create-blitzpack 0.1.0 → 0.1.1

package/template/apps/api/src/common/logger.service.ts

@@ -1,227 +0,0 @@
-import type { FastifyBaseLogger } from 'fastify';
-import pino, { type Logger } from 'pino';
-
-import { loadEnv } from '@/config/env';
-
-type VerbosityLevel = 'minimal' | 'normal' | 'detailed' | 'verbose';
-type LogLevel = 'error' | 'warn' | 'info' | 'debug' | 'trace';
-
-interface LogContext {
-  [key: string]: unknown;
-}
-
-interface PerformanceMetrics {
-  operation: string;
-  duration: number;
-  [key: string]: unknown;
-}
-
-export class LoggerService {
-  private readonly logger: Logger | FastifyBaseLogger;
-  private readonly globalVerbosity: VerbosityLevel;
-  private readonly isDevelopment: boolean;
-  private verbosityOverride?: VerbosityLevel;
-  private context?: string;
-
-  constructor(existingLogger?: Logger | FastifyBaseLogger) {
-    const env = loadEnv();
-    this.isDevelopment = env.NODE_ENV === 'development';
-    this.globalVerbosity = env.LOG_LEVEL;
-
-    if (existingLogger) {
-      this.logger = existingLogger;
-    } else {
-      this.logger = pino({
-        level: 'trace',
-        formatters: {
-          level: (label) => ({ level: label }),
-        },
-        serializers: {
-          err: pino.stdSerializers.err,
-          error: pino.stdSerializers.err,
-          req: pino.stdSerializers.req,
-          res: pino.stdSerializers.res,
-        },
-        transport: this.isDevelopment
-          ? {
-              target: 'pino-pretty',
-              options: {
-                colorize: true,
-                ignore: 'pid,hostname',
-                singleLine: false,
-                messageFormat: '{if context}[{context}] {end}{msg}',
-                translateTime: 'HH:MM:ss',
-              },
-            }
-          : undefined,
-      });
-    }
-  }
-
-  minimal(): this {
-    const instance = this.clone();
-    instance.verbosityOverride = 'minimal';
-    return instance;
-  }
-
-  normal(): this {
-    const instance = this.clone();
-    instance.verbosityOverride = 'normal';
-    return instance;
-  }
-
-  detailed(): this {
-    const instance = this.clone();
-    instance.verbosityOverride = 'detailed';
-    return instance;
-  }
-
-  verbose(): this {
-    const instance = this.clone();
-    instance.verbosityOverride = 'verbose';
-    return instance;
-  }
-
-  setContext(context: string): void {
-    this.context = context;
-  }
-
-  child(context: string): LoggerService {
-    const instance = this.clone();
-    instance.context = context;
-    return instance;
-  }
-
-  log(message: string, context?: LogContext): void {
-    this.info(message, context);
-  }
-
-  info(message: string, context?: LogContext): void {
-    if (this.shouldLog('info')) {
-      this.writeLog('info', message, context);
-    }
-  }
-
-  error(message: string, error?: Error | string, context?: LogContext): void {
-    if (this.shouldLog('error')) {
-      const errorContext =
-        error instanceof Error
-          ? { err: error, ...context }
-          : error
-            ? { trace: error, ...context }
-            : context;
-
-      this.writeLog('error', message, errorContext);
-    }
-  }
-
-  warn(message: string, context?: LogContext): void {
-    if (this.shouldLog('warn')) {
-      this.writeLog('warn', message, context);
-    }
-  }
-
-  debug(message: string, context?: LogContext): void {
-    if (this.shouldLog('debug')) {
-      this.writeLog('debug', message, context);
-    }
-  }
-
-  trace(message: string, context?: LogContext): void {
-    if (this.shouldLog('trace')) {
-      this.writeLog('trace', message, context);
-    }
-  }
-
-  perf(message: string, metrics: PerformanceMetrics): void {
-    if (this.shouldLog('debug')) {
-      this.writeLog('debug', message, {
-        performance: true,
-        ...metrics,
-      });
-    }
-  }
-
-  getVerbosity(): VerbosityLevel {
-    return this.verbosityOverride ?? this.globalVerbosity;
-  }
-
-  getRawLogger(): Logger | FastifyBaseLogger {
-    return this.logger;
-  }
-
-  private shouldLog(level: LogLevel): boolean {
-    const effectiveVerbosity = this.verbosityOverride ?? this.globalVerbosity;
-
-    const verbosityOrder: VerbosityLevel[] = [
-      'minimal',
-      'normal',
-      'detailed',
-      'verbose',
-    ];
-    const currentLevel =
-      verbosityOrder.indexOf(effectiveVerbosity) >= 0
-        ? verbosityOrder.indexOf(effectiveVerbosity)
-        : 1;
-
-    switch (level) {
-      case 'error':
-      case 'warn':
-        return currentLevel >= 0;
-      case 'info':
-        return currentLevel >= 1;
-      case 'debug':
-        return currentLevel >= 2;
-      case 'trace':
-        return currentLevel >= 3;
-      default:
-        return false;
-    }
-  }
-
-  private writeLog(
-    level: 'info' | 'error' | 'warn' | 'debug' | 'trace',
-    message: string,
-    context?: LogContext
-  ): void {
-    const effectiveVerbosity = this.verbosityOverride ?? this.globalVerbosity;
-    const enrichedContext: LogContext = {};
-
-    if (effectiveVerbosity === 'minimal') {
-      // Minimal: message only + critical error fields
-      if (context?.err) enrichedContext.err = context.err;
-      if (context?.error) enrichedContext.error = context.error;
-    } else if (effectiveVerbosity === 'normal') {
-      // Normal: [context] + message + error fields (no additional fields)
-      if (this.context) {
-        enrichedContext.context = this.context;
-      }
-      if (context?.err) enrichedContext.err = context.err;
-      if (context?.error) enrichedContext.error = context.error;
-      if (context?.trace) enrichedContext.trace = context.trace;
-    } else {
-      // Detailed & Verbose: [context] + message + all fields
-      if (this.context) {
-        enrichedContext.context = this.context;
-      }
-      if (context) {
-        Object.assign(enrichedContext, context);
-      }
-    }
-
-    (this.logger[level] as (obj: object, msg?: string) => void)(
-      enrichedContext,
-      message
-    );
-  }
-
-  private clone(): this {
-    const instance = Object.create(Object.getPrototypeOf(this));
-    instance.logger = this.logger;
-    instance.globalVerbosity = this.globalVerbosity;
-    instance.isDevelopment = this.isDevelopment;
-    instance.context = this.context;
-    instance.verbosityOverride = this.verbosityOverride;
-    return instance;
-  }
-}

