create-forgeon 0.3.15 → 0.3.17

package/templates/module-presets/accounts/apps/api/src/accounts/forgeon-accounts-db-prisma.module.ts

@@ -0,0 +1,17 @@
+import { Module } from '@nestjs/common';
+import { ACCOUNTS_PERSISTENCE_PORT } from '@forgeon/accounts-api';
+import { DbPrismaModule } from '@forgeon/db-prisma';
+import { PrismaAccountsPersistenceStore } from './prisma-accounts-persistence.store';
+
+@Module({
+  imports: [DbPrismaModule],
+  providers: [
+    PrismaAccountsPersistenceStore,
+    {
+      provide: ACCOUNTS_PERSISTENCE_PORT,
+      useExisting: PrismaAccountsPersistenceStore,
+    },
+  ],
+  exports: [ACCOUNTS_PERSISTENCE_PORT],
+})
+export class ForgeonAccountsDbPrismaModule {}

package/templates/module-presets/accounts/apps/api/src/accounts/prisma-accounts-persistence.store.ts

@@ -0,0 +1,332 @@
+import { Prisma } from '@prisma/client';
+import {
+  type AccountsPersistencePort,
+  type CreatePasswordAccountInput,
+  type PasswordAccountRecord,
+  type RefreshTokenRecord,
+} from '@forgeon/accounts-api';
+import { PrismaService } from '@forgeon/db-prisma';
+import { Injectable, NotFoundException } from '@nestjs/common';
+
+@Injectable()
+export class PrismaAccountsPersistenceStore implements AccountsPersistencePort {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async createPasswordAccount(input: CreatePasswordAccountInput): Promise<PasswordAccountRecord> {
+    const userId = await this.prisma.$transaction(async (tx) => {
+      const user = await tx.user.create({
+        data: {
+          status: input.status,
+          data: this.toNullableJson(input.userData),
+          profile: {
+            create: {
+              name: input.profile.name,
+              avatar: input.profile.avatar,
+              data: this.toNullableJson(input.profile.data),
+            },
+          },
+          settings: {
+            create: {
+              theme: input.settings.theme,
+              locale: input.settings.locale,
+              data: this.toNullableJson(input.settings.data),
+            },
+          },
+        },
+        select: { id: true },
+      });
+
+      await tx.authIdentity.create({
+        data: {
+          userId: user.id,
+          provider: 'email',
+          providerId: input.email,
+        },
+      });
+
+      await tx.authCredential.create({
+        data: {
+          userId: user.id,
+          passwordHash: input.passwordHash,
+        },
+      });
+
+      return user.id;
+    });
+
+    const account = await this.findAccountByUserId(userId);
+    if (!account) {
+      throw new NotFoundException('Account could not be created');
+    }
+
+    return account;
+  }
+
+  async findPasswordAccountByEmail(email: string): Promise<PasswordAccountRecord | null> {
+    const identity = await this.prisma.authIdentity.findUnique({
+      where: {
+        provider_providerId: {
+          provider: 'email',
+          providerId: email,
+        },
+      },
+      include: {
+        user: {
+          include: {
+            profile: true,
+            settings: true,
+            authCredential: true,
+            authIdentities: {
+              where: { provider: 'email' },
+              select: { provider: true, providerId: true },
+              take: 1,
+            },
+          },
+        },
+      },
+    });
+
+    return identity?.user ? this.mapPasswordAccount(identity.user) : null;
+  }
+
+  async findAccountByUserId(userId: string): Promise<PasswordAccountRecord | null> {
+    const user = await this.prisma.user.findUnique({
+      where: { id: userId },
+      include: {
+        profile: true,
+        settings: true,
+        authCredential: true,
+        authIdentities: {
+          where: { provider: 'email' },
+          select: { provider: true, providerId: true },
+          take: 1,
+        },
+      },
+    });
+
+    return user ? this.mapPasswordAccount(user) : null;
+  }
+
+  async updatePassword(userId: string, passwordHash: string): Promise<void> {
+    await this.prisma.authCredential.upsert({
+      where: { userId },
+      create: { userId, passwordHash },
+      update: { passwordHash },
+    });
+  }
+
+  async createRefreshToken(input: {
+    id: string;
+    userId: string;
+    tokenHash: string;
+    expiresAt: Date;
+  }): Promise<void> {
+    await this.prisma.authRefreshToken.create({
+      data: input,
+    });
+  }
+
+  async findRefreshTokenById(id: string): Promise<RefreshTokenRecord | null> {
+    const token = await this.prisma.authRefreshToken.findUnique({
+      where: { id },
+    });
+
+    if (!token) {
+      return null;
+    }
+
+    return {
+      id: token.id,
+      userId: token.userId,
+      tokenHash: token.tokenHash,
+      expiresAt: token.expiresAt,
+      revokedAt: token.revokedAt,
+      createdAt: token.createdAt,
+    };
+  }
+
+  async revokeRefreshToken(id: string, revokedAt: Date): Promise<void> {
+    await this.prisma.authRefreshToken.updateMany({
+      where: { id, revokedAt: null },
+      data: { revokedAt },
+    });
+  }
