create-frontify-backend 1.0.12

package/templates/backend/my-backend-template/src/middlewares/validator.middleware.js

@@ -0,0 +1,66 @@
+import { validationResult } from "express-validator";
+
+/**
+ * Validate request using express-validator rules
+ */
+export const validate = (rules = []) => {
+    return async (req, res, next) => {
+        // Run all validation rules
+        for (const rule of rules) {
+            await rule.run(req);
+        }
+
+        // Collect validation errors
+        const errors = validationResult(req);
+
+        // If no errors, continue
+        if (errors.isEmpty()) {
+            return next();
+        }
+
+        // Format errors: field -> message
+        const formattedErrors = {};
+        for (const err of errors.array()) {
+            if (!formattedErrors[err.path]) {
+                formattedErrors[err.path] = err.msg;
+            }
+        }
+
+        return res.status(422).json({
+            success: false,
+            message: "Validation failed",
+            errors: formattedErrors,
+        });
+    };
+};
+
+/**
+ * Custom Validators
+ * -----------------
+ * Only validators actually used in the package
+ */
+
+export const customValidators = {
+    /**
+     * Strong password validator
+     * - Min 8 chars
+     * - At least 1 uppercase
+     * - At least 1 lowercase
+     * - At least 1 number
+     */
+    strongPassword(value) {
+        if (!value) return false;
+
+        const hasUppercase = /[A-Z]/.test(value);
+        const hasLowercase = /[a-z]/.test(value);
+        const hasNumber = /\d/.test(value);
+        const hasMinLength = value.length >= 8;
+
+        return (
+            hasUppercase &&
+            hasLowercase &&
+            hasNumber &&
+            hasMinLength
+        );
+    },
+};

package/templates/backend/my-backend-template/src/models/user.model.js

@@ -0,0 +1,54 @@
+import mongoose from "mongoose";
+
+/**
+ * User Schema
+ * Handles authentication & authorization
+ */
+const userSchema = new mongoose.Schema(
+    {
+        username: {
+            type: String,
+            required: true,
+            unique: true,
+            trim: true,
+            minlength: 3,
+            maxlength: 30,
+        },
+
+        email: {
+            type: String,
+            required: true,
+            unique: true,
+            lowercase: true,
+            trim: true,
+        },
+
+        name: {
+            type: String,
+            required: true,
+            trim: true,
+            maxlength: 50,
+        },
+
+        password: {
+            type: String,
+            required: true,
+            minlength: 8,
+            select: false, // 🚨 very important (won't return by default)
+        },
+
+        role: {
+            type: String,
+            enum: ["user", "admin"],
+            default: "user",
+            select: false,
+        },
+    },
+    {
+        timestamps: true, // createdAt & updatedAt
+    }
+);
+
+const User = mongoose.model("User", userSchema);
+
+export default User;

package/templates/backend/my-backend-template/src/routes/auth.routes.js

@@ -0,0 +1,68 @@
+import express from "express";
+
+import authController from "../controllers/auth.controller.js";
+import { protect } from "../middlewares/auth.middleware.js";
+import { authRateLimiter} from '../middlewares/rateLimiter.middleware.js'
+import { validate } from "../middlewares/validator.middleware.js";
+import { 
+    registerValidator, 
+    loginValidator, 
+    verifyEmailValidator, 
+    verifyEmailTokenValidator 
+} from '../validators/auth.validator.js'
+
+
+const router = express.Router();
+
+router.use(authRateLimiter)
+
+// Register user
+router.post(
+    "/register",
+    validate(registerValidator),
+    authController.register
+);
+
+// Login user
+router.post(
+    "/login",
+    validate(loginValidator),
+    authController.login
+);
+
+// Logout user (stateless)
+router.post(
+    "/logout",
+    protect,
+    authController.logout
+);
+
+// Get current user
+router.get(
+    "/get-me",
+    protect,
+    authController.getMe
+);
+
+// Generate new access token
+router.post(
+    "/refresh-token",
+    authController.refreshAccessToken
+);
+
+
+// Send verification email
+router.post(
+    "/verify-email",
+    validate(verifyEmailValidator),
+    authController.verifyEmail
+);
+
+// Verify email using token
+router.get(
+    "/verify-email",
+    validate(verifyEmailTokenValidator),
+    authController.verifyEmailToken
+);
+
+export default router;

