create-blitzpack 0.1.0 → 0.1.1

package/template/apps/api/prisma/schema.prisma

@@ -1,116 +0,0 @@
-// This is your Prisma schema file,
-// learn more about it in the docs: https://pris.ly/d/prisma-schema
-
-generator client {
-  provider = "prisma-client"
-  output   = "../src/generated/client"
-}
-
-datasource db {
-  provider = "postgresql"
-}
-
-// Role enum for user permissions
-enum Role {
-  user
-  admin
-  super_admin
-}
-
-// User model with better-auth support
-model User {
-  id            String    @id @default(cuid())
-  email         String    @unique
-  emailVerified Boolean   @default(false)
-  name          String?
-  image         String?
-  role          Role      @default(user)
-  banned        Boolean   @default(false)
-  banReason     String?
-  banExpires    DateTime?
-  createdAt     DateTime  @default(now())
-  updatedAt     DateTime  @updatedAt
-
-  sessions      Session[]
-  accounts      Account[]
-  uploads       Upload[]
-
-  @@map("users")
-}
-
-// Session model for better-auth
-model Session {
-  id             String   @id @default(cuid())
-  userId         String
-  expiresAt      DateTime
-  token          String   @unique
-  ipAddress      String?
-  userAgent      String?
-  createdAt      DateTime @default(now())
-  updatedAt      DateTime @updatedAt
-
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@index([userId])
-  @@index([expiresAt])
-  @@map("sessions")
-}
-
-// Account model for OAuth providers
-// IMPORTANT: This schema MUST match Better Auth's expected fields exactly
-// Do NOT modify field names without checking Better Auth documentation
-// https://www.better-auth.com/docs/concepts/database#account-model
-model Account {
-  id                     String    @id @default(cuid())
-  userId                 String
-  accountId              String
-  providerId             String
-  accessToken            String?
-  refreshToken           String?
-  idToken                String?
-  accessTokenExpiresAt   DateTime? // OAuth access token expiration
-  refreshTokenExpiresAt  DateTime? // OAuth refresh token expiration
-  scope                  String?   // OAuth scopes granted
-  password               String?   // For credential provider (email/password)
-  createdAt              DateTime  @default(now())
-  updatedAt              DateTime  @updatedAt
-
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@unique([providerId, accountId])
-  @@index([userId])
-  @@map("accounts")
-}
-
-// Verification model for email verification and password reset
-model Verification {
-  id         String   @id @default(cuid())
-  identifier String
-  value      String
-  expiresAt  DateTime
-  createdAt  DateTime @default(now())
-  updatedAt  DateTime @updatedAt
-
-  @@unique([identifier, value])
-  @@map("verifications")
-}
-
-// Upload model for file tracking
-model Upload {
-  id           String   @id @default(cuid())
-  filename     String   @unique // stored filename (unique)
-  originalName String // user's original filename
-  mimeType     String
-  size         Int // bytes
-  url          String // public URL
-  userId       String
-  createdAt    DateTime @default(now())
-  updatedAt    DateTime @updatedAt
-
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-
-  @@index([userId])
-  @@index([createdAt])
-  @@map("uploads")
-}
-

package/template/apps/api/prisma/seed.ts

@@ -1,159 +0,0 @@
-import 'dotenv-flow/config';
-
-import { PrismaPg } from '@prisma/adapter-pg';
-import { betterAuth } from 'better-auth';
-import { prismaAdapter } from 'better-auth/adapters/prisma';
-import { admin } from 'better-auth/plugins';
-import { Pool } from 'pg';
-
-import { PrismaClient, Role } from '../src/generated/client/client.js';
-
-const pool = new Pool({ connectionString: process.env.DATABASE_URL });
-const adapter = new PrismaPg(pool);
-const prisma = new PrismaClient({ adapter });
-
-const auth = betterAuth({
-  database: prismaAdapter(prisma, {
-    provider: 'postgresql',
-  }),
-  baseURL: 'http://localhost:8080',
-  secret: 'temp-seed-secret',
-  emailAndPassword: {
-    enabled: true,
-  },
-  plugins: [
-    admin({
-      defaultRole: 'user',
-      adminRoles: ['admin', 'super_admin'],
-    }),
-  ],
-});
-
-async function main() {
-  console.log('🌱 Seeding database...');
-
-  // SAFETY: Block seeding in production
-  if (process.env.NODE_ENV === 'production') {
-    console.error('❌ SAFETY ERROR: Seed script is blocked in production!');
-    console.error(
-      '   Test accounts with weak passwords should NEVER be created in production.'
