`
			`fieldName: string`
			`): number {`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`if (!value) {`
			`return defaultValue;`
			`}`

			`const parsed = parseInt(value, 10);`
			`if (isNaN(parsed) \|\| parsed <= 0) {`
			throw new BadRequestException(`${fieldName} must be a positive integer`);
			`}`

			`return parsed;`
			`}`
			`}`