add user controller

[Faouzijedidi1]

User description

Add user controller

#93

---

Type

enhancement

---

Description

• Introduced a new UserController for handling user-related operations, secured with JWT authentication.
• Simplified the code in spotChecks.ts by removing unnecessary line breaks in the assignment of variables.
• Registered the new UserController within the UserModule to enable its functionalities.

---

Changes walkthrough

	Relevant files
Formatting	spotChecks.ts Simplify Spot Order and Exchange Index Validity Checks      server/src/common/helpers/checks/spotChecks.ts Simplified the assignment of validSpotOrderTypes and validExchangeIndexes by removing unnecessary line breaks. +2/-4
Enhancement	user.controller.ts Implement User Controller with JWT Authentication                server/src/modules/mixin/user/user.controller.ts Introduced a new UserController class with JWT authentication guard. Added a getAllUsers method to fetch all users. +15/-0    user.module.ts Register UserController in UserModule                                        server/src/modules/mixin/user/user.module.ts Registered UserController in the UserModule. +2/-0

---

✨ PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
mr-market	✅ Ready (Inspect)	Visit Preview	Mar 27, 2024 3:11am

[railway-app]

This PR is being deployed to Railway 🚅

Mr.Market: ◻️ REMOVED

[github-actions]

PR Description updated to latest commit (e8ec891)

[github-actions]

PR Review

⏱️ Estimated effort to review [1-5]	2, because the PR introduces a new feature with a moderate amount of code across three files. The changes are straightforward, involving the addition of a new controller and minor refactoring in an existing file. The logic seems simple, and the code modifications are not extensive.
🧪 Relevant tests	No
🔍 Possible issues	Possible Bug: The UserController lacks method-level security checks. While the controller is secured with JwtAuthGuard at the class level, individual methods might require additional permissions or roles checks depending on the application's security requirements.
🔒 Security concerns	No

Code feedback:

---

relevant file	server/src/modules/mixin/user/user.controller.ts
suggestion	Consider implementing role-based access control (RBAC) for different endpoints within the UserController. For instance, you might want to restrict certain actions to admin users only. This can be achieved by using NestJS's built-in @Roles decorator or a custom decorator that suits your application's needs. [important]
relevant line	@UseGuards(JwtAuthGuard)

---

relevant file	server/src/common/helpers/checks/spotChecks.ts
suggestion	It's good practice to ensure that the values being checked against the enums/maps are sanitized and validated to prevent potential issues such as type mismatches or injection attacks. Consider adding a validation layer if not already present. [medium]
relevant line	const validSpotOrderTypes: SpotOrderType[] = Object.keys(SPOT_ORDER_TYPE_MAP);

---

---

✨ Review tool usage guide:

---

Overview:
The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

• When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:

/review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

• With a configuration file, use the following template:

[pr_reviewer]
some_config1=...
some_config2=...

See the review usage page for a comprehensive guide on using this tool.

[github-actions]

PR Code Suggestions

Category	Suggestions
Enhancement	Improve type safety with as const assertion in Object.keys(). Consider using as const assertion to ensure Object.keys() returns a more specific type (readonly ["key1", "key2", ...]) instead of a general string[]. This can help with type safety when working with enums or known object keys. server/src/common/helpers/checks/spotChecks.ts [17-21] -const validSpotOrderTypes: SpotOrderType[] = Object.keys(SPOT_ORDER_TYPE_MAP); -const validExchangeIndexes: ExchangeIndex[] = Object.keys(SPOT_EXCHANGE_MAP); +const validSpotOrderTypes: readonly SpotOrderType[] = Object.keys(SPOT_ORDER_TYPE_MAP) as const; +const validExchangeIndexes: readonly ExchangeIndex[] = Object.keys(SPOT_EXCHANGE_MAP) as const;
	Implement pagination or limit the number of users returned. To enhance the security and flexibility of the getAllUsers method, consider implementing pagination or limiting the number of users returned in a single request. This can help prevent potential performance issues with large datasets and improve the overall security posture. server/src/modules/mixin/user/user.controller.ts [12-13] -async getAllUsers(): Promise<MixinUser[]> { - return this.userService.getAllUsers(); +async getAllUsers(@Query('limit') limit: number = 10): Promise<MixinUser[]> { + return this.userService.getAllUsers(limit); }
Best practice	Use @Inject decorator for better service injection. To ensure that the UserService is correctly injected and can be easily mocked for testing, consider using the @Inject decorator with a custom provider token instead of directly injecting the UserService class. server/src/modules/mixin/user/user.controller.ts [9] -constructor(private userService: UserService) {} +constructor(@Inject('USER_SERVICE') private userService: UserService) {}
	Avoid exporting controllers in modules. To ensure that the UserController is only accessible to modules that explicitly import the UserModule, consider removing the UserController from the exports array. Controllers should typically not be exported as they are meant to be route handlers rather than shared services. server/src/modules/mixin/user/user.module.ts [13] -controllers: [UserController], +controllers: [UserController], // No need to export controllers
	Specify explicit HTTP status codes in controller responses. To improve the readability and maintainability of the routes, consider using explicit HTTP status codes in the controller's response decorators. For example, specifying @HttpCode(HttpStatus.OK) for the getAllUsers method can make the intended response status clear. server/src/modules/mixin/user/user.controller.ts [11-13] @Get() +@HttpCode(HttpStatus.OK) async getAllUsers(): Promise<MixinUser[]> { return this.userService.getAllUsers(); }

---

✨ Improve tool usage guide:

---

Overview:
The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.

• When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:

/improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...

• With a configuration file, use the following template:

[pr_code_suggestions]
some_config1=...
some_config2=...

See the improve usage page for a comprehensive guide on using this tool.