-    );
-    console.error(
-      '   If you need to seed production data, create a separate seed-prod.ts file.'
-    );
-    process.exit(1);
-  }
-
-  console.log(`📍 Environment: ${process.env.NODE_ENV || 'development'}`);
-
-  // Delete all existing test accounts first
-  await prisma.account.deleteMany({
-    where: {
-      providerId: 'credential',
-      accountId: {
-        in: [
-          'admin@example.com',
-          'alice@example.com',
-          'bob@example.com',
-          'charlie@example.com',
-        ],
-      },
-    },
-  });
-
-  await prisma.user.deleteMany({
-    where: {
-      email: {
-        in: [
-          'admin@example.com',
-          'alice@example.com',
-          'bob@example.com',
-          'charlie@example.com',
-        ],
-      },
-    },
-  });
-
-  console.log('🗑️  Cleaned up existing test accounts');
-
-  const usersData = [
-    {
-      email: 'admin@example.com',
-      name: 'Super Admin',
-      password: 'Admin@123456',
-      role: Role.super_admin,
-      emailVerified: true,
-    },
-    {
-      email: 'alice@example.com',
-      name: 'Alice Johnson',
-      password: 'Alice@123456',
-      role: Role.user,
-      emailVerified: false,
-    },
-    {
-      email: 'bob@example.com',
-      name: 'Bob Smith',
-      password: 'Bob@123456',
-      role: Role.admin,
-      emailVerified: false,
-    },
-    {
-      email: 'charlie@example.com',
-      name: 'Charlie Davis',
-      password: 'Charlie@123456',
-      role: Role.user,
-      emailVerified: false,
-    },
-  ];
-
-  for (const userData of usersData) {
-    // Create user with Better Auth (this handles password hashing correctly)
-    const response = await auth.api.signUpEmail({
-      body: {
-        email: userData.email,
-        password: userData.password,
-        name: userData.name,
-      },
-    });
-
-    if (!response || !response.user) {
-      console.error(`❌ Failed to create user: ${userData.email}`);
-      continue;
-    }
-
-    // Update user role and email verification status
-    await prisma.user.update({
-      where: { id: response.user.id },
-      data: {
-        role: userData.role,
-        emailVerified: userData.emailVerified,
-      },
-    });
-
-    console.log(
-      `✅ Created: ${userData.email} (${userData.role}) - emailVerified: ${userData.emailVerified}`
-    );
-  }
-
-  console.log('');
-  console.log('✅ Database seeded successfully!');
-  console.log('');
-  console.log('Test accounts:');
-  console.log('  admin@example.com / Admin@123456 (super_admin)');
-  console.log('  alice@example.com / Alice@123456 (user)');
-  console.log('  bob@example.com / Bob@123456 (admin)');
-  console.log('  charlie@example.com / Charlie@123456 (user)');
-  console.log('');
-  console.log('⚠️  IMPORTANT: Change passwords after first login!');
-}
-
-main()
-  .catch((e) => {
-    console.error('❌ Seed failed:', e);
-    process.exit(1);
-  })
-  .finally(async () => {
-    await prisma.$disconnect();
-    await pool.end();
-  });

package/template/apps/api/prisma.config.ts

@@ -1,14 +0,0 @@
-import 'dotenv-flow/config';
-
-import { defineConfig, env } from 'prisma/config';
-
-export default defineConfig({
-  schema: 'prisma/schema.prisma',
-  migrations: {
-    path: 'prisma/migrations',
-    seed: 'tsx prisma/seed.ts',
-  },
-  datasource: {
-    url: env('DATABASE_URL'),
-  },
-});

package/template/apps/api/src/app.ts

@@ -1,377 +0,0 @@
-import cookie from '@fastify/cookie';
-import cors from '@fastify/cors';
-import formbody from '@fastify/formbody';
