@devbro/pashmak 0.1.43 → 0.1.45

package/dist/app/console/project/base_project/src/helpers/index.ts.tpl

@@ -0,0 +1,96 @@
+import { HttpBadRequestError, HttpForbiddenError } from '@devbro/pashmak/http';
+import jwt from 'jsonwebtoken';
+import { config } from '@devbro/pashmak/config';
+import { BaseModel, RelationshipManagerMtoM } from '@devbro/pashmak/orm';
+import { ctx } from '@devbro/pashmak/context';
+import { logger } from '@devbro/pashmak/facades';
+
+export function createJwtToken(data: any, token_params: jwt.SignOptions = {}) {
+  const secret = config.get('jwt.secret') as string;
+  const token_params2 = config.get('jwt.options') as jwt.SignOptions;
+  const token = jwt.sign(data, secret, { ...token_params2, ...token_params });
+
+  if (!token) {
+    throw new Error('Unable to sign token !!');
+  }
+  return token;
+}
+
+export async function decodeJwtToken(token: string) {
+  if (await jwt.verify(token, config.get('jwt.public'))) {
+    return await jwt.decode(token);
+  }
+
+  if (await jwt.verify(token, config.get('jwt.public_retired'))) {
+    return await jwt.decode(token);
+  }
+
+  throw new HttpBadRequestError('bad token. invalid, expired, or signed with wrong key.');
+}
+
+/**
+ * create two lists of what is to add and what to remove to convert currentRelations to newRelations
+ * @param currentRelations the base list
+ * @param newRelations the target list
+ * @param compare_method a method to compare two items, returns true if item is not in the list
+ * @returns { toAdd: T[]; toRemove: T[] }
+ */
+export function diffLists<T extends BaseModel>(
+  currentRelations: T[],
+  newRelations: T[],
+  compare_method: (item: T, list: T[]) => boolean = (item: T, list: T[]) => !list.some((c: T) => c.id === item.id)
+): { toAdd: T[]; toRemove: T[] } {
+  const toAdd = newRelations.filter((r: T) => compare_method(r, currentRelations));
+  const toRemove = currentRelations.filter((r: T) => compare_method(r, newRelations));
+  return { toAdd, toRemove };
+}
+
+export async function syncManyToMany<T1 extends BaseModel, T2 extends BaseModel>(
+  rel_manager: RelationshipManagerMtoM<T1, T2>,
+  currentRelations: T2[],
+  newRelations: T2[]
+) {
+  const { toAdd, toRemove } = diffLists(currentRelations, newRelations);
+
+  await rel_manager.dissociate(toRemove);
+  await rel_manager.associate(toAdd);
+}
+
+export function getAuthenticatedUser(): {
+  id: number;
+  can: (permission: string) => boolean;
+  canOrFail: (permissions: string) => boolean;
+  getScope: (permission: string) => any;
+} {
+  return ctx().get('auth_user');
+}
+
+export type VarOrArray<T> = T | T[];
+
+export function requirePermissions(required_permissions: VarOrArray<string>): MethodDecorator {
+  return function (_target: any, _propertyKey: string | symbol, descriptor: PropertyDescriptor) {
+    const originalMethod = descriptor.value!;
+
+    descriptor.value = async function (...args: any[]) {
+      let auth_user = getAuthenticatedUser();
+
+      const permissionsArray = Array.isArray(required_permissions) ? required_permissions : [required_permissions];
+
+      let user_can_any = false;
+      for (let permission of permissionsArray) {
+        if (auth_user.can(permission)) {
+          user_can_any = true;
+          break;
+        }
+      }
+      if (!user_can_any) {
+        logger().warn('Permission denied', {
+          user_id: auth_user.id,
+          required_permissions: permissionsArray,
+        });
+        throw new HttpForbiddenError();
+      }
+      return originalMethod.apply(this, args);
+    };
+  };
+}

