Importar o projeto finalizado #57

leandrodomingues2051 · 2025-03-18T19:16:29Z

O projeto está finalizado, com foco em cima dos pontos que foram abordados nas instruções e no mockup.
As informações estão contidas nos arquivos do repositório. Convite recebido na terça feira passada e hoje (terça 18) completa o prazo estimulado. Agradeço o convite de participação!
Contato: leandrodomingues2051@gmail.com

Summary by CodeRabbit

New Features
- Enhanced task management endpoints for creating, updating, deleting, and filtering tasks.
- Improved user authentication and profile handling with streamlined registration and secure login.
- Introduction of a new environment configuration system with .env.example for setup guidance.
- Added support for JWT authentication and user management functionalities.
- New modules for user and task management, including controllers and services.
- Implementation of Data Transfer Objects (DTOs) for user and task validation.
- New Dockerfile and docker-compose.yml for simplified application deployment.
- New configuration files for Jest end-to-end testing and TypeScript build settings.
- Added a new nest-cli.json for NestJS CLI configuration.
Documentation
- Comprehensive update of guidance materials for setup, usage, and API interactions, including new CHALLENGE.md and README.md files.
- Introduction of .env.example for environment variable configuration.
System Improvements
- Upgraded development and testing infrastructure, including new Docker and CI/CD configurations, to ensure a more reliable and performant experience.
- Restructured TypeScript configuration for better compatibility and modern practices.
- New Jest configuration for end-to-end testing and improved test structure.

coderabbitai · 2025-03-18T19:16:37Z

Walkthrough

The changes represent a major migration from an AdonisJS setup to a NestJS application. Legacy AdonisJS configuration files, controllers, routes, Ace commands, and testing setups have been removed. In their place, new files and modules for NestJS have been introduced, covering application bootstrap, authentication, task management, and user management. The changes further add Docker support, CI/CD configurations, updated project documentation, and enhanced TypeScript configurations.

Changes

Files	Change Summary
`.adonisrc.json`, `.editorconfig`, `ace`, `ace-manifest.json`, `server.ts`, `start/routes.ts`, `tests/bootstrap.ts`, `tests/functional/vehicles-api.spec.ts`	Removed legacy AdonisJS configurations, routing, command, exception, and testing files.
`.docker/start.dev.sh`, `.dockerignore`, `Dockerfile`, `docker-compose.yml`, `.github/workflows/node.js.yml`, `.gitlab-ci.yml`, `LICENSE.md`	Added Docker scripts, Dockerfiles, multi-service orchestration, and CI/CD pipeline configurations.
`.eslintrc.js`, `.prettierrc`, `.prettierignore` (removed), `nest-cli.json`, `tsconfig.json`, `tsconfig.build.json`, `package.json`	Introduced and updated linting, formatting, NestJS CLI, TypeScript, and dependency settings.
`CHALLENGE.md`, `PULL_REQUEST.md`, `README.md`	Updated and expanded project documentation and challenge guidelines.
`src/app.controller.ts`, `src/app.module.ts`, `src/app.service.ts`, `src/main.ts`	Created new NestJS application structure and bootstrap files.
`src/auth/*` (e.g., `auth.service.ts`, `jwt.strategy.ts`, `jwt.guard.ts`, `local.strategy.ts`, `local.guard.ts`)	Added authentication module with JWT and local strategies.
`src/task/*` (e.g., DTOs, `task.controller.ts`, `task.entity.ts`, `task.module.ts`, `task.service.ts`)	Implemented task management module with CRUD endpoints.
`src/user/*` (e.g., DTOs, `user.controller.ts`, `user.entity.ts`, `user.module.ts`, `user.service.ts`)	Established user management module supporting registration, login, profile, update, and deletion.
`test/app.e2e-spec.ts`, `jest-e2e.json`	Added end-to-end testing setup for the NestJS application.

Sequence Diagram(s)

sequenceDiagram
    participant C as Client
    participant UC as UserController
    participant Auth as AuthService
    participant US as UserService
    participant JWT as JwtService

    C->>UC: POST /login (credentials)
    UC->>Auth: validateUser(username, password)
    Auth->>US: validate(username, password)
    US-->>Auth: User details / error
    alt valid user
      Auth->>JWT: sign({id, username})
      JWT-->>Auth: Token
      Auth-->>UC: Token response
      UC-->>C: Set auth cookie & response
    else invalid user
      Auth-->>UC: null
      UC-->>C: Unauthorized response
    end

sequenceDiagram
    participant C as Client
    participant TC as TaskController
    participant TS as TaskService
    participant DB as Database

    C->>TC: POST /tasks (CreateTaskDto)
    TC->>TS: createTask(userId, CreateTaskDto)
    TS->>DB: Insert task record
    DB-->>TS: Task created confirmation
    TS-->>TC: Return created task info
    TC-->>C: Success response with task data

Poem

Hop along the new code lanes we tread,
Goodbye old routes, let Nest shine ahead.
Auth and tasks in modular flight,
Docker and CI keep our code light.
From legacy removals to future bright,
I, a rabbit in code, hop with delight! 🐰

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

src/app.controller.spec.ts

Oops! Something went wrong! :(

ESLint: 9.22.0

ESLint couldn't find an eslint.config.(js|mjs|cjs) file.

From ESLint v9.0.0, the default configuration file is now eslint.config.js.
If you are using a .eslintrc.* file, please follow the migration guide
to update your configuration file to the new format:

https://eslint.org/docs/latest/use/configure/migration-guide

If you still have problems after following the migration guide, please stop by
https://eslint.org/chat/help to chat with the team.

.eslintrc.js

Oops! Something went wrong! :(

ESLint: 9.22.0

ESLint couldn't find an eslint.config.(js|mjs|cjs) file.

From ESLint v9.0.0, the default configuration file is now eslint.config.js.
If you are using a .eslintrc.* file, please follow the migration guide
to update your configuration file to the new format:

https://eslint.org/docs/latest/use/configure/migration-guide

If you still have problems after following the migration guide, please stop by
https://eslint.org/chat/help to chat with the team.

src/app.controller.ts

Oops! Something went wrong! :(

ESLint: 9.22.0

ESLint couldn't find an eslint.config.(js|mjs|cjs) file.

From ESLint v9.0.0, the default configuration file is now eslint.config.js.
If you are using a .eslintrc.* file, please follow the migration guide
to update your configuration file to the new format:

https://eslint.org/docs/latest/use/configure/migration-guide

If you still have problems after following the migration guide, please stop by
https://eslint.org/chat/help to chat with the team.

25 others

✨ Finishing Touches

📝 Generate Docstrings

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 20

🧹 Nitpick comments (42)

CHALLENGE.md (1)

1-85: Nitpick: Refining Markdown Headings and Stylistic Consistency
Several headings (e.g., ## Corelab Challenge: on line 1) include trailing punctuation that conflicts with markdownlint rules (MD026). Consider removing the trailing colons for cleaner headings (e.g., change ## Corelab Challenge: to ## Corelab Challenge).

Additionally, update any occurrences of "Node JS" to the official "Node.js" and consider replacing phrases like "feel free to" with a more formal alternative to enhance professionalism.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

[grammar] ~15-~15: Please check the verb form.
Context: ...nd show us your skills. ### The Layout Open the [layout mockup](https://www.figma.c...

(SHE_LIVE)

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)

🪛 markdownlint-cli2 (0.17.2)

1-1: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

19-19: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

27-27: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

32-32: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

37-37: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)
src/common/decorators/auth-user.decorator.ts (3)
4-8: Add null check for user object.

The decorator extracts the user from the request context but doesn't validate that it exists before returning it. This could lead to runtime errors if the decorator is used in a route that's not properly protected by authentication guards.
 const AuthUser = createParamDecorator((_, ctx: ExecutionContext) => {
   const request = ctx.switchToHttp().getRequest();
   const user = request.user as UserEntity;
+  if (!user) {
+    throw new Error('User not found in request. Make sure this route is protected by authentication guards.');
+  }
   return user;
 });
2-2: Consider using absolute imports.

The relative import path (./../../user/entities/user.entity) could cause maintenance issues if files are moved around. Consider configuring TypeScript path aliases to use absolute imports instead.
- import { UserEntity } from './../../user/entities/user.entity';
+ import { UserEntity } from '@app/user/entities/user.entity';
This requires configuring path aliases in your tsconfig.json:
{
  "compilerOptions": {
    "paths": {
      "@app/*": ["src/*"]
    }
  }
}
9-9: Consider using named exports instead of default exports.

NestJS codebase typically uses named exports for consistency. Named exports also make it clearer what's being imported when looking at import statements.
- export default AuthUser;
+ export { AuthUser };
src/task/task.module.ts (1)
11-12: Consider documenting the circular dependency reason.

The use of forwardRef indicates a circular dependency between TaskModule and UserModule. Consider adding a comment explaining why this circular dependency exists and why it can't be refactored into a more straightforward relationship.
  imports: [
    TypeOrmModule.forFeature([TaskEntity, UserEntity]),
+   // Circular dependency needed because TaskModule depends on UserModule for user validation,
+   // while UserModule needs TaskModule for retrieving user tasks
    forwardRef(() => UserModule),
  ],
src/user/dto/create-user.dto.ts (1)
3-7: Consider adding length constraints for username.

The username field is only validated to be a non-empty string. Consider adding minimum and maximum length constraints for better validation.
  @IsNotEmpty()
  @IsString()
+ @MinLength(3)
+ @MaxLength(20)
  username: string;
src/task/dto/create-task.dto.ts (1)
24-26: Consider adding color format validation.

The color field accepts any string without format validation. Consider adding a regex pattern validation to ensure it's a valid color format (hex, RGB, or named color).
  @IsString()
  @IsOptional()
+ @Matches(/^(#[0-9A-Fa-f]{6}|rgb$\d{1,3},\s*\d{1,3},\s*\d{1,3}$|[a-zA-Z]+)$/, {
+   message: 'Color must be in valid format: hex (#RRGGBB), RGB, or color name',
+ })
  color?: string;
src/common/envs/.env.example (2)
1-9: Consider adding descriptive comments to the environment variables.

To improve maintainability and onboarding experience, add comments explaining each environment variable's purpose and expected format.
+# Base URL for the application
 BASE_URL=
+# Port on which the application will run
 PORT=

+# Database connection details
 DATABASE_HOST=
 DATABASE_PORT=
-DATBASE_USERNAME=
+DATABASE_USERNAME=
 DATABASE_PASSWORD=
 DATABASE_NAME=
+# Secret for JWT token generation (should be complex and secure)
 JWT_SECRET=
1-9: Consider adding additional environment variables for a complete setup.

The current environment file is missing some potentially useful configuration variables that are commonly needed in NestJS applications.
 BASE_URL=
 PORT=
+
+# Environment
+NODE_ENV=
 
 DATABASE_HOST=
 DATABASE_PORT=
 DATABASE_USERNAME=
 DATABASE_PASSWORD=
 DATABASE_NAME=
+
+# JWT Configuration
 JWT_SECRET=
+JWT_EXPIRATION=
+
+# Logging
+LOG_LEVEL=
src/app.controller.ts (1)
1-12: LGTM! Simple and effective controller implementation.

The controller follows NestJS best practices with proper dependency injection and decorator usage.

Consider adding Swagger documentation if you plan to document your API:
-import { Controller, Get } from '@nestjs/common';
+import { Controller, Get } from '@nestjs/common';
+import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { AppService } from './app.service';

 @Controller()
+@ApiTags('app')
 export class AppController {
   constructor(private readonly appService: AppService) {}

   @Get()
+  @ApiOperation({ summary: 'Get hello message' })
+  @ApiResponse({ status: 200, description: 'Returns hello message' })
   getHello(): string {
     return this.appService.getHello();
   }
 }
src/auth/jwt.strategy.ts (1)
1-37: Secure JWT strategy implementation with cookie-based token extraction.

The strategy correctly validates tokens aren't expired, obtains the secret from environment configuration, and verifies the user exists. The cookie-based extraction is a good security practice compared to using Authorization headers.

You might consider adding additional validation in the validate method, such as checking if the user account is still active or not suspended:
  async validate(payload: any) {
    const user = await this.userService.findById(payload.id);
    if (!user) {
      throw new UnauthorizedException();
    }
+   // Additional validation
+   if (!user.isActive) {
+     throw new UnauthorizedException('User account is inactive');
+   }
    return user;
  }
src/main.ts (2)
7-30: Bootstrap function looks good but could have better error handling

The bootstrap function effectively sets up the NestJS application with validation, CORS, and other necessary middleware. However, it would benefit from try/catch error handling to gracefully manage initialization failures.
 async function bootstrap() {
+  try {
     const app = await NestFactory.create(AppModule);
     app.useGlobalPipes(
       new ValidationPipe({
         transform: true,
         whitelist: true,
         forbidNonWhitelisted: true,
       }),
     );
     //Config Service
     const configService: ConfigService = app.get(ConfigService);
     //Set port with environment variable
     const port: number = configService.get<number>('PORT');

     app.enableCors({ origin: true, credentials: true });
     app.use(cookieParser());
     app.setGlobalPrefix('api');
     await app.listen(port, () => {
       console.log(
         'Running server at',
         configService.get<string>('BASE_URL') + ':' + port, //Set base URL with environment variable
       );
     });
+  } catch (error) {
+    console.error('Failed to start application:', error);
+    process.exit(1);
+  }
 }
21-21: Consider more specific CORS configuration

The current CORS configuration is very permissive with origin: true. In production, you should define specific allowed origins.
-  app.enableCors({ origin: true, credentials: true });
+  // In development
+  const isDev = process.env.NODE_ENV === 'development';
+  app.enableCors({ 
+    origin: isDev ? true : configService.get<string>('ALLOWED_ORIGINS', '').split(','),
+    credentials: true 
+  });
src/task/dto/update-task.dto.ts (2)
3-21: Make optional property marking consistent and add color validation

There's inconsistency in how optional properties are marked. While all properties are decorated with @IsOptional(), only some use TypeScript's optional property syntax with ?.
 export class UpdateTaskDto {
   @IsOptional()
   @IsString()
   @MinLength(5)
-  title: string;
+  title?: string;
 
   @IsOptional()
   @IsString()
   @MinLength(5)
-  text: string;
+  text?: string;
 
   @IsOptional()
   @IsString()
+  @Matches(/^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$/, { 
+    message: 'color must be a valid hex color code (e.g. #FFF or #FFFFFF)' 
+  })
   color?: string;
 
   @IsOptional()
   @IsBoolean()
   isFavorite?: boolean;
 }
Consider adding a Regex validation pattern for the color field if it's supposed to be a hex color code. You'll need to import the Matches decorator from class-validator.

5-7: Add custom error messages to validation decorators

Adding custom error messages to validation decorators improves API responses when validation fails.
   @IsOptional()
-  @IsString()
-  @MinLength(5)
+  @IsString({ message: 'Title must be a string' })
+  @MinLength(5, { message: 'Title must be at least 5 characters long' })
   title: string;
.eslintrc.js (1)
19-24: Consider enabling some TypeScript type checking rules

Disabling all explicit type rules might lead to less maintainable code in the long run. Consider enabling at least some of them, especially for public APIs.
   rules: {
     '@typescript-eslint/interface-name-prefix': 'off',
-    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-function-return-type': ['warn', {
+      allowExpressions: true,
+      allowTypedFunctionExpressions: true,
+    }],
     '@typescript-eslint/explicit-module-boundary-types': 'off',
-    '@typescript-eslint/no-explicit-any': 'off',
+    '@typescript-eslint/no-explicit-any': 'warn',
   },
The suggested configuration still provides flexibility while encouraging better type safety, especially for public APIs.
test/app.e2e-spec.ts (2)
9-16: Consider using a global setup for the test application

Since all tests will need the application, consider using the Jest beforeAll instead of beforeEach to improve test performance, and add proper cleanup with afterAll.
-  beforeEach(async () => {
+  beforeAll(async () => {
     const moduleFixture: TestingModule = await Test.createTestingModule({
       imports: [AppModule],
     }).compile();
 
     app = moduleFixture.createNestApplication();
+    // Apply the same global pipes and middlewares as in main.ts
+    app.useGlobalPipes(
+      new ValidationPipe({
+        transform: true,
+        whitelist: true,
+        forbidNonWhitelisted: true,
+      }),
+    );
     await app.init();
   });
+  
+  afterAll(async () => {
+    await app.close();
+  });
18-23: This test is only checking the root endpoint

While this test verifies the basic functionality, it's minimal. You should add more e2e tests for the actual task and user management endpoints that are core to your application.

