@bloomneo/appkit 1.2.9

package/bin/templates/feature-user/user.route.ts.template

@@ -0,0 +1,379 @@
+/**
+ * User Feature Routes - Authentication endpoints with AppKit integration
+ * @module {{projectName}}/user-routes
+ * @file src/api/features/user/user.route.ts
+ */
+
+import express from 'express';
+import { errorClass } from '@bloomneo/appkit/error';
+import { authClass } from '@bloomneo/appkit/auth';
+import { userService } from './user.service.js';
+
+// Initialize AppKit modules
+const router = express.Router();
+const error = errorClass.get();
+const auth = authClass.get();
+
+/**
+ * Register a new user
+ */
+router.post('/register', error.asyncRoute(async (req, res) => {
+  const requestId = req.requestMetadata?.requestId || 'unknown';
+
+  try {
+    const user = await userService.register(req.body);
+
+    res.status(201).json({
+      message: 'User registered successfully',
+      user,
+      requestId
+    });
+
+  } catch (err: any) {
+    if (err.statusCode) {
+      throw err;
+    }
+    res.status(err.statusCode || 500).json({
+      error: err.message || 'Registration failed',
+      requestId
+    });
+  }
+}));
+
+/**
+ * Login user and generate JWT token
+ */
+router.post('/login', error.asyncRoute(async (req, res) => {
+  const requestId = req.requestMetadata?.requestId || 'unknown';
+  const { email, password } = req.body;
+
+  try {
+    const result = await userService.login(email, password);
+
+    res.json({
+      message: 'Login successful',
+      ...result,
+      requestId
+    });
+
+  } catch (err: any) {
+    if (err.statusCode) {
+      throw err;
+    }
+    res.status(err.statusCode || 500).json({
+      error: err.message || 'Login failed',
+      requestId
+    });
+  }
+}));
+
+/**
+ * Request password reset
+ */
+router.post('/forgot-password', error.asyncRoute(async (req, res) => {
+  const requestId = req.requestMetadata?.requestId || 'unknown';
+  const { email } = req.body;
+
+  try {
+    await userService.forgotPassword(email);
+
+    // Always return success to prevent email enumeration
+    res.json({
+      message: 'If an account with that email exists, a password reset link has been sent',
+      requestId
+    });
+
+  } catch (err: any) {
+    // Still return success to prevent email enumeration
+    res.json({
+      message: 'If an account with that email exists, a password reset link has been sent',
+      requestId
+    });
+  }
+}));
+
+/**
+ * Reset password with token
+ */
+router.post('/reset-password', error.asyncRoute(async (req, res) => {
+  const requestId = req.requestMetadata?.requestId || 'unknown';
+  const { token, newPassword } = req.body;
+
+  try {
+    await userService.resetPassword(token, newPassword);
+
+    res.json({
+      message: 'Password reset successfully',
+      requestId
+    });
+
+  } catch (err: any) {
+    if (err.statusCode) {
+      throw err;
+    }
+    res.status(err.statusCode || 500).json({
+      error: err.message || 'Password reset failed',
+      requestId
+    });
+  }
+}));
+
+/**
+ * Get user profile by ID
+ */
+router.get('/profile',
+  auth.requireLoginToken(),
+  error.asyncRoute(async (req, res) => {
+    const requestId = req.requestMetadata?.requestId || 'unknown';
+
+    try {
+      const authenticatedUser = auth.user(req as any);
+
+      if (!authenticatedUser) {
+        throw error.serverError('Authentication failed - user not found in request');
+      }
+
+      const user = await userService.getProfile(authenticatedUser.userId as number);
+
+      res.json({
+        message: 'Profile retrieved successfully',
+        user,
+        authenticatedAs: {
+          userId: authenticatedUser.userId,
+          role: authenticatedUser.role,
+          level: authenticatedUser.level
+        },
+        requestId
+      });
+
+    } catch (err: any) {
+      if (err.statusCode) {
+        throw err;
+      }
+      res.status(err.statusCode || 500).json({
+        error: err.message || 'Failed to get profile',
+        requestId
+      });
+    }
+  })
+);
+
+/**
+ * Update user profile
+ */
+router.put('/profile',
+  auth.requireLoginToken(),
+  error.asyncRoute(async (req, res) => {
+    const requestId = req.requestMetadata?.requestId || 'unknown';
+    const { name, phone } = req.body;
+
+    try {
+      const authenticatedUser = auth.user(req as any);
+
+      if (!authenticatedUser) {
+        throw error.serverError('Authentication failed - user not found in request');
+      }
+
+      const user = await userService.updateProfile(authenticatedUser.userId as number, { name, phone });
+
+      res.json({
+        message: 'Profile updated successfully',
+        user,
+        requestId
+      });
+
+    } catch (err: any) {
+      if (err.statusCode) {
+        throw err;
+      }
+      res.status(err.statusCode || 500).json({
+        error: err.message || 'Failed to update profile',
