@echoes-of-order/eslint-config 1.121.0

package/rules/controller-architecture.js

@@ -0,0 +1,340 @@
+/**
+ * ESLint-Regeln für Controller-Architektur
+ * 1. Controller dürfen keine Repositories direkt nutzen, nur Services
+ * 2. Rückgabewerte müssen DTOs sein, nie Entities
+ * 3. Response-Handling muss über sendSuccess/sendError erfolgen
+ */
+
+/** @type {import('eslint').Rule.RuleModule} */
+const noDirectRepositoryUseRule = {
+  meta: {
+    type: "problem",
+    docs: {
+      description: "Controller dürfen keine Repositories direkt nutzen, nur Services",
+      category: "Architecture",
+      recommended: true,
+    },
+    schema: [],
+    messages: {
+      noDirectRepository: "Controller dürfen keine Repositories direkt nutzen. Verwende stattdessen einen Service: '{{usage}}'",
+      noDirectDataSource: "Controller dürfen DataSource nicht direkt nutzen. Verwende stattdessen einen Service: '{{usage}}'",
+    },
+  },
+  create(context) {
+    const controllerFiles = /Controller\.ts$/;
+    const filename = context.getFilename();
+    const isControllerFile = controllerFiles.test(filename) &&
+                            !/BaseController\.ts$/.test(filename);
+
+    if (!isControllerFile) return {};
+
+    return {
+      // Prüfe auf direkte Repository-Nutzung
+      CallExpression(node) {
+        // dataSource.getRepository() oder appDataSource.getRepository()
+        if (
+          node.callee.type === "MemberExpression" &&
+          node.callee.property.type === "Identifier" &&
+          node.callee.property.name === "getRepository" &&
+          node.callee.object.type === "Identifier" &&
+          (node.callee.object.name === "dataSource" ||
+           node.callee.object.name === "appDataSource" ||
+           node.callee.object.name.includes("DataSource"))
+        ) {
+          context.report({
+            node,
+            messageId: "noDirectRepository",
+            data: {
+              usage: `${node.callee.object.name}.getRepository()`,
+            },
+          });
+        }
+
+        // Repository-Methoden direkt aufrufen
+        if (
+          node.callee.type === "MemberExpression" &&
+          node.callee.object.type === "CallExpression" &&
+          node.callee.object.callee.type === "MemberExpression" &&
+          node.callee.object.callee.property.name === "getRepository"
+        ) {
+          context.report({
+            node,
+            messageId: "noDirectRepository",
+            data: {
+              usage: "repository method call",
+            },
+          });
+        }
+      },
+
+      // Prüfe auf direkte DataSource-Imports
+      ImportDeclaration(node) {
+        if (node.source.value === "typeorm" &&
+            node.specifiers.some(spec =>
+              spec.type === "ImportSpecifier" &&
+              spec.imported.name === "DataSource")) {
+          context.report({
+            node,
+            messageId: "noDirectDataSource",
+            data: {
+              usage: "DataSource import",
+            },
+          });
+        }
+
+        // Prüfe auf appDataSource Import
+        if (node.source.value &&
+            node.source.value.includes("ormconfig") ||
+            node.source.value.includes("data-source")) {
+          context.report({
+            node,
+            messageId: "noDirectDataSource",
+            data: {
+              usage: "appDataSource import",
+            },
+          });
+        }
+      },
+    };
+  },
+};
+
+/** @type {import('eslint').Rule.RuleModule} */
+const requireDtoResponseRule = {
+  meta: {
+    type: "problem",
+    docs: {
+      description: "Controller müssen DTOs zurückgeben, nie Entities",
+      category: "Architecture",
+      recommended: true,
+    },
+    schema: [],
+    messages: {
+      returnEntity: "Controller dürfen keine Entities zurückgeben. Verwende DTOs: '{{entityName}}'",
+      serviceReturnsEntity: "Service-Methode '{{methodName}}' gibt wahrscheinlich Entity zurück. Controller müssen DTOs verwenden",
+    },
+  },
+  create(context) {
+    const controllerFiles = /Controller\.ts$/;
+    const filename = context.getFilename();
+    const isControllerFile = controllerFiles.test(filename) &&
+                            !/BaseController\.ts$/.test(filename);
+
+    if (!isControllerFile) return {};
+
+    // Sammle Service-Imports und erkenne Entity-verdächtige Patterns
+    const serviceImports = new Set();
+    const entityImports = new Set();
+
+    return {
+      // Sammle Imports von Services und Entities
+      ImportDeclaration(node) {
+        if (node.source.value && typeof node.source.value === "string") {
+          const importPath = node.source.value;
+
+          // Erkenne Entity-Imports (endend mit "Entity" oder aus entity/ Ordnern)
+          if (importPath.includes("/entity/") ||
+              node.specifiers.some(spec =>
+                spec.type === "ImportDefaultSpecifier" &&
+                spec.local.name.endsWith("Entity"))) {
+            node.specifiers.forEach(spec => {
+              if (spec.type === "ImportDefaultSpecifier") {
+                entityImports.add(spec.local.name);
+              }
+            });
+          }
+