Would you like me to help create a more comprehensive test suite that includes authentication and task management endpoints?
.gitlab-ci.yml (1)
1-36: Well-structured GitLab CI configuration! Some considerations regarding the Node.js version

The GitLab CI configuration is well-organized with appropriate stages, cache configuration, and artifacts collection. The pipeline structure with test and build stages works well for ensuring code quality.

However, Node.js 22 is very recent and may be in an unstable state for production deployments. Consider validating that this version meets your stability requirements or specify a more established LTS version.
-image: node:22
+image: node:20
Also, consider adding a linting stage to catch code quality issues before testing:
 stages:
+    - lint
     - test
     - build

+lint:
+    stage: lint
+    script:
+        - yarn install
+        - yarn lint
+    only:
+        - branches
.github/workflows/node.js.yml (2)
18-19: Consider using an LTS Node.js version for stability

Node.js 22.x is very recent and might not be fully stable for production use. Consider using an established LTS version like 20.x, or add multiple versions to your matrix for better version compatibility testing.
     strategy:
       matrix:
-        node-version: [22.x]
+        node-version: [20.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
28-30: Add linting step to GitHub workflow

Adding a linting step would help catch code quality issues earlier in the development process.
       - run: yarn
+      - run: yarn run lint
       - run: yarn run build
       - run: yarn run test
src/user/entities/user.entity.ts (2)
16-17: Consider using UUID for user IDs instead of auto-increment

Your task entity uses UUID as primary key while the user entity uses auto-increment numeric IDs. Inconsistent primary key types can lead to confusion in the codebase. UUIDs also provide better privacy and security for user entities.
-  @PrimaryGeneratedColumn()
-  id: number;
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
36-40: Add updatedAt timestamp field for tracking user updates

The task entity includes an updatedAt field, but the user entity does not. Adding this field would help track when user information was last modified.
   @CreateDateColumn({
     type: 'timestamptz',
     default: () => 'CURRENT_TIMESTAMP',
   })
   createdAt: Date;
+
+  @UpdateDateColumn({
+    type: 'timestamptz',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  updatedAt: Date;
You'll need to import the UpdateDateColumn decorator:
 import {
   BeforeInsert,
   Column,
   CreateDateColumn,
   Entity,
   OneToMany,
   PrimaryGeneratedColumn,
+  UpdateDateColumn,
   Unique,
 } from 'typeorm';
src/task/entities/task.entity.ts (3)
9-9: Use relative imports instead of absolute paths

Using absolute imports with 'src/' can lead to issues with different build configurations. NestJS typically uses relative imports or path aliases configured in tsconfig.json.
-import { UserEntity } from 'src/user/entities/user.entity';
+import { UserEntity } from '../../user/entities/user.entity';
16-20: Add validation constraints for title and text fields

Unlike the user entity, there are no validation constraints for the task fields. Consider adding length constraints to ensure data quality.
-  @Column()
+  @Column()
+  @Length(1, 100)
   title: string;

-  @Column('text')
+  @Column('text')
+  @MinLength(1)
   text: string;
You'll need to import the validators:
import { Length, MinLength } from 'class-validator';
40-41: Consider adding cascade option for the user-task relationship

When a user is deleted, you may want to automatically delete all associated tasks to maintain data integrity.
-  @ManyToOne(() => UserEntity, (user) => user.tasks)
+  @ManyToOne(() => UserEntity, (user) => user.tasks, { onDelete: 'CASCADE' })
   user: UserEntity;
src/user/dto/update-user.dto.ts (1)
10-37: User properties are properly validated, but consider additional validations.

The UpdateUserDto has appropriate validations for each field, with good use of @IsOptional() and @exclude() decorators. However, consider adding:

Length validations for username and password (e.g., @minlength(), @MaxLength())

More specific password complexity requirements if needed

Also, the @exclude() decorators will prevent these fields from being included in serialized responses, which is good for sensitive fields like password.
 @IsNotEmpty()
 @IsString()
+@MinLength(3)
+@MaxLength(30)
 username: string;

 @IsNotEmpty()
 @IsEmail()
 email: string;

 @Exclude()
 @IsOptional()
 @IsString()
+@MinLength(8)
 password?: string;
src/auth/auth.service.ts (1)
23-29: Use specific typing for the login method parameter.

The login method accepts any as the user parameter type, which could lead to runtime errors if unexpected data is passed. Consider using a more specific type.
-async login(user: any) {
+interface UserPayload {
+  id: number;
+  username: string;
+}
+
+async login(user: UserPayload) {
The token expiration time of 7 days is reasonable, but you might want to make this configurable through environment variables for flexibility.
docker-compose.yml (1)
39-46: Unnecessary network configuration.

The api network is defined but not used by any service. Consider removing it or adding it to the necessary services.
networks:
  docker-nest-postgres:
-  api:
-    driver: bridge
README.md (4)
15-17: Improve clarity in bullet points.

To enhance readability and consistency, consider using “can” instead of “are able to” and adjusting repetitive sentence beginnings:
- - Users are able to create, read, update and delete pending tasks using the API.
- - Users can mark an item as a favorite.
- - Users can set a color for each task item.
+ - Users can create, read, update, and delete pending tasks using the API.
+ - You can mark an item as a favorite.
+ - You can set a color for each task item.
🧰 Tools

🪛 LanguageTool

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

22-22: Fix the heading typo.

“Tecnologies” should be “Technologies”:
-## Tecnologies
+## Technologies
94-94: Use the official “Node.js” spelling.

To maintain clarity and consistency, update “Nodejs” to “Node.js”:
-Images: Nodejs 20 (Alpine) and PostgreSQL 16.
+Images: Node.js 20 (Alpine) and PostgreSQL 16.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 20 (Alpine) and PostgreSQL 16. ## Supp...

(NODE_JS)

98-98: Use more formal language.

Consider replacing "amazing backers" with a more formal term:
-... thanks to the sponsors and support by the amazing backers. ...
+... thanks to the sponsors and support by the dedicated backers. ...
🧰 Tools

🪛 LanguageTool

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...6. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)
src/user/user.controller.ts (2)
63-66: Mask sensitive user data in the profile response.

When returning the entire user object, ensure no sensitive fields (e.g., hashed password) are unnecessarily exposed. Consider removing them or mapping the returned object:
@Get('profile')
async profile(@AuthUser() user: UserEntity) {
-  return user;
+  const { password, ...publicUser } = user;
+  return publicUser; 
}
103-107: Avoid exposing internal errors directly.

Returning error: error can leak sensitive details. A recommended approach is to log the internal error and return a generic message:
return res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
-  message: 'An error occurred',
-  success: false,
-  error: error,
+  message: 'An unexpected error occurred',
+  success: false,
+  error: 'Please contact support if the issue persists',
});
tsconfig.json (1)
15-19: Consider enabling stricter type checks for better TypeScript safety.
Currently, "strictNullChecks", "noImplicitAny", "strictBindCallApply", "forceConsistentCasingInFileNames", and "noFallthroughCasesInSwitch" are set to false. This can lead to subtle bugs and reduced type safety.

Consider switching them to true:
{
  "compilerOptions": {
    ...
-    "strictNullChecks": false,
-    "noImplicitAny": false,
-    "strictBindCallApply": false,
-    "forceConsistentCasingInFileNames": false,
-    "noFallthroughCasesInSwitch": false
+    "strictNullChecks": true,
+    "noImplicitAny": true,
+    "strictBindCallApply": true,
+    "forceConsistentCasingInFileNames": true,
+    "noFallthroughCasesInSwitch": true
  }
}
PULL_REQUEST.md (2)
19-19: Use consistent local language instead of “password.”
To keep the text uniformly in Portuguese, replace “password” with “senha.”
-  - Cadastro (username, password e confirmar senha) ...
+  - Cadastro (username, senha e confirmar senha) ...
🧰 Tools

🪛 LanguageTool

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

108-108: Simplify expression “dentro de um banco de dados.”
The static analysis suggests being more concise. Consider replacing “dentro de um” with “em um” or “num” for a more natural flow.
-  ... dentro de um banco de dados ...
+  ... em um banco de dados ...
🧰 Tools

🪛 LanguageTool

[style] ~108-~108: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)
src/task/task.controller.ts (4)
1-22: Consider leveraging NestJS responses and exception handling more consistently.
Currently, the controller relies on both @Res() from Express and HttpException across different methods. While this is not inherently wrong, a more idiomatic NestJS approach is to rely on Nest's built-in exception filters and standard responses for greater consistency and testability. You might also consider consistently using your @AuthUser() decorator or @Req() object to retrieve the user, rather than mixing both.

28-47: Fix grammatical issue in the success message.
On line 38, "Task created with successful" should be "Task created successfully" (or "Task created with success").
-        message: 'Task created with successful',
+        message: 'Task created successfully',
49-67: Refine error handling to avoid returning 500 when no tasks are found.
If tasks is empty or undefined, returning a 500 might be misleading since it implies a server error. You could either return an empty array (with a 200 OK status) or throw a more specific exception if needed.

178-208: Unify approach for search error handling.
If no tasks are found due to an internal error, returning a generic 500 might obscure the real cause. Consider more nuanced exception handling or return an empty array with 200 if it's truly not an error state.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 328ccdd and cd6373e.

⛔ Files ignored due to path filters (2)

package-lock.json is excluded by !**/package-lock.json
yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (75)

.adonisrc.json (0 hunks)
.docker/start.dev.sh (1 hunks)
.dockerignore (1 hunks)
.editorconfig (0 hunks)
.env.example (0 hunks)
.eslintrc.js (1 hunks)
.github/workflows/node.js.yml (1 hunks)
.gitignore (1 hunks)
.gitignore copy (0 hunks)
.gitlab-ci.yml (1 hunks)
.prettierignore (0 hunks)
.prettierrc (1 hunks)
CHALLENGE.md (1 hunks)
Dockerfile (1 hunks)
LICENSE.md (1 hunks)
PULL_REQUEST.md (1 hunks)
README.md (1 hunks)
ace (0 hunks)
ace-manifest.json (0 hunks)
app/Controllers/VehiclesController.ts (0 hunks)
app/Exceptions/Handler.ts (0 hunks)
app/Types/Vehicle.ts (0 hunks)
commands/index.ts (0 hunks)
config/app.ts (0 hunks)
config/bodyparser.ts (0 hunks)
config/cors.ts (0 hunks)
config/drive.ts (0 hunks)
config/hash.ts (0 hunks)
contracts/drive.ts (0 hunks)
contracts/env.ts (0 hunks)
contracts/events.ts (0 hunks)
contracts/hash.ts (0 hunks)
contracts/tests.ts (0 hunks)
docker-compose.yml (1 hunks)
env.ts (0 hunks)
nest-cli.json (1 hunks)
package.json (1 hunks)
providers/AppProvider.ts (0 hunks)
server.ts (0 hunks)
src/app.controller.spec.ts (1 hunks)
src/app.controller.ts (1 hunks)
src/app.module.ts (1 hunks)
src/app.service.ts (1 hunks)
src/auth/auth.module.ts (1 hunks)
src/auth/auth.service.ts (1 hunks)
src/auth/jwt.guard.ts (1 hunks)
src/auth/jwt.strategy.ts (1 hunks)
src/auth/local.guard.ts (1 hunks)
src/auth/local.strategy.ts (1 hunks)
src/common/decorators/auth-user.decorator.ts (1 hunks)
src/common/envs/.env.example (1 hunks)
src/common/helper/env.helper.ts (1 hunks)
src/main.ts (1 hunks)
src/shared/typeorm/typeorm.service.ts (1 hunks)
src/task/dto/create-task.dto.ts (1 hunks)
src/task/dto/update-task.dto.ts (1 hunks)
src/task/entities/task.entity.ts (1 hunks)
src/task/task.controller.ts (1 hunks)
src/task/task.module.ts (1 hunks)
src/task/task.service.ts (1 hunks)
src/user/dto/create-user.dto.ts (1 hunks)
src/user/dto/update-user.dto.ts (1 hunks)
src/user/entities/user.entity.ts (1 hunks)
src/user/user.controller.ts (1 hunks)
src/user/user.module.ts (1 hunks)
src/user/user.service.ts (1 hunks)
start/kernel.ts (0 hunks)
start/routes.ts (0 hunks)
test.ts (0 hunks)
test/app.e2e-spec.ts (1 hunks)
test/jest-e2e.json (1 hunks)
tests/bootstrap.ts (0 hunks)
tests/functional/vehicles-api.spec.ts (0 hunks)
tsconfig.build.json (1 hunks)
tsconfig.json (1 hunks)

💤 Files with no reviewable changes (29)

env.ts
.gitignore copy
start/routes.ts
start/kernel.ts
.editorconfig
app/Types/Vehicle.ts
contracts/hash.ts
app/Exceptions/Handler.ts
commands/index.ts
contracts/drive.ts
contracts/tests.ts
contracts/env.ts
test.ts
ace
.prettierignore
app/Controllers/VehiclesController.ts
.env.example
providers/AppProvider.ts
tests/functional/vehicles-api.spec.ts
config/drive.ts
.adonisrc.json
server.ts
config/hash.ts
config/bodyparser.ts
ace-manifest.json
config/cors.ts
contracts/events.ts
config/app.ts
tests/bootstrap.ts

🧰 Additional context used

🧬 Code Definitions (6)

src/user/entities/user.entity.ts (1)

src/task/entities/task.entity.ts (1) (1)

Entity (11:42)

src/app.controller.ts (2)

src/task/task.controller.ts (1) (1)

Controller (24:209)

src/user/user.controller.ts (1) (1)

Controller (24:110)

src/app.module.ts (4)

src/common/helper/env.helper.ts (1) (1)

getEnvPath (4:14)

src/auth/auth.module.ts (1) (1)

Module (10:26)

src/task/task.module.ts (1) (1)

Module (9:17)

src/user/user.module.ts (1) (1)

Module (9:19)

src/task/entities/task.entity.ts (1)

src/user/entities/user.entity.ts (1) (1)

Entity (14:46)

src/auth/local.guard.ts (4)

src/auth/jwt.guard.ts (1) (1)

Injectable (4:5)

src/auth/auth.service.ts (1) (1)

Injectable (5:30)

src/auth/jwt.strategy.ts (1) (1)

Injectable (9:37)

src/auth/local.strategy.ts (1) (1)

Injectable (6:25)

src/auth/auth.service.ts (3)

src/auth/jwt.strategy.ts (1) (1)

Injectable (9:37)

src/auth/local.strategy.ts (1) (1)

Injectable (6:25)

src/user/user.service.ts (1) (1)

Injectable (9:100)

🪛 Shellcheck (0.10.0)

.docker/start.dev.sh

[error] 1-1: Use #!, not just #, for the shebang.

(SC1113)

🪛 actionlint (1.7.4)

.github/workflows/node.js.yml

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 LanguageTool

CHALLENGE.md

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

[grammar] ~15-~15: Please check the verb form.
Context: ...nd show us your skills. ### The Layout Open the [layout mockup](https://www.figma.c...

(SHE_LIVE)

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)

PULL_REQUEST.md

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

[style] ~108-~108: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

[uncategorized] ~109-~109: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

[style] ~112-~112: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)

README.md

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 20 (Alpine) and PostgreSQL 16. ## Supp...

(NODE_JS)

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...6. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

🪛 markdownlint-cli2 (0.17.2)

CHALLENGE.md

1-1: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

19-19: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

27-27: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

32-32: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

37-37: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

🔇 Additional comments (28)

.prettierrc (1)

1-4: LGTM: Prettier Configuration Looks Correct
The JSON configuration correctly enforces single quotes and trailing commas as specified.

nest-cli.json (1)

1-10: LGTM: Nest CLI Configuration is Well Defined
The file correctly sets the $schema, collection, sourceRoot, and compiler asset inclusion.

.docker/start.dev.sh (1)

2-6: LGTM: Script Logic is Solid
The script properly checks for the existence of the development environment file and copies from .env.example when needed.

LICENSE.md (1)

1-22: LGTM: MIT License is Properly Included
The MIT License text is complete and correctly presented.

tsconfig.build.json (1)

1-4: Well-structured TypeScript build configuration.

The configuration properly extends the base tsconfig.json and excludes appropriate directories/files from the production build. This is consistent with NestJS best practices, which typically separate build configuration from the base TypeScript configuration.

src/auth/jwt.guard.ts (1)

1-5: Clean JWT authentication guard implementation.

This implementation correctly extends the Passport AuthGuard with the 'jwt' strategy and includes the necessary Injectable decorator. This follows NestJS authentication best practices and will work properly with the authentication module.

.dockerignore (1)

1-7: Appropriate Docker exclusions configured.