+        requestId
+      });
+    }
+  })
+);
+
+/**
+ * Change user password
+ */
+router.post('/change-password',
+  auth.requireLoginToken(),
+  error.asyncRoute(async (req, res) => {
+    const requestId = req.requestMetadata?.requestId || 'unknown';
+    const { currentPassword, newPassword } = req.body;
+
+    try {
+      const authenticatedUser = auth.user(req as any);
+
+      if (!authenticatedUser) {
+        throw error.serverError('Authentication failed - user not found in request');
+      }
+
+      await userService.changePassword(authenticatedUser.userId as number, currentPassword, newPassword);
+
+      res.json({
+        message: 'Password changed successfully',
+        requestId
+      });
+
+    } catch (err: any) {
+      if (err.statusCode) {
+        throw err;
+      }
+      res.status(err.statusCode || 500).json({
+        error: err.message || 'Password change failed',
+        requestId
+      });
+    }
+  })
+);
+
+/**
+ * Get all users (admin/moderator only)
+ */
+router.get('/all',
+  auth.requireLoginToken(),
+  auth.requireUserRoles(['admin.tenant', 'admin.org', 'admin.system']),
+  error.asyncRoute(async (req, res) => {
+    const requestId = req.requestMetadata?.requestId || 'unknown';
+    const { tenantId } = req.query;
+
+    try {
+      const users = await userService.getAllUsers(tenantId as string);
+
+      res.json({
+        message: 'Users retrieved successfully',
+        users,
+        count: users.length,
+        requestId
+      });
+
+    } catch (err: any) {
+      if (err.statusCode) {
+        throw err;
+      }
+      res.status(err.statusCode || 500).json({
+        error: err.message || 'Failed to get users',
+        requestId
+      });
+    }
+  })
+);
+
+/**
+ * Get users list (moderator+ access)
+ */
+router.get('/list',
+  auth.requireLoginToken(),
+  auth.requireUserRoles(['moderator.review', 'moderator.approve', 'moderator.manage', 'admin.tenant', 'admin.org', 'admin.system']),
+  error.asyncRoute(async (req, res) => {
+    const requestId = req.requestMetadata?.requestId || 'unknown';
+    const { tenantId } = req.query;
+
+    try {
+      const users = await userService.getAllUsers(tenantId as string);
+
+      res.json({
+        message: 'Users retrieved successfully',
+        users,
+        count: users.length,
+        requestId
+      });
+
+    } catch (err: any) {
+      if (err.statusCode) {
+        throw err;
+      }
+      res.status(err.statusCode || 500).json({
+        error: err.message || 'Failed to get users',
+        requestId
+      });
+    }
+  })
+);
+
+/**
+ * Update user by admin (admin only)
+ */
+router.put('/list/:id',
+  auth.requireLoginToken(),
+  auth.requireUserRoles(['admin.tenant', 'admin.org', 'admin.system']),
+  error.asyncRoute(async (req, res) => {
+    const requestId = req.requestMetadata?.requestId || 'unknown';
+    const userId = parseInt(req.params.id);
+
+    try {
+      const user = await userService.updateUser(userId, req.body);
+
+      res.json({
+        message: 'User updated successfully',
+        user,
+        requestId
+      });
+
+    } catch (err: any) {
+      if (err.statusCode) {
+        throw err;
+      }
+      res.status(err.statusCode || 500).json({
+        error: err.message || 'Failed to update user',
+        requestId
+      });
+    }
+  })
+);
+
+/**
+ * Delete user (admin only)
+ */
+router.delete('/list/:id',
+  auth.requireLoginToken(),
+  auth.requireUserRoles(['admin.tenant', 'admin.org', 'admin.system']),
+  error.asyncRoute(async (req, res) => {
+    const requestId = req.requestMetadata?.requestId || 'unknown';
+    const userId = parseInt(req.params.id);
+
+    try {
+      const authenticatedUser = auth.user(req as any);
+
+      // Prevent self-deletion
+      if (authenticatedUser?.userId === userId) {
+        return res.status(400).json({
+          error: 'Operation not allowed',
+          message: 'Cannot delete your own account',
+          requestId
+        });
+      }
+
+      await userService.deleteUser(userId);
+
+      res.json({
+        message: 'User deleted successfully',
+        requestId
+      });
+
+    } catch (err: any) {
+      if (err.statusCode) {
+        throw err;
+      }
+      res.status(err.statusCode || 500).json({
+        error: err.message || 'Failed to delete user',
+        requestId
+      });
+    }
+  })
+);
+
+/**
+ * Test route to verify discovery and functionality
+ */
+router.get('/test', (_req, res) => {
+  res.json({
+    message: 'User routes are working!',
+    timestamp: new Date().toISOString(),
+    status: 'success'
+  });
+});
+
+export default router;

package/bin/templates/feature-user/user.seed.js.template

@@ -0,0 +1,182 @@
+/**
+ * User Feature Seed Data - Creates all 9 role accounts for testing
+ * @file prisma/seeding/user.seed.js
+ *
+ * Requires DEFAULT_USER_PASSWORD environment variable to be set.
