create-theta-code 1.0.1

package/templates/mongo-js/src/modules/user/user.service.js

@@ -0,0 +1,87 @@
+// src/modules/user/user.service.js — Business logic only. Never DB queries, never HTTP.
+
+import bcryptjs from 'bcryptjs';
+import { AppError } from '../../utils/AppError.js';
+import { HTTP_STATUS } from '../../utils/constants.js';
+import envConfig from '../../config/env.config.js';
+import { signToken, signRefreshToken } from '../../utils/jwt.utils.js';
+import * as userRepository from './user.repository.js';
+
+async function register(email, firstName, lastName, password) {
+  // Check if user exists
+  const existingUser = await userRepository.findByEmailPublic(email);
+  if (existingUser) {
+    throw new AppError('Email already in use', HTTP_STATUS.CONFLICT);
+  }
+
+  // Hash password
+  const hashedPassword = await bcryptjs.hash(password, envConfig.BCRYPT_SALT_ROUNDS);
+
+  // Create user
+  const user = await userRepository.create({
+    email,
+    firstName,
+    lastName,
+    password: hashedPassword,
+  });
+
+  return user;
+}
+
+async function login(email, password) {
+  // Find user with password
+  const user = await userRepository.findByEmail(email);
+  if (!user) {
+    throw new AppError('Invalid email or password', HTTP_STATUS.UNAUTHORIZED);
+  }
+
+  // Verify password
+  const isPasswordValid = await bcryptjs.compare(password, user.password);
+  if (!isPasswordValid) {
+    throw new AppError('Invalid email or password', HTTP_STATUS.UNAUTHORIZED);
+  }
+
+  // Generate tokens with role included
+  const token = signToken({ id: user._id, email: user.email, role: user.role });
+  const refreshToken = signRefreshToken({ id: user._id });
+
+  // Fetch clean user object - no manual delete needed
+  const cleanUser = await userRepository.findById(user._id);
+
+  return {
+    user: cleanUser,
+    token,
+    refreshToken,
+  };
+}
+
+async function getAllUsers(limit = 10, skip = 0) {
+  const users = await userRepository.findAll(limit, skip);
+  return users;
+}
+
+async function getUserById(id) {
+  const user = await userRepository.findById(id);
+  if (!user) {
+    throw new AppError('User not found', HTTP_STATUS.NOT_FOUND);
+  }
+  return user;
+}
+
+async function updateUser(id, updateData) {
+  const user = await userRepository.updateById(id, updateData);
+  if (!user) {
+    throw new AppError('User not found', HTTP_STATUS.NOT_FOUND);
+  }
+  return user;
+}
+
+async function deleteUser(id) {
+  const user = await userRepository.deleteById(id);
+  if (!user) {
+    throw new AppError('User not found', HTTP_STATUS.NOT_FOUND);
+  }
+  return true;
+}
+
+export { register, login, getAllUsers, getUserById, updateUser, deleteUser };

package/templates/mongo-js/src/modules/user/user.validator.js

@@ -0,0 +1,28 @@
+// src/modules/user/user.validator.js — Zod validation schemas. Never validate in controller.
+
+import { z } from 'zod';
+
+const registerSchema = z.object({
+  email: z.string().email('Invalid email format'),
+  firstName: z.string().min(2, 'First name must be at least 2 characters').max(50),
+  lastName: z.string().min(2, 'Last name must be at least 2 characters').max(50),
+  password: z
+    .string()
+    .min(8, 'Password must be at least 8 characters')
+    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
+    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
+    .regex(/[0-9]/, 'Password must contain at least one number')
+    .regex(/[^A-Za-z0-9]/, 'Password must contain at least one special character'),
+});
+
+const loginSchema = z.object({
+  email: z.string().email('Invalid email format'),
+  password: z.string().min(1, 'Password is required'),
+});
+
+const updateUserSchema = z.object({
+  firstName: z.string().min(2).max(50).optional(),
+  lastName: z.string().min(2).max(50).optional(),
+});
+
+export { registerSchema, loginSchema, updateUserSchema };

package/templates/mongo-js/src/utils/AppError.js

@@ -0,0 +1,15 @@
+// src/utils/AppError.js — Custom Error class for operational errors. All errors inherit this.
+
+class AppError extends Error {
+  constructor(message, statusCode, isOperational = true) {
+    super(message);
+    this.statusCode = statusCode;
+    this.status = String(statusCode).startsWith('4') ? 'fail' : 'error';
+    this.isOperational = isOperational;
+    this.timestamp = new Date().toISOString();
+
+    Error.captureStackTrace(this, this.constructor);
+  }
+}
+
+export { AppError };