The .dockerignore file contains all the standard exclusions for a Node.js application, which will help maintain smaller Docker images by excluding unnecessary files like node_modules, build artifacts, and Git metadata.

src/auth/local.guard.ts (1)

1-5: Well-implemented authentication guard

The LocalAuthGuard correctly extends Passport's AuthGuard with the 'local' strategy and is properly decorated with @Injectable(). This implementation aligns with NestJS best practices for authentication guards and integrates seamlessly with the rest of the auth system.

src/user/user.module.ts (1)

1-19: Well-structured module with proper dependency handling

The UserModule is correctly implemented following NestJS architectural patterns. The use of forwardRef() to handle circular dependencies between UserModule and AuthModule is a good practice. The module properly configures TypeORM for the UserEntity and exports the UserService for use in other modules.

test/jest-e2e.json (1)

1-9: Proper Jest E2E testing configuration

The Jest E2E configuration is correctly set up with appropriate file extensions, test environment, and transformations for TypeScript. The test pattern targeting .e2e-spec.ts files follows NestJS conventions for end-to-end tests.

src/app.service.ts (1)

1-8: Correctly implemented service class

The AppService is properly implemented as an injectable service with a typed return value. While simple, it follows NestJS service patterns and serves as a good foundation. This is the standard initial service implementation for a NestJS application.

src/task/task.module.ts (1)

1-17: Task module structure follows NestJS best practices.

The module is properly configured with the necessary imports, controllers, and providers. The use of forwardRef indicates a circular dependency with UserModule, which is correctly handled according to NestJS recommendations.
Dockerfile (1)

2-2:
✅ Verification successful

Node 22 is a very recent version that may have stability issues.

Node 22 was recently released and may not be fully stable for production use. Consider using a more established LTS version like Node 18 or 20.

🌐 Web query:
What is the latest LTS version of Node.js?
💡 Result:

The latest Long-Term Support (LTS) version of Node.js is v22.x, codenamed "Jod". This version entered Active LTS status on October 29, 2024[3][4] and will receive critical updates until April 2027[7].

Key Details:

Support Timeline:

Active LTS support until October 2025

Maintenance LTS support until April 2027[4][7]

Features:

Updated V8 JavaScript engine

Stable test runner and experimental permission model[2]

Improved performance for file handling and application startup[2]

Recommended Use:
Production environments due to its 30-month support guarantee[1][3].

Recent Node.js LTS Versions:

Version Codename LTS Start Date End of Life

v22.x Jod Oct 2024 April 2027[3][7]

v20.x Iron Oct 2023 April 2026[6][9]

v18.x Hydrogen Oct 2022 April 2025[13][9]

For most users, Node.js v22.x is the optimal choice, combining modern features with long-term stability. Developers can download it directly from the official Node.js website[8], which currently lists v22.14.0 as the latest LTS build as of March 2025.

Citations:

1: https://nodejs.org/en/about/previous-releases

2: https://daily.dev/blog/nodejs-v20-lts-is-now-generally-available-and-its-awesome

3: http://nodesource.com/blog/Node.js-v22-Long-Term-Support-LTS/

4: https://nodejs.org/en/blog/release/v22.11.0

5: https://devblogs.microsoft.com/azure-sdk/announcing-the-end-of-support-for-node-js-18-x-in-the-azure-sdk-for-javascript/

6: https://nodejs.org/en/blog/release/v20.9.0

7: https://www.herodevs.com/blog-posts/node-js-end-of-life-dates-you-should-be-aware-of

8: https://nodejs.org/en

9: https://www.herodevs.com/blog-posts/node-js-18-end-of-life-what-it-means-and-how-to-prepare

10: https://nodejs.org/en/download

11: https://aws.amazon.com/blogs/devops/announcing-the-end-of-support-for-node-js-14-x-and-16-x-in-aws-cdk/

12: http://nodesource.com/blog/Update-nodejs-versions-on-windows/

13: https://nodejs.org/en/blog/announcements/v18-release-announce

14: https://github.com/nodejs/Release

15: https://endoflife.date/nodejs
Update: Node v22 is now production-ready.
The Dockerfile using FROM node:22-alpine As development is valid as Node.js v22.x is the current LTS version with full production support. There's no need to downgrade to an earlier LTS version.
src/task/dto/create-task.dto.ts (1)

9-27: Well-structured DTO with appropriate validations.

The DTO includes appropriate validations for each field with good usage of decorators from class-validator. The optional fields are properly marked, and required fields have appropriate constraints.

src/app.controller.spec.ts (1)

1-22: LGTM! Well-structured test setup for the controller.

The test follows NestJS conventions and properly tests the controller's functionality.

src/auth/local.strategy.ts (1)

1-25: LGTM! Authentication strategy follows NestJS and Passport.js conventions.

The local strategy is properly implemented, with clear error handling for authentication failures.

src/auth/auth.module.ts (1)

1-26: The AuthModule is correctly implemented with JWT authentication.

The module properly configures Passport.js with JWT strategy, uses environment configuration for secrets, and resolves circular dependencies with UserModule. The 7-day token expiration is a good balance between security and user experience.

src/app.module.ts (1)

1-25: Well-structured AppModule following NestJS architectural best practices.

The module correctly configures environment variables globally, sets up the database connection asynchronously, and imports all required feature modules. The environment configuration is nicely handled using the getEnvPath helper.

src/common/helper/env.helper.ts (1)

1-14: Well-implemented environment configuration helper.

The getEnvPath function elegantly handles environment-specific configuration by detecting NODE_ENV and gracefully falling back to defaults when needed. It ensures that the application can run in different environments with appropriate configuration.

src/user/dto/update-user.dto.ts (1)

1-8: Well-structured imports for validation.

The imports are properly organized, including necessary decorators from class-transformer and class-validator for data validation and transformation.

src/auth/auth.service.ts (1)

1-10: Good implementation of dependency injection.

The AuthService class properly imports and injects the required dependencies (UserService and JwtService) through constructor injection, following NestJS best practices.
src/shared/typeorm/typeorm.service.ts (2)

1-10: Good implementation of TypeOrmOptionsFactory.

The service properly implements TypeOrmOptionsFactory and injects ConfigService for configuration management, following NestJS best practices.

11-25:
❓ Verification inconclusive

Fix typo in database username environment variable.

There's a typo in the database username environment variable name. It should be "DATABASE_USERNAME" instead of "DATBASE_USERNAME".
-  username: this.config.get<string>('DATBASE_USERNAME'),
+  username: this.config.get<string>('DATABASE_USERNAME'),
Also, enabling synchronize: true can be dangerous in production environments as it automatically alters the database schema, potentially causing data loss. Consider disabling it for production.

🏁 Script executed:
#!/bin/bash
# Check if there's any environment-specific configuration that might disable synchronize in production
find . -type f -name "*.ts" -o -name "*.js" | xargs grep -l "synchronize.*false" | grep -v "node_modules"
Length of output: 105
Critical Fix: Correct Environment Variable & Verify Production Settings
File: src/shared/typeorm/typeorm.service.ts (Lines 11–25)
Issue 1: There is a typo in the database username environment variable.

Change: Replace this.config.get<string>('DATBASE_USERNAME') with this.config.get<string>('DATABASE_USERNAME')
-  username: this.config.get<string>('DATBASE_USERNAME'),
+  username: this.config.get<string>('DATABASE_USERNAME'),
Issue 2: Enabling synchronize: true can be risky in production by automatically altering the database schema. The current search did not reveal any configuration that disables this setting for production.

Action Required: Manually verify that a production-specific configuration exists to disable or modify synchronize as needed, or adjust the configuration to ensure production safety.
docker-compose.yml (1)

1-20: Good Docker configuration for the API service.

The API service configuration is well-structured with proper volume mappings for development, network configuration, and dependency on the postgres service.

.gitignore (1)

1-57: Good coverage of common ignore patterns.
These additions (e.g., /dist, /node_modules, .env, coverage files, etc.) and partial excludes for .vscode are standard best practices. Nice job!

package.json (1)

9-21: NestJS scripts look good.
The introduced scripts (start, start:dev, start:debug, etc.) follow typical NestJS conventions and are well-organized.

src/task/task.controller.ts (2)

24-26: Looks good!
Class declaration and constructor injection are correct, no concerns here.

174-177: Documentation looks clear.
Providing a cURL example is helpful for quick testing. No concerns.

.docker/start.dev.sh

src/user/dto/create-user.dto.ts

Dockerfile

src/common/envs/.env.example

src/auth/local.strategy.ts

src/task/task.controller.ts

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (12)

PULL_REQUEST.md (3)
17-25: Authentication Section – Use Localized Terminology

In line 19, the word “password” appears. For language consistency (see static analysis [locale-violation]), consider replacing “password” with “senha” so that the terminology remains consistent with the rest of the document.

Proposed diff:
- - Cadastro (username, password e confirmar senha) e validação de usuários com parâmetros definidos;
+ - Cadastro (username, senha e confirmar senha) e validação de usuários com parâmetros definidos;
🧰 Tools

🪛 LanguageTool

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

68-108: TypeORM e PostgreSQL – Detailed Explanation with Minor Language Refinements

The section on TypeORM and PostgreSQL is very comprehensive. To enhance clarity and conciseness, please consider the following refinements based on static analysis hints:
Line 107:
The phrase “dentro de um banco de dados” could be shortened to “em um banco de dados” for conciseness.
-Schemas são formas de organizar tabelas e outros objetos dentro de um banco de dados.
+Schemas são formas de organizar tabelas e outros objetos em um banco de dados.
Line 108:
For the schema example, ensure that the abbreviation is formatted clearly. For instance, instead of:
-Exemplo: Um schema "public." que contém todas as tabelas padrão.
+Exemplo: Um schema 'public' que contém todas as tabelas padrão.
These changes will make the text both stylistically sharper and consistent with local language expectations.

🧰 Tools

🪛 LanguageTool

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

109-113: Transaction Description – Clarify Wording

In line 111, the explanation for transactions can be refined for clarity. Instead of “Transações são um conjunto de operações que são executadas como uma única unidade de trabalho,” consider rephrasing to make the sentence more active and concise.

Proposed diff:
-Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma operação falhar, todas as mudanças podem ser revertidas.
+Transações consistem em um conjunto de operações executadas como uma única unidade de trabalho. Se uma operação falhar, todas as mudanças podem ser revertidas.
🧰 Tools

🪛 LanguageTool

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)
README.md (9)
8-9: Spelling Correction in Project Description
There is a minor typo on line 8: "Aplication" should be "Application".
-Aplication to help manage tasks and reminders.
+Application to help manage tasks and reminders.
15-15: Conciseness Improvement in Feature List
Replace "are able to" with "can" for a more concise expression.
-Users are able to create, read, update and delete pending tasks using the API.
+Users can create, read, update, and delete pending tasks using the API.
🧰 Tools

🪛 LanguageTool

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

16-17: Varied Wording in Feature List
The bullet points on lines 16 and 17 both begin with "Users can," which can feel repetitive. Consider varying the phrasing for improved readability. For example:
-Users can set a color for each task item.
+Additionally, the system allows each task item to be assigned a distinct color.
🧰 Tools

🪛 LanguageTool

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

18-18: Clarity and Grammar in Feature Description
The bullet on line 18 is a bit awkward. Rephrasing it can improve clarity. For example:
-User task list in a responsive and visually appealing way, with the ability to filter items.
+The user task list is presented in a responsive, visually appealing manner with robust filtering options.
20-20: Conciseness in Adaptive Design Description
Rephrase the feature on line 20 for clarity and brevity. For example:
-The application was made to adapt to smaller screens in the best possible way.
+The application is optimized for smaller screens.
22-22: Correct Section Header Spelling
The header "## Tecnologies" contains a spelling error. Please update it to "## Technologies".
-## Tecnologies
+## Technologies
28-28: Section Header Clarification
Consider renaming "## Recommends" to "## Recommendations" (or "## Recommended Tools") for clearer guidance on prerequisites.
-## Recommends
+## Recommendations
80-91: Docker Instructions and Image Naming
The Docker section is informative. However, on line 94, update "Nodejs" to "Node.js" for precision.
-Images: Nodejs 22 (Alpine) and PostgreSQL 17.
+Images: Node.js 22 (Alpine) and PostgreSQL 17.
🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

83-83: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

89-89: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

96-99: Support Section Wording Improvement
In the support section on line 98, consider replacing "amazing backers" with a more formal phrase such as "esteemed backers" to enhance professionalism.
-Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers.
+Nest is an MIT-licensed open source project, growing thanks to the sponsors and support from our esteemed backers.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd6373e and dd9ba1e.

📒 Files selected for processing (2)

PULL_REQUEST.md (1 hunks)
README.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

README.md

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

PULL_REQUEST.md

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)

🪛 markdownlint-cli2 (0.17.2)

README.md

39-39: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

83-83: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

89-89: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

🔇 Additional comments (16)

PULL_REQUEST.md (9)

1-2: Header and Title Clarity

The header clearly marks the file as documentation for the NestJS back-end. The title is concise and sets the context.

3-16: Task Management Section Structured Well

The "Gerenciamento de Tarefas" section provides a clear, itemized breakdown of task-related features that align with the front-end mockup. The detailed list (from creation to logout behavior) is comprehensive.

26-30: Animation Section is Clear

The explanation regarding the use of CSS for loading animations (without third-party animation frameworks) is concise and meets the project objectives.

31-35: Testing Section is Informative

The section on tests explains both unit tests and integration with Vitest clearly. It might be useful later to mention how to run these tests, but as documentation, it is sufficient.

36-39: Docker Support is Well-Documented

The Docker section briefly and clearly states that both back-end and front-end support are included. This meets the intended usage.

40-43: CI Section is Concise and Sufficient

The CI section informs that tests are run through existing resources. This is adequate documentation for continuous integration.

44-67: NestJS Overview is Detailed and Informative

The documentation on NestJS covers the framework’s history, characteristics, and advantages in a detailed manner. It explains core concepts such as modular architecture, RESTful APIs, and the use of TypeScript. This provides a solid conceptual background for both new and experienced developers.

114-128: Remaining TypeORM and PostgreSQL Subsections

The subsections covering repositories, query builders, migrations, and data sources are detailed and well-structured. They successfully convey key technical concepts and examples.

129-136: Execution Instructions are Clear

The "Como executar" section provides step‑by‑step guidance on installing dependencies, running the project in development mode, using Docker, and handling logs. This practical breakdown is useful for developers setting up the project.

README.md (7)

1-1: Title Update Approved
The new title "Core Note API" clearly reflects the project’s updated focus.

3-4: CI Badge Inclusion
The GitHub Action CI badge is a useful addition that immediately conveys the build status.

36-41: Dependency Installation Instructions
The "Install dependencies" section is clear and concise. The use of Yarn is consistent throughout.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

39-39: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

42-53: Application Running Instructions
The commands for development, watch mode, and production are well documented. Ensure these commands match the scripts defined in your package configuration.

55-67: Test Commands Clarity
The test commands are straightforward and provide clear instructions for running unit tests, e2e tests, and viewing coverage.

68-79: Linting and Formatting Instructions
The documentation for linting and formatting is comprehensive and aligns with common practices.

100-102: License Section Review
The license section is succinct and appropriately directs readers to the MIT license details.

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (2)

src/task/task.service.ts (2)
18-32: ⚠️ Potential issue

Handle potential null user before modifying tasks.

If user is null, user.tasks.push(task) will throw an error. Checking for a valid user or returning early is recommended.
    const user = await this.userRepository.findOne({
      where: { id: userId },
      relations: ['tasks'],
    });
+   if (!user) {
+     return null; 
+   }

    user.tasks.push(task);
    await this.userRepository.save(user);
    return task;
51-63: ⚠️ Potential issue

Prevent unintended creation of a new task.

If updateTask is null, spreading it in the save call may unexpectedly create a new entity or cause undefined fields. Perform a check first:
let updateTask = await this.taskRepository.findOne({
  where: { id: taskId, user: userId },
});
+ if (!updateTask) {
+   return null;
+ }

updateTask = await this.taskRepository.save({
  ...updateTask,
  ...updateTaskDto,
});

🧹 Nitpick comments (15)

tsconfig.json (1)

13-19: Productivity and Type Safety Considerations

Enabling "incremental": true and "skipLibCheck": true should help speed up iterative builds. However, note that disabling strict type checks (such as "strictNullChecks": false, "noImplicitAny": false, "strictBindCallApply": false, "forceConsistentCasingInFileNames": false, "noFallthroughCasesInSwitch": false) may limit the catching of common type errors. As the project matures, you might consider tightening these settings for improved type safety.
CHALLENGE.md (1)
1-85: Minor grammar and style refinements recommended.