-import helmet from '@fastify/helmet';
-import rateLimit from '@fastify/rate-limit';
-import { AppError } from '@repo/packages-utils/errors';
-import type { FastifyError, FastifyReply, FastifyRequest } from 'fastify';
-import Fastify from 'fastify';
-import {
-  serializerCompiler,
-  validatorCompiler,
-  type ZodTypeProvider,
-} from 'fastify-type-provider-zod';
-
-import { loadEnv } from '@/config/env';
-import type { RateLimitRole } from '@/config/rate-limit';
-import { RATE_LIMIT_CONFIG } from '@/config/rate-limit';
-import { metricsService } from '@/services/metrics.service';
-
-const env = loadEnv();
-
-export const app = Fastify({
-  logger: {
-    level: 'trace',
-    formatters: {
-      level: (label) => ({ level: label }),
-    },
-    transport:
-      env.NODE_ENV === 'development'
-        ? {
-            target: 'pino-pretty',
-            options: {
-              colorize: true,
-              ignore: 'pid,hostname',
-              singleLine: false,
-              translateTime: 'HH:MM:ss',
-            },
-          }
-        : undefined,
-  },
-  disableRequestLogging: true,
-  requestIdHeader: 'x-request-id',
-  genReqId: () => `req-${Date.now()}-${Math.random().toString(36).slice(2, 9)}`,
-  bodyLimit: 1048576,
-  routerOptions: {
-    ignoreTrailingSlash: true,
-  },
-  onProtoPoisoning: 'error',
-  onConstructorPoisoning: 'error',
-}).withTypeProvider<ZodTypeProvider>();
-
-app.setValidatorCompiler(validatorCompiler);
-app.setSerializerCompiler(serializerCompiler);
-
-await app.register(helmet, {
-  contentSecurityPolicy: {
-    directives: {
-      defaultSrc: ["'self'"],
-      styleSrc: ["'self'", "'unsafe-inline'"],
-      scriptSrc: ["'self'", "'unsafe-inline'"],
-      imgSrc: ["'self'", 'data:', 'https:'],
-    },
-  },
-});
-
-await app.register(cors, {
-  origin: env.FRONTEND_URL,
-  credentials: true,
-  methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
-  allowedHeaders: ['Content-Type', 'Authorization', 'X-Request-ID'],
-  exposedHeaders: ['X-Request-ID'],
-});
-
-// @ts-expect-error - Known issue with @fastify/rate-limit type definitions
-await app.register(rateLimit, {
-  global: true,
-  max: async (request: FastifyRequest) => {
-    const session = await request.server.auth.api
-      .getSession({
-        headers: request.headers as unknown as Headers,
-      })
-      .catch(() => null);
-
-    if (!session?.user) {
-      return RATE_LIMIT_CONFIG.anonymous.max;
-    }
-
-    const userWithRole = session.user as typeof session.user & {
-      role?: string;
-    };
-    const role = (userWithRole.role || 'user') as RateLimitRole;
-
-    return RATE_LIMIT_CONFIG[role]?.max || RATE_LIMIT_CONFIG.user.max;
-  },
-  timeWindow: 60 * 1000,
-  keyGenerator: async (request: FastifyRequest) => {
-    const session = await request.server.auth.api
-      .getSession({
-        headers: request.headers as unknown as Headers,
-      })
-      .catch(() => null);
-
-    if (session?.user?.id) {
-      return `user:${session.user.id}`;
-    }
-
-    return `ip:${request.ip}`;
-  },
-  addHeadersOnExceeding: {
-    'X-RateLimit-Limit': true,
-    'X-RateLimit-Remaining': true,
-    'X-RateLimit-Reset': true,
-  },
-  addHeaders: {
-    'X-RateLimit-Limit': true,
-    'X-RateLimit-Remaining': true,
-    'X-RateLimit-Reset': true,
-  },
-  errorResponseBuilder: (request: FastifyRequest) => ({
-    statusCode: 429,
-    error: 'Too Many Requests',
-    message: 'Rate limit exceeded. Please try again later.',
-  }),
-});
-
-await app.register(cookie, {
-  secret: env.COOKIE_SECRET,
