create-lyrajs 1.1.2 → 2.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-lyrajs",
-  "version": "1.1.2",
+  "version": "2.0.0",
   "description": "CLI tool to create new LyraJS projects",
   "keywords": [
     "create",
@@ -12,7 +12,7 @@
     "cli",
     "scaffold"
   ],
-  "author": "Matthieu Fergola & Anthony Dewitte",
+  "author": "Matthieu Fergola",
   "license": "GPL-3.0",
   "repository": {
     "type": "git",

package/template/backups/README.md

@@ -0,0 +1,93 @@
+# Database Backups
+
+This directory stores automatic database backups created by the LyraJS migration system.
+
+## Purpose
+
+The `backups/` folder contains SQL dump files that serve as safety checkpoints for your database. These backups are automatically created before destructive migration operations to ensure data can be recovered if needed.
+
+## When Backups Are Created
+
+Backups are automatically generated in the following scenarios:
+
+- **Before destructive migrations**: When running migrations marked as `isDestructive = true`
+- **Before rollback operations**: When using `maestro migration:rollback`
+- **Before refresh operations**: When using `maestro migration:refresh`
+- **Before fresh migrations**: When using `maestro migration:fresh`
+
+## Backup File Format
+
+Backup files follow this naming convention:
+
+```
+backup_YYYY-MM-DD_HH-MM-SS_<version>.sql
+```
+
+Example: `backup_2026-01-05_14-30-45_1767607917120.sql`
+
+Where:
+- **Date/Time**: Timestamp of when the backup was created
+- **Version**: Migration version number associated with the backup
+
+## Managing Backups
+
+### List All Backups
+
+```bash
+npx maestro list:backups
+```
+
+### Restore a Backup
+
+```bash
+npx maestro restore:backup <filename>
+```
+
+Example:
+```bash
+npx maestro restore:backup backup_2026-01-05_14-30-45_1767607917120.sql
+```
+
+### Clean Up Old Backups
+
+```bash
+npx maestro cleanup:backups --days=30
+```
+
+This removes backups older than 30 days (default: 7 days).
+
+## Best Practices
+
+1. **Keep backups**: Don't delete backups immediately after migrations succeed
+2. **Regular cleanup**: Use `cleanup:backups` to manage disk space
+3. **External backups**: Consider copying important backups to external storage
+4. **Test restores**: Periodically test backup restoration in development
+
+## Storage Considerations
+
+- Backup files can be large depending on database size
+- Regular cleanup is recommended to prevent disk space issues
+- The migration system tracks backup paths in the `migrations` table
+
+## Security
+
+- Backup files contain your complete database schema and data
+- Keep this directory secure and excluded from version control
+- The `.gitignore` should include `backups/*.sql`
+
+## Related Commands
+
+```bash
+# View migration status with backup information
+npx maestro migration:status
+
+# Run migration with automatic backup
+npx maestro migration:migrate
+
+# Rollback with automatic backup
+npx maestro migration:rollback
+```
+
+---
+
+For more information, visit the [LyraJS Documentation](https://lyrajs.dev/).

package/template/config/security.yaml

@@ -14,7 +14,6 @@ security:
     max_attempts: 5
     message: 'Too many login attempts, please try again later'
   access_control:
-    - { path: /api/auth/sign-out, roles: [ROLE_USER] }
     - { path: /api/auth/user, roles: [ROLE_USER] }
     - { path: /api/admin, roles: [ROLE_ADMIN] }
   role_hierarchy:

package/template/migrations/README.md

@@ -0,0 +1,247 @@
+# Database Migrations
+
+This directory contains database migration files that track and version your database schema changes.
+
+## Purpose
+
+The `migrations/` folder stores TypeScript migration files that define how your database schema evolves over time. Each migration represents a specific change to your database structure.
+
+## What Are Migrations?
+
+Migrations are version control for your database. They allow you to:
+
+- **Track schema changes**: Every database modification is recorded
+- **Collaborate safely**: Team members can sync database changes through version control
+- **Rollback changes**: Undo migrations if something goes wrong
+- **Deploy consistently**: Apply the same schema changes across environments
+
+## Migration File Structure
+
+Migration files follow this naming convention:
+
+```
+Migration_<timestamp>.ts
+```
+
+Example: `Migration_1767607917120.ts`
+
+Each migration file implements the `MigrationInterface` with three methods:
+
+```typescript
+import { MigrationInterface } from "@lyra-js/core"
+
+export class Migration_1767607917120 implements MigrationInterface {
+  readonly version = "1767607917120"
+  readonly isDestructive = false
+  readonly canRunInParallel = false
+
+  async up(connection: any): Promise<void> {
+    // SQL to apply the migration
+  }
+
+  async down(connection: any): Promise<void> {
+    // SQL to undo the migration
+  }
+
+  async dryRun(connection: any): Promise<string[]> {
+    // Return SQL statements for preview
+  }
+}
+```
+
+## Generating Migrations
+
+### Automatic Generation (Recommended)
+
+LyraJS automatically detects schema changes by comparing your entities to the database:
+
+```bash
+npx maestro make:migration
+```
+
+This command:
+1. Introspects your current database schema
+2. Compares it with your entity definitions
+3. Generates migration code for detected differences
+4. Includes smart rename detection to prevent data loss
+
+### Manual Migration
+
+For complex operations, you can create migrations manually by copying the file structure above.
+
+## Running Migrations
+
+### Apply Pending Migrations
+
+```bash
+npx maestro migration:migrate
+```
+
+### View Migration Status
+
+```bash
+npx maestro migration:status
+```
+
+### Rollback Last Migration
+
+```bash
+npx maestro migration:rollback
+```
+
+### Rollback Multiple Migrations
+
+```bash
+npx maestro migration:rollback --steps=3
+```
+
+### Fresh Installation (⚠️ Destructive)
+
+Drops all tables and re-runs all migrations:
+
+```bash
+npx maestro migration:fresh
+```
+
+### Refresh Database (⚠️ Destructive)
+
+Rolls back all migrations and re-runs them:
+
+```bash
+npx maestro migration:refresh
+```
+
+## Migration Squashing
+
+For mature projects with many migrations, you can combine them into a single baseline migration:
+
+```bash
+# Squash all executed migrations
+npx maestro migration:squash
+
+# Squash up to a specific version
+npx maestro migration:squash --to=1767607917120
+```
+
+Squashed migrations:
+- Reduce migration count for fresh installations
+- Improve migration performance
+- Keep the migrations folder organized
+- Mark old migrations as archived
+
+## Migration Features
+
+### Smart Rename Detection
+
+The migration generator can detect when columns or tables are renamed (instead of dropped and recreated):
+
+```
+? Detected potential rename: firstname -> first_name (85% confidence)
+  Do you want to rename instead of drop+create? (Y/n)
+```
+
+### Automatic Backups
+
+Backups are automatically created before destructive operations:
+- The backup is saved to `backups/backup_YYYY-MM-DD_HH-MM-SS_<version>.sql`
+- Tracked in the migrations table for easy restoration
+
+### Migration Batching
+
+Migrations are organized in batches, making it easy to rollback related changes together.
+
+### Parallel Execution
+
+Some migrations can run in parallel for better performance (set `canRunInParallel = true`).
+
+## Best Practices
+
+1. **Never modify executed migrations**: Create new migrations for changes
+2. **Test migrations**: Always test in development before production
+3. **Write reversible migrations**: Ensure `down()` properly undoes `up()`
+4. **Use transactions**: Migrations run in transactions by default
+5. **Keep migrations small**: One logical change per migration
+6. **Review generated SQL**: Check auto-generated migrations before running
+7. **Version control**: Commit migration files to your repository
+
+## Common Operations
+
+### Adding a Column
+
+```bash
+# 1. Add column to your entity
+# 2. Generate migration
+npx maestro make:migration
+
+# 3. Review and run
+npx maestro migration:migrate
+```
+
+### Creating a Table
+
+```bash
+# 1. Create entity class
+# 2. Generate migration
+npx maestro make:migration
+
+# 3. Run migration
+npx maestro migration:migrate
+```
+
+### Renaming a Column
+
+```bash
+# 1. Rename field in entity
+# 2. Generate migration (will detect rename)
+npx maestro make:migration
+
+# 3. Confirm rename when prompted
+# 4. Run migration
+npx maestro migration:migrate
+```
+
+## Troubleshooting
+
+### Migration Failed
+
+If a migration fails:
+1. Check the error message
+2. Fix the migration file or database state
+3. Rollback if needed: `npx maestro migration:rollback`
+4. Re-run: `npx maestro migration:migrate`
+
+### Out of Sync
+
+If your database is out of sync with migrations:
+1. Use `npx maestro migration:status` to check state
+2. Manually fix the database or migrations table
+3. Or use `npx maestro migration:fresh` (⚠️ destroys data)
+
+### Restore from Backup
+
+If something goes wrong:
+
+```bash
+npx maestro list:backups
+npx maestro restore:backup <filename>
+```
+
+## Related Commands
+
+```bash
+# Show all controllers
+npx maestro show:controllers
+
+# Show all entities
+npx maestro show:entities
+
+# Show all migrations
+npx maestro show:migrations
+
+# Show database structure
+npx maestro show:routes
+```
+
+---
+
+For more information, visit the [LyraJS Documentation](https://lyrajs.dev/).

