PhuocHoan
diff --git a/‎README.md‎
Lines changed: 2 additions & 0 deletions b/‎README.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎apps/api/eslint.config.mjs‎
Lines changed: 10 additions & 0 deletions b/‎apps/api/eslint.config.mjs‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎apps/api/package.json‎
Lines changed: 2 additions & 2 deletions b/‎apps/api/package.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎apps/api/src/auth/auth.service.spec.ts‎
Lines changed: 15 additions & 10 deletions b/‎apps/api/src/auth/auth.service.spec.ts‎
Lines changed: 15 additions & 10 deletions
diff --git a/‎apps/api/src/common/guards/roles.guard.ts‎
Lines changed: 4 additions & 6 deletions b/‎apps/api/src/common/guards/roles.guard.ts‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎apps/api/src/courses/courses.service.ts‎
Lines changed: 3 additions & 15 deletions b/‎apps/api/src/courses/courses.service.ts‎
Lines changed: 3 additions & 15 deletions
diff --git a/‎apps/api/src/courses/entities/course.entity.ts‎
Lines changed: 2 additions & 2 deletions b/‎apps/api/src/courses/entities/course.entity.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎apps/api/src/courses/entities/enrollment.entity.ts‎
Lines changed: 1 addition & 1 deletion b/‎apps/api/src/courses/entities/enrollment.entity.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎apps/api/src/dashboard/dashboard.service.ts‎
Lines changed: 4 additions & 8 deletions b/‎apps/api/src/dashboard/dashboard.service.ts‎
Lines changed: 4 additions & 8 deletions
diff --git a/‎apps/api/src/quizzes/services/ai-quiz-generator.service.ts‎
Lines changed: 1 addition & 3 deletions b/‎apps/api/src/quizzes/services/ai-quiz-generator.service.ts‎
Lines changed: 1 addition & 3 deletions
@@ -3,6 +3,7 @@
 Online learning platform built with React, NestJS, and Turborepo.
 
 ## App URL
+
 - Github Repo: https://github.com/PhuocHoan/Learnix
 - Vercel: https://learnix-teal.vercel.app
 
@@ -24,6 +25,7 @@ pnpm dev            # Start dev servers (web:5173, api:3000)
 ```
 
 ## Seed Course Data
+
 ```bash
 cd apps/api && pnpm ts-node src/seed.ts
 ```
 
@@ -319,4 +319,14 @@ export default tseslint.config(
       'no-console': 'off', // Seed scripts use console for CLI output
     },
   },
+
+  // Upload module files - filesystem access with validated paths
+  // The security plugin cannot understand runtime path validation,
+  // but these files implement proper path traversal prevention
+  {
+    files: ['**/upload/*.ts'],
+    rules: {
+      'security/detect-non-literal-fs-filename': 'off',
+    },
+  },
 );
@@ -20,7 +20,7 @@
     "test:e2e": "jest --config ./test/jest-e2e.json"
   },
   "dependencies": {
-    "@google/genai": "^1.30.0",
+    "@google/genai": "^1.31.0",
     "@nestjs/common": "^11.1.9",
     "@nestjs/config": "^4.0.2",
     "@nestjs/core": "^11.1.9",
@@ -42,7 +42,7 @@
     "pg": "^8.16.3",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.2",
-    "typeorm": "^0.3.27"
+    "typeorm": "^0.3.28"
   },
   "devDependencies": {
     "@eslint/compat": "^2.0.0",
 
@@ -1,5 +1,3 @@
-/* eslint-disable @typescript-eslint/no-misused-promises -- Jest handles async test functions */
-/* eslint-disable @typescript-eslint/no-unnecessary-condition -- Test assertions need optional chains */
 import { UnauthorizedException, BadRequestException } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { Test, type TestingModule } from '@nestjs/testing';
@@ -16,7 +14,14 @@ import { UsersService } from '../users/users.service';
 
 // Mock bcrypt
 jest.mock('bcrypt');
-const mockedBcrypt = bcrypt as jest.Mocked<typeof bcrypt>;
+const mockedBcrypt = {
+  compare: bcrypt.compare as jest.MockedFunction<
+    (data: string | Buffer, encrypted: string) => Promise<boolean>
+  >,
+  hash: bcrypt.hash as jest.MockedFunction<
+    (data: string | Buffer, saltOrRounds: string | number) => Promise<string>
+  >,
+};
 
 describe('AuthService', () => {
   let service: AuthService;
@@ -119,13 +124,13 @@ describe('AuthService', () => {
   describe('validateUser', () => {
     it('should return user without password when credentials are valid', async () => {
       usersService.findByEmail.mockResolvedValue(mockUser as User);
-      mockedBcrypt.compare.mockImplementation(() => Promise.resolve(true));
+      mockedBcrypt.compare.mockResolvedValue(true);
 
       const result = await service.validateUser('test@example.com', 'password');
 
       expect(result).toBeDefined();
       expect(result?.email).toBe('test@example.com');
