create-blitzpack 0.1.0 → 0.1.2

package/template/apps/api/src/server.ts

@@ -1,34 +0,0 @@
-import closeWithGrace from 'close-with-grace';
-
-import { app } from '@/app';
-import { loadEnv } from '@/config/env';
-
-const env = loadEnv();
-
-const start = async () => {
-  try {
-    await app.listen({ port: env.PORT, host: '0.0.0.0' });
-    app.log.info(`API server ready at ${env.API_URL}`);
-    app.log.info(`Environment: ${env.NODE_ENV}`);
-    app.log.info(`CORS enabled for: ${env.FRONTEND_URL}`);
-  } catch (err) {
-    app.log.error(err);
-    process.exit(1);
-  }
-};
-
-const closeListeners = closeWithGrace(
-  { delay: Number(process.env.FASTIFY_CLOSE_GRACE_DELAY) || 500 },
-  async ({ err }) => {
-    if (err) {
-      app.log.error(err);
-    }
-    await app.close();
-  }
-);
-
-app.addHook('onClose', async () => {
-  closeListeners.uninstall();
-});
-
-start();

package/template/apps/api/src/services/accounts.service.ts

@@ -1,125 +0,0 @@
-import { NotFoundError, ValidationError } from '@repo/packages-utils/errors';
-
-import { type LoggerService } from '@/common/logger.service';
-import type { PrismaClient } from '@/generated/client/client.js';
-
-export interface ConnectedAccount {
-  providerId: string;
-  accountId: string;
-  connectedAt: Date;
-  scope?: string;
-}
-
-export interface UserAccounts {
-  userId: string;
-  hasPassword: boolean;
-  connectedAccounts: ConnectedAccount[];
-}
-
-export class AccountsService {
-  constructor(
-    private readonly prisma: PrismaClient,
-    private readonly logger: LoggerService
-  ) {
-    this.logger.setContext('AccountsService');
-  }
-
-  async getUserAccounts(userId: string): Promise<UserAccounts> {
-    this.logger.info('Fetching user accounts', { userId });
-
-    const accounts = await this.prisma.account.findMany({
-      where: { userId },
-      select: {
-        providerId: true,
-        accountId: true,
-        createdAt: true,
-        scope: true,
-        password: true,
-      },
-    });
-
-    if (accounts.length === 0) {
-      throw new NotFoundError('User has no connected accounts');
-    }
-
-    const credentialAccount = accounts.find(
-      (a) => a.providerId === 'credential'
-    );
-    const hasPassword = !!(credentialAccount && credentialAccount.password);
-
-    const connectedAccounts: ConnectedAccount[] = accounts
-      .filter((a) => a.providerId !== 'credential')
-      .map((a) => ({
-        providerId: a.providerId,
-        accountId: a.accountId,
-        connectedAt: a.createdAt,
-        scope: a.scope || undefined,
-      }));
-
-    if (hasPassword) {
-      connectedAccounts.unshift({
-        providerId: 'credential',
-        accountId: credentialAccount!.accountId,
-        connectedAt: credentialAccount!.createdAt,
-      });
-    }
-
-    return {
-      userId,
-      hasPassword,
-      connectedAccounts,
-    };
-  }
-
-  async unlinkAccount(
-    userId: string,
-    providerId: string
-  ): Promise<{ success: boolean }> {
-    this.logger.info('Unlinking account', { userId, providerId });
-
-    const accounts = await this.prisma.account.findMany({
-      where: { userId },
-    });
-
-    if (accounts.length <= 1) {
-      throw new ValidationError(
-        'Cannot unlink the only account. User must have at least one login method.'
-      );
-    }
-
-    if (providerId === 'credential') {
-      throw new ValidationError(
-        'Cannot unlink password login. Please change your password or contact support.'
-      );
-    }
-
-    const account = accounts.find((a) => a.providerId === providerId);
-    if (!account) {
-      throw new NotFoundError(
-        `Account with provider ${providerId} not found for this user`
-      );
-    }
-
-    await this.prisma.account.delete({
-      where: { id: account.id },
-    });
-
-    this.logger.info('Account unlinked successfully', { userId, providerId });
-
-    return { success: true };
-  }
-
-  async canChangePassword(userId: string): Promise<boolean> {
-    const credentialAccount = await this.prisma.account.findFirst({
-      where: {
-        userId,
-        providerId: 'credential',
-      },
-      select: {
-        password: true,
-      },
-    });
-
-    return !!(credentialAccount && credentialAccount.password);
-  }
-}

