@techstream/quark-create-app 1.5.2 → 1.6.0

package/templates/base-project/packages/db/scripts/seed.js

@@ -1,40 +1,127 @@
+import { faker } from "@faker-js/faker";
 import bcrypt from "bcryptjs";
-import { PrismaClient } from "../src/generated/prisma/client.js";
+import { prisma } from "../src/index.js";
 
-const prisma = new PrismaClient();
+// Deterministic output — change this integer to get a different but consistent dataset
+faker.seed(42);
 
-async function main() {
-	console.log("Seeding database...");
-
-	const email = "test@example.com";
-	const password = await bcrypt.hash("Password1", 12);
-
-	const user = await prisma.user.upsert({
-		where: { email },
-		update: {},
-		create: {
-			email,
-			name: "Test User",
-			password,
-			image: "https://api.dicebear.com/7.x/avataaars/svg?seed=test",
-			posts: {
-				create: [
-					{
-						title: "Hello World",
-						content: "This is a seeded post. Welcome to Quark!",
-						published: true,
-					},
-					{
-						title: "Draft Post",
-						content: "This is a draft post. It is not published yet.",
-						published: false,
-					},
-				],
+const PROFILE = process.env.SEED_PROFILE ?? "dev";
+const VALID_PROFILES = ["minimal", "dev"];
+
+if (!VALID_PROFILES.includes(PROFILE)) {
+	console.error(
+		`Unknown SEED_PROFILE "${PROFILE}". Valid options: ${VALID_PROFILES.join(", ")}`,
+	);
+	process.exit(1);
+}
+
+// ---------------------------------------------------------------------------
+// Seeders
+// ---------------------------------------------------------------------------
+
+async function seedUsers() {
+	const users = [
+		{
+			email: "admin@example.com",
+			name: "Admin User",
+			role: "admin",
+			password: "Password1",
+		},
+		{
+			email: "viewer@example.com",
+			name: "Viewer User",
+			role: "viewer",
+			password: "Password1",
+		},
+	];
+
+	const seeded = [];
+	for (const userData of users) {
+		// Skip hashing if the user already exists — upsert update:{} won't use it anyway.
+		const existing = await prisma.user.findUnique({
+			where: { email: userData.email },
+		});
+		const hashed =
+			existing?.password ?? (await bcrypt.hash(userData.password, 12));
+		const user = await prisma.user.upsert({
+			where: { email: userData.email },
+			// update:{} intentionally leaves existing users unchanged on re-seed.
+			// To reset a user's password or role, delete the row first or update the create block.
+			update: {},
+			create: {
+				email: userData.email,
+				name: userData.name,
+				role: userData.role,
+				password: hashed,
+				image: `https://api.dicebear.com/7.x/avataaars/svg?seed=${userData.email}`,
 			},
+		});
+		seeded.push(user);
+		console.log(`  ✓ User: ${user.email} (${user.role})`);
+	}
+	return seeded;
+}
+
+async function seedDevData(users) {
+	// Audit logs — representative actions per user
+	const actions = ["user.login", "user.update", "file.upload"];
+	const userIds = users.map((u) => u.id);
+	// Scoped to seeded user IDs so real audit entries in a shared dev DB are not wiped.
+	await prisma.auditLog.deleteMany({
+		where: { userId: { in: userIds }, action: { in: actions } },
+	});
+	for (const user of users) {
+		for (const action of actions) {
+			await prisma.auditLog.create({
+				data: {
+					userId: user.id,
+					action,
+					entity: "User",
+					entityId: user.id,
+					metadata: {
+						ip: faker.internet.ip(),
+						userAgent: faker.internet.userAgent(),
+					},
+				},
+			});
+		}
+	}
+	console.log(`  ✓ AuditLogs: ${users.length * actions.length} rows`);
+
+	// A sample pending job so the worker dashboard has something to show
+	await prisma.job.deleteMany({ where: { name: "seed-example-job" } });
+	await prisma.job.create({
+		data: {
+			queue: "default",
+			name: "seed-example-job",
+			data: { message: "Hello from seed" },
+			status: "PENDING",
 		},
 	});
+	console.log("  ✓ Job: seed-example-job (PENDING)");
+}
+
+// ---------------------------------------------------------------------------
+// Add your own model seeders below and call them from main()
+// Example:
+//   async function seedTeams(users) {
+//     await prisma.team.upsert({ where: { slug: "acme" }, update: {}, create: { ... } });
+//   }
+// ---------------------------------------------------------------------------
+
+async function main() {
+	console.log(`\nSeeding database [profile: ${PROFILE}]...\n`);
+
+	const users = await seedUsers();
+
+	if (PROFILE === "dev") {
+		await seedDevData(users);
+	}
+
+	// Add your seeders here:
+	// await seedTeams(users);
 
