create-tigra 1.0.0

package/template/server/src/modules/auth/auth.service.ts

@@ -0,0 +1,329 @@
+/**
+ * Authentication Service
+ * 
+ * Business logic for authentication operations.
+ * Handles registration, login, token refresh, and logout.
+ * 
+ * @see /mnt/project/02-general-rules.md
+ */
+
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import { env } from '@/config/env';
+import logger from '@/libs/logger';
+import {
+    ConflictError,
+    UnauthorizedError,
+} from '@/utils/errors';
+import * as authRepo from './auth.repo';
+import type {
+    AuthResponse,
+    TokenResponse,
+    JwtPayload,
+    JwtRefreshPayload,
+} from './auth.types';
+import type { RegisterInput, LoginInput } from './auth.schemas';
+
+/**
+ * Password hashing rounds
+ */
+const BCRYPT_ROUNDS = 10;
+
+/**
+ * Parse JWT expiration string to seconds
+ * 
+ * @param expiration - Expiration string (e.g., '15m', '7d')
+ * @returns Expiration in seconds
+ */
+function parseExpiration(expiration: string): number {
+    const match = expiration.match(/^(\d+)([smhd])$/);
+    if (!match) {
+        throw new Error(`Invalid expiration format: ${expiration}`);
+    }
+
+    const value = parseInt(match[1]!);
+    const unit = match[2]!;
+
+    const multipliers: Record<string, number> = {
+        s: 1,
+        m: 60,
+        h: 3600,
+        d: 86400,
+    };
+
+    return value * multipliers[unit]!;
+}
+
+/**
+ * Generate access token
+ * 
+ * @param userId - User ID
+ * @param email - User email
+ * @param role - User role
+ * @returns JWT access token
+ */
+function generateAccessToken(
+    userId: string,
+    email: string,
+    role: string
+): string {
+    const payload: JwtPayload = {
+        userId,
+        email,
+        role: role as 'USER' | 'ADMIN',
+    };
+
+    return jwt.sign(payload, env.JWT_SECRET, {
+        expiresIn: env.JWT_ACCESS_EXPIRATION,
+        issuer: env.JWT_ISSUER,
+    } as jwt.SignOptions);
+}
+
+/**
+ * Generate refresh token
+ * 
+ * @param userId - User ID
+ * @param sessionId - Session ID
+ * @returns JWT refresh token
+ */
+function generateRefreshToken(userId: string, sessionId: string): string {
+    const payload: JwtRefreshPayload = {
+        userId,
+        sessionId,
+    };
+
+    return jwt.sign(payload, env.JWT_SECRET, {
+        expiresIn: env.JWT_REFRESH_EXPIRATION,
+        issuer: env.JWT_ISSUER,
+    } as jwt.SignOptions);
+}
+
+/**
+ * Register a new user
+ * 
+ * @param data - Registration data
+ * @returns User and tokens
+ * @throws ConflictError if email already exists
+ */
+export async function register(data: RegisterInput): Promise<AuthResponse> {
+    try {
+        // Check if user already exists
+        const existingUser = await authRepo.findUserByEmail(data.email);
+        if (existingUser) {
+            throw new ConflictError('Email already registered');
+        }
+
+        // Hash password
+        const hashedPassword = await bcrypt.hash(data.password, BCRYPT_ROUNDS);
+
+        // Create user
+        const user = await authRepo.createUser({
+            email: data.email,
+            password: hashedPassword,
+            name: data.name,
+        });
+
+        // Generate tokens
+        const accessToken = generateAccessToken(user.id, user.email, user.role);
+        const sessionId = `session_${Date.now()}_${user.id}`;
+        const refreshToken = generateRefreshToken(user.id, sessionId);
+
+        // Calculate refresh token expiration
+        const expiresInSeconds = parseExpiration(env.JWT_REFRESH_EXPIRATION);
+        const expiresAt = new Date(Date.now() + expiresInSeconds * 1000);
+
+        // Create session
+        await authRepo.createSession({
+            userId: user.id,
+            refreshToken,
+            expiresAt,
+        });
+
+        logger.info({ userId: user.id, email: user.email }, 'User registered');
+
+        return {
+            user,
+            tokens: {
+                accessToken,
+                refreshToken,
+                expiresIn: parseExpiration(env.JWT_ACCESS_EXPIRATION),
+            },
+        };
+    } catch (error) {
+        logger.error({ error, email: data.email }, 'Registration failed');
+        throw error;
+    }
+}
+
+/**
+ * Login user
