create-stackr 0.2.0

package/templates/base/backend/domain/device-session/repository.prisma.ts

@@ -0,0 +1,248 @@
+import { db } from "../../utils/db";
+import { ErrorFactory } from "../../utils/errors";
+import {
+  DeviceSession,
+  CreateDeviceSessionBody,
+  CreateDeviceSessionResponse,
+  DeviceSessionMigrationEligibilityResponse,
+} from "./schema";
+
+// Generate a UUID v4 for session tokens
+const generateSessionToken = (): string => {
+  return crypto.randomUUID();
+};
+
+export const createDeviceSession = async (data: CreateDeviceSessionBody): Promise<CreateDeviceSessionResponse> => {
+  const { deviceId } = data;
+
+  try {
+    const sessionToken = generateSessionToken();
+
+    const session = await db.deviceSession.create({
+      data: {
+        deviceId,
+        sessionToken,
+        preferredCurrency: 'USD',
+        migrated: false,
+        lastActiveAt: new Date(),
+      },
+      select: {
+        id: true,
+        deviceId: true,
+        sessionToken: true,
+        createdAt: true,
+        lastActiveAt: true,
+        migrated: true,
+        migratedToUserId: true,
+        preferredCurrency: true,
+      },
+    });
+
+    return {
+      session: {
+        ...session,
+        createdAt: session.createdAt.toISOString(),
+        lastActiveAt: session.lastActiveAt.toISOString(),
+      },
+      sessionToken,
+    };
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'createDeviceSession',
+      deviceId,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const validateDeviceSession = async (sessionToken: string): Promise<DeviceSession | null> => {
+  try {
+    const session = await db.deviceSession.findUnique({
+      where: { sessionToken },
+      select: {
+        id: true,
+        deviceId: true,
+        sessionToken: true,
+        createdAt: true,
+        lastActiveAt: true,
+        migrated: true,
+        migratedToUserId: true,
+        preferredCurrency: true,
+      },
+    });
+
+    if (!session) {
+      return null;
+    }
+
+    // Check if session is expired (30 days of inactivity)
+    const thirtyDaysAgo = new Date();
+    thirtyDaysAgo.setDate(thirtyDaysAgo.getDate() - 30);
+
+    if (session.lastActiveAt < thirtyDaysAgo) {
+      // Session expired, delete it
+      await deleteDeviceSession(sessionToken);
+      return null;
+    }
+
+    return {
+      ...session,
+      createdAt: session.createdAt.toISOString(),
+      lastActiveAt: session.lastActiveAt.toISOString(),
+    };
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'validateDeviceSession',
+      sessionToken,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const updateDeviceSessionActivity = async (sessionToken: string): Promise<void> => {
+  try {
+    await db.deviceSession.update({
+      where: { sessionToken },
+      data: { lastActiveAt: new Date() },
+    });
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'updateDeviceSessionActivity',
+      sessionToken,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const deleteDeviceSession = async (sessionToken: string): Promise<void> => {
+  try {
+    await db.deviceSession.delete({
+      where: { sessionToken },
+    });
+  } catch (error) {
+    // Don't throw error if session doesn't exist
+    if (error instanceof Error && error.message.includes('Record to delete does not exist')) {
+      return;
+    }
+
+    throw ErrorFactory.databaseError({
+      operation: 'deleteDeviceSession',
+      sessionToken,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const validateDeviceSessionMigrationEligibility = async (sessionToken: string): Promise<DeviceSessionMigrationEligibilityResponse> => {
+  try {
+    const session = await validateDeviceSession(sessionToken);
+
+    if (!session) {
+      return {
+        canMigrate: false,
+        reason: 'Device session not found or expired',
+      };
+    }
+
+    if (session.migrated) {
+      return {
+        canMigrate: false,
+        reason: 'Device session already migrated to user account',
+      };
+    }
+
+    return {
+      canMigrate: true,
+    };
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'validateDeviceSessionMigrationEligibility',
+      sessionToken,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+/**
+ * Migrate a device session to a user account
+ * This is called after a user signs up through BetterAuth to link their device session
+ */
+export const migrateDeviceSessionToUser = async (sessionToken: string, userId: string): Promise<void> => {
+  try {
+    await db.deviceSession.update({
+      where: { sessionToken },
+      data: {
+        migrated: true,
+        migratedToUserId: userId,
+      },
+    });
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'migrateDeviceSessionToUser',
+      sessionToken,
+      userId,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const cleanupExpiredDeviceSessions = async (): Promise<number> => {
+  try {
+    // Delete sessions older than 30 days of inactivity
+    const thirtyDaysAgo = new Date();
+    thirtyDaysAgo.setDate(thirtyDaysAgo.getDate() - 30);
+
+    const result = await db.deviceSession.deleteMany({
+      where: {
+        lastActiveAt: {
+          lt: thirtyDaysAgo,
+        },
+      },
+    });
+
+    return result.count;
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'cleanupExpiredDeviceSessions',
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const getDeviceSessionById = async (sessionId: string): Promise<DeviceSession | null> => {
+  try {
+    const session = await db.deviceSession.findUnique({
+      where: { id: sessionId },
+      select: {
+        id: true,
+        deviceId: true,
+        sessionToken: true,
+        createdAt: true,
+        lastActiveAt: true,
+        migrated: true,
+        migratedToUserId: true,
+        preferredCurrency: true,
+      },
+    });
+
+    if (!session) {
+      return null;
+    }
+
+    return {
+      ...session,
+      createdAt: session.createdAt.toISOString(),
+      lastActiveAt: session.lastActiveAt.toISOString(),
+    };
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'getDeviceSessionById',
+      sessionId,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const getDeviceSessionByToken = async (sessionToken: string): Promise<DeviceSession | null> => {
+  return validateDeviceSession(sessionToken);
+};