package/template/package.json

@@ -7,13 +7,11 @@
     "maestro": "maestro"
   },
   "dependencies": {
-    "@lyra-js/core": "^1.1.2",
+    "@lyra-js/core": "^2.0.0",
     "bcrypt": "^6.0.0",
-    "cookie-parser": "^1.4.7",
     "cors": "^2.8.5",
     "dotenv": "^16.5.0",
-    "express": "^5.1.0",
-    "express-rate-limit": "^8.2.1",
+    "esbuild": "^0.27.2",
     "jsonwebtoken": "^9.0.2",
     "mysql2": "^3.14.1",
     "nodemailer": "^7.0.7",
@@ -22,9 +20,7 @@
   },
   "devDependencies": {
     "@types/bcrypt": "^5.0.2",
-    "@types/cookie-parser": "^1.4.8",
     "@types/cors": "^2.8.18",
-    "@types/express": "^5.0.1",
     "@types/jsonwebtoken": "^9.0.9",
     "@types/node": "^22.15.17",
     "@types/nodemailer": "^6.4.17",

package/template/src/controller/AuthController.ts

@@ -1,44 +1,51 @@
-import { AccessControl, SecurityConfig } from "@lyra-js/core"
-import { AuthenticatedRequest, UnauthorizedException, Validator } from "@lyra-js/core"
-import bcrypt from "bcrypt"
-import { NextFunction, Request, Response } from "express"
-import jwt from "jsonwebtoken"
-import md5 from "md5"
+import { AccessControl, isAuthenticated, SecurityConfig } from "@lyra-js/core"
+import {
+  Controller,
+  Delete,
+  Get,
+  Patch,
+  Post,
+  rateLimiter,
+  Route,
+  UnauthorizedException,
+  Validator
+} from "@lyra-js/core"
 
 import { User } from "@entity/User"
-import { userRepository } from "@repository/UserRepository"
 
 const securityConfig = new SecurityConfig().getConfig()
 
-export class AuthController {
-  static signUp = async (req: Request, res: Response, next: NextFunction) => {
+@Route({ path: "/auth" })
+export class AuthController extends Controller {
+  @Post({ path: "/sign-up" })
+  async signUp() {
     try {
-      const { username, firstname, lastname, email, password } = req.body
+      const { username, firstname, lastname, email, password } = this.req.body
 
       if (!username || !firstname || !lastname || !email || !password) {
-        throw new Error("Missing required fields")
+        this.badRequest("Missing required fields")
       }
 
       if (!Validator.isUsernameValid(username)) {
-        throw new Error("Invalid username")
+        this.badRequest("Invalid username")
       }
 
       if (!Validator.isEmailValid(email)) {
-        throw new Error("Invalid email")
+        this.badRequest("Invalid email")
       }
 
-      const isEmailUsed = await userRepository.findOneBy({ email })
+      const isEmailUsed = await this.userRepository.findOneBy({ email })
 
       if (isEmailUsed) {
-        throw new Error("Email already in use")
+        this.badRequest("Email already in use")
       }
 
       if (!Validator.isPasswordValid(password)) {
-        throw new Error("Invalid password")
+        this.badRequest("Invalid password")
       }
 
       const user = new User()
-      const hashedPassword = await bcrypt.hash(password, 10)
+      const hashedPassword = await this.bcrypt.hash(password, 10)
 
       user.username = username
       user.firstname = firstname
@@ -47,45 +54,45 @@ export class AuthController {
       user.password = hashedPassword
       user.role = "ROLE_USER"
 