+ * 
+ * @param data - Login credentials
+ * @returns User and tokens
+ * @throws UnauthorizedError if credentials are invalid
+ */
+export async function login(data: LoginInput): Promise<AuthResponse> {
+    try {
+        // Find user with password
+        const userWithPassword = await authRepo.findUserByEmailWithPassword(
+            data.email
+        );
+
+        if (!userWithPassword) {
+            throw new UnauthorizedError('Invalid email or password');
+        }
+
+        // Verify password
+        const isPasswordValid = await bcrypt.compare(
+            data.password,
+            userWithPassword.password
+        );
+
+        if (!isPasswordValid) {
+            throw new UnauthorizedError('Invalid email or password');
+        }
+
+        // Get user without password
+        const user = await authRepo.findUserById(userWithPassword.id);
+        if (!user) {
+            throw new UnauthorizedError('User not found');
+        }
+
+        // Generate tokens
+        const accessToken = generateAccessToken(user.id, user.email, user.role);
+        const sessionId = `session_${Date.now()}_${user.id}`;
+        const refreshToken = generateRefreshToken(user.id, sessionId);
+
+        // Calculate refresh token expiration
+        const expiresInSeconds = parseExpiration(env.JWT_REFRESH_EXPIRATION);
+        const expiresAt = new Date(Date.now() + expiresInSeconds * 1000);
+
+        // Create session
+        await authRepo.createSession({
+            userId: user.id,
+            refreshToken,
+            expiresAt,
+        });
+
+        logger.info({ userId: user.id, email: user.email }, 'User logged in');
+
+        return {
+            user,
+            tokens: {
+                accessToken,
+                refreshToken,
+                expiresIn: parseExpiration(env.JWT_ACCESS_EXPIRATION),
+            },
+        };
+    } catch (error) {
+        logger.error({ error, email: data.email }, 'Login failed');
+        throw error;
+    }
+}
+
+/**
+ * Refresh access token
+ * 
+ * @param refreshToken - Refresh token
+ * @returns New access and refresh tokens
+ * @throws UnauthorizedError if token is invalid or expired
+ */
+export async function refreshTokens(
+    refreshToken: string
+): Promise<TokenResponse> {
+    try {
+        // Find session
+        const session = await authRepo.findSessionByToken(refreshToken);
+        if (!session) {
+            throw new UnauthorizedError('Invalid refresh token');
+        }
+
+        // Check if session expired
+        if (session.expiresAt < new Date()) {
+            await authRepo.deleteSession(refreshToken);
+            throw new UnauthorizedError('Refresh token expired');
+        }
+
+        // Verify JWT token
+        let payload: JwtRefreshPayload;
+        try {
+            payload = jwt.verify(refreshToken, env.JWT_SECRET, {
+                issuer: env.JWT_ISSUER,
+            }) as JwtRefreshPayload;
+        } catch (error) {
+            await authRepo.deleteSession(refreshToken);
+            throw new UnauthorizedError('Invalid refresh token');
+        }
+
+        // Generate new tokens
+        const newAccessToken = generateAccessToken(
+            session.user.id,
+            session.user.email,
+            session.user.role
+        );
+        const sessionId = `session_${Date.now()}_${session.user.id}`;
+        const newRefreshToken = generateRefreshToken(session.user.id, sessionId);
+
+        // Calculate new expiration
+        const expiresInSeconds = parseExpiration(env.JWT_REFRESH_EXPIRATION);
+        const expiresAt = new Date(Date.now() + expiresInSeconds * 1000);
+
+        // Update session with new refresh token
+        await authRepo.updateSession(refreshToken, newRefreshToken, expiresAt);
+
+        logger.info({ userId: session.user.id }, 'Tokens refreshed');
+
+        return {
+            accessToken: newAccessToken,
+            refreshToken: newRefreshToken,
+            expiresIn: parseExpiration(env.JWT_ACCESS_EXPIRATION),
+        };
+    } catch (error) {
+        logger.error({ error }, 'Token refresh failed');
+        throw error;
+    }
+}
+
+/**
+ * Logout user
+ * 
+ * Deletes the session associated with the refresh token.
