api-server/src/modules/auth/token.service.ts

import * as crypto from 'crypto';
import { Injectable } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';

@Injectable()
export class TokenService {
  constructor(private readonly jwtService: JwtService) {}

  generateAccessToken(user: { id: bigint; email?: string | null; role?: string | null }): Promise<string> {
    return this.jwtService.signAsync({
      sub: String(user.id),
      email: user.email,
      role: user.role,
    });
  }

  generateRefreshToken(): { token: string; hash: string } {
    const token = crypto.randomBytes(48).toString('hex');
    const hash = crypto.createHash('sha256').update(token).digest('hex');
    return { token, hash };
  }

  hashToken(token: string): string {
    return crypto.createHash('sha256').update(token).digest('hex');
  }
}
refactor(auth): restructure auth system, align with iOS login flow spec - Split AuthService into AppleAuthService, TokenService, AuthService - Add dev-login endpoint (dev-only, disabled in production) - AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce - Login/refresh responses now include user object - logout: single-token revoke + JwtAuthGuard protection - users.repository: switch from in-memory Map to Prisma persistence - JWT payload includes role, guards attach full user info to request - Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET) - Replace jwks-rsa+jsonwebtoken with jose library - Prisma User model: add role field - Independent DTO files with @Transform for empty string safety - Add 5 iOS login flow documentation files 2026-05-13 17:31:50 +08:00			`import * as crypto from 'crypto';`
			`import { Injectable } from '@nestjs/common';`
			`import { JwtService } from '@nestjs/jwt';`

			`@Injectable()`
			`export class TokenService {`
			`constructor(private readonly jwtService: JwtService) {}`

			`generateAccessToken(user: { id: bigint; email?: string \| null; role?: string \| null }): Promise<string> {`
			`return this.jwtService.signAsync({`
			`sub: String(user.id),`
			`email: user.email,`
			`role: user.role,`
			`});`
			`}`

			`generateRefreshToken(): { token: string; hash: string } {`
			`const token = crypto.randomBytes(48).toString('hex');`
			`const hash = crypto.createHash('sha256').update(token).digest('hex');`
			`return { token, hash };`
			`}`

			`hashToken(token: string): string {`
			`return crypto.createHash('sha256').update(token).digest('hex');`
			`}`
			`}`