package/dist/app/console/project/base_project/src/helpers/validation.ts.tpl

@@ -0,0 +1,26 @@
+import { ctx } from '@devbro/pashmak/context';
+import { Request, createParamDecorator } from '@devbro/pashmak/router';
+{{#if (eq validation_library "yup")}}import * as yup from 'yup';{{/if}}{{#if (eq validation_library "zod")}}import { z } from 'zod';{{/if}}
+
+export function ValidatedRequest(
+  validationRules: {{#if (eq validation_library "yup")}} yup.ObjectSchema<any> | (() => yup.ObjectSchema<any>) {{/if}} {{#if (eq validation_library "zod")}} z.ZodType<any> | (() => z.ZodType<any>) {{/if}}
+): ParameterDecorator {
+  return createParamDecorator(async () => {
+    const schema = typeof validationRules === "function" ? validationRules() : validationRules;
+    const requestBody = ctx().get<Request>("request").body;
+
+
+    {{#if (eq validation_library "zod")}}
+    return await schema.parseAsync(requestBody);
+    {{/if}}
+
+    {{#if (eq validation_library "yup")}}
+    // treat it as Yup schema
+    const rc = await (schema as yup.ObjectSchema<any>)
+      .noUnknown()
+      .validate(requestBody, { abortEarly: false });
+
+    return rc;
+    {{/if}}
+  });
+}

package/dist/app/console/project/base_project/src/initialize.ts.tpl

@@ -1,12 +1,69 @@
-import { bootstrap } from "@devbro/pashmak";
-import { dirname } from "path";
-import { fileURLToPath } from "url";
+import dotenv from 'dotenv';
+dotenv.config();
+
+import { bootstrap } from '@devbro/pashmak';
+import { dirname } from 'path';
+import { fileURLToPath } from 'url';
+import { loadConfig } from '@devbro/pashmak/config';
+import { httpServer, logger, mailer } from '@devbro/pashmak/facades';
+import { startQueueListeners } from '@/app/queues';
+import { HttpError } from '@devbro/pashmak/http';
+{{#if (eq validation_library "yup")}}import * as yup from 'yup';{{/if}}{{#if (eq validation_library "zod")}}import { z, ZodError } from 'zod';{{/if}}
+
+import './app/console';
+import './routes';
+import './schedules';
+
+const config_data = await loadConfig(dirname(fileURLToPath(import.meta.url)) + '/config/default');
 
 await bootstrap({
   root_dir: dirname(fileURLToPath(import.meta.url)),
+  config_data,
 });
 
-console.log("Registering service providers...");
-await import(`./app/console`);
-await import(`./routes`);
-await import(`./schedules`);
+httpServer().setErrorHandler(async (err: Error, req: any, res: any) => {
+    if (err instanceof HttpError) {
+      res.writeHead(err.statusCode, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ message: err.message, error: err.code }));
+      logger().warn({ msg: "HttpError: " + err.message, err });
+      return;
+    {{#if (eq validation_library "zod")}}
+    } else if (err instanceof ZodError) {
+      res.writeHead(422, { "Content-Type": "application/json" });
+      const { errors } = z.treeifyError(err);
+
+      res.end(JSON.stringify({ message: "validation error", errors: errors }));
+      logger().warn({ msg: "ZodError: " + err.message, err });
+      return;
+    {{/if}}
+    {{#if (eq validation_library "yup")}}
+    } else if (err instanceof yup.ValidationError) {
+      res.writeHead(422, { "Content-Type": "application/json" });
+      const errs: any = {};
+      err.inner.forEach((e: yup.ValidationError) => {
+        // Sanitize sensitive fields
+        const sanitizedParams = { ...e.params };
+        if (/passw/i.test(e.path!)) {
+          sanitizedParams.value = "******";
+          sanitizedParams.originalValue = "******";
+        }
+
+        errs[e.path!] = {
+          type: e.type,
+          message: e.message,
+          params: sanitizedParams,
+        };
+      });
+
+      res.end(JSON.stringify({ message: "validation error", errors: errs }));
+      logger().warn({ msg: "ValidationError: " + err.message, err });
+      return;
+    {{/if}}
+    } else {
+      logger().error({ msg: "Error: " + err.message, err });
+    }
+    res.writeHead(500, { "Content-Type": "" });
+    res.end(JSON.stringify({ error: "Internal Server Error" }));
+  });
+
+startQueueListeners();

package/dist/app/console/project/base_project/src/middlewares.ts.tpl

@@ -8,7 +8,7 @@ export async function loggerMiddleware(
   next: () => Promise<void>,
 ): Promise<void> {
   logger().info({
-    msg: "available context",
+    msg: "Incoming Http Request",
     keys: ctx().keys(),
     route: req.url,
   });

package/dist/bin/app/console/DefaultCommand.cjs

@@ -473,7 +473,6 @@ var http_exports = {};
 __reExport(http_exports, require("@devbro/neko-http"));
 