package/template/apps/api/src/config/env.ts

@@ -1,60 +0,0 @@
-import dotenvFlow from 'dotenv-flow';
-import { z } from 'zod';
-
-const EnvSchema = z.object({
-  NODE_ENV: z
-    .enum(['development', 'production', 'test'])
-    .default('development'),
-  API_URL: z.string().url(),
-  FRONTEND_URL: z.string().url(),
-  DATABASE_URL: z.string().min(1),
-  PORT: z.string().transform(Number).pipe(z.number().int().positive()),
-  COOKIE_SECRET: z
-    .string()
-    .min(16, 'COOKIE_SECRET must be at least 16 characters'),
-  LOG_LEVEL: z
-    .enum(['minimal', 'normal', 'detailed', 'verbose'])
-    .default('normal'),
-  BETTER_AUTH_SECRET: z
-    .string()
-    .min(32, 'BETTER_AUTH_SECRET must be at least 32 characters'),
-  BETTER_AUTH_URL: z.string().url(),
-
-  // OAuth Provider Credentials (Optional)
-  // Only required if you enable social login providers in Better Auth configuration
-  // Leave empty to use email/password authentication only
-  GITHUB_CLIENT_ID: z.string().optional(),
-  GITHUB_CLIENT_SECRET: z.string().optional(),
-  GOOGLE_CLIENT_ID: z.string().optional(),
-  GOOGLE_CLIENT_SECRET: z.string().optional(),
-
-  // Email Service Configuration (Optional)
-  // If RESEND_API_KEY is not provided, emails will be logged to console (dev mode)
-  // EMAIL_FROM: The sender email address (e.g., 'noreply@yourdomain.com')
-  // Note: You MUST verify your domain in Resend dashboard before sending emails
-  RESEND_API_KEY: z.string().optional(),
-  EMAIL_FROM: z.string().email().optional(),
-
-  // File Storage Configuration (Optional)
-  STORAGE_TYPE: z.enum(['local', 's3', 'r2']).optional().default('local'),
-  S3_BUCKET: z.string().optional(),
-  S3_REGION: z.string().optional(),
-  S3_ACCESS_KEY_ID: z.string().optional(),
-  S3_SECRET_ACCESS_KEY: z.string().optional(),
-  S3_ENDPOINT: z.string().url().optional(), // For R2/MinIO compatibility
-});
-
-export type Env = z.infer<typeof EnvSchema>;
-
-export function loadEnv(path?: string): Env {
-  dotenvFlow.config({ path: path || process.cwd() });
-
-  const result = EnvSchema.safeParse(process.env);
-
-  if (!result.success) {
-    console.error('❌ Invalid environment variables:', result.error.format());
-    throw new Error('Invalid environment variables');
-  }
-
-  return result.data;
-}