Consider applying the following nitpicks to improve clarity and consistency:

Use “Node.js” instead of “Node JS” for official naming.

In lines where “Users should be able to” is repeated, consider rewording or combining sentences for variety.

Replace “feel free to” with a more concise or direct phrasing like “you may” or “you can.”

Adjust “Work prettier config” to “Work on prettier config.”

Example diff for lines 13, 23, 71, and 78 (sample focus):
- If you feel more comfortable, you can pick another Node JS framework
+ If you feel more comfortable, you can pick another Node.js framework

- Users should be able to mark an item as a favorite.
- Users should be able to set a color
+ Users can mark an item as a favorite.
+ They can also set a color

- Work prettier config
+ Work on prettier config

- Feel free to add videos
+ You can add videos
🧰 Tools

🪛 LanguageTool

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

[grammar] ~15-~15: Please check the verb form.
Context: ...nd show us your skills. ### The Layout Open the [layout mockup](https://www.figma.c...

(SHE_LIVE)

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~71-~71: Possible missing preposition found.
Context: ...erfaces 2. Work on eslint rules 3. Work prettier config 4. Work on docker containers 5. ...

(AI_HYDRA_LEO_MISSING_TO)

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)

🪛 markdownlint-cli2 (0.17.2)

1-1: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

19-19: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

27-27: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

32-32: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

37-37: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)
README.md (2)
15-20: Enhance clarity and consistency in feature descriptions.

Replace “are able to” with “can” for brevity.

Vary how you introduce “Users can…” to avoid repetition across bullet points.
- - Users are able to create, read, update and delete pending tasks using the API.
- - Users can mark an item as a favorite.
- - Users can set a color for each task item.
+ - Users can create, read, update, and delete tasks.
+ - They can mark an item as a favorite.
+ - They may set a color for each task item.
🧰 Tools

🪛 LanguageTool

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

94-94: Use the correct “Node.js” spelling.

Change “Nodejs 22” to “Node.js 22” for consistency with official naming.
- Images: Nodejs 22 (Alpine) and PostgreSQL 17.
+ Images: Node.js 22 (Alpine) and PostgreSQL 17.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)
src/user/user.controller.ts (2)
31-48: Ensure consistent response strategy across the controller.

In lines 36-48, the code occasionally returns a plain object or uses res.status(...).json(...). Returning an object bypasses NestJS’s built-in response handling, while using res.status is more direct. Consider standardizing your response approach using either:

Standard NestJS return values (letting NestJS handle HTTP status codes and transformations), or

Consistent usage of res.status(...).json(...).

This consistency improves readability, maintainability, and reduces potential confusion regarding where responses are controlled.

53-54: Consider adding secure and sameSite flags to the cookie.

Specifically for production environments, it's recommended to use:
res.cookie('auth-cookie', login_token, {
  httpOnly: true,
  secure: true,
  sameSite: 'strict',
});
This increases security by preventing client-side scripts from reading the cookie, and mitigates cross-site request forgery (CSRF) attacks.
package.json (2)

9-20: Proactively align script naming with standard NestJS conventions.

The scripts look good, but consider aligning them more closely with recommended patterns, such as start:dev → start:dev or dev, etc., to match typical NestJS-based project naming. This helps set consistent expectations for your team.

69-85: Centralize Jest configuration in a separate file.

While defining Jest config inside package.json is perfectly valid, consider extracting it to a dedicated jest.config.js or jest.config.ts file for improved maintainability and easier customizations.
PULL_REQUEST.md (4)
19-19: Localize the word “password.”

“password” is recognized as a foreign term. In Portuguese contexts, consider translating it to “senha”:
- Cadastro (username, password e confirmar senha)
+ Cadastro (username, senha e confirmar senha)
🧰 Tools

🪛 LanguageTool

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

107-107: Simplify the phrase “dentro de um.”

To make the sentence more concise in Portuguese, replace “dentro de um” with “em um” or “num”:
- dentro de um banco de dados
+ em um banco de dados
🧰 Tools

🪛 LanguageTool

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

108-108: Clarify the expression “schema public.”

To handle “public” as either an abbreviation or expression, place it in quotes:
- Exemplo: Um schema public que contém todas as tabelas padrão.
+ Exemplo: Um schema “public” que contém todas as tabelas padrão.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

111-111: Improve sentence clarity regarding transactions.

The sentence can be shortened for brevity:
- Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma operação falhar, todas as mudanças podem ser revertidas.
+ Transações são um conjunto de operações executadas como uma única unidade de trabalho. Se falhar, todas as mudanças são revertidas.
🧰 Tools

🪛 LanguageTool

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)
src/user/user.service.ts (2)

26-26: Consider using 404 instead of 400 for "User not found".

"User not found" typically corresponds to a missing resource. Using HttpStatus.NOT_FOUND (404) could provide clearer semantics.

37-37: Refine wording of the error message.

"User already existed" can be rephrased for clarity. For instance, "User already exists" or "Username is taken" more accurately conveys the issue.
src/task/task.controller.ts (1)
38-38: Correct the success message grammar.

"Task created with successful" should be "Task created successfully".
- message: 'Task created with successful',
+ message: 'Task created successfully',

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dd9ba1e and 5550250.

⛔ Files ignored due to path filters (2)

package-lock.json is excluded by !**/package-lock.json
yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (75)

.adonisrc.json (0 hunks)
.docker/start.dev.sh (1 hunks)
.dockerignore (1 hunks)
.editorconfig (0 hunks)
.env.example (0 hunks)
.eslintrc.js (1 hunks)
.github/workflows/node.js.yml (1 hunks)
.gitignore (1 hunks)
.gitignore copy (0 hunks)
.gitlab-ci.yml (1 hunks)
.prettierignore (0 hunks)
.prettierrc (1 hunks)
CHALLENGE.md (1 hunks)
Dockerfile (1 hunks)
LICENSE.md (1 hunks)
PULL_REQUEST.md (1 hunks)
README.md (1 hunks)
ace (0 hunks)
ace-manifest.json (0 hunks)
app/Controllers/VehiclesController.ts (0 hunks)
app/Exceptions/Handler.ts (0 hunks)
app/Types/Vehicle.ts (0 hunks)
commands/index.ts (0 hunks)
config/app.ts (0 hunks)
config/bodyparser.ts (0 hunks)
config/cors.ts (0 hunks)
config/drive.ts (0 hunks)
config/hash.ts (0 hunks)
contracts/drive.ts (0 hunks)
contracts/env.ts (0 hunks)
contracts/events.ts (0 hunks)
contracts/hash.ts (0 hunks)
contracts/tests.ts (0 hunks)
docker-compose.yml (1 hunks)
env.ts (0 hunks)
nest-cli.json (1 hunks)
package.json (1 hunks)
providers/AppProvider.ts (0 hunks)
server.ts (0 hunks)
src/app.controller.spec.ts (1 hunks)
src/app.controller.ts (1 hunks)
src/app.module.ts (1 hunks)
src/app.service.ts (1 hunks)
src/auth/auth.module.ts (1 hunks)
src/auth/auth.service.ts (1 hunks)
src/auth/jwt.guard.ts (1 hunks)
src/auth/jwt.strategy.ts (1 hunks)
src/auth/local.guard.ts (1 hunks)
src/auth/local.strategy.ts (1 hunks)
src/common/decorators/auth-user.decorator.ts (1 hunks)
src/common/envs/.env.example (1 hunks)
src/common/helper/env.helper.ts (1 hunks)
src/main.ts (1 hunks)
src/shared/typeorm/typeorm.service.ts (1 hunks)
src/task/dto/create-task.dto.ts (1 hunks)
src/task/dto/update-task.dto.ts (1 hunks)
src/task/entities/task.entity.ts (1 hunks)
src/task/task.controller.ts (1 hunks)
src/task/task.module.ts (1 hunks)
src/task/task.service.ts (1 hunks)
src/user/dto/create-user.dto.ts (1 hunks)
src/user/dto/update-user.dto.ts (1 hunks)
src/user/entities/user.entity.ts (1 hunks)
src/user/user.controller.ts (1 hunks)
src/user/user.module.ts (1 hunks)
src/user/user.service.ts (1 hunks)
start/kernel.ts (0 hunks)
start/routes.ts (0 hunks)
test.ts (0 hunks)
test/app.e2e-spec.ts (1 hunks)
test/jest-e2e.json (1 hunks)
tests/bootstrap.ts (0 hunks)
tests/functional/vehicles-api.spec.ts (0 hunks)
tsconfig.build.json (1 hunks)
tsconfig.json (1 hunks)

💤 Files with no reviewable changes (29)

.prettierignore
env.ts
start/kernel.ts
.editorconfig
app/Types/Vehicle.ts
.gitignore copy
app/Exceptions/Handler.ts
contracts/env.ts
contracts/hash.ts
tests/functional/vehicles-api.spec.ts
contracts/events.ts
start/routes.ts
contracts/tests.ts
server.ts
ace
app/Controllers/VehiclesController.ts
.env.example
commands/index.ts
config/app.ts
config/drive.ts
.adonisrc.json
test.ts
providers/AppProvider.ts
config/hash.ts
contracts/drive.ts
config/bodyparser.ts
ace-manifest.json
config/cors.ts
tests/bootstrap.ts

🚧 Files skipped from review as they are similar to previous changes (35)

.docker/start.dev.sh
src/auth/jwt.guard.ts
tsconfig.build.json
src/app.service.ts
src/auth/local.guard.ts
.dockerignore
test/jest-e2e.json
src/task/task.module.ts
LICENSE.md
Dockerfile
nest-cli.json
src/user/user.module.ts
src/user/dto/create-user.dto.ts
src/common/envs/.env.example
src/common/decorators/auth-user.decorator.ts
src/task/dto/create-task.dto.ts
src/auth/jwt.strategy.ts
src/app.module.ts
src/auth/local.strategy.ts
src/auth/auth.module.ts
src/main.ts
src/app.controller.ts
src/common/helper/env.helper.ts
.eslintrc.js
test/app.e2e-spec.ts
src/app.controller.spec.ts
.gitlab-ci.yml
src/task/dto/update-task.dto.ts
src/shared/typeorm/typeorm.service.ts
src/auth/auth.service.ts
src/user/entities/user.entity.ts
src/task/entities/task.entity.ts
src/user/dto/update-user.dto.ts
.prettierrc
docker-compose.yml

🧰 Additional context used

🧬 Code Definitions (3)

src/user/user.controller.ts (2)

src/user/dto/create-user.dto.ts (1) (1)

CreateUserDto (3-15)

src/user/dto/update-user.dto.ts (1) (1)

UpdateUserDto (10-37)

src/user/user.service.ts (2)

src/user/dto/create-user.dto.ts (1) (1)

CreateUserDto (3-15)

src/user/dto/update-user.dto.ts (1) (1)

UpdateUserDto (10-37)

src/task/task.controller.ts (2)

src/task/dto/create-task.dto.ts (1) (1)

CreateTaskDto (9-27)

src/task/dto/update-task.dto.ts (1) (1)

UpdateTaskDto (3-21)

🪛 LanguageTool

CHALLENGE.md

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

[grammar] ~15-~15: Please check the verb form.
Context: ...nd show us your skills. ### The Layout Open the [layout mockup](https://www.figma.c...

(SHE_LIVE)

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~71-~71: Possible missing preposition found.
Context: ...erfaces 2. Work on eslint rules 3. Work prettier config 4. Work on docker containers 5. ...

(AI_HYDRA_LEO_MISSING_TO)

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)

README.md

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

PULL_REQUEST.md

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)

🪛 markdownlint-cli2 (0.17.2)

CHALLENGE.md

1-1: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

19-19: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

27-27: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

32-32: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

37-37: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

README.md

39-39: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

83-83: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

89-89: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

🪛 actionlint (1.7.4)

.github/workflows/node.js.yml

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (30)

tsconfig.json (3)

3-9: Updated Compiler Options for Enhanced Compatibility

The new settings (e.g., "module": "commonjs", "declaration": true, "removeComments": true, "emitDecoratorMetadata": true, "experimentalDecorators": true, "allowSyntheticDefaultImports": true, "target": "ES2021") correctly align with NestJS conventions and modern TypeScript usage.

11-12: Standardizing Build Output and Module Resolution

Changing the output directory to "./dist" and setting "baseUrl": "./" reflects best practices for a NestJS project, ensuring cleaner build directories and improved module resolution.

1-22: Overall Configuration Migration

The removal of legacy properties related to AdonisJS (such as "extends", "include", "exclude", and "rootDir") and the introduction of new compiler options clearly support the migration to a NestJS framework. Verify that these changes are fully compatible with your tooling and CI/CD pipeline.

.gitignore (8)

1-5: Standard build artifact exclusion.

Including /dist, /node_modules, and /build in the .gitignore is a best practice to avoid committing compiled outputs and dependencies.

10-10: Consistent handling of debug logs.

Ignoring pnpm-debug.log* alongside other *-debug.log* files keeps the repository clean.

15-17: Excluding OS-specific files.

.DS_Store is a macOS file; ignoring it is standard.

18-21: Ignoring test coverage artifacts.

Adding /coverage and /.nyc_output to .gitignore prevents large coverage folders from cluttering the repo.

22-29: Excluding IDE/editor settings.

References to IntelliJ, Eclipse, c9, or Sublime are properly ignored, reducing potential editor conflicts.

31-37: Selective ignoring for VSCode.

Ignoring the .vscode/ directory except for select configuration files is a neat approach to share minimal editor settings while maintaining user-specific preferences locally.

38-47: Protecting secrets and ignoring temp directories.

Ignoring environment files and temporary folders is crucial for both security and cleanliness.

55-57: Diagnostic reports and environment files.

Continuing to ignore environment files (both at root and under src/common/envs) and diagnostic reports is aligned with security and housekeeping best practices.
.github/workflows/node.js.yml (2)

1-3: Introduction of CI workflow.

Defining a Node.js CI workflow is a great step toward automating builds and tests. This is well-structured for a new project setup.

22-24: Update GitHub Actions to newer versions.

Actions checkout@v3 and setup-node@v3 are flagged by static analysis as outdated. Please consider updating to v4 to ensure full compatibility and features.
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

...
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
🧰 Tools

🪛 actionlint (1.7.4)

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)
src/task/task.service.ts (7)

34-39: Fetching user tasks looks correct.

No issues spotted here.

41-49: Good null-check for the retrieved task.

Returning null if none is found is clear and explicit.

65-74: Safe deletion approach.

The null-check before removal is appropriate.

76-88: Updating isFavorite is consistent with the existing pattern.

The code checks for an existing task and updates the property.

90-102: Color update logic is fine.

Returning null if the task doesn’t exist keeps behavior consistent.

104-112: Case-insensitive search by title.

Leveraging ILike for fuzzier matching is straightforward and correct here.

114-128: Appropriate handling for no-color tasks.

Mapping null to "none" ensures consistent usage across the application.
src/user/user.controller.ts (1)

84-110: Use NestJS built-in exception handling instead of manual try-catch.

Instead of manually catching and returning 500 responses, you could throw an HttpException or rely on global exception filters to handle errors gracefully. This approach would keep controller logic concise and ensure consistent error responses. For example:
try {
  const user = await this.userService.update(id, updateUserDto);
  if (!user) {
    throw new NotFoundException('User not found');
  }
  return { user };
} catch (error) {
  throw new InternalServerErrorException(error.message);
}
Would you like me to generate or configure a global exception filter for clean error handling?
package.json (2)

2-7: Validate updated name, version, and license.

Great to see the project renamed to “corelab-api-challenge-2024” and licensed under MIT. If publishing at some point, confirm this updated name doesn’t conflict with existing packages on npm. Also ensure the version 0.0.1 suits your release strategy.

22-42:
❓ Verification inconclusive

Check dependency version compatibility.

You’re using relatively new versions of NestJS and TypeScript packages. Confirm that all chosen versions are stable and compatible to avoid unexpected behavior. It also might be beneficial to pin certain dependencies if you're concerned about frequent breaking changes.

Run the following script to see if there are known compatibility issues among these NestJS libraries:

🏁 Script executed:
#!/bin/bash
ast-grep --pattern $'import { Module } from \"@nestjs/$_\"' 
# This simply verifies that we have NestJS modules imported across the codebase,
# ensuring no partial/historic references to older versions remain.
Length of output: 58
Dependency Version Compatibility Check

The dependencies in your package.json appear to be updated to recent stable versions. However, the initial automatic check (via the provided ast-grep command) did not yield any output—even though it was intended to verify that there are no lingering references to older NestJS modules. This inconclusive result means that we can't fully confirm version consistency automatically. Please review the following manually:

Verify NestJS Imports: Ensure that across your codebase, all NestJS imports (e.g., modules, decorators) reference the same major versions as declared in package.json.

