alpe-temp 1.0.0

package/backend-project/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "modular-auth-backend",
+  "version": "1.0.0",
+  "description": "Modular Node.js backend with auth and Excel export utility",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js",
+    "dev": "nodemon server.js",
+    "seed": "node src/seed.js"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
+    "exceljs": "^4.4.0",
+    "express": "^4.19.2",
+    "mongoose": "^8.5.0",
+    "helmet": "^7.1.0",
+    "jsonwebtoken": "^9.0.2",
+    "uuid": "^10.0.0"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.4"
+  }
+}

package/backend-project/server.js

@@ -0,0 +1,28 @@
+const app = require('./src/app');
+const env = require('./src/config/env');
+
+const start = async () => {
+  await app.connectDB();
+
+  const server = app.listen(env.PORT, () => {
+    console.log(`\n Server running on http://localhost:${env.PORT}`);
+    console.log(`   Environment : ${env.NODE_ENV}`);
+    console.log(`   Health      : http://localhost:${env.PORT}/health\n`);
+  });
+
+  const shutdown = (signal) => {
+    console.log(`\n${signal} received — shutting down gracefully...`);
+    server.close(() => {
+      console.log('Server closed.');
+      process.exit(0);
+    });
+  };
+
+  process.on('SIGTERM', () => shutdown('SIGTERM'));
+  process.on('SIGINT',  () => shutdown('SIGINT'));
+};
+
+start().catch((err) => {
+  console.error('Failed to start server:', err.message);
+  process.exit(1);
+});

package/backend-project/src/app.js

@@ -0,0 +1,84 @@
+// ═══════════════════════════════════════════════════════════════════════════
+//  🚀  APP  —  Express application setup
+// ═══════════════════════════════════════════════════════════════════════════
+//
+//  WHAT THIS FILE DOES:
+//    - Creates the Express app
+//    - Adds middleware (security, CORS, JSON parsing)
+//    - Registers all API module routes
+//    - Exports the app for server.js to use
+//
+//  HOW TO ADD A NEW MODULE:
+//    1. Add its routes to src/config/app.config.js (registeredRoutes array)
+//    2. Add a use() line below (see the PATTERN section)
+//    3. Done! Your new API is live.
+//
+// ═══════════════════════════════════════════════════════════════════════════
+
+const express = require('express');
+const path    = require('path');
+const helmet  = require('helmet');
+const cors    = require('cors');
+const db      = require('./config/db');
+const cfg     = require('./config/app.config');
+
+const { errorHandler, notFoundHandler } = require('./middleware/error.middleware');
+
+const app = express();
+
+// ─── GLOBAL MIDDLEWARE (applied to every request) ────────────────────────────
+app.use(helmet());                    // security headers
+app.use(cors());                      // allow cross-origin requests
+app.use(express.json({ limit: '10mb' }));  // parse JSON bodies
+app.use(express.urlencoded({ extended: true }));
+
+// ─── HEALTH CHECK ────────────────────────────────────────────────────────────
+//  Every scenario needs a health endpoint for deployment monitoring.
+app.get('/health', (_req, res) =>
+  res.json({
+    status: 'ok',
+    timestamp: new Date().toISOString(),
+    modules: cfg.registeredRoutes.map((m) => m.name),
+  })
+);
+
+// ╔═══════════════════════════════════════════════════════════════════════════╗
+// ║  📌  PATTERN: Register a new module                                    ║
+// ║                                                                         ║
+// ║  Step 1. In app.config.js, add to registeredRoutes:                     ║
+// ║    { name: 'products', routes: require('./modules/product/product.routes') } ║
+// ║                                                                         ║
+// ║  Step 2. Add one line below:                                           ║
+// ║    app.use('/api/products', require('./modules/product/product.routes'));    ║
+// ╚═══════════════════════════════════════════════════════════════════════════╝
+
+// ─── MODULE ROUTES ───────────────────────────────────────────────────────────
+//  Each line starts a new API group under /api/...
+//  The route file inside each module handles its own sub-routes.
+//
+app.use('/api/auth',        require('./modules/auth/auth.routes'));
+app.use('/api/excel',       require('./modules/excel/excel.routes'));
+app.use('/api/employees',   require('./modules/employee/employee.routes'));
+app.use('/api/departments', require('./modules/department/department.routes'));
+app.use('/api/salaries',    require('./modules/salary/salary.routes'));
+app.use('/api/reports',     require('./modules/reports/reports.routes'));
+
+// ─── FRONTEND SPA (serves built React app) ────────────────────────────────────
+const distPath = path.join(__dirname, '..', '..', 'frontend-project', 'dist');
+app.use(express.static(distPath));
+
+app.get('*', (req, res, next) => {
+  if (req.path.startsWith('/api')) return next();
+  res.sendFile(path.join(distPath, 'index.html'));
+});
+
+// ─── ERROR HANDLING (must be last) ───────────────────────────────────────────
+//  These catch any errors from routes above.
+app.use(notFoundHandler);   // handles 404 - route not found
+app.use(errorHandler);      // handles 500 - server errors
+
+// ─── DATABASE CONNECTION ─────────────────────────────────────────────────────
+//  Called by server.js (not here) so the app is testable without a DB.
+app.connectDB = () => db.connect();
+
+module.exports = app;

package/backend-project/src/config/app.config.js

@@ -0,0 +1,72 @@
+// ═══════════════════════════════════════════════════════════════════════════
+//  ⚙️  APP CONFIG  —  One place to control the whole backend
+// ═══════════════════════════════════════════════════════════════════════════
+//
+//  WHAT THIS FILE DOES:
+//    - Loads environment variables from .env (via env.js)
+//    - Lists every registered module (so you can add/remove features)
+//    - Exports everything in one easy-to-find object
+//
+//  HOW TO ADD A NEW FEATURE (e.g. "Products"):
+//    1. Create folder:  src/modules/product/
+//    2. Copy files from src/modules/_example/  (rename to product.*)
+//    3. Import routes below in this file (see REGISTERED MODULES)
+//    4. Add route line in app.js (see instructions there)
+//
+// ═══════════════════════════════════════════════════════════════════════════
+
+const env = require('./env');
+
+// ─── SERVER SETTINGS ─────────────────────────────────────────────────────────
+const server = {
+  PORT: env.PORT,
+  NODE_ENV: env.NODE_ENV,
+};
+
+// ─── DATABASE ────────────────────────────────────────────────────────────────
+const database = {
+  URI: env.MONGODB_URI,
+};
+
+// ─── JWT AUTHENTICATION ──────────────────────────────────────────────────────
+const jwt = {
+  SECRET: env.JWT_SECRET,
+  EXPIRES_IN: env.JWT_EXPIRES_IN,
+  REFRESH_SECRET: env.JWT_REFRESH_SECRET,
+  REFRESH_EXPIRES_IN: env.JWT_REFRESH_EXPIRES_IN,
+};
+
+// ─── BCRYPT ──────────────────────────────────────────────────────────────────
+const bcrypt = {
+  ROUNDS: env.BCRYPT_ROUNDS,
+};
+
+// ─── REGISTERED MODULES ──────────────────────────────────────────────────────
+//  🔵  To ADD a new module:
+//       1. Import its routes:  const productRoutes = require('../modules/product/product.routes');
+//       2. Add to the list:    { name: 'products', routes: productRoutes }
+//
+//  🔴  To REMOVE a module:
+//       Just delete its line from this array (and the import above).
+//
+//  Every module in this list automatically gets:
+//    - Route registration in app.js
+//    - Listed in the /health endpoint for debugging
+//
+const registeredRoutes = [
+  { name: 'auth',        routes: require('../modules/auth/auth.routes') },
+  { name: 'employees',   routes: require('../modules/employee/employee.routes') },
+  { name: 'departments', routes: require('../modules/department/department.routes') },
+  { name: 'salaries',    routes: require('../modules/salary/salary.routes') },
+  { name: 'reports',     routes: require('../modules/reports/reports.routes') },
+  { name: 'excel',       routes: require('../modules/excel/excel.routes') },
+];
+
+// ─── EXPORT EVERYTHING ───────────────────────────────────────────────────────
+module.exports = {
+  server,
+  database,
+  jwt,
+  bcrypt,
+  registeredRoutes,
+};

package/backend-project/src/config/db.js

@@ -0,0 +1,20 @@
+const mongoose = require('mongoose');
+const env = require('./env');
+
+const connect = async () => {
+  mongoose.connection.on('connected', () =>
+    console.log(`MongoDB connected → ${mongoose.connection.host}`)
+  );
+  mongoose.connection.on('error', (err) =>
+    console.error('MongoDB error:', err.message)
+  );
+  mongoose.connection.on('disconnected', () =>
+    console.warn('MongoDB disconnected')
+  );
+
+  await mongoose.connect(env.MONGODB_URI);
+};
+
+const disconnect = async () => mongoose.disconnect();
+
+module.exports = { connect, disconnect };

