✨ feat(account, order, plan, profile, redis): enhance functionality and security

- Updated CORS settings for frontend compatibility.
- Integrated Redis URL configuration.
- Improved login response structure in account service.
- Added role-based authorization for order and plan management.
- Enhanced error handling and logging in profile and plan services.
- Updated Swagger documentation for clarity on order statuses.
- Configured Redis connection for better performance.

dist/app/modules/account/account.controller.js

@@ -32,7 +32,7 @@ const verify_account_using_link = catchAsync(async (req, res) => {
 const login_user = catchAsync(async (req, res) => {
     const result = await account_services.login_user_into_db(req);
     // set access token into cookie
-    res.cookie("access_token", result, {
+    res.cookie("access_token", result.accessToken, {
         secure: configs.env === "production",
         httpOnly: true,
     });
@@ -40,9 +40,7 @@ const login_user = catchAsync(async (req, res) => {
         statusCode: 200,
         success: true,
         message: "User logged in successfully",
-        data: {
-            accessToken: result,
-        },
+        data: result,
     });
 });
 const get_user_account = catchAsync(async (req, res) => {

dist/app/modules/account/account.service.js

@@ -60,6 +60,10 @@ const create_account_into_db = async (req) => {
         subject: "Welcome to Quick Launch - Verification OTP",
         email: payload.email,
         textBody: "You can use otp or verification link for verifying your account"
+    }, {
+        attempts: 1,
+        removeOnComplete: true,
+        removeOnFail: true,
     });
     return null;
 };
@@ -143,6 +147,15 @@ const login_user_into_db = async (req) => {
         where: {
             email: payload.email,
         },
+        select: {
+            id: true,
+            email: true,
+            role: true,
+            isAccountVerified: true,
+            isDeleted: true,
+            password: true,
+            profile: true,
+        },
     });
     // check if account exists
     if (!account) {
@@ -167,7 +180,17 @@ const login_user_into_db = async (req) => {
         role: account.role,
         accountId: account.id,
     }, configs.jwt.access_token, configs.jwt.access_expires);
-    return accessToken;
+    const finalOutputData = {
+        id: account.id,
+        email: account.email,
+        role: account.role,
+        shopName: account?.profile?.shopName,
+        shopLogo: account?.profile?.shopLogo,
+    };
+    return {
+        accessToken,
+        profile: finalOutputData
+    };
 };
 const get_user_account_from_db = async (req) => {
     const user = req?.user;

dist/app/modules/order/order.service.js

@@ -147,6 +147,10 @@ const update_order_into_db = async (req) => {
 const delete_order_from_db = async (req) => {
     // define your own login here
     const { id } = req.params;
+    const user = req.user;
+    if (user?.role !== "ADMIN") {
+        throw new AppError("You are not authorized to perform this action", 403);
+    }
     const result = await prisma.order.delete({ where: { id } });
     return result;
 };

dist/app/modules/order/order.swagger.js

@@ -3,7 +3,11 @@ export const orderSwaggerDocs = {
         post: {
             tags: ["order"],
             summary: "Create  new order",
-            description: "",
+            description: ` INITIATED
+    CONFIRMED
+    ONGOING
+    DELIVERED
+    CANCELLED`,
             requestBody: {
                 required: true,
                 content: {
@@ -115,7 +119,7 @@ export const orderSwaggerDocs = {
         },
         patch: {
             tags: ["order"],
-            summary: "Update order",
+            summary: "Update order -(Admin route)",
             description: "",
             parameters: [
                 {

dist/app/modules/plan/plan.route.js

@@ -1,11 +1,12 @@
 import { Router } from "express";
+import auth from "../../middlewares/auth.js";
 import RequestValidator from "../../middlewares/request_validator.js";
 import { plan_controller } from "./plan.controller.js";
 import { plan_validations } from "./plan.validation.js";
 const router = Router();
 router.get("/", plan_controller.get_all_plan);
-router.post("/", RequestValidator(plan_validations.create_plan), plan_controller.create_plan);
+router.post("/", RequestValidator(plan_validations.create_plan), auth("ADMIN"), plan_controller.create_plan);
 router.get("/:id", plan_controller.get_single_plan);
-router.patch("/:id", RequestValidator(plan_validations.update_plan), plan_controller.update_plan);
-router.delete("/:id", plan_controller.delete_plan);
+router.patch("/:id", RequestValidator(plan_validations.update_plan), auth("ADMIN"), plan_controller.update_plan);
+router.delete("/:id", auth("ADMIN"), plan_controller.delete_plan);
 export default router;

dist/app/modules/plan/plan.service.js

@@ -17,7 +17,7 @@ const get_single_plan_from_db = async (req) => {
 };
 const create_plan_into_db = async (req) => {
     // define your own login here
-    const user = req.user;
+    const user = req?.user;
     if (user?.role !== "ADMIN") {
         throw new AppError("You don’t have permission to create plan information.!!!", 401);
     }

dist/app/modules/profile/profile.service.js

@@ -4,6 +4,7 @@ const update_profile_into_db = async (req) => {
     const user = req?.user;
     const payload = req?.body;
     const file = req?.file;
+    console.log(payload);
     // check file and upload to cloud
     if (file) {
         const cloudRes = await uploadCloud(file);