Confirm Compatibility: Double-check that the chosen versions (especially for core packages like @nestjs/common, @nestjs/core, and related libraries) are confirmed compatible. Consult the official NestJS documentation or migration guides if necessary.

Consider Dependency Pinning: If frequent upstream changes are a concern, you might benefit from pinning critical dependencies to maintain stability.

Please perform a manual verification to confirm that no outdated or mismatched imports remain.
src/user/user.service.ts (2)

21-25: Handle mismatched passwords with a clear error.

Currently, the function returns undefined if argon2.verify fails (i.e., the passwords do not match). This can lead to silent failures. Consider throwing an HttpException with the appropriate status code to indicate invalid password.

41-42: Hash the password before storing.

Storing passwords in plain text is a security risk. As previously noted, use argon2.hash before saving:
- newUser.password = password;
+ newUser.password = await argon2.hash(password);
src/task/task.controller.ts (5)

83-86: Use 404 or 403 for missing or unauthorized tasks.

Returning a 400 status code for a not-found or unauthorized resource is less clear than using 404 (Not Found) or 403 (Forbidden).

110-113: Use 404 or 403 for missing or unauthorized tasks.

Same reasoning here. A 400 code is ambiguous for a missing or unauthorized resource.

131-134: Use 404 or 403 for missing or unauthorized tasks.

Returning 400 can be misleading if the resource doesn't exist or the user is unauthorized.

150-150: Throw an exception instead of returning a plain object.

For consistency and clarity, consider throwing an HttpException when the task is missing or the user is unauthorized, rather than returning an object.

169-169: Throw an exception instead of returning a plain object.

Similarly, returning an object here may mask the actual error condition. Throw a suitable HTTP error for a missing or unauthorized resource.

coderabbitai

Actionable comments posted: 5

♻️ Duplicate comments (2)

src/task/task.service.ts (2)
25-31: ⚠️ Potential issue

Check for null user before pushing tasks.

If user is null, user.tasks.push(task) triggers an error. This issue has been flagged in a previous review.
const user = await this.userRepository.findOne({
  where: { id: userId },
  relations: ['tasks'],
});
-if (!user) {
-  user.tasks.push(task);
-  await this.userRepository.save(user);
-  return task;
-}
+if (!user) {
+  return null;
+}

user.tasks.push(task);
await this.userRepository.save(user);
return task;
51-58: ⚠️ Potential issue

Avoid overwriting a non-existent task.

If updateTask is null, spreading it may create unintended entity data. This issue was also flagged in a previous review.
let updateTask = await this.taskRepository.findOne({
  where: { id: taskId, user: userId },
});
-if (!updateTask) {
-  updateTask = await this.taskRepository.save({
-    ...updateTask,
-    ...updateTaskDto,
-  });
-}
+if (!updateTask) {
+  return null;
+}

updateTask = await this.taskRepository.save({
  ...updateTask,
  ...updateTaskDto,
});

🧹 Nitpick comments (17)

tsconfig.json (1)
3-19: Configuration aligns with NestJS standards but has disabled strictness checks

The TypeScript configuration has been completely revised to match NestJS standards, which is appropriate for the migration from AdonisJS. However, several type safety checks are disabled (strictNullChecks: false, noImplicitAny: false, etc.), which could allow type-related bugs to creep in.

Consider enabling these strictness options gradually after your migration is complete:
    "incremental": true,
    "skipLibCheck": true,
-   "strictNullChecks": false,
-   "noImplicitAny": false,
-   "strictBindCallApply": false,
-   "forceConsistentCasingInFileNames": false,
-   "noFallthroughCasesInSwitch": false
+   "strictNullChecks": true, 
+   "noImplicitAny": true,
+   "strictBindCallApply": true,
+   "forceConsistentCasingInFileNames": true,
+   "noFallthroughCasesInSwitch": true
This will provide better type safety, but can be done incrementally as you fix issues.
src/auth/auth.module.ts (1)
10-26: Well-structured AuthModule following NestJS best practices

The AuthModule implementation follows NestJS best practices with proper dependency injection, module configuration, and service exports. The use of forwardRef correctly handles potential circular dependencies with UserModule.

Consider reviewing your JWT token expiration policy. The current setting of 7 days may be appropriate for your application, but for more security-sensitive applications, a shorter expiration time might be better, along with a refresh token mechanism:
      useFactory: async (configService: ConfigService) => ({
        secret: configService.get('JWT_SECRET'),
-       signOptions: { expiresIn: '7d' },
+       signOptions: { expiresIn: '1d' }, // Or another duration that matches your security requirements
      }),
CHALLENGE.md (4)
13-13: Use official spelling "Node.js".

The official spelling is “Node.js” rather than “Node JS”.
-If you feel more comfortable, you can pick another Node JS framework and show us your skills.
+If you feel more comfortable, you can pick another Node.js framework and show us your skills.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

21-23: Reword repeated sentence beginnings.

Several consecutive lines here start with “Users should be able to.” Try diversifying the phrasing for clarity and style.
1. Users should be able to create, read, update, and delete to-do items using the API.
2. You can mark any item as a favorite.
3. There's also an option to set a color for each to-do item.
🧰 Tools

🪛 LanguageTool

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

71-71: Add missing preposition.

The line “3. Work prettier config” can be reworded to clarify and reflect standard usage.
-3. Work prettier config
+3. Work on Prettier config
🧰 Tools

🪛 LanguageTool

[uncategorized] ~71-~71: Possible missing preposition found.
Context: ...erfaces 2. Work on eslint rules 3. Work prettier config 4. Work on docker containers 5. ...

(AI_HYDRA_LEO_MISSING_TO)

78-78: Use a more formal alternative.

“Feel free to” is often overused. Consider a more direct or formal phrasing.
-Feel free to add videos for better explanation.
+You may add videos for better explanation if you wish.
🧰 Tools

🪛 LanguageTool

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)
README.md (5)
15-15: Use concise phrasing for capabilities.

Replacing “are able to” with “can” often reads more clearly.
-- Users are able to create, read, update and delete pending tasks using the API.
+- Users can create, read, update, and delete pending tasks using the API.
🧰 Tools

🪛 LanguageTool

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

15-17: Reword repetitive sentence beginnings.

Consecutive lines start with “Users can.” Try diversifying phrasing to improve readability.
-Users can mark an item as a favorite.
-Users can set a color for each task item.
-User task list in a responsive and visually appealing way...
+Mark any item as a favorite.
+Assign a color to each task item.
+Display the task list in a responsive and visually appealing way...
🧰 Tools

🪛 LanguageTool

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

39-39: Remove $ prompts to align with markdownlint rules.

Using $ yarn ... in markdown can raise MD014 warnings. Consider removing the $ to help avoid lint errors.
- $ yarn
+ yarn

- $ docker-compose -f docker-compose.yml up
+ docker-compose -f docker-compose.yml up

- $ docker-compose -f docker-compose.yml up -d
+ docker-compose -f docker-compose.yml up -d
Also applies to: 83-83, 89-89

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

39-39: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

94-94: Use official spelling "Node.js".

“Nodejs” should be spelled “Node.js” for consistency.
-Images: Nodejs 22 (Alpine) and PostgreSQL 17.
+Images: Node.js 22 (Alpine) and PostgreSQL 17.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

98-98: Hyphenate compound adjectives and replace ‘amazing’.

“MIT-licensed open source project” can be made more precise by hyphenating multiple adjectives, and “amazing” can be replaced with a more formal alternative.
-Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers.
+Nest is an MIT-licensed, open-source project. It can grow thanks to the sponsors and support by the dedicated backers.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)
src/user/user.controller.ts (2)
1-23: Consider using ParseIntPipe for numeric route parameters.

Currently, you are typing @Param('id') id: number directly, but NestJS does not automatically parse a URL parameter to a number without a pipe. Consider using:
@Param('id', ParseIntPipe) id: number
This helps ensure that the id is validated and converted to a number before your method is invoked.

50-60: Add secure cookie attributes for production environments.

When setting the auth cookie, consider adding properties like secure: true, sameSite: 'strict', and httpOnly: true (already present) to enhance security. For example:
 res.cookie('auth-cookie', login_token, {
   httpOnly: true,
+  secure: true,
+  sameSite: 'strict',
 });
PULL_REQUEST.md (4)
19-19: Replace the foreign term “password” with “senha” for consistency in Portuguese.

In line with the language preference indicated by the static analysis hint, consider updating the text:
- Cadastro (username, password e confirmar senha) (...)
+ Cadastro (username, senha e confirmar senha) (...)
🧰 Tools

🪛 LanguageTool

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

107-107: Use a concise locution instead of “dentro de um.”

For clarity and brevity in Portuguese, replace “dentro de um” with “em um” (or “num” if appropriate to your writing style):
- ... outros objetos dentro de um banco de dados. ...
+ ... outros objetos em um banco de dados. ...
🧰 Tools

🪛 LanguageTool

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

108-108: Treat “public” as a schema name in quotes.

If “public” is the actual schema name rather than an abbreviation, consider placing it in quotes or backticks for clarity:
- Exemplo: Um schema public que contém todas as tabelas padrão.
+ Exemplo: Um schema "public" que contém todas as tabelas padrão.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

111-111: Simplify verbose language for better clarity.

Revise "que são executadas como uma única unidade de trabalho" if you wish to use a more succinct style in Portuguese. For instance:
- Transações são um conjunto de operações que são executadas como uma única unidade de trabalho.
+ Transações são um conjunto de operações executadas como uma unidade de trabalho.
🧰 Tools

🪛 LanguageTool

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5550250 and 36c1f52.

⛔ Files ignored due to path filters (2)

package-lock.json is excluded by !**/package-lock.json
yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (75)

.adonisrc.json (0 hunks)
.docker/start.dev.sh (1 hunks)
.dockerignore (1 hunks)
.editorconfig (0 hunks)
.env.example (0 hunks)
.eslintrc.js (1 hunks)
.github/workflows/node.js.yml (1 hunks)
.gitignore (1 hunks)
.gitignore copy (0 hunks)
.gitlab-ci.yml (1 hunks)
.prettierignore (0 hunks)
.prettierrc (1 hunks)
CHALLENGE.md (1 hunks)
Dockerfile (1 hunks)
LICENSE.md (1 hunks)
PULL_REQUEST.md (1 hunks)
README.md (1 hunks)
ace (0 hunks)
ace-manifest.json (0 hunks)
app/Controllers/VehiclesController.ts (0 hunks)
app/Exceptions/Handler.ts (0 hunks)
app/Types/Vehicle.ts (0 hunks)
commands/index.ts (0 hunks)
config/app.ts (0 hunks)
config/bodyparser.ts (0 hunks)
config/cors.ts (0 hunks)
config/drive.ts (0 hunks)
config/hash.ts (0 hunks)
contracts/drive.ts (0 hunks)
contracts/env.ts (0 hunks)
contracts/events.ts (0 hunks)
contracts/hash.ts (0 hunks)
contracts/tests.ts (0 hunks)
docker-compose.yml (1 hunks)
env.ts (0 hunks)
nest-cli.json (1 hunks)
package.json (1 hunks)
providers/AppProvider.ts (0 hunks)
server.ts (0 hunks)
src/app.controller.spec.ts (1 hunks)
src/app.controller.ts (1 hunks)
src/app.module.ts (1 hunks)
src/app.service.ts (1 hunks)
src/auth/auth.module.ts (1 hunks)
src/auth/auth.service.ts (1 hunks)
src/auth/jwt.guard.ts (1 hunks)
src/auth/jwt.strategy.ts (1 hunks)
src/auth/local.guard.ts (1 hunks)
src/auth/local.strategy.ts (1 hunks)
src/common/decorators/auth-user.decorator.ts (1 hunks)
src/common/envs/.env.example (1 hunks)
src/common/helper/env.helper.ts (1 hunks)
src/main.ts (1 hunks)
src/shared/typeorm/typeorm.service.ts (1 hunks)
src/task/dto/create-task.dto.ts (1 hunks)
src/task/dto/update-task.dto.ts (1 hunks)
src/task/entities/task.entity.ts (1 hunks)
src/task/task.controller.ts (1 hunks)
src/task/task.module.ts (1 hunks)
src/task/task.service.ts (1 hunks)
src/user/dto/create-user.dto.ts (1 hunks)
src/user/dto/update-user.dto.ts (1 hunks)
src/user/entities/user.entity.ts (1 hunks)
src/user/user.controller.ts (1 hunks)
src/user/user.module.ts (1 hunks)
src/user/user.service.ts (1 hunks)
start/kernel.ts (0 hunks)
start/routes.ts (0 hunks)
test.ts (0 hunks)
test/app.e2e-spec.ts (1 hunks)
test/jest-e2e.json (1 hunks)
tests/bootstrap.ts (0 hunks)
tests/functional/vehicles-api.spec.ts (0 hunks)
tsconfig.build.json (1 hunks)
tsconfig.json (1 hunks)

💤 Files with no reviewable changes (29)

.prettierignore
contracts/hash.ts
.editorconfig
start/kernel.ts
contracts/events.ts
commands/index.ts
contracts/drive.ts
config/hash.ts
.env.example
start/routes.ts
tests/functional/vehicles-api.spec.ts
server.ts
.gitignore copy
app/Controllers/VehiclesController.ts
ace
app/Types/Vehicle.ts
config/app.ts
app/Exceptions/Handler.ts
providers/AppProvider.ts
contracts/tests.ts
env.ts
tests/bootstrap.ts
config/bodyparser.ts
config/cors.ts
test.ts
ace-manifest.json
config/drive.ts
.adonisrc.json
contracts/env.ts

🚧 Files skipped from review as they are similar to previous changes (34)

.prettierrc
.dockerignore
test/jest-e2e.json
src/user/user.module.ts
src/app.service.ts
nest-cli.json
tsconfig.build.json
src/auth/local.guard.ts
src/app.controller.spec.ts
src/user/dto/create-user.dto.ts
src/main.ts
src/task/task.module.ts
Dockerfile
LICENSE.md
src/auth/jwt.guard.ts
src/app.controller.ts
.docker/start.dev.sh
src/common/decorators/auth-user.decorator.ts
src/auth/local.strategy.ts
src/common/envs/.env.example
src/task/entities/task.entity.ts
src/common/helper/env.helper.ts
src/user/dto/update-user.dto.ts
test/app.e2e-spec.ts
src/shared/typeorm/typeorm.service.ts
src/task/dto/update-task.dto.ts
src/user/entities/user.entity.ts
src/auth/auth.service.ts
src/app.module.ts
src/auth/jwt.strategy.ts
.gitlab-ci.yml
src/task/dto/create-task.dto.ts
docker-compose.yml
.eslintrc.js

🧰 Additional context used

🧬 Code Definitions (4)

src/user/user.controller.ts (2)

src/user/dto/create-user.dto.ts (1) (1)

CreateUserDto (3-15)

src/user/dto/update-user.dto.ts (1) (1)

UpdateUserDto (10-37)

src/task/task.service.ts (2)

src/task/dto/create-task.dto.ts (1) (1)

CreateTaskDto (9-27)

src/task/dto/update-task.dto.ts (1) (1)

UpdateTaskDto (3-21)

src/user/user.service.ts (5)

src/auth/auth.service.ts (1) (1)

Injectable (5-30)

src/auth/jwt.strategy.ts (1) (1)

Injectable (9-37)

src/auth/local.strategy.ts (1) (1)

Injectable (6-25)

src/user/dto/create-user.dto.ts (1) (1)

CreateUserDto (3-15)

src/user/dto/update-user.dto.ts (1) (1)

UpdateUserDto (10-37)

src/task/task.controller.ts (2)

src/task/dto/create-task.dto.ts (1) (1)

CreateTaskDto (9-27)

src/task/dto/update-task.dto.ts (1) (1)

UpdateTaskDto (3-21)

🪛 LanguageTool

CHALLENGE.md

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

[grammar] ~15-~15: Please check the verb form.
Context: ...nd show us your skills. ### The Layout Open the [layout mockup](https://www.figma.c...

(SHE_LIVE)

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~71-~71: Possible missing preposition found.
Context: ...erfaces 2. Work on eslint rules 3. Work prettier config 4. Work on docker containers 5. ...

