@bhudevswayam/blueprint-engine 1.0.0

package/index.js

@@ -0,0 +1,4 @@
+// Inside your library: index.js
+const swayamauth = require('./src/routes/auth');
+
+module.exports = { swayamauth };

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@bhudevswayam/blueprint-engine",
+  "version": "1.0.0",
+  "description": "Domain-Driven Architectural Store for Node.js and MongoDB.",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": ["architecture", "mongodb", "express", "auth", "blueprint"],
+  "author": "Swayam Pandya",
+  "license": "MIT",
+  "dependencies": {
+    "bcryptjs": "^3.0.3",
+    "express-async-handler": "^1.2.0",
+    "jsonwebtoken": "^9.0.3"
+  },
+  "peerDependencies": {
+    "express": "^5.2.1",
+    "mongoose": "^9.2.1"
+  }
+}

package/readme.md

@@ -0,0 +1,117 @@
+# blueprint-engine 🏗️
+
+**blueprint-engine** is a high-level architectural framework for Node.js and MongoDB. It is designed to eliminate the "90% boilerplate tax" by providing pre-configured, domain-specific backend blueprints.
+
+Instead of writing repetitive logic for authentication, multi-tenancy, or industry-specific workflows, you simply inject your Mongoose models into a blueprint and mount the resulting engine.
+
+---
+
+## 🌟 The Vision
+This library acts as a **Domain-Driven Architectural Store**. It allows developers to deploy complex backend structures using standardized "blueprints."
+- **v1.0.x**: Multi-tenant Authentication & Authorization (Current).
+
+---
+
+## 🚀 Features (Auth Blueprint)
+- **Zero-Boilerplate**: Fully automated `/login` and `/register` routes.
+- **Security-as-a-Code**: Built-in Bcrypt hashing and JWT session management.
+- **Dynamic Multi-Tenancy**: Automated `tenantId` generation and logical data isolation.
+- **Inversion of Control**: Pass your own Mongoose models; the engine handles the persistence logic.
+
+---
+
+## 📦 Installation
+
+```bash
+npm install blueprint-engine
+```
+Note: Ensure you have express and mongoose installed in your host project.
+
+---
+
+## 🛠️ Quick Start (Auth Blueprint)
+## 1. Define your Models
+Your models can contain any custom fields, but the engine requires email, password, and tenantId to function.
+
+### User Model
+
+``` javascript
+// models/User.js
+const mongoose = require("mongoose");
+
+const UserSchema = new mongoose.Schema({
+  name: { type: String, required: true },
+  email: { type: String, unique: true, required: true },
+  password: { type: String, required: true },
+  role: { type: String, enum: ["superadmin", "business", "user"], default: "user" },
+  phoneNo: { type: Number },
+  addressLine1: { type: String },
+  addressLine2: { type: String },
+  city: { type: String },
+  state: { type: String },
+  zipCode: { type: Number },
+  tenantId: { type: String, required: true },
+
+  // Optional: quick access to bookings (can also just query Booking collection)
+  bookings: [{ type: mongoose.Schema.Types.ObjectId, ref: "Booking" }]
+}, { timestamps: true });
+
+module.exports = mongoose.model("User", UserSchema);
+```
+
+### Tenant Model
+
+```javascript
+// models/User.js
+const mongoose = require('mongoose');
+
+const TenantSchema = new mongoose.Schema({
+  name: { type: String, required: true },
+  tenantId: { type: String },
+  meta: { type: Object, default: {} }
+}, { timestamps: true });
+
+module.exports = mongoose.model('Tenant', TenantSchema);
+
+```
+
+## 2. Mount the Engine
+Inject your models and your JWT secret into the swayamauth blueprint.
+
+``` JavaScript
+const express = require('express');
+const mongoose = require('mongoose');
+const { swayamauth } = require('blueprint-engine');
+
+const User = require('./models/User');
+const Tenant = require('./models/Tenant');
+
+const app = express();
+app.use(express.json());
+
+// Database Connection
+mongoose.connect('mongodb://localhost:27017/your_db');
+
+// Mount the Blueprint - One line handles all Auth logic
+app.use('/api/auth', swayamauth(User, Tenant, 'YOUR_JWT_SECRET_KEY'));
+
+app.listen(4000, () => console.log('Engine running on port 4000'));
+```
+## 📡 API Reference
+### POST /register
+Creates a new Tenant and a User account. Automatically hashes the password and generates a unique tenantId.
+```json
+Body: { "name": "Name", 
+        "email": "admin@test.com", 
+        "password": "password123", 
+        ...customFields 
+      }
+```
+
+### POST /login
+Authenticates the user and returns a signed JWT.
+```json
+Body: { "email": "admin@test.com", 
+        "password": "password123" 
+      }
+```

