@ftisindia/create-app 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/package.json +1 -1
  2. package/template/.env.example +6 -0
  3. package/template/README.md +11 -1
  4. package/template/_package.json +0 -2
  5. package/template/docs/API_REFERENCE.md +13 -0
  6. package/template/docs/OAUTH.md +7 -3
  7. package/template/scripts/gen-module.mjs +2 -0
  8. package/template/src/app.module.ts +16 -22
  9. package/template/src/common/dto/error-response.dto.ts +3 -3
  10. package/template/src/common/dto/membership-response.dto.ts +26 -14
  11. package/template/src/common/dto/mutation-response.dto.ts +1 -1
  12. package/template/src/common/dto/pagination-query.dto.ts +37 -0
  13. package/template/src/common/dto/role-summary.dto.ts +5 -5
  14. package/template/src/common/dto/user-summary.dto.ts +6 -6
  15. package/template/src/common/filters/http-exception.filter.ts +9 -19
  16. package/template/src/common/swagger/api-error-responses.ts +12 -12
  17. package/template/src/config/app.config.ts +8 -3
  18. package/template/src/config/auth.config.ts +3 -3
  19. package/template/src/config/database.config.ts +3 -3
  20. package/template/src/config/env.validation.ts +78 -40
  21. package/template/src/config/index.ts +5 -5
  22. package/template/src/config/rbac.config.ts +3 -3
  23. package/template/src/database/prisma/prisma-transaction.ts +1 -1
  24. package/template/src/database/prisma/prisma.module.ts +2 -2
  25. package/template/src/database/prisma/prisma.service.ts +3 -6
  26. package/template/src/main.ts +24 -11
  27. package/template/src/modules/access-control/access-control.module.ts +11 -10
  28. package/template/src/modules/access-control/application/role-permission-policy.ts +71 -0
  29. package/template/src/modules/access-control/application/route-registry.validator.ts +34 -63
  30. package/template/src/modules/access-control/application/services/ability.factory.ts +5 -9
  31. package/template/src/modules/access-control/application/services/access-control.service.ts +78 -85
  32. package/template/src/modules/access-control/application/services/permission.guard.ts +16 -21
  33. package/template/src/modules/access-control/application/services/rbac-cache.service.ts +7 -9
  34. package/template/src/modules/access-control/dto/access-control-response.dto.ts +32 -20
  35. package/template/src/modules/access-control/dto/create-role.dto.ts +6 -6
  36. package/template/src/modules/access-control/dto/current-access-control-response.dto.ts +31 -0
  37. package/template/src/modules/access-control/dto/update-role-permissions.dto.ts +3 -10
  38. package/template/src/modules/access-control/dto/update-role.dto.ts +6 -6
  39. package/template/src/modules/access-control/presentation/access-control.controller.ts +69 -74
  40. package/template/src/modules/access-control/presentation/current-access-control.controller.ts +40 -0
  41. package/template/src/modules/access-control/presentation/permissions.decorator.ts +3 -3
  42. package/template/src/modules/access-control/presentation/public.decorator.ts +2 -2
  43. package/template/src/modules/access-control/types/permission-key.ts +19 -19
  44. package/template/src/modules/access-control/types/route-permission-registry.ts +76 -76
  45. package/template/src/modules/audit/application/services/audit.service.ts +7 -7
  46. package/template/src/modules/audit/audit.module.ts +4 -4
  47. package/template/src/modules/audit/dto/audit-response.dto.ts +18 -18
  48. package/template/src/modules/audit/dto/list-audit-logs-query.dto.ts +14 -14
  49. package/template/src/modules/audit/presentation/audit.controller.ts +17 -23
  50. package/template/src/modules/auth/application/services/auth.service.ts +147 -110
  51. package/template/src/modules/auth/application/services/password.service.ts +2 -2
  52. package/template/src/modules/auth/application/services/token.service.ts +20 -21
  53. package/template/src/modules/auth/auth.module.ts +20 -47
