45 lines (36 loc) · 1.63 KB

AuthUsecase

Purpose

Authenticates a user and returns an access token only when the account is allowed to log in.

Trigger / entry point

Internal invocation through dependency injection (Inversify).

Inputs

Name	Required	Type	Description
`dto`	Yes	`object`	Authentication input DTO containing `email` and `password`.

Preconditions

The email must resolve to a stored user with a hashed password.
The user must not be in INCOME state.
Coaches with a current subscription in suspended, expired, or cancelled state must be denied.
Historical coaches without a subscription remain temporarily exempt.

Main flow

Loads the user with the stored password hash.
Rejects missing users, missing passwords, and INCOME accounts.
Verifies the submitted password.
For coaches, loads the current subscription and blocks denied statuses while preserving the generic invalid-credentials response.
Signs and returns the access token.

Outputs / side effects

Returns the access-token session payload.
Logs execution errors through the logger service before normalization/rethrow.

Error cases / edge cases

Throws ERRORS.INVALID_CREDENTIALS for invalid credentials, denied coach subscription statuses, and INCOME users.
Historical coaches with no subscription continue to authenticate normally.
Normalizes unexpected failures to ERRORS.AUTH_USECASE_FAIL.

Dependencies

bddService
cryptService
jwtService
loggerService

Related files

api/src/usecases/auth/auth.usecase.ts
api/src/usecases/auth/__tests__/auth.usecase.spec.ts