+
+  async revokeRefreshTokensForUser(userId: string, revokedAt: Date): Promise<void> {
+    await this.prisma.authRefreshToken.updateMany({
+      where: { userId, revokedAt: null },
+      data: { revokedAt },
+    });
+  }
+
+  async findUserById(userId: string) {
+    const user = await this.prisma.user.findUnique({
+      where: { id: userId },
+      include: {
+        profile: true,
+        settings: true,
+        authIdentities: {
+          where: { provider: 'email' },
+          select: { providerId: true },
+          take: 1,
+        },
+      },
+    });
+
+    return user ? this.mapUser(user) : null;
+  }
+
+  async updateUser(input: { userId: string; data: Record<string, unknown> | null }) {
+    const user = await this.prisma.user.update({
+      where: { id: input.userId },
+      data: {
+        data: this.toNullableJson(input.data),
+      },
+      include: {
+        profile: true,
+        settings: true,
+        authIdentities: {
+          where: { provider: 'email' },
+          select: { providerId: true },
+          take: 1,
+        },
+      },
+    });
+
+    return this.mapUser(user);
+  }
+
+  async updateUserProfile(input: {
+    userId: string;
+    name: string | null;
+    avatar: string | null;
+    data: Record<string, unknown> | null;
+  }) {
+    await this.prisma.userProfile.upsert({
+      where: { userId: input.userId },
+      create: {
+        userId: input.userId,
+        name: input.name,
+        avatar: input.avatar,
+        data: this.toNullableJson(input.data),
+      },
+      update: {
+        name: input.name,
+        avatar: input.avatar,
+        data: this.toNullableJson(input.data),
+      },
+    });
+
+    const user = await this.findUserById(input.userId);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+    return user;
+  }
+
+  async updateUserSettings(input: {
+    userId: string;
+    theme: string | null;
+    locale: string | null;
+    data: Record<string, unknown> | null;
+  }) {
+    await this.prisma.userSettings.upsert({
+      where: { userId: input.userId },
+      create: {
+        userId: input.userId,
+        theme: input.theme,
+        locale: input.locale,
+        data: this.toNullableJson(input.data),
+      },
+      update: {
+        theme: input.theme,
+        locale: input.locale,
+        data: this.toNullableJson(input.data),
+      },
+    });
+
+    const user = await this.findUserById(input.userId);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+    return user;
+  }
+
+  async softDeleteUser(userId: string, deletedAt: Date): Promise<void> {
+    await this.prisma.user.update({
+      where: { id: userId },
+      data: {
+        status: 'deleted',
+        deletedAt,
+      },
+    });
+  }
+
+  private mapPasswordAccount(user: {
+    id: string;
+    status: string;
+    data: Prisma.JsonValue | null;
+    createdAt: Date;
+    updatedAt: Date;
+    deletedAt: Date | null;
+    profile: { name: string | null; avatar: string | null; data: Prisma.JsonValue | null } | null;
+    settings: { theme: string | null; locale: string | null; data: Prisma.JsonValue | null } | null;
+    authCredential: { passwordHash: string } | null;
+    authIdentities: Array<{ provider?: string; providerId: string }>;
+  }): PasswordAccountRecord {
+    const emailIdentity = user.authIdentities[0];
+    return {
+      ...this.mapUser(user),
+      provider: 'email',
+      providerId: emailIdentity?.providerId ?? '',
+      passwordHash: user.authCredential?.passwordHash ?? null,
+    };
+  }
+
+  private mapUser(user: {
+    id: string;
+    status: string;
+    data: Prisma.JsonValue | null;
+    createdAt: Date;
+    updatedAt: Date;
+    deletedAt: Date | null;
+    profile: { name: string | null; avatar: string | null; data: Prisma.JsonValue | null } | null;
+    settings: { theme: string | null; locale: string | null; data: Prisma.JsonValue | null } | null;
+    authIdentities: Array<{ providerId: string }>;
+  }) {
+    return {
+      id: user.id,
+      email: user.authIdentities[0]?.providerId ?? null,
+      status: user.status,
+      data: this.fromJson(user.data),
+      createdAt: user.createdAt,
+      updatedAt: user.updatedAt,
+      deletedAt: user.deletedAt,
+      profile: user.profile
+        ? {
+            name: user.profile.name,
+            avatar: user.profile.avatar,
+            data: this.fromJson(user.profile.data),
+          }
+        : null,
+      settings: user.settings
+        ? {
+            theme: user.settings.theme,
+            locale: user.settings.locale,
+            data: this.fromJson(user.settings.data),
+          }
+        : null,
+    };
+  }
+
+  private toNullableJson(value: Record<string, unknown> | null) {
+    return value === null ? Prisma.JsonNull : (value as Prisma.InputJsonValue);
+  }
+
+  private fromJson(value: Prisma.JsonValue | null): Record<string, unknown> | null {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+      return null;
+    }
+    return value as Record<string, unknown>;
+  }
+}