package/src/config/db.js

@@ -0,0 +1,13 @@
+const mongoose = require('mongoose');
+
+const connectDB = async (mongoUri) => {
+  try {
+    await mongoose.connect(mongoUri);
+    console.log('MongoDB connected');
+  } catch (err) {
+    console.error(err);
+    process.exit(1);
+  }
+};
+
+module.exports = connectDB;

package/src/controllers/authController.js

@@ -0,0 +1,98 @@
+const asyncHandler = require('express-async-handler');
+const bcrypt = require('bcryptjs');
+const jwt = require('jsonwebtoken');
+
+/**
+ * createHandlers Factory
+ * @param {Object} User - The Mongoose User Model passed from the app
+ * @param {Object} Tenant - The Mongoose Tenant Model passed from the app
+ * @param {String} jwtSecret - The secret key for signing tokens
+ */
+const createHandlers = (User, Tenant, jwtSecret) => {
+  
+  // Internal helper for token generation
+  const generateToken = (user) => {
+    return jwt.sign(
+      { id: user._id, role: user.role }, 
+      jwtSecret, 
+      { expiresIn: '7d' }
+    );
+  };
+
+  const register = asyncHandler(async (req, res) => {
+    // We capture specific fields and use ...extra for any custom fields the user added
+    const { name, email, password, role, ...extra } = req.body;
+
+    if (!name || !email || !password) {
+      res.status(400);
+      throw new Error('Missing required fields: name, email, and password are required.');
+    }
+
+    const exists = await User.findOne({ email });
+    if (exists) {
+      res.status(400);
+      throw new Error('User already exists for this email');
+    }
+
+    // Automatic Tenant Creation
+    const tenantId = `${name.toLowerCase().replace(/\s+/g, "_")}_${Date.now()}`;
+    await Tenant.create({ name, tenantId });
+
+    // Internal Security Handling (Bcrypt bypass)
+    const salt = await bcrypt.genSalt(10);
+    const hashed = await bcrypt.hash(password, salt);
+
+    // Create User with dynamic fields
+    const user = await User.create({
+      name,
+      email,
+      password: hashed,
+      role: role || 'user',
+      tenantId,
+      ...extra // This allows the user to pass 'city', 'phoneNo', etc.
+    });
+
+    res.status(201).json({
+      id: user._id,
+      name: user.name,
+      email: user.email,
+      role: user.role,
+      tenantId: user.tenantId,
+      token: generateToken(user)
+    });
+  });
+
+  const login = asyncHandler(async (req, res) => {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      res.status(400);
+      throw new Error('Missing fields');
+    }
+
+    const user = await User.findOne({ email });
+    if (!user) {
+      res.status(401);
+      throw new Error('Invalid credentials');
+    }
+
+    const match = await bcrypt.compare(password, user.password);
+    if (!match) {
+      res.status(401);
+      throw new Error('Invalid credentials');
+    }
+
+    res.json({
+      id: user._id,
+      name: user.name,
+      email: user.email,
+      role: user.role,
+      tenantId: user.tenantId,
+      token: generateToken(user)
+    });
+  });
+
+  return { register, login };
+};
+
+module.exports = { createHandlers };