+ * 
+ * @param refreshToken - Refresh token
+ */
+export async function logout(refreshToken: string): Promise<void> {
+    try {
+        await authRepo.deleteSession(refreshToken);
+        logger.info('User logged out');
+    } catch (error) {
+        // Ignore errors if session doesn't exist
+        logger.warn({ error }, 'Logout failed - session may not exist');
+    }
+}
+
+/**
+ * Verify access token
+ * 
+ * @param token - Access token
+ * @returns JWT payload
+ * @throws UnauthorizedError if token is invalid
+ */
+export async function verifyAccessToken(token: string): Promise<JwtPayload> {
+    try {
+        const payload = jwt.verify(token, env.JWT_SECRET, {
+            issuer: env.JWT_ISSUER,
+        }) as JwtPayload;
+
+        return payload;
+    } catch (error) {
+        if (error instanceof jwt.TokenExpiredError) {
+            throw new UnauthorizedError('Access token expired');
+        }
+        if (error instanceof jwt.JsonWebTokenError) {
+            throw new UnauthorizedError('Invalid access token');
+        }
+        throw new UnauthorizedError('Token verification failed');
+    }
+}
+
+

package/template/server/src/modules/auth/auth.types.ts

@@ -0,0 +1,97 @@
+/**
+ * Authentication Types
+ * 
+ * TypeScript types and interfaces for authentication module.
+ * These types are used throughout the auth flow.
+ */
+
+/**
+ * User Role Enum
+ */
+export type UserRole = 'USER' | 'ADMIN';
+
+/**
+ * User object (without sensitive fields like password)
+ * 
+ * This is the safe user representation returned to clients.
+ */
+export interface User {
+    id: string;
+    email: string;
+    name: string | null;
+    role: UserRole;
+    emailVerified: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+}
+
+/**
+ * Login Request Payload
+ */
+export interface LoginRequest {
+    email: string;
+    password: string;
+}
+
+/**
+ * Register Request Payload
+ */
+export interface RegisterRequest {
+    email: string;
+    password: string;
+    name: string;
+}
+
+/**
+ * Token Response
+ * 
+ * Contains JWT tokens and expiration info.
+ */
+export interface TokenResponse {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number; // Seconds until access token expires
+}
+
+/**
+ * Authentication Response
+ * 
+ * Complete response after successful login/register.
+ * Contains user info and tokens.
+ */
+export interface AuthResponse {
+    user: User;
+    tokens: TokenResponse;
+}
+
+/**
+ * Refresh Token Request Payload
+ */
+export interface RefreshTokenRequest {
+    refreshToken: string;
+}
+
+/**
+ * JWT Payload
+ * 
+ * Data stored inside the JWT access token.
+ */
+export interface JwtPayload {
+    userId: string;
+    email: string;
+    role: UserRole;
+    iat?: number; // Issued at
+    exp?: number; // Expiration
+}
+
+/**
+ * JWT Refresh Payload
+ * 
+ * Data stored inside the JWT refresh token.
+ */
+export interface JwtRefreshPayload {
+    userId: string;
+    sessionId: string;
+    iat?: number;
+    exp?: number;
+}

package/template/server/src/modules/resources/resources.controller.ts

@@ -0,0 +1,218 @@
+/**
+ * Resources Controller
+ * 
+ * HTTP request handlers for resources endpoints.
+ * Controllers should ONLY handle HTTP concerns, no business logic.
