@kava/kava-api-core 1.0.0

package/src/permission.util.ts

@@ -0,0 +1,136 @@
+import { ControllerContext } from "elysia"
+
+type   KeyDigit            =  "0"|"1"|"2"|"3"|"4"|"5"|"6"|"7"|"8"|"9"
+export type KeyFeature     =  `${"1"|"2"|"3"|"4"|"5"|"6"|"7"|"8"|"9"}${KeyDigit}${KeyDigit}`
+export type KeyAccess      =  `${KeyDigit}${KeyDigit}`
+export type KeyPermission  =  `${KeyFeature}.${KeyAccess}` | KeyAccess
+
+const features = new Map<KeyFeature, { key: KeyFeature; name: string }>()
+const accesses = new Map<KeyAccess, any>()
+
+type FeatureAccess = Partial<Record<KeyFeature, {
+  name: string
+  accesses: Partial<Record<KeyAccess, string>>
+}>>
+
+export const permission = {
+  register: (def: FeatureAccess) => {
+    const featureAccessMap = new Map<string, string>()
+    let defaultFeature: KeyFeature | null = null
+
+    for (const [featureKey, feature] of Object.entries(def)) {
+      if (!defaultFeature) defaultFeature = featureKey as KeyFeature
+
+      registerFeature({
+        key: featureKey as KeyFeature,
+        name: feature.name
+      })
+
+      for (const [accessKey, accessName] of Object.entries(feature.accesses)) {
+        const permKey =
+          `${featureKey}.${String(accessKey).padStart(2, "0")}`
+
+        registerAccess({
+          featureKey,
+          accessKey,
+          accessName,
+          permKey
+        })
+
+        featureAccessMap.set(
+          `${featureKey}.${accessKey}`,
+          permKey
+        )
+      }
+    }
+
+    return createScopeApi(defaultFeature!)
+  },
+  
+  getFeatures: () => [...features.values()],
+
+  getAccesses: () => {
+    const result: Record<string, {
+      key: string
+      name: string
+      accesses: { key: string; name: string }[]
+    }> = {}
+
+    for (const feature of features.values()) {
+      result[String(feature.key)] = {
+        key: String(feature.key),
+        name: feature.name,
+        accesses: []
+      }
+    }
+
+    for (const access of accesses.values()) {
+      const featureKey = String(access.featureKey)
+
+      if (!result[featureKey]) continue
+
+      result[featureKey].accesses.push({
+        key: String(access.accessKey).padStart(2, "0"),
+        name: access.accessName
+      })
+    }
+
+    return Object.values(result)
+  },
+}
+
+
+function normalize(
+  raw: KeyPermission,
+  defaultFeature?: KeyFeature
+): KeyPermission {
+  if (!raw.includes(".") && defaultFeature) {
+    return `${defaultFeature}.${String(raw).padStart(2, "0") as KeyAccess}`
+  }
+
+  return raw
+}
+
+function registerFeature(f: { key: KeyFeature; name: string }) {
+  if (!features.has(f.key)) {
+    features.set(f.key, f)
+  }
+}
+
+function registerAccess(a: any) {
+  if (!accesses.has(a.permKey)) {
+    accesses.set(a.permKey, a)
+  }
+}
+
+function createPermission(keys: KeyPermission[]) {
+  return {
+    keys,
+
+    orHave(raw: KeyPermission) {
+      return createPermission([
+        ...this.keys,
+        normalize(raw) as KeyPermission
+      ])
+    },
+
+    guard(c: ControllerContext) {
+      const permissions = new Set(c.permissions || [])
+
+      const ok = this.keys.some(k => permissions?.has(k))
+      if (!ok) {
+        c.responseForbidden()
+      }
+    }
+  }
+}
+
+export function createScopeApi(defaultFeature: KeyFeature) {
+  return {
+    have(raw: KeyPermission) {
+      const key = normalize(raw, defaultFeature)
+      return createPermission([key])
+    }
+  }
+}
+

package/src/route.util.ts

@@ -0,0 +1,12 @@
+// ================================>
+// ## Route: Basic api routers
+// ================================>
+export function api(app: any, basePath: string, controller: any) {
+  return app.group(basePath, (group: any) => group
+    .get("/", controller.index)
+    .post("/", controller.store)
+    .get("/:id", controller.show)
+    .put("/:id", controller.update)
+    .delete("/:id", controller.destroy)
+  )
+}