package/templates/module-presets/{jwt-auth/packages/auth-api → accounts/packages/accounts-api}/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@forgeon/auth-api",
+  "name": "@forgeon/accounts-api",
   "version": "0.1.0",
   "private": true,
   "main": "dist/index.js",
@@ -8,21 +8,21 @@
     "build": "tsc -p tsconfig.json"
   },
   "dependencies": {
-    "@forgeon/auth-contracts": "workspace:*",
+    "@forgeon/accounts-contracts": "workspace:*",
     "@nestjs/common": "^11.0.1",
     "@nestjs/config": "^4.0.2",
     "@nestjs/jwt": "^11.0.1",
     "@nestjs/passport": "^11.0.5",
-    "bcryptjs": "^2.4.3",
+    "argon2": "^0.41.1",
+    "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@types/bcryptjs": "^2.4.6",
     "@types/node": "^22.10.7",
     "@types/passport-jwt": "^4.0.1",
     "typescript": "^5.7.3"
   }
-}
+}

package/templates/module-presets/accounts/packages/accounts-api/src/accounts-email.port.ts

@@ -0,0 +1,13 @@
+export const ACCOUNTS_EMAIL_PORT = 'FORGEON_ACCOUNTS_EMAIL_PORT';
+
+export interface AccountsEmailPort {
+  sendVerificationEmail(input: { email: string; token: string; userId: string }): Promise<void>;
+  sendPasswordResetEmail(input: { email: string; token: string; userId: string }): Promise<void>;
+  sendWelcomeEmail(input: { email: string; userId: string }): Promise<void>;
+}
+
+export class StubAccountsEmailAdapter implements AccountsEmailPort {
+  async sendVerificationEmail(): Promise<void> {}
+  async sendPasswordResetEmail(): Promise<void> {}
+  async sendWelcomeEmail(): Promise<void> {}
+}

package/templates/module-presets/accounts/packages/accounts-api/src/accounts-persistence.port.ts

@@ -0,0 +1,67 @@
+import type { IdentityProvider, JsonObject } from '@forgeon/accounts-contracts';
+import type { UserRecord } from './users.types';
+
+export const ACCOUNTS_PERSISTENCE_PORT = 'FORGEON_ACCOUNTS_PERSISTENCE_PORT';
+
+export type PasswordAccountRecord = UserRecord & {
+  provider: IdentityProvider;
+  providerId: string;
+  passwordHash: string | null;
+};
+
+export type RefreshTokenRecord = {
+  id: string;
+  userId: string;
+  tokenHash: string;
+  expiresAt: Date;
+  revokedAt: Date | null;
+  createdAt: Date;
+};
+
+export interface CreatePasswordAccountInput {
+  email: string;
+  passwordHash: string;
+  status: string;
+  userData: JsonObject | null;
+  profile: {
+    name: string | null;
+    avatar: string | null;
+    data: JsonObject | null;
+  };
+  settings: {
+    theme: string | null;
+    locale: string | null;
+    data: JsonObject | null;
+  };
+}
+
+export interface AccountsPersistencePort {
+  createPasswordAccount(input: CreatePasswordAccountInput): Promise<PasswordAccountRecord>;
+  findPasswordAccountByEmail(email: string): Promise<PasswordAccountRecord | null>;
+  findAccountByUserId(userId: string): Promise<PasswordAccountRecord | null>;
+  updatePassword(userId: string, passwordHash: string): Promise<void>;
+  createRefreshToken(input: {
+    id: string;
+    userId: string;
+    tokenHash: string;
+    expiresAt: Date;
+  }): Promise<void>;
+  findRefreshTokenById(id: string): Promise<RefreshTokenRecord | null>;
+  revokeRefreshToken(id: string, revokedAt: Date): Promise<void>;
+  revokeRefreshTokensForUser(userId: string, revokedAt: Date): Promise<void>;
+  findUserById(userId: string): Promise<UserRecord | null>;
+  updateUser(input: { userId: string; data: JsonObject | null }): Promise<UserRecord>;
+  updateUserProfile(input: {
+    userId: string;
+    name: string | null;
+    avatar: string | null;
+    data: JsonObject | null;
+  }): Promise<UserRecord>;
+  updateUserSettings(input: {
+    userId: string;
+    theme: string | null;
+    locale: string | null;
+    data: JsonObject | null;
+  }): Promise<UserRecord>;
+  softDeleteUser(userId: string, deletedAt: Date): Promise<void>;
+}