  54. package/template/src/modules/auth/dto/auth-response.dto.ts +9 -10
  55. package/template/src/modules/auth/dto/login.dto.ts +4 -4
  56. package/template/src/modules/auth/dto/logout.dto.ts +1 -1
  57. package/template/src/modules/auth/dto/oauth-exchange.dto.ts +4 -5
  58. package/template/src/modules/auth/dto/refresh-token.dto.ts +4 -5
  59. package/template/src/modules/auth/dto/signup.dto.ts +5 -11
  60. package/template/src/modules/auth/infrastructure/passport/google-auth.guard.ts +6 -14
  61. package/template/src/modules/auth/infrastructure/passport/google-oauth-state.store.ts +98 -0
  62. package/template/src/modules/auth/infrastructure/passport/google.strategy.ts +21 -30
  63. package/template/src/modules/auth/infrastructure/passport/jwt-auth.guard.ts +3 -3
  64. package/template/src/modules/auth/infrastructure/passport/jwt.strategy.ts +11 -11
  65. package/template/src/modules/auth/presentation/auth.controller.ts +45 -45
  66. package/template/src/modules/auth/presentation/current-user.decorator.ts +3 -5
  67. package/template/src/modules/auth/presentation/google-oauth-exception.filter.ts +5 -10
  68. package/template/src/modules/health/dto/health-response.dto.ts +5 -5
  69. package/template/src/modules/health/health.module.ts +2 -2
  70. package/template/src/modules/health/presentation/health.controller.ts +13 -13
  71. package/template/src/modules/invitations/application/services/invitations.service.ts +127 -176
  72. package/template/src/modules/invitations/dto/accept-invitation.dto.ts +6 -7
  73. package/template/src/modules/invitations/dto/create-invitation.dto.ts +14 -15
  74. package/template/src/modules/invitations/dto/invitation-response.dto.ts +37 -29
  75. package/template/src/modules/invitations/dto/invitation-token.dto.ts +4 -4
  76. package/template/src/modules/invitations/invitations.module.ts +5 -5
  77. package/template/src/modules/invitations/presentation/invitations.controller.ts +61 -63
  78. package/template/src/modules/memberships/application/services/memberships.service.ts +70 -84
  79. package/template/src/modules/memberships/dto/transfer-owner.dto.ts +4 -4
  80. package/template/src/modules/memberships/dto/update-billing-contact.dto.ts +2 -2
  81. package/template/src/modules/memberships/dto/update-membership-owner.dto.ts +2 -2
  82. package/template/src/modules/memberships/dto/update-membership-role.dto.ts +4 -4
  83. package/template/src/modules/memberships/dto/update-membership-status.dto.ts +3 -3
  84. package/template/src/modules/memberships/memberships.module.ts +4 -4
  85. package/template/src/modules/memberships/presentation/memberships.controller.ts +83 -99
  86. package/template/src/modules/organisations/application/services/organisations.service.ts +87 -23
  87. package/template/src/modules/organisations/dto/create-organisation.dto.ts +6 -13
  88. package/template/src/modules/organisations/dto/organisation-response.dto.ts +65 -14
  89. package/template/src/modules/organisations/infrastructure/repositories/organisations.repository.ts +4 -7
  90. package/template/src/modules/organisations/organisations.module.ts +5 -5
  91. package/template/src/modules/organisations/presentation/organisations.controller.ts +31 -18
  92. package/template/src/modules/organisations/types/default-organisation-data.ts +3 -9
  93. package/template/src/modules/request-context/application/services/request-context.service.ts +15 -7
  94. package/template/src/modules/request-context/presentation/org-scope.guard.ts +4 -9
  95. package/template/src/modules/request-context/presentation/request-context.interceptor.ts +4 -9
  96. package/template/src/modules/request-context/presentation/request-context.middleware.ts +7 -8
  97. package/template/src/modules/request-context/request-context.module.ts +7 -7
  98. package/template/src/modules/request-context/types/request-context.ts +2 -2
