🐛 (user) fix user check password

src/helpers/error/handler/index.ts

@@ -51,5 +51,5 @@ export const mainErrorHandler = (set: Context["set"], error: unknown) => {
     );
   }
 
-  return returnErrorResponse(set, 500, "Internal server error");
+  return returnErrorResponse(set, 500, "Internal server error", error);
 };

src/helpers/security/password/compare.ts

@@ -0,0 +1,13 @@
+import { AppError } from "../../error/instances/app";
+import bcrypt from "bcrypt";
+
+export const comparePassword = async (
+  passwordInput: string,
+  passwordRaw: string
+) => {
+  try {
+    return bcrypt.compare(passwordInput, passwordRaw);
+  } catch (error) {
+    throw new AppError(401, "Invalid credentials", error);
+  }
+};

src/modules/auth/services/loginWithPassword.service.ts

@@ -13,7 +13,10 @@ export const loginWithPasswordService = async (
 ) => {
   try {
     // search for user data using an identifier (username or email)
-    const userData = await findUserByEmailOrUsernameService(request.identifier);
+    const userData = await findUserByEmailOrUsernameService(
+      request.identifier,
+      { verbose: true }
+    );
 
     // if user data is not found, throw an error
     if (!userData) throw new AppError(404, "User not found");

src/modules/user/controller/checkUserPassword.controller.ts

@@ -2,11 +2,26 @@ import { Context } from "elysia";
 import { checkUserPasswordService } from "../services/checkUserPassword.service";
 import { jwtDecode } from "../../../helpers/http/jwt/decode";
 import { getCookie } from "../../../helpers/http/userHeader/cookies/getCookies";
+import { mainErrorHandler } from "../../../helpers/error/handler";
+import { returnWriteResponse } from "../../../helpers/callback/httpResponse";
 
 export const checkUserPasswordController = async (
   ctx: Context & { body: { password: string } }
 ) => {
+  try {
     const cookie = getCookie(ctx);
     const jwtPayload = jwtDecode(cookie.auth_token!);
-  return checkUserPasswordService(jwtPayload, ctx.body.password);
+    const checkUserPassword = await checkUserPasswordService(
+      jwtPayload.user.username,
+      ctx.body.password
+    );
+    return returnWriteResponse(
+      ctx.set,
+      204,
+      "Password is valid",
+      checkUserPassword
+    );
+  } catch (error) {
+    return mainErrorHandler(ctx.set, error);
+  }
 };

src/modules/user/repositories/findUserByEmailOrUsername.repository.ts

@@ -1,16 +1,20 @@
+import { FindUserByEmailOrUsernameOptions } from "../services/findUserByEmailOrUsername.service";
 import { userModel } from "../user.model";
 
-export const findUserByEmailOrUsernameRepo = async (identifier: string) => {
+export const findUserByEmailOrUsernameRepo = async (
+  identifier: string,
+  options: FindUserByEmailOrUsernameOptions
+) => {
   const userData =
     (await userModel.findUnique({
       where: { email: identifier },
       include: {
         roles: {
           omit: {
-            createdBy: true,
-            createdAt: true,
-            updatedAt: true,
-            deletedAt: true,
+            createdBy: !options.verbose,
+            createdAt: !options.verbose,
+            updatedAt: !options.verbose,
+            deletedAt: !options.verbose,
           },
         },
       },
@@ -20,10 +24,10 @@ export const findUserByEmailOrUsernameRepo = async (identifier: string) => {
       include: {
         roles: {
           omit: {
-            createdBy: true,
-            createdAt: true,
-            updatedAt: true,
-            deletedAt: true,
+            createdBy: !options.verbose,
+            createdAt: !options.verbose,
+            updatedAt: !options.verbose,
+            deletedAt: !options.verbose,
           },
         },
       },

src/modules/user/services/checkUserPassword.service.ts

@@ -1,8 +1,26 @@
-import { JWTAuthToken } from "../../../helpers/http/jwt/decode/types";
+import { AppError } from "../../../helpers/error/instances/app";
+import { ErrorForwarder } from "../../../helpers/error/instances/forwarder";
+import { comparePassword } from "../../../helpers/security/password/compare";
+import { findUserByEmailOrUsernameService } from "./findUserByEmailOrUsername.service";
+import { User } from "@prisma/client";
 
 export const checkUserPasswordService = async (
-  jwtPayload: JWTAuthToken,
+  username: string,
   password: string
 ) => {
-  return `id user "${jwtPayload.userId}" cek password "${password}"`;
+  try {
+    const userData = (await findUserByEmailOrUsernameService(username, {
+      verbose: true,
+    })) as User;
+    const RawPassword = userData.password;
+
+    const matchingPassword = await comparePassword(password, RawPassword);
+    if (!matchingPassword) {
+      throw new AppError(401, "Invalid Credential");
+    }
+
+    return true;
+  } catch (error) {
+    ErrorForwarder(error);
+  }
 };

src/modules/user/services/findUserByEmailOrUsername.service.ts

@@ -1,9 +1,19 @@
+import { AppError } from "../../../helpers/error/instances/app";
 import { ErrorForwarder } from "../../../helpers/error/instances/forwarder";
 import { findUserByEmailOrUsernameRepo } from "../repositories/findUserByEmailOrUsername.repository";
 
-export const findUserByEmailOrUsernameService = async (identifier: string) => {
+export interface FindUserByEmailOrUsernameOptions {
+  verbose?: boolean;
+}
+
+export const findUserByEmailOrUsernameService = async (
+  identifier: string,
+  options: FindUserByEmailOrUsernameOptions = {}
+) => {
   try {
-    const userData = await findUserByEmailOrUsernameRepo(identifier);
+    const userData = await findUserByEmailOrUsernameRepo(identifier, options);
+    if (!userData) throw new AppError(404, "User not found");
+
     return userData;
   } catch (error) {
     ErrorForwarder(error);