create-blitzpack 0.1.0

package/template/apps/api/src/services/file-storage.service.ts

@@ -0,0 +1,267 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+import {
+  DeleteObjectCommand,
+  PutObjectCommand,
+  S3Client,
+} from '@aws-sdk/client-s3';
+import sharp from 'sharp';
+
+import type { LoggerService } from '@/common/logger.service';
+import type { Env } from '@/config/env';
+import { isImageFile } from '@/utils/file-validation';
+
+export interface FileUploadResult {
+  filename: string;
+  url: string;
+  size: number;
+  mimeType: string;
+}
+
+export interface FileUploadOptions {
+  buffer: Buffer;
+  originalFilename: string;
+  mimeType: string;
+  optimizeImage?: boolean;
+}
+
+export class FileStorageService {
+  private s3Client?: S3Client;
+  private storageType: 'local' | 's3' | 'r2';
+  private localUploadDir: string;
+
+  constructor(
+    private readonly env: Env,
+    private readonly logger: LoggerService
+  ) {
+    this.logger.setContext('FileStorageService');
+    this.storageType = env.STORAGE_TYPE || 'local';
+    this.localUploadDir = path.join(process.cwd(), 'public', 'uploads');
+
+    this.initializeStorage();
+  }
+
+  private initializeStorage(): void {
+    if (this.storageType === 'local') {
+      this.logger.info(
+        `Using local file storage. Upload directory: ${this.localUploadDir}`
+      );
+      return;
+    }
+
+    // Initialize S3/R2 client
+    const {
+      S3_BUCKET,
+      S3_REGION,
+      S3_ACCESS_KEY_ID,
+      S3_SECRET_ACCESS_KEY,
+      S3_ENDPOINT,
+    } = this.env;
+
+    if (
+      !S3_BUCKET ||
+      !S3_REGION ||
+      !S3_ACCESS_KEY_ID ||
+      !S3_SECRET_ACCESS_KEY
+    ) {
+      this.logger.warn(
+        'S3 credentials incomplete, falling back to local storage'
+      );
+      this.storageType = 'local';
+      return;
+    }
+
+    const clientConfig: ConstructorParameters<typeof S3Client>[0] = {
+      region: S3_REGION,
+      credentials: {
+        accessKeyId: S3_ACCESS_KEY_ID,
+        secretAccessKey: S3_SECRET_ACCESS_KEY,
+      },
+    };
+
+    // Add custom endpoint for MinIO/R2
+    if (S3_ENDPOINT) {
+      clientConfig.endpoint = S3_ENDPOINT;
+      clientConfig.forcePathStyle = true; // Required for MinIO
+      this.logger.info('Using S3-compatible storage', {
+        endpoint: S3_ENDPOINT,
+        type: this.storageType,
+      });
+    } else {
+      this.logger.info('Using AWS S3 storage', { region: S3_REGION });
+    }
+
+    this.s3Client = new S3Client(clientConfig);
+  }
+
+  async uploadFile(options: FileUploadOptions): Promise<FileUploadResult> {
+    let { buffer } = options;
+    const { originalFilename, mimeType, optimizeImage = true } = options;
+
+    // Optimize images if enabled
+    if (optimizeImage && isImageFile(mimeType)) {
+      buffer = await this.optimizeImage(buffer, mimeType);
+    }
+
+    const size = buffer.length;
+
+    if (this.storageType === 'local') {
+      return this.uploadToLocal(buffer, originalFilename, mimeType, size);
+    }
+
+    return this.uploadToS3(buffer, originalFilename, mimeType, size);
+  }
+
+  private async uploadToLocal(
+    buffer: Buffer,
+    filename: string,
+    mimeType: string,
+    size: number
+  ): Promise<FileUploadResult> {
+    // Ensure upload directory exists
+    await fs.mkdir(this.localUploadDir, { recursive: true });
+
+    const filePath = path.join(this.localUploadDir, filename);
+    await fs.writeFile(filePath, buffer);
+
+    this.logger.info('File uploaded to local storage', { filename, size });
+
+    // Return URL relative to API server
