@m5kdev/backend 0.1.0

package/src/modules/ai/ideogram/ideogram.repository.ts

@@ -0,0 +1,39 @@
+import { ok } from "neverthrow";
+import type {
+  IdeogramV3GenerateInput,
+  IdeogramV3GenerateOutput,
+} from "#modules/ai/ideogram/ideogram.dto";
+import type { ServerResultAsync } from "#modules/base/base.dto";
+import { BaseExternaRepository } from "#modules/base/base.repository";
+
+export class IdeogramRepository extends BaseExternaRepository {
+  async generate(input: IdeogramV3GenerateInput): ServerResultAsync<IdeogramV3GenerateOutput> {
+    if (!process.env.IDEOGRAM_API_KEY)
+      return this.error("INTERNAL_SERVER_ERROR", "IDEOGRAM_API_KEY is not set");
+    return this.throwableAsync(async () => {
+      const formData = new FormData();
+      formData.append("prompt", input.prompt);
+      if (input.seed) formData.append("seed", input.seed.toString());
+      if (input.resolution) formData.append("resolution", input.resolution);
+      if (input.rendering_speed) formData.append("rendering_speed", input.rendering_speed);
+      if (input.magic_prompt) formData.append("magic_prompt", input.magic_prompt);
+      if (input.negative_prompt) formData.append("negative_prompt", input.negative_prompt);
+      if (input.num_images) formData.append("num_images", input.num_images.toString());
+      if (input.color_palette)
+        formData.append("color_palette", JSON.stringify(input.color_palette));
+      if (input.style_codes) formData.append("style_codes", JSON.stringify(input.style_codes));
+      if (input.aspect_ratio) formData.append("aspect_ratio", input.aspect_ratio);
+      if (input.style_type) formData.append("style_type", input.style_type);
+      if (input.style_preset) formData.append("style_preset", input.style_preset);
+      //TODO: Add file support
+
+      const response = await fetch("https://api.ideogram.ai/v1/ideogram-v3/generate", {
+        method: "POST",
+        headers: { "Api-Key": process.env.IDEOGRAM_API_KEY! },
+        body: formData,
+      });
+      const data = await response.json();
+      return ok(data as IdeogramV3GenerateOutput);
+    });
+  }
+}

package/src/modules/ai/ideogram/ideogram.service.ts

@@ -0,0 +1,14 @@
+import type {
+  IdeogramV3GenerateInput,
+  IdeogramV3GenerateOutput,
+} from "#modules/ai/ideogram/ideogram.dto";
+import type { IdeogramRepository } from "#modules/ai/ideogram/ideogram.repository";
+import type { ServerResultAsync } from "#modules/base/base.dto";
+import { BaseService } from "#modules/base/base.service";
+
+export class IdeogramService extends BaseService<{ ideogram: IdeogramRepository }, never> {
+  async generate(input: IdeogramV3GenerateInput): ServerResultAsync<IdeogramV3GenerateOutput> {
+    const result = await this.repository.ideogram.generate(input);
+    return result;
+  }
+}