package/templates/mongo-js/src/utils/apiResponse.js

@@ -0,0 +1,23 @@
+// src/utils/apiResponse.js — Standardized success/error response formatting. Always use these.
+
+import { HTTP_STATUS } from './constants.js';
+
+function sendSuccess(res, statusCode = HTTP_STATUS.OK, message = 'Success', data = null) {
+  return res.status(statusCode).json({
+    success: true,
+    message,
+    data,
+    timestamp: new Date().toISOString(),
+  });
+}
+
+function sendError(res, statusCode = HTTP_STATUS.INTERNAL_SERVER_ERROR, message = 'Internal Server Error', data = null) {
+  return res.status(statusCode).json({
+    success: false,
+    message,
+    data,
+    timestamp: new Date().toISOString(),
+  });
+}
+
+export { sendSuccess, sendError };

package/templates/mongo-js/src/utils/asyncHandler.js

@@ -0,0 +1,7 @@
+// src/utils/asyncHandler.js — Wraps async controller/service functions. Zero try/catch in controllers.
+
+const asyncHandler = (fn) => (req, res, next) => {
+  return Promise.resolve(fn(req, res, next)).catch(next);
+};
+
+export { asyncHandler };

package/templates/mongo-js/src/utils/constants.js

@@ -0,0 +1,16 @@
+// src/utils/constants.js — All app constants. No hardcoded strings anywhere.
+
+const HTTP_STATUS = {
+  OK: 200,
+  CREATED: 201,
+  BAD_REQUEST: 400,
+  UNAUTHORIZED: 401,
+  FORBIDDEN: 403,
+  NOT_FOUND: 404,
+  CONFLICT: 409,
+  INTERNAL_SERVER_ERROR: 500,
+};
+
+const REQUEST_BODY_LIMIT = '10kb';
+
+export { HTTP_STATUS, REQUEST_BODY_LIMIT };

package/templates/mongo-js/src/utils/jwt.utils.js

@@ -0,0 +1,40 @@
+// src/utils/jwt.utils.js — JWT token operations only. Never inline JWT logic anywhere.
+
+import jwt from 'jsonwebtoken';
+import { AppError } from './AppError.js';
+import { HTTP_STATUS } from './constants.js';
+import envConfig from '../config/env.config.js';
+
+function signToken(payload, expiresIn = envConfig.JWT_EXPIRES_IN) {
+  const secret = envConfig.JWT_SECRET;
+  if (!secret) {
+    throw new AppError('JWT_SECRET not configured', HTTP_STATUS.INTERNAL_SERVER_ERROR, false);
+  }
+  return jwt.sign(payload, secret, { expiresIn });
+}
+
+function signRefreshToken(payload, expiresIn = envConfig.JWT_REFRESH_EXPIRES_IN) {
+  const secret = envConfig.JWT_REFRESH_SECRET;
+  if (!secret) {
+    throw new AppError('JWT_REFRESH_SECRET not configured', HTTP_STATUS.INTERNAL_SERVER_ERROR, false);
+  }
+  return jwt.sign(payload, secret, { expiresIn });
+}
+
+function verifyToken(token) {
+  const secret = envConfig.JWT_SECRET;
+  if (!secret) {
+    throw new AppError('JWT_SECRET not configured', HTTP_STATUS.INTERNAL_SERVER_ERROR, false);
+  }
+  return jwt.verify(token, secret);
+}
+
+function verifyRefreshToken(token) {
+  const secret = envConfig.JWT_REFRESH_SECRET;
+  if (!secret) {
+    throw new AppError('JWT_REFRESH_SECRET not configured', HTTP_STATUS.INTERNAL_SERVER_ERROR, false);
+  }
+  return jwt.verify(token, secret);
+}
+
+export { signToken, signRefreshToken, verifyToken, verifyRefreshToken };