  99. package/template/src/modules/sample/application/services/sample.service.ts +10 -8
  100. package/template/src/modules/sample/dto/sample-echo.dto.ts +3 -3
  101. package/template/src/modules/sample/dto/sample-response.dto.ts +12 -12
  102. package/template/src/modules/sample/presentation/sample.controller.ts +25 -42
  103. package/template/src/modules/sample/sample.module.ts +4 -4
  104. package/template/src/modules/settings/application/services/settings.service.ts +15 -27
  105. package/template/src/modules/settings/dto/setting-response.dto.ts +9 -9
  106. package/template/src/modules/settings/dto/update-setting.dto.ts +5 -5
  107. package/template/src/modules/settings/presentation/settings.controller.ts +29 -35
  108. package/template/src/modules/settings/settings.module.ts +5 -5
  109. package/template/src/modules/settings/types/setting-definitions.ts +49 -33
  110. package/template/test/auth-refresh.spec.ts +90 -0
  111. package/template/test/frontend-bootstrap.spec.ts +181 -0
  112. package/template/test/role-permission-policy.spec.ts +94 -0
  113. package/template/test/route-registry.validator.spec.ts +12 -0
  114. package/template/test/security.e2e-spec.ts +134 -2
@@ -8,7 +8,7 @@ import {
8
8
  Res,
9
9
  UseFilters,
10
10
  UseGuards,
11
- } from "@nestjs/common";
11
+ } from '@nestjs/common';
12
12
  import {
13
13
  ApiBearerAuth,
14
14
  ApiCreatedResponse,
@@ -16,35 +16,35 @@ import {
16
16
  ApiOkResponse,
17
17
  ApiOperation,
18
18
  ApiTags,
19
- } from "@nestjs/swagger";
20
- import { Throttle } from "@nestjs/throttler";
21
- import { RevokedResponseDto } from "../../../common/dto/mutation-response.dto";
22
- import { ActiveUserSummaryDto } from "../../../common/dto/user-summary.dto";
23
- import { ApiErrorResponses } from "../../../common/swagger/api-error-responses";
24
- import { AuthService } from "../application/services/auth.service";
25
- import { AuthTokensResponseDto } from "../dto/auth-response.dto";
26
- import { LoginDto } from "../dto/login.dto";
27
- import { LogoutDto } from "../dto/logout.dto";
28
- import { OAuthExchangeDto } from "../dto/oauth-exchange.dto";
29
- import { RefreshTokenDto } from "../dto/refresh-token.dto";
30
- import { SignupDto } from "../dto/signup.dto";
31
- import { GoogleAuthGuard } from "../infrastructure/passport/google-auth.guard";
32
- import { JwtAuthGuard } from "../infrastructure/passport/jwt-auth.guard";
33
- import { AuthenticatedUser } from "../types/authenticated-user";
34
- import { GoogleAuthProfile } from "../types/google-auth-profile";
35
- import { CurrentUser } from "./current-user.decorator";
36
- import { GoogleOAuthExceptionFilter } from "./google-oauth-exception.filter";
19
+ } from '@nestjs/swagger';
20
+ import { Throttle } from '@nestjs/throttler';
21
+ import { RevokedResponseDto } from '../../../common/dto/mutation-response.dto';
22
+ import { ActiveUserSummaryDto } from '../../../common/dto/user-summary.dto';
23
+ import { ApiErrorResponses } from '../../../common/swagger/api-error-responses';
24
+ import { AuthService } from '../application/services/auth.service';
25
+ import { AuthTokensResponseDto } from '../dto/auth-response.dto';
26
+ import { LoginDto } from '../dto/login.dto';
27
+ import { LogoutDto } from '../dto/logout.dto';
28
+ import { OAuthExchangeDto } from '../dto/oauth-exchange.dto';
29
+ import { RefreshTokenDto } from '../dto/refresh-token.dto';
30
+ import { SignupDto } from '../dto/signup.dto';
31
+ import { GoogleAuthGuard } from '../infrastructure/passport/google-auth.guard';
32
+ import { JwtAuthGuard } from '../infrastructure/passport/jwt-auth.guard';
33
+ import { AuthenticatedUser } from '../types/authenticated-user';
34
+ import { GoogleAuthProfile } from '../types/google-auth-profile';
35
+ import { CurrentUser } from './current-user.decorator';
36
+ import { GoogleOAuthExceptionFilter } from './google-oauth-exception.filter';
37
37
 
