ar-saas 0.1.0

package/templates/backend/package.json

@@ -0,0 +1,88 @@
+{
+  "name": "create-saas-ar-backend",
+  "version": "0.0.1",
+  "description": "Backend SaaS multi-tenant generado con create-saas-ar",
+  "author": "",
+  "private": true,
+  "license": "UNLICENSED",
+  "scripts": {
+    "build": "nest build",
+    "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+    "start": "nest start",
+    "start:dev": "nest start --watch",
+    "start:debug": "nest start --debug --watch",
+    "start:prod": "node dist/main",
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:cov": "jest --coverage",
+    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "test:e2e": "jest --config ./test/jest-e2e.json"
+  },
+  "dependencies": {
+    "@nestjs/common": "^11.0.1",
+    "@nestjs/config": "^4.0.2",
+    "@nestjs/core": "^11.0.1",
+    "@nestjs/jwt": "^11.0.1",
+    "@nestjs/mongoose": "^11.0.2",
+    "@nestjs/passport": "^11.0.5",
+    "@nestjs/platform-express": "^11.0.1",
+    "@nestjs/schedule": "^6.0.1",
+    "@nestjs/swagger": "^11.2.1",
+    "bcryptjs": "^2.4.3",
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.2",
+    "cookie-parser": "^1.4.7",
+    "mongoose": "^9.0.1",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1",
+    "reflect-metadata": "^0.2.2",
+    "resend": "^4.1.2",
+    "rxjs": "^7.8.1"
+  },
+  "devDependencies": {
+    "@eslint/eslintrc": "^3.2.0",
+    "@eslint/js": "^9.18.0",
+    "@nestjs/cli": "^11.0.0",
+    "@nestjs/schematics": "^11.0.0",
+    "@nestjs/testing": "^11.0.1",
+    "@types/bcryptjs": "^2.4.6",
+    "@types/cookie-parser": "^1.4.8",
+    "@types/express": "^5.0.0",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^22.10.7",
+    "@types/passport-jwt": "^4.0.1",
+    "@types/supertest": "^6.0.2",
+    "eslint": "^9.18.0",
+    "eslint-config-prettier": "^10.0.1",
+    "eslint-plugin-prettier": "^5.2.2",
+    "globals": "^16.0.0",
+    "jest": "^30.0.0",
+    "prettier": "^3.4.2",
+    "source-map-support": "^0.5.21",
+    "supertest": "^7.0.0",
+    "ts-jest": "^29.2.5",
+    "ts-loader": "^9.5.2",
+    "ts-node": "^10.9.2",
+    "tsconfig-paths": "^4.2.0",
+    "typescript": "^5.7.3",
+    "typescript-eslint": "^8.20.0"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "js",
+      "json",
+      "ts"
+    ],
+    "rootDir": "src",
+    "testRegex": ".*\\.spec\\.ts$",
+    "transform": {
+      "^.+\\.(t|j)s$": "ts-jest"
+    },
+    "collectCoverageFrom": [
+      "**/*.(t|j)s"
+    ],
+    "coverageDirectory": "../coverage",
+    "testEnvironment": "node"
+  }
+}

package/templates/backend/src/app.controller.spec.ts

@@ -0,0 +1,24 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+
+describe('AppController', () => {
+  let appController: AppController;
+
+  beforeEach(async () => {
+    const app: TestingModule = await Test.createTestingModule({
+      controllers: [AppController],
+      providers: [AppService],
+    }).compile();
+
+    appController = app.get<AppController>(AppController);
+  });
+
+  describe('health', () => {
+    it('should return status ok', () => {
+      const result = appController.getHealth();
+      expect(result.status).toBe('ok');
+      expect(result.timestamp).toBeDefined();
+    });
+  });
+});