+ * 
+ * @see /mnt/project/02-general-rules.md
+ * @see /mnt/project/04-pagination.md
+ * @see /mnt/project/06-response-handling.md
+ */
+
+import type { FastifyRequest, FastifyReply } from 'fastify';
+import { successResponse } from '@/utils/response';
+import { paginatedResponse } from '@/utils/pagination';
+import * as resourceService from './resources.service';
+import {
+    CreateResourceSchema,
+    UpdateResourceSchema,
+    ResourceFiltersSchema,
+    PaginationSchema,
+} from './resources.schemas';
+import type {
+    CreateResourceInput,
+    UpdateResourceInput,
+    ResourceFiltersInput,
+    PaginationInput,
+} from './resources.schemas';
+
+/**
+ * List resources with filters and pagination
+ * 
+ * @route GET /resources
+ * @access Public
+ */
+export async function listResources(
+    request: FastifyRequest<{
+        Querystring: ResourceFiltersInput & PaginationInput;
+    }>,
+    reply: FastifyReply
+): Promise<FastifyReply> {
+    // Parse and validate query parameters
+    const filters = ResourceFiltersSchema.parse({
+        status: request.query.status,
+        minPrice: request.query.minPrice,
+        maxPrice: request.query.maxPrice,
+        ownerId: request.query.ownerId,
+        search: request.query.search,
+    });
+
+    const pagination = PaginationSchema.parse({
+        page: request.query.page,
+        limit: request.query.limit,
+    });
+
+    // Call service
+    const { items, totalItems } = await resourceService.getResources(
+        filters,
+        pagination.page,
+        pagination.limit
+    );
+
+    // Return paginated response (EXACT format from 04-pagination.md)
+    return reply.status(200).send(
+        paginatedResponse(
+            'Resources retrieved successfully',
+            items,
+            pagination.page,
+            pagination.limit,
+            totalItems
+        )
+    );
+}
+
+/**
+ * Get resource by ID
+ * 
+ * @route GET /resources/:id
+ * @access Public
+ */
+export async function getResource(
+    request: FastifyRequest<{
+        Params: { id: string };
+    }>,
+    reply: FastifyReply
+): Promise<FastifyReply> {
+    const { id } = request.params;
+
+    // Call service
+    const resource = await resourceService.getResource(id);
+
+    // Return success response
+    return reply.status(200).send(
+        successResponse('Resource retrieved successfully', resource)
+    );
+}
+
+/**
+ * Create a new resource
+ * 
+ * @route POST /resources
+ * @access Private (requires authentication)
+ */
+export async function createResource(
+    request: FastifyRequest<{
+        Body: CreateResourceInput;
+    }>,
+    reply: FastifyReply
+): Promise<FastifyReply> {
+    // Validate request body
+    const body = CreateResourceSchema.parse(request.body);
+
+    // Get user ID from authenticated request
+    const userId = (request.user as any)?.userId;
+
+    // Call service
+    const resource = await resourceService.createResource(body, userId);
+
+    // Return success response
+    return reply.status(201).send(
+        successResponse('Resource created successfully', resource)
+    );
+}
+
+/**
+ * Update a resource
+ * 
+ * @route PATCH /resources/:id
+ * @access Private (requires authentication and ownership)
+ */
+export async function updateResource(
+    request: FastifyRequest<{
+        Params: { id: string };
+        Body: UpdateResourceInput;
+    }>,
+    reply: FastifyReply
+): Promise<FastifyReply> {
+    const { id } = request.params;
+
+    // Validate request body
+    const body = UpdateResourceSchema.parse(request.body);
+
+    // Get user ID from authenticated request
+    const userId = (request.user as any)?.userId;
+
+    // Call service (includes ownership verification)
+    const resource = await resourceService.updateResource(id, userId, body);
+
+    // Return success response
+    return reply.status(200).send(
+        successResponse('Resource updated successfully', resource)
+    );
+}
+
+/**
+ * Delete a resource
+ * 
+ * @route DELETE /resources/:id
+ * @access Private (requires authentication and ownership)
+ */
+export async function deleteResource(
+    request: FastifyRequest<{
+        Params: { id: string };
+    }>,
+    reply: FastifyReply
+): Promise<FastifyReply> {
+    const { id } = request.params;
+
+    // Get user ID from authenticated request
+    const userId = (request.user as any)?.userId;
+
+    // Call service (includes ownership verification)
+    const resource = await resourceService.deleteResource(id, userId);
+
+    // Return success response
+    return reply.status(200).send(
+        successResponse('Resource deleted successfully', resource)
+    );
+}
+
+/**
+ * Get current user's resources
+ * 
+ * @route GET /resources/my
+ * @access Private (requires authentication)
+ */
+export async function getMyResources(
+    request: FastifyRequest<{
+        Querystring: PaginationInput;
+    }>,
+    reply: FastifyReply
+): Promise<FastifyReply> {
+    // Parse pagination parameters
+    const pagination = PaginationSchema.parse({
+        page: request.query.page,
+        limit: request.query.limit,
+    });
+
+    // Get user ID from authenticated request
+    const userId = (request.user as any)?.userId;
+
+    // Call service
+    const { items, totalItems } = await resourceService.getMyResources(
+        userId,
+        pagination.page,
+        pagination.limit
+    );
+
+    // Return paginated response (EXACT format from 04-pagination.md)
+    return reply.status(200).send(
+        paginatedResponse(
+            'Your resources retrieved successfully',
+            items,
+            pagination.page,
+            pagination.limit,
+            totalItems
+        )
+    );
+}