package/templates/mongo-js/tests/integration/user.routes.test.js

@@ -0,0 +1,111 @@
+// tests/integration/user.routes.test.js — Integration tests for HTTP layer. Real app, mocked DB.
+
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import request from 'supertest';
+import bcryptjs from 'bcryptjs';
+import { createApp } from '../../src/config/app.config.js';
+import * as userRepository from '../../src/modules/user/user.repository.js';
+
+vi.mock('../../src/modules/user/user.repository.js');
+vi.mock('bcryptjs');
+
+describe('User Routes', () => {
+  let app;
+
+  beforeEach(() => {
+    app = createApp();
+    vi.clearAllMocks();
+  });
+
+  describe('POST /api/v1/users/register', () => {
+    it('should register a new user', async () => {
+      vi.mocked(userRepository.findByEmailPublic).mockResolvedValueOnce(null);
+      vi.mocked(userRepository.create).mockResolvedValueOnce({
+        _id: '123',
+        email: 'test@example.com',
+        firstName: 'John',
+        lastName: 'Doe',
+      });
+
+      const response = await request(app)
+        .post('/api/v1/users/register')
+        .send({
+          email: 'test@example.com',
+          firstName: 'John',
+          lastName: 'Doe',
+          password: 'Password123!',
+        });
+
+      expect(response.status).toBe(201);
+      expect(response.body).toHaveProperty('success', true);
+      expect(response.body).toHaveProperty('data.user');
+    });
+
+    it('should return 400 on validation error', async () => {
+      const response = await request(app)
+        .post('/api/v1/users/register')
+        .send({
+          email: 'invalid-email',
+          firstName: 'John',
+          lastName: 'Doe',
+          password: 'pass',
+        });
+
+      expect(response.status).toBe(400);
+      expect(response.body).toHaveProperty('success', false);
+    });
+  });
+
+  describe('POST /api/v1/users/login', () => {
+    it('should login successfully', async () => {
+      const user = {
+        _id: '123',
+        email: 'test@example.com',
+        password: '$2a$12$abcdefghijklmnopqrstuvwxyz',
+        role: 'user',
+      };
+
+      const cleanUser = {
+        _id: '123',
+        email: 'test@example.com',
+        firstName: 'John',
+        lastName: 'Doe',
+        role: 'user',
+      };
+
+      vi.mocked(userRepository.findByEmail).mockResolvedValueOnce(user);
+      vi.mocked(bcryptjs.compare).mockResolvedValueOnce(true);
+      vi.mocked(userRepository.findById).mockResolvedValueOnce(cleanUser);
+
+      const response = await request(app)
+        .post('/api/v1/users/login')
+        .send({
+          email: 'test@example.com',
+          password: 'Password123!',
+        });
+
+      expect(response.status).toBe(200);
+      expect(response.body).toHaveProperty('success', true);
+      expect(response.body.data).toHaveProperty('user');
+      expect(response.body.data.user).toHaveProperty('role', 'user');
+    });
+  });
+
+  describe('GET /health', () => {
+    it('should return health status', async () => {
+      const response = await request(app).get('/health');
+
+      expect(response.status).toBe(200);
+      expect(response.body).toHaveProperty('status', 'UP');
+    });
+  });
+
+  describe('404 handler', () => {
+    it('should return 404 for unknown routes', async () => {
+      const response = await request(app).get('/api/v1/unknown');
+
+      expect(response.status).toBe(404);
+      expect(response.body).toHaveProperty('success', false);
+    });
+  });
+});