 // src/facades.mts
-var yup = __toESM(require("yup"), 1);
 var import_neko_logger = require("@devbro/neko-logger");
 
 // src/factories.mts
@@ -686,24 +685,6 @@ var httpServer = (0, import_neko_helper2.createSingleton)(() => {
       res.end(JSON.stringify({ message: err.message, error: err.code }));
       logger().warn({ msg: "HttpError: " + err.message, err });
       return;
-    } else if (err instanceof yup.ValidationError) {
-      res.writeHead(422, { "Content-Type": "application/json" });
-      const errs = {};
-      err.inner.forEach((e) => {
-        const sanitizedParams = { ...e.params };
-        if (/passw/i.test(e.path)) {
-          sanitizedParams.value = "******";
-          sanitizedParams.originalValue = "******";
-        }
-        errs[e.path] = {
-          type: e.type,
-          message: e.message,
-          params: sanitizedParams
-        };
-      });
-      res.end(JSON.stringify({ message: "validation error", errors: errs }));
-      logger().warn({ msg: "ValidationError: " + err.message, err });
-      return;
     } else {
       logger().error({ msg: "Error: " + err.message, err });
     }

package/dist/bin/app/console/KeyGenerateCommand.cjs

@@ -476,7 +476,6 @@ var http_exports = {};
 __reExport(http_exports, require("@devbro/neko-http"));
 
 // src/facades.mts
-var yup = __toESM(require("yup"), 1);
 var import_neko_logger = require("@devbro/neko-logger");
 
 // src/factories.mts
@@ -689,24 +688,6 @@ var httpServer = (0, import_neko_helper2.createSingleton)(() => {
       res.end(JSON.stringify({ message: err.message, error: err.code }));
       logger().warn({ msg: "HttpError: " + err.message, err });
       return;
-    } else if (err instanceof yup.ValidationError) {
-      res.writeHead(422, { "Content-Type": "application/json" });
-      const errs = {};
-      err.inner.forEach((e) => {
-        const sanitizedParams = { ...e.params };
-        if (/passw/i.test(e.path)) {
-          sanitizedParams.value = "******";
-          sanitizedParams.originalValue = "******";
-        }
-        errs[e.path] = {
-          type: e.type,
-          message: e.message,
-          params: sanitizedParams
-        };
-      });
-      res.end(JSON.stringify({ message: "validation error", errors: errs }));
-      logger().warn({ msg: "ValidationError: " + err.message, err });
-      return;
     } else {
       logger().error({ msg: "Error: " + err.message, err });
     }

package/dist/bin/app/console/StartCommand.cjs

@@ -474,7 +474,6 @@ var http_exports = {};
 __reExport(http_exports, require("@devbro/neko-http"));
 
 // src/facades.mts
-var yup = __toESM(require("yup"), 1);
 var import_neko_logger = require("@devbro/neko-logger");
 
 // src/factories.mts
@@ -687,24 +686,6 @@ var httpServer = (0, import_neko_helper2.createSingleton)(() => {
       res.end(JSON.stringify({ message: err.message, error: err.code }));
       logger().warn({ msg: "HttpError: " + err.message, err });
       return;
-    } else if (err instanceof yup.ValidationError) {
-      res.writeHead(422, { "Content-Type": "application/json" });
-      const errs = {};
-      err.inner.forEach((e) => {
-        const sanitizedParams = { ...e.params };
-        if (/passw/i.test(e.path)) {
-          sanitizedParams.value = "******";
-          sanitizedParams.originalValue = "******";
-        }
-        errs[e.path] = {
-          type: e.type,
-          message: e.message,
-          params: sanitizedParams
-        };
-      });
-      res.end(JSON.stringify({ message: "validation error", errors: errs }));
-      logger().warn({ msg: "ValidationError: " + err.message, err });
-      return;
     } else {
       logger().error({ msg: "Error: " + err.message, err });
     }

package/dist/bin/app/console/generate/GenerateApiDocsCommand.cjs

@@ -472,7 +472,6 @@ var http_exports = {};
 __reExport(http_exports, require("@devbro/neko-http"));
 
