create-tigra 1.0.7 → 2.0.0

package/template/server/biome.json

@@ -1,42 +0,0 @@
-{
-  "$schema": "https://biomejs.dev/schemas/1.9.0/schema.json",
-  "organizeImports": {
-    "enabled": true
-  },
-  "linter": {
-    "enabled": true,
-    "rules": {
-      "recommended": true,
-      "complexity": {
-        "noForEach": "off"
-      },
-      "suspicious": {
-        "noExplicitAny": "warn"
-      },
-      "style": {
-        "noNonNullAssertion": "off"
-      }
-    }
-  },
-  "formatter": {
-    "enabled": true,
-    "indentStyle": "space",
-    "indentWidth": 4,
-    "lineWidth": 100
-  },
-  "javascript": {
-    "formatter": {
-      "quoteStyle": "single",
-      "trailingCommas": "es5",
-      "semicolons": "always"
-    }
-  },
-  "files": {
-    "ignore": [
-      "node_modules",
-      "dist",
-      "coverage",
-      "*.json"
-    ]
-  }
-}

package/template/server/scripts/setup-env.js

@@ -1,50 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Setup environment file
- * Copies .env.example to .env if .env doesn't exist
- */
-
-import fs from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-import { dirname } from 'path';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-
-const ROOT_DIR = path.resolve(__dirname, '..');
-const ENV_FILE = path.join(ROOT_DIR, '.env');
-const EXAMPLE_ENV_FILE = path.join(ROOT_DIR, '.env.example');
-
-function setupEnv() {
-  // Check if .env already exists
-  if (fs.existsSync(ENV_FILE)) {
-    console.log('✓ .env file already exists');
-    return;
-  }
-
-  // Check if .env.example exists
-  if (!fs.existsSync(EXAMPLE_ENV_FILE)) {
-    console.error('✗ .env.example file not found!');
-    console.error('  Please create a .env.example file first');
-    process.exit(1);
-  }
-
-  // Copy .env.example to .env
-  try {
-    fs.copyFileSync(EXAMPLE_ENV_FILE, ENV_FILE);
-    console.log('✓ Created .env file from .env.example');
-    console.log('');
-    console.log('⚠ IMPORTANT: Please update the following values in .env:');
-    console.log('  - DATABASE_URL (replace {{DATABASE_PASSWORD}} and {{DATABASE_NAME}})');
-    console.log('  - JWT_SECRET (use a strong secret in production)');
-    console.log('  - ADMIN_EMAIL and ADMIN_PASSWORD');
-    console.log('');
-  } catch (error) {
-    console.error('✗ Failed to create .env file:', error.message);
-    process.exit(1);
-  }
-}
-
-setupEnv();

package/template/server/scripts/wait-for-db.js

@@ -1,60 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Wait for database to be ready before running migrations
- * This script polls the database connection until it's available
- */
-
-import { createConnection } from 'mysql2/promise';
-import { config } from 'dotenv';
-import { resolve } from 'path';
-
-// Load environment variables
-config({ path: resolve(process.cwd(), '.env') });
-
-const MAX_ATTEMPTS = 30; // 30 attempts
-const RETRY_DELAY = 2000; // 2 seconds between attempts
-
-async function waitForDatabase() {
-  const dbConfig = {
-    host: process.env.DB_HOST || 'localhost',
-    port: parseInt(process.env.DB_PORT || '3306'),
-    user: process.env.DB_USER || 'root',
-    password: process.env.DB_PASSWORD || 'password',
-    database: process.env.DB_NAME,
-  };
-
-  console.log('Waiting for database to be ready...');
-  console.log(`   Host: ${dbConfig.host}:${dbConfig.port}`);
-  console.log(`   Database: ${dbConfig.database}`);
-  console.log();
-
-  for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
-    try {
-      const connection = await createConnection(dbConfig);
-      await connection.ping();
-      await connection.end();
-
-      console.log('Database is ready!');
-      console.log();
-      process.exit(0);
-    } catch (error) {
-      if (attempt === MAX_ATTEMPTS) {
-        console.error('Database failed to become ready after maximum attempts');
-        console.error(`   Error: ${error.message}`);
-        console.error();
-        console.error('Troubleshooting:');
-        console.error('   1. Ensure Docker is running: docker ps');
-        console.error('   2. Check if containers are healthy: docker-compose ps');
-        console.error('   3. View MySQL logs: docker-compose logs mysql');
-        console.error('   4. Restart containers: docker-compose restart');
-        process.exit(1);
-      }
-
-      process.stdout.write(`   Attempt ${attempt}/${MAX_ATTEMPTS} - Database not ready yet, retrying in ${RETRY_DELAY / 1000}s...\r`);
-      await new Promise(resolve => setTimeout(resolve, RETRY_DELAY));
-    }
-  }
-}
-
-waitForDatabase();