-	console.log("Seeded user:", user.email);
+	console.log("\nDone.\n");
 }
 
 main()

package/templates/base-project/packages/db/src/queries.js

@@ -15,6 +15,8 @@ const USER_SAFE_SELECT = {
 	updatedAt: true,
 };
 
+export { USER_SAFE_SELECT };
+
 // User queries
 export const user = {
 	findById: (id) => {
@@ -23,12 +25,7 @@ export const user = {
 			select: USER_SAFE_SELECT,
 		});
 	},
-	findByIdWithPosts: (id) => {
-		return prisma.user.findUnique({
-			where: { id },
-			select: { ...USER_SAFE_SELECT, posts: true },
-		});
-	},
+
 	/**
 	 * findByEmail returns ALL fields including password.
 	 * Only use for internal auth — never expose the result directly to clients.
@@ -67,68 +64,6 @@ export const user = {
 	},
 };
 
-/**
- * Safe author include — returns author without sensitive fields.
- */
-const AUTHOR_SAFE_INCLUDE = { author: { select: USER_SAFE_SELECT } };
-
-// Post queries
-export const post = {
-	findById: (id) => {
-		return prisma.post.findUnique({
-			where: { id },
-			include: AUTHOR_SAFE_INCLUDE,
-		});
-	},
-	findAll: (options = {}) => {
-		const { skip = 0, take = 10 } = options;
-		return prisma.post.findMany({
-			skip,
-			take,
-			include: AUTHOR_SAFE_INCLUDE,
-			orderBy: { createdAt: "desc" },
-		});
-	},
-	findPublished: (options = {}) => {
-		const { skip = 0, take = 10 } = options;
-		return prisma.post.findMany({
-			where: { published: true },
-			skip,
-			take,
-			include: AUTHOR_SAFE_INCLUDE,
-			orderBy: { createdAt: "desc" },
-		});
-	},
-	findByAuthor: (authorId, options = {}) => {
-		const { skip = 0, take = 10 } = options;
-		return prisma.post.findMany({
-			where: { authorId },
-			skip,
-			take,
-			include: AUTHOR_SAFE_INCLUDE,
-			orderBy: { createdAt: "desc" },
-		});
-	},
-	create: (data) => {
-		return prisma.post.create({
-			data,
-			include: AUTHOR_SAFE_INCLUDE,
-		});
-	},
-	update: (id, data) => {
-		return prisma.post.update({
-			where: { id },
-			data,
-			include: AUTHOR_SAFE_INCLUDE,
-		});
-	},
-	delete: (id) => {
-		return prisma.post.delete({
-			where: { id },
-		});
-	},
-};
-
 // Note: Job tracking is handled by BullMQ's built-in Redis persistence.
 // The Prisma Job model is retained in the schema for optional audit/reporting
 // but these query helpers have been removed to avoid confusion with BullMQ.
@@ -278,3 +213,58 @@ export const auditLog = {
 		});
 	},
 };
+
+// File queries
+export const file = {
+	create: (data) => {
+		return prisma.file.create({ data });
+	},
+	findById: (id) => {
+		return prisma.file.findUnique({
+			where: { id },
+			include: {
+				uploadedBy: { select: { id: true, email: true, name: true } },
+			},
+		});
+	},
+	findByStorageKey: (storageKey) => {
+		return prisma.file.findUnique({ where: { storageKey } });
+	},
+	findByUploader: (uploadedById, options = {}) => {
+		const { skip = 0, take = 50 } = options;
+		return prisma.file.findMany({
+			where: { uploadedById },
+			skip,
+			take,
+			orderBy: { createdAt: "desc" },
+		});
+	},
+	findOrphaned: (options = {}) => {
+		const { take = 100 } = options;
+		return prisma.file.findMany({
+			where: { uploadedById: null },
+			take,
+			orderBy: { createdAt: "asc" },
+		});
+	},
+	findOlderThan: (date, options = {}) => {
+		const { take = 100 } = options;
+		return prisma.file.findMany({
+			where: {
+				uploadedById: null,
+				createdAt: { lt: date },
+			},
+			take,
+			orderBy: { createdAt: "asc" },
+		});
+	},
+	delete: (id) => {
+		return prisma.file.delete({ where: { id } });
+	},
+	deleteMany: (ids) => {
+		return prisma.file.deleteMany({ where: { id: { in: ids } } });
+	},
+	count: (where = {}) => {
+		return prisma.file.count({ where });
+	},
+};