package/src/modules/auth/auth.db.ts

@@ -0,0 +1,224 @@
+import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
+import { v4 as uuidv4 } from "uuid";
+
+export const users = sqliteTable("users", {
+  id: text("id").primaryKey().$default(uuidv4),
+  name: text("name").notNull(),
+  email: text("email").notNull().unique(),
+  emailVerified: integer("email_verified", { mode: "boolean" }).notNull(),
+  image: text("image"),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  role: text("role"),
+  banned: integer("banned", { mode: "boolean" }),
+  banReason: text("ban_reason"),
+  banExpires: integer("ban_expires", { mode: "timestamp" }),
+  stripeCustomerId: text("stripe_customer_id").unique(),
+  paymentCustomerId: text("payment_customer_id").unique(),
+  paymentPlanTier: text("payment_plan_tier"),
+  paymentPlanExpiresAt: integer("payment_plan_expires_at", {
+    mode: "timestamp",
+  }),
+  preferences: text("preferences"),
+  metadata: text("metadata", { mode: "json" })
+    .notNull()
+    .default({})
+    .$type<Record<string, unknown>>(),
+  onboarding: integer("onboarding"),
+  flags: text("flags"),
+});
+
+export const sessions = sqliteTable("sessions", {
+  id: text("id").primaryKey().$default(uuidv4),
+  expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
+  token: text("token").notNull().unique(),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  ipAddress: text("ip_address"),
+  userAgent: text("user_agent"),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  impersonatedBy: text("impersonated_by"),
+  activeOrganizationId: text("active_organization_id"),
+  activeOrganizationRole: text("active_organization_role"),
+  activeTeamId: text("active_team_id"),
+  activeTeamRole: text("active_team_role"),
+});
+
+export const accounts = sqliteTable("accounts", {
+  id: text("id").primaryKey().$default(uuidv4),
+  accountId: text("account_id").notNull(),
+  providerId: text("provider_id").notNull(),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  accessToken: text("access_token"),
+  refreshToken: text("refresh_token"),
+  idToken: text("id_token"),
+  accessTokenExpiresAt: integer("access_token_expires_at", {
+    mode: "timestamp",
+  }),
+  refreshTokenExpiresAt: integer("refresh_token_expires_at", {
+    mode: "timestamp",
+  }),
+  scope: text("scope"),
+  password: text("password"),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+});
+
+export const verifications = sqliteTable("verifications", {
+  id: text("id").primaryKey().$default(uuidv4),
+  identifier: text("identifier").notNull(),
+  value: text("value").notNull(),
+  expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
+  createdAt: integer("created_at", { mode: "timestamp" }).$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" }).$default(() => new Date()),
+});
+
+export const organizations = sqliteTable("organizations", {
+  id: text("id").primaryKey().$default(uuidv4),
+  name: text("name").notNull(),
+  slug: text("slug").unique(),
+  logo: text("logo"),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  metadata: text("metadata"),
+});
+
+export const members = sqliteTable("members", {
+  id: text("id").primaryKey().$default(uuidv4),
+  organizationId: text("organization_id")
+    .notNull()
+    .references(() => organizations.id),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id),
+  role: text("role").notNull(),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+});
+
+export const teams = sqliteTable("teams", {
+  id: text("id").primaryKey().$default(uuidv4),
+  name: text("name").notNull(),
+  organizationId: text("organization_id")
+    .notNull()
+    .references(() => organizations.id),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" }),
+});
+
+export const teamMembers = sqliteTable("teammembers", {
+  id: text("id").primaryKey().$default(uuidv4),
+  teamId: text("team_id")
+    .notNull()
+    .references(() => teams.id),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id),
+  role: text("role").notNull(),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+});
+
+export const invitations = sqliteTable("invitations", {
+  id: text("id").primaryKey().$default(uuidv4),
+  organizationId: text("organization_id")
+    .notNull()
+    .references(() => organizations.id),
+  teamId: text("team_id").references(() => teams.id),
+  email: text("email").notNull(),
+  role: text("role"),
+  status: text("status").notNull(),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
+  inviterId: text("inviter_id")
+    .notNull()
+    .references(() => users.id),
+});
+
+export const apikeys = sqliteTable("apikeys", {
+  id: text("id").primaryKey().$default(uuidv4),
+  name: text("name"),
+  start: text("start"),
+  prefix: text("prefix"),
+  key: text("key").notNull(),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id),
+  refillInterval: integer("refill_interval", { mode: "number" }),
+  refillAmount: integer("refill_amount", { mode: "number" }),
+  lastRefillAt: integer("last_refill_at", { mode: "timestamp" }),
+  enabled: integer("enabled", { mode: "boolean" }).notNull(),
+  rateLimitEnabled: integer("rate_limit_enabled", { mode: "boolean" }).notNull(),
+  rateLimitTimeWindow: integer("rate_limit_time_window", { mode: "number" }),
+  rateLimitMax: integer("rate_limit_max", { mode: "number" }),
+  requestCount: integer("request_count", { mode: "number" }).notNull(),
+  remaining: integer("remaining", { mode: "number" }),
+  lastRequest: integer("last_request", { mode: "timestamp" }),
+  expiresAt: integer("expires_at", { mode: "timestamp" }),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  permissions: text("permissions"),
+  metadata: text("metadata"),
+});
+
+export const waitlist = sqliteTable("waitlist", {
+  id: text("id").primaryKey().$default(uuidv4),
+  name: text("name"),
+  email: text("email"),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" }),
+  status: text("status").notNull().default("WAITLIST"),
+  type: text("type").notNull().default("WAITLIST"),
+  code: text("code"),
+  expiresAt: integer("expires_at", { mode: "timestamp" }),
+  userId: text("user_id").references(() => users.id),
+  claimUserId: text("claim_user_id").references(() => users.id),
+  claimedAt: integer("claimed_at", { mode: "timestamp" }),
+  claimedEmail: text("claimed_email"),
+});
+
+export const accountClaimMagicLinks = sqliteTable("account_claim_magic_links", {
+  id: text("id").primaryKey().$default(uuidv4),
+  claimId: text("claim_id")
+    .notNull()
+    .references(() => waitlist.id, { onDelete: "cascade" }),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  email: text("email").notNull(),
+  token: text("token").notNull(),
+  url: text("url").notNull(),
+  expiresAt: integer("expires_at", { mode: "timestamp" }),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+});

