feat(opsce): implement auth refresh, password reset, users CRUD and a…

[DevZee404]

Summary

This PR implements the following OPSCE backend features:

• Refresh token rotation and logout support ([BE-10] Implement refresh token rotation in opsce AuthModule #738)
• Password reset flow with email tokens ([BE-11] Implement password reset flow with email token in opsce module #739)
• UsersModule with CRUD endpoints and role management ([BE-12] Create UsersModule with CRUD endpoints in opsce module #740)
• Advanced asset search and filtering ([BE-17] Implement asset search and advanced filtering in opsce AssetsService #743)

Changes

#738 - Refresh Token Rotation

• Added POST /api/auth/refresh endpoint
• Implemented refresh token rotation
• Stored hashed refresh tokens in database
• Invalidated old refresh tokens after use
• Added logout endpoint to clear stored refresh token hash
• Configured 7-day refresh token expiration

#739 - Password Reset Flow

• Added POST /api/auth/forgot-password
• Added POST /api/auth/reset-password
• Created PasswordResetToken entity
• Implemented UUID-based reset tokens
• Added 1-hour token expiration
• Integrated nodemailer using SMTP environment variables
• Prevented email enumeration by always returning 200 on forgot-password

#740 - Users Module

• Created UsersModule
• Added paginated user listing endpoint
• Added authenticated profile endpoint
• Added profile update endpoint
• Added admin role update endpoint
• Added soft-delete functionality
• Implemented UserResponseDto excluding passwordHash and refreshTokenHash
• Protected endpoints using JwtAuthGuard and role-based authorization

#743 - Asset Search and Filtering

• Added FilterAssetsDto
• Implemented dynamic TypeORM QueryBuilder filtering
• Added ILIKE search on asset name and serial number
• Added filters for status, condition, category, department, location, assigned user, and date range
• Added sorting support with sortBy and sortOrder
• Added pagination with total count response

Testing

• Verified refresh token rotation behavior
• Verified password reset flow and token expiration
• Verified user CRUD and role management
• Verified asset filtering, sorting, and pagination

Closes #738
Closes #739
Closes #740
Closes #743

[vercel]

@DevZee404 is attempting to deploy a commit to the naijabuz's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

@DevZee404 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits