@cravery/core 0.0.5 → 0.0.7

package/package.json

@@ -1,9 +1,36 @@
 {
   "name": "@cravery/core",
-  "version": "0.0.5",
+  "version": "0.0.7",
   "description": "Clean architecture foundation for Cravery",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./types": {
+      "types": "./dist/types/index.d.ts",
+      "default": "./dist/types/index.js"
+    },
+    "./config": {
+      "types": "./dist/config/index.d.ts",
+      "default": "./dist/config/index.js"
+    }
+  },
+  "typesVersions": {
+    "*": {
+      "types": [
+        "dist/types/index.d.ts"
+      ],
+      "enums": [
+        "dist/enums/index.d.ts"
+      ],
+      "config": [
+        "dist/config/index.d.ts"
+      ]
+    }
+  },
   "scripts": {
     "build": "tsc",
     "build:watch": "tsc --watch",

package/src/config/index.ts

@@ -1,3 +1,4 @@
 export * from "./ai";
 export * from "./collections";
 export * from "./common";
+export * from "./subscription";

package/src/config/subscription.ts

@@ -0,0 +1 @@
+export const MaxMembersPerSubscription = 3;

package/src/index.ts

@@ -1,4 +1,4 @@
 export * from "./config";
-export * from "./enums";
+export * from "./types/enums";
 export * from "./lib";
 export * from "./types";

package/src/lib/ai/cost.ts

@@ -66,7 +66,16 @@ export const logAIUsage = (usage: AIUsage): number => {
     updates[`${base}/models/${model.id}/${key}`] = ServerValue.increment(value);
   }
 
-  db.ref().update(updates).catch(console.error);
+  db.ref()
+    .update(updates)
+    .catch((error) => {
+      console.error("[AI Usage] Failed to log usage:", {
+        flowName,
+        model: model.id,
+        cost,
+        error: error instanceof Error ? error.message : String(error),
+      });
+    });
 
   return cost;
 };

package/src/lib/ai/embedding.ts

@@ -4,10 +4,15 @@ import { firestore } from "../firebase";
 import { ai, geminiEmbedding001 } from "./genkit";
 import { logAIUsage } from "./cost";
 import { AI_MODELS } from "../../config/ai";
+import { ValidationError } from "../errors";
 
 export const generateEmbedding = async (text: string, flowName: string) => {
   if (text.length < 1 || text.length > 7500) {
-    throw new Error("Validation error: Text out of range");
+    throw new ValidationError("Text must be between 1 and 7500 characters", {
+      length: text.length,
+      minLength: 1,
+      maxLength: 7500,
+    });
   }
   const response = await ai.embed({
     embedder: geminiEmbedding001,

package/src/lib/errors/index.ts

@@ -0,0 +1,79 @@
+export const APP_ERROR_CODE_VALUES = [
+  "BAD_REQUEST",
+  "UNAUTHORIZED",
+  "FORBIDDEN",
+  "NOT_FOUND",
+  "CONFLICT",
+  "VALIDATION_ERROR",
+  "INTERNAL_ERROR",
+] as const;
+
+export type AppErrorCode = (typeof APP_ERROR_CODE_VALUES)[number];
+
+export class AppError extends Error {
+  public readonly code: AppErrorCode;
+  public readonly statusCode: number;
+  public readonly context?: Record<string, unknown>;
+
+  constructor(
+    code: AppErrorCode,
+    message: string,
+    statusCode: number = 500,
+    context?: Record<string, unknown>,
+  ) {
+    super(message);
+    this.name = "AppError";
+    this.code = code;
+    this.statusCode = statusCode;
+    this.context = context;
+
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, AppError);
+    }
+  }
+
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      statusCode: this.statusCode,
+      context: this.context,
+    };
+  }
+}
+
+export class ValidationError extends AppError {
+  constructor(message: string, context?: Record<string, unknown>) {
+    super("VALIDATION_ERROR", message, 400, context);
+    this.name = "ValidationError";
+  }
+}
+
+export class NotFoundError extends AppError {
+  constructor(message: string, context?: Record<string, unknown>) {
+    super("NOT_FOUND", message, 404, context);
+    this.name = "NotFoundError";
+  }
+}
+
+export class UnauthorizedError extends AppError {
+  constructor(message: string, context?: Record<string, unknown>) {
+    super("UNAUTHORIZED", message, 401, context);
+    this.name = "UnauthorizedError";
+  }
+}
+
+export class ForbiddenError extends AppError {
+  constructor(message: string, context?: Record<string, unknown>) {
+    super("FORBIDDEN", message, 403, context);
+    this.name = "ForbiddenError";
+  }
+}
+
+export class ConflictError extends AppError {
+  constructor(message: string, context?: Record<string, unknown>) {
+    super("CONFLICT", message, 409, context);
+    this.name = "ConflictError";
+  }
+}

package/src/lib/iam.ts

@@ -1,5 +1,5 @@
 import * as admin from "firebase-admin";
-import { Role } from "../enums";
+import { Role } from "../types/enums";
 
 const getUserRole = async (uid: string): Promise<Role> => {
   let role: Role = "guest";

package/src/lib/index.ts

@@ -1,6 +1,8 @@
 export * from "./ai";
 export * from "./api";
+export * from "./errors";
 export * from "./firebase";
 export * from "./iam";
 export * from "./repository";
 export * from "./storage";
+export * from "./utils";

package/src/lib/repository/factory.ts

@@ -0,0 +1,14 @@
+import { firestore } from "../firebase";
+import { UserRepository } from "./user.repository";
+import { ProfileRepository } from "./profile.repository";
+import { SettingsRepository } from "./settings.repository";
+
+let userRepo: UserRepository | null = null;
+let profileRepo: ProfileRepository | null = null;
+let settingsRepo: SettingsRepository | null = null;
+
+export const repositories = {
+  user: () => (userRepo ??= new UserRepository(firestore)),
+  profile: () => (profileRepo ??= new ProfileRepository(firestore)),
+  settings: () => (settingsRepo ??= new SettingsRepository(firestore)),
+};

package/src/lib/repository/index.ts

@@ -1,4 +1,5 @@
 export * from "./errors";
+export * from "./factory";
 export * from "./firestore.repository";
 export * from "./rtdb.repository";
 export * from "./user.repository";

package/src/lib/repository/profile.repository.ts

@@ -1,7 +1,7 @@
 import { Firestore } from "firebase-admin/firestore";
 import { FirestoreRepository } from "./firestore.repository";
-import type { Profile } from "../../types/profile";
-import { ProfileSchema } from "../../types/profile";
+import type { Profile } from "../../types/iam/profile";
+import { ProfileSchema } from "../../types/iam/profile";
 import { Collections } from "../../config/collections";
 import { RepositoryError, RepositoryErrorCode } from "./errors";
 

package/src/lib/repository/user.repository.ts

@@ -1,7 +1,7 @@
 import { Firestore } from "firebase-admin/firestore";
 import { FirestoreRepository } from "./firestore.repository";
-import type { User } from "../../types/user";
-import { UserSchema } from "../../types/user";
+import type { User } from "../../types/iam/user";
+import { UserSchema } from "../../types/iam/user";
 import { Collections } from "../../config/collections";
 import { RepositoryError, RepositoryErrorCode } from "./errors";
 

package/src/lib/storage.ts

@@ -1,15 +1,33 @@
 import { getStorage } from "firebase-admin/storage";
+import { ValidationError } from "./errors";
 
 export interface UploadImageResult {
   url: string;
   path: string;
 }
 
+function validateStoragePath(path: string): void {
+  if (!path || path.length === 0) {
+    throw new ValidationError("Storage path cannot be empty");
+  }
+  if (path.includes("..")) {
+    throw new ValidationError("Storage path cannot contain '..'", { path });
+  }
+  if (path.startsWith("/")) {
+    throw new ValidationError("Storage path cannot start with '/'", { path });
+  }
+  if (path.includes("//")) {
+    throw new ValidationError("Storage path cannot contain '//'", { path });
+  }
+}
+
 export const uploadImageToStorage = async (
   base64Data: string,
   path: string,
   contentType: string = "image/png",
 ): Promise<UploadImageResult> => {
+  validateStoragePath(path);
+
   try {
     const bucket = getStorage().bucket();
     const buffer = Buffer.from(base64Data, "base64");

package/src/lib/utils/index.ts

@@ -0,0 +1 @@
+export * from "./sanitize";

package/src/lib/utils/sanitize.ts

@@ -0,0 +1,38 @@
+import { z } from "zod";
+
+/**
+ * Removes HTML tags and script content from a string.
+ * Use for text fields that should not contain HTML (descriptions, bios, etc.)
+ */
+export function sanitizeText(text: string): string {
+  return text
+    .replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "")
+    .replace(/<[^>]*>/g, "")
+    .trim();
+}
+
+/**
+ * Creates a Zod string schema that sanitizes HTML on transformation.
+ * Use in schemas where text input needs to be cleaned.
+ *
+ * @example
+ * const BioSchema = sanitizedString(z.string().max(280));
+ */
+export function sanitizedString<T extends z.ZodString>(schema: T) {
+  return schema.transform(sanitizeText);
+}
+
+/**
+ * Escapes HTML special characters to prevent XSS.
+ * Use when HTML needs to be displayed as text.
+ */
+export function escapeHtml(text: string): string {
+  const htmlEscapes: Record<string, string> = {
+    "&": "&amp;",
+    "<": "&lt;",
+    ">": "&gt;",
+    '"': "&quot;",
+    "'": "&#39;",
+  };
+  return text.replace(/[&<>"']/g, (char) => htmlEscapes[char]);
+}

package/src/types/ai/filters.ts

@@ -5,7 +5,7 @@ import {
   DifficultySchema,
   MealTypeSchema,
   SpicinessSchema,
-} from "../../enums";
+} from "../enums";
 
 export const RecipeFiltersSchema = z.object({
   cuisines: z.array(CuisineSchema).optional(),

package/src/types/ai/recipe.ts

@@ -6,11 +6,11 @@ import {
   DifficultySchema,
   MealTypeSchema,
   SpicinessSchema,
-} from "../../enums";
-import { EquipmentSchema } from "../equipment";
-import { IngredientSectionSchema } from "../ingredient";
-import { InstructionSchema } from "../instruction";
-import { NutritionSchema } from "../nutrition";
+} from "../enums";
+import { EquipmentSchema } from "../recipe/equipment";
+import { IngredientSectionSchema } from "../recipe/ingredient";
+import { InstructionSchema } from "../recipe/instruction";
+import { NutritionSchema } from "../recipe/nutrition";
 
 export const AIRecipeSchema = z.object({
   allergens: z.array(AllergenSchema),

package/src/types/ai/translation.ts

@@ -1,7 +1,7 @@
 import { z } from "zod";
-import { EquipmentContentSchema } from "../equipment";
-import { IngredientSectionContentSchema } from "../ingredient";
-import { InstructionContentSchema } from "../instruction";
+import { EquipmentContentSchema } from "../recipe/equipment";
+import { IngredientSectionContentSchema } from "../recipe/ingredient";
+import { InstructionContentSchema } from "../recipe/instruction";
 
 export const AIRecipeTranslationSchema = z.object({
   description: z.string().min(10).max(2000),

package/src/{enums → types/enums}/recipe_status.ts

@@ -4,7 +4,10 @@ export const RECIPE_STATUS_VALUES = [
   "active",
   "archived",
   "deleted",
+  "draft",
+  "flagged",
   "pending",
+  "rejected",
 ] as const;
 export const RecipeStatusSchema = z.enum(RECIPE_STATUS_VALUES);
 export type RecipeStatus = (typeof RECIPE_STATUS_VALUES)[number];

package/src/types/iam/index.ts

@@ -0,0 +1,3 @@
+export * from "./profile";
+export * from "./subscription";
+export * from "./user";