-      expect((result as Record<string, unknown>)?.password).toBeUndefined();
+      expect((result as Record<string, unknown>).password).toBeUndefined();
     });
 
     it('should return null when user does not exist', async () => {
@@ -152,7 +157,7 @@ describe('AuthService', () => {
 
     it('should return null when password is incorrect', async () => {
       usersService.findByEmail.mockResolvedValue(mockUser as User);
-      mockedBcrypt.compare.mockImplementation(() => Promise.resolve(false));
+      (mockedBcrypt.compare as jest.Mock).mockResolvedValue(false);
 
       const result = await service.validateUser(
         'test@example.com',
@@ -166,7 +171,7 @@ describe('AuthService', () => {
   describe('login', () => {
     it('should return access token and user for valid credentials', async () => {
       usersService.findByEmail.mockResolvedValue(mockUser as User);
-      mockedBcrypt.compare.mockImplementation(() => Promise.resolve(true));
+      mockedBcrypt.compare.mockResolvedValue(true);
 
       const result = await service.login({
         email: 'test@example.com',
@@ -192,7 +197,7 @@ describe('AuthService', () => {
 
     it('should throw UnauthorizedException for unverified email', async () => {
       usersService.findByEmail.mockResolvedValue(mockUnverifiedUser as User);
-      mockedBcrypt.compare.mockImplementation(() => Promise.resolve(true));
+      mockedBcrypt.compare.mockResolvedValue(true);
 
       await expect(
         service.login({
@@ -589,7 +594,7 @@ describe('AuthService', () => {
       usersService.hasPassword.mockResolvedValue(true);
       usersService.findOne.mockResolvedValue(mockUser as User);
       usersService.findByEmail.mockResolvedValue(mockUser as User);
-      mockedBcrypt.compare.mockImplementation(() => Promise.resolve(true));
+      mockedBcrypt.compare.mockResolvedValue(true);
 
       const result = await service.deleteAccount(
         'user-1',
@@ -622,7 +627,7 @@ describe('AuthService', () => {
       usersService.hasPassword.mockResolvedValue(true);
       usersService.findOne.mockResolvedValue(mockUser as User);
       usersService.findByEmail.mockResolvedValue(mockUser as User);
-      mockedBcrypt.compare.mockImplementation(() => Promise.resolve(false));
+      mockedBcrypt.compare.mockResolvedValue(false);
 
       await expect(
         service.deleteAccount('user-1', 'wrongpassword', 'DELETE'),
 
@@ -18,13 +18,11 @@ export class RolesGuard implements CanActivate {
   constructor(private reflector: Reflector) {}
 
   canActivate(context: ExecutionContext): boolean {
-    const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
-      ROLES_KEY,
-      [context.getHandler(), context.getClass()],
-    );
+    const requiredRoles = this.reflector.getAllAndOverride<
+      UserRole[] | undefined
+    >(ROLES_KEY, [context.getHandler(), context.getClass()]);
 
-    // No roles required for this route - TypeScript may infer as always defined but runtime differs
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+    // No roles required for this route
     if (!requiredRoles) {
       return true;
     }
 
@@ -148,8 +148,6 @@ export class CoursesService {
 
     const uniqueTags = new Set<string>();
     courses.forEach((course) => {
-      // Tags column is nullable in DB - can be null at runtime
-      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
       course.tags?.forEach((tag) => uniqueTags.add(tag));
     });
 
@@ -216,10 +214,7 @@ export class CoursesService {
     }
 
     // Initialize array if null (legacy data safety - DB column is nullable)
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
-    if (!enrollment.completedLessonIds) {
-      enrollment.completedLessonIds = [];
-    }
+    enrollment.completedLessonIds ??= [];
 
     // Add lesson ID if not already present
     if (!enrollment.completedLessonIds.includes(lessonId)) {
@@ -295,12 +290,9 @@ export class CoursesService {
     });
 
     const result: EnrolledCourseDto[] = enrollments.map((enrollment) => {
-      /* eslint-disable @typescript-eslint/no-unnecessary-condition -- DB relations may not be loaded */
-      const allLessons =
-        enrollment.course.sections?.flatMap((s) => s.lessons) ?? [];
-      /* eslint-enable @typescript-eslint/no-unnecessary-condition */
+      const allLessons = enrollment.course.sections.flatMap((s) => s.lessons);
       const totalLessons = allLessons.length;
-      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- completedLessonIds is nullable in DB
