npm - create-m5kdev - Versions diffs - 0.5.0 → 0.7.0 - Mend

create-m5kdev 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-m5kdev",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "license": "GPL-3.0-only",
   "repository": {
     "type": "git",

package/templates/minimal-app/apps/server/src/modules/posts/posts.grants.ts.tpl ADDED Viewed

@@ -0,0 +1,40 @@
+import type { ResourceGrant } from "@m5kdev/backend/modules/base/base.grants";
+export const postsGrants: ResourceGrant[] = [
+  {
+    action: "write",
+    level: "team",
+    role: "owner",
+    access: "own",
+  },
+  {
+    action: "publish",
+    level: "team",
+    role: "owner",
+    access: "own",
+  },
+  {
+    action: "delete",
+    level: "team",
+    role: "owner",
+    access: "own",
+  },
+  {
+    action: "write",
+    level: "organization",
+    role: "owner",
+    access: "own",
+  },
+  {
+    action: "publish",
+    level: "organization",
+    role: "owner",
+    access: "own",
+  },
+  {
+    action: "delete",
+    level: "organization",
+    role: "owner",
+    access: "own",
+  },
+];

package/templates/minimal-app/apps/server/src/modules/posts/posts.service.ts.tpl CHANGED Viewed

@@ -1,135 +1,155 @@
-import type {
-  PostCreateInputSchema,
-  PostCreateOutputSchema,
+import type {
+  PostCreateInputSchema,
+  PostCreateOutputSchema,
   PostPublishInputSchema,
   PostPublishOutputSchema,
   PostSoftDeleteInputSchema,
   PostSoftDeleteOutputSchema,
   PostsListInputSchema,
   PostsListOutputSchema,
-  PostUpdateInputSchema,
-  PostUpdateOutputSchema,
-} from "{{PACKAGE_SCOPE}}/shared/modules/posts/posts.schema";
-import { BaseService } from "@m5kdev/backend/modules/base/base.service";
-import type { ServerResultAsync } from "@m5kdev/backend/utils/types";
-import { err, ok } from "neverthrow";
-import type { PostsRepository } from "./posts.repository";
-type RequestContext = {
-  session: {
-    activeOrganizationId?: string | null;
-    activeTeamId?: string | null;
-  };
-  user: {
-    id: string;
-  };
-};
-export class PostsService extends BaseService<{ posts: PostsRepository }, Record<string, never>> {
-  async list(
-    input: PostsListInputSchema,
-    _ctx: RequestContext
-  ): ServerResultAsync<PostsListOutputSchema> {
-    return this.repository.posts.list(input);
-  }
-  async create(
-    input: PostCreateInputSchema,
-    ctx: RequestContext
-  ): ServerResultAsync<PostCreateOutputSchema> {
-    const uniqueSlug = await this.repository.posts.resolveUniqueSlug(
-      this.slugify(input.slug ?? input.title)
-    );
-    if (uniqueSlug.isErr()) {
-      return err(uniqueSlug.error);
-    }
-    return this.repository.posts.create({
-      authorUserId: ctx.user.id,
-      organizationId: ctx.session.activeOrganizationId ?? null,
-      teamId: ctx.session.activeTeamId ?? null,
-      title: input.title.trim(),
-      slug: uniqueSlug.value,
-      excerpt: this.createExcerpt(input.excerpt, input.content),
-      content: input.content.trim(),
-      status: "draft",
-    }) as ServerResultAsync<PostCreateOutputSchema>;
-  }
-  async update(
-    input: PostUpdateInputSchema,
-    _ctx: RequestContext
-  ): ServerResultAsync<PostUpdateOutputSchema> {
-    const current = await this.repository.posts.findById(input.id);
-    if (current.isErr()) {
-      return err(current.error);
-    }
-    if (!current.value || current.value.deletedAt) {
-      return this.error("NOT_FOUND", "Post not found");
-    }
-    const uniqueSlug = await this.repository.posts.resolveUniqueSlug(
-      this.slugify(input.slug ?? input.title),
-      input.id
-    );
-    if (uniqueSlug.isErr()) {
-      return err(uniqueSlug.error);
-    }
-    return this.repository.posts.update({
-      id: input.id,
-      title: input.title.trim(),
-      slug: uniqueSlug.value,
-      excerpt: this.createExcerpt(input.excerpt, input.content),
-      content: input.content.trim(),
-    }) as ServerResultAsync<PostUpdateOutputSchema>;
-  }
-  async publish(
-    input: PostPublishInputSchema,
-    _ctx: RequestContext
-  ): ServerResultAsync<PostPublishOutputSchema> {
-    const current = await this.repository.posts.findById(input.id);
-    if (current.isErr()) {
-      return err(current.error);
-    }
-    if (!current.value || current.value.deletedAt) {
-      return this.error("NOT_FOUND", "Post not found");
-    }
-    return this.repository.posts.update({
-      id: input.id,
-      status: "published",
-      publishedAt: current.value.publishedAt ?? new Date(),
-    }) as ServerResultAsync<PostPublishOutputSchema>;
-  }
-  async softDelete(
-    input: PostSoftDeleteInputSchema,
-    _ctx: RequestContext
-  ): ServerResultAsync<PostSoftDeleteOutputSchema> {
-    const current = await this.repository.posts.findById(input.id);
-    if (current.isErr()) {
-      return err(current.error);
-    }
-    if (!current.value || current.value.deletedAt) {
-      return this.error("NOT_FOUND", "Post not found");
-    }
-    const updated = await this.repository.posts.update({
-      id: input.id,
