create-blitzpack 0.1.0 → 0.1.1

package/template/apps/api/src/routes/uploads.ts

@@ -1,154 +0,0 @@
-import type { MultipartFile } from '@fastify/multipart';
-import {
-  DeleteUploadParamsSchema,
-  GetUploadsQuerySchema,
-  UploadResponseSchema,
-  UploadStatsSchema,
-} from '@repo/packages-types/upload';
-import {
-  UnauthorizedError,
-  ValidationError,
-} from '@repo/packages-utils/errors';
-import type { FastifyPluginAsync } from 'fastify';
-import type { ZodTypeProvider } from 'fastify-type-provider-zod';
-import { z } from 'zod';
-
-import { RATE_LIMIT_CONFIG } from '@/config/rate-limit.js';
-import { requireAuth } from '@/hooks/auth';
-
-const uploadsRoutes: FastifyPluginAsync = async (app) => {
-  const server = app.withTypeProvider<ZodTypeProvider>();
-
-  // POST /api/uploads - Upload a file
-  server.post(
-    '/uploads',
-    {
-      onRequest: requireAuth,
-      config: {
-        rateLimit: {
-          max: RATE_LIMIT_CONFIG.routes.uploads.max,
-          timeWindow: RATE_LIMIT_CONFIG.routes.uploads.timeWindow,
-        },
-      },
-      schema: {
-        description: 'Upload a file',
-        tags: ['Uploads'],
-        response: {
-          201: UploadResponseSchema,
-        },
-      },
-    },
-    async (request, reply) => {
-      const userId = request.user?.id;
-
-      if (!userId) {
-        throw new UnauthorizedError();
-      }
-
-      const data = await request.file();
-
-      if (!data) {
-        throw new ValidationError('No file provided');
-      }
-
-      const file = data as MultipartFile;
-
-      const upload = await app.uploadsService.uploadFile(file, userId);
-
-      return reply.status(201).send(upload);
-    }
-  );
-
-  // GET /api/uploads - Get user's uploads
-  server.get(
-    '/uploads',
-    {
-      onRequest: requireAuth,
-      schema: {
-        querystring: GetUploadsQuerySchema,
-        description: 'Get paginated list of user uploads',
-        tags: ['Uploads'],
-        response: {
-          200: z.array(
-            UploadResponseSchema.omit({ user: true }).extend({
-              userId: z.string(),
-            })
-          ),
-        },
-      },
-    },
-    async (request) => {
-      const userId = request.user?.id;
-
-      if (!userId) {
-        throw new UnauthorizedError();
-      }
-
-      const { limit, offset } = request.query;
-
-      const uploads = await app.uploadsService.getUserUploads(userId, {
-        limit,
-        offset,
-      });
-
-      return uploads;
-    }
-  );
-
-  // GET /api/uploads/stats - Get upload statistics
-  server.get(
-    '/uploads/stats',
-    {
-      onRequest: requireAuth,
-      schema: {
-        description: 'Get upload statistics for current user',
-        tags: ['Uploads'],
-        response: {
-          200: UploadStatsSchema,
-        },
-      },
-    },
-    async (request) => {
-      const userId = request.user?.id;
-
-      if (!userId) {
-        throw new UnauthorizedError();
-      }
-
-      const stats = await app.uploadsService.getUploadStats(userId);
-
-      return stats;
-    }
-  );
-
-  // DELETE /api/uploads/:id - Delete an upload
-  server.delete(
-    '/uploads/:id',
-    {
-      onRequest: requireAuth,
-      schema: {
-        params: DeleteUploadParamsSchema,
-        description: 'Delete an upload',
-        tags: ['Uploads'],
-        response: {
-          204: z.void(),
-        },
-      },
-    },
-    async (request, reply) => {
-      const userId = request.user?.id;
-
-      if (!userId) {
-        throw new UnauthorizedError();
-      }
-
-      const { id } = request.params;
-
-      await app.uploadsService.deleteUpload(id, userId);
-
-      return reply.status(204).send();
-    }
-  );
-};
-
-export default uploadsRoutes;