package/templates/backend/src/app.controller.ts

@@ -0,0 +1,15 @@
+import { Controller, Get } from '@nestjs/common';
+import { ApiTags, ApiOperation } from '@nestjs/swagger';
+import { AppService } from './app.service';
+
+@ApiTags('Health')
+@Controller()
+export class AppController {
+  constructor(private readonly appService: AppService) {}
+
+  @Get()
+  @ApiOperation({ summary: 'Health check' })
+  getHealth(): { status: string; timestamp: string } {
+    return this.appService.getHealth();
+  }
+}

package/templates/backend/src/app.module.ts

@@ -0,0 +1,40 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { MongooseModule } from '@nestjs/mongoose';
+import { APP_FILTER } from '@nestjs/core';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+import { GlobalExceptionFilter } from './common/filters/global-exception.filter';
+import { AuthModule } from './modules/auth/auth.module';
+import { MailModule } from './modules/mail/mail.module';
+import { UsersModule } from './modules/users/users.module';
+import { WorkspacesModule } from './modules/workspaces/workspaces.module';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot({
+      isGlobal: true,
+      envFilePath: '.env',
+    }),
+    MongooseModule.forRootAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (config: ConfigService) => ({
+        uri: config.getOrThrow<string>('MONGODB_URI'),
+      }),
+    }),
+    MailModule,
+    UsersModule,
+    WorkspacesModule,
+    AuthModule,
+  ],
+  controllers: [AppController],
+  providers: [
+    AppService,
+    {
+      provide: APP_FILTER,
+      useClass: GlobalExceptionFilter,
+    },
+  ],
+})
+export class AppModule {}

package/templates/backend/src/app.service.ts

@@ -0,0 +1,11 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AppService {
+  getHealth(): { status: string; timestamp: string } {
+    return {
+      status: 'ok',
+      timestamp: new Date().toISOString(),
+    };
+  }
+}