package/backend-project/src/config/env.js

@@ -0,0 +1,19 @@
+require('dotenv').config();
+
+const env = {
+  PORT: process.env.PORT || 3000,
+  NODE_ENV: process.env.NODE_ENV || 'development',
+
+  MONGODB_URI: process.env.MONGODB_URI || 'mongodb://127.0.0.1:27017/auth_db',
+
+  JWT_SECRET: process.env.JWT_SECRET || 'change-this-secret-in-production',
+  JWT_EXPIRES_IN: process.env.JWT_EXPIRES_IN || '7d',
+  JWT_REFRESH_SECRET: process.env.JWT_REFRESH_SECRET || 'change-this-refresh-secret',
+  JWT_REFRESH_EXPIRES_IN: process.env.JWT_REFRESH_EXPIRES_IN || '30d',
+
+  BCRYPT_ROUNDS: parseInt(process.env.BCRYPT_ROUNDS || '12', 10),
+
+  EXCEL_OUTPUT_DIR: process.env.EXCEL_OUTPUT_DIR || './exports',
+};
+
+module.exports = env;

package/backend-project/src/middleware/auth.middleware.js

@@ -0,0 +1,33 @@
+const { verifyAccessToken } = require('../utils/token');
+const res_ = require('../utils/response');
+
+/**
+ * authenticate — verifies the Bearer token and attaches `req.user`.
+ */
+const authenticate = (req, res, next) => {
+  const header = req.headers.authorization || '';
+  const token = header.startsWith('Bearer ') ? header.slice(7) : null;
+
+  if (!token) return res_.unauthorized(res, 'No token provided');
+
+  try {
+    req.user = verifyAccessToken(token);
+    return next();
+  } catch (err) {
+    const message = err.name === 'TokenExpiredError' ? 'Token expired' : 'Invalid token';
+    return res_.unauthorized(res, message);
+  }
+};
+
+/**
+ * authorize — gates a route to specific roles.
+ * Usage: router.delete('/admin', authenticate, authorize('admin'), handler)
+ */
+const authorize = (...roles) => (req, res, next) => {
+  if (!roles.includes(req.user?.role)) {
+    return res_.forbidden(res, 'Insufficient permissions');
+  }
+  return next();
+};
+
+module.exports = { authenticate, authorize };

package/backend-project/src/middleware/error.middleware.js

@@ -0,0 +1,19 @@
+const env = require('../config/env');
+const res_ = require('../utils/response');
+
+// eslint-disable-next-line no-unused-vars
+const errorHandler = (err, req, res, _next) => {
+  const statusCode = err.statusCode || 500;
+  const message = err.message || 'Internal server error';
+
+  if (env.NODE_ENV !== 'production') {
+    console.error(`[${req.method}] ${req.originalUrl} →`, err);
+  }
+
+  return res_.error(res, message, statusCode);
+};
+
+const notFoundHandler = (req, res) =>
+  res_.notFound(res, `Route ${req.method} ${req.originalUrl} not found`);
+
+module.exports = { errorHandler, notFoundHandler };

package/backend-project/src/modules/_example/example.controller.js

@@ -0,0 +1,82 @@
+// ═══════════════════════════════════════════════════════════════════════════
+//  📦  EXAMPLE CONTROLLER  —  Handles HTTP requests and sends responses
+// ═══════════════════════════════════════════════════════════════════════════
+//
+//  WHAT THIS FILE DOES:
+//    - Receives incoming HTTP requests (from routes)
+//    - Calls the service to do the actual work
+//    - Sends back a JSON response to the client
+//
+//  HOW IT WORKS:
+//    1. The route calls a controller function (e.g. create)
+//    2. The controller reads the request data (req.body, req.params)
+//    3. It calls the service to handle the database operation
+//    4. It sends back a success or error response
+//
+//  RESPONSE HELPERS (from utils/response.js):
+//    res_.success(res, data, message)     →  200 OK
+//    res_.created(res, data, message)     →  201 Created
+//    res_.error(res, message, statusCode) →  any error
+//    res_.notFound(res, message)          →  404
+//
+// ═══════════════════════════════════════════════════════════════════════════
+
+const ExampleService = require('./example.service');
+const res_ = require('../../utils/response');
+
+const ExampleController = {
+  // ─── POST /api/examples  (add new) ────────────────────────────────────
+  async create(req, res) {
+    try {
+      const record = await ExampleService.create(req.body);
+      return res_.created(res, record, 'Record created');
+    } catch (err) {
+      return res_.error(res, err.message, err.statusCode || 500);
+    }
+  },
+
+  // ─── GET /api/examples  (list all) ────────────────────────────────────
+  async list(req, res) {
+    try {
+      const records = await ExampleService.list();
+      return res_.success(res, { records });
+    } catch (err) {
+      return res_.error(res, err.message, 500);
+    }
+  },
+
+  // ─── GET /api/examples/:id  (get one) ─────────────────────────────────
+  async getById(req, res) {
+    try {
+      const record = await ExampleService.getById(req.params.id);
+      if (!record) return res_.notFound(res, 'Record not found');
+      return res_.success(res, record);
+    } catch (err) {
+      return res_.error(res, err.message, 500);
+    }
+  },
+
+  // ─── PUT /api/examples/:id  (update) ──────────────────────────────────
+  async update(req, res) {
+    try {
+      const record = await ExampleService.update(req.params.id, req.body);
+      if (!record) return res_.notFound(res, 'Record not found');
+      return res_.success(res, record, 'Record updated');
+    } catch (err) {
+      return res_.error(res, err.message, 500);
+    }
+  },
+
+  // ─── DELETE /api/examples/:id  (delete) ───────────────────────────────
+  async remove(req, res) {
+    try {
+      const record = await ExampleService.remove(req.params.id);
+      if (!record) return res_.notFound(res, 'Record not found');
+      return res_.success(res, null, 'Record deleted');
+    } catch (err) {
+      return res_.error(res, err.message, 500);
+    }
+  },
+};
+
+module.exports = ExampleController;

