create-blitzpack 0.1.0

package/template/apps/api/test/integration/sessions.integration.spec.ts

@@ -0,0 +1,445 @@
+import { NotFoundError } from '@repo/packages-utils/errors';
+import { createMockLogger } from '@test/helpers/mock-logger';
+import { getTestPrisma, resetTestDatabase } from '@test/helpers/test-db';
+import { beforeEach, describe, expect, it } from 'vitest';
+
+import type { LoggerService } from '@/common/logger.service';
+import { SessionsService } from '@/services/sessions.service';
+
+describe('Sessions Service Integration Tests', () => {
+  let service: SessionsService;
+  let logger: LoggerService;
+
+  beforeEach(async () => {
+    await resetTestDatabase();
+
+    logger = createMockLogger();
+    const prisma = getTestPrisma();
+    service = new SessionsService(prisma);
+  });
+
+  describe('getUserSessions', () => {
+    it('should return all active sessions for a user', async () => {
+      const prisma = getTestPrisma();
+
+      // Create test user
+      const user = await prisma.user.create({
+        data: {
+          email: 'sessions@test.com',
+          name: 'Sessions User',
+        },
+      });
+
+      // Create multiple sessions
+      await prisma.session.createMany({
+        data: [
+          {
+            userId: user.id,
+            token: 'session-1',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+            ipAddress: '192.168.1.1',
+            userAgent: 'Chrome Desktop',
+          },
+          {
+            userId: user.id,
+            token: 'session-2',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+            ipAddress: '192.168.1.2',
+            userAgent: 'Safari Mobile',
+          },
+          {
+            userId: user.id,
+            token: 'session-3',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+            ipAddress: '10.0.0.1',
+            userAgent: 'Firefox Desktop',
+          },
+        ],
+      });
+
+      const sessions = await service.getUserSessions(user.id);
+
+      expect(sessions).toHaveLength(3);
+      expect(sessions[0].ipAddress).toBeDefined();
+      expect(sessions[0].userAgent).toBeDefined();
+      expect(sessions[0].expiresAt).toBeInstanceOf(Date);
+    });
+
+    it('should exclude expired sessions', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'expired@test.com',
+          name: 'Expired User',
+        },
+      });
+
+      // Create active and expired sessions
+      await prisma.session.createMany({
+        data: [
+          {
+            userId: user.id,
+            token: 'active-session',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+          {
+            userId: user.id,
+            token: 'expired-session-1',
+            expiresAt: new Date(Date.now() - 1000),
+          },
+          {
+            userId: user.id,
+            token: 'expired-session-2',
+            expiresAt: new Date(Date.now() - 5000),
+          },
+        ],
+      });
+
+      const sessions = await service.getUserSessions(user.id);
+
+      expect(sessions).toHaveLength(1);
+      expect(sessions[0].expiresAt.getTime()).toBeGreaterThan(Date.now());
+    });
+
+    it('should return sessions ordered by most recently updated', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'ordered@test.com',
+          name: 'Ordered User',
+        },
+      });
+
+      const now = Date.now();
+
+      // Create sessions with different update times
+      const session1 = await prisma.session.create({
+        data: {
+          userId: user.id,
+          token: 'oldest',
+          expiresAt: new Date(now + 7 * 24 * 60 * 60 * 1000),
+          updatedAt: new Date(now - 3000),
+        },
+      });
+
+      const session2 = await prisma.session.create({
+        data: {
+          userId: user.id,
+          token: 'middle',
+          expiresAt: new Date(now + 7 * 24 * 60 * 60 * 1000),
+          updatedAt: new Date(now - 2000),
+        },
+      });
+
+      const session3 = await prisma.session.create({
+        data: {
+          userId: user.id,
+          token: 'newest',
+          expiresAt: new Date(now + 7 * 24 * 60 * 60 * 1000),
+          updatedAt: new Date(now - 1000),
+        },
+      });
+
+      const sessions = await service.getUserSessions(user.id);
+
+      expect(sessions).toHaveLength(3);
+      expect(sessions[0].id).toBe(session3.id); // Newest first
+      expect(sessions[1].id).toBe(session2.id);
+      expect(sessions[2].id).toBe(session1.id);
+    });
+
+    it('should return empty array for user with no sessions', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'nosessions@test.com',
+          name: 'No Sessions User',
+        },
+      });
+
+      const sessions = await service.getUserSessions(user.id);
+
+      expect(sessions).toHaveLength(0);
+    });
+  });
+
+  describe('revokeSession', () => {
+    it('should delete a specific session', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'revoke@test.com',
+          name: 'Revoke User',
+        },
+      });
+
+      const session = await prisma.session.create({
+        data: {
+          userId: user.id,
+          token: 'to-revoke',
+          expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+      });
+
+      await service.revokeSession(user.id, session.id);
+
+      const deletedSession = await prisma.session.findUnique({
+        where: { id: session.id },
+      });
+
+      expect(deletedSession).toBeNull();
+    });
+
+    it('should throw NotFoundError when session does not exist', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'notfound@test.com',
+          name: 'Not Found User',
+        },
+      });
+
+      await expect(
+        service.revokeSession(user.id, 'non-existent-session-id')
+      ).rejects.toThrow(NotFoundError);
+    });
+
