create-blitzpack 0.1.0 → 0.1.1

package/template/apps/api/src/services/uploads.service.ts

@@ -1,163 +0,0 @@
-import type { MultipartFile } from '@fastify/multipart';
-import {
-  ForbiddenError,
-  NotFoundError,
-  ValidationError,
-} from '@repo/packages-utils/errors';
-
-import type { LoggerService } from '@/common/logger.service';
-import type { PrismaClient, Upload } from '@/generated/client/client.js';
-import {
-  generateUniqueFilename,
-  MAX_FILE_SIZE,
-  validateFile,
-} from '@/utils/file-validation';
-
-import type { FileStorageService } from './file-storage.service';
-
-export class UploadsService {
-  constructor(
-    private readonly prisma: PrismaClient,
-    private readonly fileStorage: FileStorageService,
-    private readonly logger: LoggerService
-  ) {
-    this.logger.setContext('UploadsService');
-  }
-
-  async uploadFile(
-    file: MultipartFile,
-    userId: string
-  ): Promise<Upload & { user: { id: string; name: string | null } }> {
-    // Validate file type and extension
-    const validation = validateFile(file);
-    if (!validation.valid && validation.error) {
-      throw new ValidationError(validation.error.message);
-    }
-
-    // Buffer file and check size
-    const buffer = await file.toBuffer();
-
-    if (buffer.length > MAX_FILE_SIZE) {
-      throw new ValidationError(
-        `File size exceeds maximum allowed size of ${MAX_FILE_SIZE / 1024 / 1024}MB`
-      );
-    }
-
-    this.logger.info('Processing file upload', {
-      originalName: file.filename,
-      mimeType: file.mimetype,
-      size: buffer.length,
-      userId,
-    });
-
-    // Generate unique filename
-    const uniqueFilename = generateUniqueFilename(file.filename);
-
-    // Upload to storage (local or S3)
-    const uploadResult = await this.fileStorage.uploadFile({
-      buffer,
-      originalFilename: uniqueFilename,
-      mimeType: file.mimetype,
-      optimizeImage: true,
-    });
-
-    // Save metadata to database
-    const upload = await this.prisma.upload.create({
-      data: {
-        filename: uploadResult.filename,
-        originalName: file.filename,
-        mimeType: uploadResult.mimeType,
-        size: uploadResult.size,
-        url: uploadResult.url,
-        userId,
-      },
-      include: {
-        user: {
-          select: {
-            id: true,
-            name: true,
-          },
-        },
-      },
-    });
-
-    this.logger.info('File upload completed', {
-      uploadId: upload.id,
-      filename: upload.filename,
-      size: upload.size,
-    });
-
-    return upload;
-  }
-
-  async getUserUploads(
-    userId: string,
-    options?: { limit?: number; offset?: number }
-  ): Promise<Upload[]> {
-    const { limit = 50, offset = 0 } = options || {};
-
-    return this.prisma.upload.findMany({
-      where: { userId },
-      orderBy: { createdAt: 'desc' },
-      take: limit,
-      skip: offset,
-    });
-  }
-
-  async getUploadById(
-    uploadId: string,
-    userId: string
-  ): Promise<Upload | null> {
-    const upload = await this.prisma.upload.findUnique({
-      where: { id: uploadId },
-    });
-
-    if (!upload) {
-      return null;
-    }
-
-    // Ensure user owns the file
-    if (upload.userId !== userId) {
-      throw new ForbiddenError('Unauthorized to access this file');
-    }
-
-    return upload;
-  }
-
-  async deleteUpload(uploadId: string, userId: string): Promise<void> {
-    const upload = await this.getUploadById(uploadId, userId);
-
-    if (!upload) {
-      throw new NotFoundError('Upload not found');
-    }
-
-    // Delete from storage
-    await this.fileStorage.deleteFile(upload.filename);
-
-    // Delete from database
-    await this.prisma.upload.delete({
-      where: { id: uploadId },
-    });
-
-    this.logger.info('Upload deleted', {
-      uploadId,
-      filename: upload.filename,
-      userId,
-    });
-  }
-
-  async getUploadStats(userId: string): Promise<{
-    totalFiles: number;
-    totalSize: number;
-  }> {
-    const uploads = await this.prisma.upload.findMany({
-      where: { userId },
-      select: { size: true },
-    });
-
-    return {
-      totalFiles: uploads.length,
-      totalSize: uploads.reduce((acc, upload) => acc + upload.size, 0),
