@starklabs/backend-core 1.1.1 → 1.2.0

package/dist/js/lib/field.types.js

@@ -0,0 +1,174 @@
+import mongoose from "mongoose";
+
+const { ObjectId } = mongoose.Schema.Types;
+
+const requiredString = {
+  type: String,
+  required: true,
+  trim: true,
+};
+
+const optionalString = {
+  type: String,
+  default: "",
+  trim: true,
+};
+
+const requiredUniqueString = {
+  type: String,
+  required: true,
+  unique: true,
+  trim: true,
+};
+
+const email = {
+  type: String,
+  required: true,
+  unique: true,
+  lowercase: true,
+  trim: true,
+};
+
+const password = {
+  type: String,
+  required: true,
+  minlength: 6,
+  select: false,
+};
+
+const requiredNumber = {
+  type: Number,
+  required: true,
+};
+
+const optionalNumber = {
+  type: Number,
+  default: 0,
+};
+
+const booleanTrue = {
+  type: Boolean,
+  default: true,
+};
+
+const booleanFalse = {
+  type: Boolean,
+  default: false,
+};
+
+const dateNow = {
+  type: Date,
+  default: Date.now,
+};
+
+const stringArray = {
+  type: [String],
+  default: [],
+};
+
+const objectArray = {
+  type: [Object],
+  default: [],
+};
+
+const objectId = {
+  type: ObjectId,
+};
+
+const requiredObjectId = {
+  type: ObjectId,
+  required: true,
+};
+
+const userRef = {
+  type: ObjectId,
+  ref: "User",
+};
+
+const requiredUserRef = {
+  type: ObjectId,
+  ref: "User",
+  required: true,
+};
+
+const userRefArray = [
+  {
+    type: ObjectId,
+    ref: "User",
+  },
+];
+
+const timestamps = {
+  createdAt: dateNow,
+  updatedAt: dateNow,
+};
+
+const provider = {
+  type: String,
+  enum: ["local", "google"],
+  default: "local",
+};
+
+const role = {
+  ...requiredString,
+  enum: ["user", ...JSON.parse(process.env.INTERNAL_ROLES || "[]")],
+  default: "user",
+};
+
+const otp = {
+  type: String,
+  required: true,
+};
+
+const otpExpiry = {
+  type: Number,
+  required: true,
+};
+
+const otpCount = {
+  type: Number,
+  required: true,
+  default: 0,
+  max: [10, "OTP verification limit reached. Please try again later."],
+};
+
+const otpStatus = {
+  type: String,
+  enum: ["pending", "verified", "blocked"],
+  default: "pending",
+};
+
+const imageMetaData = {
+  public_id: { type: String, required: false },
+  secure_url: { type: String, required: false },
+  width: { type: Number, required: false },
+  height: { type: Number, required: false },
+};
+
+export default {
+  requiredString,
+  optionalString,
+  requiredUniqueString,
+  email,
+  password,
+  requiredNumber,
+  optionalNumber,
+  booleanTrue,
+  booleanFalse,
+  dateNow,
+  stringArray,
+  objectArray,
+  objectId,
+  requiredObjectId,
+  userRef,
+  requiredUserRef,
+  userRefArray,
+  timestamps,
+  provider,
+  role,
+  otp,
+  otpExpiry,
+  otpCount,
+  otpStatus,
+  imageMetaData,
+};

package/dist/js/lib/model.factory.js

@@ -0,0 +1,19 @@
+import mongoose from "mongoose";
+import buildSchema from "./schema.builder.js";
+import AppLog from "../utils/AppLog.js";
+import AppError from "../utils/AppError.js";
+
+const createModel = (name, definition) => {
+  if (!name) throw new AppError("modelName is required");
+  if (!definition) throw new AppError("mongooseSchema is required");
+
+  const schema = buildSchema(definition);
+
+  if (mongoose.modelNames().includes(name)) {
+    return mongoose.model(name);
+  }
+  AppLog("db", "modelFactory", `${name} model created!`);
+  return mongoose.model(name, schema);
+};
+
+export default createModel;

package/dist/js/lib/model.registry.js

@@ -0,0 +1,4 @@
+// GLOBAL MODEL REGISTRY
+const registerModel = {};
+
+export default registerModel;