package/template/apps/api/src/services/authorization.service.ts

@@ -1,162 +0,0 @@
-import type { Role } from '@repo/packages-types/role';
-import { ForbiddenError } from '@repo/packages-utils/errors';
-
-import type { LoggerService } from '@/common/logger.service';
-
-export interface AuthorizationContext {
-  actorId: string;
-  actorRole: Role;
-  targetUserId?: string;
-  targetUserRole?: Role;
-}
-
-export class AuthorizationService {
-  private readonly roleHierarchy: Record<Role, number> = {
-    super_admin: 3,
-    admin: 2,
-    user: 1,
-  };
-
-  constructor(private readonly logger: LoggerService) {
-    this.logger.setContext('AuthorizationService');
-  }
-
-  private getRoleLevel(role: Role): number {
-    return this.roleHierarchy[role];
-  }
-
-  canModifyUser(actorRole: Role, targetRole: Role): boolean {
-    const actorLevel = this.getRoleLevel(actorRole);
-    const targetLevel = this.getRoleLevel(targetRole);
-
-    return actorLevel > targetLevel;
-  }
-
-  canDeleteUser(actorRole: Role, targetRole: Role): boolean {
-    return this.canModifyUser(actorRole, targetRole);
-  }
-
-  canChangeRole(
-    actorRole: Role,
-    targetCurrentRole: Role,
-    newRole: Role
-  ): boolean {
-    const actorLevel = this.getRoleLevel(actorRole);
-    const targetLevel = this.getRoleLevel(targetCurrentRole);
-    const newRoleLevel = this.getRoleLevel(newRole);
-
-    return actorLevel > targetLevel && actorLevel > newRoleLevel;
-  }
-
-  canChangeEmail(actorRole: Role): boolean {
-    return actorRole === 'super_admin';
-  }
-
-  assertCanModifyUser(
-    actorId: string,
-    actorRole: Role,
-    targetUserId: string,
-    targetRole: Role
-  ): void {
-    if (actorId === targetUserId) {
-      return;
-    }
-
-    if (!this.canModifyUser(actorRole, targetRole)) {
-      this.logger.warn('Authorization failed: Cannot modify user', {
-        actorId,
-        actorRole,
-        targetUserId,
-        targetRole,
-      });
-      throw new ForbiddenError(
-        `Insufficient permissions to modify user with role: ${targetRole}`,
-        {
-          requiredLevel: 'higher than target',
-          actorRole,
-          targetRole,
-        }
-      );
-    }
-  }
-
-  assertCanDeleteUser(
-    actorId: string,
-    actorRole: Role,
-    targetUserId: string,
-    targetRole: Role
-  ): void {
-    if (actorId === targetUserId) {
-      this.logger.warn('Authorization failed: Cannot delete own account', {
-        actorId,
-      });
-      throw new ForbiddenError('Cannot delete your own account');
-    }
-
-    if (!this.canDeleteUser(actorRole, targetRole)) {
-      this.logger.warn('Authorization failed: Cannot delete user', {
-        actorId,
-        actorRole,
-        targetUserId,
-        targetRole,
-      });
-      throw new ForbiddenError(
-        `Insufficient permissions to delete user with role: ${targetRole}`,
-        {
-          requiredLevel: 'higher than target',
-          actorRole,
-          targetRole,
-        }
-      );
-    }
-  }
-
-  assertCanChangeRole(
-    actorId: string,
-    actorRole: Role,
-    targetUserId: string,
-    targetCurrentRole: Role,
-    newRole: Role
-  ): void {
-    if (actorId === targetUserId) {
-      this.logger.warn('Authorization failed: Cannot modify own role', {
-        actorId,
-      });
-      throw new ForbiddenError('Cannot modify your own role');
-    }
-
-    if (!this.canChangeRole(actorRole, targetCurrentRole, newRole)) {
-      this.logger.warn('Authorization failed: Cannot change role', {
-        actorId,
-        actorRole,
-        targetUserId,
-        targetCurrentRole,
-        newRole,
-      });
-      throw new ForbiddenError(
-        `Insufficient permissions to change role from ${targetCurrentRole} to ${newRole}`,
-        {
-          requiredLevel: 'higher than both current and target roles',
-          actorRole,
-          targetCurrentRole,
-          newRole,
-        }
-      );
-    }
-  }
-
-  assertCanChangeEmail(actorRole: Role): void {
-    if (!this.canChangeEmail(actorRole)) {
-      this.logger.warn('Authorization failed: Cannot change email', {
-        actorRole,
-      });
-      throw new ForbiddenError(
-        'Only super admins can change user email addresses',
-        {
-          requiredRole: 'super_admin',
-          currentRole: actorRole,
-        }
-      );
-    }
-  }
-}