package/src/storage.util.ts

@@ -0,0 +1,102 @@
+import fs from "fs";
+import path from "path";
+import { Elysia } from "elysia";
+import { db } from "@utils/db.util";
+
+
+
+// ================================>
+// ## Storage: Middleware storage handler
+// ================================>
+export const storage = (app: Elysia) => app.get("/storage/*", async ({ params, set, user }: Record<string, any>) => {
+  const requestedPath  =  params["*"];
+  const baseDir        =  path.resolve("storage", "public");
+  const targetPath     =  path.resolve(baseDir, requestedPath);
+
+  if (!targetPath.startsWith(baseDir)) {
+    set.status = 400;
+    return { error: "Invalid path" };
+  }
+
+  if (fs.existsSync(targetPath)) {
+    const ext = path.extname(targetPath).toLowerCase();
+    const mimeTypes: Record<string, string> = {
+      ".jpg"   :  "image/jpeg",
+      ".jpeg"  :  "image/jpeg",
+      ".png"   :  "image/png",
+      ".webp"  :  "image/webp",
+      ".gif"   :  "image/gif",
+      ".pdf"   :  "application/pdf",
+      ".txt"   :  "text/plain",
+      ".json"  :  "application/json",
+      ".svg"   :  "image/svg+xml",
+    };
+
+    const buffer = fs.readFileSync(targetPath);
+
+    set.headers["Content-Type"] = mimeTypes[ext] || "application/octet-stream";
+    set.headers["Content-Length"] = buffer.length.toString();
+
+    return new Response(buffer);
+  } else {
+    const baseDir        =  path.resolve("storage", "private");
+    const targetPath     =  path.resolve(baseDir, requestedPath);
+
+    if (fs.existsSync(targetPath)) {
+      if (!user) {
+        set.status = 404
+        return { error: "File not found" };
+      }
+
+      const file = await db("storages").where({ path: requestedPath, disk: "private" }).first()
+
+      if (!file) {
+        set.status = 404
+        return { error: "File not found" }
+      }
+
+      let hasAccess = file.user_id === user.id
+
+      if (!hasAccess) {
+        hasAccess = await db("storage_permissions").where("storage_id", file.id)
+          .andWhere((q) => {
+            q.where("user_id", user.id)
+            .orWhere("role_id", user.role_id)
+          })
+          .first().then(Boolean)
+      }
+
+
+      if (!hasAccess) {
+        set.status = 404
+        return { error: "File not found" }
+      }
+
+    } else {
+      set.status = 404;
+      return { error: "File not found" };
+    }
+
+    const ext = path.extname(targetPath).toLowerCase();
+    const mimeTypes: Record<string, string> = {
+      ".jpg"   :  "image/jpeg",
+      ".jpeg"  :  "image/jpeg",
+      ".png"   :  "image/png",
+      ".webp"  :  "image/webp",
+      ".gif"   :  "image/gif",
+      ".pdf"   :  "application/pdf",
+      ".txt"   :  "text/plain",
+      ".json"  :  "application/json",
+      ".svg"   :  "image/svg+xml",
+    };
+
+    const buffer = fs.readFileSync(targetPath);
+
+    set.headers["Content-Type"] = mimeTypes[ext] || "application/octet-stream";
+    set.headers["Content-Length"] = buffer.length.toString();
+
+    return new Response(buffer);
+  }
+
+  
+});