+    const url = `${this.env.API_URL}/uploads/files/${filename}`;
+
+    return { filename, url, size, mimeType };
+  }
+
+  private async uploadToS3(
+    buffer: Buffer,
+    filename: string,
+    mimeType: string,
+    size: number
+  ): Promise<FileUploadResult> {
+    if (!this.s3Client) {
+      throw new Error('S3 client not initialized');
+    }
+
+    const bucket = this.env.S3_BUCKET!;
+
+    const command = new PutObjectCommand({
+      Bucket: bucket,
+      Key: filename,
+      Body: buffer,
+      ContentType: mimeType,
+      // Make files publicly readable (adjust based on your security needs)
+      ACL: 'public-read',
+    });
+
+    await this.s3Client.send(command);
+
+    this.logger.info('File uploaded to S3', { filename, size, bucket });
+
+    // Construct public URL
+    const url = this.getS3Url(filename);
+
+    return { filename, url, size, mimeType };
+  }
+
+  async deleteFile(filename: string): Promise<void> {
+    if (this.storageType === 'local') {
+      return this.deleteFromLocal(filename);
+    }
+
+    return this.deleteFromS3(filename);
+  }
+
+  private async deleteFromLocal(filename: string): Promise<void> {
+    const filePath = path.join(this.localUploadDir, filename);
+
+    try {
+      await fs.unlink(filePath);
+      this.logger.info('File deleted from local storage', { filename });
+    } catch (error) {
+      const err = error as { code?: string };
+      if (err.code !== 'ENOENT') {
+        throw error;
+      }
+      this.logger.warn('File not found for deletion', { filename });
+    }
+  }
+
+  private async deleteFromS3(filename: string): Promise<void> {
+    if (!this.s3Client) {
+      throw new Error('S3 client not initialized');
+    }
+
+    const bucket = this.env.S3_BUCKET!;
+
+    const command = new DeleteObjectCommand({
+      Bucket: bucket,
+      Key: filename,
+    });
+
+    await this.s3Client.send(command);
+
+    this.logger.info('File deleted from S3', { filename, bucket });
+  }
+
+  private async optimizeImage(
+    buffer: Buffer,
+    mimeType: string
+  ): Promise<Buffer> {
+    try {
+      let transformer = sharp(buffer).rotate(); // Auto-rotate based on EXIF
+
+      // Resize if too large (max 2048px on longest side)
+      const metadata = await sharp(buffer).metadata();
+      const maxDimension = Math.max(metadata.width || 0, metadata.height || 0);
+
+      if (maxDimension > 2048) {
+        transformer = transformer.resize(2048, 2048, {
+          fit: 'inside',
+          withoutEnlargement: true,
+        });
+      }
+
+      // Convert and compress based on type
+      if (mimeType === 'image/png') {
+        transformer = transformer.png({ quality: 90, compressionLevel: 9 });
+      } else if (mimeType === 'image/webp') {
+        transformer = transformer.webp({ quality: 90 });
+      } else {
+        // Default to JPEG for other formats
+        transformer = transformer.jpeg({ quality: 85 });
+      }
+
+      const optimized = await transformer.toBuffer();
+
+      this.logger.detailed().debug('Image optimized', {
+        originalSize: buffer.length,
+        optimizedSize: optimized.length,
+        reduction: Math.round(
+          ((buffer.length - optimized.length) / buffer.length) * 100
+        ),
+      });
+
+      return optimized;
+    } catch (error) {
+      this.logger.warn('Image optimization failed, using original', { error });
+      return buffer;
+    }
+  }
+
+  private getS3Url(filename: string): string {
+    const { S3_BUCKET, S3_REGION, S3_ENDPOINT } = this.env;
+
+    // For custom endpoints (MinIO, R2, etc.)