-  parseOptions: {},
-});
-
-await app.register(formbody);
-
-const { default: multipartPlugin } = await import('@/plugins/multipart.js');
-await app.register(multipartPlugin);
-
-const { default: loggerPlugin } = await import('@/plugins/logger.js');
-await app.register(loggerPlugin);
-
-const { default: databasePlugin } = await import('@/plugins/database.js');
-await app.register(databasePlugin);
-
-const { default: servicesPlugin } = await import('@/plugins/services.js');
-await app.register(servicesPlugin);
-
-const { default: authPlugin } = await import('@/plugins/auth.js');
-await app.register(authPlugin);
-
-const { default: swaggerPlugin } = await import('@/plugins/swagger.js');
-await app.register(swaggerPlugin);
-
-const { default: scalarPlugin } = await import('@/plugins/scalar.js');
-await app.register(scalarPlugin);
-
-const { default: schedulePlugin } = await import('@/plugins/schedule.js');
-await app.register(schedulePlugin);
-
-const errorHandler = (
-  error: FastifyError,
-  request: FastifyRequest,
-  reply: FastifyReply
-): void => {
-  request.log.error(
-    {
-      err: error,
-      reqId: request.id,
-      url: request.url,
-      method: request.method,
-    },
-    'Request error'
-  );
-
-  if (error instanceof AppError) {
-    void reply.status(error.statusCode).send({
-      error: {
-        message: error.message,
-        code: error.code,
-        ...(error.details && { details: error.details }),
-      },
-    });
-    return;
-  }
-
-  if (error.validation) {
-    void reply.status(400).send({
-      error: {
-        message: 'Validation failed',
-        code: 'VALIDATION_ERROR',
-        details: error.validation,
-      },
-    });
-    return;
-  }
-
-  const isProduction = env.NODE_ENV === 'production';
-  const statusCode = error.statusCode || 500;
-
-  void reply.status(statusCode).send({
-    error: {
-      message:
-        isProduction && statusCode === 500
-          ? 'Internal server error'
-          : error.message || 'An error occurred',
-      code: 'INTERNAL_ERROR',
-    },
-  });
-};
-
-app.setErrorHandler(errorHandler);
-
-app.addHook('onRequest', async (request) => {
-  if (env.LOG_LEVEL === 'detailed' || env.LOG_LEVEL === 'verbose') {
-    request.log = request.log.child({ reqId: request.id });
-  }
-});
-
-app.addHook('onResponse', async (request, reply) => {
-  try {
-    const responseTime = reply.elapsedTime;
-    metricsService.recordRequest(responseTime, reply.statusCode);
-
-    const statusCode = reply.statusCode;
-    const isError = statusCode >= 400;
-    const logMessage = `${request.method} ${request.url} → ${statusCode} (${responseTime.toFixed(2)}ms)`;
-
-    switch (env.LOG_LEVEL) {
-      case 'minimal':
-        if (isError) {
-          request.log.error(
-            {
-              method: request.method,
-              url: request.url,
-              statusCode,
-              responseTime: `${responseTime.toFixed(2)}ms`,
-            },
-            logMessage
-          );
-        }
-        break;
-
-      case 'normal':
-        if (isError) {
-          request.log.error(logMessage);
-        } else {
-          request.log.info(logMessage);
-        }
-        break;
-
-      case 'detailed':
-        if (isError) {
-          request.log.error(
-            {
-              method: request.method,
-              url: request.url,
-              statusCode,
-              responseTime: `${responseTime.toFixed(2)}ms`,
-              ip: request.ip,
-              userAgent: request.headers['user-agent'],