38
- @ApiTags("Auth")
39
- @Controller("auth")
38
+ @ApiTags('Auth')
39
+ @Controller('auth')
40
40
  export class AuthController {
41
41
  constructor(private readonly authService: AuthService) {}
42
42
 
43
- @Post("signup")
43
+ @Post('signup')
44
44
  @Throttle({ default: { limit: 5, ttl: 60_000 } })
45
- @ApiOperation({ summary: "Create an email/password user and issue tokens." })
45
+ @ApiOperation({ summary: 'Create an email/password user and issue tokens.' })
46
46
  @ApiCreatedResponse({
47
- description: "User created and tokens issued.",
47
+ description: 'User created and tokens issued.',
48
48
  type: AuthTokensResponseDto,
49
49
  })
50
50
  @ApiErrorResponses(400, 409, 429)
@@ -52,12 +52,12 @@ export class AuthController {
52
52
  return this.authService.signup(dto);
53
53
  }
54
54
 
55
- @Post("login")
55
+ @Post('login')
56
56
  @HttpCode(200)
57
57
  @Throttle({ default: { limit: 5, ttl: 60_000 } })
58
- @ApiOperation({ summary: "Login with email/password." })
58
+ @ApiOperation({ summary: 'Login with email/password.' })
59
59
  @ApiOkResponse({
60
- description: "Login succeeded and tokens were issued.",
60
+ description: 'Login succeeded and tokens were issued.',
61
61
  type: AuthTokensResponseDto,
62
62
  })
63
63
  @ApiErrorResponses(400, 401, 429)
@@ -65,14 +65,14 @@ export class AuthController {
65
65
  return this.authService.login(dto);
66
66
  }
67
67
 
68
- @Post("refresh")
68
+ @Post('refresh')
69
69
  @HttpCode(200)
70
70
  @Throttle({ default: { limit: 10, ttl: 60_000 } })
71
71
  @ApiOperation({
72
- summary: "Rotate a refresh token and issue a new access token.",
72
+ summary: 'Rotate a refresh token and issue a new access token.',
73
73
  })
74
74
  @ApiOkResponse({
75
- description: "Refresh token rotated.",
75
+ description: 'Refresh token rotated.',
76
76
  type: AuthTokensResponseDto,
77
77
  })
78
78
  @ApiErrorResponses(400, 401, 429)
@@ -80,14 +80,14 @@ export class AuthController {
80
80
  return this.authService.refresh(dto);
81
81
  }
82
82
 
83
- @Post("oauth/exchange")
83
+ @Post('oauth/exchange')
84
84
  @HttpCode(200)
85
85
  @Throttle({ default: { limit: 10, ttl: 60_000 } })
86
86
  @ApiOperation({
87
- summary: "Exchange a Google OAuth one-time code for tokens.",
87
+ summary: 'Exchange a Google OAuth one-time code for tokens.',
88
88
  })
89
89
  @ApiOkResponse({
90
- description: "OAuth exchange succeeded.",
90
+ description: 'OAuth exchange succeeded.',
91
91
  type: AuthTokensResponseDto,
92
92
  })
93
93
  @ApiErrorResponses(400, 401, 429)
@@ -95,11 +95,11 @@ export class AuthController {
95
95
  return this.authService.exchangeOAuthCode(dto);
96
96
  }
97
97
 