package/templates/module-presets/accounts/packages/accounts-api/src/accounts-rbac.port.ts

@@ -0,0 +1,14 @@
+export const ACCOUNTS_AUTHZ_CLAIMS_RESOLVER = 'FORGEON_ACCOUNTS_AUTHZ_CLAIMS_RESOLVER';
+
+export interface AccountsAuthzClaimsResolver {
+  resolveClaims(_userId: string): Promise<{
+    roles?: string[];
+    permissions?: string[];
+  }>;
+}
+
+export class NoopAccountsAuthzClaimsResolver implements AccountsAuthzClaimsResolver {
+  async resolveClaims(): Promise<{ roles?: string[]; permissions?: string[] }> {
+    return {};
+  }
+}

package/templates/module-presets/{jwt-auth/packages/auth-api → accounts/packages/accounts-api}/src/auth-config.loader.ts

@@ -8,9 +8,9 @@ export interface AuthConfigValues {
   accessExpiresIn: string;
   refreshSecret: string;
   refreshExpiresIn: string;
-  bcryptRounds: number;
-  demoEmail: string;
-  demoPassword: string;
+  argon2MemoryCost: number;
+  argon2TimeCost: number;
+  argon2Parallelism: number;
 }
 
 export const authConfig = registerAs(AUTH_CONFIG_NAMESPACE, (): AuthConfigValues => {
@@ -20,8 +20,8 @@ export const authConfig = registerAs(AUTH_CONFIG_NAMESPACE, (): AuthConfigValues
     accessExpiresIn: env.JWT_ACCESS_EXPIRES_IN,
     refreshSecret: env.JWT_REFRESH_SECRET,
     refreshExpiresIn: env.JWT_REFRESH_EXPIRES_IN,
-    bcryptRounds: env.AUTH_BCRYPT_ROUNDS,
-    demoEmail: env.AUTH_DEMO_EMAIL.toLowerCase(),
-    demoPassword: env.AUTH_DEMO_PASSWORD,
+    argon2MemoryCost: env.AUTH_ARGON2_MEMORY_COST,
+    argon2TimeCost: env.AUTH_ARGON2_TIME_COST,
+    argon2Parallelism: env.AUTH_ARGON2_PARALLELISM,
   };
-});
+});

package/templates/module-presets/{jwt-auth/packages/auth-api → accounts/packages/accounts-api}/src/auth-config.service.ts

@@ -22,15 +22,15 @@ export class AuthConfigService {
     return this.configService.getOrThrow<string>(`${AUTH_CONFIG_NAMESPACE}.refreshExpiresIn`);
   }
 
-  get bcryptRounds(): number {
-    return this.configService.getOrThrow<number>(`${AUTH_CONFIG_NAMESPACE}.bcryptRounds`);
+  get argon2MemoryCost(): number {
+    return this.configService.getOrThrow<number>(`${AUTH_CONFIG_NAMESPACE}.argon2MemoryCost`);
   }
 
-  get demoEmail(): string {
-    return this.configService.getOrThrow<string>(`${AUTH_CONFIG_NAMESPACE}.demoEmail`);
+  get argon2TimeCost(): number {
+    return this.configService.getOrThrow<number>(`${AUTH_CONFIG_NAMESPACE}.argon2TimeCost`);
   }
 
-  get demoPassword(): string {
-    return this.configService.getOrThrow<string>(`${AUTH_CONFIG_NAMESPACE}.demoPassword`);
+  get argon2Parallelism(): number {
+    return this.configService.getOrThrow<number>(`${AUTH_CONFIG_NAMESPACE}.argon2Parallelism`);
   }
-}
+}