package/templates/backend/my-backend-template/src/services/userServices.js

@@ -0,0 +1,179 @@
+import jwt from "jsonwebtoken";
+
+import userDAO from "../dao/user.dao.js";
+import appError from '../utils/appError.js';
+import config from "../config/config.js";
+import {hashPassword, comparePassword} from '../utils/password.js'
+import * as CONSTANT from "../constants/constants.js";
+import logger from "../loggers/winston.logger.js";
+
+/**
+ * User Service
+ * ------------
+ * Business logic only
+ * Function-based
+ * Beginner + Production ready
+ */
+
+const userService = {
+    /**
+     * Register new user
+     */
+    async register(userData) {
+        const emailExists = await userDAO.findByEmail(userData.email);
+        if (emailExists) {
+            throw appError("Email already registered", 400);
+        }
+
+        const usernameExists = await userDAO.findByUsername(userData.username);
+        if (usernameExists) {
+            throw appError("Username already taken", 400);
+        }
+
+        const hashedPassword = await hashPassword(userData.password);
+
+        const user = await userDAO.create({
+            username: userData.username,
+            email: userData.email,
+            password: hashedPassword,
+            name: userData.name || "",
+            role: userData.role || "user"
+        });
+
+        user.password = undefined;
+        return user;
+    },
+
+    /**
+     * Login user
+     */
+    async login(email, password) {
+        const user = await userDAO.findByEmail(email);
+
+        if (!user) {
+            throw appError("Invalid email or password", 401);
+        }
+
+        const isPasswordValid = await comparePassword(password, user.password);
+        if (!isPasswordValid) {
+            throw appError("Invalid email or password", 401);
+        }
+
+
+        user.password = undefined;
+        return user;
+    },
+
+    /**
+     * Get logged-in user
+     */
+    async getMe(userId) {
+        return userDAO.findById(userId);
+    },
+
+    /**
+     * Generate access token
+     */
+    generateAccessToken({ userId, username, email }) {
+        return jwt.sign(
+            { id: userId, username, email },
+            config.JWT_SECRET,
+            { expiresIn: CONSTANT.ACCESS_TOKEN_EXPIRATION }
+        );
+    },
+
+    /**
+     * Generate refresh token (stateless)
+     */
+    generateRefreshToken({ userId }) {
+        return jwt.sign(
+            { id: userId },
+            config.JWT_SECRET,
+            { expiresIn: CONSTANT.REFRESH_TOKEN_EXPIRATION }
+        );
+    },
+
+    /**
+     * Verify refresh token (stateless)
+     */
+    verifyRefreshToken(refreshToken) {
+        try {
+            const decoded = jwt.verify(refreshToken, config.JWT_SECRET);
+            return decoded;
+        } catch (error) {
+            logger.warn("Refresh token verification failed", {
+                error: error.message,
+            });
+            throw appError("Invalid or expired refresh token", 401);
+        }
+    },
+
+    /**
+     * Reset password
+     */
+    async resetPassword(userId, newPassword) {
+        const user = await userDAO.findById(userId);
+        if (!user) throw appError("User not found", 404);
+
+        user.password = newPassword;
+        await user.save(); // triggers hashing
+        return true;
+    },
+
+    /**
+     * Update user profile
+     */
+    async updateProfile(userId, updates) {
+        if (updates.password) {
+            throw appError("Password update not allowed here", 400);
+        }
+
+        return userDAO.updateById(userId, updates);
+    },
+
+    /**
+     * Generate email verification token
+     */
+    async generateVerificationToken(email) {
+        const user = await userDAO.findByEmail(email);
+        if (!user) throw appError("User not found", 404);
+
+        const token = jwt.sign(
+            { id: user._id },
+            config.JWT_SECRET,
+            { expiresIn: CONSTANT.VERIFICATION_TOKEN_EXPIRATION }
+        );
+
+        user.emailVerificationToken = token;
+        await user.save();
+
+        return token;
+    },
+
+    /**
+     * Verify email
+     */
+    async verifyEmail(token) {
+        try {
+            const decoded = jwt.verify(token, config.JWT_SECRET);
+            const user = await userDAO.findById(decoded.id);
+
+            if (!user || user.emailVerificationToken !== token) {
+                throw appError("Invalid verification token", 401);
+            }
+
+            user.isEmailVerified = true;
+            user.emailVerificationToken = undefined;
+            await user.save();
+
+            return user;
+        } catch (error) {
+            logger.warn("Email verification failed", {
+                error: error.message,
+            });
+            throw appError("Invalid or expired verification token", 401);
+        }
+    },
+};
+
+export default Object.freeze(userService);

package/templates/backend/my-backend-template/src/utils/appError.js

@@ -0,0 +1,17 @@
+/**
+ * Factory function to create operational errors
+ * CI/CD & ESLint safe version
+ */
+const appError = (message, statusCode = 500) => {
+    const error = new Error(message);
+
+    error.statusCode = statusCode;
+    error.status = statusCode >= 400 && statusCode < 500 ? 'fail' : 'error';
+    error.isOperational = true;
+
+    Error.captureStackTrace(error, appError);
+
+    return error;
+};
+
+export default appError;

