create-forgeon 0.3.15 → 0.3.17

package/templates/module-presets/accounts/packages/accounts-api/src/dto/update-user-settings.dto.ts

@@ -0,0 +1,16 @@
+import type { UpdateUserSettingsRequest } from '@forgeon/accounts-contracts';
+import { IsObject, IsOptional, IsString } from 'class-validator';
+
+export class UpdateUserSettingsDto implements UpdateUserSettingsRequest {
+  @IsOptional()
+  @IsString()
+  theme?: string | null;
+
+  @IsOptional()
+  @IsString()
+  locale?: string | null;
+
+  @IsOptional()
+  @IsObject()
+  data?: Record<string, unknown>;
+}

package/templates/module-presets/accounts/packages/accounts-api/src/dto/update-user.dto.ts

@@ -0,0 +1,8 @@
+import type { UpdateUserRequest } from '@forgeon/accounts-contracts';
+import { IsObject, IsOptional } from 'class-validator';
+
+export class UpdateUserDto implements UpdateUserRequest {
+  @IsOptional()
+  @IsObject()
+  data?: Record<string, unknown>;
+}

package/templates/module-presets/accounts/packages/accounts-api/src/dto/verify-email.dto.ts

@@ -0,0 +1,8 @@
+import type { VerifyEmailRequest } from '@forgeon/accounts-contracts';
+import { IsString, MinLength } from 'class-validator';
+
+export class VerifyEmailDto implements VerifyEmailRequest {
+  @IsString()
+  @MinLength(8)
+  token!: string;
+}

package/templates/module-presets/accounts/packages/accounts-api/src/forgeon-accounts.module.ts

@@ -0,0 +1,82 @@
+import {
+  DynamicModule,
+  Module,
+  ModuleMetadata,
+  Provider,
+} from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import {
+  ACCOUNTS_AUTHZ_CLAIMS_RESOLVER,
+  NoopAccountsAuthzClaimsResolver,
+} from './accounts-rbac.port';
+import { ACCOUNTS_EMAIL_PORT, StubAccountsEmailAdapter } from './accounts-email.port';
+import { AuthConfigModule } from './auth-config.module';
+import { AuthController } from './auth.controller';
+import { AuthCoreService } from './auth-core.service';
+import { AuthJwtService } from './auth-jwt.service';
+import { AuthPasswordService } from './auth-password.service';
+import { AuthService } from './auth.service';
+import { JwtAuthGuard } from './access-token.guard';
+import { JwtStrategy } from './jwt.strategy';
+import { OwnerAccessGuard } from './owner-access.guard';
+import { UsersController } from './users.controller';
+import { UsersModule, USERS_MODULE_OPTIONS, type UsersModuleOptions } from './users-config';
+import { UsersService } from './users.service';
+
+export interface ForgeonAccountsModuleOptions {
+  imports?: ModuleMetadata['imports'];
+  providers?: Provider[];
+  users?: UsersModuleOptions;
+}
+
+@Module({})
+export class ForgeonAccountsModule {
+  static register(options: ForgeonAccountsModuleOptions = {}): DynamicModule {
+    return {
+      module: ForgeonAccountsModule,
+      imports: [
+        AuthConfigModule,
+        PassportModule.register({ defaultStrategy: 'jwt' }),
+        JwtModule.register({}),
+        ...(options.imports ?? []),
+      ],
+      controllers: [AuthController, UsersController],
+      providers: [
+        {
+          provide: USERS_MODULE_OPTIONS,
+          useValue: UsersModule.register(options.users ?? {}),
+        },
+        {
+          provide: ACCOUNTS_EMAIL_PORT,
+          useClass: StubAccountsEmailAdapter,
+        },
+        {
+          provide: ACCOUNTS_AUTHZ_CLAIMS_RESOLVER,
+          useClass: NoopAccountsAuthzClaimsResolver,
+        },
+        AuthCoreService,
+        AuthJwtService,
+        AuthPasswordService,
+        AuthService,
+        UsersService,
+        JwtStrategy,
+        JwtAuthGuard,
+        OwnerAccessGuard,
+        ...(options.providers ?? []),
+      ],
+      exports: [
+        AuthConfigModule,
+        AuthCoreService,
+        AuthJwtService,
+        AuthPasswordService,
+        AuthService,
+        UsersService,
+        JwtAuthGuard,
+        OwnerAccessGuard,
+        ACCOUNTS_EMAIL_PORT,
+        ACCOUNTS_AUTHZ_CLAIMS_RESOLVER,
+      ],
+    };
+  }
+}