(AI_HYDRA_LEO_MISSING_TO)

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)

README.md

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

PULL_REQUEST.md

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)

🪛 markdownlint-cli2 (0.17.2)

README.md

39-39: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

83-83: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

89-89: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

🪛 actionlint (1.7.4)

.github/workflows/node.js.yml

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (10)

.gitignore (1)

1-57: Well-structured .gitignore file for a NestJS project

The .gitignore file has been completely restructured with clear section headers and appropriate entries for a NestJS project. It properly excludes build artifacts, environment files, IDE configurations, and test coverage reports.
.github/workflows/node.js.yml (1)

22-27: Update GitHub Actions to latest versions

The actions you're using are outdated. Update to the latest versions to ensure compatibility with GitHub's runner environment and access to the latest features.
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache: "yarn"
🧰 Tools

🪛 actionlint (1.7.4)

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)
package.json (4)

2-7: Project metadata updated correctly.

The new project name, version, and license appear valid. Good job keeping the package metadata consistent and adding an explicit MIT license.

9-20: Scripts align with NestJS best practices.

The scripts for build, start, lint, and test are standard for a NestJS application. Using nest commands (e.g. nest build, nest start) helps maintain clarity in your workflow.

69-85: Comprehensive Jest configuration.

The Jest config is well-structured, covering multiple test types and collecting coverage. This is a best practice for maintaining high test quality and making sure your code is well-tested.

22-42:
❓ Verification inconclusive

Check for up-to-date dependency security patches.

Regularly verify that pinned versions (e.g., argon2, class-transformer, class-validator) are secure, especially given frequent minor updates that address security concerns.

🏁 Script executed:
#!/bin/bash
# Check for new versions and potential security advisories in dependencies
npm outdated
echo "Review any reported vulnerabilities or newer semver-compatible releases."
gh api security-advisories | grep -i -E 'argon2|class-transformer|class-validator'
Length of output: 2311
Dependency Security Versions Check: Manual Verification Required

The npm outdated output confirms that dependencies such as argon2, class-transformer, and class-validator are pinned at versions that match the latest available ones.

However, the security advisory check using gh api security-advisories | grep -i -E 'argon2|class-transformer|class-validator' returned an HTTP 404 error. This may be due to a misconfiguration, lack of permissions, or simply that no advisories are published via that endpoint.

Action: Please manually verify the security advisories—consider running npm audit or checking the official advisories for these packages—to ensure no critical patches are missing.
src/user/user.service.ts (2)

21-25: Handle invalid password case explicitly.

If matchPassport is false, the method currently returns undefined, causing ambiguity. To avoid silent failures or confusion, throw an exception for invalid passwords.
if (user) {
  const matchPassport = await argon2.verify(user.password, password);
  if (matchPassport) {
    return user;
  }
- // Currently returns undefined
+ throw new HttpException('Invalid password', HttpStatus.BAD_REQUEST);
} else {
  throw new HttpException('User not found', HttpStatus.BAD_REQUEST);
}
30-54: Salt and hash passwords before saving.

Storing passwords in plain text is a severe security risk. Use argon2.hash (or a similar hashing method) to securely store passwords.
newUser.username = username;
- newUser.password = password;
+ newUser.password = await argon2.hash(password);
newUser.email = email;
src/task/task.controller.ts (2)

83-86: Use 404 or 403 for missing or unauthorized tasks.

Returning a 400 Bad Request for non-existent or unauthorized tasks is semantically unclear. Standard practice is to throw 404 Not Found or 403 Forbidden.
- 'Error 400 Bad Request: Task not found or your user does not have this task',
- HttpStatus.BAD_REQUEST,
+ 'Error 404 Not Found: Task not found or user not authorized',
+ HttpStatus.NOT_FOUND,
Also applies to: 109-113, 130-133

149-151: Throw exceptions for missing or unauthorized tasks instead of returning an object.

Returning an object with a warning message instead of raising an HTTP exception is inconsistent with the other endpoints. For uniform error handling, use HttpException.
if (!updatedTask) {
-  return { message: 'Task not found or not authorized' };
+  throw new HttpException('Error 404 Not Found: Task not found or user not authorized', HttpStatus.NOT_FOUND);
}
Also applies to: 169-170

src/task/task.service.ts

src/user/user.controller.ts

src/user/user.service.ts

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (17)

.gitignore (1)

22-30: Review IDEs and Editors Ignore Patterns.
The section covers various configuration files from different editors. One note: the entry /idea is used instead of the more common .idea folder for JetBrains IDEs. Please verify if this is intentional or a typo.
CHALLENGE.md (3)
1-1: Remove trailing punctuation in section headings.

Trailing punctuation in markdown headings is flagged by markdownlint. Consider removing the colons to comply with recommended style rules.
-## Corelab Challenge:
+## Corelab Challenge

...

-### The application should have the following functionality:
+### The application should have the following functionality

...

-### Technical Requirements:
+### Technical Requirements

...

-### Deliverables:
+### Deliverables

...

-### Evaluation Criteria:
+### Evaluation Criteria
Also applies to: 19-19, 27-27, 32-32, 37-37

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

1-1: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

13-13: Use the official spelling for Node.js.

In line 13, replace “Node JS” with “Node.js” for consistency and correctness.
-If you feel more comfortable, you can pick another Node JS framework and show us your skills.
+If you feel more comfortable, you can pick another Node.js framework and show us your skills.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

78-78: Rephrase “Feel free to” for a more professional tone.

LanguageTool flags “Feel free to” as a commonly overused phrase. Consider a more direct alternative.
-Create a file PULL_REQUEST.md where you will describe what you did and how in as much detail as possible. Feel free to add videos for better explanation.
+Create a file PULL_REQUEST.md where you will describe what you did and how in as much detail as possible. You may include videos for additional clarification.
🧰 Tools

🪛 LanguageTool

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)
README.md (2)
8-8: Correct minor spelling mistake.

“Aplication” should be “Application.”
-Aplication to help manage tasks and reminders.
+Application to help manage tasks and reminders.
94-94: Use the official spelling of “Node.js.”

The text currently says "Nodejs 22." Replace “Nodejs” with “Node.js” for consistency and correctness.
-Images: Nodejs 22 (Alpine) and PostgreSQL 17.
+Images: Node.js 22 (Alpine) and PostgreSQL 17.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)
src/user/user.controller.ts (4)
24-29: Consider aligning the controller path with REST conventions.
Typically, controllers handle pluralized resource names, e.g., @Controller('users'), for clarity and consistency with RESTful standards.
- @Controller('user')
+ @Controller('users')
50-60: Secure cookie configuration.
While httpOnly is set, also consider using secure: true when operating over HTTPS to prevent cookies from being sent over unsecured connections.
- res.cookie('auth-cookie', login_token, { httpOnly: true });
+ res.cookie('auth-cookie', login_token, { httpOnly: true, secure: true });
68-82: Optional REST route refinement.
It’s more conventional to simply use DELETE /users/:id instead of DELETE /delete/:id. Eliminating redundant “delete” in the path helps keep routes clean and follows REST conventions.
- @Delete('/delete/:id')
+ @Delete('/:id')
84-109: Optional REST route refinement.
As with the delete route, avoid embedding “update” in the path and rely on HTTP verbs (PUT, PATCH) to indicate the operation.
- @Put('/update/:id')
+ @Put('/:id')
PULL_REQUEST.md (4)
19-19: Use consistent terminology in Portuguese.
Remember to localize “password” to “senha” for clarity and language consistency.
- Cadastro (username, password e confirmar senha)
+ Cadastro (username, senha e confirmar senha)
🧰 Tools

🪛 LanguageTool

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

107-107: Streamline wording.
Use a more concise phrase to reduce verbosity.
- dentro de um banco de dados
+ em um banco de dados
🧰 Tools

🪛 LanguageTool

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

108-108: Clarify "schema public".
Add punctuation or quotes if it’s not a standalone word.
- Exemplo: Um schema public que contém todas as tabelas padrão.
+ Exemplo: Um schema 'public' que contém todas as tabelas padrão.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

111-111: Improve clarity by trimming extra words.
This smaller sentence is easier to parse.
- Transações são um conjunto de operações que são executadas como uma única unidade de trabalho.
+ Transações são um conjunto de operações executadas como uma única unidade de trabalho.
🧰 Tools

🪛 LanguageTool

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)
src/user/user.service.ts (2)
36-37: Refine the error message.
“User already existed” is grammatically off. Updating it to “User already exists” clarifies the message.
- throw new HttpException('User already existed', HttpStatus.BAD_REQUEST);
+ throw new HttpException('User already exists', HttpStatus.BAD_REQUEST);
83-99: Consider handling potential password changes.
If you intend to allow password updates in the future, ensure you hash the new password before saving. If not, clarifying that passwords are immutable in this method helps maintain consistency.
src/task/task.controller.ts (1)
28-47: Consider logging creation errors.
Currently, if task creation fails, you only return a 500 response without capturing or logging the underlying exception. Logging can significantly aid in debugging.
try {
  const task = await this.taskService.createTask(req.user.id, createTaskDto);
  if (task) {
    return res.status(HttpStatus.CREATED).json({...});
  }
} catch (err) {
+ console.error('Error creating task:', err);
  return res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({...});
}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 36c1f52 and f237cf9.

⛔ Files ignored due to path filters (2)

package-lock.json is excluded by !**/package-lock.json
yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (75)

.adonisrc.json (0 hunks)
.docker/start.dev.sh (1 hunks)
.dockerignore (1 hunks)
.editorconfig (0 hunks)
.env.example (0 hunks)
.eslintrc.js (1 hunks)
.github/workflows/node.js.yml (1 hunks)
.gitignore (1 hunks)
.gitignore copy (0 hunks)
.gitlab-ci.yml (1 hunks)
.prettierignore (0 hunks)
.prettierrc (1 hunks)
CHALLENGE.md (1 hunks)
Dockerfile (1 hunks)
LICENSE.md (1 hunks)
PULL_REQUEST.md (1 hunks)
README.md (1 hunks)
ace (0 hunks)
ace-manifest.json (0 hunks)
app/Controllers/VehiclesController.ts (0 hunks)
app/Exceptions/Handler.ts (0 hunks)
app/Types/Vehicle.ts (0 hunks)
commands/index.ts (0 hunks)
config/app.ts (0 hunks)
config/bodyparser.ts (0 hunks)
config/cors.ts (0 hunks)
config/drive.ts (0 hunks)
config/hash.ts (0 hunks)
contracts/drive.ts (0 hunks)
contracts/env.ts (0 hunks)
contracts/events.ts (0 hunks)
contracts/hash.ts (0 hunks)
contracts/tests.ts (0 hunks)
docker-compose.yml (1 hunks)
env.ts (0 hunks)
nest-cli.json (1 hunks)
package.json (1 hunks)
providers/AppProvider.ts (0 hunks)
server.ts (0 hunks)
src/app.controller.spec.ts (1 hunks)
src/app.controller.ts (1 hunks)
src/app.module.ts (1 hunks)
src/app.service.ts (1 hunks)
src/auth/auth.module.ts (1 hunks)
src/auth/auth.service.ts (1 hunks)
src/auth/jwt.guard.ts (1 hunks)
src/auth/jwt.strategy.ts (1 hunks)
src/auth/local.guard.ts (1 hunks)
src/auth/local.strategy.ts (1 hunks)
src/common/decorators/auth-user.decorator.ts (1 hunks)
src/common/envs/.env.example (1 hunks)
src/common/helper/env.helper.ts (1 hunks)
src/main.ts (1 hunks)
src/shared/typeorm/typeorm.service.ts (1 hunks)
src/task/dto/create-task.dto.ts (1 hunks)
src/task/dto/update-task.dto.ts (1 hunks)
src/task/entities/task.entity.ts (1 hunks)
src/task/task.controller.ts (1 hunks)
src/task/task.module.ts (1 hunks)
src/task/task.service.ts (1 hunks)
src/user/dto/create-user.dto.ts (1 hunks)
src/user/dto/update-user.dto.ts (1 hunks)
src/user/entities/user.entity.ts (1 hunks)
src/user/user.controller.ts (1 hunks)
src/user/user.module.ts (1 hunks)
src/user/user.service.ts (1 hunks)
start/kernel.ts (0 hunks)
start/routes.ts (0 hunks)
test.ts (0 hunks)
test/app.e2e-spec.ts (1 hunks)
test/jest-e2e.json (1 hunks)
tests/bootstrap.ts (0 hunks)
tests/functional/vehicles-api.spec.ts (0 hunks)
tsconfig.build.json (1 hunks)
tsconfig.json (1 hunks)

💤 Files with no reviewable changes (29)

.prettierignore
start/kernel.ts
.gitignore copy
contracts/env.ts
app/Exceptions/Handler.ts
commands/index.ts
contracts/hash.ts
server.ts
start/routes.ts
env.ts
contracts/tests.ts
app/Types/Vehicle.ts
app/Controllers/VehiclesController.ts
.editorconfig
.env.example
tests/functional/vehicles-api.spec.ts
ace
contracts/events.ts
test.ts
contracts/drive.ts
tests/bootstrap.ts
config/bodyparser.ts
config/hash.ts
.adonisrc.json
config/drive.ts
config/app.ts
config/cors.ts
ace-manifest.json
providers/AppProvider.ts

🚧 Files skipped from review as they are similar to previous changes (35)

nest-cli.json
.prettierrc
src/auth/jwt.guard.ts
.dockerignore
src/auth/local.guard.ts
src/user/user.module.ts
.docker/start.dev.sh
src/app.service.ts
LICENSE.md
src/app.controller.spec.ts
src/auth/local.strategy.ts
src/main.ts
src/common/helper/env.helper.ts
src/user/dto/create-user.dto.ts
src/task/dto/create-task.dto.ts
test/jest-e2e.json
src/app.module.ts
src/task/task.module.ts
src/auth/auth.module.ts
Dockerfile
src/common/decorators/auth-user.decorator.ts
.eslintrc.js
src/user/entities/user.entity.ts
src/common/envs/.env.example
src/task/entities/task.entity.ts
src/auth/auth.service.ts
tsconfig.build.json
src/shared/typeorm/typeorm.service.ts
src/user/dto/update-user.dto.ts
src/task/dto/update-task.dto.ts
src/auth/jwt.strategy.ts
docker-compose.yml
test/app.e2e-spec.ts
.gitlab-ci.yml
src/app.controller.ts

🧰 Additional context used

🧬 Code Definitions (1)

src/task/task.service.ts (3)

src/user/user.service.ts (1) (1)

Injectable (9-100)

src/task/dto/create-task.dto.ts (1) (1)

CreateTaskDto (9-27)

src/task/dto/update-task.dto.ts (1) (1)

UpdateTaskDto (3-21)

🪛 LanguageTool

CHALLENGE.md

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

[grammar] ~15-~15: Please check the verb form.
Context: ...nd show us your skills. ### The Layout Open the [layout mockup](https://www.figma.c...

(SHE_LIVE)

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)

README.md

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

PULL_REQUEST.md

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)

🪛 markdownlint-cli2 (0.17.2)

CHALLENGE.md

1-1: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

19-19: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

27-27: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

32-32: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

37-37: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

🪛 actionlint (1.7.4)

.github/workflows/node.js.yml

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (29)

.gitignore (8)

1-5: Compiled Output Directories Are Standard.
The entries /dist, /node_modules, and /build correctly ensure that generated build artifacts and dependencies are not committed. Verify that these paths precisely match where your build system outputs files.

10-10: Include pnpm Debug Logs.
Adding pnpm-debug.log* is a good addition if pnpm is in use; it prevents debug logs from being accidentally committed.

15-17: OS-Specific Files Ignored.
Including .DS_Store is standard for macOS environments. If your team uses other OS-specific files frequently, consider expanding this list as necessary.

18-21: Test Coverage Directories Are Well-Handled.
Ignoring both /coverage and /.nyc_output helps keep test report artifacts out of version control.

31-37: VSCode Configuration Ignoring Is Configured Properly.
The patterns in this block ignore all files under .vscode except for key settings files. This selective inclusion is a best practice to share essential configuration while excluding user-specific settings.

38-44: Environment Variable Files Are Properly Secured.
Ignoring .env and its variant files prevents accidental commits of sensitive environment configurations. Double-check that these entries align with your deployment and local development strategies.

45-47: Temporary Directories Are Ignored.
The inclusion of .temp and .tmp is standard practice to ensure that transient files do not pollute the repository.

55-57: Diagnostic Reports and Specific Env Files Are Covered.
Entries for diagnostic reports (e.g., report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json) and the src/common/envs/development.env file help prevent runtime artifacts from being tracked. Confirm that ignoring the development environment file is as intended.

.github/workflows/node.js.yml (2)

18-19: Confirm usage of Node 22.x for stability.