package/templates/base-project/packages/db/src/queries.test.js

@@ -7,10 +7,6 @@ const _mockPrisma = {
 		findUnique: async (params) => params,
 		create: async (params) => params,
 	},
-	post: {
-		create: async (params) => params,
-		findMany: async (params) => params,
-	},
 };
 
 // Mock module for queries
@@ -31,15 +27,6 @@ const mockQueries = {
 			...data,
 		}),
 	},
-	post: {
-		create: async (data) => ({
-			id: "1",
-			...data,
-		}),
-		findPublished: async () => [
-			{ id: "1", title: "Published", published: true },
-		],
-	},
 };
 
 test("User Queries - findById calls prisma with correct params", async () => {
@@ -61,19 +48,3 @@ test("User Queries - create calls prisma with correct params", async () => {
 	assert.strictEqual(result.email, "new@example.com");
 	assert.strictEqual(result.name, "New User");
 });
-
-test("Post Queries - create calls prisma with correct params", async () => {
-	const result = await mockQueries.post.create({
-		title: "Test Post",
-		authorId: "1",
-	});
-	assert.strictEqual(result.title, "Test Post");
-	assert.strictEqual(result.authorId, "1");
-});
-
-test("Post Queries - findPublished returns only published posts", async () => {
-	const result = await mockQueries.post.findPublished();
-	assert.ok(Array.isArray(result));
-	assert.strictEqual(result.length, 1);
-	assert.strictEqual(result[0].published, true);
-});

package/templates/base-project/packages/db/src/schemas.js

@@ -23,14 +23,8 @@ export const userUpdateSchema = z.object({
 	image: z.string().url().optional(),
 });
 
-export const postCreateSchema = z.object({
-	title: z.string().min(1, "Title is required"),
-	content: z.string().optional(),
-	published: z.boolean().optional(),
-});
-
-export const postUpdateSchema = z.object({
-	title: z.string().min(1, "Title is required").optional(),
-	content: z.string().optional(),
-	published: z.boolean().optional(),
+export const fileUploadSchema = z.object({
+	filename: z.string().min(1, "Filename is required"),
+	mimeType: z.string().min(1, "MIME type is required"),
+	size: z.number().int().positive("File size must be positive"),
 });

package/templates/base-project/pnpm-workspace.yaml

@@ -5,3 +5,7 @@ packages:
 onlyBuiltDependencies:
   - '@prisma/engines'
   - prisma
+  - esbuild
+  - msgpackr-extract
+  - sharp
+  - simple-git-hooks

package/templates/base-project/turbo.json

@@ -26,9 +26,11 @@
 		"db:seed": {
 			"cache": false
 		},
-		"db:studio": {
-			"cache": false,
-			"persistent": true
+		"sync-templates": {
+			"cache": false
+		},
+		"sync-templates:check": {
+			"cache": false
 		},
 		"dev": {
 			"cache": false,

package/templates/config/package.json

@@ -5,6 +5,8 @@
 	"exports": {
 		".": "./src/index.js",
 		"./app-url": "./src/app-url.js",
+		"./environment": "./src/environment.js",
+		"./load-config": "./src/load-config.js",
 		"./validate-env": "./src/validate-env.js"
 	}
 }