package/templates/base/backend/domain/device-session/schema.ts

@@ -0,0 +1,72 @@
+import { Static, Type } from "@sinclair/typebox";
+
+// Core DeviceSession entity schema (anonymous device sessions before authentication)
+export const DeviceSessionSchema = Type.Object({
+  id: Type.String(),
+  deviceId: Type.String(),
+  sessionToken: Type.String(),
+  createdAt: Type.String({ format: 'date-time' }),
+  lastActiveAt: Type.String({ format: 'date-time' }),
+  migrated: Type.Boolean(),
+  migratedToUserId: Type.Optional(Type.Union([Type.String(), Type.Null()])),
+  preferredCurrency: Type.String({ default: 'USD' }),
+});
+
+export type DeviceSession = Static<typeof DeviceSessionSchema>;
+
+// Create device session request schema
+export const CreateDeviceSessionBodySchema = Type.Object({
+  deviceId: Type.String({
+    minLength: 1,
+    maxLength: 128,
+    pattern: "^[a-zA-Z0-9_-]+$" // Allow alphanumeric, underscore, and hyphen
+  }),
+});
+
+export type CreateDeviceSessionBody = Static<typeof CreateDeviceSessionBodySchema>;
+
+// Create device session response schema
+export const CreateDeviceSessionResponseSchema = Type.Object({
+  session: DeviceSessionSchema,
+  sessionToken: Type.String(),
+});
+
+export type CreateDeviceSessionResponse = Static<typeof CreateDeviceSessionResponseSchema>;
+
+// Validate device session request schema (for session token validation)
+export const ValidateDeviceSessionBodySchema = Type.Object({
+  sessionToken: Type.String({
+    minLength: 36,
+    maxLength: 36,
+    pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" // UUID format
+  }),
+});
+
+export type ValidateDeviceSessionBody = Static<typeof ValidateDeviceSessionBodySchema>;
+
+// Device session validation response schema
+export const DeviceSessionValidationResponseSchema = Type.Object({
+  valid: Type.Boolean(),
+  session: Type.Optional(DeviceSessionSchema),
+});
+
+export type DeviceSessionValidationResponse = Static<typeof DeviceSessionValidationResponseSchema>;
+
+// Update device session activity request schema
+export const UpdateDeviceSessionActivityBodySchema = Type.Object({
+  sessionToken: Type.String({
+    minLength: 36,
+    maxLength: 36,
+    pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
+  }),
+});
+
+export type UpdateDeviceSessionActivityBody = Static<typeof UpdateDeviceSessionActivityBodySchema>;
+
+// Device session migration eligibility response schema
+export const DeviceSessionMigrationEligibilityResponseSchema = Type.Object({
+  canMigrate: Type.Boolean(),
+  reason: Type.Optional(Type.String()),
+});
+
+export type DeviceSessionMigrationEligibilityResponse = Static<typeof DeviceSessionMigrationEligibilityResponseSchema>;