package/template/server/src/hooks/request-timing.hook.ts

@@ -1,26 +0,0 @@
-import { FastifyInstance } from 'fastify';
-import { env } from '@/config/env';
-
-export function registerRequestHooks(app: FastifyInstance) {
-    app.addHook('onRequest', async (request) => {
-        request.startTime = Date.now();
-    });
-
-    app.addHook('onResponse', async (request, reply) => {
-        const duration = Date.now() - request.startTime;
-        const logData = {
-            method: request.method,
-            url: request.url,
-            statusCode: reply.statusCode,
-            duration: `${duration}ms`,
-            ip: request.ip,
-            requestId: request.id,
-        };
-
-        if (duration > env.SLOW_QUERY_THRESHOLD) {
-            app.log.warn(logData, 'Slow response detected');
-        } else {
-            app.log.info(logData, 'Request completed');
-        }
-    });
-}

package/template/server/src/libs/auth/authenticate.middleware.ts

@@ -1,22 +0,0 @@
-import { FastifyReply, FastifyRequest } from 'fastify';
-import { verifyAccessToken } from '@/modules/auth/auth.service';
-import { UnauthorizedError, AppError } from '@/utils/errors';
-
-export async function authenticateMiddleware(request: FastifyRequest, reply: FastifyReply) {
-    try {
-        const authHeader = request.headers.authorization;
-        if (!authHeader || !authHeader.startsWith('Bearer ')) {
-            throw new UnauthorizedError('Authentication token missing');
-        }
-
-        const token = authHeader.split(' ')[1];
-        if (!token) {
-            throw new UnauthorizedError('Malformed authentication token');
-        }
-
-        const payload = await verifyAccessToken(token);
-        request.user = payload;
-    } catch (error) {
-        throw error instanceof AppError ? error : new UnauthorizedError('Invalid or expired token');
-    }
-}

package/template/server/src/libs/auth/rbac.middleware.test.ts

@@ -1,134 +0,0 @@
-/**
- * RBAC Middleware Tests
- * 
- * Tests for role-based access control middleware functions.
- */
-
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import type { FastifyRequest, FastifyReply } from 'fastify';
-import { requireRole, requireAdmin, requireUser, hasRole, isAdmin } from './rbac.middleware';
-import { ForbiddenError, UnauthorizedError } from '../../utils/errors';
-
-describe('RBAC Middleware', () => {
-    let mockRequest: any;
-    let mockReply: any;
-
-    beforeEach(() => {
-        mockRequest = {
-            user: undefined,
-        };
-        mockReply = {};
-    });
-
-    describe('requireRole', () => {
-        it('should allow access when user has required role', async () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-            const middleware = requireRole('ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should allow access when user has one of multiple allowed roles', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireRole('USER', 'ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should throw UnauthorizedError when user is not authenticated', async () => {
-            mockRequest.user = undefined;
-            const middleware = requireRole('ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(UnauthorizedError);
-        });
-
-        it('should throw ForbiddenError when user lacks required role', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireRole('ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(ForbiddenError);
-        });
-    });
-
-    describe('requireAdmin', () => {
-        it('should allow access for ADMIN users', async () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-            const middleware = requireAdmin();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should deny access for USER role', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireAdmin();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(ForbiddenError);
-        });
-    });
-
-    describe('requireUser', () => {
-        it('should allow access for USER role', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireUser();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should deny access for ADMIN role', async () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-            const middleware = requireUser();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(ForbiddenError);
-        });
-    });
-
-    describe('hasRole utility', () => {
-        it('should return true when user has the role', () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-
-            expect(hasRole(mockRequest as FastifyRequest, 'ADMIN')).toBe(true);
-        });
-
-        it('should return false when user does not have the role', () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-
-            expect(hasRole(mockRequest as FastifyRequest, 'ADMIN')).toBe(false);
-        });
-
-        it('should return false when user is not authenticated', () => {
-            mockRequest.user = undefined;
-
-            expect(hasRole(mockRequest as FastifyRequest, 'ADMIN')).toBe(false);
-        });
-    });
-
-    describe('isAdmin utility', () => {
-        it('should return true for ADMIN users', () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-
-            expect(isAdmin(mockRequest as FastifyRequest)).toBe(true);
-        });
-
-        it('should return false for non-ADMIN users', () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-
-            expect(isAdmin(mockRequest as FastifyRequest)).toBe(false);
-        });
-    });
-});