98
- @Post("logout")
98
+ @Post('logout')
99
99
  @HttpCode(200)
100
- @ApiOperation({ summary: "Revoke a refresh token." })
100
+ @ApiOperation({ summary: 'Revoke a refresh token.' })
101
101
  @ApiOkResponse({
102
- description: "Refresh token is revoked or already unusable.",
102
+ description: 'Refresh token is revoked or already unusable.',
103
103
  type: RevokedResponseDto,
104
104
  })
105
105
  @ApiErrorResponses(400)
@@ -107,22 +107,22 @@ export class AuthController {
107
107
  return this.authService.logout(dto);
108
108
  }
109
109
 
110
- @Get("google")
110
+ @Get('google')
111
111
  @UseFilters(GoogleOAuthExceptionFilter)
112
112
  @UseGuards(GoogleAuthGuard)
113
- @ApiOperation({ summary: "Start the Google OAuth login flow." })
114
- @ApiFoundResponse({ description: "Redirects the browser to Google OAuth." })
113
+ @ApiOperation({ summary: 'Start the Google OAuth login flow.' })
114
+ @ApiFoundResponse({ description: 'Redirects the browser to Google OAuth.' })
115
115
  @ApiErrorResponses(403)
116
116
  google() {
117
117
  return undefined;
118
118
  }
119
119
 
120
- @Get("google/callback")
120
+ @Get('google/callback')
121
121
  @UseFilters(GoogleOAuthExceptionFilter)
122
122
  @UseGuards(GoogleAuthGuard)
123
- @ApiOperation({ summary: "Handle the Google OAuth callback." })
123
+ @ApiOperation({ summary: 'Handle the Google OAuth callback.' })
124
124
  @ApiFoundResponse({
125
- description: "Redirects to the configured frontend success or error URL.",
125
+ description: 'Redirects to the configured frontend success or error URL.',
126
126
  })
127
127
  @ApiErrorResponses(401, 403)
128
128
  async googleCallback(
@@ -133,12 +133,12 @@ export class AuthController {
133
133
  response.redirect(302, redirectUrl);
134
134
  }
135
135
 
136
- @Get("me")
136
+ @Get('me')
137
137
  @UseGuards(JwtAuthGuard)
138
138
  @ApiBearerAuth()
139
- @ApiOperation({ summary: "Return the current JWT identity." })
139
+ @ApiOperation({ summary: 'Return the current JWT identity.' })
140
140
  @ApiOkResponse({
141
- description: "Current authenticated user.",
141
+ description: 'Current authenticated user.',
142
142
  type: ActiveUserSummaryDto,
143
143
  })
144
144
  @ApiErrorResponses(401)
@@ -1,11 +1,9 @@
1
- import { createParamDecorator, ExecutionContext } from "@nestjs/common";
2
- import { AuthenticatedUser } from "../types/authenticated-user";
1
+ import { createParamDecorator, ExecutionContext } from '@nestjs/common';
2
+ import { AuthenticatedUser } from '../types/authenticated-user';
3
3
 
4
4
  export const CurrentUser = createParamDecorator(
5
5
  (_data: unknown, context: ExecutionContext): AuthenticatedUser => {
6
- const request = context
7
- .switchToHttp()
8
- .getRequest<{ user: AuthenticatedUser }>();
6
+ const request = context.switchToHttp().getRequest<{ user: AuthenticatedUser }>();
9
7
  return request.user;
10
8
  },
11
9
  );
@@ -1,10 +1,5 @@
1
- import {
2
- ArgumentsHost,
3
- Catch,
4
- ExceptionFilter,
5
- Injectable,
6
- } from "@nestjs/common";
7
- import { ConfigService } from "@nestjs/config";
1
+ import { ArgumentsHost, Catch, ExceptionFilter, Injectable } from '@nestjs/common';
2
+ import { ConfigService } from '@nestjs/config';
8
3
 