package/src/validation.util.ts

@@ -0,0 +1,338 @@
+import validator from "validator"
+import { db } from "@utils"
+
+// ==========================>
+// ## Validation: Rules of validation
+// ==========================>
+
+export type ValidationRule =
+  | "required"
+  | "string"
+  | "numeric"
+  | "number"
+  | "boolean"
+  | "email"
+  | "url"
+  | "date"
+  | "confirmed"
+  | "array"
+  | `min:`
+  | `min:${number}`
+  | `max:`
+  | `max:${number}`
+  | `between:`
+  | `between:${number},${number}`
+  | `in:`
+  | `in:${string}`
+  | `not_in:`
+  | `not_in:${string}`
+  | `same:`
+  | `same:${string}`
+  | `different:`
+  | `different:${string}`
+  | `regex:`
+  | `regex:${string}`
+  | `unique:`
+  | `unique:${string},${string}`
+  | `exists:`
+  | `exists:${string},${string}`
+
+export type ValidationRules = Record<string, ValidationRule[] | string>
+
+export interface ValidationResult {
+  valid  : boolean
+  errors : Record<string, string[]>
+}
+
+// ==================================>
+// ## Check validate field from rules
+// ==================================>
+export async function validate(
+  data: Record<string, any>,
+  rules: ValidationRules
+): Promise<ValidationResult> {
+  const errors: Record<string, string[]> = {}
+
+  for (const field in rules) {
+    const fieldRules = normalizeRules(rules[field])
+
+    if (field.includes("*")) {
+      // const [arrayPath, childPath] = field.split(".*.")
+      // const arr = getNestedValue(data, arrayPath)
+
+      // if (!Array.isArray(arr)) {
+      //   addError(errors, arrayPath, `${arrayPath} harus berupa array`)
+      //   continue
+      // }
+
+      // for (let i = 0; i < arr.length; i++) {
+      //   const value = childPath
+      //     ? getNestedValue(arr[i], childPath)
+      //     : arr[i]
+
+      //   const itemField = childPath
+      //     ? `${arrayPath}.${i}.${childPath}`
+      //     : `${arrayPath}.${i}`
+
+      //   await checkRules({ field: itemField, value, rules: fieldRules, data, errors })
+      // }
+      const segments = field.split(".")
+
+      await nestedValidation({ value: data, segments, rules: fieldRules, fieldPath: "", data, errors })
+
+      continue
+    }
+
+
+    const value = getNestedValue(data, field) ?? ""
+
+    await checkRules({ field, value, rules: fieldRules, data, errors })
+  }
+
+  return {
+    valid: Object.keys(errors).length === 0,
+    errors
+  }
+}
+
+
+async function checkRules({ field, value, rules, data, errors } : { field: string, value: any, rules: ValidationRule[], data: any, errors: Record<string, string[]> }) {
+  for (const rule of rules) {
+    const [name, param] = rule.split(":") as [string, string | undefined]
+
+    switch (name) {
+      // === BASIC ===
+      case "required":
+        if (validator.isEmpty(String(value).trim())) {
+          addError(errors, field, `${field} wajib diisi`)
+        }
+        break
+
+      case "string":
+      case "text":
+        if (typeof value !== "string") {
+          addError(errors, field, `${field} harus berupa string`)
+        }
+        break
+
+      case "numeric":
+      case "number":
+        if (!validator.isNumeric(String(value))) {
+          addError(errors, field, `${field} harus berupa angka`)
+        }
+        break
+
+      case "boolean":
+        if (!(value === true || value === false || value === "true" || value === "false" || value === 1 || value === 0)) {
+          addError(errors, field, `${field} harus berupa boolean`)
+        }
+        break
+
+      case "email":
+        if (!validator.isEmail(String(value))) {
+          addError(errors, field, `${field} harus berupa email yang valid`)
+        }
+        break
+
+      case "url":
+        if (!validator.isURL(String(value))) {
+          addError(errors, field, `${field} harus berupa URL yang valid`)
+        }
+        break
+
+      case "date":
+        if (!validator.isDate(String(value))) {
+          addError(errors, field, `${field} harus berupa tanggal yang valid`)
+        }
+        break
+
+      // === LENGTH ===
+      case "min": {
+        const min = parseInt(param!)
+        if (!validator.isLength(String(value), { min })) {
+          addError(errors, field, `${field} minimal ${min} karakter`)
+        }
+        break
+      }
+
+      case "max": {
+        const max = parseInt(param!)
+        if (!validator.isLength(String(value), { max })) {
+          addError(errors, field, `${field} maksimal ${max} karakter`)
+        }
+        break
+      }
+
+      case "between": {
+        const [minVal, maxVal] = param!.split(",").map(Number)
+        if (!validator.isLength(String(value), { min: minVal, max: maxVal })) {
+          addError(errors, field, `${field} harus antara ${minVal} - ${maxVal} karakter`)