package/templates/module-presets/accounts/packages/accounts-api/src/index.ts

@@ -0,0 +1,24 @@
+export * from './accounts-email.port';
+export * from './accounts-persistence.port';
+export * from './accounts-rbac.port';
+export * from './auth-config.loader';
+export * from './auth-config.module';
+export * from './auth-config.service';
+export * from './auth.controller';
+export * from './auth-core.service';
+export * from './auth-env.schema';
+export * from './auth-jwt.service';
+export * from './auth-password.service';
+export * from './auth.service';
+export * from './auth.types';
+export * from './dto';
+export * from './forgeon-accounts.module';
+export * from './access-token.guard';
+export * from './jwt.strategy';
+export * from './owner-access.guard';
+export * from './users-config';
+export * from './users.controller';
+export * from './users.service';
+export * from './users.types';
+
+

package/templates/module-presets/{jwt-auth/packages/auth-api → accounts/packages/accounts-api}/src/jwt.strategy.ts

@@ -2,7 +2,7 @@ import { Injectable } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { ExtractJwt, Strategy } from 'passport-jwt';
 import { AuthConfigService } from './auth-config.service';
-import { AuthJwtPayload } from './auth.types';
+import { AuthAccessTokenPayload } from './auth.types';
 
 @Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
@@ -14,7 +14,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     });
   }
 
-  validate(payload: AuthJwtPayload): AuthJwtPayload {
+  validate(payload: AuthAccessTokenPayload): AuthAccessTokenPayload {
     return payload;
   }
-}
+}

package/templates/module-presets/accounts/packages/accounts-api/src/owner-access.guard.ts

@@ -0,0 +1,39 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+  Injectable,
+} from '@nestjs/common';
+import type { AuthAccessTokenPayload } from './auth.types';
+
+type RequestWithUser = {
+  params?: Record<string, string>;
+  user?: AuthAccessTokenPayload;
+};
+
+@Injectable()
+export class OwnerAccessGuard implements CanActivate {
+  canActivate(context: ExecutionContext): boolean {
+    const request = context.switchToHttp().getRequest<RequestWithUser>();
+    const user = request.user;
+    const id = request.params?.id;
+
+    if (!user?.sub || !id) {
+      throw new ForbiddenException('Owner scope could not be resolved');
+    }
+
+    if (id === 'me') {
+      request.params = {
+        ...(request.params ?? {}),
+        id: user.sub,
+      };
+      return true;
+    }
+
+    if (id !== user.sub) {
+      throw new ForbiddenException('Only the current account is accessible');
+    }
+
+    return true;
+  }
+}

package/templates/module-presets/accounts/packages/accounts-api/src/users-config.ts

@@ -0,0 +1,13 @@
+export interface UsersModuleOptions {
+  user?: Record<string, unknown>;
+  profile?: Record<string, unknown>;
+  settings?: Record<string, unknown>;
+}
+
+export const USERS_MODULE_OPTIONS = 'FORGEON_USERS_MODULE_OPTIONS';
+
+export class UsersModule {
+  static register(options: UsersModuleOptions = {}): UsersModuleOptions {
+    return options;
+  }
+}

package/templates/module-presets/accounts/packages/accounts-api/src/users.controller.ts