-    };
-  }
-}

package/template/apps/api/src/services/users.service.spec.ts

@@ -1,249 +0,0 @@
-import { createMockAuthorizationService } from '@test/helpers/mock-authorization';
-import { createMockLogger } from '@test/helpers/mock-logger';
-import { createMockPrisma } from '@test/helpers/mock-prisma';
-import { beforeEach, describe, expect, it, vi } from 'vitest';
-
-import type { LoggerService } from '@/common/logger.service';
-import type { PrismaClient } from '@/generated/client/client.js';
-import type { AuthorizationService } from '@/services/authorization.service';
-
-import { UsersService } from './users.service';
-
-describe('UsersService', () => {
-  let service: UsersService;
-  let prisma: PrismaClient;
-  let logger: LoggerService;
-  let authorizationService: AuthorizationService;
-
-  beforeEach(() => {
-    logger = createMockLogger();
-    prisma = createMockPrisma();
-    authorizationService = createMockAuthorizationService();
-    service = new UsersService(prisma, logger, authorizationService);
-  });
-
-  describe('getUsers', () => {
-    const defaultQuery = {
-      page: 1,
-      limit: 10,
-      sortBy: 'createdAt' as const,
-      sortOrder: 'desc' as const,
-    };
-
-    const mockUsers = [
-      {
-        id: '1',
-        email: 'user1@test.com',
-        name: 'User 1',
-        emailVerified: false,
-        image: null,
-        role: 'user' as const,
-        banned: false,
-        banReason: null,
-        banExpires: null,
-        createdAt: new Date(),
-        updatedAt: new Date(),
-      },
-      {
-        id: '2',
-        email: 'user2@test.com',
-        name: 'User 2',
-        emailVerified: false,
-        image: null,
-        role: 'user' as const,
-        banned: false,
-        banReason: null,
-        banExpires: null,
-        createdAt: new Date(),
-        updatedAt: new Date(),
-      },
-    ];
-
-    it('should return empty paginated response initially', async () => {
-      vi.mocked(prisma.user.findMany).mockResolvedValue([]);
-      vi.mocked(prisma.user.count).mockResolvedValue(0);
-
-      const result = await service.getUsers(defaultQuery);
-      expect(result.data).toEqual([]);
-      expect(result.pagination.total).toBe(0);
-      expect(result.pagination.totalPages).toBe(0);
-    });
-
-    it('should return paginated users', async () => {
-      vi.mocked(prisma.user.findMany).mockResolvedValue(mockUsers);
-      vi.mocked(prisma.user.count).mockResolvedValue(2);
-
-      const result = await service.getUsers(defaultQuery);
-      expect(result.data).toHaveLength(2);
-      expect(result.pagination.total).toBe(2);
-      expect(result.pagination.totalPages).toBe(1);
-    });
-
-    it('should handle pagination correctly', async () => {
-      vi.mocked(prisma.user.findMany).mockResolvedValue([mockUsers[0]]);
-      vi.mocked(prisma.user.count).mockResolvedValue(3);
-
-      const result = await service.getUsers({
-        ...defaultQuery,
-        page: 1,
-        limit: 2,
-      });
-      expect(result.data).toHaveLength(1);
-      expect(result.pagination.total).toBe(3);
-      expect(result.pagination.totalPages).toBe(2);
-    });
-
-    it('should filter users by search query', async () => {
-      vi.mocked(prisma.user.findMany).mockResolvedValue([mockUsers[0]]);
-      vi.mocked(prisma.user.count).mockResolvedValue(1);
-
-      const result = await service.getUsers({
-        ...defaultQuery,
-        search: 'user1',
-      });
-      expect(result.data).toHaveLength(1);
-      expect(result.data[0].email).toBe('user1@test.com');
-    });
-  });
-
-  describe('getUserById', () => {
-    const mockUser = {
-      id: '1',
-      email: 'test@example.com',
-      name: 'Test User',
-      emailVerified: false,
-      image: null,
-      role: 'user' as const,
-      banned: false,
-      banReason: null,
-      banExpires: null,
-      createdAt: new Date(),
-      updatedAt: new Date(),
-    };
-
-    it('should return user by ID', async () => {
-      vi.mocked(prisma.user.findUnique).mockResolvedValue(mockUser);
-
-      const user = await service.getUserById('1');
-
-      expect(user).toEqual(mockUser);
-      expect(user?.id).toBe('1');