 // src/facades.mts
-var yup = __toESM(require("yup"), 1);
 var import_neko_logger = require("@devbro/neko-logger");
 
 // src/factories.mts
@@ -544,8 +543,8 @@ var DatabaseTransport = class {
       }
     });
   }, "processMessage");
-  constructor(config3 = {}) {
-    this.config = { ...this.config, ...config3 };
+  constructor(config4 = {}) {
+    this.config = { ...this.config, ...config4 };
     this.repeater = (0, import_neko_helper.createRepeater)(
       this.processMessage,
       this.config.listen_interval * 1e3
@@ -685,24 +684,6 @@ var httpServer = (0, import_neko_helper2.createSingleton)(() => {
       res.end(JSON.stringify({ message: err.message, error: err.code }));
       logger().warn({ msg: "HttpError: " + err.message, err });
       return;
-    } else if (err instanceof yup.ValidationError) {
-      res.writeHead(422, { "Content-Type": "application/json" });
-      const errs = {};
-      err.inner.forEach((e) => {
-        const sanitizedParams = { ...e.params };
-        if (/passw/i.test(e.path)) {
-          sanitizedParams.value = "******";
-          sanitizedParams.originalValue = "******";
-        }
-        errs[e.path] = {
-          type: e.type,
-          message: e.message,
-          params: sanitizedParams
-        };
-      });
-      res.end(JSON.stringify({ message: "validation error", errors: errs }));
-      logger().warn({ msg: "ValidationError: " + err.message, err });
-      return;
     } else {
       logger().error({ msg: "Error: " + err.message, err });
     }
@@ -758,6 +739,13 @@ var cache = (0, import_neko_helper2.createSingleton)((label) => {
 var import_clipanion2 = require("clipanion");
 var import_path2 = __toESM(require("path"), 1);
 var fs = __toESM(require("fs/promises"), 1);
+
+// src/config.mts
+var config_exports = {};
+__reExport(config_exports, require("@devbro/neko-config"));
+
+// src/app/console/generate/GenerateApiDocsCommand.mts
+var import_neko_helper3 = require("@devbro/neko-helper");
 var GenerateApiDocsCommand = class extends import_clipanion2.Command {
   static {
     __name(this, "GenerateApiDocsCommand");
@@ -766,7 +754,44 @@ var GenerateApiDocsCommand = class extends import_clipanion2.Command {
     [`make`, `apidocs`],
     [`generate`, `apidocs`]
   ];
+  static usage = import_clipanion2.Command.Usage({
+    category: `Generate`,
+    description: `Generate OpenAPI documentation from routes`,
+    details: `
+      This command generates OpenAPI 3.0 specification documentation by analyzing
+      your application's routes and merging with example files.
+      
+      The generated documentation includes:
+      - All registered routes with their HTTP methods
+      - Path parameters extracted from route definitions
+      - Request body schemas for POST, PUT, and PATCH methods
+      - Response schemas
+      
+      The command will merge files specified in config.api_docs.merge_files
+      and output the final documentation to config.api_docs.output.
+
+      This command depends on config data. make sure your default config contains the following:
+      api_docs: {
+        merge_files: [
+          path.join(__dirname, '../..', 'private', 'openapi_examples.json'),
+          path.join(__dirname, '../..', 'private', 'openapi_base.json'),
+          path.join(__dirname, '../..', 'private', 'openapi_user_changes.json'),
+        ],
+        output: path.join(__dirname, '../..', 'private', 'openapi.json'),
+      }
+    `,
+    examples: [[`Generate API documentation`, `$0 generate apidocs`]]
+  });
+  help = import_clipanion2.Option.Boolean(`--help,-h`, false, {
+    description: `Show help message for this command`
+  });
   async execute() {
+    if (this.help) {
+      this.context.stdout.write(
+        this.constructor.usage?.toString() || "No help available\n"
+      );
+      return 0;
+    }
     const rootDir = process.cwd();
     this.context.stdout.write(`Generating OpenAPI documentation...
 `);
@@ -831,9 +856,8 @@ var GenerateApiDocsCommand = class extends import_clipanion2.Command {
         }
       }
     }
-    const publicDir = import_path2.default.join(rootDir, "public");
-    await fs.mkdir(publicDir, { recursive: true });
-    const outputPath = import_path2.default.join(publicDir, "openapi.json");
+    await fs.mkdir(config_exports.config.get("private_path"), { recursive: true });
+    const outputPath = import_path2.default.join(config_exports.config.get("private_path"), "openapi.json");
     await fs.writeFile(
       outputPath,
       JSON.stringify(openApiSpec, null, 2),
@@ -845,6 +869,20 @@ var GenerateApiDocsCommand = class extends import_clipanion2.Command {
     );
     this.context.stdout.write(`Total routes documented: ${routes.length}
 `);
+    let files_to_merge = config_exports.config.get("api_docs.merge_files");
+    let final_api_docs = {};
+    for (let file_path of files_to_merge) {
+      let file_json = JSON.parse(await fs.readFile(file_path, "utf8"));
+      final_api_docs = import_neko_helper3.Arr.deepMerge(final_api_docs, file_json);
+    }
+    await fs.writeFile(
+      config_exports.config.get("api_docs.output"),
+      JSON.stringify(final_api_docs, null, 2)
+    );
+    this.context.stdout.write(
+      `wrote final open api document to : ${config_exports.config.get("api_docs.output")}
+`
+    );
   }
   extractParameters(routePath) {
     const paramRegex = /:([a-zA-Z0-9_]+)/g;