package/src/types/{profile.ts → iam/profile.ts}

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { Timestamp } from "firebase-admin/firestore";
+import type { Timestamp } from "firebase-admin/firestore";
 import { ProfileStatusSchema } from "../enums";
 
 export const ProfileSchema = z.object({

package/src/types/iam/subscription.ts

@@ -0,0 +1,23 @@
+import { z } from "zod";
+import type { Timestamp } from "firebase-admin/firestore";
+import { SubscriptionTierSchema } from "../enums";
+import { MaxMembersPerSubscription } from "../../config";
+
+export const MemberSchema = z.object({
+  userId: z.string(),
+  role: z.enum(["owner", "member"]),
+  status: z.enum(["pending", "active", "removed"]),
+  invitedAt: z.custom<Timestamp>(),
+  joinedAt: z.custom<Timestamp>().optional(),
+});
+export type Member = z.infer<typeof MemberSchema>;
+
+export const SubscriptionSchema = z.object({
+  expiresAt: z.custom<Timestamp>(),
+  id: z.string(),
+  members: z.array(MemberSchema).max(MaxMembersPerSubscription).optional(),
+  revenuecatId: z.string(),
+  tier: SubscriptionTierSchema,
+  updatedAt: z.custom<Timestamp>(),
+});
+export type Subscription = z.infer<typeof SubscriptionSchema>;

package/src/types/{user.ts → iam/user.ts}

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { Timestamp } from "firebase-admin/firestore";
+import type { Timestamp } from "firebase-admin/firestore";
 import { RoleSchema, UserStatusSchema } from "../enums";
 
 export const UserSchema = z.object({
@@ -12,6 +12,7 @@ export const UserSchema = z.object({
   status: UserStatusSchema,
   subscriptionId: z.string().optional(),
   updatedAt: z.custom<Timestamp>(),
+  verified: z.boolean(),
 });
 export type User = z.infer<typeof UserSchema>;
 

package/src/types/index.ts

@@ -1,13 +1,7 @@
 export * from "./ai";
-export * from "./equipment";
-export * from "./ingredient";
-export * from "./instruction";
+export * from "./iam";
 export * from "./moderation";
-export * from "./nutrition";
-export * from "./profile";
 export * from "./recipe";
 export * from "./repository";
+export * from "./response";
 export * from "./settings";
-export * from "./subscription";
-export * from "./temperature";
-export * from "./user";

package/src/types/moderation.ts

@@ -1,11 +1,11 @@
 import { z } from "zod";
-import { Timestamp } from "firebase-admin/firestore";
+import type { Timestamp } from "firebase-admin/firestore";
 import {
   ModerationStatusSchema,
   PrioritySchema,
   SeveritySchema,
   SuggestionCategorySchema,
-} from "../enums";
+} from "./enums";
 
 export const ModerationSuggestionSchema = z.object({
   category: SuggestionCategorySchema,

package/src/types/{equipment.ts → recipe/equipment.ts}

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { SlugRegex } from "../config";
+import { SlugRegex } from "../../config";
 
 export const EquipmentMetaSchema = z.object({
   required: z.boolean().optional(),

package/src/types/recipe/index.ts

@@ -0,0 +1,6 @@
+export * from "./equipment";
+export * from "./ingredient";
+export * from "./instruction";
+export * from "./nutrition";
+export * from "./recipe";
+export * from "./temperature";

package/src/types/{ingredient.ts → recipe/ingredient.ts}

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { SlugRegex } from "../config";
+import { SlugRegex } from "../../config";
 import { UnitSchema } from "../enums";
 
