@eeplatform/core 1.8.7 → 1.8.9

package/.github/workflows/publish.yml

@@ -15,26 +15,24 @@ jobs:
   publish:
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
-    environment: production
     steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - uses: actions/setup-node@v4
         with:
           node-version: 20.x
-          cache: "yarn" # Use yarn for caching
-          cache-dependency-path: yarn.lock # Cache Yarn lockfile
-
-      - run: yarn install --immutable # Install dependencies with immutable lockfile
+          cache: "yarn"
+          cache-dependency-path: yarn.lock
 
-      - name: Create .npmrc for publishing
-        run: |
-          echo '//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}' > ~/.npmrc
+      - run: yarn install --immutable
 
       - name: Create Release Pull Request or Publish
         id: changesets
         uses: changesets/action@v1
         with:
-          publish: yarn release # Use yarn for publishing
+          publish: yarn release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @eeplatform/core
 
+## 1.8.9
+
+### Patch Changes
+
+- a899c41: Add app management and revise roles and permission management
+
+## 1.8.8
+
+### Patch Changes
+
+- 6a72a1c: Update dependencies
+
 ## 1.8.7
 
 ### Patch Changes

package/CLAUDE.md

@@ -0,0 +1,106 @@
+# server-core-module (`@goweekdays/core`)
+
+Shared server module exported as a package consumed by all app servers.
+Built with Express + MongoDB (Atlas) + TypeScript.
+
+## Resource Layer Pattern
+
+Each resource lives under `src/resources/<resource-name>/` and follows this structure:
+
+```
+resource-name/
+  resource.model.ts       # Types and validation schema
+  resource.repository.ts  # Direct database interaction
+  resource.service.ts     # Business logic (optional — see below)
+  resource.controller.ts  # API request handler
+  index.ts                # Barrel export
+```
+
+### `.model.ts`
+
+Defines the TypeScript type and Joi validation schema for the resource. This is the source of truth for the shape of the data.
+
+### `.repository.ts`
+
+Contains all functions that directly interact with the database (MongoDB). No business logic here — only reads and writes.
+
+### `.service.ts`
+
+Builds business logic by composing repository functions and third-party integrations (e.g. hashing, email, S3, transactions). Never accesses the database directly — all DB interaction goes through the repository. **This layer is optional** — if a resource only needs basic CRUD with no business logic, a service file is not required.
+
+### `.controller.ts`
+
+Handles incoming API requests. Validates the request input, then delegates to the service layer if business logic exists, or calls the repository directly if the resource has no service.
+
+### `index.ts`
+
+Re-exports all layers so consumers can import from the resource folder directly.
+
+```typescript
+export * from "./user.model";
+export * from "./user.repository";
+export * from "./user.service";
+export * from "./user.controller";
+```
+
+---
+
+## Naming Conventions
+
+| Layer      | Pattern                     | Example                                              |
+| ---------- | --------------------------- | ---------------------------------------------------- |
+| File       | `<resource>.<layer>.ts`     | `user.model.ts`, `finance.journal.config.service.ts` |
+| Type       | `T<Resource>`               | `TUser`, `TJobPost`                                  |
+| Schema     | `schema<Resource>`          | `schemaUser`, `schemaJobPost`                        |
+| Model fn   | `model<Resource>()`         | `modelUser()`, `modelJobPost()`                      |
+| Repository | `use<Resource>Repo()`       | `useUserRepo()`, `useOrgRepo()`                      |
+| Service    | `use<Resource>Service()`    | `useUserService()`, `useOrgService()`                |
+| Controller | `use<Resource>Controller()` | `useUserController()`                                |
+
+Multi-word resource names use dot notation in file names: `finance.journal.config.model.ts`, `job.post.repository.ts`.
+
+---
+
+## Error Handling
+
+Always use the typed error classes from `@eeplatform/nodejs-utils` — never throw a generic `new Error()`.
+
+- `BadRequestError` — invalid input or a violated business rule
+- `NotFoundError` — resource does not exist
+- `InternalServerError` — unexpected DB or system failure
+- `AppError` — base class; use `instanceof AppError` in catch blocks to re-throw typed errors as-is
+
+---
+
+## Controller Input Extraction
+
+Validate the entire `req.body` against a Joi schema to ensure no unexpected keys are passed. Extract only the fields you need after validation.
+
+1. Define a Joi schema that describes exactly the expected shape
+2. Validate `req.body` (or `req.params` / `req.query`) against it — reject if invalid
+3. Destructure only the needed fields from the validated result
+4. Delegate to the service or repository
+
+This prevents unexpected or extra fields from leaking into the database.
+
+---
+
+## Transactions
+
+Use a MongoDB session whenever a service function writes to more than one collection. The pattern is always:
+
+1. Start session and transaction
+2. Pass `session` down to every repo call
+3. Commit on success, abort on error, and always end the session in `finally`
+
+Transactions belong in the service layer only — never in a controller or repository.
+
+---
+
+## What Not To Do
+
+- **No business logic in controllers** — controllers only handle HTTP input/output and delegate
+- **No direct DB access in controllers or services** — all DB interaction belongs in the repository only
+- **No generic `Error` throws** — use the typed error classes above
+- **No Zod** — validation is done with Joi throughout this module
+- **No extra fields into the DB** — always validate the full request body before using any of it