package/dist/js/lib/schema.builder.js

@@ -0,0 +1,35 @@
+import mongoose from "mongoose";
+
+const buildSchema = (definition) => {
+  const schemaObject = {};
+
+  for (const key in definition) {
+    const value = definition[key];
+
+    // CASE 1: primitive shorthand (String, Number, etc.)
+    if (
+      typeof value === "string" ||
+      typeof value === "number" ||
+      typeof value === "boolean"
+    ) {
+      schemaObject[key] = { type: value };
+      continue;
+    }
+
+    // CASE 2: already mongoose-style object
+    if (typeof value === "object" && !Array.isArray(value)) {
+      schemaObject[key] = value;
+      continue;
+    }
+
+    // CASE 3: array schema
+    if (Array.isArray(value)) {
+      schemaObject[key] = value;
+      continue;
+    }
+  }
+
+  return new mongoose.Schema(schemaObject, { timestamps: true });
+};
+
+export default buildSchema;

package/dist/js/lib/zod.validations.js

@@ -0,0 +1,247 @@
+import { z } from "zod";
+import { getConfig } from "../config/config.js";
+import "dotenv/config";
+
+/**
+ * =========================
+ * STRING HELPERS
+ * =========================
+ */
+
+export const requiredString = z
+  .string()
+  .trim()
+  .min(1, "At least 1 character in string is required");
+
+export const optionalString = z.string().trim().default("");
+
+/**
+ * =========================
+ * EMAIL
+ * =========================
+ */
+
+export const email = z
+  .string()
+  .trim()
+  .toLowerCase()
+  .email("Invalid email address");
+
+/**
+ * =========================
+ * PASSWORD
+ * =========================
+ */
+
+export const password = z
+  .string({
+    required_error: "Password is required",
+    invalid_type_error: "Password is required",
+  })
+  .min(6, "Password must be at least 6 characters");
+
+/**
+ * =========================
+ * NUMBER HELPERS
+ * =========================
+ */
+
+export const requiredNumber = z.coerce
+  .number()
+  .min(1, "Number must be 1 or greater");
+
+export const optionalNumber = z.coerce.number().default(0);
+
+/**
+ * =========================
+ * BOOLEAN HELPERS
+ * =========================
+ */
+
+export const booleanTrue = z.boolean().default(true);
+export const booleanFalse = z.boolean().default(false);
+
+/**
+ * =========================
+ * DATE
+ * =========================
+ */
+
+export const dateNow = z.date().default(() => new Date());
+
+/**
+ * =========================
+ * ARRAYS
+ * =========================
+ */
+
+export const stringArray = z.preprocess((val) => {
+  if (Array.isArray(val)) return val;
+
+  if (typeof val === "string") {
+    try {
+      const parsed = JSON.parse(val);
+      if (Array.isArray(parsed)) return parsed;
+    } catch (e) {
+      return val.split(",").map((v) => v.trim());
+    }
+  }
+
+  return [];
+}, z.array(z.string()).default([]));
+
+export const requiredStringArray = z.preprocess(
+  (val) => {
+    // already correct
+    if (Array.isArray(val)) return val;
+
+    // string case (your problem case)
+    if (typeof val === "string") {
+      try {
+        const parsed = JSON.parse(val);
+        if (Array.isArray(parsed)) return parsed;
+      } catch (e) {
+        // fallback: treat as comma-separated string
+        return val.split(",").map((v) => v.trim());
+      }
+    }
+
+    // weird multer case: array of broken strings
+    if (Array.isArray(val)) {
+      const joined = val.join("");
+      try {
+        const parsed = JSON.parse(joined);
+        if (Array.isArray(parsed)) return parsed;
+      } catch (e) {
+        return val;
+      }
+    }
+
+    return [];
+  },
+  z.array(z.string()).min(1, "Array must have at least 1 element"),
+);
+
+export const objectArray = z.preprocess(
+  (val) => {
+    if (Array.isArray(val)) return val;
+
+    if (typeof val === "string") {
+      try {
+        const parsed = JSON.parse(val);
+        if (Array.isArray(parsed)) return parsed;
+      } catch (e) {
+        return [];
+      }
+    }
+
+    return [];
+  },
+  z.array(z.object({})).default([]),
+);
+
+export const requiredObjectArray = z.preprocess(
+  (val) => {
+    // already correct
+    if (Array.isArray(val)) return val;
+
+    // string case (JSON from form-data)
+    if (typeof val === "string") {
+      try {
+        const parsed = JSON.parse(val);
+        if (Array.isArray(parsed)) return parsed;
+      } catch (e) {
+        return [];
+      }
+    }
+
+    return [];
+  },
+  z.array(z.object({})).min(1, "Array must have at least 1 object"),
+);
+
+/**
+ * =========================
+ * OBJECT ID / REFERENCES
+ * =========================
+ */
+
+export const objectId = z
+  .string({
+    required_error: "ObjectId is required",
+    invalid_type_error: "Invalid ObjectId",
+  })
+  .regex(/^[0-9a-fA-F]{24}$/, "Invalid ObjectId");
+
+export const requiredObjectId = objectId;
+
+export const userRef = objectId;
+export const requiredUserRef = objectId;
+
+export const userRefArray = z.array(objectId).default([]);
+
+/**
+ * =========================
+ * ENUMS
+ * =========================
+ */
+
+export const provider = z.enum(["local", "google"]).default("local");
+
+const internalRoles = JSON.parse(process.env.INTERNAL_ROLES || "[]");
+
+export const role = z.enum(["user", ...internalRoles]).default("user");
+
+/**
+ * =========================
+ * TIMESTAMPS
+ * =========================
+ */
+
+export const timestamps = {
+  createdAt: dateNow,
+  updatedAt: dateNow,
+};
+
+// files
+const requiredImage = z
+  .object({
+    fieldname: z.string(),
+    originalname: z.string(),
+    mimetype: z.string(),
+    size: z.number(),
+  })
+  .passthrough()
+  .refine((file) => file.mimetype.startsWith("image/"), {
+    message: "Only image files are allowed",
+  });
+/**
+ * =========================
+ * EXPORT ALL
+ * =========================
+ */
+
+export default {
+  requiredString,
+  optionalString,
+  email,
+  password,
+  requiredNumber,
+  optionalNumber,
+  booleanTrue,
+  booleanFalse,
+  dateNow,
+  stringArray,
+  requiredStringArray,
+  objectArray,
+  requiredObjectArray,
+  objectId,
+  requiredObjectId,
+  userRef,
+  requiredUserRef,
+  userRefArray,
+  timestamps,
+  provider,
+  role,
+  requiredImage,
+};