package/template/apps/api/src/config/rate-limit.ts

@@ -1,29 +0,0 @@
-export const RATE_LIMIT_CONFIG = {
-  // Role-based rate limits (requests per minute)
-  admin: {
-    max: 200,
-    timeWindow: 60 * 1000,
-  },
-  user: {
-    max: 60,
-    timeWindow: 60 * 1000,
-  },
-  anonymous: {
-    max: 30,
-    timeWindow: 60 * 1000,
-  },
-
-  // Route-specific overrides
-  routes: {
-    auth: {
-      max: 10,
-      timeWindow: 60 * 1000,
-    },
-    uploads: {
-      max: 20,
-      timeWindow: 60 * 1000,
-    },
-  },
-} as const;
-
-export type RateLimitRole = 'admin' | 'user' | 'anonymous';

package/template/apps/api/src/hooks/auth.ts

@@ -1,122 +0,0 @@
-import { ForbiddenError, UnauthorizedError } from '@repo/packages-utils/errors';
-import type { FastifyReply, FastifyRequest } from 'fastify';
-
-export interface AuthUser {
-  id: string;
-  email: string;
-  name: string;
-  role: string;
-  session?: {
-    id: string;
-  };
-}
-
-declare module 'fastify' {
-  interface FastifyRequest {
-    user?: AuthUser;
-  }
-}
-
-export async function requireAuth(
-  request: FastifyRequest,
-  reply: FastifyReply
-): Promise<void> {
-  try {
-    const session = await request.server.auth.api.getSession({
-      headers: request.headers as unknown as Headers,
-    });
-
-    if (!session?.user) {
-      throw new UnauthorizedError('Authentication required');
-    }
-
-    // Fetch user from database to check ban status and get latest role
-    const user = await request.server.prisma.user.findUnique({
-      where: { id: session.user.id },
-      select: {
-        id: true,
-        email: true,
-        name: true,
-        role: true,
-        banned: true,
-        banReason: true,
-        banExpires: true,
-      },
-    });
-
-    if (!user) {
-      request.log.warn(
-        {
-          userId: session.user.id,
-        },
-        'User not found in database'
-      );
-      throw new UnauthorizedError('User not found');
-    }
-
-    // Check if user is banned
-    if (user.banned) {
-      // Check if ban has expired
-      if (user.banExpires && new Date() > user.banExpires) {
-        // Automatically unban user
-        await request.server.prisma.user.update({
-          where: { id: user.id },
-          data: {
-            banned: false,
-            banReason: null,
-            banExpires: null,
-          },
-        });
-        request.log.info({ userId: user.id }, 'User ban expired and removed');
-      } else {
-        request.log.warn(
-          {
-            userId: user.id,
-            banReason: user.banReason,
-          },
-          'Banned user attempted to access system'
-        );
-        throw new ForbiddenError('Your account has been banned', {
-          reason: user.banReason,
-          expiresAt: user.banExpires?.toISOString(),
-        });
-      }
-    }
-
-    request.user = {
-      id: user.id,
-      email: user.email,
-      name: user.name ?? '',
-      role: user.role,
-      session: session.session
-        ? {
-            id: session.session.id,
-          }
-        : undefined,
-    };
-  } catch (error) {
-    if (error instanceof UnauthorizedError || error instanceof ForbiddenError) {
-      throw error;
-    }
-    request.log.error(error, 'Auth hook error');
-    throw new UnauthorizedError('Invalid or expired session');
-  }
-}
-
-export function requireRole(roles: string[]) {
-  return async (
-    request: FastifyRequest,
-    reply: FastifyReply
-  ): Promise<void> => {
-    if (!request.user) {
-      throw new UnauthorizedError('Authentication required');
-    }
-
-    if (!roles.includes(request.user.role)) {
-      throw new ForbiddenError('Insufficient permissions', {
-        required: roles,
-        current: request.user.role,
-      });
-    }
-  };
-}