+    it('should throw NotFoundError when session belongs to different user', async () => {
+      const prisma = getTestPrisma();
+
+      const user1 = await prisma.user.create({
+        data: {
+          email: 'user1@test.com',
+          name: 'User 1',
+        },
+      });
+
+      const user2 = await prisma.user.create({
+        data: {
+          email: 'user2@test.com',
+          name: 'User 2',
+        },
+      });
+
+      const user2Session = await prisma.session.create({
+        data: {
+          userId: user2.id,
+          token: 'user2-session',
+          expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+      });
+
+      // User1 tries to revoke User2's session
+      await expect(
+        service.revokeSession(user1.id, user2Session.id)
+      ).rejects.toThrow(NotFoundError);
+    });
+
+    it('should only delete the specified session, not others', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'multiple@test.com',
+          name: 'Multiple Sessions User',
+        },
+      });
+
+      const session1 = await prisma.session.create({
+        data: {
+          userId: user.id,
+          token: 'keep-this',
+          expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+      });
+
+      const session2 = await prisma.session.create({
+        data: {
+          userId: user.id,
+          token: 'delete-this',
+          expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+      });
+
+      await service.revokeSession(user.id, session2.id);
+
+      const remainingSessions = await prisma.session.findMany({
+        where: { userId: user.id },
+      });
+
+      expect(remainingSessions).toHaveLength(1);
+      expect(remainingSessions[0].id).toBe(session1.id);
+    });
+  });
+
+  describe('revokeAllSessions', () => {
+    it('should delete all sessions except current one', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'revokeall@test.com',
+          name: 'Revoke All User',
+        },
+      });
+
+      const currentSession = await prisma.session.create({
+        data: {
+          userId: user.id,
+          token: 'current',
+          expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+      });
+
+      await prisma.session.createMany({
+        data: [
+          {
+            userId: user.id,
+            token: 'other-1',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+          {
+            userId: user.id,
+            token: 'other-2',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+        ],
+      });
+
+      await service.revokeAllSessions(user.id, currentSession.id);
+
+      const remainingSessions = await prisma.session.findMany({
+        where: { userId: user.id },
+      });
+
+      expect(remainingSessions).toHaveLength(1);
+      expect(remainingSessions[0].id).toBe(currentSession.id);
+    });
+
+    it('should delete all sessions when no current session provided', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'deleteall@test.com',
+          name: 'Delete All User',
+        },
+      });
+
+      await prisma.session.createMany({
+        data: [
+          {
+            userId: user.id,
+            token: 'session-1',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+          {
+            userId: user.id,
+            token: 'session-2',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+          {
+            userId: user.id,
+            token: 'session-3',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+        ],
+      });
+
+      await service.revokeAllSessions(user.id);
+
+      const remainingSessions = await prisma.session.findMany({
+        where: { userId: user.id },
+      });
+
+      expect(remainingSessions).toHaveLength(0);
+    });
+  });
+
+  describe('revokeAllUserSessions', () => {
+    it('should delete all sessions for a user', async () => {
+      const prisma = getTestPrisma();
+
+      const user = await prisma.user.create({
+        data: {
+          email: 'total-revoke@test.com',
+          name: 'Total Revoke User',
+        },
+      });
+
+      await prisma.session.createMany({
+        data: [
+          {
+            userId: user.id,
+            token: 'session-1',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+          {
+            userId: user.id,
+            token: 'session-2',
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+          },
+        ],
+      });
+
+      await service.revokeAllUserSessions(user.id);
+
+      const sessions = await prisma.session.findMany({
+        where: { userId: user.id },
+      });
+
+      expect(sessions).toHaveLength(0);
+    });
+
+    it('should not affect other users sessions', async () => {
+      const prisma = getTestPrisma();
+
+      const user1 = await prisma.user.create({
+        data: {
+          email: 'user1-revoke@test.com',
+          name: 'User 1',
+        },
+      });
+
+      const user2 = await prisma.user.create({
+        data: {
+          email: 'user2-keep@test.com',
+          name: 'User 2',
+        },
+      });
+
+      await prisma.session.create({
+        data: {
+          userId: user1.id,
+          token: 'user1-session',
+          expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+      });
+
+      await prisma.session.create({
+        data: {
+          userId: user2.id,
+          token: 'user2-session',
+          expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+      });
+
+      await service.revokeAllUserSessions(user1.id);
+
+      const user1Sessions = await prisma.session.findMany({
+        where: { userId: user1.id },
+      });
+      const user2Sessions = await prisma.session.findMany({
+        where: { userId: user2.id },
+      });
+
+      expect(user1Sessions).toHaveLength(0);
+      expect(user2Sessions).toHaveLength(1);
+    });
+  });
+});