Node 22.x might still be in experimental or early stable phases. It's worth verifying whether your application or dependencies might have compatibility issues with Node 22.x.

Would you like me to generate a script to search your codebase and lockfiles for Node 22.x-specific usage or potential incompatibilities?

22-24: Actions version upgrade suggestion.

Actions actions/checkout@v3 and actions/setup-node@v3 are flagged as outdated by the static analysis, but an existing past review comment already covers this feedback.

🧰 Tools

🪛 actionlint (1.7.4)

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

src/task/task.service.ts (2)

25-31: Check for non-existent user before pushing the task.

If user is not found, user.tasks.push(task) will fail. This mirrors an existing comment requesting user existence checks in the same scenario.

51-58: Prevent unintentional creation of new tasks in update logic if task is not found.

If updateTask is null, spreading it will produce a new entity, contradicting the expected update flow. This feedback matches a prior review.

src/user/user.controller.ts (5)

1-23: Imports look consistent and align with NestJS best practices.
No issues noted.

31-48: Use NestJS exceptions for error handling.
This controller method returns raw JSON when an error occurs. Consider throwing a NestJS HttpException or a more specific exception to ensure consistent error responses.

62-66: Avoid returning potentially sensitive fields.
Make sure UserEntity does not expose private fields like passwords or hashed passwords. If these fields exist, exclude them here.

68-82: Unify response strategy with NestJS exceptions.
For consistency, consider throwing an exception instead of returning status-based JSON. This mirrors NestJS best practices.

84-109: Unify response strategy with NestJS exceptions.
Similar to the delete handler, the update method mixes direct JSON returns and manual status handling. Embrace NestJS exception throwing for better clarity.

package.json (2)

2-68: Overall package configuration looks good.
The updated name, version, license, scripts, and dependencies reflect a clear NestJS setup. Keep them updated regularly.

69-85: Jest configuration is well-defined.
Test settings for coverage, environment, and transform rules appear consistent with NestJS best practices.

src/user/user.service.ts (4)

16-28: Handle password mismatch explicitly & use NOT_FOUND for a missing user.
This method returns undefined if the password check fails, creating ambiguity. Consider throwing an explicit HTTP exception (e.g., HttpException('Invalid password', HttpStatus.BAD_REQUEST)) to inform clients that the credentials are incorrect. Furthermore, returning HttpStatus.BAD_REQUEST for a non-existent user is semantically unclear; use HttpStatus.NOT_FOUND for a missing resource.

41-41: Hash the user’s password before saving.
Storing plaintext passwords poses a serious security risk. Use argon2.hash(password) prior to saving.

56-69: Looks good: consistent use of 404.
This method properly returns HttpStatus.NOT_FOUND when the user doesn't exist.

71-81: Deletion logic is sound.
This approach aligns with best practices, returning a NOT_FOUND for missing resources.

src/task/task.controller.ts (6)

49-67: Task listing looks cohesive.
Returning a 200 status when tasks are successfully fetched and 500 otherwise is straightforward and clear.

70-87: Use 404 or 403 for missing or unauthorized tasks.
Throwing a BAD_REQUEST (400) is less descriptive for resources that do not exist or belong to someone else.

90-113: Use 404 or 403 for missing or unauthorized tasks.
Similarly, for update failures, a 400 Bad Request is unclear when the task may be missing or unauthorized.

116-134: Adopt 404 or 403 over 400.
For deletion of tasks that do not exist or are inaccessible to the user, a 400 status code does not accurately convey the nature of the error.

137-153: Maintain consistency in error handling – switch to exceptions.
Returning a plain object for missing tasks or unauthorized access diverges from throwing an HttpException. Align it with the other methods for a cleaner API.

156-172: Maintain consistency in error handling – switch to exceptions.
Similarly, returning { message: 'Task not found or not authorized' } differs from the rest of your HTTP exception pattern.

tsconfig.json

src/task/task.service.ts

src/task/task.controller.ts

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (6)

README.md (6)
6-9: Project Description – Spelling and Clarity Improvements

Typo: "Aplication" should be corrected to "Application."

Rephrasing suggestion: Instead of "The project has customization by colors, search and favorites," consider a clearer phrasing such as:
"The project supports customization of color schemes, advanced search functionality, and marking items as favorites."

Proposed diff:
-Aplication to help manage tasks and reminders.
+Application to help manage tasks and reminders.
-The project has customization by colors, search and favorites.
+The project supports customization of color schemes, advanced search functionality, and the ability to mark items as favorites.
13-20: Feature List – Improved Wording for Consistency

For example, on line 15, replace "are able to" with "can" to simplify the expression:
"Users can create, read, update, and delete pending tasks using the API."

Line 18 appears to be a fragment. Consider rephrasing it to:
"User tasks are displayed in a responsive and visually appealing layout with filtering options."

Proposed diffs:
-Users are able to create, read, update and delete pending tasks using the API.
+Users can create, read, update, and delete pending tasks using the API.
-User task list in a responsive and visually appealing way, with the ability to filter items.
+User tasks are displayed in a responsive and visually appealing layout with filtering options.
🧰 Tools

🪛 LanguageTool

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

22-27: Technologies Section – Correct Heading Spelling

The heading "## Tecnologies" is misspelled. It should be "## Technologies".

(Optional) Consider capitalizing "TypeScript" instead of "Typescript" for consistency with common usage.

Proposed diff:
-## Tecnologies
+## Technologies
28-32: Recommended Tools – Heading and Naming Consistency

The heading "## Recommends" can be improved to "## Recommended Tools" or "## Recommendations."

Also, update "dbeaver" to "DBeaver" to match its official branding.

Proposed diffs:
-## Recommends
+## Recommended Tools
-- dbeaver
+- DBeaver
80-94: Docker Section – Update Framework Naming

The Docker instructions are properly detailed.

On line 94, update "Nodejs" to "Node.js" to match the official spelling.

Proposed diff:
-Images: Nodejs 22 (Alpine) and PostgreSQL 17.
+Images: Node.js 22 (Alpine) and PostgreSQL 17.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

🪛 markdownlint-cli2 (0.17.2)

83-83: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

89-89: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

96-99: Support Section – Refine Descriptive Language
Consider revising the sentence on line 98 for improved clarity and formality. For example, you might change:
Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers.
to
Nest is an MIT-licensed open source project that continues to grow thanks to its sponsors and dedicated backers.

Proposed diff:
-Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support).
+Nest is an MIT-licensed open source project that continues to grow thanks to its sponsors and dedicated backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support).
🧰 Tools

🪛 LanguageTool

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f237cf9 and fc2f7e9.

📒 Files selected for processing (1)

README.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

README.md

[style] ~15-~15: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~17-~17: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~94-~94: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~98-~98: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

🪛 markdownlint-cli2 (0.17.2)

README.md

39-39: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

83-83: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

89-89: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

🔇 Additional comments (6)

README.md (6)

1-4: Title and CI Badge – Looks Good!
The new project title ("Core Note API") and the added GitHub Actions badge correctly reflect the updated project branding and CI status.

34-41: Dependency Installation Instructions – Formatting Note
The instructions and code block for installing dependencies using Yarn are clear. Note that using the "$" symbol in command examples is common practice, although some markdown linters flag it if no output is shown. If this is acceptable in your project guidelines, you may ignore this warning.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

39-39: Dollar signs used before commands without showing output
null

(MD014, commands-show-output)

42-53: Running the App – Command Instructions Clarity
The commands provided for development, watch mode, and production are clear and well-structured. Ensure consistency in the command examples if your style guide requires showing expected outputs or not using the "$" sign.

55-66: Test Instructions – Clear and Concise
The testing section is well-documented with commands for unit tests, end-to-end tests, and test coverage.

68-78: Linting and Formatting Instructions – Well Documented
The sections for linting and code formatting are clear, with appropriate commands provided.

100-102: License Section – Clear and Informative
The license information is concise and clear, linking appropriately to the MIT License details.

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (2)

src/task/task.service.ts (2)

25-30: ⚠️ Potential issue

Verify the user exists before pushing tasks.
If user is null, user.tasks.push(task) will throw an error. Ensure you handle this scenario.

const user = await this.userRepository.findOne({
  where: { id: userId },
  relations: ['tasks'],
});
-if (!user) {
-  user.tasks.push(task);
-  await this.userRepository.save(user);
-  return task;
-}
+if (!user) {
+  return null;
+}

user.tasks.push(task);
await this.userRepository.save(user);
return task;

51-63: ⚠️ Potential issue

Fix unintended creation in updateTask.
This code block re-saves a new entity if the original task is not found. Move the null check before your save call.

let updateTask = await this.taskRepository.findOne({
  where: { id: taskId, user: userId },
});
-if (!updateTask) {
-  // unintentionally continue and create a new task
-}
updateTask = await this.taskRepository.save({
  ...updateTask,
  ...updateTaskDto,
});
if (!updateTask) {
  return null;
}
return updateTask;

Suggested fix:

let updateTask = await this.taskRepository.findOne({
  where: { id: taskId, user: userId },
});
+if (!updateTask) {
+  return null;
+}
updateTask = await this.taskRepository.save({
  ...updateTask,
  ...updateTaskDto,
});
return updateTask;

🧹 Nitpick comments (15)

.gitignore (3)
22-30: IDEs and Editors Configuration
The entries cover various IDE configurations and editor-specific files. One point of attention: on line 23, the entry /idea is present. Typically, JetBrains IDEs generate a .idea folder (with a leading dot). Please verify if this should be updated to /.idea to correctly ignore the IDE configuration folder.
-/idea
+/.idea
38-44: Environment Variable Files Exclusion
Ignoring .env and its environment-specific variants helps prevent accidental commits of sensitive configuration details. It might be worthwhile to ensure that there exists a sample file (e.g., .env.example) in the repository for developer reference.

55-57: Diagnostic Reports and Local Environment Configuration
Excluding diagnostic report files (report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json) helps avoid the accidental commit of potentially large files. Additionally, ignoring src/common/envs/development.env is a good measure to prevent local development configuration (which might include sensitive or environment-specific details) from being committed. Just ensure that if this file is necessary for onboarding or local setup, a well-documented sample/template version is available.
CHALLENGE.md (3)
13-13: Use the official “Node.js” spelling.
For consistency and correctness, please replace "Node JS" with "Node.js."
-If you feel more comfortable, you can pick another Node JS framework and show us your skills.
+If you feel more comfortable, you can pick another Node.js framework and show us your skills.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

21-24: Reword repetitive “Users should be able to…” statements.
To avoid repetitive wording, consider rephrasing each item to preserve clarity and variety.

Examples:
-1. Users should be able to create, read, update, and delete to-do items using the API.
-2. Users should be able to mark an item as a favorite.
-3. Users should be able to set a color for each to-do item.
+1. Users can create, read, update, and delete to-do items using the API.
+2. The API allows marking an item as a favorite.
+3. Each to-do item can have a custom color.
🧰 Tools

🪛 LanguageTool

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

78-78: Avoid the phrase “Feel free to…” for a more concise tone.
Consider rewording to sound more professional or direct.
-Feel free to add videos for better explanation.
+You can add videos for additional clarity.
🧰 Tools

🪛 LanguageTool

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)
.github/workflows/node.js.yml (1)
22-24: Upgrade actions to the latest versions.
Use up-to-date GitHub Actions to ensure compatibility and access to new features.
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
🧰 Tools

🪛 actionlint (1.7.4)

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)
README.md (3)
12-12: Prefer “can” over “are able to.”
For a more concise style, consider using “can” instead of “are able to.”
-Users are able to create, read, update and delete pending tasks using the API.
+Users can create, read, update, and delete pending tasks using the API.
🧰 Tools

🪛 LanguageTool

[style] ~12-~12: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

91-91: Use the official "Node.js" spelling.
Replace "Nodejs" with "Node.js" for consistency.
-Images: Nodejs 22 (Alpine) and PostgreSQL 17.
+Images: Node.js 22 (Alpine) and PostgreSQL 17.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~91-~91: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

95-95: Use a more formal synonym for “amazing.”
To maintain a professional tone, consider replacing “amazing” with a more formal synonym.
-support by the amazing backers.
+support by the dedicated backers.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~95-~95: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~95-~95: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)
src/user/user.controller.ts (2)
1-23: Consider removing direct usage of the Express Response object.
NestJS encourages returning data directly or throwing exceptions rather than manually calling methods like res.status(...). By removing direct Response usage and letting Nest handle responses for you, you can achieve cleaner separation of concerns and consistent error handling throughout your controllers.

50-60: Enhance cookie security.
Consider adding secure: true (for HTTPS) and sameSite: 'strict' to the cookie options. This helps improve security by preventing cross-site request forgery and ensuring the cookie is only sent over secure connections in production.
- res.cookie('auth-cookie', login_token, { httpOnly: true });
+ res.cookie('auth-cookie', login_token, { 
+   httpOnly: true,
+   secure: true, // only over HTTPS
+   sameSite: 'strict'
+ });
PULL_REQUEST.md (1)
19-19: Apply minor language refinements as suggested by static checks.
Below are a few optional doc-level adjustments to improve Portuguese usage and consistency:
@@ -19,1 +19,1 @@
- - Cadastro (username, password e confirmar senha) e validação de usuários com parâmetros definidos;
+ - Cadastro (username, senha e confirmar senha) e validação de usuários com parâmetros definidos;

@@ -107,1 +107,1 @@
- - Schemas são formas de organizar tabelas e outros objetos dentro de um banco de dados. 
+ - Schemas são formas de organizar tabelas e outros objetos em um banco de dados.

@@ -108,1 +108,1 @@
- Exemplo: Um schema public que contém todas as tabelas padrão.
+ Exemplo: Um schema "public" que contém todas as tabelas padrão.

@@ -111,2 +111,2 @@
- - Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma operação falhar, todas as mudanças podem ser revertidas.
+ - Transações são um conjunto de operações executadas como uma única unidade de trabalho. Se uma operação falhar, todas as mudanças podem ser revertidas.
Also applies to: 107-111

🧰 Tools

🪛 LanguageTool

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)
src/user/user.service.ts (1)
36-37: Consider using 409 Conflict for an existing username
A 409 Conflict status code is more explicit for indicating that the requested resource conflicts with an existing resource.
- throw new HttpException('User already existed', HttpStatus.BAD_REQUEST);
+ throw new HttpException('User already existed', HttpStatus.CONFLICT);
src/task/task.controller.ts (1)
198-208: Refine handling of empty or missing tasks
Returning 500 Internal Server Error for no matching tasks may be misleading. Return an empty array or 404 Not Found if no tasks are found, or log the actual error if a database failure occurs.
- return res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
-   message: 'Error 500: Internal Server Error',
-   success: false,
- });
+ return res.status(HttpStatus.NOT_FOUND).json({
+   message: 'No tasks found with the given query',
+   success: false,
+ });

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fc2f7e9 and 8bf8b10.