package/dist/index.d.ts

@@ -88,8 +88,7 @@ declare class MUser implements TUser {
 }
 
 declare function useUserRepo(): {
-    createTextIndex: () => Promise<void>;
-    createUniqueIndex: () => Promise<void>;
+    createIndexes: () => Promise<void>;
     createUser: (value: TUser, session?: ClientSession) => Promise<ObjectId>;
     getUserByEmail: (email: string) => Promise<TUser | null>;
     getUserById: (_id: string | ObjectId) => Promise<TUser | null>;
@@ -246,6 +245,199 @@ declare function useOrgController(): {
     getById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
 };
 
+type TApp = {
+    _id?: ObjectId;
+    code: string;
+    name: string;
+    description: string;
+    type?: string;
+    status?: string;
+    createdAt?: string | Date;
+    updatedAt?: string | Date;
+    deletedAt?: string | Date;
+};
+declare const schemaApp: Joi.ObjectSchema<any>;
+declare const schemaAppUpdate: Joi.ObjectSchema<any>;
+declare function modelApp(value: TApp): TApp;
+
+declare function useAppRepo(): {
+    createIndexes: () => Promise<void>;
+    add: (value: TApp, session?: ClientSession) => Promise<ObjectId>;
+    getAll: ({ search, page, limit, sort, status, type, }?: {
+        search?: string;
+        page?: number;
+        limit?: number;
+        sort?: Record<string, any>;
+        status?: string;
+        type?: string | string[];
+    }) => Promise<Record<string, any> | {
+        items: any[];
+        pages: number;
+        pageRange: string;
+    }>;
+    getById: (_id: string | ObjectId) => Promise<TApp | null>;
+    getByCode: (code: string) => Promise<TApp | null>;
+    updateById: (_id: ObjectId | string, value: {
+        name: string;
+        description: string;
+    }, session?: ClientSession) => Promise<mongodb.UpdateResult<bson.Document>>;
+    deleteById: (_id: string | ObjectId, session?: ClientSession) => Promise<mongodb.UpdateResult<bson.Document>>;
+};
+
+declare function useAppService(): {
+    addDefaultApps: () => Promise<void>;
+    deleteById: (id: string) => Promise<string>;
+};
+
+declare function useAppController(): {
+    add: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    updateById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    getAll: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    getById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    deleteById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+};
+
+type TPermission = {
+    _id?: ObjectId;
+    app: string;
+    key: string;
+    name: string;
+    group: string;
+    description: string;
+    deprecated?: boolean;
+    status?: string;
+    createdAt?: string | Date;
+    updatedAt?: string | Date;
+    deletedAt?: string | Date;
+};
+declare const schemaPermission: Joi.ObjectSchema<any>;
+declare const schemaPermissionUpdate: Joi.ObjectSchema<any>;
+declare function modelPermission(value: TPermission): TPermission;
+
+declare function usePermissionRepo(): {
+    createIndexes: () => Promise<void>;
+    add: (value: TPermission, session?: ClientSession) => Promise<ObjectId>;
+    getAll: ({ search, page, limit, sort, app, status, }?: {
+        search?: string | undefined;
+        page?: number | undefined;
+        limit?: number | undefined;
+        sort?: {} | undefined;
+        app?: string | undefined;
+        status?: string | undefined;
+    }) => Promise<Record<string, any> | {
+        items: any[];
+        pages: number;
+        pageRange: string;
+    }>;
+    getById: (_id: string | ObjectId) => Promise<TPermission | null>;
+    getByKey: (key: string, group?: string, app?: string) => Promise<TPermission | null>;
+    updateById: (_id: ObjectId | string, value: {
+        key?: string;
+        group?: string;
+        description?: string;
