Initial commit: HOA Financial Intelligence Platform MVP

Multi-tenant financial management platform for homeowner associations featuring: - NestJS backend with 16 modules (auth, accounts, transactions, budgets, units, invoices, payments, vendors, reserves, investments, capital projects, reports) - React + Mantine frontend with dashboard, CRUD pages, and financial reports - Schema-per-tenant PostgreSQL isolation with JWT-based tenant resolution - Docker Compose infrastructure (nginx, backend, frontend, postgres, redis) - Comprehensive seed data for Sunrise Valley HOA demo - 39 API endpoints with Swagger documentation - Double-entry bookkeeping with journal entries - Budget vs actual reporting and Sankey cash flow visualization Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 19:58:04 -05:00
commit 243770cea5
118 changed files with 8569 additions and 0 deletions
--- a/backend/src/modules/auth/auth.service.ts
+++ b/backend/src/modules/auth/auth.service.ts
@@ -0,0 +1,136 @@
+import {
+  Injectable,
+  UnauthorizedException,
+  ConflictException,
+} from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import * as bcrypt from 'bcrypt';
+import { UsersService } from '../users/users.service';
+import { RegisterDto } from './dto/register.dto';
+import { User } from '../users/entities/user.entity';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private usersService: UsersService,
+    private jwtService: JwtService,
+  ) {}
+
+  async register(dto: RegisterDto) {
+    const existing = await this.usersService.findByEmail(dto.email);
+    if (existing) {
+      throw new ConflictException('Email already registered');
+    }
+
+    const passwordHash = await bcrypt.hash(dto.password, 12);
+    const user = await this.usersService.create({
+      email: dto.email,
+      passwordHash,
+      firstName: dto.firstName,
+      lastName: dto.lastName,
+    });
+
+    return this.generateTokenResponse(user);
+  }
+
+  async validateUser(email: string, password: string): Promise<User> {
+    const user = await this.usersService.findByEmail(email);
+    if (!user || !user.passwordHash) {
+      throw new UnauthorizedException('Invalid credentials');
+    }
+
+    const isValid = await bcrypt.compare(password, user.passwordHash);
+    if (!isValid) {
+      throw new UnauthorizedException('Invalid credentials');
+    }
+
+    return user;
+  }
+
+  async login(user: User) {
+    await this.usersService.updateLastLogin(user.id);
+    const fullUser = await this.usersService.findByIdWithOrgs(user.id);
+    return this.generateTokenResponse(fullUser || user);
+  }
+
+  async getProfile(userId: string) {
+    const user = await this.usersService.findByIdWithOrgs(userId);
+    if (!user) {
+      throw new UnauthorizedException('User not found');
+    }
+    return {
+      id: user.id,
+      email: user.email,
+      firstName: user.firstName,
+      lastName: user.lastName,
+      organizations: user.userOrganizations?.map((uo) => ({
+        id: uo.organization.id,
+        name: uo.organization.name,
+        role: uo.role,
+      })) || [],
+    };
+  }
+
+  async switchOrganization(userId: string, organizationId: string) {
+    const user = await this.usersService.findByIdWithOrgs(userId);
+    if (!user) {
+      throw new UnauthorizedException('User not found');
+    }
+
+    const membership = user.userOrganizations?.find(
+      (uo) => uo.organizationId === organizationId && uo.isActive,
+    );
+    if (!membership) {
+      throw new UnauthorizedException('Not a member of this organization');
+    }
+
+    const payload = {
+      sub: user.id,
+      email: user.email,
+      orgId: membership.organizationId,
+      orgSchema: membership.organization.schemaName,
+      role: membership.role,
+    };
+
+    return {
+      accessToken: this.jwtService.sign(payload),
+      organization: {
+        id: membership.organization.id,
+        name: membership.organization.name,
+        role: membership.role,
+      },
+    };
+  }
+
+  private generateTokenResponse(user: User) {
+    const orgs = user.userOrganizations || [];
+    const defaultOrg = orgs[0];
+
+    const payload: Record<string, any> = {
+      sub: user.id,
+      email: user.email,
+    };
+
+    if (defaultOrg) {
+      payload.orgId = defaultOrg.organizationId;
+      payload.orgSchema = defaultOrg.organization?.schemaName;
+      payload.role = defaultOrg.role;
+    }
+
+    return {
+      accessToken: this.jwtService.sign(payload),
+      user: {
+        id: user.id,
+        email: user.email,
+        firstName: user.firstName,
+        lastName: user.lastName,
+      },
+      organizations: orgs.map((uo) => ({
+        id: uo.organizationId,
+        name: uo.organization?.name,
+        schemaName: uo.organization?.schemaName,
+        role: uo.role,
+      })),
+    };
+  }
+}