package/templates/config/src/environment.js

@@ -0,0 +1,270 @@
+/**
+ * @techstream/quark-config - Environment Configuration
+ * Provides environment-specific defaults for dev, test, staging, and production.
+ * Each environment defines sensible defaults that can be overridden via env vars.
+ */
+
+/**
+ * @typedef {"development" | "test" | "staging" | "production"} Environment
+ *
+ * @typedef {Object} EnvironmentConfig
+ * @property {Environment} environment - Resolved environment name
+ * @property {boolean} isProduction - True in production and staging
+ * @property {boolean} isDevelopment - True in development
+ * @property {boolean} isTest - True in test
+ * @property {Object} server - Server configuration
+ * @property {number} server.port - HTTP port
+ * @property {Object} rateLimit - Rate limiting defaults
+ * @property {number} rateLimit.windowMs - Rate limit window in ms
+ * @property {number} rateLimit.maxRequests - Max requests per window
+ * @property {number} rateLimit.authMaxRequests - Max auth requests per window
+ * @property {Object} cache - Cache configuration
+ * @property {number} cache.defaultTtl - Default cache TTL in seconds
+ * @property {Object} logging - Logging configuration
+ * @property {string} logging.level - Minimum log level
+ * @property {boolean} logging.json - Use JSON format
+ * @property {Object} db - Database configuration
+ * @property {number} db.poolMax - Max DB pool connections
+ * @property {number} db.poolIdleTimeout - Idle timeout in seconds
+ * @property {number} db.connectionTimeout - Connection timeout in seconds
+ * @property {Object} email - Email configuration
+ * @property {number} email.timeout - SMTP/API timeout in ms
+ * @property {Object} security - Security configuration
+ * @property {boolean} security.enforceHttps - Require HTTPS
+ * @property {boolean} security.trustProxy - Trust proxy headers
+ * @property {Object} features - Feature flags
+ * @property {boolean} features.debugRoutes - Enable debug endpoints
+ * @property {boolean} features.seedOnStart - Auto-seed database on startup
+ * @property {boolean} features.detailedErrors - Include stack traces in error responses
+ */
+
+/** @type {Record<Environment, EnvironmentConfig>} */
+const ENVIRONMENT_CONFIGS = {
+	development: {
+		environment: "development",
+		isProduction: false,
+		isDevelopment: true,
+		isTest: false,
+		server: {
+			port: 3000,
+		},
+		rateLimit: {
+			windowMs: 15 * 60 * 1000,
+			maxRequests: 1000,
+			authMaxRequests: 50,
+		},
+		cache: {
+			defaultTtl: 60,
+		},
+		logging: {
+			level: "debug",
+			json: false,
+		},
+		db: {
+			poolMax: 5,
+			poolIdleTimeout: 30,
+			connectionTimeout: 5,
+		},
+		email: {
+			timeout: 10_000,
+		},
+		security: {
+			enforceHttps: false,
+			trustProxy: false,
+		},
+		features: {
+			debugRoutes: true,
+			seedOnStart: false,
+			detailedErrors: true,
+		},
+	},
+
+	test: {
+		environment: "test",
+		isProduction: false,
+		isDevelopment: false,
+		isTest: true,
+		server: {
+			port: 3001,
+		},
+		rateLimit: {
+			windowMs: 15 * 60 * 1000,
+			maxRequests: 10_000,
+			authMaxRequests: 10_000,
+		},
+		cache: {
+			defaultTtl: 0,
+		},
+		logging: {
+			level: "warn",
+			json: false,
+		},
+		db: {
+			poolMax: 3,
+			poolIdleTimeout: 10,
+			connectionTimeout: 5,
+		},
+		email: {
+			timeout: 5_000,
+		},
+		security: {
+			enforceHttps: false,
+			trustProxy: false,
+		},
+		features: {
+			debugRoutes: true,
+			seedOnStart: false,
+			detailedErrors: true,
+		},
+	},
+
+	staging: {
+		environment: "staging",
+		isProduction: true,
+		isDevelopment: false,
+		isTest: false,
+		server: {
+			port: 3000,
+		},
+		rateLimit: {
+			windowMs: 15 * 60 * 1000,
+			maxRequests: 100,
+			authMaxRequests: 5,
+		},
+		cache: {
+			defaultTtl: 300,
+		},
+		logging: {
+			level: "info",
+			json: true,
+		},
+		db: {
+			poolMax: 10,