 export const IngredientMetaSchema = z.object({

package/src/types/{recipe.ts → recipe/recipe.ts}

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { Timestamp } from "firebase-admin/firestore";
+import type { Timestamp } from "firebase-admin/firestore";
 import {
   AllergenSchema,
   CuisineSchema,
@@ -37,11 +37,11 @@ export const RecipeMetaSchema = z.object({
   deletedAt: z.custom<Timestamp>().optional(),
   dietaryTags: z.array(DietaryTagSchema),
   difficulty: DifficultySchema,
-  equipment: z.array(EquipmentMetaSchema).optional(),
+  equipment: z.array(EquipmentMetaSchema).max(30).optional(),
   id: z.string(),
   imageUrl: z.string().optional(),
-  ingredientSections: z.array(IngredientSectionMetaSchema).min(1),
-  instructions: z.array(InstructionMetaSchema).min(1),
+  ingredientSections: z.array(IngredientSectionMetaSchema).min(1).max(20),
+  instructions: z.array(InstructionMetaSchema).min(1).max(100),
   mealTypes: z.array(MealTypeSchema).min(1),
   nutrition: NutritionSchema.optional(),
   originalLocale: LocaleSchema,
@@ -58,10 +58,10 @@ export type RecipeMeta = z.infer<typeof RecipeMetaSchema>;
 export const RecipeContentSchema = z.object({
   description: z.string().min(10).max(2000),
   equipment: z.array(EquipmentContentSchema).optional(),
-  ingredientSections: z.array(IngredientSectionContentSchema).min(1),
-  instructions: z.array(InstructionContentSchema).min(1),
+  ingredientSections: z.array(IngredientSectionContentSchema).min(1).max(20),
+  instructions: z.array(InstructionContentSchema).min(1).max(100),
   locale: LocaleSchema,
-  tips: z.array(z.string().max(500)).optional(),
+  tips: z.array(z.string().max(500)).max(20).optional(),
   title: z.string().min(3).max(200),
 });
 export type RecipeContent = z.infer<typeof RecipeContentSchema>;

package/src/types/response.ts

@@ -0,0 +1,30 @@
+export type ApiSuccessResponse<T> = {
+  success: true;
+  data: T;
+};
+
+export type ApiErrorResponse = {
+  success: false;
+  error: {
+    code: string;
+    message: string;
+    details?: unknown;
+  };
+};
+
+export type ApiResponse<T> = ApiSuccessResponse<T> | ApiErrorResponse;
+
+export function success<T>(data: T): ApiSuccessResponse<T> {
+  return { success: true, data };
+}
+
+export function failure(
+  code: string,
+  message: string,
+  details?: unknown,
+): ApiErrorResponse {
+  return {
+    success: false,
+    error: { code, message, details },
+  };
+}

package/src/types/settings.ts

@@ -1,11 +1,11 @@
 import { z } from "zod";
-import { Timestamp } from "firebase-admin/firestore";
-import { AllergenSchema } from "../enums/allergen";
-import { DietaryTagSchema } from "../enums/dietary_tag";
-import { CuisineSchema } from "../enums/cuisine";
-import { SpicinessSchema } from "../enums/spiciness";
-import { LocaleSchema } from "../enums/locale";
-import { TemperatureUnitSchema } from "../enums/temperature_unit";
+import type { Timestamp } from "firebase-admin/firestore";
+import { AllergenSchema } from "./enums/allergen";
+import { DietaryTagSchema } from "./enums/dietary_tag";
+import { CuisineSchema } from "./enums/cuisine";
+import { SpicinessSchema } from "./enums/spiciness";
+import { LocaleSchema } from "./enums/locale";
+import { TemperatureUnitSchema } from "./enums/temperature_unit";
 
 export const MEASUREMENT_SYSTEM_VALUES = ["metric", "imperial"] as const;
 export const MeasurementSystemSchema = z.enum(MEASUREMENT_SYSTEM_VALUES);

package/src/types/subscription.ts

@@ -1,13 +0,0 @@
-import { z } from "zod";
-import { Timestamp } from "firebase-admin/firestore";
-import { SubscriptionTierSchema } from "../enums";
-
-export const SubscriptionSchema = z.object({
-  expiresAt: z.custom<Timestamp>(),
-  familyMembers: z.array(z.string()).max(3).optional(),
-  id: z.string(),
-  revenuecatId: z.string(),
-  tier: SubscriptionTierSchema,
-  updatedAt: z.custom<Timestamp>(),
-});
-export type Subscription = z.infer<typeof SubscriptionSchema>;