package/dist/js/middleware/auth.middleware.js

@@ -0,0 +1,51 @@
+import { verifyJWT, AppError } from "../utils/index.js";
+import registerModel from "../lib/model.registry.js";
+import { getConfig } from "../config/config.js";
+
+// find user safely
+const findUser = async (email) => {
+  const { userModel } = getConfig();
+  const Model = registerModel[userModel];
+
+  return await Model.findOne({ email });
+};
+
+// protect middleware
+const protect = async (req, res, next) => {
+  try {
+    const token = req.cookies?.authToken;
+
+    if (!token) {
+      return next(new AppError("Authentication required", 401));
+    }
+
+    const { jwtSecret } = getConfig();
+
+    const payload = verifyJWT(token, jwtSecret);
+
+    if (!payload?.email) {
+      return next(new AppError("Invalid token payload", 401));
+    }
+
+    const user = await findUser(payload.email);
+
+    if (!user) {
+      return next(new AppError("This account no longer exists", 401));
+    }
+
+    // optional: ensure provider consistency
+    if (payload.provider && payload.provider !== user.provider) {
+      return next(new AppError("Provider mismatch", 401));
+    }
+
+    // attach clean user (not raw JWT)
+    const { iat, exp, ...cleanPayload } = payload;
+    req.user = { ...cleanPayload, authProvider: user?.provider };
+
+    next();
+  } catch (error) {
+    return next(new AppError("Unauthorized", 401));
+  }
+};
+
+export default protect;

package/dist/js/middleware/error.middleware.js

@@ -0,0 +1,28 @@
+// custom imports
+import AppLog from "../utils/AppLog.js";
+
+const errorMiddleware = (err, req, res, next) => {
+  let statusCode = err.statusCode || 500;
+  let message = err.message || "Internal Server Error";
+
+  // Log everything for debugging
+  AppLog("X", "error.middleware.js", message);
+  console.log(err);
+
+  // Handle known / operational errors
+  if (err.isOperational) {
+    return res.status(statusCode).json({
+      success: false,
+      message,
+    });
+  }
+
+
+  // Unknown / programming errors
+  return res.status(500).json({
+    success: false,
+    message: "Something went wrong",
+  });
+};
+
+export default errorMiddleware;