+    }, session?: ClientSession) => Promise<mongodb.UpdateResult<bson.Document>>;
+    deleteById: (_id: string | ObjectId, session?: ClientSession) => Promise<mongodb.UpdateResult<bson.Document>>;
+    countByGroup: (group: string) => Promise<number>;
+};
+
+declare function usePermissionService(): {
+    deleteById: (id: string) => Promise<string>;
+};
+
+declare function usePermissionController(): {
+    add: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    getAll: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    getById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    deleteById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    updateById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+};
+
+type TPermissionGroup = {
+    _id?: ObjectId;
+    app: string;
+    key: string;
+    label: string;
+    order?: number;
+    status?: string;
+    createdAt?: string | Date;
+    updatedAt?: string | Date;
+    deletedAt?: string | Date;
+};
+declare const schemaPermissionGroup: Joi.ObjectSchema<any>;
+declare const schemaPermissionGroupUpdate: Joi.ObjectSchema<any>;
+declare function modelPermissionGroup(value: TPermissionGroup): TPermissionGroup;
+
+declare function usePermissionGroupRepo(): {
+    createIndexes: () => Promise<void>;
+    add: (value: TPermissionGroup, session?: ClientSession) => Promise<ObjectId>;
+    getAll: ({ search, page, limit, sort, app, status, }?: {
+        search?: string | undefined;
+        page?: number | undefined;
+        limit?: number | undefined;
+        sort?: {} | undefined;
+        app?: string | undefined;
+        status?: string | undefined;
+    }) => Promise<Record<string, any> | {
+        items: any[];
+        pages: number;
+        pageRange: string;
+    }>;
+    getById: (_id: string | ObjectId) => Promise<TPermissionGroup | null>;
+    getByKey: (key: string, app?: string) => Promise<TPermissionGroup | null>;
+    updateById: (_id: ObjectId | string, value: {
+        name: string;
+        serial: string;
+        levels: number;
+    }, session?: ClientSession) => Promise<mongodb.UpdateResult<bson.Document>>;
+    deleteById: (_id: string | ObjectId, session?: ClientSession) => Promise<mongodb.UpdateResult<bson.Document>>;
+};
+
+declare function usePermissionGroupService(): {
+    addDefaultModule: () => Promise<void>;
+    deleteById: (id: string) => Promise<string>;
+};
+
+declare function usePermissionGroupController(): {
+    add: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    getAll: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    getById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    deleteById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    updateById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+};
+
+type TFile = {
+    _id?: ObjectId;
+    name: string;
+    type?: string;
+    status?: string;
+    createdAt: string;
+};
+declare class MFile implements TFile {
+    _id?: ObjectId;
+    name: string;
+    type?: string;
+    status?: string;
+    createdAt: string;
+    constructor(value: TFile);
+}
+
+declare function useFileRepo(): {
+    createFile: (value: TFile, session?: ClientSession) => Promise<string>;
+    deleteFileById: (_id: string | ObjectId, session?: ClientSession) => Promise<string>;
+    getAllDraftedFiles: () => Promise<any[]>;
+};
+
+declare function useFileService(): {
+    createFile: (value: Express.Multer.File) => Promise<string>;
+    deleteFile: (id: string) => Promise<string>;
+    deleteDraft: () => void;
+};
+
+declare function useFileController(): {
+    upload: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    deleteFile: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+};
+
 type TRole = {
     _id?: ObjectId;
     id?: string | ObjectId;
@@ -278,8 +470,7 @@ declare class MRole implements TRole {
 }
 