package/template/server/src/libs/auth/rbac.middleware.ts

@@ -1,147 +0,0 @@
-/**
- * Role-Based Access Control (RBAC) Middleware
- * 
- * Provides middleware functions to enforce role-based permissions on routes.
- * Must be used AFTER the authenticate middleware.
- * 
- * @see /mnt/project/02-general-rules.md
- */
-
-import type { FastifyRequest, FastifyReply } from 'fastify';
-import { ForbiddenError, UnauthorizedError } from '@/utils/errors';
-
-/**
- * User Role Type
- * 
- * Must match the roles defined in Prisma schema and JWT payload
- */
-export type UserRole = 'USER' | 'ADMIN';
-
-/**
- * RBAC Middleware Factory
- * 
- * Creates a preHandler middleware that checks if the authenticated user
- * has one of the required roles.
- * 
- * @param allowedRoles - Array of roles that are allowed to access the route
- * @returns Fastify preHandler function
- * 
- * @example
- * // Single role
- * app.get('/admin/users', {
- *   preHandler: [app.authenticate, requireRole('ADMIN')],
- *   handler: adminController.listUsers
- * });
- * 
- * @example
- * // Multiple roles
- * app.post('/resources', {
- *   preHandler: [app.authenticate, requireRole('USER', 'ADMIN')],
- *   handler: resourceController.create
- * });
- */
-export function requireRole(...allowedRoles: UserRole[]) {
-    return async (request: FastifyRequest, _reply: FastifyReply): Promise<void> => {
-        // Ensure user is authenticated (should be set by app.authenticate)
-        if (!request.user) {
-            throw new UnauthorizedError('Authentication required');
-        }
-
-        const userRole = request.user.role as UserRole;
-
-        // Validate that user's role is in the allowed roles list
-        if (!allowedRoles.includes(userRole)) {
-            throw new ForbiddenError(
-                `Access denied. Required role: ${allowedRoles.join(' or ')}`
-            );
-        }
-
-        // User has required role, allow request to proceed
-    };
-}
-
-/**
- * Require ADMIN role
- * 
- * Shorthand helper for routes that require admin access only.
- * 
- * @example
- * app.delete('/users/:id', {
- *   preHandler: [app.authenticate, requireAdmin()],
- *   handler: userController.deleteUser
- * });
- */
-export const requireAdmin = () => requireRole('ADMIN');
-
-/**
- * Require USER role
- * 
- * Shorthand helper for routes that require standard user access.
- * Note: This excludes ADMIN users. Use requireAny() to allow both.
- * 
- * @example
- * app.get('/profile', {
- *   preHandler: [app.authenticate, requireUser()],
- *   handler: userController.getProfile
- * });
- */
-export const requireUser = () => requireRole('USER');
-
-/**
- * Require any authenticated user (USER or ADMIN)
- * 
- * Shorthand helper for routes that require authentication but accept any role.
- * This is equivalent to just using app.authenticate without role checking.
- * 
- * @example
- * app.get('/resources', {
- *   preHandler: [app.authenticate, requireAny()],
- *   handler: resourceController.list
- * });
- */
-export const requireAny = () => requireRole('USER', 'ADMIN');
-
-/**
- * Check if user has specific role (utility function)
- * 
- * Can be used within route handlers for conditional logic.
- * 
- * @param request - Fastify request object
- * @param role - Role to check
- * @returns true if user has the role, false otherwise
- * 
- * @example
- * export async function getResources(request: FastifyRequest) {
- *   const resources = await resourceRepo.findAll();
- *   
- *   // Filter sensitive data for non-admin users
- *   if (!hasRole(request, 'ADMIN')) {
- *     return resources.map(r => omit(r, 'internalNotes'));
- *   }
- *   
- *   return resources;
- * }
- */
-export function hasRole(request: FastifyRequest, role: UserRole): boolean {
-    return request.user?.role === role;
-}
-
-/**
- * Check if user is admin (utility function)
- * 
- * @param request - Fastify request object
- * @returns true if user is admin, false otherwise
- */
-export function isAdmin(request: FastifyRequest): boolean {
-    return hasRole(request, 'ADMIN');
-}
-
-/**
- * Check if user is regular user (utility function)
- * 
- * @param request - Fastify request object
- * @returns true if user is regular user, false otherwise
- */
-export function isUser(request: FastifyRequest): boolean {
-    return hasRole(request, 'USER');
-}