package/dist/bin/app/console/generate/GenerateControllerCommand.cjs

@@ -472,7 +472,6 @@ var http_exports = {};
 __reExport(http_exports, require("@devbro/neko-http"));
 
 // src/facades.mts
-var yup = __toESM(require("yup"), 1);
 var import_neko_logger = require("@devbro/neko-logger");
 
 // src/factories.mts
@@ -685,24 +684,6 @@ var httpServer = (0, import_neko_helper2.createSingleton)(() => {
       res.end(JSON.stringify({ message: err.message, error: err.code }));
       logger().warn({ msg: "HttpError: " + err.message, err });
       return;
-    } else if (err instanceof yup.ValidationError) {
-      res.writeHead(422, { "Content-Type": "application/json" });
-      const errs = {};
-      err.inner.forEach((e) => {
-        const sanitizedParams = { ...e.params };
-        if (/passw/i.test(e.path)) {
-          sanitizedParams.value = "******";
-          sanitizedParams.originalValue = "******";
-        }
-        errs[e.path] = {
-          type: e.type,
-          message: e.message,
-          params: sanitizedParams
-        };
-      });
-      res.end(JSON.stringify({ message: "validation error", errors: errs }));
-      logger().warn({ msg: "ValidationError: " + err.message, err });
-      return;
     } else {
       logger().error({ msg: "Error: " + err.message, err });
     }

package/dist/bin/app/console/generate/index.cjs

@@ -473,7 +473,6 @@ var http_exports = {};
 __reExport(http_exports, require("@devbro/neko-http"));
 
 // src/facades.mts
-var yup = __toESM(require("yup"), 1);
 var import_neko_logger = require("@devbro/neko-logger");
 