package/template/apps/api/src/routes/users.ts

@@ -1,114 +0,0 @@
-import { QueryUsersSchema } from '@repo/packages-types/pagination';
-import {
-  CreateUserSchema,
-  GetUserByIdSchema,
-  UpdateUserSchema,
-} from '@repo/packages-types/user';
-import type { FastifyPluginAsync } from 'fastify';
-import type { ZodTypeProvider } from 'fastify-type-provider-zod';
-
-import { requireAuth, requireRole } from '@/hooks/auth';
-
-const usersRoutes: FastifyPluginAsync = async (app) => {
-  const server = app.withTypeProvider<ZodTypeProvider>();
-
-  // GET /users - Get paginated users with filtering and sorting (Admin only)
-  server.get(
-    '/users',
-    {
-      preHandler: [requireAuth, requireRole(['admin', 'super_admin'])],
-      schema: {
-        querystring: QueryUsersSchema,
-        description:
-          'Get paginated users with filtering and sorting (Admin only)',
-        tags: ['Users'],
-      },
-    },
-    async (request) => {
-      return app.usersService.getUsers(request.query);
-    }
-  );
-
-  // GET /users/:id - Get user by ID (Admin only)
-  server.get(
-    '/users/:id',
-    {
-      preHandler: [requireAuth, requireRole(['admin', 'super_admin'])],
-      schema: {
-        params: GetUserByIdSchema,
-        description: 'Get user by ID (Admin only)',
-        tags: ['Users'],
-      },
-    },
-    async (request) => {
-      const user = await app.usersService.getUserById(request.params.id);
-      return { data: user };
-    }
-  );
-
-  // POST /users - Create a new user (Admin only)
-  server.post(
-    '/users',
-    {
-      preHandler: [requireAuth, requireRole(['admin', 'super_admin'])],
-      schema: {
-        body: CreateUserSchema,
-        description: 'Create a new user (Admin only)',
-        tags: ['Users'],
-      },
-    },
-    async (request, reply) => {
-      const user = await app.usersService.createUser(request.body);
-
-      return reply.status(201).send({ data: user });
-    }
-  );
-
-  // PATCH /users/:id - Update user by ID (Admin only)
-  server.patch(
-    '/users/:id',
-    {
-      preHandler: [requireAuth, requireRole(['admin', 'super_admin'])],
-      schema: {
-        params: GetUserByIdSchema,
-        body: UpdateUserSchema,
-        description: 'Update user by ID (Admin only)',
-        tags: ['Users'],
-      },
-    },
-    async (request) => {
-      const user = await app.usersService.updateUser(
-        request.user!.id,
-        request.user!.role as 'user' | 'admin' | 'super_admin',
-        request.params.id,
-        request.body
-      );
-
-      return { data: user };
-    }
-  );
-
-  // DELETE /users/:id - Delete user by ID (Admin only)
-  server.delete(
-    '/users/:id',
-    {
-      preHandler: [requireAuth, requireRole(['admin', 'super_admin'])],
-      schema: {
-        params: GetUserByIdSchema,
-        description: 'Delete user by ID (Admin only)',
-        tags: ['Users'],
-      },
-    },
-    async (request) => {
-      await app.usersService.deleteUser(
-        request.user!.id,
-        request.user!.role as 'user' | 'admin' | 'super_admin',
-        request.params.id
-      );
-
-      return { message: 'User deleted successfully' };
-    }
-  );
-};
-
-export default usersRoutes;

package/template/apps/api/src/routes/verification.ts

@@ -1,90 +0,0 @@
-import type { FastifyPluginAsync } from 'fastify';
-import type { ZodTypeProvider } from 'fastify-type-provider-zod';
-import { z } from 'zod';
-
-import { requireAuth } from '@/hooks/auth';
-
-const ResendVerificationSchema = z.object({
-  email: z.string().email().optional(),
-});
-
-const verificationRoutes: FastifyPluginAsync = async (app) => {
-  const server = app.withTypeProvider<ZodTypeProvider>();
-
-  // POST /verification/resend - Resend verification email
-  server.post(
-    '/verification/resend',
-    {
-      preHandler: [requireAuth],
-      schema: {
-        body: ResendVerificationSchema,
-        description:
-          'Resend verification email to authenticated user or specified email',
-        tags: ['Verification'],
-      },
-    },
-    async (request, reply) => {
-      const currentUser = request.user;
-      if (!currentUser) {
-        return reply.status(401).send({
-          error: 'Unauthorized',
-          message: 'Authentication required',
-        });
-      }
-
-      const targetEmail = request.body.email || currentUser.email;
-
-      if (request.body.email && request.body.email !== currentUser.email) {
-        return reply.status(403).send({
-          error: 'Forbidden',
-          message: 'You can only resend verification for your own email',
-        });
-      }
-
-      const user = await app.prisma.user.findUnique({
-        where: { email: targetEmail },
-      });
-
-      if (!user) {
-        return reply.status(404).send({
-          error: 'Not Found',
-          message: 'User not found',
-        });
-      }
-
-      if (user.emailVerified) {
-        return reply.status(400).send({
-          error: 'Bad Request',
-          message: 'Email is already verified',
-        });
-      }
-
-      try {
-        await app.auth.api.sendVerificationEmail({
-          body: {
-            email: user.email,
-            callbackURL: app.env.FRONTEND_URL,
-          },
-        });
-
-        return { message: 'Verification email sent successfully' };
-      } catch (error) {
-        request.log.error(
-          {
-            err: error instanceof Error ? error : new Error(String(error)),
-            email: user.email,
-          },
-          'Failed to send verification email via Better Auth'
-        );
-
-        return reply.status(500).send({
-          error: 'Email Send Failed',
-          message:
-            'Failed to send verification email. Please try again later or contact support.',
-        });
-      }
-    }
-  );
-};
-
-export default verificationRoutes;