+          // Erkenne Service-Imports
+          if (importPath.includes("/service/") ||
+              node.specifiers.some(spec =>
+                spec.type === "ImportDefaultSpecifier" &&
+                spec.local.name.endsWith("Service"))) {
+            node.specifiers.forEach(spec => {
+              if (spec.type === "ImportDefaultSpecifier") {
+                serviceImports.add(spec.local.name);
+              }
+            });
+          }
+        }
+      },
+
+      // Prüfe Return-Statements auf Entity-Rückgaben
+      ReturnStatement(node) {
+        if (node.argument &&
+            node.argument.type === "CallExpression" &&
+            node.argument.callee.type === "MemberExpression" &&
+            node.argument.callee.object.type === "Identifier" &&
+            node.argument.callee.object.name === "repo") {
+          context.report({
+            node,
+            messageId: "returnEntity",
+            data: {
+              entityName: "repository result",
+            },
+          });
+        }
+      },
+
+      // Prüfe Service-Aufrufe in handleGetAll/handleGetById
+      CallExpression(node) {
+        // Prüfe auf this.handleGetAll(..., () => this.serviceMethod(), ...)
+        if (node.callee.type === "MemberExpression" &&
+            node.callee.object.type === "ThisExpression" &&
+            (node.callee.property.name === "handleGetAll" ||
+             node.callee.property.name === "handleGetById")) {
+
+                    // Finde das Service-Callback (zweites Argument bei handleGetAll)
+          const callbackArg = node.arguments[1];
+          if (callbackArg && callbackArg.type === "ArrowFunctionExpression") {
+
+            let serviceCall = callbackArg.body;
+
+            // Handle async functions with BlockStatement body
+            if (serviceCall.type === "BlockStatement" && serviceCall.body.length > 0) {
+              const returnStmt = serviceCall.body.find(stmt => stmt.type === "ReturnStatement");
+              if (returnStmt && returnStmt.argument) {
+                serviceCall = returnStmt.argument;
+              }
+            }
+
+            // Check if it's a direct CallExpression
+            if (serviceCall && serviceCall.type === "CallExpression") {
+              if (serviceCall.callee.type === "MemberExpression") {
+                let methodName = "";
+
+                // Handle this.serviceProperty.methodName() pattern
+                if (serviceCall.callee.object.type === "MemberExpression" &&
+                    serviceCall.callee.object.object.type === "ThisExpression" &&
+                    serviceCall.callee.property.name) {
+                  methodName = serviceCall.callee.property.name;
+                }
+                // Handle this.methodName() pattern
+                else if (serviceCall.callee.object.type === "ThisExpression" &&
+                         serviceCall.callee.property.name) {
+                  methodName = serviceCall.callee.property.name;
+                }
+
+                if (methodName) {
+                  // Prüfe nur ob die Service-Klasse auf Entity endet
+                  const isEntitySuspicious = serviceCall.callee.object.type === "MemberExpression" &&
+                    serviceCall.callee.object.object.type === "ThisExpression" &&
+                    serviceCall.callee.object.property.name.endsWith("Entity");
+
+                  if (isEntitySuspicious) {
+                    context.report({
+                      node: serviceCall,
+                      messageId: "serviceReturnsEntity",
+                      data: {
+                        methodName: methodName,
+                      },
+                    });
+                  }
+                }
+              }
+            }
+          }
+        }
+      },
+    };
+  },
+};
+
+/** @type {import('eslint').Rule.RuleModule} */
+const requireProperResponseHandlingRule = {
+  meta: {
+    type: "problem",
+    docs: {
+      description: "Controller müssen sendSuccess/sendError für Responses nutzen",
+      category: "Architecture",
+      recommended: true,
+    },
+    schema: [],
+    messages: {
+      useBaseControllerMethods: "Verwende this.sendSuccess() oder this.sendError() anstatt direkter Response-Methoden: '{{method}}'",
+      noDirectReturn: "Controller-Methoden dürfen nicht direkt Werte zurückgeben. Verwende this.sendSuccess(): '{{returnType}}'",
+    },
+  },
+  create(context) {
+    const controllerFiles = /Controller\.ts$/;
+    const filename = context.getFilename();
+    const isControllerFile = controllerFiles.test(filename) &&
+                            !/BaseController\.ts$/.test(filename);
+
+    if (!isControllerFile) return {};
+
+    return {
+      // Prüfe auf direkte res.json/res.status Aufrufe
+      CallExpression(node) {
+        // res.json() direkt
+        if (
+          node.callee.type === "MemberExpression" &&
+          node.callee.object.type === "Identifier" &&
+          node.callee.object.name === "res" &&
+          node.callee.property.type === "Identifier" &&
+          (node.callee.property.name === "json" ||
+           node.callee.property.name === "status" ||
+           node.callee.property.name === "send")