package/template/apps/api/src/plugins/auth.ts

@@ -1,198 +0,0 @@
-import { betterAuth } from 'better-auth';
-import { prismaAdapter } from 'better-auth/adapters/prisma';
-import { admin } from 'better-auth/plugins';
-import type { FastifyPluginAsync, FastifyRequest } from 'fastify';
-import fp from 'fastify-plugin';
-
-import { loadEnv } from '@/config/env.js';
-import { RATE_LIMIT_CONFIG } from '@/config/rate-limit.js';
-import { type PrismaClient } from '@/generated/client/client.js';
-
-declare module 'fastify' {
-  interface FastifyInstance {
-    auth: ReturnType<typeof betterAuth>;
-  }
-}
-
-const authPlugin: FastifyPluginAsync = async (app) => {
-  const env = loadEnv();
-
-  const socialProviders: Record<string, unknown> = {};
-
-  if (env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET) {
-    socialProviders.google = {
-      clientId: env.GOOGLE_CLIENT_ID,
-      clientSecret: env.GOOGLE_CLIENT_SECRET,
-    };
-  }
-
-  if (env.GITHUB_CLIENT_ID && env.GITHUB_CLIENT_SECRET) {
-    socialProviders.github = {
-      clientId: env.GITHUB_CLIENT_ID,
-      clientSecret: env.GITHUB_CLIENT_SECRET,
-    };
-  }
-
-  app.log.info(
-    `[+] OAuth configured with providers: ${Object.keys(socialProviders).join(', ')}`
-  );
-
-  const auth = betterAuth({
-    database: prismaAdapter(app.prisma as unknown as PrismaClient, {
-      provider: 'postgresql',
-    }),
-    baseURL: env.BETTER_AUTH_URL,
-    secret: env.BETTER_AUTH_SECRET,
-    emailAndPassword: {
-      enabled: true,
-      requireEmailVerification: false,
-      sendEmailVerificationOnSignUp: true,
-      autoSignInAfterVerification: true,
-      resetPasswordTokenExpiresIn: 3600,
-      sendResetPassword: async ({ user, token }) => {
-        const resetUrl = `${env.FRONTEND_URL}/reset-password?token=${token}`;
-        await app.emailService.sendPasswordResetEmail(user.email, resetUrl);
-      },
-    },
-    emailVerification: {
-      sendOnSignUp: true,
-      autoSignInAfterVerification: true,
-      sendVerificationEmail: async ({ user, url }) => {
-        const urlObj = new URL(url);
-        urlObj.searchParams.set('callbackURL', env.FRONTEND_URL);
-        await app.emailService.sendVerificationEmail(
-          user.email,
-          urlObj.toString()
-        );
-      },
-    },
-    session: {
-      expiresIn: 60 * 60 * 24 * 7, // 7 days
-      updateAge: 60 * 60 * 24, // Update every 24 hours
-      cookieCache: {
-        enabled: true,
-        maxAge: 60 * 60 * 24 * 30, // 30 days
-      },
-    },
-    advanced: {
-      // IMPORTANT: For cross-domain deployments
-      // useSecureCookies forces secure cookies even in development
-      useSecureCookies: env.NODE_ENV === 'production',
-      database: {
-        generateId: () =>
-          `auth-${Date.now()}-${Math.random().toString(36).slice(2, 9)}`,
-      },
-      redirectURLs: {
-        onError: env.FRONTEND_URL,
-        afterSignIn: env.FRONTEND_URL,
-      },
-    },
-    trustedOrigins: [env.FRONTEND_URL],
-    socialProviders,
-    plugins: [
-      admin({
-        defaultRole: 'user',
-        adminRoles: ['admin', 'super_admin'],
-      }),
-    ],
-  });
-
-  app.decorate('auth', auth);
-
-  app.all(
-    '/api/auth/*',
-    {
-      config: {
-        rateLimit: {
-          max: RATE_LIMIT_CONFIG.routes.auth.max,
-          timeWindow: RATE_LIMIT_CONFIG.routes.auth.timeWindow,
-        },
-      },
-    },
-    async (request, reply) => {
-      try {
-        // Convert Fastify request to Web Request for Better Auth
-        const webRequest = await toWebRequest(request);
-
-        // Handle the request with Better Auth
-        const response = await auth.handler(webRequest);
-
-        // Set status
-        reply.status(response.status);
-
-        // Process headers and modify Set-Cookie for cross-domain
-        response.headers.forEach((value, key) => {
-          if (key.toLowerCase() === 'set-cookie') {
-            // For cross-domain cookie support, we need to modify cookie attributes
-            // Better Auth sets cookies, but we need to ensure SameSite=None for cross-domain
-            const cookieValue = value;
-
-            if (env.NODE_ENV === 'production') {
-              let modifiedCookie = cookieValue;
-
-              if (!modifiedCookie.includes('Secure')) {
-                modifiedCookie += '; Secure';
-              }
-
-              if (modifiedCookie.includes('SameSite=Lax')) {
-                modifiedCookie = modifiedCookie.replace(
-                  'SameSite=Lax',
-                  'SameSite=None'
-                );
-              } else if (!modifiedCookie.includes('SameSite=')) {
-                modifiedCookie += '; SameSite=None';
-              }
-
-              reply.header(key, modifiedCookie);
-            } else {
-              reply.header(key, cookieValue);
-            }
-          } else {
-            reply.header(key, value);
-          }
-        });
-
-        const body = await response.text();
-        return reply.send(body);
-      } catch (error) {
-        app.log.error(error, 'Better Auth handler error');
-        return reply.status(500).send({
-          statusCode: 500,
-          error: 'Internal Server Error',
-          message: 'Authentication error occurred',
-        });
-      }
-    }
-  );
-
-  app.log.info('[+] Better Auth configured');
-};
-
-async function toWebRequest(request: FastifyRequest): Promise<Request> {
-  const url = new URL(request.url, `${request.protocol}://${request.hostname}`);
-
-  const headers = new Headers();
-  Object.entries(request.headers).forEach(([key, value]) => {
-    if (value) {
-      const headerValue = Array.isArray(value)
-        ? value.join(', ')
-        : String(value);
-      headers.set(key, headerValue);
-    }
-  });
-
-  let body: string | null = null;
-  if (request.method !== 'GET' && request.method !== 'HEAD') {
-    if (request.body) {
-      body = JSON.stringify(request.body);
-    }
-  }
-
-  return new Request(url.toString(), {
-    method: request.method,
-    headers,
-    body,
-  });
-}
-
-export default fp(authPlugin);