package/template/apps/api/src/server.ts

@@ -1,34 +0,0 @@
-import closeWithGrace from 'close-with-grace';
-
-import { app } from '@/app';
-import { loadEnv } from '@/config/env';
-
-const env = loadEnv();
-
-const start = async () => {
-  try {
-    await app.listen({ port: env.PORT, host: '0.0.0.0' });
-    app.log.info(`API server ready at ${env.API_URL}`);
-    app.log.info(`Environment: ${env.NODE_ENV}`);
-    app.log.info(`CORS enabled for: ${env.FRONTEND_URL}`);
-  } catch (err) {
-    app.log.error(err);
-    process.exit(1);
-  }
-};
-
-const closeListeners = closeWithGrace(
-  { delay: Number(process.env.FASTIFY_CLOSE_GRACE_DELAY) || 500 },
-  async ({ err }) => {
-    if (err) {
-      app.log.error(err);
-    }
-    await app.close();
-  }
-);
-
-app.addHook('onClose', async () => {
-  closeListeners.uninstall();
-});
-
-start();

package/template/apps/api/src/services/accounts.service.ts

@@ -1,125 +0,0 @@
-import { NotFoundError, ValidationError } from '@repo/packages-utils/errors';
-
-import { type LoggerService } from '@/common/logger.service';
-import type { PrismaClient } from '@/generated/client/client.js';
-
-export interface ConnectedAccount {
-  providerId: string;
-  accountId: string;
-  connectedAt: Date;
-  scope?: string;
-}
-
-export interface UserAccounts {
-  userId: string;
-  hasPassword: boolean;
-  connectedAccounts: ConnectedAccount[];
-}
-
-export class AccountsService {
-  constructor(
-    private readonly prisma: PrismaClient,
-    private readonly logger: LoggerService
-  ) {
-    this.logger.setContext('AccountsService');
-  }
-
-  async getUserAccounts(userId: string): Promise<UserAccounts> {
-    this.logger.info('Fetching user accounts', { userId });
-
-    const accounts = await this.prisma.account.findMany({
-      where: { userId },
-      select: {
-        providerId: true,
-        accountId: true,
-        createdAt: true,
-        scope: true,
-        password: true,
-      },
-    });
-
-    if (accounts.length === 0) {
-      throw new NotFoundError('User has no connected accounts');
-    }
-
-    const credentialAccount = accounts.find(
-      (a) => a.providerId === 'credential'
-    );
-    const hasPassword = !!(credentialAccount && credentialAccount.password);
-
-    const connectedAccounts: ConnectedAccount[] = accounts
-      .filter((a) => a.providerId !== 'credential')
-      .map((a) => ({
-        providerId: a.providerId,
-        accountId: a.accountId,
-        connectedAt: a.createdAt,
-        scope: a.scope || undefined,
-      }));
-
-    if (hasPassword) {
-      connectedAccounts.unshift({
-        providerId: 'credential',
-        accountId: credentialAccount!.accountId,
-        connectedAt: credentialAccount!.createdAt,
-      });
-    }
-
-    return {
-      userId,
-      hasPassword,
-      connectedAccounts,
-    };
-  }
-
-  async unlinkAccount(
-    userId: string,
-    providerId: string
-  ): Promise<{ success: boolean }> {
-    this.logger.info('Unlinking account', { userId, providerId });
-
-    const accounts = await this.prisma.account.findMany({
-      where: { userId },
-    });
-
-    if (accounts.length <= 1) {
-      throw new ValidationError(
-        'Cannot unlink the only account. User must have at least one login method.'
-      );
-    }
-
-    if (providerId === 'credential') {
-      throw new ValidationError(
-        'Cannot unlink password login. Please change your password or contact support.'
-      );
-    }
-
-    const account = accounts.find((a) => a.providerId === providerId);
-    if (!account) {
-      throw new NotFoundError(
-        `Account with provider ${providerId} not found for this user`
-      );
-    }
-
-    await this.prisma.account.delete({
-      where: { id: account.id },
-    });
-
-    this.logger.info('Account unlinked successfully', { userId, providerId });
-
-    return { success: true };
-  }
-
-  async canChangePassword(userId: string): Promise<boolean> {
-    const credentialAccount = await this.prisma.account.findFirst({
-      where: {
-        userId,
-        providerId: 'credential',
-      },
-      select: {
-        password: true,
-      },
-    });
-
-    return !!(credentialAccount && credentialAccount.password);
-  }
-}