+    if (S3_ENDPOINT) {
+      return `${S3_ENDPOINT}/${S3_BUCKET}/${filename}`;
+    }
+
+    // Standard AWS S3 URL
+    return `https://${S3_BUCKET}.s3.${S3_REGION}.amazonaws.com/${filename}`;
+  }
+
+  getStorageType(): string {
+    return this.storageType;
+  }
+}

package/template/apps/api/src/services/metrics.service.ts

@@ -0,0 +1,175 @@
+import type { RealtimeMetricsPoint } from '@repo/packages-types/stats';
+import { cpus } from 'os';
+
+const HISTORY_SIZE = 60;
+const COLLECTION_INTERVAL_MS = 1000;
+
+interface RequestMetric {
+  timestamp: number;
+  responseTimeMs: number;
+  isError: boolean;
+}
+
+export class MetricsService {
+  private history: RealtimeMetricsPoint[] = [];
+  private requestMetrics: RequestMetric[] = [];
+  private lastCpuUsage: NodeJS.CpuUsage | null = null;
+  private lastCpuTime = 0;
+  private intervalId: NodeJS.Timeout | null = null;
+  private subscribers = new Set<(metrics: RealtimeMetricsPoint) => void>();
+
+  start() {
+    if (this.intervalId) return;
+
+    this.lastCpuUsage = process.cpuUsage();
+    this.lastCpuTime = Date.now();
+
+    setTimeout(() => {
+      this.collectMetrics();
+      this.intervalId = setInterval(
+        () => this.collectMetrics(),
+        COLLECTION_INTERVAL_MS
+      );
+    }, COLLECTION_INTERVAL_MS);
+  }
+
+  stop() {
+    if (this.intervalId) {
+      clearInterval(this.intervalId);
+      this.intervalId = null;
+    }
+  }
+
+  recordRequest(responseTimeMs: number, statusCode: number) {
+    const now = Date.now();
+    this.requestMetrics.push({
+      timestamp: now,
+      responseTimeMs,
+      isError: statusCode >= 400,
+    });
+
+    const cutoff = now - 5000;
+    this.requestMetrics = this.requestMetrics.filter(
+      (m) => m.timestamp > cutoff
+    );
+  }
+
+  subscribe(callback: (metrics: RealtimeMetricsPoint) => void) {
+    this.subscribers.add(callback);
+    return () => this.subscribers.delete(callback);
+  }
+
+  getHistory(): RealtimeMetricsPoint[] {
+    return [...this.history];
+  }
+
+  getLatest(): RealtimeMetricsPoint | null {
+    return this.history[this.history.length - 1] ?? null;
+  }
+
+  private collectMetrics() {
+    const now = Date.now();
+    const memUsage = process.memoryUsage();
+
+    const cpuPercentage = this.calculateCpuPercentage();
+
+    const { rps, avgResponseTime, errorRate } =
+      this.calculateRequestMetrics(now);
+
+    const heapUsedMB =
+      Math.round((memUsage.heapUsed / 1024 / 1024) * 100) / 100;
+    const heapTotalMB =
+      Math.round((memUsage.heapTotal / 1024 / 1024) * 100) / 100;
+    const usedPercent =
+      heapTotalMB > 0
+        ? Math.round((heapUsedMB / heapTotalMB) * 100 * 100) / 100
+        : 0;
+
+    const metrics: RealtimeMetricsPoint = {
+      timestamp: now,
+      memory: {
+        heapUsedMB,
+        heapTotalMB,
+        rssMB: Math.round((memUsage.rss / 1024 / 1024) * 100) / 100,
+        usedPercent,
+      },
+      cpu: {
+        percentage: cpuPercentage,
+      },
+      errors: {
+        rate: errorRate,
+      },
+      requests: {
+        perSecond: rps,
+        avgResponseTimeMs: avgResponseTime,
+      },
+    };
+
+    this.history.push(metrics);
+    if (this.history.length > HISTORY_SIZE) {
+      this.history.shift();
+    }
+
+    this.subscribers.forEach((cb) => cb(metrics));
+  }
+
+  private calculateCpuPercentage(): number {
+    if (!this.lastCpuUsage) {
+      this.lastCpuUsage = process.cpuUsage();
+      this.lastCpuTime = Date.now();
+      return 0.01;
+    }
+
+    const currentCpuUsage = process.cpuUsage(this.lastCpuUsage);