package/templates/backend/my-backend-template/src/utils/asyncHandler.js

@@ -0,0 +1,5 @@
+const asyncHandler = (fn) => (req, res, next) => {
+    Promise.resolve(fn(req, res, next)).catch(next);
+};
+
+export default asyncHandler;

package/templates/backend/my-backend-template/src/utils/password.js

@@ -0,0 +1,20 @@
+import bcrypt from 'bcrypt';
+import appError from './appError.js';
+
+const saltRounds = 12;
+
+export const hashPassword = (password) => {
+    try {
+        return bcrypt.hashSync(password, saltRounds);
+    } catch {
+        throw appError('Could not hash password', 500);
+    }
+}
+
+export const comparePassword = (password, hashedPassword) => {
+    try {
+        return bcrypt.compareSync(password, hashedPassword);
+    } catch {
+        throw appError('Could not compare password', 500);
+    }
+}

package/templates/backend/my-backend-template/src/utils/sendEmail.js

@@ -0,0 +1,17 @@
+import { createTransporter } from '../config/email.config.js';
+import config from '../config/config.js';
+
+export const sendVerificationEmail = async (to, verificationLink) => {
+  const transporter = await createTransporter();
+  const mailOptions = {
+    from: `"Backend Starter" <${config.GMAIL_USER}>`,
+    to,
+    subject: 'Verify your email',
+    html: `
+      <p>Click the link below to verify your email:</p>
+      <a href="${verificationLink}">${verificationLink}</a>
+    `,
+  };
+
+  return transporter.sendMail(mailOptions);
+};

package/templates/backend/my-backend-template/src/validators/auth.validator.js

@@ -0,0 +1,99 @@
+import { body, query } from 'express-validator';
+import { customValidators } from '../middlewares/validator.middleware.js';
+
+export const registerValidator = [
+    body('username')
+        .optional({ nullable: true })
+        .isLength({ min: 3, max: 30 })
+        .withMessage('Username must be between 3 and 30 characters')
+        .matches(/^[a-zA-Z0-9_]+$/)
+        .withMessage('Username can only contain letters, numbers, and underscores')
+        .trim()
+        .escape(),
+    body('name')
+        .optional()
+        .isLength({ min: 2, max: 50 })
+        .withMessage('Name must be between 2 and 50 characters')
+        .trim(),
+    body('email')
+        .notEmpty()
+        .withMessage('Email is required')
+        .isEmail()
+        .withMessage('Please provide a valid email')
+        .normalizeEmail(),
+    body('password')
+        .notEmpty()
+        .withMessage('Password is required')
+        .isLength({ min: 8 })
+        .withMessage('Password must be at least 8 characters')
+        .custom((value) => {
+            if (!customValidators.strongPassword(value)) {
+                throw new Error(
+                    'Password must contain at least one uppercase letter, one lowercase letter, one number, and one special character'
+                );
+            }
+            return true;
+        }),
+];
+
+export const loginValidator = [
+    body('email')
+        .notEmpty()
+        .withMessage('Email is required')
+        .isEmail()
+        .withMessage('Please provide a valid email')
+        .normalizeEmail(),
+    body('password')
+        .notEmpty()
+        .withMessage('Password is required')
+        .isLength({ min: 8 })
+        .withMessage('Password must be at least 8 characters'),
+];
+
+export const verifyEmailValidator = [
+    body('email')
+        .notEmpty()
+        .withMessage('Email is required')
+        .isEmail()
+        .withMessage('Please provide a valid email')
+        .normalizeEmail(),
+];
+
+export const verifyEmailTokenValidator = [
+    query('token').notEmpty().withMessage('Token is required'),
+];
+
+export const forgotPasswordValidator = [
+    body('email')
+        .notEmpty()
+        .withMessage('Email is required')
+        .isEmail()
+        .withMessage('Please provide a valid email')
+        .normalizeEmail(),
+];
+
+export const resetPasswordValidator = [
+    body('token').notEmpty().withMessage('Token is required'),
+    body('password')
+        .notEmpty()
+        .withMessage('Password is required')
+        .isLength({ min: 8 })
+        .withMessage('Password must be at least 8 characters')
+        .custom((value) => {
+            if (!customValidators.strongPassword(value)) {
+                throw new Error(
+                    'Password must contain at least one uppercase letter, one lowercase letter, one number, and one special character'
+                );
+            }
+            return true;
+        }),
+    body('confirmPassword')
+        .notEmpty()
+        .withMessage('Confirm password is required')
+        .custom((value, { req }) => {
+            if (value !== req.body.password) {
+                throw new Error('Passwords do not match');
+            }
+            return true;
+        }),
+];