package/template/apps/api/src/services/authorization.service.ts

@@ -1,162 +0,0 @@
-import type { Role } from '@repo/packages-types/role';
-import { ForbiddenError } from '@repo/packages-utils/errors';
-
-import type { LoggerService } from '@/common/logger.service';
-
-export interface AuthorizationContext {
-  actorId: string;
-  actorRole: Role;
-  targetUserId?: string;
-  targetUserRole?: Role;
-}
-
-export class AuthorizationService {
-  private readonly roleHierarchy: Record<Role, number> = {
-    super_admin: 3,
-    admin: 2,
-    user: 1,
-  };
-
-  constructor(private readonly logger: LoggerService) {
-    this.logger.setContext('AuthorizationService');
-  }
-
-  private getRoleLevel(role: Role): number {
-    return this.roleHierarchy[role];
-  }
-
-  canModifyUser(actorRole: Role, targetRole: Role): boolean {
-    const actorLevel = this.getRoleLevel(actorRole);
-    const targetLevel = this.getRoleLevel(targetRole);
-
-    return actorLevel > targetLevel;
-  }
-
-  canDeleteUser(actorRole: Role, targetRole: Role): boolean {
-    return this.canModifyUser(actorRole, targetRole);
-  }
-
-  canChangeRole(
-    actorRole: Role,
-    targetCurrentRole: Role,
-    newRole: Role
-  ): boolean {
-    const actorLevel = this.getRoleLevel(actorRole);
-    const targetLevel = this.getRoleLevel(targetCurrentRole);
-    const newRoleLevel = this.getRoleLevel(newRole);
-
-    return actorLevel > targetLevel && actorLevel > newRoleLevel;
-  }
-
-  canChangeEmail(actorRole: Role): boolean {
-    return actorRole === 'super_admin';
-  }
-
-  assertCanModifyUser(
-    actorId: string,
-    actorRole: Role,
-    targetUserId: string,
-    targetRole: Role
-  ): void {
-    if (actorId === targetUserId) {
-      return;
-    }
-
-    if (!this.canModifyUser(actorRole, targetRole)) {
-      this.logger.warn('Authorization failed: Cannot modify user', {
-        actorId,
-        actorRole,
-        targetUserId,
-        targetRole,
-      });
-      throw new ForbiddenError(
-        `Insufficient permissions to modify user with role: ${targetRole}`,
-        {
-          requiredLevel: 'higher than target',
-          actorRole,
-          targetRole,
-        }
-      );
-    }
-  }
-
-  assertCanDeleteUser(
-    actorId: string,
-    actorRole: Role,
-    targetUserId: string,
-    targetRole: Role
-  ): void {
-    if (actorId === targetUserId) {
-      this.logger.warn('Authorization failed: Cannot delete own account', {
-        actorId,
-      });
-      throw new ForbiddenError('Cannot delete your own account');
-    }
-
-    if (!this.canDeleteUser(actorRole, targetRole)) {
-      this.logger.warn('Authorization failed: Cannot delete user', {
-        actorId,
-        actorRole,
-        targetUserId,
-        targetRole,
-      });
-      throw new ForbiddenError(
-        `Insufficient permissions to delete user with role: ${targetRole}`,
-        {
-          requiredLevel: 'higher than target',
-          actorRole,
-          targetRole,
-        }
-      );
-    }
-  }
-
-  assertCanChangeRole(
-    actorId: string,
-    actorRole: Role,
-    targetUserId: string,
-    targetCurrentRole: Role,
-    newRole: Role
-  ): void {
-    if (actorId === targetUserId) {
-      this.logger.warn('Authorization failed: Cannot modify own role', {
-        actorId,
-      });
-      throw new ForbiddenError('Cannot modify your own role');
-    }
-
-    if (!this.canChangeRole(actorRole, targetCurrentRole, newRole)) {
-      this.logger.warn('Authorization failed: Cannot change role', {
-        actorId,
-        actorRole,
-        targetUserId,
-        targetCurrentRole,
-        newRole,
-      });
-      throw new ForbiddenError(
-        `Insufficient permissions to change role from ${targetCurrentRole} to ${newRole}`,
-        {
-          requiredLevel: 'higher than both current and target roles',
-          actorRole,
-          targetCurrentRole,
-          newRole,
-        }
-      );
-    }
-  }
-
-  assertCanChangeEmail(actorRole: Role): void {
-    if (!this.canChangeEmail(actorRole)) {
-      this.logger.warn('Authorization failed: Cannot change email', {
-        actorRole,
-      });
-      throw new ForbiddenError(
-        'Only super admins can change user email addresses',
-        {
-          requiredRole: 'super_admin',
-          currentRole: actorRole,
-        }
-      );
-    }
-  }
-}