-            },
-            logMessage
-          );
-        } else {
-          request.log.info(
-            {
-              method: request.method,
-              url: request.url,
-              statusCode,
-              responseTime: `${responseTime.toFixed(2)}ms`,
-              ip: request.ip,
-              userAgent: request.headers['user-agent'],
-            },
-            logMessage
-          );
-        }
-        break;
-
-      case 'verbose':
-        if (isError) {
-          request.log.error(
-            {
-              method: request.method,
-              url: request.url,
-              statusCode,
-              responseTime: `${responseTime.toFixed(2)}ms`,
-              ip: request.ip,
-              userAgent: request.headers['user-agent'],
-              req: {
-                params: request.params,
-                query: request.query,
-                headers: request.headers,
-              },
-              res: {
-                headers: reply.getHeaders(),
-              },
-            },
-            logMessage
-          );
-        } else {
-          request.log.info(
-            {
-              method: request.method,
-              url: request.url,
-              statusCode,
-              responseTime: `${responseTime.toFixed(2)}ms`,
-              ip: request.ip,
-              userAgent: request.headers['user-agent'],
-              req: {
-                params: request.params,
-                query: request.query,
-                headers: request.headers,
-              },
-              res: {
-                headers: reply.getHeaders(),
-              },
-            },
-            logMessage
-          );
-        }
-        break;
-    }
-  } catch (error) {
-    console.error('[onResponse hook error]:', error);
-  }
-});
-
-app.get('/health', async (request, reply) => {
-  try {
-    await app.prisma.$queryRaw`SELECT 1`;
-    return {
-      status: 'ok',
-      timestamp: new Date().toISOString(),
-      database: 'connected',
-    };
-  } catch (error) {
-    request.log.error(error, 'Database health check failed');
-    return reply.status(503).send({
-      status: 'error',
-      timestamp: new Date().toISOString(),
-      database: 'disconnected',
-    });
-  }
-});
-
-const { default: usersRoutes } = await import('@/routes/users.js');
-const { default: sessionsRoutes } = await import('@/routes/sessions.js');
-const { default: passwordRoutes } = await import('@/routes/password.js');
-const { default: verificationRoutes } = await import(
-  '@/routes/verification.js'
-);
-const { default: uploadsRoutes } = await import('@/routes/uploads.js');
-const { default: uploadsServeRoutes } = await import(
-  '@/routes/uploads-serve.js'
-);
-const { default: accountsRoutes } = await import('@/routes/accounts.js');
-const { default: statsRoutes } = await import('@/routes/stats.js');
-const { default: metricsRoutes } = await import('@/routes/metrics.js');
-const { default: adminSessionsRoutes } = await import(
-  '@/routes/admin-sessions.js'
-);
-
-metricsService.start();
-
-await app.register(uploadsServeRoutes);
-
-await app.register(
-  async (app) => {
-    await app.register(usersRoutes);
-    await app.register(sessionsRoutes);
-    await app.register(passwordRoutes);
-    await app.register(verificationRoutes);
-    await app.register(uploadsRoutes);
-    await app.register(accountsRoutes);
-    await app.register(statsRoutes);
-    await app.register(metricsRoutes);
-    await app.register(adminSessionsRoutes);
-  },
-  { prefix: '/api' }
-);