search

Hu-Fi / Mr.Market

Mr. Market is the exchange oracle of HuFi, and a CeFi crypto bot on Mixin Messenger
https://mr-market-one.vercel.app
GNU Affero General Public License v3.0
1 stars 6 forks source link

add user controller #99

Closed Faouzijedidi1 closed 3 months ago

Faouzijedidi1 commented 3 months ago

User description

Add user controller

https://github.com/Hu-Fi/Mr.Market/issues/93

Type

enhancement

Description

Changes walkthrough

Relevant files
Formatting
spotChecks.ts
Simplify Spot Order and Exchange Index Validity Checks     
server/src/common/helpers/checks/spotChecks.ts
  • Simplified the assignment of validSpotOrderTypes and
    validExchangeIndexes by removing unnecessary line breaks.
    		•  +2/-4     
    Enhancement
    user.controller.ts
    Implement User Controller with JWT Authentication               
    server/src/modules/mixin/user/user.controller.ts
  • Introduced a new UserController class with JWT authentication guard.
  • Added a getAllUsers method to fetch all users.
    		•  +15/-0   
    user.module.ts
    Register UserController in UserModule                                       
    server/src/modules/mixin/user/user.module.ts - Registered `UserController` in the `UserModule`.
    		+2/-0     

    PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    vercel[bot] commented 3 months ago

    The latest updates on your projects. Learn more about Vercel for Git ↗︎

    Name Status Preview Updated (UTC)
    mr-market ✅ Ready (Inspect) Visit Preview Mar 27, 2024 3:11am
    railway-app[bot] commented 3 months ago

    This PR is being deployed to Railway 🚅

    Mr.Market: ◻️ REMOVED

    github-actions[bot] commented 3 months ago

    PR Description updated to latest commit (https://github.com/Hu-Fi/Mr.Market/commit/e8ec8910d317978b71ee51db88d34e11cf1d50e6)

    github-actions[bot] commented 3 months ago

    PR Review

    ⏱️ Estimated effort to review [1-5] 2, because the PR introduces a new feature with a moderate amount of code across three files. The changes are straightforward, involving the addition of a new controller and minor refactoring in an existing file. The logic seems simple, and the code modifications are not extensive.
    🧪 Relevant tests No
    🔍 Possible issues Possible Bug: The `UserController` lacks method-level security checks. While the controller is secured with `JwtAuthGuard` at the class level, individual methods might require additional permissions or roles checks depending on the application's security requirements.
    🔒 Security concerns No
    Code feedback:
    relevant fileserver/src/modules/mixin/user/user.controller.ts
    suggestion       Consider implementing role-based access control (RBAC) for different endpoints within the `UserController`. For instance, you might want to restrict certain actions to admin users only. This can be achieved by using NestJS's built-in `@Roles` decorator or a custom decorator that suits your application's needs. [important]
    relevant line@UseGuards(JwtAuthGuard)
    relevant fileserver/src/common/helpers/checks/spotChecks.ts
    suggestion       It's good practice to ensure that the values being checked against the enums/maps are sanitized and validated to prevent potential issues such as type mismatches or injection attacks. Consider adding a validation layer if not already present. [medium]
    relevant lineconst validSpotOrderTypes: SpotOrderType[] = Object.keys(SPOT_ORDER_TYPE_MAP);
    ✨ Review tool usage guide:
    **Overview:** The `review` tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be [added](https://pr-agent-docs.codium.ai/tools/review/#general-configurations) by configuring the tool. The tool can be triggered [automatically](https://pr-agent-docs.codium.ai/usage-guide/automations_and_usage/#github-app-automatic-tools-when-a-new-pr-is-opened) every time a new PR is opened, or can be invoked manually by commenting on any PR. - When commenting, to edit [configurations](https://github.com/Codium-ai/pr-agent/blob/main/pr_agent/settings/configuration.toml#L23) related to the review tool (`pr_reviewer` section), use the following template: ``` /review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=... ``` - With a [configuration file](https://pr-agent-docs.codium.ai/usage-guide/configuration_options/), use the following template: ``` [pr_reviewer] some_config1=... some_config2=... ``` See the review [usage page](https://pr-agent-docs.codium.ai/tools/review/) for a comprehensive guide on using this tool.
    github-actions[bot] commented 3 months ago