-      await userRepository.save(user)
+      await this.userRepository.save(user)
 
-      const registeredUser = await userRepository.findOneBy({ email })
+      const registeredUser = await this.userRepository.findOneBy({ email })
+      const { password: _, ...userWithoutPassword } = registeredUser || {}
 
-      delete registeredUser?.password
-
-      res.status(201).json({ message: "User registered successfully", user: registeredUser })
+      this.res.status(201).json({ message: "User registered successfully", user: userWithoutPassword })
     } catch (error) {
-      next(error)
+      this.next(error)
     }
   }
 
-  static signIn = async (req: Request, res: Response, next: NextFunction) => {
+  @Post({ path: "/sign-in", middlewares: [rateLimiter] })
+  async signIn() {
     try {
-      const { email, password } = req.body
+      const { email, password } = this.req.body
 
       if (!email || !password) {
-        throw new Error("Missing required fields")
+        this.badRequest("Missing required fields")
       }
 
-      const user = await userRepository.findOneBy({ email })
+      const user = await this.userRepository.findOneBy({ email })
 
-      if (!user || !(user && (await bcrypt.compare(password, user.password)))) {
-        throw new Error("Invalid credentials")
+      if (!user || !(user && (await this.bcrypt.compare(password, user.password)))) {
+        this.unauthorized("Invalid credentials")
       }
 
-      const token = jwt.sign({ id: user.id }, securityConfig.jwt.secret_key as string, {
+      const token = this.jwt.sign({ id: user.id }, securityConfig.jwt.secret_key as string, {
         algorithm: securityConfig.jwt.algorithm as string,
         expiresIn: securityConfig.jwt.token_expiration
       })
 
-      const refreshToken = jwt.sign({ id: user.id }, securityConfig.jwt.secret_key_refresh as string, {
+      const refreshToken = this.jwt.sign({ id: user.id }, securityConfig.jwt.secret_key_refresh as string, {
         algorithm: securityConfig.jwt.algorithm as string,
         expiresIn: securityConfig.jwt.refresh_token_expiration
       })
 
-      await userRepository.save(user)
+      await this.userRepository.save(user)
 
-      res.cookie("Token", token, {
+      this.res.cookie("Token", token, {
         sameSite: "Lax",
         httpOnly: true,
         secure: process.env.ENV === "production",
@@ -93,7 +100,7 @@ export class AuthController {
         partitioned: false
       })
 
-      res.cookie("RefreshToken", refreshToken, {
+      this.res.cookie("RefreshToken", refreshToken, {
         sameSite: "Lax",
         httpOnly: true,
         secure: process.env.ENV === "production",
@@ -101,21 +108,24 @@ export class AuthController {
         partitioned: false
       })
 
-      delete user.password
+      const { password: _, ...userWithoutPassword } = user
 
-      res.status(200).json({ message: "User authenticated in successfully", user, token, refreshToken })
+      this.res
+        .status(200)
+        .json({ message: "User authenticated in successfully", user: userWithoutPassword, token, refreshToken })
     } catch (error) {
-      next(error)
+      this.next(error)
     }
   }
 
-  static getAuthenticatedUser = async (req: AuthenticatedRequest<Request>, res: Response, next: NextFunction) => {
+  @Get({ path: "/user", middlewares: [isAuthenticated] })
+  async getAuthenticatedUser() {
     try {
-      const user = req.user as User
+      const user = this.req.user as User
 
       if (!user) throw new UnauthorizedException()
 
-      res.status(200).json({
+      this.res.status(200).json({
         id: user.id,
         firstname: user.firstname,
         lastname: user.lastname,
@@ -123,40 +133,56 @@ export class AuthController {
         role: user.role
       })
     } catch (error) {
-      next(error)
+      this.next(error)
     }
   }
 