package/templates/mongo-js/tests/unit/user.service.test.js

@@ -0,0 +1,96 @@
+// tests/unit/user.service.test.js — Unit tests for business logic. Mocked repository.
+
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import * as userService from '../../src/modules/user/user.service.js';
+import * as userRepository from '../../src/modules/user/user.repository.js';
+import { AppError } from '../../src/utils/AppError.js';
+import bcryptjs from 'bcryptjs';
+
+vi.mock('../../src/modules/user/user.repository.js');
+vi.mock('bcryptjs');
+
+describe('User Service', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('register', () => {
+    it('should create a new user successfully', async () => {
+      const userData = {
+        email: 'test@example.com',
+        firstName: 'John',
+        lastName: 'Doe',
+        password: 'hashedPassword123',
+      };
+
+      vi.mocked(userRepository.findByEmailPublic).mockResolvedValueOnce(null);
+      vi.mocked(bcryptjs.hash).mockResolvedValueOnce('hashedPassword123');
+      vi.mocked(userRepository.create).mockResolvedValueOnce(userData);
+
+      const result = await userService.register(
+        'test@example.com',
+        'John',
+        'Doe',
+        'password123'
+      );
+
+      expect(result).toEqual(userData);
+      expect(userRepository.findByEmailPublic).toHaveBeenCalledWith('test@example.com');
+      expect(bcryptjs.hash).toHaveBeenCalledWith('password123', expect.any(Number));
+    });
+
+    it('should throw error if email exists', async () => {
+      vi.mocked(userRepository.findByEmailPublic).mockResolvedValueOnce({ email: 'test@example.com' });
+
+      await expect(
+        userService.register('test@example.com', 'John', 'Doe', 'password123')
+      ).rejects.toThrow(AppError);
+    });
+  });
+
+  describe('login', () => {
+    it('should return user and tokens on successful login', async () => {
+      const user = {
+        _id: '123',
+        email: 'test@example.com',
+        password: 'hashedPassword123',
+        toObject: vi.fn().mockReturnValue({ _id: '123', email: 'test@example.com' }),
+      };
+
+      vi.mocked(userRepository.findByEmail).mockResolvedValueOnce(user);
+      vi.mocked(bcryptjs.compare).mockResolvedValueOnce(true);
+
+      const result = await userService.login('test@example.com', 'password123');
+
+      expect(result).toHaveProperty('user');
+      expect(result).toHaveProperty('token');
+      expect(result).toHaveProperty('refreshToken');
+    });
+
+    it('should throw error on invalid credentials', async () => {
+      vi.mocked(userRepository.findByEmail).mockResolvedValueOnce(null);
+
+      await expect(
+        userService.login('test@example.com', 'password123')
+      ).rejects.toThrow(AppError);
+    });
+  });
+
+  describe('getUserById', () => {
+    it('should return user by id', async () => {
+      const user = { _id: '123', email: 'test@example.com' };
+      vi.mocked(userRepository.findById).mockResolvedValueOnce(user);
+
+      const result = await userService.getUserById('123');
+
+      expect(result).toEqual(user);
+      expect(userRepository.findById).toHaveBeenCalledWith('123');
+    });
+
+    it('should throw error if user not found', async () => {
+      vi.mocked(userRepository.findById).mockResolvedValueOnce(null);
+
+      await expect(userService.getUserById('123')).rejects.toThrow(AppError);
+    });
+  });
+});

package/templates/pg-js/.eslintrc.json

@@ -0,0 +1,24 @@
+{
+  "extends": ["eslint:recommended"],
+  "env": {
+    "node": true,
+    "es2022": true
+  },
+  "parserOptions": {
+    "ecmaVersion": 2022,
+    "sourceType": "module"
+  },
+  "rules": {
+    "no-console": "off",
+    "no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
+    "prefer-const": "error",
+    "no-var": "error",
+    "eqeqeq": ["error", "always"],
+    "curly": "error",
+    "brace-style": ["error", "1tbs"],
+    "quotes": ["error", "single", { "avoidEscape": true }],
+    "semi": ["error", "always"],
+    "comma-dangle": ["error", "always-multiline"],
+    "indent": ["error", 2]
+  }
+}

package/templates/pg-js/.prettierrc

@@ -0,0 +1,9 @@
+{
+  "semi": true,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "printWidth": 100,
+  "tabWidth": 2,
+  "useTabs": false,
+  "arrowParens": "always"
+}

package/templates/pg-js/_env.example

@@ -0,0 +1,7 @@
+NODE_ENV=development
+PORT=3000
+DATABASE_URL=postgresql://user:password@localhost:5432/theta_app
+JWT_SECRET=your-super-secret-jwt-key-min-32-characters-required
+JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters-required
+CORS_ORIGIN=http://localhost:3000
+LOG_LEVEL=info

package/templates/pg-js/_gitignore

@@ -0,0 +1,20 @@
+node_modules/
+.env
+.env.local
+.env.*.local
+dist/
+build/
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.DS_Store
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.cache/
+.env.test
+coverage/
+prisma/migrations/

package/templates/pg-js/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "my-awesome-app",
+  "version": "1.0.0",
+  "description": "Production-grade Node.js API built with create-theta-code",
+  "type": "module",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js",
+    "dev": "nodemon server.js",
+    "test": "vitest",
+    "test:coverage": "vitest --coverage",
+    "lint": "eslint src/ --fix",
+    "format": "prettier --write \"src/**/*.js\"",
+    "db:migrate": "prisma migrate dev",
+    "db:generate": "prisma generate",
+    "db:reset": "prisma migrate reset"
+  },
+  "keywords": [
+    "nodejs",
+    "express",
+    "postgresql",
+    "prisma",
+    "api"
+  ],
+  "author": "Your Name",
+  "license": "MIT",
+  "dependencies": {
+    "express": "^4.18.2",
+    "@prisma/client": "^5.7.0",
+    "bcryptjs": "^2.4.3",
+    "jsonwebtoken": "^9.1.0",
+    "dotenv": "^16.3.1",
+    "cors": "^2.8.5",
+    "helmet": "^7.1.0",
+    "express-rate-limit": "^7.1.5",
+    "morgan": "^1.10.0",
+    "zod": "^3.22.4"
+  },
+  "devDependencies": {
+    "nodemon": "^3.0.1",
+    "eslint": "^8.54.0",
+    "prettier": "^3.1.0",
+    "vitest": "^0.34.6",
+    "supertest": "^6.3.3",
+    "prisma": "^5.7.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/templates/pg-js/prisma/schema.prisma

