onlyHydra · onlyHydra · Jun 5, 2026 · May 7, 2026 · May 11, 2026 · May 11, 2026
diff --git a/apps/BFF/src/modules/auth/contracts/dto/auth-contracts.dto.ts b/apps/BFF/src/modules/auth/contracts/dto/auth-contracts.dto.ts
@@ -225,7 +225,7 @@ export type AuditListResponseDto = {
   pageInfo: PageInfoDto;
 };
 
-export type UpdatePlayerStatsDto = {
+export class UpdatePlayerStatsDto {
   matchesWon?: string[];
   matchesLost?: string[];
   achievements?: string[];
@@ -241,6 +241,6 @@ export type UpdatePlayerStatsDto = {
   damageTaken?: number;
   createdAt?: string;
   updatedAt?: string;
-};
+}
 
 export type PlayerStatsDto = Record<string, unknown>;
diff --git a/apps/BFF/src/modules/config/env.validation.ts b/apps/BFF/src/modules/config/env.validation.ts
@@ -6,7 +6,7 @@ const baseSchema = z.object({
     .default('development'),
   PORT: z.coerce.number().int().min(1).max(65535).default(3000),
 
-  AUTH_SERVICE_URL: z.string().url(),
+  AUTH_SERVICE_URL: z.string().url().default('http://auth_service:3000'),
   SOCIAL_SERVICE_URL: z.string().url().default('http://social_service:3000'),
   STATS_SERVICE_URL: z.string().url().default('http://stats_service:3000'),
 

diff --git a/apps/BFF/src/modules/stats/stats.controller.ts b/apps/BFF/src/modules/stats/stats.controller.ts
@@ -1,7 +1,8 @@
-import { Controller, Get, Headers, Param, Query, Req, Post, Body, Put } from '@nestjs/common';
+import { Controller, Get, Headers, Param, Patch, Query, Req, Post, Body, Put } from '@nestjs/common';
 import type { Request } from 'express';
 import { StatsService } from './stats.service';
 import { PlayerStatsSchema, type PlayerStats } from './contracts/player-stats.schema';
+import { UpdatePlayerStatsDto } from '../auth/contracts/dto/auth-contracts.dto';
 
 function computeDerived(stats: Record<string, unknown>) {
   const kills = Number((stats as any).kills ?? 0);
@@ -18,7 +19,6 @@ function computeDerived(stats: Record<string, unknown>) {
 export class StatsController {
   constructor(private readonly service: StatsService) {}
 
-
   @Get('users')
   async getUsers(
     @Headers() headers: Record<string, string>,
@@ -97,4 +97,15 @@ export class StatsController {
     return this.service.UpsertAcheivement(body, { authorization });
   }
 
+
+  @Patch('user/:userId')
+  async updateStats(
+    @Param('userId') userId: string,
+    @Body() updateDto: UpdatePlayerStatsDto,
+    @Headers('authorization') auth: string,
+  ) {
+    return this.service.update(userId, updateDto, {
+      authorization: auth,
+    });
+  }
 }
diff --git a/apps/BFF/src/modules/stats/stats.service.ts b/apps/BFF/src/modules/stats/stats.service.ts
@@ -3,7 +3,10 @@ import axios, { AxiosError } from 'axios';
 import { BffConfigService } from '../config/bff-config.service';
 import { PlayerStatsDto } from '../auth/contracts/dto/auth-contracts.dto';
 
-type RequestContext = { authorization?: string; params?: Record<string, unknown> };
+type RequestContext = {
+  authorization?: string;
+  params?: Record<string, unknown>;
+};
 
 @Injectable()
 export class StatsService {
@@ -18,30 +21,33 @@ export class StatsService {
 	 });
   }
 