-    });
-
-    it('should throw NotFoundError when user not found', async () => {
-      vi.mocked(prisma.user.findUnique).mockResolvedValue(null);
-
-      await expect(service.getUserById('non-existent-id')).rejects.toThrow(
-        'User not found'
-      );
-    });
-  });
-
-  describe('createUser', () => {
-    const mockUser = {
-      id: '1',
-      email: 'test@example.com',
-      name: 'Test User',
-      emailVerified: false,
-      image: null,
-      role: 'user' as const,
-      banned: false,
-      banReason: null,
-      banExpires: null,
-      createdAt: new Date(),
-      updatedAt: new Date(),
-    };
-
-    it('should create a new user', async () => {
-      vi.mocked(prisma.user.create).mockResolvedValue(mockUser);
-
-      const user = await service.createUser({
-        email: 'test@example.com',
-        name: 'Test User',
-        role: 'user',
-      });
-
-      expect(user.id).toBe('1');
-      expect(user.email).toBe('test@example.com');
-      expect(user.name).toBe('Test User');
-    });
-  });
-
-  describe('updateUser', () => {
-    const mockUser = {
-      id: '1',
-      email: 'test@example.com',
-      name: 'Test User',
-      emailVerified: false,
-      image: null,
-      role: 'user' as const,
-      banned: false,
-      banReason: null,
-      banExpires: null,
-      createdAt: new Date(),
-      updatedAt: new Date(),
-    };
-
-    const updatedUser = {
-      ...mockUser,
-      name: 'Updated Name',
-    };
-
-    it('should update user successfully', async () => {
-      vi.mocked(prisma.user.findUnique).mockResolvedValue(mockUser);
-      vi.mocked(prisma.user.update).mockResolvedValue(updatedUser);
-
-      const user = await service.updateUser('actor-id', 'super_admin', '1', {
-        name: 'Updated Name',
-      });
-
-      expect(user?.name).toBe('Updated Name');
-      expect(user?.id).toBe('1');
-    });
-
-    it('should throw NotFoundError when user not found', async () => {
-      vi.mocked(prisma.user.findUnique).mockResolvedValue(null);
-
-      await expect(
-        service.updateUser('actor-id', 'super_admin', 'non-existent-id', {
-          name: 'New Name',
-        })
-      ).rejects.toThrow('User not found');
-    });
-  });
-
-  describe('deleteUser', () => {
-    const mockUser = {
-      id: '1',
-      email: 'test@example.com',
-      name: 'Test User',
-      emailVerified: false,
-      image: null,
-      role: 'user' as const,
-      banned: false,
-      banReason: null,
-      banExpires: null,
-      createdAt: new Date(),
-      updatedAt: new Date(),
-    };
-
-    it('should delete user successfully', async () => {
-      vi.mocked(prisma.user.findUnique).mockResolvedValue(mockUser);
-      vi.mocked(prisma.user.delete).mockResolvedValue(mockUser);
-
-      await service.deleteUser('actor-id', 'super_admin', '1');
-
-      expect(prisma.user.delete).toHaveBeenCalledWith({
-        where: { id: '1' },
-      });
-    });
-
-    it('should throw NotFoundError when user not found', async () => {
-      vi.mocked(prisma.user.findUnique).mockResolvedValue(null);
-
-      await expect(
-        service.deleteUser('actor-id', 'super_admin', 'non-existent-id')
-      ).rejects.toThrow('User not found');
-    });
-  });
-});

package/template/apps/api/src/services/users.service.ts

@@ -1,198 +0,0 @@
-import {
-  type PaginatedResponse,
-  type QueryUsers,
-} from '@repo/packages-types/pagination';
-import { type Role } from '@repo/packages-types/role';
-import {
-  type CreateUser,
-  type UpdateUser,
-  type User,
-} from '@repo/packages-types/user';
-import { ForbiddenError, NotFoundError } from '@repo/packages-utils/errors';
-
-import type { LoggerService } from '@/common/logger.service';
-import type { PrismaClient } from '@/generated/client/client.js';
-import type { AuthorizationService } from '@/services/authorization.service';
-
-export class UsersService {
-  constructor(
-    private readonly prisma: PrismaClient,
-    private readonly logger: LoggerService,
-    private readonly authorizationService: AuthorizationService
-  ) {
-    this.logger.setContext('UsersService');
-  }
-
-  async getUsers(query: QueryUsers): Promise<PaginatedResponse<User>> {