+        ) {
+          context.report({
+            node,
+            messageId: "useBaseControllerMethods",
+            data: {
+              method: `res.${node.callee.property.name}()`,
+            },
+          });
+        }
+      },
+
+      // Prüfe Return-Statements in Controller-Methoden
+      MethodDefinition(node) {
+        // Nur öffentliche Methoden prüfen (nicht private oder protected)
+        if (node.accessibility === "private" || node.accessibility === "protected") {
+          return;
+        }
+
+        if (node.value.type === "FunctionExpression" ||
+            node.value.type === "ArrowFunctionExpression") {
+
+          // Durchsuche den Function Body nach Return-Statements
+          const checkReturnStatements = (blockStatement) => {
+            if (!blockStatement || !blockStatement.body) return;
+
+            for (const stmt of blockStatement.body) {
+              if (stmt.type === "ReturnStatement" &&
+                  stmt.argument &&
+                  stmt.argument.type !== "CallExpression") {
+
+                // Ignoriere "return;" ohne Wert
+                if (stmt.argument.type === "Identifier" &&
+                    stmt.argument.name === "undefined") continue;
+
+                context.report({
+                  node: stmt,
+                  messageId: "noDirectReturn",
+                  data: {
+                    returnType: "value",
+                  },
+                });
+              }
+            }
+          };
+
+          if (node.value.body.type === "BlockStatement") {
+            checkReturnStatements(node.value.body);
+          }
+        }
+      },
+    };
+  },
+};
+
+// Export-Objekt mit allen Regeln
+const controllerArchitectureRules = {
+  rules: {
+    "controller-architecture": noDirectRepositoryUseRule,
+    "require-dto-response": requireDtoResponseRule,
+    "require-proper-response-handling": requireProperResponseHandlingRule,
+  },
+};
+
+export default controllerArchitectureRules;

package/rules/controller-naming-conventions.js

@@ -0,0 +1,190 @@
+/**
+ * @fileoverview Enforce consistent naming conventions for controller methods
+ */
+
+"use strict";
+
+export default {
+  meta: {
+    type: "problem",
+    docs: {
+      description: "enforce consistent naming conventions for controller HTTP methods",
+      category: "Best Practices",
+      recommended: true,
+    },
+    fixable: null,
+    schema: [],
+    messages: {
+      invalidMethodName: "Controller method '{{methodName}}' does not follow naming conventions. Use: getById (GET with params), getAll (GET without params), create (POST), update (PUT/PATCH), delete (DELETE)",
+      entityInResponse: "Entity-Variable '{{variableName}}' darf nicht direkt in sendSuccess() verwendet werden. Controller müssen Entities zu DTOs konvertieren bevor sie als API-Response zurückgegeben werden.",
+    },
+  },
+
+  create(context) {
+    const filename = context.getFilename();
+
+    if (!filename.includes("Controller.ts") || filename.includes("test") || filename.includes("spec")) {
+      return {};
+    }
+
+    function isControllerClass(node) {
+      if (node.type !== "ClassDeclaration") return false;
+
+      return node.decorators && node.decorators.some(decorator => {
+        return decorator.expression &&
+               ((decorator.expression.type === "Identifier" && decorator.expression.name === "Controller") ||
+                (decorator.expression.type === "CallExpression" &&
+                 decorator.expression.callee.name === "Controller"));
+      });
+    }
+
+    function getHttpMethodType(decorators) {
+      if (!decorators) return null;
+
+      const httpMethodMap = {
+        "Get": "get",
+        "Post": "post",
+        "Put": "put",
+        "Delete": "delete",
+        "Patch": "patch"
+      };
+
+      for (const decorator of decorators) {
+        const decoratorName = decorator.expression?.name || decorator.expression?.callee?.name;
+        if (httpMethodMap[decoratorName]) {
+          let route = "";
+          let hasParameter = false;
+
+          if (decorator.expression?.type === "CallExpression" &&
+              decorator.expression.arguments.length > 0 &&
+              decorator.expression.arguments[0].type === "Literal") {
+            route = decorator.expression.arguments[0].value;
+            hasParameter = route.includes(":");
+          }
+
+          return {
+            type: httpMethodMap[decoratorName],
+            hasParameter,
+            route,
+            isSubResource: route.includes("/") && route.includes(":")
+          };
+        }
+      }
+
+      return null;
+    }
+
+    function validateMethodName(methodName, httpMethod) {
+      const conventions = {
+        get: {
+          withParam: "getById",
+          withoutParam: "getAll"
+        },
+        post: "create",
+        put: "update",
+        delete: "delete",
+        patch: "update"
+      };
+
+      // Allow flexible naming for sub-resource routes (e.g., ":id/effects", ":id/assignments")
+      if (httpMethod.isSubResource) {
+        return true;
+      }
+
+      if (httpMethod.type === "get") {
+        const expectedName = httpMethod.hasParameter ?