+    const currentTime = Date.now();
+    const elapsedMs = currentTime - this.lastCpuTime;
+
+    if (elapsedMs <= 0) {
+      return 0.01;
+    }
+
+    const cpuCount = cpus().length;
+    const totalMicroseconds = currentCpuUsage.user + currentCpuUsage.system;
+    const percentage =
+      ((totalMicroseconds / 1000 / elapsedMs) * 100) / cpuCount;
+
+    this.lastCpuUsage = process.cpuUsage();
+    this.lastCpuTime = currentTime;
+
+    const rounded = Math.round(Math.min(100, percentage) * 100) / 100;
+    return Math.max(0.01, rounded);
+  }
+
+  private calculateRequestMetrics(now: number): {
+    rps: number;
+    avgResponseTime: number;
+    errorRate: number;
+  } {
+    const windowMs = 5000;
+    const cutoff = now - windowMs;
+    const recentRequests = this.requestMetrics.filter(
+      (m) => m.timestamp > cutoff
+    );
+
+    if (recentRequests.length === 0) {
+      return { rps: 0, avgResponseTime: 0, errorRate: 0 };
+    }
+
+    const rps =
+      Math.round((recentRequests.length / (windowMs / 1000)) * 100) / 100;
+    const avgResponseTime =
+      Math.round(
+        (recentRequests.reduce((sum, m) => sum + m.responseTimeMs, 0) /
+          recentRequests.length) *
+          100
+      ) / 100;
+
+    const errorCount = recentRequests.filter((m) => m.isError).length;
+    const errorRate =
+      Math.round((errorCount / recentRequests.length) * 100 * 100) / 100;
+
+    return { rps, avgResponseTime, errorRate };
+  }
+}
+
+export const metricsService = new MetricsService();

package/template/apps/api/src/services/password.service.ts

@@ -0,0 +1,56 @@
+import {
+  UnauthorizedError,
+  ValidationError,
+} from '@repo/packages-utils/errors';
+import * as bcrypt from 'bcryptjs';
+
+import type { PrismaClient } from '@/generated/client/client.js';
+import { type SessionsService } from '@/services/sessions.service';
+
+export class PasswordService {
+  constructor(
+    private readonly prisma: PrismaClient,
+    private readonly sessionsService: SessionsService
+  ) {}
+
+  async changePassword(
+    userId: string,
+    currentPassword: string,
+    newPassword: string
+  ): Promise<void> {
+    const account = await this.prisma.account.findFirst({
+      where: {
+        userId,
+        providerId: 'credential',
+      },
+    });
+
+    if (!account || !account.password) {
+      throw new ValidationError('Password authentication not available', {
+        userId,
+      });
+    }
+
+    const isValidPassword = await bcrypt.compare(
+      currentPassword,
+      account.password
+    );
+
+    if (!isValidPassword) {
+      throw new UnauthorizedError('Current password is incorrect');
+    }
+
+    const hashedPassword = await bcrypt.hash(newPassword, 10);
+
+    await this.prisma.account.update({
+      where: {
+        id: account.id,
+      },
+      data: {
+        password: hashedPassword,
+      },
+    });
+
+    await this.sessionsService.revokeAllUserSessions(userId);
+  }
+}

package/template/apps/api/src/services/sessions.service.spec.ts

@@ -0,0 +1,134 @@
+import { createMockPrisma } from '@test/helpers/mock-prisma';
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+
+import type { PrismaClient } from '@/generated/client/client.js';
+
+import { SessionsService } from './sessions.service';
+
+describe('SessionsService', () => {
+  let service: SessionsService;
+  let prisma: PrismaClient;
+
+  beforeEach(() => {
+    prisma = createMockPrisma();
+    service = new SessionsService(prisma);
+  });
+
+  describe('getUserSessions', () => {
+    const mockSessions = [