package/template/apps/api/test/integration/users.integration.spec.ts

@@ -0,0 +1,211 @@
+import { createMockAuthorizationService } from '@test/helpers/mock-authorization';
+import { createMockLogger } from '@test/helpers/mock-logger';
+import { getTestPrisma, resetTestDatabase } from '@test/helpers/test-db';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+
+import type { LoggerService } from '@/common/logger.service';
+import type { AuthorizationService } from '@/services/authorization.service';
+import { UsersService } from '@/services/users.service';
+
+/**
+ * Integration tests for UsersService
+ * These tests use a real PostgreSQL database (app_dev_test)
+ * The database is automatically created and migrated in test/setup.ts
+ */
+describe('UsersService Integration Tests', () => {
+  let service: UsersService;
+  let logger: LoggerService;
+  let authorizationService: AuthorizationService;
+
+  beforeEach(async () => {
+    // Reset database between tests
+    await resetTestDatabase();
+
+    // Create service with real Prisma client
+    logger = createMockLogger();
+    authorizationService = createMockAuthorizationService();
+    const prisma = getTestPrisma();
+    service = new UsersService(prisma, logger, authorizationService);
+  });
+
+  afterEach(async () => {
+    // Additional cleanup if needed
+  });
+
+  describe('User CRUD Operations', () => {
+    it('should create and retrieve a user', async () => {
+      // Create user
+      const createdUser = await service.createUser({
+        email: 'integration@test.com',
+        name: 'Integration Test User',
+        role: 'user',
+      });
+
+      expect(createdUser.id).toBeDefined();
+      expect(createdUser.email).toBe('integration@test.com');
+      expect(createdUser.name).toBe('Integration Test User');
+      expect(createdUser.role).toBe('user');
+
+      // Retrieve user by ID
+      const retrievedUser = await service.getUserById(createdUser.id);
+
+      expect(retrievedUser).toBeDefined();
+      expect(retrievedUser?.id).toBe(createdUser.id);
+      expect(retrievedUser?.email).toBe('integration@test.com');
+    });
+
+    it('should update an existing user', async () => {
+      // Create user
+      const user = await service.createUser({
+        email: 'update@test.com',
+        name: 'Original Name',
+        role: 'user',
+      });
+
+      // Update user
+      const updatedUser = await service.updateUser(
+        'actor-id',
+        'super_admin',
+        user.id,
+        {
+          name: 'Updated Name',
+        }
+      );
+
+      expect(updatedUser).toBeDefined();
+      expect(updatedUser?.name).toBe('Updated Name');
+      expect(updatedUser?.email).toBe('update@test.com'); // Email unchanged
+
+      // Verify update persisted
+      const retrievedUser = await service.getUserById(user.id);
+      expect(retrievedUser?.name).toBe('Updated Name');
+    });
+
+    it('should delete a user', async () => {
+      // Create user
+      const user = await service.createUser({
+        email: 'delete@test.com',
+        name: 'To Be Deleted',
+        role: 'user',
+      });
+
+      // Delete user
+      await service.deleteUser('actor-id', 'super_admin', user.id);
+
+      // Verify user is deleted (should throw NotFoundError)
+      await expect(service.getUserById(user.id)).rejects.toThrow(
+        'User not found'
+      );
+    });
+
+    it('should throw NotFoundError when updating non-existent user', async () => {
+      await expect(
+        service.updateUser('actor-id', 'super_admin', 'non-existent-id', {
+          name: 'New Name',
+        })
+      ).rejects.toThrow('User not found');
+    });
+
+    it('should throw NotFoundError when deleting non-existent user', async () => {
+      await expect(
+        service.deleteUser('actor-id', 'super_admin', 'non-existent-id')
+      ).rejects.toThrow('User not found');
+    });
+  });
+
+  describe('User Pagination and Filtering', () => {
+    beforeEach(async () => {
+      // Create test users
+      await service.createUser({
+        email: 'alice@test.com',
+        name: 'Alice Smith',
+        role: 'user',
+      });
+      await service.createUser({
+        email: 'bob@test.com',
+        name: 'Bob Johnson',
+        role: 'admin',
+      });
+      await service.createUser({
+        email: 'charlie@test.com',
+        name: 'Charlie Brown',
+        role: 'user',
+      });
+    });
+
+    it('should return paginated users', async () => {
+      const result = await service.getUsers({
+        page: 1,
+        limit: 10,
+        sortBy: 'createdAt',
+        sortOrder: 'desc',
+      });
+
+      expect(result.data).toHaveLength(3);
+      expect(result.pagination.total).toBe(3);
+      expect(result.pagination.totalPages).toBe(1);
+      expect(result.pagination.page).toBe(1);
+      expect(result.pagination.limit).toBe(10);
+    });
+
+    it('should handle pagination correctly', async () => {
+      const result = await service.getUsers({
+        page: 1,
+        limit: 2,
+        sortBy: 'createdAt',
+        sortOrder: 'desc',
+      });
+
+      expect(result.data).toHaveLength(2);
+      expect(result.pagination.total).toBe(3);
+      expect(result.pagination.totalPages).toBe(2);
+      expect(result.pagination.page).toBe(1);
+      expect(result.pagination.limit).toBe(2);
+    });
+
+    it('should filter users by search query', async () => {
+      const result = await service.getUsers({
+        page: 1,
+        limit: 10,
+        sortBy: 'createdAt',
+        sortOrder: 'desc',
+        search: 'alice',
+      });
+
+      expect(result.data).toHaveLength(1);
+      expect(result.data[0].email).toBe('alice@test.com');
+    });
+
+    it('should sort users by email', async () => {
+      const result = await service.getUsers({
+        page: 1,
+        limit: 10,
+        sortBy: 'email',
+        sortOrder: 'asc',
+      });
+
+      expect(result.data[0].email).toBe('alice@test.com');
+      expect(result.data[1].email).toBe('bob@test.com');
+      expect(result.data[2].email).toBe('charlie@test.com');
+    });
+  });
+
+  describe('Database Constraints', () => {
+    it('should enforce unique email constraint', async () => {
+      await service.createUser({
+        email: 'unique@test.com',
+        name: 'First User',
+        role: 'user',
+      });
+
+      // Attempting to create another user with same email should fail
+      await expect(
+        service.createUser({
+          email: 'unique@test.com',
+          name: 'Second User',
+          role: 'user',
+        })
+      ).rejects.toThrow();
+    });
+  });
+});