-    const where = query.search
-      ? {
-          OR: [
-            { name: { contains: query.search, mode: 'insensitive' as const } },
-            { email: { contains: query.search, mode: 'insensitive' as const } },
-          ],
-        }
-      : undefined;
-
-    const [users, total] = await Promise.all([
-      this.prisma.user.findMany({
-        where,
-        orderBy: { [query.sortBy]: query.sortOrder },
-        skip: (query.page - 1) * query.limit,
-        take: query.limit,
-      }),
-      this.prisma.user.count({ where }),
-    ]);
-
-    const totalPages = Math.ceil(total / query.limit);
-
-    return {
-      data: users as User[],
-      pagination: {
-        page: query.page,
-        limit: query.limit,
-        total,
-        totalPages,
-      },
-    };
-  }
-
-  async getUserById(id: string): Promise<User> {
-    const user = await this.prisma.user.findUnique({
-      where: { id },
-    });
-
-    if (!user) {
-      this.logger.warn('User not found', { userId: id });
-      throw new NotFoundError('User not found', { userId: id });
-    }
-
-    return user as User;
-  }
-
-  async createUser(createUser: CreateUser): Promise<User> {
-    this.logger.info('Creating user', { email: createUser.email });
-
-    const user = await this.prisma.user.create({
-      data: {
-        email: createUser.email,
-        name: createUser.name,
-      },
-    });
-
-    this.logger.info('User created successfully', { userId: user.id });
-    return user as User;
-  }
-
-  async updateUser(
-    actorId: string,
-    actorRole: Role,
-    targetId: string,
-    updateUser: UpdateUser
-  ): Promise<User> {
-    this.logger.info('Updating user', {
-      actorId,
-      actorRole,
-      targetId,
-    });
-
-    const targetUser = await this.prisma.user.findUnique({
-      where: { id: targetId },
-    });
-
-    if (!targetUser) {
-      this.logger.warn('User not found for update', { userId: targetId });
-      throw new NotFoundError('User not found', { userId: targetId });
-    }
-
-    // Check if actor can modify target user
-    this.authorizationService.assertCanModifyUser(
-      actorId,
-      actorRole,
-      targetId,
-      targetUser.role as Role
-    );
-
-    // Check role change permissions
-    if (updateUser.role && updateUser.role !== targetUser.role) {
-      this.authorizationService.assertCanChangeRole(
-        actorId,
-        actorRole,
-        targetId,
-        targetUser.role as Role,
-        updateUser.role
-      );
-    }
-
-    // Check email change permissions
-    if (updateUser.email && updateUser.email !== targetUser.email) {
-      this.authorizationService.assertCanChangeEmail(actorRole);
-    }
-
-    const updatedUser = await this.prisma.user.update({
-      where: { id: targetId },
-      data: updateUser,
-    });
-
-    this.logger.info('User updated successfully', {
-      actorId,
-      targetId,
-      changes: Object.keys(updateUser),
-    });
-    return updatedUser as User;
-  }
-
-  async deleteUser(
-    actorId: string,
-    actorRole: Role,
-    targetId: string
-  ): Promise<void> {
-    this.logger.info('Deleting user', {
-      actorId,
-      actorRole,
-      targetId,
-    });
-
-    const targetUser = await this.prisma.user.findUnique({
-      where: { id: targetId },
-    });
-
-    if (!targetUser) {
-      this.logger.warn('User not found for deletion', { userId: targetId });
-      throw new NotFoundError('User not found', { userId: targetId });
-    }
-
-    // Check if actor can delete target user (includes self-deletion check)
-    this.authorizationService.assertCanDeleteUser(
-      actorId,
-      actorRole,
-      targetId,
-      targetUser.role as Role
-    );
-
-    // Prevent deleting the last super_admin
-    if (targetUser.role === 'super_admin') {
-      const superAdminCount = await this.prisma.user.count({
-        where: { role: 'super_admin' },
-      });
-
-      if (superAdminCount <= 1) {
-        this.logger.warn('Attempt to delete last super admin', {
-          actorId,
-          targetId,
-        });
-        throw new ForbiddenError(
-          'Cannot delete the last super admin. Please promote another user to super admin first.'