    PR Code Suggestions

    CategorySuggestions                                                                                                                                                       
    Enhancement
    Improve type safety with as const assertion in Object.keys(). ___ **Consider using as const assertion to ensure Object.keys() returns a more specific type
    (readonly ["key1", "key2", ...]) instead of a general string[]. This can help with type
    safety when working with enums or known object keys.** [server/src/common/helpers/checks/spotChecks.ts [17-21]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-149a7f6a722ed2b5d682d3cb8c1e228d5664c2540841e5056dc063ae9f3c754aR17-R21) ```diff -const validSpotOrderTypes: SpotOrderType[] = Object.keys(SPOT_ORDER_TYPE_MAP); -const validExchangeIndexes: ExchangeIndex[] = Object.keys(SPOT_EXCHANGE_MAP); +const validSpotOrderTypes: readonly SpotOrderType[] = Object.keys(SPOT_ORDER_TYPE_MAP) as const; +const validExchangeIndexes: readonly ExchangeIndex[] = Object.keys(SPOT_EXCHANGE_MAP) as const; ```
    Implement pagination or limit the number of users returned. ___ **To enhance the security and flexibility of the getAllUsers method, consider implementing
    pagination or limiting the number of users returned in a single request. This can help
    prevent potential performance issues with large datasets and improve the overall security
    posture.** [server/src/modules/mixin/user/user.controller.ts [12-13]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-7677daa10234c32f3ef3eafbbe760e7f277c6ed48e2687e7c7e03a0627479997R12-R13) ```diff -async getAllUsers(): Promise { - return this.userService.getAllUsers(); +async getAllUsers(@Query('limit') limit: number = 10): Promise { + return this.userService.getAllUsers(limit); } ```
    Best practice
    Use @Inject decorator for better service injection. ___ **To ensure that the UserService is correctly injected and can be easily mocked for testing,
    consider using the @Inject decorator with a custom provider token instead of directly
    injecting the UserService class.** [server/src/modules/mixin/user/user.controller.ts [9]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-7677daa10234c32f3ef3eafbbe760e7f277c6ed48e2687e7c7e03a0627479997R9-R9) ```diff -constructor(private userService: UserService) {} +constructor(@Inject('USER_SERVICE') private userService: UserService) {} ```
    Avoid exporting controllers in modules. ___ **To ensure that the UserController is only accessible to modules that explicitly import the
    UserModule, consider removing the UserController from the exports array. Controllers
    should typically not be exported as they are meant to be route handlers rather than shared
    services.** [server/src/modules/mixin/user/user.module.ts [13]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-479d7662ba28d250dba344a4a66f1a92f97f4e415ca919b7fd4120d65253e8c0R13-R13) ```diff -controllers: [UserController], +controllers: [UserController], // No need to export controllers ```
    Specify explicit HTTP status codes in controller responses. ___ **To improve the readability and maintainability of the routes, consider using explicit HTTP
    status codes in the controller's response decorators. For example, specifying
    @HttpCode(HttpStatus.OK) for the getAllUsers method can make the intended response status
    clear.** [server/src/modules/mixin/user/user.controller.ts [11-13]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-7677daa10234c32f3ef3eafbbe760e7f277c6ed48e2687e7c7e03a0627479997R11-R13) ```diff @Get() +@HttpCode(HttpStatus.OK) async getAllUsers(): Promise { return this.userService.getAllUsers(); } ```
    ✨ Improve tool usage guide:
    **Overview:** The `improve` tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered [automatically](https://pr-agent-docs.codium.ai/usage-guide/automations_and_usage/#github-app-automatic-tools-when-a-new-pr-is-opened) every time a new PR is opened, or can be invoked manually by commenting on a PR. - When commenting, to edit [configurations](https://github.com/Codium-ai/pr-agent/blob/main/pr_agent/settings/configuration.toml#L78) related to the improve tool (`pr_code_suggestions` section), use the following template: ``` /improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=... ``` - With a [configuration file](https://pr-agent-docs.codium.ai/usage-guide/configuration_options/), use the following template: ``` [pr_code_suggestions] some_config1=... some_config2=... ``` See the improve [usage page](https://pr-agent-docs.codium.ai/tools/improve/) for a comprehensive guide on using this tool.