package/src/middleware/auth.js

@@ -0,0 +1,67 @@
+const jwt = require('jsonwebtoken');
+const asyncHandler = require('express-async-handler');
+const User = require('../models/User');
+const Business = require('../models/Business');
+
+// Protect routes
+const protect = asyncHandler(async (req, res, next) => {
+  const auth = req.headers.authorization;
+  console.log(auth);
+  
+  if (!auth || !auth.startsWith('Bearer ')) {
+    res.status(401);
+    throw new Error('Not authorized, token missing');
+  }
+
+  const token = auth.split(' ')[1];
+
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+    console.log(decoded);
+    // Try finding in User
+    let user = await User.findById(decoded.id);
+    
+    // If not found, try Business
+    if (!user) {
+      user = await Business.findById(decoded.id);
+    }
+    console.log(user);
+    
+
+    
+    if (!user) {
+      res.status(401);
+      throw new Error('Not authorized, user is not found');
+    }
+
+    // Allow normal users if tenantId matches OR if superadmin
+    if (req.tenantId && user.tenantId !== req.tenantId && user.role !== 'superadmin') {
+      res.status(403);
+      throw new Error('Tenant mismatch');
+    }
+
+    req.user = user; // attach user to request
+    next();
+  } catch (err) {
+    console.log(err);
+    
+    res.status(401);
+    throw new Error('Not authorized, token is this the end invalid');
+  }
+});
+
+// Role-based authorization middleware
+const authorize = (...roles) => (req, res, next) => {
+  if (!req.user) {
+    return res.status(401).json({ message: 'Not authenticated' });
+  }
+
+  if (!roles.includes(req.user.role)) {
+    return res.status(403).json({ message: 'Forbidden - insufficient role' });
+  }
+
+  next();
+};
+
+module.exports = { protect, authorize };

package/src/middleware/errorHandler.js

@@ -0,0 +1,10 @@
+const errorHandler = (err, req, res, next) => {
+  console.error(err);
+  const statusCode = res.statusCode && res.statusCode !== 200 ? res.statusCode : 500;
+  res.status(statusCode).json({
+    message: err.message || 'Internal Server Error',
+    stack: process.env.NODE_ENV === 'production' ? undefined : err.stack
+  });
+};
+
+module.exports = errorHandler;

package/src/middleware/tenant.js

@@ -0,0 +1,11 @@
+// middleware/tenant.js
+const setTenant = (req, res, next) => {
+  const tenantId = req.header('x-tenant-id');
+  if (!tenantId) {
+    return res.status(400).json({ message: 'Missing x-tenant-id header' });
+  }
+  req.tenantId = tenantId;
+  next();
+};
+
+module.exports = setTenant; 

package/src/models/Tenant.js

@@ -0,0 +1,9 @@
+const mongoose = require('mongoose');
+
+const TenantSchema = new mongoose.Schema({
+  name: { type: String, required: true },
+  tenantId: { type: String },
+  meta: { type: Object, default: {} }
+}, { timestamps: true });
+
+module.exports = mongoose.model('Tenant', TenantSchema);

package/src/models/User.js

@@ -0,0 +1,20 @@
+const mongoose = require("mongoose");
+
+const UserSchema = new mongoose.Schema({
+  name: { type: String, required: true },
+  email: { type: String, unique: true, required: true },
+  password: { type: String, required: true },
+  role: { type: String, enum: ["superadmin", "business", "user"], default: "user" },
+  phoneNo: { type: Number },
+  addressLine1: { type: String },
+  addressLine2: { type: String },
+  city: { type: String },
+  state: { type: String },
+  zipCode: { type: Number },
+  tenantId: { type: String, required: true },
+
+  // Optional: quick access to bookings (can also just query Booking collection)
+  bookings: [{ type: mongoose.Schema.Types.ObjectId, ref: "Booking" }]
+}, { timestamps: true });
+
+module.exports = mongoose.model("User", UserSchema);

package/src/routes/auth.js

@@ -0,0 +1,17 @@
+// Inside your library: src/routes/auth.js
+const express = require('express');
+const { createHandlers } = require('../controllers/authController.js');
+
+const swayamauth = (User, Tenant, jwtSecret) => {
+  const router = express.Router();
+
+  // We pass the models into the controller factory
+  const { register, login } = createHandlers(User, Tenant, jwtSecret);
+
+  router.post('/register', register);
+  router.post('/login', login);
+
+  return router;
+};
+
+module.exports = swayamauth;