feat(auth): implement complete Google OAuth authentication system

- Add authentication module with Google OAuth 2.0 and JWT strategies - Create secure user management with email hashing (SHA-256) - Implement rate limiting (10 requests/minute) for auth endpoints - Add CSRF protection and security middleware - Create user registration with Basic plan (50 quota default) - Add JWT-based session management with secure cookies - Implement protected routes with authentication guards - Add comprehensive API documentation with Swagger - Configure environment variables for OAuth and security - Add user profile management and quota tracking Resolves authentication requirements §18-20: - §18: Google OAuth 2.0 with email scope only - §19: Auto-create User record on first OAuth callback - §20: Store only Google UID, display name, and email hash 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-05 17:09:43 +02:00 · 2025-08-05 17:09:43 +02:00 · 9514a2d0a3
commit 9514a2d0a3
parent e7e09d5e2c
20 changed files with 1833 additions and 41 deletions
--- a/packages/api/src/main.ts
+++ b/packages/api/src/main.ts
@ -0,0 +1,105 @@
+import { NestFactory } from '@nestjs/core';
+import { ValidationPipe, Logger } from '@nestjs/common';
+import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
+import { ConfigService } from '@nestjs/config';
+import helmet from 'helmet';
+import * as compression from 'compression';
+import * as cookieParser from 'cookie-parser';
+
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const logger = new Logger('Bootstrap');
+  
+  const app = await NestFactory.create(AppModule);
+  const configService = app.get(ConfigService);
+  
+  // Global prefix for API routes
+  app.setGlobalPrefix('api');
+  
+  // Enable CORS
+  app.enableCors({
+    origin: configService.get<string>('CORS_ORIGIN', 'http://localhost:3000'),
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+    allowedHeaders: [
+      'Content-Type',
+      'Authorization',
+      'X-Requested-With',
+      'X-CSRF-Token',
+      'Accept',
+    ],
+  });
+  
+  // Security middleware
+  app.use(helmet({
+    contentSecurityPolicy: false, // We handle CSP in our custom middleware
+    crossOriginEmbedderPolicy: false, // Allow embedding for OAuth
+  }));
+  
+  // Compression middleware
+  app.use(compression());
+  
+  // Cookie parser
+  app.use(cookieParser(configService.get<string>('COOKIE_SECRET')));
+  
+  // Global validation pipe
+  app.useGlobalPipes(
+    new ValidationPipe({
+      whitelist: true, // Strip unknown properties
+      forbidNonWhitelisted: true, // Throw error for unknown properties
+      transform: true, // Transform payloads to DTO instances
+      disableErrorMessages: process.env.NODE_ENV === 'production',
+    }),
+  );
+  
+  // Swagger documentation (development only)
+  if (process.env.NODE_ENV !== 'production') {
+    const config = new DocumentBuilder()
+      .setTitle('SEO Image Renamer API')
+      .setDescription('AI-powered bulk image renaming SaaS API')
+      .setVersion('1.0')
+      .addBearerAuth(
+        {
+          type: 'http',
+          scheme: 'bearer',
+          bearerFormat: 'JWT',
+          name: 'JWT',
+          description: 'Enter JWT token',
+          in: 'header',
+        },
+        'JWT-auth',
+      )
+      .addTag('Authentication', 'Google OAuth and JWT authentication')
+      .addTag('Users', 'User management and profile operations')
+      .addTag('Batches', 'Image batch processing')
+      .addTag('Images', 'Individual image operations')
+      .addTag('Payments', 'Stripe payment processing')
+      .build();
+      
+    const document = SwaggerModule.createDocument(app, config);
+    SwaggerModule.setup('api/docs', app, document, {
+      customSiteTitle: 'SEO Image Renamer API Documentation',
+      customfavIcon: '/favicon.ico',
+      customCss: '.swagger-ui .topbar { display: none }',
+    });
+    
+    logger.log('Swagger documentation available at /api/docs');
+  }
+  
+  // Start server
+  const port = configService.get<number>('PORT', 3001);
+  await app.listen(port);
+  
+  logger.log(`🚀 SEO Image Renamer API running on port ${port}`);
+  logger.log(`📚 Environment: ${process.env.NODE_ENV || 'development'}`);
+  
+  if (process.env.NODE_ENV !== 'production') {
+    logger.log(`📖 API Documentation: http://localhost:${port}/api/docs`);
+  }
+}
+
+bootstrap().catch((error) => {
+  Logger.error('Failed to start application', error);
+  process.exit(1);
+});