api-server/src/modules/auth/token.service.ts

import * as crypto from 'crypto';
import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';

@Injectable()
export class TokenService {
  constructor(private readonly jwtService: JwtService) {}

  generateAccessToken(user: { id: string; email?: string | null; role?: string | null }): Promise<string> {
    return this.jwtService.signAsync({
      sub: user.id,
      email: user.email,
      role: user.role,
    });
  }

  generateRefreshToken(): { token: string; hash: string } {
    const token = crypto.randomBytes(48).toString('hex');
    const hash = crypto.createHash('sha256').update(token).digest('hex');
    return { token, hash };
  }

  hashToken(token: string): string {
    return crypto.createHash('sha256').update(token).digest('hex');
  }
}
refactor(auth): restructure auth system, align with iOS login flow spec - Split AuthService into AppleAuthService, TokenService, AuthService - Add dev-login endpoint (dev-only, disabled in production) - AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce - Login/refresh responses now include user object - logout: single-token revoke + JwtAuthGuard protection - users.repository: switch from in-memory Map to Prisma persistence - JWT payload includes role, guards attach full user info to request - Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET) - Replace jwks-rsa+jsonwebtoken with jose library - Prisma User model: add role field - Independent DTO files with @Transform for empty string safety - Add 5 iOS login flow documentation files 2026-05-13 17:31:50 +08:00			`import * as crypto from 'crypto';`
			`import { Injectable } from '@nestjs/common';`
			`import { JwtService } from '@nestjs/jwt';`

			`@Injectable()`
			`export class TokenService {`
			`constructor(private readonly jwtService: JwtService) {}`

feat: AI三层架构 + 全局JwtAuthGuard + 12个Repository迁Prisma - AI: 新三层架构 Provider→Gateway→Workflow（15文件，DeepSeek+MiniMax） - Auth: 全局JwtAuthGuard + @Public()装饰器白名单路由 - DB: 12个Repository从Map/Array迁到Prisma - Schema: 新增AiUsageLog、WaitlistEntry模型 - API: /api-docs-json加Basic Auth保护 - 清理: 删除infrastructure/ai、docs/旧文档 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-17 00:39:46 +08:00			`generateAccessToken(user: { id: string; email?: string \| null; role?: string \| null }): Promise<string> {`
refactor(auth): restructure auth system, align with iOS login flow spec - Split AuthService into AppleAuthService, TokenService, AuthService - Add dev-login endpoint (dev-only, disabled in production) - AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce - Login/refresh responses now include user object - logout: single-token revoke + JwtAuthGuard protection - users.repository: switch from in-memory Map to Prisma persistence - JWT payload includes role, guards attach full user info to request - Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET) - Replace jwks-rsa+jsonwebtoken with jose library - Prisma User model: add role field - Independent DTO files with @Transform for empty string safety - Add 5 iOS login flow documentation files 2026-05-13 17:31:50 +08:00			`return this.jwtService.signAsync({`
feat: AI三层架构 + 全局JwtAuthGuard + 12个Repository迁Prisma - AI: 新三层架构 Provider→Gateway→Workflow（15文件，DeepSeek+MiniMax） - Auth: 全局JwtAuthGuard + @Public()装饰器白名单路由 - DB: 12个Repository从Map/Array迁到Prisma - Schema: 新增AiUsageLog、WaitlistEntry模型 - API: /api-docs-json加Basic Auth保护 - 清理: 删除infrastructure/ai、docs/旧文档 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-17 00:39:46 +08:00			`sub: user.id,`
refactor(auth): restructure auth system, align with iOS login flow spec - Split AuthService into AppleAuthService, TokenService, AuthService - Add dev-login endpoint (dev-only, disabled in production) - AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce - Login/refresh responses now include user object - logout: single-token revoke + JwtAuthGuard protection - users.repository: switch from in-memory Map to Prisma persistence - JWT payload includes role, guards attach full user info to request - Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET) - Replace jwks-rsa+jsonwebtoken with jose library - Prisma User model: add role field - Independent DTO files with @Transform for empty string safety - Add 5 iOS login flow documentation files 2026-05-13 17:31:50 +08:00			`email: user.email,`
			`role: user.role,`
			`});`
			`}`

			`generateRefreshToken(): { token: string; hash: string } {`
			`const token = crypto.randomBytes(48).toString('hex');`
			`const hash = crypto.createHash('sha256').update(token).digest('hex');`
			`return { token, hash };`
			`}`

			`hashToken(token: string): string {`
			`return crypto.createHash('sha256').update(token).digest('hex');`
			`}`
			`}`