@@ -0,0 +1,65 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  UseGuards,
+} from '@nestjs/common';
+import { JwtAuthGuard } from './access-token.guard';
+import { OwnerAccessGuard } from './owner-access.guard';
+import { UsersService } from './users.service';
+import {
+  UpdateUserDto,
+  UpdateUserProfileDto,
+  UpdateUserSettingsDto,
+} from './dto';
+
+@Controller('users')
+@UseGuards(JwtAuthGuard, OwnerAccessGuard)
+export class UsersController {
+  constructor(private readonly usersService: UsersService) {}
+
+  @Get(':id')
+  getUser(@Param('id') userId: string) {
+    return this.usersService.getByIdOrThrow(userId);
+  }
+
+  @Patch(':id')
+  updateUser(@Param('id') userId: string, @Body() body: UpdateUserDto) {
+    return this.usersService.update(userId, body);
+  }
+
+  @Delete(':id')
+  async deleteUser(@Param('id') userId: string) {
+    await this.usersService.softDelete(userId);
+    return {
+      status: 'ok',
+      deleted: true,
+    };
+  }
+
+  @Get(':id/profile')
+  async getProfile(@Param('id') userId: string) {
+    const user = await this.usersService.getByIdOrThrow(userId);
+    return user.profile;
+  }
+
+  @Patch(':id/profile')
+  updateProfile(@Param('id') userId: string, @Body() body: UpdateUserProfileDto) {
+    return this.usersService.updateProfile(userId, body);
+  }
+
+  @Get(':id/settings')
+  async getSettings(@Param('id') userId: string) {
+    const user = await this.usersService.getByIdOrThrow(userId);
+    return user.settings;
+  }
+
+  @Patch(':id/settings')
+  updateSettings(@Param('id') userId: string, @Body() body: UpdateUserSettingsDto) {
+    return this.usersService.updateSettings(userId, body);
+  }
+}
+

package/templates/module-presets/accounts/packages/accounts-api/src/users.service.ts

@@ -0,0 +1,87 @@
+import { Inject, Injectable, NotFoundException } from '@nestjs/common';
+import type { UpdateUserProfileRequest, UpdateUserSettingsRequest, UpdateUserRequest } from '@forgeon/accounts-contracts';
+import { ACCOUNTS_PERSISTENCE_PORT, type AccountsPersistencePort } from './accounts-persistence.port';
+import { USERS_MODULE_OPTIONS, type UsersModuleOptions } from './users-config';
+import { mergeObjects, normalizeObject, toUserRecordDto } from './users.types';
+
+@Injectable()
+export class UsersService {
+  constructor(
+    @Inject(ACCOUNTS_PERSISTENCE_PORT)
+    private readonly persistence: AccountsPersistencePort,
+    @Inject(USERS_MODULE_OPTIONS)
+    private readonly usersModuleOptions: UsersModuleOptions,
+  ) {}
+
+  async findById(userId: string) {
+    const user = await this.persistence.findUserById(userId);
+    return user ? toUserRecordDto(user) : null;
+  }
+
+  async getByIdOrThrow(userId: string) {
+    const user = await this.findById(userId);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+    return user;
+  }
+
+  async update(userId: string, input: UpdateUserRequest) {
+    const current = await this.persistence.findUserById(userId);
+    if (!current) {
+      throw new NotFoundException('User not found');
+    }
+
+    const updated = await this.persistence.updateUser({
+      userId,
+      data: mergeObjects(current.data ?? this.usersModuleOptions.user, input.data),
+    });
+    return toUserRecordDto(updated);
+  }
+
+  async updateProfile(userId: string, input: UpdateUserProfileRequest) {
+    const current = await this.persistence.findUserById(userId);
+    if (!current) {
+      throw new NotFoundException('User not found');
+    }
+
+    const updated = await this.persistence.updateUserProfile({
+      userId,
+      name: input.name ?? current.profile?.name ?? null,
+      avatar: input.avatar ?? current.profile?.avatar ?? null,
+      data: mergeObjects(current.profile?.data ?? this.usersModuleOptions.profile, input.data),
+    });
+    return toUserRecordDto(updated).profile;
+  }
+
+  async updateSettings(userId: string, input: UpdateUserSettingsRequest) {
+    const current = await this.persistence.findUserById(userId);
+    if (!current) {
+      throw new NotFoundException('User not found');
+    }
+
+    const updated = await this.persistence.updateUserSettings({
+      userId,
+      theme: input.theme ?? current.settings?.theme ?? null,
+      locale: input.locale ?? current.settings?.locale ?? null,
+      data: mergeObjects(current.settings?.data ?? this.usersModuleOptions.settings, input.data),
+    });
+    return toUserRecordDto(updated).settings;
+  }
+
+  async softDelete(userId: string): Promise<void> {
+    await this.persistence.softDeleteUser(userId, new Date());
+  }
+
+  resolveUserData(input: unknown) {
+    return mergeObjects(this.usersModuleOptions.user, normalizeObject(input));
+  }
+
+  resolveProfileData(input: unknown) {
+    return mergeObjects(this.usersModuleOptions.profile, normalizeObject(input));
+  }
+
+  resolveSettingsData(input: unknown) {
+    return mergeObjects(this.usersModuleOptions.settings, normalizeObject(input));
+  }
+}