package/templates/backend/src/common/base/base.repository.ts

@@ -0,0 +1,221 @@
+import {
+  BadRequestException,
+  InternalServerErrorException,
+} from '@nestjs/common';
+import { Model, Document, Types } from 'mongoose';
+import type { QueryFilter, UpdateQuery, PipelineStage } from 'mongoose';
+
+export interface PaginatedResult<T> {
+  data: T[];
+  total: number;
+  page: number;
+  limit: number;
+  totalPages: number;
+}
+
+export class BaseRepository<T extends Document> {
+  constructor(protected readonly model: Model<T>) {}
+
+  protected toObjectId(id: string): Types.ObjectId {
+    if (!Types.ObjectId.isValid(id)) {
+      throw new BadRequestException(`ID inválido: ${id}`);
+    }
+    return new Types.ObjectId(id);
+  }
+
+  async findAll(
+    workspaceId: string,
+    options?: {
+      filter?: Record<string, unknown>;
+      limit?: number;
+      skip?: number;
+      sort?: Record<string, 1 | -1>;
+    },
+  ): Promise<T[]> {
+    const query = this.buildBaseQuery(workspaceId, options?.filter);
+    return this.model
+      .find(query)
+      .limit(options?.limit ?? 100)
+      .skip(options?.skip ?? 0)
+      .sort(options?.sort ?? { createdAt: -1 })
+      .lean()
+      .exec() as unknown as T[];
+  }
+
+  async findById(workspaceId: string, id: string): Promise<T | null> {
+    return this.model
+      .findOne({
+        _id: this.toObjectId(id),
+        workspaceId: this.toObjectId(workspaceId),
+        deletedAt: null,
+      })
+      .lean()
+      .exec() as unknown as T | null;
+  }
+
+  async findOne(
+    workspaceId: string,
+    filter: Record<string, unknown>,
+  ): Promise<T | null> {
+    return this.model
+      .findOne({
+        ...filter,
+        workspaceId: this.toObjectId(workspaceId),
+        deletedAt: null,
+      })
+      .lean()
+      .exec() as unknown as T | null;
+  }
+
+  async create(data: Partial<T>): Promise<T> {
+    try {
+      const created = await this.model.create(data);
+      return created.toObject() as unknown as T;
+    } catch (error: unknown) {
+      this.handleMongoError(error);
+      throw error;
+    }
+  }
+
+  async update(
+    workspaceId: string,
+    id: string,
+    data: UpdateQuery<T>,
+  ): Promise<T | null> {
+    return this.model
+      .findOneAndUpdate(
+        {
+          _id: this.toObjectId(id),
+          workspaceId: this.toObjectId(workspaceId),
+          deletedAt: null,
+        },
+        { $set: data },
+        { new: true, runValidators: true },
+      )
+      .lean()
+      .exec() as unknown as T | null;
+  }
+
+  async softDelete(workspaceId: string, id: string): Promise<T | null> {
+    return this.model
+      .findOneAndUpdate(
+        {
+          _id: this.toObjectId(id),
+          workspaceId: this.toObjectId(workspaceId),
+          deletedAt: null,
+        },
+        { $set: { deletedAt: new Date() } },
+        { new: true },
+      )
+      .lean()
+      .exec() as unknown as T | null;
+  }
+
+  async restore(workspaceId: string, id: string): Promise<T | null> {
+    return this.model
+      .findOneAndUpdate(
+        {
+          _id: this.toObjectId(id),
+          workspaceId: this.toObjectId(workspaceId),
+          deletedAt: { $ne: null },
+        },
+        { $set: { deletedAt: null } },
+        { new: true },
+      )
+      .lean()
+      .exec() as unknown as T | null;
+  }
+
+  async count(
+    workspaceId: string,
+    filter?: Record<string, unknown>,
+  ): Promise<number> {
+    const query = this.buildBaseQuery(workspaceId, filter);
+    return this.model.countDocuments(query).exec();
+  }
+
+  async exists(
+    workspaceId: string,
+    filter: Record<string, unknown>,
+  ): Promise<boolean> {
+    const count = await this.model.countDocuments({
+      ...filter,
+      workspaceId: this.toObjectId(workspaceId),
+      deletedAt: null,
+    });
+    return count > 0;
+  }
+
+  async paginate(
+    workspaceId: string,
+    options: {
+      page?: number;
+      limit?: number;
+      filter?: Record<string, unknown>;
+      sort?: Record<string, 1 | -1>;
+    },
+  ): Promise<PaginatedResult<T>> {
+    const page = options.page ?? 1;
+    const limit = options.limit ?? 20;
+    const skip = (page - 1) * limit;
+    const query = this.buildBaseQuery(workspaceId, options.filter);
+
+    const [data, total] = await Promise.all([
+      this.model
+        .find(query)
+        .sort(options.sort ?? { createdAt: -1 })
+        .skip(skip)
+        .limit(limit)
+        .lean()
+        .exec(),
+      this.model.countDocuments(query).exec(),
+    ]);
+
+    return {
+      data: data as unknown as T[],
+      total,
+      page,
+      limit,
+      totalPages: Math.ceil(total / limit),
+    };
+  }
+
+  async aggregate(pipeline: PipelineStage[]): Promise<unknown[]> {
+    return this.model.aggregate(pipeline).exec();
+  }
+
+  private buildBaseQuery(
+    workspaceId: string,
+    additionalFilter?: Record<string, unknown>,
+  ): QueryFilter<T> {
+    return {
+      workspaceId: this.toObjectId(workspaceId),
+      deletedAt: null,
+      ...additionalFilter,
+    };
+  }
+
+  private handleMongoError(error: unknown): never {
+    const mongoError = error as {
+      code?: number;
+      keyValue?: Record<string, unknown>;
+    };
+
+    if (mongoError.code === 11000) {
+      const fields = Object.keys(mongoError.keyValue ?? {}).join(', ');
+      throw new BadRequestException(
+        `Ya existe un registro con los mismos valores en: ${fields}`,
+      );
+    }
+
+    if (mongoError.code === 121) {
+      throw new BadRequestException(
+        'Error de validación del schema de MongoDB',
+      );
+    }
+
+    throw new InternalServerErrorException(
+      'Error inesperado en la base de datos',
+    );
+  }
+}