package/templates/base/backend/domain/session/repository.drizzle.ts

@@ -0,0 +1,72 @@
+import { eq, and } from 'drizzle-orm';
+import { db, schema } from "../../utils/db";
+import { auth } from "../../lib/auth";
+import { ErrorFactory } from "../../utils/errors";
+import type { SessionWithToken, RevokeSessionResponse } from "./schema";
+
+/**
+ * Session Repository (Drizzle)
+ *
+ * Provides session management operations for the BFF pattern.
+ * Note: Session creation/authentication is handled by BetterAuth.
+ */
+
+/**
+ * Find a session by ID that belongs to the specified user
+ */
+export const findUserSessionById = async (
+  sessionId: string,
+  userId: string
+): Promise<SessionWithToken | null> => {
+  try {
+    const [session] = await db
+      .select()
+      .from(schema.session)
+      .where(and(eq(schema.session.id, sessionId), eq(schema.session.userId, userId)))
+      .limit(1);
+
+    if (!session) {
+      return null;
+    }
+
+    return {
+      id: session.id,
+      userId: session.userId,
+      token: session.token,
+      expiresAt: session.expiresAt.toISOString(),
+      createdAt: session.createdAt.toISOString(),
+      updatedAt: session.updatedAt.toISOString(),
+      ipAddress: session.ipAddress,
+      userAgent: session.userAgent,
+    };
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'findUserSessionById',
+      sessionId,
+      userId,
+      originalError: error instanceof Error ? error.message : String(error),
+    });
+  }
+};
+
+/**
+ * Revoke a session using Better Auth's native revocation
+ */
+export const revokeSessionByToken = async (
+  token: string,
+  headers: Headers
+): Promise<RevokeSessionResponse> => {
+  try {
+    const response = await auth.api.revokeSession({
+      headers,
+      body: { token },
+    });
+
+    return response as RevokeSessionResponse;
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'revokeSessionByToken',
+      originalError: error instanceof Error ? error.message : String(error),
+    });
+  }
+};

package/templates/base/backend/domain/session/repository.prisma.ts

@@ -0,0 +1,72 @@
+import { db } from "../../utils/db";
+import { auth } from "../../lib/auth";
+import { ErrorFactory } from "../../utils/errors";
+import type { SessionWithToken, RevokeSessionResponse } from "./schema";
+
+/**
+ * Session Repository (Prisma)
+ *
+ * Provides session management operations for the BFF pattern.
+ * Note: Session creation/authentication is handled by BetterAuth.
+ */
+
+/**
+ * Find a session by ID that belongs to the specified user
+ */
+export const findUserSessionById = async (
+  sessionId: string,
+  userId: string
+): Promise<SessionWithToken | null> => {
+  try {
+    const session = await db.session.findFirst({
+      where: {
+        id: sessionId,
+        userId: userId,
+      },
+    });
+
+    if (!session) {
+      return null;
+    }
+
+    return {
+      id: session.id,
+      userId: session.userId,
+      token: session.token,
+      expiresAt: session.expiresAt.toISOString(),
+      createdAt: session.createdAt.toISOString(),
+      updatedAt: session.updatedAt.toISOString(),
+      ipAddress: session.ipAddress,
+      userAgent: session.userAgent,
+    };
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'findUserSessionById',
+      sessionId,
+      userId,
+      originalError: error instanceof Error ? error.message : String(error),
+    });
+  }
+};
+
+/**
+ * Revoke a session using Better Auth's native revocation
+ */
+export const revokeSessionByToken = async (
+  token: string,
+  headers: Headers
+): Promise<RevokeSessionResponse> => {
+  try {
+    const response = await auth.api.revokeSession({
+      headers,
+      body: { token },
+    });
+
+    return response as RevokeSessionResponse;
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'revokeSessionByToken',
+      originalError: error instanceof Error ? error.message : String(error),
+    });
+  }
+};