+			poolIdleTimeout: 30,
+			connectionTimeout: 5,
+		},
+		email: {
+			timeout: 10_000,
+		},
+		security: {
+			enforceHttps: true,
+			trustProxy: true,
+		},
+		features: {
+			debugRoutes: false,
+			seedOnStart: false,
+			detailedErrors: false,
+		},
+	},
+
+	production: {
+		environment: "production",
+		isProduction: true,
+		isDevelopment: false,
+		isTest: false,
+		server: {
+			port: 3000,
+		},
+		rateLimit: {
+			windowMs: 15 * 60 * 1000,
+			maxRequests: 100,
+			authMaxRequests: 5,
+		},
+		cache: {
+			defaultTtl: 600,
+		},
+		logging: {
+			level: "info",
+			json: true,
+		},
+		db: {
+			poolMax: 10,
+			poolIdleTimeout: 30,
+			connectionTimeout: 5,
+		},
+		email: {
+			timeout: 10_000,
+		},
+		security: {
+			enforceHttps: true,
+			trustProxy: true,
+		},
+		features: {
+			debugRoutes: false,
+			seedOnStart: false,
+			detailedErrors: false,
+		},
+	},
+};
+
+/** Valid environment names */
+export const ENVIRONMENTS = /** @type {const} */ ([
+	"development",
+	"test",
+	"staging",
+	"production",
+]);
+
+/**
+ * Resolves the current environment from NODE_ENV.
+ * Maps common aliases (e.g. "dev" → "development", "prod" → "production").
+ * Defaults to "development" if unset or unrecognized.
+ *
+ * @param {string} [nodeEnv] - Override for NODE_ENV (defaults to process.env.NODE_ENV)
+ * @returns {Environment}
+ */
+export function resolveEnvironment(nodeEnv) {
+	const raw = (nodeEnv ?? process.env.NODE_ENV ?? "").toLowerCase().trim();
+
+	const aliases = {
+		dev: "development",
+		development: "development",
+		test: "test",
+		testing: "test",
+		staging: "staging",
+		stage: "staging",
+		prod: "production",
+		production: "production",
+	};
+
+	return aliases[raw] || "development";
+}
+
+/**
+ * Returns the full environment configuration for a given environment.
+ * Unknown environments fall back to development.
+ *
+ * @param {string} [nodeEnv] - Override for NODE_ENV
+ * @returns {EnvironmentConfig}
+ */
+export function getEnvironmentConfig(nodeEnv) {
+	const env = resolveEnvironment(nodeEnv);
+	return { ...ENVIRONMENT_CONFIGS[env] };
+}
+
+/**
+ * Shallow-merges environment config with user-provided overrides (one level deep).
+ * Top-level scalars are replaced; top-level objects are spread-merged.
+ * Useful when downstream apps need to adjust defaults per-environment.
+ *
+ * @param {EnvironmentConfig} base - Base environment config
+ * @param {Record<string, unknown>} overrides - Partial overrides to merge
+ * @returns {EnvironmentConfig}
+ */
+export function mergeConfig(base, overrides) {
+	const result = { ...base };
+	for (const [key, value] of Object.entries(overrides)) {
+		if (
+			value != null &&
+			typeof value === "object" &&
+			!Array.isArray(value) &&
+			typeof result[key] === "object" &&
+			result[key] != null
+		) {
+			result[key] = { ...result[key], ...value };
+		} else {
+			result[key] = value;
+		}
+	}
+	return result;
+}

package/templates/config/src/index.js

@@ -1,21 +1,13 @@
 export const config = {
-	appName: "My Quark App",
-	environment: process.env.NODE_ENV || "development",
-	api: {
-		baseUrl: process.env.API_BASE_URL || "http://localhost:3000",
-	},
-	database: {
-		url:
-			process.env.DATABASE_URL ||
-			"postgresql://user:password@localhost:5432/myapp",
-	},
-	redis: {
-		url: process.env.REDIS_URL || "redis://localhost:6379",
-	},
-	email: {
-		from: process.env.EMAIL_FROM || "noreply@myquarkapp.com",
-		provider: process.env.EMAIL_PROVIDER || "smtp",
-	},
+	appName: "Quark",
+	appDescription: "A modern monorepo with Next.js, React, and Prisma",
 };
 
-export default config;
+export { getAllowedOrigins, getAppUrl, syncNextAuthUrl } from "./app-url.js";
+export {
+	ENVIRONMENTS,
+	getEnvironmentConfig,
+	mergeConfig,
+	resolveEnvironment,
+} from "./environment.js";
+export { getConfig, loadConfig, resetConfig } from "./load-config.js";