package/templates/backend/src/common/base/base.schema.ts

@@ -0,0 +1,24 @@
+import { Prop, Schema } from '@nestjs/mongoose';
+import { Types } from 'mongoose';
+
+@Schema({ timestamps: true })
+export class BaseSchema {
+  @Prop({
+    type: Types.ObjectId,
+    required: true,
+    index: true,
+  })
+  workspaceId!: Types.ObjectId;
+
+  @Prop({
+    type: Types.ObjectId,
+    required: true,
+  })
+  createdBy!: Types.ObjectId;
+
+  @Prop({
+    type: Date,
+    default: null,
+  })
+  deletedAt!: Date | null;
+}

package/templates/backend/src/common/decorators/cookie.decorator.ts

@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { Request } from 'express';
+
+export const Cookie = createParamDecorator(
+  (name: string, ctx: ExecutionContext): string | undefined => {
+    const request = ctx.switchToHttp().getRequest<Request>();
+    return (request.cookies as Record<string, string>)?.[name];
+  },
+);

package/templates/backend/src/common/decorators/current-user.decorator.ts

@@ -0,0 +1,20 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export interface TokenPayload {
+  userId: string;
+  email: string;
+  workspaceId: string;
+  role: string;
+}
+
+export const CurrentUser = createParamDecorator(
+  (_data: unknown, ctx: ExecutionContext): TokenPayload => {
+    const request = ctx.switchToHttp().getRequest();
+    if (!request.user) {
+      throw new Error(
+        'Usuario no encontrado en el request. ¿Falta el AuthGuard?',
+      );
+    }
+    return request.user as TokenPayload;
+  },
+);

package/templates/backend/src/common/decorators/workspace-id.decorator.ts

@@ -0,0 +1,14 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { TenantRequest } from '../interceptors/workspace-tenant.interceptor';
+
+export const WorkspaceId = createParamDecorator(
+  (_data: unknown, ctx: ExecutionContext): string => {
+    const request = ctx.switchToHttp().getRequest<TenantRequest>();
+    if (!request.workspaceId) {
+      throw new Error(
+        'workspaceId no encontrado en el request. ¿Falta el WorkspaceTenantInterceptor?',
+      );
+    }
+    return request.workspaceId;
+  },
+);

package/templates/backend/src/common/filters/global-exception.filter.ts

@@ -0,0 +1,61 @@
+import {
+  ExceptionFilter,
+  Catch,
+  ArgumentsHost,
+  HttpException,
+  HttpStatus,
+  Logger,
+} from '@nestjs/common';
+import { Request, Response } from 'express';
+
+@Catch()
+export class GlobalExceptionFilter implements ExceptionFilter {
+  private readonly logger = new Logger(GlobalExceptionFilter.name);
+
+  catch(exception: unknown, host: ArgumentsHost): void {
+    const ctx = host.switchToHttp();
+    const response = ctx.getResponse<Response>();
+    const request = ctx.getRequest<Request>();
+
+    let status = HttpStatus.INTERNAL_SERVER_ERROR;
+    let message = 'Error interno del servidor';
+    let error = 'Internal Server Error';
+
+    if (exception instanceof HttpException) {
+      status = exception.getStatus();
+      const exceptionResponse = exception.getResponse();
+
+      if (typeof exceptionResponse === 'string') {
+        message = exceptionResponse;
+        error = exception.message;
+      } else if (typeof exceptionResponse === 'object') {
+        const resp = exceptionResponse as Record<string, unknown>;
+        message =
+          typeof resp.message === 'string'
+            ? resp.message
+            : Array.isArray(resp.message)
+              ? resp.message.join('; ')
+              : exception.message;
+        error = (resp.error as string) ?? exception.message;
+      }
+    } else if (exception instanceof Error) {
+      message = exception.message;
+      error = exception.name;
+    }
+
+    if (status >= 500) {
+      this.logger.error(
+        `${request.method} ${request.url} → ${status}`,
+        exception instanceof Error ? exception.stack : undefined,
+      );
+    }
+
+    response.status(status).json({
+      statusCode: status,
+      message,
+      error,
+      timestamp: new Date().toISOString(),
+      path: request.url,
+    });
+  }
+}