-        );
-      }
-    }
-
-    await this.prisma.user.delete({
-      where: { id: targetId },
-    });
-
-    this.logger.info('User deleted successfully', {
-      actorId,
-      targetId,
-    });
-  }
-}

package/template/apps/api/src/utils/file-validation.ts

@@ -1,108 +0,0 @@
-import type { MultipartFile } from '@fastify/multipart';
-
-export const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10MB in bytes
-
-export const ALLOWED_MIME_TYPES = {
-  // Images
-  'image/jpeg': ['.jpg', '.jpeg'],
-  'image/png': ['.png'],
-  'image/gif': ['.gif'],
-  'image/webp': ['.webp'],
-  'image/svg+xml': ['.svg'],
-  // Documents
-  'application/pdf': ['.pdf'],
-  'application/msword': ['.doc'],
-  'application/vnd.openxmlformats-officedocument.wordprocessingml.document': [
-    '.docx',
-  ],
-  'application/vnd.ms-excel': ['.xls'],
-  'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': [
-    '.xlsx',
-  ],
-  'text/plain': ['.txt'],
-  'text/csv': ['.csv'],
-} as const;
-
-export type AllowedMimeType = keyof typeof ALLOWED_MIME_TYPES;
-
-export interface FileValidationError {
-  field: string;
-  message: string;
-}
-
-export interface FileValidationResult {
-  valid: boolean;
-  error?: FileValidationError;
-}
-
-export function validateFile(file: MultipartFile): FileValidationResult {
-  const { mimetype, filename } = file;
-
-  // Check if MIME type is allowed
-  if (!isAllowedMimeType(mimetype)) {
-    return {
-      valid: false,
-      error: {
-        field: 'file',
-        message: `File type '${mimetype}' is not allowed. Allowed types: images (JPEG, PNG, GIF, WebP, SVG), documents (PDF, DOC, DOCX, XLS, XLSX, TXT, CSV)`,
-      },
-    };
-  }
-
-  // Validate file extension matches MIME type
-  const extension = getFileExtension(filename);
-  const allowedExtensions = ALLOWED_MIME_TYPES[mimetype as AllowedMimeType];
-
-  if (!(allowedExtensions as readonly string[]).includes(extension)) {
-    return {
-      valid: false,
-      error: {
-        field: 'file',
-        message: `File extension '${extension}' does not match MIME type '${mimetype}'`,
-      },
-    };
-  }
-
-  return { valid: true };
-}
-
-export async function validateFileSize(
-  file: MultipartFile
-): Promise<FileValidationResult> {
-  // Note: @fastify/multipart doesn't provide file size directly
-  // We need to check size during streaming or after buffering
-  // This is handled in the upload handler
-  return { valid: true };
-}
-
-export function isAllowedMimeType(mimetype: string): boolean {
-  return mimetype in ALLOWED_MIME_TYPES;
-}
-
-export function getFileExtension(filename: string): string {
-  const lastDot = filename.lastIndexOf('.');
-  return lastDot === -1 ? '' : filename.slice(lastDot).toLowerCase();
-}
-
-export function isImageFile(mimetype: string): boolean {
-  return mimetype.startsWith('image/');
-}
-
-export function sanitizeFilename(filename: string): string {
-  // Remove path separators and special characters
-  return filename
-    .replace(/[/\\]/g, '')
-    .replace(/[^a-zA-Z0-9._-]/g, '_')
-    .slice(0, 255); // Limit filename length
-}
-
-export function generateUniqueFilename(originalFilename: string): string {
-  const extension = getFileExtension(originalFilename);
-  const timestamp = Date.now();
-  const random = Math.random().toString(36).substring(2, 10);
-  const sanitized = sanitizeFilename(
-    originalFilename.replace(extension, '')
-  ).slice(0, 50);
-
-  return `${timestamp}-${random}-${sanitized}${extension}`;
-}