+      {
+        id: 'session-1',
+        userId: 'user-1',
+        token: 'token-1',
+        ipAddress: '192.168.1.1',
+        userAgent: 'Mozilla/5.0',
+        createdAt: new Date(),
+        updatedAt: new Date(),
+        expiresAt: new Date(Date.now() + 86400000),
+      },
+      {
+        id: 'session-2',
+        userId: 'user-1',
+        token: 'token-2',
+        ipAddress: '192.168.1.2',
+        userAgent: 'Chrome/120.0',
+        createdAt: new Date(),
+        updatedAt: new Date(),
+        expiresAt: new Date(Date.now() + 86400000),
+      },
+    ];
+
+    it('should return all user sessions', async () => {
+      vi.mocked(prisma.session.findMany).mockResolvedValue(mockSessions);
+
+      const result = await service.getUserSessions('user-1');
+
+      expect(result).toHaveLength(2);
+      expect(result[0].id).toBe('session-1');
+      expect(result[1].id).toBe('session-2');
+    });
+
+    it('should return empty array when user has no sessions', async () => {
+      vi.mocked(prisma.session.findMany).mockResolvedValue([]);
+
+      const result = await service.getUserSessions('user-1');
+
+      expect(result).toEqual([]);
+    });
+  });
+
+  describe('revokeSession', () => {
+    const mockSession = {
+      id: 'session-1',
+      userId: 'user-1',
+      expiresAt: new Date(Date.now() + 86400000),
+      token: 'token-1',
+      ipAddress: '192.168.1.1',
+      userAgent: 'Mozilla/5.0',
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+
+    it('should revoke session successfully', async () => {
+      vi.mocked(prisma.session.findFirst).mockResolvedValue(mockSession);
+      vi.mocked(prisma.session.delete).mockResolvedValue(mockSession);
+
+      await service.revokeSession('user-1', 'session-1');
+
+      expect(prisma.session.delete).toHaveBeenCalledWith({
+        where: { id: 'session-1' },
+      });
+    });
+
+    it('should throw error when session not found', async () => {
+      vi.mocked(prisma.session.findFirst).mockResolvedValue(null);
+
+      await expect(
+        service.revokeSession('user-1', 'non-existent')
+      ).rejects.toThrow('Session not found');
+    });
+
+    it('should throw error when session belongs to different user', async () => {
+      vi.mocked(prisma.session.findFirst).mockResolvedValue(null);
+
+      await expect(
+        service.revokeSession('user-1', 'session-1')
+      ).rejects.toThrow('Session not found');
+    });
+  });
+
+  describe('revokeAllSessions', () => {
+    it('should revoke all sessions except current one', async () => {
+      vi.mocked(prisma.session.deleteMany).mockResolvedValue({ count: 3 });
+
+      await service.revokeAllSessions('user-1', 'current-session-id');
+
+      expect(prisma.session.deleteMany).toHaveBeenCalledWith({
+        where: {
+          userId: 'user-1',
+          id: { not: 'current-session-id' },
+        },
+      });
+    });
+
+    it('should handle case when no other sessions exist', async () => {
+      vi.mocked(prisma.session.deleteMany).mockResolvedValue({ count: 0 });
+
+      await service.revokeAllSessions('user-1', 'current-session-id');
+
+      expect(prisma.session.deleteMany).toHaveBeenCalled();
+    });
+
+    it('should revoke all sessions when no current session provided', async () => {
+      vi.mocked(prisma.session.deleteMany).mockResolvedValue({ count: 5 });
+
+      await service.revokeAllSessions('user-1');
+
+      expect(prisma.session.deleteMany).toHaveBeenCalledWith({
+        where: {
+          userId: 'user-1',
+        },
+      });
+    });
+  });
+});