 declare function useRoleRepo(): {
-    createIndex: () => Promise<void>;
-    createTextIndex: () => Promise<void>;
+    createIndexes: () => Promise<void>;
     createUniqueIndex: () => Promise<void>;
     addRole: (value: TRole, session?: ClientSession, clearCache?: boolean) => Promise<ObjectId>;
     getRoles: ({ search, page, limit, sort, type, id, }?: {
@@ -313,39 +504,6 @@ declare function useRoleController(): {
     updatePermissionsById: (req: Request, res: Response, next: NextFunction) => Promise<void>;
 };
 
-type TFile = {
-    _id?: ObjectId;
-    name: string;
-    type?: string;
-    status?: string;
-    createdAt: string;
-};
-declare class MFile implements TFile {
-    _id?: ObjectId;
-    name: string;
-    type?: string;
-    status?: string;
-    createdAt: string;
-    constructor(value: TFile);
-}
-
-declare function useFileRepo(): {
-    createFile: (value: TFile, session?: ClientSession) => Promise<string>;
-    deleteFileById: (_id: string | ObjectId, session?: ClientSession) => Promise<string>;
-    getAllDraftedFiles: () => Promise<any[]>;
-};
-
-declare function useFileService(): {
-    createFile: (value: Express.Multer.File) => Promise<string>;
-    deleteFile: (id: string) => Promise<string>;
-    deleteDraft: () => void;
-};
-
-declare function useFileController(): {
-    upload: (req: Request, res: Response, next: NextFunction) => Promise<void>;
-    deleteFile: (req: Request, res: Response, next: NextFunction) => Promise<void>;
-};
-
 type TVerificationMetadata = {
     name?: string;
     app?: string;
@@ -488,9 +646,7 @@ type TMember = {
 declare function MMember(value: TMember): TMember;
 
 declare function useMemberRepo(): {
-    createIndex: () => Promise<void>;
-    createUniqueIndex: () => Promise<void>;
-    createTextIndex: () => Promise<void>;
+    createIndexes: () => Promise<void>;
     add: (value: TMember, session?: ClientSession) => Promise<string>;
     getById: (_id: string | ObjectId) => Promise<TMember | null>;
     getByOrg: (org: string | ObjectId) => Promise<TMember | null>;
@@ -523,7 +679,7 @@ declare function useMemberRepo(): {
         name: string;
     }[]>;
     updateStatusByUserId: (user: string | ObjectId, status: string) => Promise<string>;
-    updateName: (value: Pick<TMember, "user" | "name">, session?: ClientSession) => Promise<string>;
+    updateName: (value: Pick<TMember, "name" | "user">, session?: ClientSession) => Promise<string>;
     getByUserId: (user: string | ObjectId) => Promise<TMember | null>;
     getOrgsByMembership: ({ search, limit, page, user }?: {
         search: string;
@@ -813,4 +969,4 @@ declare const GEMINI_API_KEY: string;
 declare const ASSEMBLY_AI_API_KEY: string;
 declare const DOMAIN: string;
 