+          conventions.get.withParam :
+          conventions.get.withoutParam;
+        return methodName === expectedName;
+      }
+
+      return methodName === conventions[httpMethod.type];
+    }
+
+    function getExpectedName(httpMethod) {
+      if (httpMethod.type === "get") {
+        return httpMethod.hasParameter ? "getById" : "getAll";
+      }
+
+      const expectedNames = {
+        post: "create",
+        put: "update",
+        delete: "delete",
+        patch: "update"
+      };
+
+      return expectedNames[httpMethod.type];
+    }
+
+    // Entity-Pattern erkennen
+    function isEntityPattern(variableName) {
+      return (
+        variableName.endsWith("Definition") ||
+        variableName.endsWith("Entity") ||
+        variableName.endsWith("Model") ||
+        variableName.endsWith("Record") ||
+        variableName.endsWith("Instance") ||
+        variableName.startsWith("new") ||
+        variableName.includes("Entity") ||
+        variableName.includes("Definition")
+      );
+    }
+
+    return {
+      ClassDeclaration(node) {
+        if (!isControllerClass(node)) return;
+
+        node.body.body.forEach(member => {
+          if (member.type === "MethodDefinition" &&
+              member.kind === "method" &&
+              member.accessibility === "public") {
+
+            const httpMethod = getHttpMethodType(member.decorators);
+            if (!httpMethod) return;
+
+            const methodName = member.key.name;
+
+            if (!validateMethodName(methodName, httpMethod)) {
+              const expectedName = getExpectedName(httpMethod);
+
+              context.report({
+                node: member,
+                message: `Controller method '${methodName}' must be named '${expectedName}' for ${httpMethod.type.toUpperCase()} methods. Use consistent naming across all controllers.`,
+              });
+            }
+          }
+        });
+      },
+
+      // Prüfe Entity-Patterns in sendSuccess
+      CallExpression(node) {
+        if (node.callee?.type === "MemberExpression" &&
+            node.callee.object?.type === "ThisExpression" &&
+            node.callee.property?.name === "sendSuccess") {
+
+          if (node.arguments.length >= 2 &&
+              node.arguments[1]?.type === "ObjectExpression") {
+
+            const responseObject = node.arguments[1];
+
+            responseObject.properties.forEach(property => {
+              if (property.type === "Property" &&
+                  property.value?.type === "Identifier") {
+
+                const variableName = property.value.name;
+
+                if (isEntityPattern(variableName)) {
+                  context.report({
+                    node: property.value,
+                    messageId: "entityInResponse",
+                    data: { variableName }
+                  });
+                }
+              }
+            });
+          }
+        }
+      }
+    };
+  },
+};

package/rules/controller-readonly-restriction.js

@@ -0,0 +1,148 @@
+/**
+ * ESLint-Regel: Controller Readonly Restriction
+ * Normale Controller (nicht Admin) dürfen nur GET-Methoden haben.
+ * Schreibende Zugriffe (POST, PUT, DELETE) erfolgen über Socket.io.