-      deletedAt: new Date(),
-    });
-    if (updated.isErr()) {
-      return err(updated.error);
-    }
-    return ok({ id: updated.value.id });
-  }
-  private slugify(value: string): string {
-    const slug = value
+  PostUpdateInputSchema,
+  PostUpdateOutputSchema,
+} from "{{PACKAGE_SCOPE}}/shared/modules/posts/posts.schema";
+import type { Context } from "@m5kdev/backend/modules/auth/auth.lib";
+import { BasePermissionService } from "@m5kdev/backend/modules/base/base.service";
+import type { ServerResultAsync } from "@m5kdev/backend/utils/types";
+import { err, ok } from "neverthrow";
+import type { PostsRepository } from "./posts.repository";
+type RequestContext = Context;
+export class PostsService extends BasePermissionService<
+  { posts: PostsRepository },
+  Record<string, never>,
+  RequestContext
+> {
+  readonly list = this.procedure<PostsListInputSchema>("list")
+    .requireAuth()
+    .handle(({ input }): ServerResultAsync<PostsListOutputSchema> => {
+      return this.repository.posts.list(input);
+    });
+  readonly create = this.procedure<PostCreateInputSchema>("create")
+    .requireAuth()
+    .access({
+      action: "write",
+      entities: ({ ctx }) => ({
+        organizationId: ctx.session.activeOrganizationId ?? null,
+        teamId: ctx.session.activeTeamId ?? null,
+      }),
+    })
+    .handle(async ({ input, ctx }): ServerResultAsync<PostCreateOutputSchema> => {
+      const uniqueSlug = await this.repository.posts.resolveUniqueSlug(
+        this.slugify(input.slug ?? input.title)
+      );
+      if (uniqueSlug.isErr()) {
+        return err(uniqueSlug.error);
+      }
+      return this.repository.posts.create({
+        authorUserId: ctx.user.id,
+        organizationId: ctx.session.activeOrganizationId ?? null,
+        teamId: ctx.session.activeTeamId ?? null,
+        title: input.title.trim(),
+        slug: uniqueSlug.value,
+        excerpt: this.createExcerpt(input.excerpt, input.content),
+        content: input.content.trim(),
+        status: "draft",
+      }) as ServerResultAsync<PostCreateOutputSchema>;
+    });
+  readonly update = this.procedure<PostUpdateInputSchema>("update")
+    .requireAuth()
+    .use("post", async ({ input }) => {
+      const current = await this.repository.posts.findById(input.id);
+      if (current.isErr()) {
+        return err(current.error);
+      }
+      if (!current.value || current.value.deletedAt) {
+        return this.error("NOT_FOUND", "Post not found");
+      }
+      return current.value;
+    })
+    .access({
+      action: "write",
+      entityStep: "post",
+    })
+    .handle(async ({ input }): ServerResultAsync<PostUpdateOutputSchema> => {
+      const uniqueSlug = await this.repository.posts.resolveUniqueSlug(
+        this.slugify(input.slug ?? input.title),
+        input.id
+      );
+      if (uniqueSlug.isErr()) {
+        return err(uniqueSlug.error);
+      }
+      return this.repository.posts.update({
+        id: input.id,
+        title: input.title.trim(),
+        slug: uniqueSlug.value,
+        excerpt: this.createExcerpt(input.excerpt, input.content),
+        content: input.content.trim(),
+      }) as ServerResultAsync<PostUpdateOutputSchema>;
+    });
+  readonly publish = this.procedure<PostPublishInputSchema>("publish")
+    .requireAuth()
+    .use("post", async ({ input }) => {
+      const current = await this.repository.posts.findById(input.id);
+      if (current.isErr()) {
+        return err(current.error);
+      }
+      if (!current.value || current.value.deletedAt) {
+        return this.error("NOT_FOUND", "Post not found");
+      }
+      return current.value;
+    })
+    .access({
+      action: "publish",
+      entityStep: "post",
+    })
+    .handle(({ input, state }): ServerResultAsync<PostPublishOutputSchema> => {
+      return this.repository.posts.update({
+        id: input.id,
+        status: "published",
+        publishedAt: state.post.publishedAt ?? new Date(),
+      }) as ServerResultAsync<PostPublishOutputSchema>;
+    });
+  readonly softDelete = this.procedure<PostSoftDeleteInputSchema>("softDelete")
+    .requireAuth()
+    .use("post", async ({ input }) => {
+      const current = await this.repository.posts.findById(input.id);
+      if (current.isErr()) {
+        return err(current.error);
+      }
+      if (!current.value || current.value.deletedAt) {
+        return this.error("NOT_FOUND", "Post not found");
+      }
+      return current.value;
+    })
+    .access({
+      action: "delete",
+      entityStep: "post",
+    })
+    .handle(async ({ input }): ServerResultAsync<PostSoftDeleteOutputSchema> => {
+      const updated = await this.repository.posts.update({
+        id: input.id,
+        deletedAt: new Date(),
+      });
+      if (updated.isErr()) {
+        return err(updated.error);
+      }
+      return ok({ id: updated.value.id });
+    });
+  private slugify(value: string): string {
+    const slug = value
       .trim()
       .toLowerCase()
       .replace(/[^a-z0-9]+/g, "-")