package/backend-project/src/modules/_example/example.model.js

@@ -0,0 +1,47 @@
+// ═══════════════════════════════════════════════════════════════════════════
+//  📦  EXAMPLE MODEL  —  Mongoose schema (database structure)
+// ═══════════════════════════════════════════════════════════════════════════
+//
+//  WHAT THIS FILE DOES:
+//    Defines the shape of your data in MongoDB.
+//    Each field = a column in the database.
+//
+//  HOW TO USE:
+//    1. Rename "Example" to your feature name (e.g. "Product")
+//    2. Change the fields below to match your data
+//    3. That's it! The model is ready to use in your service.
+//
+//  EXAMPLE FIELDS (replace these):
+//    name:        { type: String, required: true }  ← text field
+//    price:       { type: Number, default: 0 }       ← number field
+//    category:    { type: String, enum: ['a','b'] }  ← dropdown/choice
+//    isActive:    { type: Boolean, default: true }   ← yes/no
+//    createdAt:   added automatically by timestamps  ← date
+//
+// ═══════════════════════════════════════════════════════════════════════════
+
+const mongoose = require('mongoose');
+
+const exampleSchema = new mongoose.Schema(
+  {
+    // ── YOUR FIELDS HERE ────────────────────────────────────────────────
+    name: {
+      type: String,
+      required: true,
+      trim: true,
+    },
+    description: {
+      type: String,
+      trim: true,
+    },
+    status: {
+      type: String,
+      enum: ['active', 'inactive'],
+      default: 'active',
+    },
+    // Add more fields as needed
+  },
+  { timestamps: true } // adds createdAt and updatedAt automatically
+);
+
+module.exports = mongoose.model('Example', exampleSchema);

package/backend-project/src/modules/_example/example.routes.js

@@ -0,0 +1,43 @@
+// ═══════════════════════════════════════════════════════════════════════════
+//  📦  EXAMPLE ROUTES  —  Maps URLs to controller functions
+// ═══════════════════════════════════════════════════════════════════════════
+//
+//  WHAT THIS FILE DOES:
+//    - Connects a URL path to a controller function
+//    - Example:  GET /api/examples  →  ExampleController.list
+//
+//  HOW TO ADD A NEW ROUTE:
+//    router.get('/search',  ExampleController.search)   ← GET  request
+//    router.post('/',        ExampleController.create)   ← POST request
+//    router.put('/:id',      ExampleController.update)   ← PUT  request
+//    router.delete('/:id',   ExampleController.remove)   ← DELETE request
+//
+//  COMMON HTTP METHODS:
+//    GET     →  fetch data
+//    POST    →  create new data
+//    PUT     →  update existing data
+//    DELETE  →  remove data
+//
+//  AUTHENTICATION:
+//    - Add `authenticate` before any route to require login
+//    - Example:  router.get('/', authenticate, ExampleController.list)
+//
+// ═══════════════════════════════════════════════════════════════════════════
+
+const { Router } = require('express');
+const ExampleController = require('./example.controller');
+const { authenticate } = require('../../middleware/auth.middleware');
+
+const router = Router();
+
+// ─── All routes require authentication ─────────────────────────────────────
+router.use(authenticate);
+
+// ─── CRUD ROUTES ────────────────────────────────────────────────────────────
+router.post('/',    ExampleController.create);   // POST   /api/examples
+router.get('/',     ExampleController.list);     // GET    /api/examples
+router.get('/:id',  ExampleController.getById);  // GET    /api/examples/:id
+router.put('/:id',  ExampleController.update);   // PUT    /api/examples/:id
+router.delete('/:id', ExampleController.remove); // DELETE /api/examples/:id
+
+module.exports = router;