package/src/modules/auth/auth.dto.ts

@@ -0,0 +1,47 @@
+import { z } from "zod";
+
+export const waitlistSchema = z.object({
+  id: z.string(),
+  name: z.string().nullable(),
+  email: z.string().nullable(),
+  createdAt: z.date(),
+  updatedAt: z.date().nullable(),
+  status: z.string(),
+  code: z.string().nullable(),
+  expiresAt: z.date().nullable(),
+});
+
+export const waitlistOutputSchema = waitlistSchema.omit({ code: true, expiresAt: true });
+export type WaitlistOutput = z.infer<typeof waitlistOutputSchema>;
+export type Waitlist = z.infer<typeof waitlistSchema>;
+
+export const accountClaimSchema = z.object({
+  id: z.string(),
+  claimUserId: z.string().nullable(),
+  code: z.string().nullable(),
+  status: z.string(),
+  expiresAt: z.date().nullable(),
+  claimedAt: z.date().nullable(),
+  claimedEmail: z.string().nullable(),
+  createdAt: z.date(),
+  updatedAt: z.date().nullable(),
+});
+
+export const accountClaimOutputSchema = accountClaimSchema.omit({ code: true });
+export type AccountClaim = z.infer<typeof accountClaimSchema>;
+export type AccountClaimOutput = z.infer<typeof accountClaimOutputSchema>;
+
+export const accountClaimMagicLinkSchema = z.object({
+  id: z.string(),
+  claimId: z.string(),
+  userId: z.string(),
+  email: z.string(),
+  token: z.string(),
+  url: z.string(),
+  expiresAt: z.date().nullable(),
+  createdAt: z.date(),
+});
+
+export const accountClaimMagicLinkOutputSchema = accountClaimMagicLinkSchema.omit({ token: true });
+export type AccountClaimMagicLink = z.infer<typeof accountClaimMagicLinkSchema>;
+export type AccountClaimMagicLinkOutput = z.infer<typeof accountClaimMagicLinkOutputSchema>;