package/templates/minimal-app/apps/server/src/service.ts.tpl CHANGED Viewed

@@ -1,12 +1,13 @@
-import { AuthService } from "@m5kdev/backend/modules/auth/auth.service";
-import { LocalEmailService } from "./lib/localEmailService";
-import { PostsService } from "./modules/posts/posts.service";
-import { authRepository, postsRepository } from "./repository";
+import { AuthService } from "@m5kdev/backend/modules/auth/auth.service";
+import { LocalEmailService } from "./lib/localEmailService";
+import { postsGrants } from "./modules/posts/posts.grants";
+import { PostsService } from "./modules/posts/posts.service";
+import { authRepository, postsRepository } from "./repository";
 export const emailService = new LocalEmailService({
   appName: "{{APP_NAME}}",
   appUrl: process.env.VITE_APP_URL ?? "http://localhost:5173",
 });
-export const authService = new AuthService({ auth: authRepository }, { email: emailService });
-export const postsService = new PostsService({ posts: postsRepository }, {});
+export const authService = new AuthService({ auth: authRepository }, { email: emailService });
+export const postsService = new PostsService({ posts: postsRepository }, {}, postsGrants);

package/templates/minimal-app/apps/server/src/utils/trpc.ts.tpl CHANGED Viewed

@@ -1,7 +1,8 @@
-import {
-  type createAuthContext,
-  verifyProtectedProcedureContext,
-} from "@m5kdev/backend/utils/trpc";
+import {
+  type createAuthContext,
+  verifyAdminProcedureContext,
+  verifyProtectedProcedureContext,
+} from "@m5kdev/backend/utils/trpc";
 import { transformer } from "@m5kdev/commons/utils/trpc";
 import { initTRPC } from "@trpc/server";
@@ -9,19 +10,22 @@ type Context = Awaited<ReturnType<ReturnType<typeof createAuthContext>>>;
 const t = initTRPC.context<Context>().create({ transformer });
-export const publicProcedure = t.procedure;
-export const procedure = t.procedure.use(({ ctx, next }) => {
-  verifyProtectedProcedureContext(ctx);
-  return next({ ctx });
-});
-export const router = t.router;
-export const mergeRouters = t.mergeRouters;
-export const trpcObject = {
-  router,
-  privateProcedure: procedure,
-  adminProcedure: procedure,
-  publicProcedure,
-};
+export const publicProcedure = t.procedure;
+export const procedure = t.procedure.use(({ ctx, next }) => {
+  return next({ ctx: verifyProtectedProcedureContext(ctx) });
+});
+export const adminProcedure = t.procedure.use(({ ctx, next }) => {
+  return next({ ctx: verifyAdminProcedureContext(ctx) });
+});
+export const router = t.router;
+export const mergeRouters = t.mergeRouters;
+export const trpcObject = {
+  router,
+  privateProcedure: procedure,
+  adminProcedure,
+  publicProcedure,
+};