-export { ACCESS_TOKEN_EXPIRY, ACCESS_TOKEN_SECRET, APP_ACCOUNT, APP_MAIN, ASSEMBLY_AI_API_KEY, AudioFileData, AudioTranscriptionOptions, AudioTranscriptionResult, DEFAULT_USER_EMAIL, DEFAULT_USER_FIRST_NAME, DEFAULT_USER_LAST_NAME, DEFAULT_USER_PASSWORD, DOMAIN, GEMINI_API_KEY, MAILER_EMAIL, MAILER_PASSWORD, MAILER_TRANSPORT_HOST, MAILER_TRANSPORT_PORT, MAILER_TRANSPORT_SECURE, MAddress, MFile, MMember, MONGO_DB, MONGO_URI, MOrg, MRole, MToken, MUser, MUserRole, MVerification, PAYPAL_API_URL, PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET, PORT, PhonemeMatchOptions, PhonemeMatchResult, REDIS_HOST, REDIS_PASSWORD, REDIS_PORT, REFRESH_TOKEN_EXPIRY, REFRESH_TOKEN_SECRET, SECRET_KEY, SPACES_ACCESS_KEY, SPACES_BUCKET, SPACES_ENDPOINT, SPACES_REGION, SPACES_SECRET_KEY, TAddress, TCounter, TFile, TMember, TMiniRole, TOrg, TPSGC, TRole, TToken, TUser, TUserRole, TVerification, TVerificationMetadata, VERIFICATION_FORGET_PASSWORD_DURATION, VERIFICATION_USER_INVITE_DURATION, XENDIT_BASE_URL, XENDIT_SECRET_KEY, addressSchema, isDev, modelPSGC, schemaOrg, schemaPSGC, transactionSchema, useAddressController, useAddressRepo, useAudioTranscriptionController, useAuthController, useAuthService, useCounterModel, useCounterRepo, useFileController, useFileRepo, useFileService, useGeminiAiService, useGitHubService, useMemberController, useMemberRepo, useOrgController, useOrgRepo, useOrgService, usePSGCController, usePSGCRepo, useRoleController, useRoleRepo, useTokenRepo, useTranscribeService, useUserController, useUserRepo, useUserService, useUtilController, useVerificationController, useVerificationRepo, useVerificationService };
+export { ACCESS_TOKEN_EXPIRY, ACCESS_TOKEN_SECRET, APP_ACCOUNT, APP_MAIN, ASSEMBLY_AI_API_KEY, AudioFileData, AudioTranscriptionOptions, AudioTranscriptionResult, DEFAULT_USER_EMAIL, DEFAULT_USER_FIRST_NAME, DEFAULT_USER_LAST_NAME, DEFAULT_USER_PASSWORD, DOMAIN, GEMINI_API_KEY, MAILER_EMAIL, MAILER_PASSWORD, MAILER_TRANSPORT_HOST, MAILER_TRANSPORT_PORT, MAILER_TRANSPORT_SECURE, MAddress, MFile, MMember, MONGO_DB, MONGO_URI, MOrg, MRole, MToken, MUser, MUserRole, MVerification, PAYPAL_API_URL, PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET, PORT, PhonemeMatchOptions, PhonemeMatchResult, REDIS_HOST, REDIS_PASSWORD, REDIS_PORT, REFRESH_TOKEN_EXPIRY, REFRESH_TOKEN_SECRET, SECRET_KEY, SPACES_ACCESS_KEY, SPACES_BUCKET, SPACES_ENDPOINT, SPACES_REGION, SPACES_SECRET_KEY, TAddress, TApp, TCounter, TFile, TMember, TMiniRole, TOrg, TPSGC, TPermission, TPermissionGroup, TRole, TToken, TUser, TUserRole, TVerification, TVerificationMetadata, VERIFICATION_FORGET_PASSWORD_DURATION, VERIFICATION_USER_INVITE_DURATION, XENDIT_BASE_URL, XENDIT_SECRET_KEY, addressSchema, isDev, modelApp, modelPSGC, modelPermission, modelPermissionGroup, schemaApp, schemaAppUpdate, schemaOrg, schemaPSGC, schemaPermission, schemaPermissionGroup, schemaPermissionGroupUpdate, schemaPermissionUpdate, transactionSchema, useAddressController, useAddressRepo, useAppController, useAppRepo, useAppService, useAudioTranscriptionController, useAuthController, useAuthService, useCounterModel, useCounterRepo, useFileController, useFileRepo, useFileService, useGeminiAiService, useGitHubService, useMemberController, useMemberRepo, useOrgController, useOrgRepo, useOrgService, usePSGCController, usePSGCRepo, usePermissionController, usePermissionGroupController, usePermissionGroupRepo, usePermissionGroupService, usePermissionRepo, usePermissionService, useRoleController, useRoleRepo, useTokenRepo, useTranscribeService, useUserController, useUserRepo, useUserService, useUtilController, useVerificationController, useVerificationRepo, useVerificationService };