package/src/modules/auth/auth.lib.ts

@@ -0,0 +1,349 @@
+import { type BetterAuthOptions, betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { getOAuthState } from "better-auth/api";
+import { admin, apiKey, lastLoginMethod, magicLink, organization } from "better-auth/plugins";
+import { and, desc, eq, gte, type InferSelectModel } from "drizzle-orm";
+import type { LibSQLDatabase } from "drizzle-orm/libsql";
+import * as auth from "#modules/auth/auth.db";
+import { createOrganizationAndTeam, getActiveOrganizationAndTeam } from "#modules/auth/auth.utils";
+import type { BillingService } from "#modules/billing/billing.service";
+import type { EmailService } from "#modules/email/email.service";
+import { logger as rootLogger } from "#utils/logger";
+import { posthogCapture } from "#utils/posthog";
+
+const schema = { ...auth };
+type Schema = typeof schema;
+export type Orm = LibSQLDatabase<Schema>;
+
+export type User = InferSelectModel<typeof auth.users>;
+export type Session = InferSelectModel<typeof auth.sessions>;
+export type Context = { session: Session; user: User };
+
+export type BetterAuth = ReturnType<typeof betterAuth>;
+
+type CreateBetterAuthParams<
+  O extends Orm,
+  S extends Schema,
+  E extends EmailService,
+  B extends BillingService,
+> = {
+  orm: O;
+  schema: S;
+  services: {
+    email?: E;
+    billing?: B;
+  };
+  hooks?: {
+    onError?: (error: unknown) => void;
+    afterCreateUser?: (
+      user: Pick<User, "id" | "email" | "emailVerified" | "name" | "createdAt" | "updatedAt">
+    ) => Promise<void>;
+  };
+  options?: BetterAuthOptions;
+  config?: {
+    waitlist: boolean;
+    provisionedAccountEmailDomain?: string;
+  };
+};
+
+export function createBetterAuth<
+  O extends Orm,
+  S extends Schema,
+  E extends EmailService,
+  B extends BillingService,
+>({ orm, schema, services, hooks, options, config }: CreateBetterAuthParams<O, S, E, B>) {
+  const { email: emailService, billing: billingService } = services;
+  const { waitlist = false, provisionedAccountEmailDomain } = config ?? {};
+  const normalizedProvisionedAccountEmailDomain = provisionedAccountEmailDomain
+    ? provisionedAccountEmailDomain.toLowerCase().replace(/^@/, "")
+    : null;
+
+  const logger = rootLogger.child({ layer: "betterAuth" });
+
+  const getWaitlistInvitationCode = async (ctx?: { headers?: Headers | null } | null) => {
+    let code = ctx?.headers?.get("waitlist-invitation-code");
+    if (code) return code;
+    const oauthState = await getOAuthState();
+    if (oauthState) {
+      code = oauthState.waitlistInvitationCode;
+    }
+    return code;
+  };
+
+  const isProvisionedAccountEmail = (email: string) => {
+    if (!normalizedProvisionedAccountEmailDomain) return false;
+    return email.toLowerCase().endsWith(`@${normalizedProvisionedAccountEmailDomain}`);
+  };
+
+  return betterAuth({
+    ...options,
+    baseURL: process.env.VITE_SERVER_URL!,
+    session: {
+      expiresIn: 60 * 60 * 24 * 7,
+      updateAge: 60 * 60 * 24,
+      cookieCache: {
+        enabled: true,
+        maxAge: 60 * 5,
+      },
+      additionalFields: {
+        activeOrganizationRole: {
+          type: "string",
+          required: false,
+          defaultValue: null,
+        },
+        activeTeamRole: {
+          type: "string",
+          required: false,
+          defaultValue: null,
+        },
+      },
+    },
+    user: {
+      deleteUser: {
+        enabled: true,
+        sendDeleteAccountVerification: async ({ user, url }) => {
+          const result = await emailService?.sendDeleteAccountVerification(user.email, url);
+          if (result?.isErr()) {
+            logger.error(result.error);
+            hooks?.onError?.(result.error);
+            throw result.error;
+          }
+        },
+      },
+      additionalFields: {
+        onboarding: {
+          type: "number",
+          required: false,
+          defaultValue: null,
+        },
+        preferences: {
+          type: "string",
+          required: false,
+          defaultValue: null,
+        },
+        flags: {
+          type: "string",
+          required: false,
+          defaultValue: null,
+        },
+        stripeCustomerId: {
+          type: "string",
+          required: false,
+          defaultValue: null,
+          input: false,
+        },
+        paymentCustomerId: {
+          type: "string",
+          required: false,
+          defaultValue: null,
+          input: false,
+        },
+        paymentPlanTier: {
+          type: "string",
+          required: false,
+          defaultValue: null,
+          input: false,
+        },
+        paymentPlanExpiresAt: {
+          type: "number",
+          required: false,
+          defaultValue: null,
+          input: false,
+        },
+      },
+    },
+    database: drizzleAdapter(orm, {
+      provider: "sqlite",
+      schema,
+      usePlural: true,
+    }),
+    emailAndPassword: {
+      enabled: true,
+      requireEmailVerification: !waitlist,
+      sendResetPassword: async ({ user, url }) => {
+        const result = await emailService?.sendResetPassword(user.email, url);
+        if (result?.isErr()) {
+          logger.error(result.error);
+          hooks?.onError?.(result.error);
+          throw result.error;
+        }
+      },
+    },
+    emailVerification: {
+      sendVerificationEmail: async ({ user, url }) => {
+        const result = await emailService?.sendVerification(user.email, url);