⛔ Files ignored due to path filters (2)

package-lock.json is excluded by !**/package-lock.json
yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (75)

.adonisrc.json (0 hunks)
.docker/start.dev.sh (1 hunks)
.dockerignore (1 hunks)
.editorconfig (0 hunks)
.env.example (0 hunks)
.eslintrc.js (1 hunks)
.github/workflows/node.js.yml (1 hunks)
.gitignore (1 hunks)
.gitignore copy (0 hunks)
.gitlab-ci.yml (1 hunks)
.prettierignore (0 hunks)
.prettierrc (1 hunks)
CHALLENGE.md (1 hunks)
Dockerfile (1 hunks)
LICENSE.md (1 hunks)
PULL_REQUEST.md (1 hunks)
README.md (1 hunks)
ace (0 hunks)
ace-manifest.json (0 hunks)
app/Controllers/VehiclesController.ts (0 hunks)
app/Exceptions/Handler.ts (0 hunks)
app/Types/Vehicle.ts (0 hunks)
commands/index.ts (0 hunks)
config/app.ts (0 hunks)
config/bodyparser.ts (0 hunks)
config/cors.ts (0 hunks)
config/drive.ts (0 hunks)
config/hash.ts (0 hunks)
contracts/drive.ts (0 hunks)
contracts/env.ts (0 hunks)
contracts/events.ts (0 hunks)
contracts/hash.ts (0 hunks)
contracts/tests.ts (0 hunks)
docker-compose.yml (1 hunks)
env.ts (0 hunks)
nest-cli.json (1 hunks)
package.json (1 hunks)
providers/AppProvider.ts (0 hunks)
server.ts (0 hunks)
src/app.controller.spec.ts (1 hunks)
src/app.controller.ts (1 hunks)
src/app.module.ts (1 hunks)
src/app.service.ts (1 hunks)
src/auth/auth.module.ts (1 hunks)
src/auth/auth.service.ts (1 hunks)
src/auth/jwt.guard.ts (1 hunks)
src/auth/jwt.strategy.ts (1 hunks)
src/auth/local.guard.ts (1 hunks)
src/auth/local.strategy.ts (1 hunks)
src/common/decorators/auth-user.decorator.ts (1 hunks)
src/common/envs/.env.example (1 hunks)
src/common/helper/env.helper.ts (1 hunks)
src/main.ts (1 hunks)
src/shared/typeorm/typeorm.service.ts (1 hunks)
src/task/dto/create-task.dto.ts (1 hunks)
src/task/dto/update-task.dto.ts (1 hunks)
src/task/entities/task.entity.ts (1 hunks)
src/task/task.controller.ts (1 hunks)
src/task/task.module.ts (1 hunks)
src/task/task.service.ts (1 hunks)
src/user/dto/create-user.dto.ts (1 hunks)
src/user/dto/update-user.dto.ts (1 hunks)
src/user/entities/user.entity.ts (1 hunks)
src/user/user.controller.ts (1 hunks)
src/user/user.module.ts (1 hunks)
src/user/user.service.ts (1 hunks)
start/kernel.ts (0 hunks)
start/routes.ts (0 hunks)
test.ts (0 hunks)
test/app.e2e-spec.ts (1 hunks)
test/jest-e2e.json (1 hunks)
tests/bootstrap.ts (0 hunks)
tests/functional/vehicles-api.spec.ts (0 hunks)
tsconfig.build.json (1 hunks)
tsconfig.json (1 hunks)

💤 Files with no reviewable changes (29)

.prettierignore
.gitignore copy
start/kernel.ts
contracts/hash.ts
app/Exceptions/Handler.ts
contracts/env.ts
commands/index.ts
tests/functional/vehicles-api.spec.ts
contracts/tests.ts
app/Types/Vehicle.ts
env.ts
server.ts
contracts/drive.ts
.env.example
.editorconfig
app/Controllers/VehiclesController.ts
contracts/events.ts
test.ts
config/drive.ts
providers/AppProvider.ts
ace
start/routes.ts
.adonisrc.json
config/hash.ts
ace-manifest.json
config/bodyparser.ts
config/cors.ts
config/app.ts
tests/bootstrap.ts

🚧 Files skipped from review as they are similar to previous changes (35)

.docker/start.dev.sh
.prettierrc
src/user/user.module.ts
nest-cli.json
test/jest-e2e.json
tsconfig.build.json
src/auth/local.strategy.ts
src/auth/jwt.guard.ts
src/main.ts
.dockerignore
src/auth/local.guard.ts
src/task/dto/update-task.dto.ts
src/user/dto/create-user.dto.ts
src/auth/jwt.strategy.ts
src/app.module.ts
src/auth/auth.module.ts
src/common/helper/env.helper.ts
src/task/task.module.ts
src/app.controller.spec.ts
Dockerfile
LICENSE.md
test/app.e2e-spec.ts
src/app.service.ts
src/common/envs/.env.example
src/app.controller.ts
.eslintrc.js
src/task/dto/create-task.dto.ts
src/common/decorators/auth-user.decorator.ts
src/auth/auth.service.ts
src/user/entities/user.entity.ts
src/user/dto/update-user.dto.ts
.gitlab-ci.yml
src/task/entities/task.entity.ts
src/shared/typeorm/typeorm.service.ts
docker-compose.yml

🧰 Additional context used

🧬 Code Definitions (3)

src/user/user.controller.ts (2)

src/user/dto/create-user.dto.ts (1) (1)

CreateUserDto (3-15)

src/user/dto/update-user.dto.ts (1) (1)

UpdateUserDto (10-37)

src/task/task.controller.ts (2)

src/task/dto/create-task.dto.ts (1) (1)

CreateTaskDto (9-27)

src/task/dto/update-task.dto.ts (1) (1)

UpdateTaskDto (3-21)

src/user/user.service.ts (3)

src/auth/auth.service.ts (1) (1)

Injectable (5-30)

src/user/dto/create-user.dto.ts (1) (1)

CreateUserDto (3-15)

src/user/dto/update-user.dto.ts (1) (1)

UpdateUserDto (10-37)

🪛 LanguageTool

CHALLENGE.md

[uncategorized] ~13-~13: The official spelling of this programming framework is “Node.js”.
Context: ... more comfortable, you can pick another Node JS framework and show us your skills. ###...

(NODE_JS)

[grammar] ~15-~15: Please check the verb form.
Context: ...nd show us your skills. ### The Layout Open the [layout mockup](https://www.figma.c...

(SHE_LIVE)

[style] ~23-~23: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... able to mark an item as a favorite. 3. Users should be able to set a color for each ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[style] ~78-~78: The phrase ‘feel free to’ is used quite frequently. Consider using a less frequent alternative to set your writing apart from others and make it sound more professional.
Context: ... and how in as much detail as possible. Feel free to add videos for better explanation. Cre...

(FEEL_FREE_TO_STYLE_ME)

README.md

[style] ~12-~12: As a shorter alternative for ‘able to’, consider using “can”.
Context: ...ion has the following features - Users are able to create, read, update and delete pending...

(BE_ABLE_TO)

[style] ~14-~14: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...Users can mark an item as a favorite. - Users can set a color for each task item. - U...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

[uncategorized] ~91-~91: The official spelling of this programming framework is “Node.js”.
Context: ... To keep running without log. Images: Nodejs 22 (Alpine) and PostgreSQL 17. ## Supp...

(NODE_JS)

[uncategorized] ~95-~95: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...7. ## Support Nest is an MIT-licensed open source project. It can grow thanks to the spon...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[style] ~95-~95: Consider using a more formal and expressive alternative to ‘amazing’.
Context: ...anks to the sponsors and support by the amazing backers. If you'd like to join them, pl...

(AWESOME)

PULL_REQUEST.md

[locale-violation] ~19-~19: “password” é um estrangeirismo. É preferível dizer “senha”.
Context: ... ## Autenticação - Cadastro (username, password e confirmar senha) e validação de usuár...

(PT_BARBARISMS_REPLACE_PASSWORD)

[style] ~107-~107: “dentro de um” é uma expressão prolixa. É preferível dizer “num” ou “em um”.
Context: ...s de organizar tabelas e outros objetos dentro de um banco de dados. Eles ajudam a dividir d...

(PT_WORDINESS_REPLACE_DENTRO_DE_UM)

[uncategorized] ~108-~108: Se é uma abreviatura, falta um ponto. Se for uma expressão, coloque entre aspas.
Context: ...m diferentes grupos. Exemplo: Um schema public que contém todas as tabelas padrão. Tra...

(ABREVIATIONS_PUNCTUATION)

[style] ~111-~111: Para conferir mais clareza ao seu texto, busque usar uma linguagem mais concisa.
Context: ...Transações são um conjunto de operações que são executadas como uma única unidade de trabalho. Se uma o...

(QUE_É-SÃO_NC-ADJ_COMO-POR)

🪛 actionlint (1.7.4)

.github/workflows/node.js.yml

22-22: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

24-24: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (22)

.gitignore (6)

1-4: Compiled Output Entries
The added entries for /dist, /node_modules, and /build correctly ensure that compiled files, dependencies, and build artifacts are excluded from version control. This aligns with standard best practices.

10-10: PNPM Debug Log Ignorance
Including pnpm-debug.log* ensures that debug logs generated by pnpm are not inadvertently committed, which is beneficial for cleaner repository history.

15-17: OS File Exclusion
The addition of .DS_Store under the OS section helps in ignoring macOS-specific system files that are not needed in the repository.

18-21: Test Coverage Directories
Excluding /coverage and /nyc_output prevents test artifacts and coverage reports from being tracked, which is a common and recommended practice.

31-37: VSCode Settings Management
The configuration for VSCode is well handled by ignoring all contents under .vscode/* while still including essential configuration files like settings.json, tasks.json, launch.json, and extensions.json. This strikes a good balance between customization and consistency.

45-47: Temporary Directories Ignored
The addition of .temp and .tmp effectively ignores temporary directories that are often used during development, keeping the repository clean from transient files.
tsconfig.json (1)

15-19: Re-enable strict compiler options for better type safety.
You previously received a recommendation to enable strict settings. Reiterating that advice: setting strictNullChecks, noImplicitAny, etc. to true helps prevent subtle type errors.
   "skipLibCheck": true,
-  "strictNullChecks": false,
-  "noImplicitAny": false,
-  "strictBindCallApply": false,
-  "forceConsistentCasingInFileNames": false,
-  "noFallthroughCasesInSwitch": false
+  "strictNullChecks": true,
+  "noImplicitAny": true,
+  "strictBindCallApply": true,
+  "forceConsistentCasingInFileNames": true,
+  "noFallthroughCasesInSwitch": true
src/task/task.service.ts (1)

18-114: Avoid using any for userId parameters.
Using any throughout these methods undermines type safety. A string or numeric type is typically preferred.
-async createTask(userId: any, createTaskDto: CreateTaskDto) {
+async createTask(userId: string, createTaskDto: CreateTaskDto) {

-async getAllTasks(userId: any) {
+async getAllTasks(userId: string) {

  // And so forth for each method that uses userId: any
src/user/user.controller.ts (4)

31-48: Use NestJS exceptions for error handling (repeat suggestion).
This is a continuation of previous guidance. Instead of returning raw JSON along with the status code, consider throwing an appropriate NestJS exception (e.g., InternalServerErrorException) to align with idiomatic NestJS patterns.

62-66: Avoid returning sensitive fields (repeat suggestion).
Returning the entire UserEntity risks exposing sensitive or private data (e.g., hashed passwords). Apply filters or use class-transformer to exclude these fields from the response.

68-82: Throw NestJS exceptions for delete operations (repeat suggestion).
Instead of returning manual JSON objects, consider throwing dedicated exceptions (e.g., NotFoundException) for consistency and clarity, matching NestJS best practices.

84-110: Use a consistent exception-based approach (repeat suggestion).
Currently, the update method returns a JSON response for both success and error states. For NestJS alignment, throw exceptions like NotFoundException or InternalServerErrorException. This was previously recommended for other methods as well.
package.json (2)

69-85: Jest configuration looks good!
The Jest settings for coverage, test environment, and transform are standard and well-structured.

22-67:
✅ Verification successful

Verify the safety and recency of pinned dependencies.
Ensure these pinned versions (e.g., @nestjs/*, passport, typeorm) are up-to-date and free from known vulnerabilities.

🏁 Script executed:
#!/bin/bash
# Description: Check for updates and known security advisories for pinned dependencies in package.json.

# 1) Check for the latest versions of each dependency from npm:
cat package.json | jq -r '.dependencies, .devDependencies | keys[]' | sort -u | while read pkg; do
  echo "Checking latest version for $pkg..."
  npm info "$pkg" version
done

# 2) Run npm audit to detect known vulnerabilities
npm audit --json
Length of output: 6618
Dependencies Verified: Up-to-Date and Safe

I verified that the pinned versions in package.json match the latest releases on npm. Notably, all dependencies (e.g., @nestjs/*, passport, typeorm) show the expected version numbers. One minor note is that "pg" is listed as "^8.14.0" while its latest version is reported as 8.14.1—this is acceptable under semver unless an exact patch is required. Additionally, no vulnerabilities were flagged by the npm audit check. If any concerns remain, please run a manual npm audit locally for further assurance.
src/user/user.service.ts (3)

21-25: Ensure consistent error handling for incorrect password
Currently, the function does not handle the case when argon2.verify fails. Returning undefined can cause silent failures downstream. Consider throwing an exception or returning null for clarity.
- if (matchPassport) {
-   return user;
- }
} else {
  throw new HttpException('User not found', HttpStatus.BAD_REQUEST);
}
+ if (!matchPassport) {
+   throw new HttpException('Invalid password', HttpStatus.BAD_REQUEST);
+ }
+ return user;
25-26: Adopt 404 Not Found for missing user
For missing resources or non-existent users, returning 400 is semantically unclear. Use 404 Not Found to align with REST best practices.
- throw new HttpException('User not found', HttpStatus.BAD_REQUEST);
+ throw new HttpException('User not found', HttpStatus.NOT_FOUND);
40-42: Hash the user’s password before saving
Storing passwords in plain text poses a serious security risk. Use argon2.hash before saving.
- newUser.password = password;
+ newUser.password = await argon2.hash(password);
src/task/task.controller.ts (5)

83-87: Use 404 or 403 for missing or unauthorized tasks
Returning 400 Bad Request is unclear for nonexistent or unauthorized tasks. Consider using 404 Not Found or 403 Forbidden.
- throw new HttpException(
-   'Error 400 Bad Request: Task not found or your user does not have this task',
-   HttpStatus.BAD_REQUEST,
- );
+ throw new HttpException(
+   'Error 404 Not Found: Task not found or user not authorized',
+   HttpStatus.NOT_FOUND,
+ );
109-113: Use 404 or 403 for missing or unauthorized tasks
Returning 400 Bad Request is unclear for nonexistent or unauthorized tasks. Consider using 404 Not Found or 403 Forbidden.
- throw new HttpException(
-   'Error 400 Bad Request: Task not found or your user does not have this task',
-   HttpStatus.BAD_REQUEST,
- );
+ throw new HttpException(
+   'Error 404 Not Found: Task not found or user not authorized',
+   HttpStatus.NOT_FOUND,
+ );
130-134: Use 404 or 403 for missing or unauthorized tasks
Returning 400 Bad Request is unclear for nonexistent or unauthorized tasks. Consider using 404 Not Found or 403 Forbidden.
- throw new HttpException(
-   'Error 400 Bad Request: Task not found or your user does not have this task',
-   HttpStatus.BAD_REQUEST,
- );
+ throw new HttpException(
+   'Error 404 Not Found: Task not found or user not authorized',
+   HttpStatus.NOT_FOUND,
+ );
150-151: Use HttpException for consistent error handling
Returning an object with an error message deviates from the established pattern. For a more uniform approach, throw an HttpException.
- return { message: 'Task not found or not authorized' };
+ throw new HttpException('Error 404 Not Found: Task not found or user not authorized', HttpStatus.NOT_FOUND);
169-170: Use HttpException for consistent error handling
Returning an object with an error message deviates from the established pattern. For a more uniform approach, throw an HttpException.
- return { message: 'Task not found or not authorized' };
+ throw new HttpException('Error 404 Not Found: Task not found or user not authorized', HttpStatus.NOT_FOUND);

coderabbitai bot reviewed Mar 18, 2025

View reviewed changes

leandrodomingues2051 force-pushed the main branch from dd9ba1e to 5550250 Compare March 18, 2025 22:37

coderabbitai bot reviewed Mar 18, 2025

View reviewed changes

leandrodomingues2051 force-pushed the main branch from 5550250 to 36c1f52 Compare March 18, 2025 23:42

coderabbitai bot reviewed Mar 18, 2025

View reviewed changes

src/task/task.service.ts Show resolved Hide resolved

src/user/user.controller.ts Show resolved Hide resolved

src/user/user.controller.ts Show resolved Hide resolved

src/user/user.controller.ts Show resolved Hide resolved

src/user/user.service.ts Show resolved Hide resolved

leandrodomingues2051 force-pushed the main branch from 36c1f52 to f237cf9 Compare March 19, 2025 00:03

coderabbitai bot reviewed Mar 19, 2025

View reviewed changes

tsconfig.json Show resolved Hide resolved

src/task/task.service.ts Show resolved Hide resolved

src/task/task.controller.ts Show resolved Hide resolved

coderabbitai bot reviewed Mar 19, 2025

View reviewed changes

Import the finished project

8bf8b10

leandrodomingues2051 force-pushed the main branch from fc2f7e9 to 8bf8b10 Compare March 19, 2025 01:38

coderabbitai bot reviewed Mar 19, 2025

View reviewed changes

Version	Codename	LTS Start Date	End of Life
v22.x	Jod	Oct 2024	April 2027[3][7]
v20.x	Iron	Oct 2023	April 2026[6][9]
v18.x	Hydrogen	Oct 2022	April 2025[13][9]

Importar o projeto finalizado #57

Are you sure you want to change the base?

Importar o projeto finalizado #57

Uh oh!

Conversation

leandrodomingues2051 commented Mar 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Mar 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Poem

Chat

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Key Details:

Recent Node.js LTS Versions:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

leandrodomingues2051 commented Mar 18, 2025 •

edited

Loading

coderabbitai bot commented Mar 18, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)