package/template/apps/api/src/plugins/database.ts

@@ -1,45 +0,0 @@
-import 'dotenv-flow/config';
-
-import { PrismaPg } from '@prisma/adapter-pg';
-import { type FastifyPluginAsync } from 'fastify';
-import fp from 'fastify-plugin';
-import { Pool } from 'pg';
-
-import { loadEnv } from '@/config/env';
-import { PrismaClient } from '@/generated/client/client.js';
-
-declare module 'fastify' {
-  interface FastifyInstance {
-    prisma: PrismaClient;
-    pgPool: Pool;
-  }
-}
-
-const databasePlugin: FastifyPluginAsync = async (app) => {
-  const env = loadEnv();
-
-  const pool = new Pool({ connectionString: env.DATABASE_URL });
-  const adapter = new PrismaPg(pool);
-
-  const prisma = new PrismaClient({
-    adapter,
-    log:
-      env.LOG_LEVEL === 'verbose'
-        ? ['query', 'info', 'warn', 'error']
-        : ['warn', 'error'],
-  });
-
-  await prisma.$connect();
-  app.log.info('[+] Database connected successfully');
-
-  app.decorate('prisma', prisma);
-  app.decorate('pgPool', pool);
-
-  app.addHook('onClose', async (instance) => {
-    instance.log.info('[-] Disconnecting from database...');
-    await instance.prisma.$disconnect();
-    await instance.pgPool.end();
-  });
-};
-
-export default fp(databasePlugin);