package/template/apps/api/src/services/email.service.ts

@@ -1,170 +0,0 @@
-import { render } from '@react-email/components';
-import PasswordResetEmail from 'emails/password-reset-email';
-import VerificationEmail from 'emails/verification-email';
-import { Resend } from 'resend';
-
-import type { LoggerService } from '@/common/logger.service';
-import type { Env } from '@/config/env';
-import type { PrismaClient } from '@/generated/client/client.js';
-
-export class EmailService {
-  private resend: Resend | null = null;
-  private isConfigured: boolean;
-  private emailFrom: string;
-
-  constructor(
-    private readonly env: Env,
-    private readonly logger: LoggerService,
-    private readonly prisma: PrismaClient
-  ) {
-    this.logger.setContext('EmailService');
-
-    this.isConfigured = !!(this.env.RESEND_API_KEY && this.env.EMAIL_FROM);
-    this.emailFrom = this.env.EMAIL_FROM || 'noreply@example.com';
-
-    if (this.isConfigured) {
-      this.resend = new Resend(this.env.RESEND_API_KEY!);
-      this.logger.info(
-        `[+] Email service initialized with Resend. Email: ${this.emailFrom}`
-      );
-    } else {
-      this.logger.warn(
-        'Email service not configured (missing RESEND_API_KEY or EMAIL_FROM) - emails will be logged to console'
-      );
-    }
-  }
-
-  async sendVerificationEmail(
-    email: string,
-    verificationUrl: string
-  ): Promise<{ success: boolean; error?: string }> {
-    const subject = 'Verify your email address';
-
-    try {
-      const html = await render(
-        VerificationEmail({
-          verificationUrl,
-          userEmail: email,
-        })
-      );
-
-      await this.sendEmail({
-        to: email,
-        subject,
-        html,
-      });
-
-      this.logger.info('Verification email sent', { to: email });
-      return { success: true };
-    } catch (error) {
-      this.logger.error(
-        'Failed to send verification email - user can resend later',
-        error instanceof Error ? error : new Error(String(error)),
-        { to: email }
-      );
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : String(error),
-      };
-    }
-  }
-
-  async sendPasswordResetEmail(
-    email: string,
-    resetUrl: string
-  ): Promise<{ success: boolean; error?: string }> {
-    const subject = 'Reset your password';
-
-    try {
-      const html = await render(
-        PasswordResetEmail({
-          resetUrl,
-          userEmail: email,
-        })
-      );
-
-      await this.sendEmail({
-        to: email,
-        subject,
-        html,
-      });
-
-      this.logger.info('Password reset email sent', { to: email });
-      return { success: true };
-    } catch (error) {
-      this.logger.error(
-        'Failed to send password reset email',
-        error instanceof Error ? error : new Error(String(error)),
-        { to: email }
-      );
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : String(error),
-      };
-    }
-  }
-
-  private async sendEmail({
-    to,
-    subject,
-    html,
-  }: {
-    to: string;
-    subject: string;
-    html: string;
-  }) {
-    if (!this.isConfigured) {
-      this.logger
-        .detailed()
-        .info('Email not sent (dev mode - no API key configured)', {
-          to,
-          subject,
-        });
-
-      console.log(
-        '\n┌─────────────────────────────────────────────────────────┐'
-      );
-      console.log(
-        '│                   📧 EMAIL PREVIEW                      │'
-      );
-      console.log(
-        '└─────────────────────────────────────────────────────────┘'
-      );
-      console.log(`To:      ${to}`);
-      console.log(`From:    ${this.emailFrom}`);
-      console.log(`Subject: ${subject}`);
-      console.log('─────────────────────────────────────────────────────────');
-      console.log(`Preview: ${html.slice(0, 300)}...`);
-      console.log(
-        '─────────────────────────────────────────────────────────\n'
-      );
-
-      return;
-    }
-
-    try {
-      const result = await this.resend!.emails.send({
-        from: this.emailFrom,
-        to,
-        subject,
-        html,
-      });
-
-      this.logger.detailed().debug('Email sent successfully', {
-        to,
-        subject,
-        emailId: result.data?.id,
-      });
-    } catch (error) {
-      this.logger.error(
-        'Failed to send email via Resend',
-        error instanceof Error ? error : new Error(String(error)),
-        {
-          to,
-          subject,
-        }
-      );
-      throw error;
-    }
-  }
-}