package/template/apps/api/test/setup.ts

@@ -0,0 +1,31 @@
+import { afterAll, beforeAll } from 'vitest';
+
+import { cleanupTestDatabase, setupTestDatabase } from './helpers/test-db';
+
+beforeAll(async () => {
+  // Set test environment variables before database setup
+  process.env.NODE_ENV = 'test';
+
+  // Set minimal required env vars for tests
+  // These are only needed for test infrastructure, not for actual test assertions
+  process.env.BETTER_AUTH_SECRET =
+    process.env.BETTER_AUTH_SECRET || 'test-secret-minimum-32-characters-long';
+  process.env.BETTER_AUTH_URL =
+    process.env.BETTER_AUTH_URL || 'http://localhost:8080';
+  process.env.API_URL = process.env.API_URL || 'http://localhost:8080';
+  process.env.FRONTEND_URL =
+    process.env.FRONTEND_URL || 'http://localhost:3000';
+  process.env.COOKIE_SECRET = process.env.COOKIE_SECRET || 'test-cookie-secret';
+  process.env.PORT = process.env.PORT || '8080';
+  process.env.LOG_LEVEL = process.env.LOG_LEVEL || 'minimal';
+
+  // DATABASE_URL is set in test-db.ts based on your .env.local
+
+  // Setup test database (runs migrations)
+  await setupTestDatabase();
+});
+
+afterAll(async () => {
+  // Cleanup test database
+  await cleanupTestDatabase();
+});

package/template/apps/api/tsconfig.json

@@ -0,0 +1,26 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "declaration": true,
+    "removeComments": true,
+    "allowSyntheticDefaultImports": true,
+    "esModuleInterop": true,
+    "target": "ES2022",
+    "lib": ["ES2022", "DOM"],
+    "sourceMap": true,
+    "outDir": "./dist",
+    "baseUrl": "./",
+    "incremental": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true,
+    "jsx": "react",
+    "paths": {
+      "@/*": ["src/*"],
+      "@test/*": ["test/*"]
+    }
+  },
+  "include": ["src/**/*", "test/**/*", "emails/**/*"],
+  "exclude": ["node_modules", "dist", "src/generated"]
+}