+
       const completedLessons = enrollment.completedLessonIds?.length ?? 0;
       const progress =
         totalLessons > 0
@@ -316,13 +308,11 @@ export class CoursesService {
         thumbnailUrl: enrollment.course.thumbnailUrl,
         level: enrollment.course.level,
 
-        /* eslint-disable @typescript-eslint/no-unnecessary-condition -- instructor relation may not be loaded */
         instructor: {
           id: enrollment.course.instructor?.id ?? '',
           fullName:
             enrollment.course.instructor?.fullName ?? 'Unknown Instructor',
         },
-        /* eslint-enable @typescript-eslint/no-unnecessary-condition */
         progress,
         totalLessons,
         completedLessons,
@@ -420,7 +410,6 @@ export class CoursesService {
     const enrolledCourseIds = new Set(enrollments.map((e) => e.courseId));
     const userTags = new Set<string>();
     enrollments.forEach((enrollment) => {
-      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- tags is nullable in DB
       enrollment.course.tags?.forEach((tag) => userTags.add(tag.toLowerCase()));
     });
 
@@ -481,7 +470,6 @@ export class CoursesService {
 
     // Step 4: Score courses by number of matching tags
     const scoredCourses = candidateCourses.map((course) => {
-      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- tags is nullable in DB
       const courseTags = course.tags?.map((t) => t.toLowerCase()) ?? [];
       const matchingTags = courseTags.filter((tag) => userTags.has(tag));
       return {
 
@@ -47,15 +47,15 @@ export class Course {
   isPublished: boolean;
 
   @Column({ type: 'simple-array', nullable: true })
-  tags: string[]; // e.g., ["react", "frontend", "web"]
+  tags: string[] | null; // e.g., ["react", "frontend", "web"]
 
   // Instructor relationship
   @Column({ name: 'instructor_id' })
   instructorId: string;
 
   @ManyToOne('User')
   @JoinColumn({ name: 'instructor_id' })
-  instructor: User;
+  instructor: User | null;
 
   // Content relationship
   @OneToMany('CourseSection', (section: CourseSection) => section.course, {
 
@@ -33,7 +33,7 @@ export class Enrollment {
   course: Course;
 
   @Column({ type: 'simple-array', nullable: true })
-  completedLessonIds: string[]; // List of IDs of lessons completed
+  completedLessonIds: string[] | null; // List of IDs of lessons completed
 
   @Column({ nullable: true })
   completedAt: Date; // When they finished the course
 
@@ -114,19 +114,15 @@ export class DashboardService {
     let totalDurationSeconds = 0;
 
     for (const enrollment of enrollments) {
-      /* eslint-disable @typescript-eslint/no-unnecessary-condition -- completedLessonIds is nullable in DB */
-      if (
-        !enrollment.completedLessonIds ||
-        enrollment.completedLessonIds.length === 0
-      ) {
-        /* eslint-enable @typescript-eslint/no-unnecessary-condition */
+      const { completedLessonIds } = enrollment;
+      if (!completedLessonIds || completedLessonIds.length === 0) {
         continue;
       }
 
       const allLessons = enrollment.course.sections.flatMap((s) => s.lessons);
 
       const completedLessons = allLessons.filter((l) =>
-        enrollment.completedLessonIds.includes(l.id),
+        completedLessonIds.includes(l.id),
       );
 
       totalDurationSeconds += completedLessons.reduce(
@@ -152,7 +148,7 @@ export class DashboardService {
     const currentCourses = enrollments.map((enrollment) => {
       const allLessons = enrollment.course.sections.flatMap((s) => s.lessons);
       const totalLessons = allLessons.length;
-      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- completedLessonIds is nullable in DB
+
       const completedCount = enrollment.completedLessonIds?.length ?? 0;
 
       const progress =
 
@@ -12,7 +12,7 @@ export interface GeneratedQuestion {
 
 @Injectable()
 export class AiQuizGeneratorService {
-  private genAI: GoogleGenAI;
+  private genAI: GoogleGenAI | null = null;
 
   constructor(private configService: ConfigService) {
     const apiKey = this.configService.get<string>('GEMINI_API_KEY');
@@ -25,8 +25,6 @@ export class AiQuizGeneratorService {
     lessonText: string,
     numberOfQuestions: number = 5,
   ): Promise<GeneratedQuestion[]> {
-    // Runtime safety: genAI is null when API key is not configured
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
     if (!this.genAI) {
       throw new Error('Gemini API key not configured');
     }