+ * This ensures no hardcoded passwords in the repository.
+ *
+ * Run this seed file individually:
+ * node prisma/seeding/user.seed.js
+ *
+ * Or include in your main seed file:
+ * require('./seeding/user.seed.js');
+ */
+
+import { PrismaClient } from '@prisma/client';
+import bcrypt from 'bcrypt';
+
+const prisma = new PrismaClient();
+
+export async function seedUsers() {
+  console.log('🌱 Seeding user data with all 9 role accounts...');
+
+  try {
+    // Check if user data already exists
+    const existingCount = await prisma.user.count();
+
+    if (existingCount > 0) {
+      console.log(`⚠️  User table already has ${existingCount} records. Skipping seed...`);
+      return { skipped: true, count: existingCount };
+    }
+
+    // Hash default password for all accounts (from environment)
+    const defaultPassword = process.env.DEFAULT_USER_PASSWORD;
+    if (!defaultPassword) {
+      throw new Error('DEFAULT_USER_PASSWORD environment variable is required for seeding');
+    }
+    const hashedPassword = await bcrypt.hash(defaultPassword, 10);
+
+    // Create all 9 role accounts based on AppKit's role hierarchy
+    const userData = [
+      // User roles (3 levels)
+      {
+        email: 'user.basic@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Basic User',
+        phone: '+1-555-0001',
+        role: 'user',
+        level: 'basic',
+        isVerified: true,
+        isActive: true,
+      },
+      {
+        email: 'user.pro@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Pro User',
+        phone: '+1-555-0002',
+        role: 'user',
+        level: 'pro',
+        isVerified: true,
+        isActive: true,
+      },
+      {
+        email: 'user.max@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Max User',
+        phone: '+1-555-0003',
+        role: 'user',
+        level: 'max',
+        isVerified: true,
+        isActive: true,
+      },
+
+      // Moderator roles (3 levels - matching AppKit hierarchy)
+      {
+        email: 'moderator.review@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Review Moderator',
+        phone: '+1-555-0004',
+        role: 'moderator',
+        level: 'review',
+        isVerified: true,
+        isActive: true,
+      },
+      {
+        email: 'moderator.approve@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Approve Moderator',
+        phone: '+1-555-0005',
+        role: 'moderator',
+        level: 'approve',
+        isVerified: true,
+        isActive: true,
+      },
+      {
+        email: 'moderator.manage@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Manage Moderator',
+        phone: '+1-555-0006',
+        role: 'moderator',
+        level: 'manage',
+        isVerified: true,
+        isActive: true,
+      },
+
+      // Admin roles (3 levels)
+      {
+        email: 'admin.tenant@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Tenant Admin',
+        phone: '+1-555-0007',
+        role: 'admin',
+        level: 'tenant',
+        isVerified: true,
+        isActive: true,
+      },
+      {
+        email: 'admin.org@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'Organization Admin',
+        phone: '+1-555-0008',
+        role: 'admin',
+        level: 'org',
+        isVerified: true,
+        isActive: true,
+      },
+      {
+        email: 'admin.system@{{projectName}}.com',
+        password: hashedPassword,
+        name: 'System Admin',
+        phone: '+1-555-0009',
+        role: 'admin',
+        level: 'system',
+        isVerified: true,
+        isActive: true,
+      },
+    ];
+
+    const result = await prisma.user.createMany({
+      data: userData
+    });
+
+    console.log(`✅ Successfully seeded ${result.count} user accounts with all 9 roles`);
+    console.log('📋 Test accounts created:');
+    console.log(`   Default password for all accounts: ${defaultPassword}`);
+    console.log(`
+👤 USER ACCOUNTS:
+   • user.basic@{{projectName}}.com (role: user.basic)
+   • user.pro@{{projectName}}.com (role: user.pro)
+   • user.max@{{projectName}}.com (role: user.max)
+
+🛡️ MODERATOR ACCOUNTS:
+   • moderator.review@{{projectName}}.com (role: moderator.review)
+   • moderator.approve@{{projectName}}.com (role: moderator.approve)
+   • moderator.manage@{{projectName}}.com (role: moderator.manage)
+
+🔑 ADMIN ACCOUNTS:
+   • admin.tenant@{{projectName}}.com (role: admin.tenant)
+   • admin.org@{{projectName}}.com (role: admin.org)
+   • admin.system@{{projectName}}.com (role: admin.system)`);
+
+    return { seeded: true, count: result.count };
+
+  } catch (error) {
+    console.error(`❌ Error seeding user data:`, error);
+    throw error;
+  }
+}
+
+// Run directly if this file is executed
+if (import.meta.url === `file://${process.argv[1]}`) {
+  seedUsers()
+    .then((result) => {
+      console.log('User seeding completed:', result);
+    })
+    .catch((error) => {
+      console.error('User seeding failed:', error);
+      process.exit(1);
+    })
+    .finally(async () => {
+      await prisma.$disconnect();
+    });
+}