 // src/factories.mts
@@ -545,8 +544,8 @@ var DatabaseTransport = class {
       }
     });
   }, "processMessage");
-  constructor(config4 = {}) {
-    this.config = { ...this.config, ...config4 };
+  constructor(config5 = {}) {
+    this.config = { ...this.config, ...config5 };
     this.repeater = (0, import_neko_helper.createRepeater)(
       this.processMessage,
       this.config.listen_interval * 1e3
@@ -686,24 +685,6 @@ var httpServer = (0, import_neko_helper2.createSingleton)(() => {
       res.end(JSON.stringify({ message: err.message, error: err.code }));
       logger().warn({ msg: "HttpError: " + err.message, err });
       return;
-    } else if (err instanceof yup.ValidationError) {
-      res.writeHead(422, { "Content-Type": "application/json" });
-      const errs = {};
-      err.inner.forEach((e) => {
-        const sanitizedParams = { ...e.params };
-        if (/passw/i.test(e.path)) {
-          sanitizedParams.value = "******";
-          sanitizedParams.originalValue = "******";
-        }
-        errs[e.path] = {
-          type: e.type,
-          message: e.message,
-          params: sanitizedParams
-        };
-      });
-      res.end(JSON.stringify({ message: "validation error", errors: errs }));
-      logger().warn({ msg: "ValidationError: " + err.message, err });
-      return;
     } else {
       logger().error({ msg: "Error: " + err.message, err });
     }
@@ -812,6 +793,13 @@ cli().register(GenerateControllerCommand);
 var import_clipanion3 = require("clipanion");
 var import_path3 = __toESM(require("path"), 1);
 var fs2 = __toESM(require("fs/promises"), 1);
+
+// src/config.mts
+var config_exports = {};
+__reExport(config_exports, require("@devbro/neko-config"));
+
+// src/app/console/generate/GenerateApiDocsCommand.mts
+var import_neko_helper3 = require("@devbro/neko-helper");
 var GenerateApiDocsCommand = class extends import_clipanion3.Command {
   static {
     __name(this, "GenerateApiDocsCommand");
@@ -820,7 +808,44 @@ var GenerateApiDocsCommand = class extends import_clipanion3.Command {
     [`make`, `apidocs`],
     [`generate`, `apidocs`]
   ];
+  static usage = import_clipanion3.Command.Usage({
+    category: `Generate`,
+    description: `Generate OpenAPI documentation from routes`,
+    details: `
+      This command generates OpenAPI 3.0 specification documentation by analyzing
+      your application's routes and merging with example files.
+      
+      The generated documentation includes:
+      - All registered routes with their HTTP methods
+      - Path parameters extracted from route definitions
+      - Request body schemas for POST, PUT, and PATCH methods
+      - Response schemas
+      
+      The command will merge files specified in config.api_docs.merge_files
+      and output the final documentation to config.api_docs.output.
+
+      This command depends on config data. make sure your default config contains the following:
+      api_docs: {
+        merge_files: [
+          path.join(__dirname, '../..', 'private', 'openapi_examples.json'),
+          path.join(__dirname, '../..', 'private', 'openapi_base.json'),
+          path.join(__dirname, '../..', 'private', 'openapi_user_changes.json'),
+        ],
+        output: path.join(__dirname, '../..', 'private', 'openapi.json'),
+      }
+    `,
+    examples: [[`Generate API documentation`, `$0 generate apidocs`]]
+  });
+  help = import_clipanion3.Option.Boolean(`--help,-h`, false, {
+    description: `Show help message for this command`
+  });
   async execute() {
+    if (this.help) {
+      this.context.stdout.write(
+        this.constructor.usage?.toString() || "No help available\n"
+      );
+      return 0;
+    }
     const rootDir = process.cwd();
     this.context.stdout.write(`Generating OpenAPI documentation...
 `);
@@ -885,9 +910,8 @@ var GenerateApiDocsCommand = class extends import_clipanion3.Command {
         }
       }
     }
-    const publicDir = import_path3.default.join(rootDir, "public");
-    await fs2.mkdir(publicDir, { recursive: true });
-    const outputPath = import_path3.default.join(publicDir, "openapi.json");
+    await fs2.mkdir(config_exports.config.get("private_path"), { recursive: true });
+    const outputPath = import_path3.default.join(config_exports.config.get("private_path"), "openapi.json");
     await fs2.writeFile(
       outputPath,
       JSON.stringify(openApiSpec, null, 2),
@@ -899,6 +923,20 @@ var GenerateApiDocsCommand = class extends import_clipanion3.Command {
     );
     this.context.stdout.write(`Total routes documented: ${routes.length}
 `);
+    let files_to_merge = config_exports.config.get("api_docs.merge_files");
+    let final_api_docs = {};
+    for (let file_path of files_to_merge) {
+      let file_json = JSON.parse(await fs2.readFile(file_path, "utf8"));
+      final_api_docs = import_neko_helper3.Arr.deepMerge(final_api_docs, file_json);
+    }
+    await fs2.writeFile(
+      config_exports.config.get("api_docs.output"),
+      JSON.stringify(final_api_docs, null, 2)
+    );
+    this.context.stdout.write(
+      `wrote final open api document to : ${config_exports.config.get("api_docs.output")}
+`
+    );
   }
   extractParameters(routePath) {
     const paramRegex = /:([a-zA-Z0-9_]+)/g;