package/templates/module-presets/accounts/packages/accounts-api/src/users.types.ts

@@ -0,0 +1,65 @@
+import type { JsonObject, UserProfileDto, UserRecordDto, UserSettingsDto } from '@forgeon/accounts-contracts';
+
+export type UserRecord = {
+  id: string;
+  email: string | null;
+  status: string;
+  data: JsonObject | null;
+  createdAt: Date;
+  updatedAt: Date;
+  deletedAt: Date | null;
+  profile: {
+    name: string | null;
+    avatar: string | null;
+    data: JsonObject | null;
+  } | null;
+  settings: {
+    theme: string | null;
+    locale: string | null;
+    data: JsonObject | null;
+  } | null;
+};
+
+export function normalizeObject(value: unknown): JsonObject | null {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    return null;
+  }
+  return value as JsonObject;
+}
+
+export function mergeObjects(baseValue: unknown, patchValue: unknown): JsonObject | null {
+  const base = normalizeObject(baseValue) ?? {};
+  const patch = normalizeObject(patchValue) ?? {};
+  const merged = { ...base, ...patch };
+  return Object.keys(merged).length > 0 ? merged : null;
+}
+
+export function toProfileDto(record: UserRecord['profile']): UserProfileDto {
+  return {
+    name: record?.name ?? null,
+    avatar: record?.avatar ?? null,
+    data: record?.data ?? null,
+  };
+}
+
+export function toSettingsDto(record: UserRecord['settings']): UserSettingsDto {
+  return {
+    theme: record?.theme ?? null,
+    locale: record?.locale ?? null,
+    data: record?.data ?? null,
+  };
+}
+
+export function toUserRecordDto(record: UserRecord): UserRecordDto {
+  return {
+    id: record.id,
+    email: record.email,
+    status: record.status,
+    data: record.data,
+    createdAt: record.createdAt.toISOString(),
+    updatedAt: record.updatedAt.toISOString(),
+    deletedAt: record.deletedAt?.toISOString() ?? null,
+    profile: toProfileDto(record.profile),
+    settings: toSettingsDto(record.settings),
+  };
+}

package/templates/module-presets/{jwt-auth/packages/auth-contracts → accounts/packages/accounts-contracts}/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@forgeon/auth-contracts",
+  "name": "@forgeon/accounts-contracts",
   "version": "0.1.0",
   "private": true,
   "type": "module",

package/templates/module-presets/accounts/packages/accounts-contracts/src/index.ts