package/backend-project/src/modules/_example/example.service.js

@@ -0,0 +1,58 @@
+// ═══════════════════════════════════════════════════════════════════════════
+//  📦  EXAMPLE SERVICE  —  Business logic (talks to database)
+// ═══════════════════════════════════════════════════════════════════════════
+//
+//  WHAT THIS FILE DOES:
+//    - Every function here does one job (create, list, get, update, delete)
+//    - The controller calls these functions
+//    - The model is used here to query MongoDB
+//
+//  HOW TO ADD A NEW FUNCTION:
+//    Just add a new method to the object below.
+//    Example:  async search(query) { ... }
+//
+//  AVAILABLE FUNCTIONS (customize these):
+//    create(data)  →  adds a new record
+//    list()        →  gets all records
+//    getById(id)   →  gets one record by ID
+//    update(id, data)  →  updates a record
+//    remove(id)    →  deletes a record
+//
+// ═══════════════════════════════════════════════════════════════════════════
+
+const Example = require('./example.model');
+
+const ExampleService = {
+  // ─── CREATE ───────────────────────────────────────────────────────────
+  async create(data) {
+    const record = await Example.create(data);
+    return record;
+  },
+
+  // ─── LIST ALL ─────────────────────────────────────────────────────────
+  async list() {
+    return Example.find().sort({ createdAt: -1 });
+  },
+
+  // ─── GET ONE ──────────────────────────────────────────────────────────
+  async getById(id) {
+    return Example.findById(id);
+  },
+
+  // ─── UPDATE ───────────────────────────────────────────────────────────
+  async update(id, data) {
+    return Example.findByIdAndUpdate(id, data, { new: true });
+  },
+
+  // ─── DELETE ───────────────────────────────────────────────────────────
+  async remove(id) {
+    return Example.findByIdAndDelete(id);
+  },
+
+  // ─── COUNT ────────────────────────────────────────────────────────────
+  async count() {
+    return Example.countDocuments();
+  },
+};
+
+module.exports = ExampleService;

package/backend-project/src/modules/auth/auth.controller.js

@@ -0,0 +1,47 @@
+const AuthService = require('./auth.service');
+const res_ = require('../../utils/response');
+
+const AuthController = {
+  async signup(req, res) {
+    try {
+      const result = await AuthService.signup(req.body);
+      return res_.created(res, result, 'Account created successfully');
+    } catch (err) {
+      return res_.error(res, err.message, err.statusCode || 500);
+    }
+  },
+
+  async login(req, res) {
+    try {
+      const result = await AuthService.login(req.body);
+      return res_.success(res, result, 'Login successful');
+    } catch (err) {
+      return res_.error(res, err.message, err.statusCode || 500);
+    }
+  },
+
+  async refresh(req, res) {
+    try {
+      const result = await AuthService.refresh(req.body.refreshToken);
+      return res_.success(res, result, 'Tokens refreshed');
+    } catch (err) {
+      return res_.error(res, err.message, err.statusCode || 500);
+    }
+  },
+
+  async me(req, res) {
+    try {
+      const user = await AuthService.me(req.user.id);
+      return res_.success(res, user);
+    } catch (err) {
+      return res_.error(res, err.message, err.statusCode || 500);
+    }
+  },
+
+  logout(_req, res) {
+    // JWT logout is client-side. Add a token blocklist here for server-side invalidation.
+    return res_.success(res, null, 'Logged out successfully');
+  },
+};
+
+module.exports = AuthController;

package/backend-project/src/modules/auth/auth.routes.js

@@ -0,0 +1,16 @@
+const { Router } = require('express');
+const AuthController = require('./auth.controller');
+const { authenticate } = require('../../middleware/auth.middleware');
+
+const router = Router();
+
+// Public routes
+router.post('/signup',  AuthController.signup);
+router.post('/login',   AuthController.login);
+router.post('/refresh', AuthController.refresh);
+
+// Protected routes
+router.get('/me',      authenticate, AuthController.me);
+router.post('/logout', authenticate, AuthController.logout);
+
+module.exports = router;