@@ -0,0 +1,23 @@
+// prisma/schema.prisma — Prisma database schema. PostgreSQL with User model.
+
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+
+model User {
+  id        Int     @id @default(autoincrement())
+  email     String  @unique
+  firstName String
+  lastName  String
+  password  String
+  isActive  Boolean @default(true)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@map("users")
+}

package/templates/pg-js/server.js

@@ -0,0 +1,63 @@
+// server.js — HTTP server startup and graceful shutdown. Zero other logic.
+
+import { createApp } from './src/config/app.config.js';
+import { connectDB, disconnectDB } from './src/config/db.config.js';
+import envConfig from './src/config/env.config.js';
+
+let server;
+
+async function startServer() {
+  try {
+    // Connect to database
+    await connectDB();
+
+    // Create Express app
+    const app = createApp();
+
+    // Start HTTP server
+    server = app.listen(envConfig.PORT, () => {
+      console.log(`✅ Server running on port ${envConfig.PORT}`);
+    });
+  } catch (err) {
+    console.error('❌ Failed to start server:', err.message);
+    process.exit(1);
+  }
+}
+
+// Graceful shutdown
+process.on('SIGTERM', async () => {
+  console.log('📌 SIGTERM received, shutting down gracefully');
+  if (server) {
+    server.close(async () => {
+      console.log('✅ Server closed');
+      await disconnectDB();
+      process.exit(0);
+    });
+  }
+});
+
+process.on('SIGINT', async () => {
+  console.log('📌 SIGINT received, shutting down gracefully');
+  if (server) {
+    server.close(async () => {
+      console.log('✅ Server closed');
+      await disconnectDB();
+      process.exit(0);
+    });
+  }
+});
+
+// Unhandled promise rejections
+process.on('unhandledRejection', (reason, promise) => {
+  console.error('❌ Unhandled Rejection at:', promise, 'reason:', reason);
+  process.exit(1);
+});
+
+// Uncaught exceptions
+process.on('uncaughtException', (err) => {
+  console.error('❌ Uncaught Exception:', err);
+  process.exit(1);
+});
+
+// Start server
+startServer();

package/templates/pg-js/src/config/app.config.js

@@ -0,0 +1,48 @@
+// src/config/app.config.js — Express app factory. Middleware registration. Middleware order sacred.
+
+import express from 'express';
+import helmet from 'helmet';
+import cors from 'cors';
+import morgan from 'morgan';
+import envConfig from './env.config.js';
+import { globalRateLimiter } from './rateLimiter.config.js';
+import { notFoundMiddleware } from '../middlewares/notFound.middleware.js';
+import { errorMiddleware } from '../middlewares/error.middleware.js';
+import { APP_CONSTANTS } from '../utils/constants.js';
+import userRoutes from '../modules/user/user.routes.js';
+
+function createApp() {
+  const app = express();
+
+  // Security middleware
+  app.use(helmet());
+  app.use(cors({ origin: envConfig.CORS_ORIGIN }));
+
+  // Body parser with 10kb limit
+  app.use(express.json({ limit: APP_CONSTANTS.REQUEST_BODY_LIMIT }));
+  app.use(express.urlencoded({ limit: APP_CONSTANTS.REQUEST_BODY_LIMIT }));
+
+  // Logging
+  app.use(morgan('combined'));
+
+  // Rate limiter on all /api routes
+  app.use('/api/', globalRateLimiter);
+
+  // Health check
+  app.get('/health', (req, res) => {
+    res.json({ status: 'UP', timestamp: new Date().toISOString() });
+  });
+
+  // API routes
+  app.use('/api/v1/users', userRoutes);
+
+  // 404 handler
+  app.use(notFoundMiddleware);
+
+  // Global error handler (must be last)
+  app.use(errorMiddleware);
+
+  return app;
+}
+
+export { createApp };