+        }
+        break
+      }
+
+      // === SET MEMBERSHIP ===
+      case "in": {
+        const allowed = param!.split(",")
+        if (!allowed.includes(String(value))) {
+          addError(errors, field, `${field} harus salah satu dari: ${allowed.join(", ")}`)
+        }
+        break
+      }
+
+      case "not_in": {
+        const notAllowed = param!.split(",")
+        if (notAllowed.includes(String(value))) {
+          addError(errors, field, `${field} tidak boleh salah satu dari: ${notAllowed.join(", ")}`)
+        }
+        break
+      }
+
+      case "array":
+      if (!Array.isArray(value)) {
+        addError(errors, field, `${field} harus berupa array`)
+      }
+      break
+
+      // === RELATIONAL ===
+      case "confirmed":
+        if (value !== getNestedValue(data, `${field}_confirmation`)) {
+          addError(errors, field, `${field} tidak sama dengan konfirmasi`)
+        }
+        break
+
+      case "same":
+        if (value !== getNestedValue(data, param!)) {
+          addError(errors, field, `${field} harus sama dengan ${param}`)
+        }
+        break
+
+      case "different":
+        if (value === getNestedValue(data, param!)) {
+          addError(errors, field, `${field} harus berbeda dengan ${param}`)
+        }
+        break
+
+      // === REGEX ===
+      case "regex":
+        try {
+          const pattern = new RegExp(param!)
+          if (!pattern.test(String(value))) {
+            addError(errors, field, `${field} tidak sesuai format`)
+          }
+        } catch {
+          addError(errors, field, `Regex rule untuk ${field} tidak valid`)
+        }
+        break
+
+      // === DATABASE VALIDATION ===
+      case "unique": {
+        const [table, column, exceptId] = param!.split(",")
+        const query = db.table(table).where(column, value)
+        if (exceptId) query.whereNot("id", exceptId)
+        const existing = await query.first()
+        if (existing) {
+          addError(errors, field, `${field} sudah digunakan`)
+        }
+        break
+      }
+
+      case "exists": {
+        const [table, column] = param!.split(",")
+        const existing = await db.table(table).where(column, value).first()
+        if (!existing) {
+          addError(errors, field, `${field} tidak ditemukan di ${table}`)
+        }
+        break
+      }
+    }
+  }
+}
+
+
+
+async function nestedValidation({
+  value,
+  segments,
+  rules,
+  fieldPath,
+  data,
+  errors
+}: {
+  value: any
+  segments: string[]
+  rules: ValidationRule[]
+  fieldPath: string
+  data: any
+  errors: Record<string, string[]>
+}) {
+  if (segments.length === 0) {
+    await checkRules({
+      field: fieldPath,
+      value,
+      rules,
+      data,
+      errors
+    })
+    return
+  }
+
+  const [segment, ...rest] = segments
+
+  if (segment === "*") {
+    if (!Array.isArray(value)) {
+      addError(errors, fieldPath, `${fieldPath} harus berupa array`)
+      return
+    }
+
+    for (let i = 0; i < value.length; i++) {
+      await nestedValidation({
+        value: value[i],
+        segments: rest,
+        rules,
+        fieldPath: `${fieldPath}.${i}`,
+        data,
+        errors
+      })
+    }
+  } else {
+    await nestedValidation({
+      value: value?.[segment],
+      segments: rest,
+      rules,
+      fieldPath: fieldPath ? `${fieldPath}.${segment}` : segment,
+      data,
+      errors
+    })
+  }
+}
+
+
+
+// ==================================>
+// ## Validation helpers
+// ==================================>
+function getNestedValue(obj: any, path: string): any {
+  if (!obj || typeof obj !== "object") return undefined
+
+  const normalizedPath = path
+    .replace(/\[(\w+)\]/g, '.$1')
+    .replace(/\['([^']+)'\]/g, '.$1')
+    .replace(/\["([^"]+)"\]/g, '.$1')
+
+  return normalizedPath.split('.').reduce((acc, key) => {
+    if (acc && Object.prototype.hasOwnProperty.call(acc, key)) {
+      return acc[key]
+    }
+    return undefined
+  }, obj)
+}
+
+function normalizeRules(rules: ValidationRule[] | string): ValidationRule[] {
+  if (Array.isArray(rules)) return rules
+  return rules.split("|") as ValidationRule[]
+}
+
+function addError(errors: Record<string, string[]>, field: string, message: string) {
+  errors[field] = [...(errors[field] || []), message]
+}

package/tsconfig.json

@@ -0,0 +1,23 @@
+{
+  "compilerOptions": {
+    "ignoreDeprecations": "6.0",
+    "target": "ES2021",
+    "module": "ES2022",
+    "moduleResolution": "node",
+    "declaration": true,
+    "sourceMap": true,
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "baseUrl": ".",
+    "types": ["bun-types", "elysia"],
+    "paths": {
+      "@utils": ["src/index.ts"],
+      "@utils/*": ["src/*"]
+    }
+  },
+  "include": ["src/**/*"]
+}