move chage password to user con

Backend/src/services/auth.service.ts

@@ -11,7 +11,6 @@ import {
     RegisterResponse,
     RefreshTokenResponse,
     ResetPasswordResponse,
-    ChangePasswordResponse,
     ResetRequestResponse
 } from '../types/auth.types';
 import { UserResponse } from '../types/user.types';
@@ -260,33 +259,6 @@ export class AuthService {
         }
     }
 
-    async changePassword(token: string, oldPassword: string, newPassword: string): Promise<ChangePasswordResponse> {
-        try {
-            const decoded = jwt.verify(token, config.jwt.secret) as { id: number; username: string; email: string; roleCode: string };
-            const user = await prisma.user.findUnique({ where: { id: decoded.id } });
-            if (!user) throw new UnauthorizedError('User not found');
-
-            const isPasswordValid = await bcrypt.compare(oldPassword, user.password);
-            if (!isPasswordValid) throw new UnauthorizedError('Invalid password');
-
-            const encryptedPassword = await bcrypt.hash(newPassword, 10);
-
-            await prisma.user.update({
-                where: { id: user.id },
-                data: { password: encryptedPassword }
-            });
-
-            logger.info('Password changed successfully', { userId: user.id });
-            return {
-                code: 200,
-                message: 'Password changed successfully'
-            };
-        } catch (error) {
-            logger.error('Failed to change password', { error });
-            throw error;
-        }
-    }
-
     /**
      * Generate access token (JWT)
      */

Backend/src/services/user.service.ts

@@ -3,6 +3,7 @@ import { Prisma } from '@prisma/client';
 import { config } from '../config';
 import { logger } from '../config/logger';
 import jwt from 'jsonwebtoken';
+import bcrypt from 'bcrypt';
 import {
     UserResponse,
     ProfileResponse,
@@ -63,6 +64,50 @@ export class UserService {
             throw error;
         }
     };
+
+    /**
+     * Change user password
+     */
+    async changePassword(token: string, oldPassword: string, newPassword: string): Promise<ChangePasswordResponse> {
+        try {
+            // Decode JWT token to get user ID
+            const decoded = jwt.verify(token, config.jwt.secret) as { id: number; username: string; email: string; roleCode: string };
+
+            const user = await prisma.user.findUnique({ where: { id: decoded.id } });
+            if (!user) throw new UnauthorizedError('User not found');
+
+            // Verify old password
+            const isPasswordValid = await bcrypt.compare(oldPassword, user.password);
+            if (!isPasswordValid) throw new UnauthorizedError('Invalid old password');
+
+            // Hash new password
+            const encryptedPassword = await bcrypt.hash(newPassword, 10);
+
+            // Update password
+            await prisma.user.update({
+                where: { id: user.id },
+                data: { password: encryptedPassword }
+            });
+
+            logger.info('Password changed successfully', { userId: user.id });
+            return {
+                code: 200,
+                message: 'Password changed successfully'
+            };
+        } catch (error) {
+            if (error instanceof jwt.JsonWebTokenError) {
+                logger.error('Invalid JWT token:', error);
+                throw new UnauthorizedError('Invalid token');
+            }
+            if (error instanceof jwt.TokenExpiredError) {
+                logger.error('JWT token expired:', error);
+                throw new UnauthorizedError('Token expired');
+            }
+            logger.error('Failed to change password', { error });
+            throw error;
+        }
+    }
+
     /**
          * Format user response
          */
@@ -88,4 +133,3 @@ export class UserService {
         };
     }
 }
-