-  static signOut = async (_req: Request, res: Response) => {
-    res.clearCookie("Token")
-    res.clearCookie("RefreshToken")
-    res.status(200).json({ message: "Unauthenticated successfully" })
+  @Get({ path: "/sign-out" })
+  async signOut() {
+    try {
+      this.res.clearCookie("Token")
+      this.res.clearCookie("RefreshToken")
+      return this.res.status(200).json({ message: "Unauthenticated successfully" })
+    } catch (error) {
+      this.next(error)
+    }
   }
 
-  static updateProfile = async (req: AuthenticatedRequest<Request>, res: Response, next: NextFunction) => {
+  @Patch({ path: "/update-account", middlewares: [isAuthenticated] })
+  async updateProfile() {
     try {
-      const { data }: { data: User } = req.body
-      const user = req.user as User
+      const { data }: { data: User } = this.req.body
+      const user = this.req.user as User
       if (!user) throw new UnauthorizedException()
       if (data?.id && data.id !== user.id) throw new UnauthorizedException()
-      if (data.role) delete data.role
-      if (data.created_at) delete data.created_at
-      data.updated_at = new Date()
-      if (user && data.password) data.password = await bcrypt.hash(data.password, 10)
-      if (user) await userRepository.save(data)
-      res.status(200).json({ message: "Users updated successfully" })
+
+      // Remove protected fields
+      const { role: _role, created_at: _created_at, password, ...updateData } = data
+
+      // Hash password if provided
+      const hashedPassword = password ? await this.bcrypt.hash(password, 10) : undefined
+
+      const finalData = {
+        ...updateData,
+        ...(hashedPassword && { password: hashedPassword }),
+        updated_at: new Date()
+      }
+
+      if (user) await this.userRepository.save(finalData)
+      this.res.status(200).json({ message: "Users updated successfully" })
     } catch (error) {
-      next(error)
+      this.next(error)
     }
   }
 
-  static refreshToken = async (req: Request, res: Response, next: NextFunction) => {
+  @Get({ path: "/refresh-token" })
+  async refreshToken() {
     try {
       const securityConfig = new SecurityConfig().getConfig()
-      let refreshToken = req.cookies.RefreshToken
+      let refreshToken = this.req.cookies.RefreshToken
       if (!refreshToken) {
-        const authHeader = req.headers.authorization
-        if (authHeader && authHeader.startsWith('Bearer ')) {
+        const authHeader = this.req.headers.authorization
+        if (authHeader && authHeader.startsWith("Bearer ")) {
           refreshToken = authHeader.substring(7)
         }
       }
@@ -167,38 +193,41 @@ export class AuthController {
 
       if (!decoded || !decoded.id) throw new UnauthorizedException("Invalid refresh token")
 
-      const user = await userRepository.find(decoded.id)
+      const user = await this.userRepository.find(decoded.id)
 
       if (!user) throw new UnauthorizedException("Invalid refresh token")
 
       const token = await AccessControl.getNewToken(user)
 
-      res.cookie("Token", token, {
-        sameSite: "lax",
+      this.res.cookie("Token", token, {
+        sameSite: "Lax",
         httpOnly: true,
         secure: process.env.ENV === "production",
         maxAge: securityConfig.jwt.token_expiration * 1000,
         partitioned: false
       })
 
-      delete user.password
+      const { password: _, ...userWithoutPassword } = user
 
-      res.status(200).json({ message: "User authenticated in successfully", user, token, refreshToken })
+      this.res
+        .status(200)
+        .json({ message: "User authenticated in successfully", user: userWithoutPassword, token, refreshToken })
     } catch (_refreshError) {
-      return res.redirect(securityConfig.auth_routes.sign_out)
+      return this.res.redirect(securityConfig.auth_routes.sign_out)
     }
   }
 
-  static removeUser = async (req: AuthenticatedRequest<Request>, res: Response, next: NextFunction) => {
-    const user = req.user
+  @Delete({ path: "/delete-account", middlewares: [isAuthenticated] })
+  async removeUser() {
+    const user = this.req.user
 
     if (!user) throw new UnauthorizedException()
 
-    await userRepository.delete(user.id)
+    await this.userRepository.delete(user.id)
 
-    res.clearCookie("Token")
-    res.clearCookie("RefreshToken")
+    this.res.clearCookie("Token")
+    this.res.clearCookie("RefreshToken")
 
-    res.status(200).json({ message: "User deleted successfully" })
+    this.res.status(200).json({ message: "User deleted successfully" })
   }
 }