@@ -0,0 +1,119 @@
+export const AUTH_API_ROUTES = {
+  register: '/api/auth/register',
+  login: '/api/auth/login',
+  refresh: '/api/auth/refresh',
+  logout: '/api/auth/logout',
+  me: '/api/auth/me',
+  changePassword: '/api/auth/change-password',
+  verifyEmail: '/api/auth/verify-email',
+  passwordResetRequest: '/api/auth/password-reset/request',
+  passwordResetConfirm: '/api/auth/password-reset/confirm',
+} as const;
+
+export const USERS_API_ROUTES = {
+  item: '/api/users/:id',
+  profile: '/api/users/:id/profile',
+  settings: '/api/users/:id/settings',
+} as const;
+
+export const AUTH_ERROR_CODES = {
+  invalidCredentials: 'AUTH_INVALID_CREDENTIALS',
+  refreshInvalid: 'AUTH_REFRESH_INVALID',
+  tokenExpired: 'AUTH_TOKEN_EXPIRED',
+  emailTaken: 'AUTH_EMAIL_TAKEN',
+  accountDisabled: 'AUTH_ACCOUNT_DISABLED',
+} as const;
+
+export type AuthErrorCode = (typeof AUTH_ERROR_CODES)[keyof typeof AUTH_ERROR_CODES];
+
+export type IdentityProvider = 'email' | 'google' | 'apple' | 'facebook';
+export type JsonObject = Record<string, unknown>;
+
+export interface UserProfileDto {
+  name?: string | null;
+  avatar?: string | null;
+  data?: JsonObject | null;
+}
+
+export interface UserSettingsDto {
+  theme?: string | null;
+  locale?: string | null;
+  data?: JsonObject | null;
+}
+
+export interface UserRecordDto {
+  id: string;
+  email?: string | null;
+  status: string;
+  data?: JsonObject | null;
+  createdAt: string;
+  updatedAt: string;
+  deletedAt?: string | null;
+  profile: UserProfileDto;
+  settings: UserSettingsDto;
+}
+
+export interface AuthAccessClaims {
+  sub: string;
+  email?: string;
+  type: 'access';
+}
+
+export interface AuthRefreshClaims {
+  sub: string;
+  email?: string;
+  jti: string;
+  type: 'refresh';
+}
+
+export interface LoginRequest {
+  email: string;
+  password: string;
+}
+
+export interface RegisterRequest extends LoginRequest {
+  user?: JsonObject;
+  profile?: UserProfileDto;
+  settings?: UserSettingsDto;
+}
+
+export interface RefreshRequest {
+  refreshToken: string;
+}
+
+export interface ChangePasswordRequest {
+  currentPassword?: string;
+  newPassword: string;
+}
+
+export interface RequestPasswordResetRequest {
+  email: string;
+}
+
+export interface ConfirmPasswordResetRequest {
+  token: string;
+  newPassword: string;
+}
+
+export interface VerifyEmailRequest {
+  token: string;
+}
+
+export interface UpdateUserRequest {
+  data?: JsonObject;
+}
+
+export interface UpdateUserProfileRequest extends UserProfileDto {}
+export interface UpdateUserSettingsRequest extends UserSettingsDto {}
+
+export interface TokenPair {
+  accessToken: string;
+  refreshToken: string;
+  tokenType: 'Bearer';
+  accessTtl: string;
+  refreshTtl: string;
+}
+
+export interface AuthSessionResponse extends TokenPair {
+  user: UserRecordDto;
+}

package/templates/module-presets/files/apps/api/src/files/forgeon-files-db-prisma.module.ts

@@ -0,0 +1,17 @@
+import { Module } from '@nestjs/common';
+import { FILES_PERSISTENCE_PORT } from '@forgeon/files';
+import { DbPrismaModule } from '@forgeon/db-prisma';
+import { PrismaFilesPersistenceStore } from './prisma-files-persistence.store';
+
+@Module({
+  imports: [DbPrismaModule],
+  providers: [
+    PrismaFilesPersistenceStore,
+    {
+      provide: FILES_PERSISTENCE_PORT,
+      useExisting: PrismaFilesPersistenceStore,
+    },
+  ],
+  exports: [FILES_PERSISTENCE_PORT],
+})
+export class ForgeonFilesDbPrismaModule {}