package/dist/js/middleware/socket.middleware.js

@@ -0,0 +1,29 @@
+// module imports
+import cookie from "cookie";
+
+// custom imports
+import envs from "../config/envs.js";
+import { verifyJWT, AppError } from "../utils/index.js";
+
+export const socketProtect = (io) => {
+  io.use(async (socket, next) => {
+    try {
+      const cookies = cookie.parse(socket.handshake.headers.cookie || "");
+      const token = cookies.authToken;
+      if (!token) throw new AppError("Unauthorized");
+
+      const payLoad = verifyJWT(token);
+      delete payLoad.iat;
+      delete payLoad.exp;
+
+      payLoad.user = payLoad.id;
+
+      delete payLoad.id;
+
+      socket.user = payLoad;
+      next();
+    } catch (error) {
+       return next(new Error("Unauthorized"));
+    }
+  });
+};

package/dist/js/utils/AppLog.js

@@ -2,12 +2,13 @@
 const emojis = {
   check: "✅",
   X: "❌",
+  db: "📚"
 };
 
 // console logs
 /**
  *
- * @param {check | X} emoji
+ * @param {check | X | db} emoji
  * @param {string} file
  * @param {string} message
  */

package/dist/js/utils/deleteFile.js

@@ -0,0 +1,22 @@
+import { cloudinary } from "../config/cloudinary.js";
+import AppError from "./AppError.js";
+
+const deleteFile = async (id, fileType) => {
+  try {
+    if (!fileType) throw new Error(`fileType is required`);
+    if (!id) throw new Error(`${fileType} public_id is required`);
+
+    const item = await cloudinary.uploader.destroy(id, {
+      resource_type: fileType,
+    });
+
+    if (item.result === "not found")
+      throw new AppError("File not found to delete");
+
+    return true;
+  } catch (error) {
+    throw new AppError(error.message);
+  }
+};
+
+export default deleteFile;

package/dist/js/utils/index.js

@@ -4,4 +4,13 @@ export { default as successResponse } from "./successResponse.js";
 export { default as asyncHandler } from "./asyncHandler.js";
 export { default as AppError } from "./AppError.js";
 export { signJWT, verifyJWT } from "./jwt.js";
-export { hashPassword, verifyPassword } from "./libsodium.js";
+export {
+  hash,
+  verifyHash,
+  seal,
+  unSeal,
+  generateJWTSecret,
+  generateMasterKey,
+} from "./libsodium.js";
+export { default as uploadFile } from "./uploadFile.js";
+export {default as deleteFile} from "./deleteFile.js"

package/dist/js/utils/jwt.js

@@ -1,27 +1,16 @@
 import jwt from "jsonwebtoken";
 import AppError from "./AppError.js";
+import getDuration from "../config/duration.js";
 
-export const EXPIRY = {
-  "2m": 1000 * 60 * 2,
-  "10m": 1000 * 60 * 10,
-  "1h": 1000 * 60 * 60,
-  "6h": 1000 * 60 * 60 * 6,
-  "12h": 1000 * 60 * 60 * 12,
-  "1d": 1000 * 60 * 60 * 24,
-  "3d": 1000 * 60 * 60 * 24 * 3,
-  "7d": 1000 * 60 * 60 * 24 * 7,
-  "14d": 1000 * 60 * 60 * 24 * 14,
-  "30d": 1000 * 60 * 60 * 24 * 30,
-};
-
-const getExpiry = (key) => {
-  if (!EXPIRY[key]) throw new Error("Invalid expiry key");
-  return EXPIRY[key];
-};
-
-const signJWT = (payLoad, JWT_SECRET, JWT_EXPIRY) => {
+const signJWT = (payLoad, JWT_SECRET, tokenExpiry) => {
   try {
-    return jwt.sign(payLoad, JWT_SECRET, { expiresIn: JWT_EXPIRY });
+    if (!payLoad) throw new Error("payLoad is required");
+    if (!JWT_SECRET) throw new Error("jwtSecret is required");
+    if (!tokenExpiry) throw new Error("tokenExpiry is required");
+
+    return jwt.sign(payLoad, JWT_SECRET, {
+      expiresIn: getDuration(tokenExpiry),
+    });
   } catch (error) {
     throw new AppError(error.message);
   }
@@ -29,6 +18,9 @@ const signJWT = (payLoad, JWT_SECRET, JWT_EXPIRY) => {
 
 const verifyJWT = (token, JWT_SECRET) => {
   try {
+    if (!JWT_SECRET) throw new Error("jwtSecret is required");
+    if (!token) throw new Error("JWT token is required");
+
     return jwt.verify(token, JWT_SECRET);
   } catch (error) {
     throw new AppError("Invalid or expired token", 401);