+ */
+
+/** @type {import('eslint').Rule.RuleModule} */
+const noWriteMethodsInPublicControllersRule = {
+  meta: {
+    type: "problem",
+    docs: {
+      description: "Normale Controller dürfen nur GET-Methoden haben. Schreibende Zugriffe erfolgen über Socket.io.",
+      category: "Architecture",
+      recommended: true,
+    },
+    schema: [
+      {
+        type: "object",
+        properties: {
+          exceptions: {
+            type: "array",
+            items: {
+              type: "string"
+            },
+            description: "Array von Datei-Pfaden oder Mustern, die von dieser Regel ausgenommen werden sollen"
+          }
+        },
+        additionalProperties: false
+      }
+    ],
+    messages: {
+      noWriteMethods: "Normale Controller dürfen nur GET-Methoden haben. {{method}}-Methoden sind nicht erlaubt. Verwende Socket.io für schreibende Zugriffe.",
+      noWriteDecorators: "Normale Controller dürfen keine {{decorator}}-Decorators haben. Verwende Socket.io für schreibende Zugriffe.",
+    },
+  },
+  create(context) {
+    const controllerFiles = /Controller\.ts$/;
+    const filename = context.getFilename();
+    const isControllerFile = controllerFiles.test(filename) &&
+                            !/BaseController\.ts$/.test(filename);
+
+    if (!isControllerFile) return {};
+
+    // Hole die Konfiguration für Ausnahmen
+    const options = context.options[0] || {};
+    const exceptions = options.exceptions || [];
+
+    // Prüfe ob die aktuelle Datei in den Ausnahmen ist
+    const isException = exceptions.some(exception => {
+      // Unterstütze sowohl exakte Pfade als auch Muster
+      if (exception.includes('*')) {
+        // Einfache Glob-Pattern-Unterstützung
+        const pattern = new RegExp(exception.replace(/\*/g, '.*'));
+        return pattern.test(filename);
+      } else {
+        // Exakter Pfad-Vergleich (auch relative Pfade)
+        return filename.includes(exception) || filename.endsWith(exception);
+      }
+    });
+
+    // Wenn die Datei eine Ausnahme ist, überspringe die Prüfung
+    if (isException) return {};
+
+    // Prüfe ob es ein Admin-Controller ist
+    const isAdminController = filename.includes("/Admin/") ||
+                             filename.includes("AdminController") ||
+                             context.getSourceCode().getText().includes("@UseGuards(AuthGuard, AdminGuard)");
+
+    // Normale Controller (nicht Admin) werden geprüft
+    if (isAdminController) return {};
+
+    const writeMethods = ["POST", "PUT", "PATCH", "DELETE"];
+    const writeDecorators = ["@Post", "@Put", "@Patch", "@Delete"];
+
+    return {
+      // Prüfe auf HTTP-Method-Decorators
+      Decorator(node) {
+        if (node.expression.type === "CallExpression" &&
+            node.expression.callee.type === "Identifier") {
+
+          const decoratorName = node.expression.callee.name;
+
+          if (writeDecorators.includes(`@${decoratorName}`)) {
+            context.report({
+              node,
+              messageId: "noWriteDecorators",
+              data: {
+                decorator: `@${decoratorName}`,
+              },
+            });
+          }
+        }
+      },
+
+      // Prüfe auf Methodennamen die schreibende Operationen implizieren
+      MethodDefinition(node) {
+        if (node.key.type === "Identifier") {
+          const methodName = node.key.name;
+
+          // Prüfe auf typische schreibende Methodennamen
+          const writeMethodNames = [
+            "create", "post", "add", "insert",
+            "update", "put", "patch", "edit", "modify",
+            "delete", "remove", "destroy", "drop"
+          ];
+
+          if (writeMethodNames.some(writeMethod =>
+            methodName.toLowerCase().includes(writeMethod))) {
+
+            context.report({
+              node,
+              messageId: "noWriteMethods",
+              data: {
+                method: methodName,
+              },
+            });
+          }
+        }
+      },
+
+      // Prüfe auf handleCreate, handleUpdate, handleDelete Aufrufe
+      CallExpression(node) {
+        if (node.callee.type === "MemberExpression" &&
+            node.callee.object.type === "ThisExpression" &&
+            node.callee.property.type === "Identifier") {
+
+          const methodName = node.callee.property.name;
+
+          if (["handleCreate", "handleUpdate", "handleDelete"].includes(methodName)) {
+            context.report({
+              node,
+              messageId: "noWriteMethods",
+              data: {
+                method: `this.${methodName}()`,
+              },
+            });
+          }
+        }
+      },
+    };
+  },
+};
+
+export default {
+  rules: {
+    "no-write-methods-in-public-controllers": noWriteMethodsInPublicControllersRule,
+  },
+};