package/templates/backend/src/common/guards/jwt-auth.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {}

package/templates/backend/src/common/interceptors/workspace-tenant.interceptor.ts

@@ -0,0 +1,45 @@
+import {
+  Injectable,
+  NestInterceptor,
+  ExecutionContext,
+  CallHandler,
+  BadRequestException,
+} from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { Request } from 'express';
+
+export interface TenantRequest extends Request {
+  workspaceId?: string;
+  user?: Record<string, unknown>;
+}
+
+@Injectable()
+export class WorkspaceTenantInterceptor implements NestInterceptor {
+  intercept(context: ExecutionContext, next: CallHandler): Observable<unknown> {
+    const request = context.switchToHttp().getRequest<TenantRequest>();
+
+    const headerWorkspaceId = request.headers['x-workspace-id'];
+    if (headerWorkspaceId && typeof headerWorkspaceId === 'string') {
+      request.workspaceId = headerWorkspaceId;
+      return next.handle();
+    }
+
+    const workspaceIdFromUser =
+      typeof request.user?.workspaceId === 'string'
+        ? request.user.workspaceId
+        : undefined;
+    if (workspaceIdFromUser) {
+      request.workspaceId = workspaceIdFromUser;
+      return next.handle();
+    }
+
+    const apiPrefix = process.env.API_PREFIX ?? 'api';
+    if (request.path.startsWith(`/${apiPrefix}/auth/`)) {
+      return next.handle();
+    }
+
+    throw new BadRequestException(
+      'Se requiere workspaceId en header x-workspace-id o token JWT',
+    );
+  }
+}

package/templates/backend/src/main.ts

@@ -0,0 +1,51 @@
+import { NestFactory } from '@nestjs/core';
+import { ValidationPipe } from '@nestjs/common';
+import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
+import cookieParser from 'cookie-parser';
+import { AppModule } from './app.module';
+import { WorkspaceTenantInterceptor } from './common/interceptors/workspace-tenant.interceptor';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+
+  const apiPrefix = process.env.API_PREFIX ?? 'api';
+  app.setGlobalPrefix(apiPrefix);
+
+  app.use(cookieParser(process.env.COOKIE_SECRET));
+
+  app.enableCors({
+    origin: process.env.CORS_ORIGINS?.split(',') ?? ['http://localhost:5173'],
+    credentials: true,
+  });
+
+  app.useGlobalPipes(
+    new ValidationPipe({
+      whitelist: true,
+      forbidNonWhitelisted: true,
+      transform: true,
+      transformOptions: {
+        enableImplicitConversion: true,
+      },
+    }),
+  );
+
+  app.useGlobalInterceptors(new WorkspaceTenantInterceptor());
+
+  if (process.env.SWAGGER_ENABLED === 'true') {
+    const config = new DocumentBuilder()
+      .setTitle('create-saas-ar API')
+      .setDescription('Backend SaaS multi-tenant')
+      .setVersion('1.0')
+      .addCookieAuth('access_token')
+      .build();
+
+    const document = SwaggerModule.createDocument(app, config);
+    SwaggerModule.setup(`${apiPrefix}/docs`, app, document);
+  }
+
+  const port = process.env.PORT ?? 3000;
+  await app.listen(port);
+  console.log(`🚀 Servidor corriendo en http://localhost:${port}/${apiPrefix}`);
+}
+
+void bootstrap();