-  async fetchUserById(userId: string, context: RequestContext): Promise<PlayerStatsDto> {
+  async fetchUserById(
+    userId: string,
+    context: RequestContext,
+  ): Promise<PlayerStatsDto> {
     return this.callStatsService<PlayerStatsDto>({
-		method: 'GET',
-		path: `/internal/stats/user/${encodeURIComponent(userId)}`,
-		context
-	});
+      method: 'GET',
+      path: `/internal/stats/user/${encodeURIComponent(userId)}`,
+      context,
+    });
   }
 
   private async callStatsService<T = PlayerStatsDto>(
 	input: { method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
 	path: string;
 	context: RequestContext;
 	data?: unknown;
-	params?: Record<string, unknown>; 
+	params?: Record<string, unknown>;
 	}): Promise<T> {
     const headers: Record<string, string> = { 'x-service-name': 'bff' };
-    if (input.context.authorization) headers.authorization = input.context.authorization;
+    if (input.context.authorization)
+      headers.authorization = input.context.authorization;
 
     try {
       const url = `${this.config.stats.serviceUrl}${input.path}`;
       const response = await axios.request<T>({
         method: input.method as any,
-        //url: `${this.config.stats.serviceUrl}${input.path}`,
-		url,
+		    url,
         headers,
         data: input.data,
         params: input.context.params ?? input.params,
@@ -59,11 +65,31 @@ export class StatsService {
     } catch (error) {
       if (error instanceof AxiosError) {
         const status = error.response?.status ?? 502;
-        throw new BadGatewayException({ code: `stats_service_${status}`, message: error.message, details: error.response?.data });
+        throw new BadGatewayException({
+          code: `stats_service_${status}`,
+          message: error.message,
+          details: error.response?.data,
+        });
       }
-      throw new BadGatewayException({ code: 'stats_service_unreachable', message: 'Unable to reach stats service', details: error });
+      throw new BadGatewayException({
+        code: 'stats_service_unreachable',
+        message: 'Unable to reach stats service',
+        details: error,
+      });
     }
   }
+  async update(
+    userId: string,
+    data: any,
+    context: RequestContext,
+  ): Promise<PlayerStatsDto> {
+    return this.callStatsService<PlayerStatsDto>({
+      method: 'PATCH',
+      path: `/internal/stats/user/${encodeURIComponent(userId)}`,
+      context,
+      data,
+    });
+  }
 
   // fetch member of match:
   async fetchMatchMembers(matchId: string, context: { authorization?: string }) {
@@ -89,7 +115,7 @@ export class StatsService {
     return this.callStatsService({
       method : 'PUT',
       path: `/internal/stats/user/${id}`,
-      data: body, 
+      data: body,
       context
     })
   }

diff --git a/apps/auth-user/package-lock.json b/apps/auth-user/package-lock.json
diff --git a/apps/auth-user/package.json b/apps/auth-user/package.json
@@ -20,7 +20,6 @@
 		"test:e2e": "jest --config ./test/jest-e2e.json"
 	},
 	"dependencies": {
-		"axios": "^1.4.0",
 		"@nestjs/common": "^11.0.1",
 		"@nestjs/config": "^4.0.3",
 		"@nestjs/core": "^11.0.1",
@@ -29,6 +28,7 @@
 		"@prisma/adapter-pg": "^7.5.0",
 		"@prisma/client": "^7.5.0",
 		"argon2": "^0.44.0",
+		"axios": "^1.16.1",
 		"bcrypt": "^6.0.0",
 		"class-transformer": "^0.5.1",
 		"class-validator": "^0.15.1",
@@ -85,4 +85,4 @@
 		"coverageDirectory": "../coverage",
 		"testEnvironment": "node"
 	}
-}
+}
diff --git a/apps/auth-user/src/modules/auth/services/auth-login.service.ts b/apps/auth-user/src/modules/auth/services/auth-login.service.ts
@@ -89,7 +89,7 @@ export class AuthLoginService {
 
       if (user.status !== 'ACTIVE' || user.disabledAt) {
         await this.auditLoginFailed(user.id, input.email, context, 'DISABLED');
-        throw new UnauthorizedException('Invalid email or password');
+        throw new UnauthorizedException('Your account has been suspended.');
       }
 
       const loggedIn = await this.prisma.$transaction(