9
4
  type RedirectResponse = {
10
5
  headersSent?: boolean;
@@ -23,10 +18,10 @@ export class GoogleOAuthExceptionFilter implements ExceptionFilter {
23
18
  }
24
19
 
25
20
  const redirectUrl = new URL(
26
- this.config.get<string>("auth.google.errorRedirectUrl") ??
27
- "http://localhost:3000/auth/google/error",
21
+ this.config.get<string>('auth.google.errorRedirectUrl') ??
22
+ 'http://localhost:3000/auth/google/error',
28
23
  );
29
- redirectUrl.searchParams.set("error", "oauth_failed");
24
+ redirectUrl.searchParams.set('error', 'oauth_failed');
30
25
 
31
26
  response.redirect(302, redirectUrl.toString());
32
27
  }
@@ -1,9 +1,9 @@
1
- import { ApiProperty } from "@nestjs/swagger";
1
+ import { ApiProperty } from '@nestjs/swagger';
2
2
 
3
3
  export class HealthResponseDto {
4
- @ApiProperty({ example: "ok" })
5
- status!: "ok";
4
+ @ApiProperty({ example: 'ok' })
5
+ status!: 'ok';
6
6
 
7
- @ApiProperty({ example: "ok" })
8
- db!: "ok";
7
+ @ApiProperty({ example: 'ok' })
8
+ db!: 'ok';
9
9
  }
@@ -1,5 +1,5 @@
1
- import { Module } from "@nestjs/common";
2
- import { HealthController } from "./presentation/health.controller";
1
+ import { Module } from '@nestjs/common';
2
+ import { HealthController } from './presentation/health.controller';
3
3
 
4
4
  @Module({
5
5
  controllers: [HealthController],
@@ -1,20 +1,20 @@
1
- import { Controller, Get, ServiceUnavailableException } from "@nestjs/common";
2
- import { ApiOkResponse, ApiOperation, ApiTags } from "@nestjs/swagger";
3
- import { ApiErrorResponses } from "../../../common/swagger/api-error-responses";
4
- import { PrismaService } from "../../../database/prisma/prisma.service";
5
- import { Public } from "../../access-control/presentation/public.decorator";
6
- import { HealthResponseDto } from "../dto/health-response.dto";
1
+ import { Controller, Get, ServiceUnavailableException } from '@nestjs/common';
2
+ import { ApiOkResponse, ApiOperation, ApiTags } from '@nestjs/swagger';
3
+ import { ApiErrorResponses } from '../../../common/swagger/api-error-responses';
4
+ import { PrismaService } from '../../../database/prisma/prisma.service';
5
+ import { Public } from '../../access-control/presentation/public.decorator';
6
+ import { HealthResponseDto } from '../dto/health-response.dto';
7
7
 
8
- @ApiTags("Health")
9
- @Controller("health")
8
+ @ApiTags('Health')
9
+ @Controller('health')
10
10
  export class HealthController {
11
11
  constructor(private readonly prisma: PrismaService) {}
12
12
 
13
13
  @Get()
14
14
  @Public()
15
- @ApiOperation({ summary: "Check API and database health." })
15
+ @ApiOperation({ summary: 'Check API and database health.' })
16
16
  @ApiOkResponse({
17
- description: "API and database are healthy.",
17
+ description: 'API and database are healthy.',
18
18
  type: HealthResponseDto,
19
19
  })
20
20
  @ApiErrorResponses(503)
@@ -22,12 +22,12 @@ export class HealthController {
22
22
  try {
23
23
  await this.prisma.$queryRaw`SELECT 1`;
24
24
  } catch {
25
- throw new ServiceUnavailableException("Database health check failed.");
25
+ throw new ServiceUnavailableException('Database health check failed.');
26
26
  }
27
27
 
28
28
  return {
29
- status: "ok",
30
- db: "ok",
29
+ status: 'ok',
30
+ db: 'ok',
31
31
  };
32
32
  }
33
33
  }