+        if (result?.isErr()) {
+          logger.error(result.error);
+          hooks?.onError?.(result.error);
+          throw result.error;
+        }
+      },
+    },
+    plugins: [
+      ...(options?.plugins ?? []),
+      magicLink({
+        disableSignUp: true,
+        sendMagicLink: async ({ email, url, token }) => {
+          const [user] = await orm
+            .select({ id: schema.users.id })
+            .from(schema.users)
+            .where(eq(schema.users.email, email.toLowerCase()))
+            .limit(1);
+
+          if (!user) return;
+
+          const [claim] = await orm
+            .select({ id: schema.waitlist.id })
+            .from(schema.waitlist)
+            .where(
+              and(
+                eq(schema.waitlist.type, "ACCOUNT_CLAIM"),
+                eq(schema.waitlist.claimUserId, user.id),
+                eq(schema.waitlist.status, "INVITED"),
+                gte(schema.waitlist.expiresAt, new Date())
+              )
+            )
+            .orderBy(desc(schema.waitlist.createdAt))
+            .limit(1);
+          if (claim) {
+            await orm.insert(schema.accountClaimMagicLinks).values({
+              claimId: claim.id,
+              userId: user.id,
+              email: email.toLowerCase(),
+              token,
+              url,
+              expiresAt: new Date(Date.now() + 1000 * 60 * 5),
+            });
+          }
+        },
+      }),
+      admin(),
+      lastLoginMethod(),
+      organization({
+        allowUserToCreateOrganization: false,
+        teams: {
+          enabled: true,
+          allowRemovingAllTeams: false,
+        },
+        sendInvitationEmail: async (data) => {
+          const invitationUrl = `${process.env.VITE_APP_URL}/organization/accept-invitation?id=${data.id}`;
+          const inviterName = data.inviter.user.name || data.inviter.user.email;
+          const result = await emailService?.sendOrganizationInvite(
+            data.email,
+            data.organization.name,
+            inviterName,
+            data.role,
+            invitationUrl
+          );
+          if (result?.isErr()) {
+            logger.error(result.error);
+            hooks?.onError?.(result.error);
+            throw result.error;
+          }
+        },
+        schema: {
+          team: {
+            modelName: "team",
+          },
+          teamMember: {
+            modelName: "teamMember",
+            additionalFields: {
+              role: {
+                type: "string",
+                required: true,
+              },
+            },
+          },
+          member: {
+            modelName: "member",
+          },
+          invitation: {
+            modelName: "invitation",
+          },
+          organization: {
+            modelName: "organization",
+          },
+        },
+      }),
+      apiKey(),
+    ],
+    trustedOrigins: [process.env.VITE_APP_URL!, process.env.VITE_SERVER_URL!],
+
+    databaseHooks: {
+      user: {
+        create: {
+          before: async (_user, ctx) => {
+            if (waitlist) {
+              const waitlistCode = await getWaitlistInvitationCode(ctx);
+              if (waitlistCode) {
+                const [waitlistInvitation] = await orm
+                  .select()
+                  .from(schema.waitlist)
+                  .where(
+                    and(
+                      eq(schema.waitlist.code, waitlistCode),
+                      eq(schema.waitlist.type, "WAITLIST"),
+                      eq(schema.waitlist.status, "INVITED"),
+                      gte(schema.waitlist.expiresAt, new Date())
+                    )
+                  )
+                  .limit(1);
+
+                if (!waitlistInvitation) {
+                  return false;
+                }
+                await orm
+                  .update(schema.waitlist)
+                  .set({
+                    status: "ACCEPTED",
+                    updatedAt: new Date(),
+                  })
+                  .where(eq(schema.waitlist.id, waitlistInvitation.id));
+                return;
+              }
+            }
+
+            if (waitlist) {
+              return false;
+            }
+            return;
+          },
+          after: async (user) => {
+            await createOrganizationAndTeam(orm, schema, user);
+            if (!isProvisionedAccountEmail(user.email)) {
+              await billingService?.createUserHook({ user });
+            }
+            posthogCapture({
+              distinctId: user.id,
+              event: "user_created",
+              properties: {
+                email: user.email,
+                name: user.name,
+                role: user.role,
+                image: user.image,
+              },
+            });
+            if (hooks?.afterCreateUser) await hooks.afterCreateUser(user);
+          },
+        },
+      },
+      session: {
+        create: {
+          before: async (session) => {
+            const { organizationId, teamId, organizationRole, teamRole } =
+              await getActiveOrganizationAndTeam(orm, schema, session.userId);
+            return {
+              data: {
+                ...session,
+                activeOrganizationId: organizationId,
+                activeTeamId: teamId,
+                activeOrganizationRole: organizationRole,
+                activeTeamRole: teamRole,
+              },
+            };
+          },
+        },
+      },
+    },
+  });
+}