package/templates/base/backend/domain/session/schema.ts

@@ -0,0 +1,29 @@
+import { Type, Static } from '@sinclair/typebox';
+
+/**
+ * Session Domain Schema
+ *
+ * Schemas for BFF session operations (session management from web frontend).
+ * Note: Session creation/authentication is handled by BetterAuth.
+ */
+
+// Session with token (used internally for revocation)
+export const SessionWithTokenSchema = Type.Object({
+  id: Type.String(),
+  userId: Type.String(),
+  token: Type.String(),
+  expiresAt: Type.String({ format: 'date-time' }),
+  createdAt: Type.String({ format: 'date-time' }),
+  updatedAt: Type.String({ format: 'date-time' }),
+  ipAddress: Type.Optional(Type.Union([Type.String(), Type.Null()])),
+  userAgent: Type.Optional(Type.Union([Type.String(), Type.Null()])),
+});
+
+export type SessionWithToken = Static<typeof SessionWithTokenSchema>;
+
+// Revoke session response
+export const RevokeSessionResponseSchema = Type.Object({
+  status: Type.Boolean(),
+});
+
+export type RevokeSessionResponse = Static<typeof RevokeSessionResponseSchema>;

package/templates/base/backend/domain/user/repository.drizzle.ts

@@ -0,0 +1,127 @@
+import { eq } from 'drizzle-orm';
+import { db, schema } from "../../utils/db";
+import { ErrorFactory } from "../../utils/errors";
+
+/**
+ * User Repository (Drizzle)
+ *
+ * Note: User creation and authentication is handled by BetterAuth.
+ * This repository provides helper functions for user lookups and profile updates.
+ */
+
+export const getUser = async (id: string) => {
+  try {
+    const [user] = await db
+      .select({
+        id: schema.user.id,
+        email: schema.user.email,
+        emailVerified: schema.user.emailVerified,
+        name: schema.user.name,
+        image: schema.user.image,
+        createdAt: schema.user.createdAt,
+        updatedAt: schema.user.updatedAt,
+      })
+      .from(schema.user)
+      .where(eq(schema.user.id, id))
+      .limit(1);
+
+    return user || null;
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'getUser',
+      userId: id,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const getUserByEmail = async (email: string) => {
+  try {
+    const [user] = await db
+      .select({
+        id: schema.user.id,
+        email: schema.user.email,
+        emailVerified: schema.user.emailVerified,
+        name: schema.user.name,
+        image: schema.user.image,
+        createdAt: schema.user.createdAt,
+        updatedAt: schema.user.updatedAt,
+      })
+      .from(schema.user)
+      .where(eq(schema.user.email, email))
+      .limit(1);
+
+    return user || null;
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'getUserByEmail',
+      email,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const isUserExistByEmail = async (email: string): Promise<boolean> => {
+  try {
+    const [result] = await db
+      .select({ id: schema.user.id })
+      .from(schema.user)
+      .where(eq(schema.user.email, email))
+      .limit(1);
+
+    return !!result;
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'isUserExistByEmail',
+      email,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const updateUserProfile = async (
+  userId: string,
+  data: { name?: string }
+) => {
+  try {
+    const [user] = await db
+      .update(schema.user)
+      .set({
+        ...data,
+        updatedAt: new Date(),
+      })
+      .where(eq(schema.user.id, userId))
+      .returning({
+        id: schema.user.id,
+        email: schema.user.email,
+        emailVerified: schema.user.emailVerified,
+        name: schema.user.name,
+        image: schema.user.image,
+        createdAt: schema.user.createdAt,
+        updatedAt: schema.user.updatedAt,
+      });
+
+    return user;
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'updateUserProfile',
+      userId,
+      updateData: data,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};
+
+export const deleteUser = async (userId: string): Promise<void> => {
+  try {
+    await db
+      .delete(schema.user)
+      .where(eq(schema.user.id, userId));
+  } catch (error) {
+    throw ErrorFactory.databaseError({
+      operation: 'deleteUser',
+      userId,
+      originalError: error instanceof Error ? error.message : String(error)
+    });
+  }
+};