package/template/server/src/libs/db.ts

@@ -1,76 +0,0 @@
-/**
- * Database Connection
- * 
- * Prisma Client instance with query logging and error handling.
- * 
- * @see /mnt/project/01-db-and-migrations.md
- * @see /mnt/project/08-observability.md
- */
-
-import { PrismaClient, Prisma } from '@prisma/client';
-import logger from './logger';
-
-/**
- * Create Prisma Client instance
- * 
- * Features:
- * - Slow query logging (> 1000ms)
- * - Error logging
- * - Query logging in development (optional)
- */
-const prisma = new PrismaClient({
-    log:
-        process.env['PRISMA_QUERY_LOG'] === 'true'
-            ? [
-                { level: 'query', emit: 'event' },
-                { level: 'info', emit: 'stdout' },
-                { level: 'warn', emit: 'stdout' },
-                { level: 'error', emit: 'event' },
-            ]
-            : [
-                { level: 'warn', emit: 'stdout' },
-                { level: 'error', emit: 'event' },
-                { level: 'query', emit: 'event' },
-            ],
-});
-
-/**
- * Slow Query Logging
- * 
- * Logs a warning when a query takes longer than the threshold.
- * Helps identify performance bottlenecks.
- */
-prisma.$on('query', (e: Prisma.QueryEvent) => {
-    const threshold = parseInt(process.env['SLOW_QUERY_THRESHOLD'] || '1000');
-
-    if (e.duration > threshold) {
-        logger.warn(
-            {
-                query: e.query,
-                params: e.params,
-                duration: e.duration,
-                target: e.target,
-            },
-            `Slow query detected (${e.duration}ms)`
-        );
-    }
-});
-
-/**
- * Error Logging
- * 
- * Logs database errors for monitoring and debugging.
- */
-prisma.$on('error', (e: Prisma.LogEvent) => {
-    logger.error(
-        {
-            message: e.message,
-            target: e.target,
-        },
-        'Database error occurred'
-    );
-});
-
-
-
-export { prisma };

package/template/server/src/libs/error-handler.ts

@@ -1,89 +0,0 @@
-import { FastifyError, FastifyReply, FastifyRequest } from 'fastify';
-import { ZodError } from 'zod';
-import { Prisma } from '@prisma/client';
-import jsonwebtoken from 'jsonwebtoken';
-import { env } from '@/config/env';
-import { AppError, InternalError } from '@/utils/errors';
-
-export function setupErrorHandler(error: FastifyError, request: FastifyRequest, reply: FastifyReply) {
-    // 1. Log the error internally
-    request.log.error({
-        err: error,
-        requestId: request.id,
-        userId: request.user?.userId,
-        path: request.url,
-    });
-
-    // 2. Handle known AppErrors
-    if (error instanceof AppError) {
-        return reply.status(error.statusCode).send({
-            success: false,
-            error: {
-                code: error.code,
-                message: error.message,
-            },
-        });
-    }
-
-    // 3. Handle Zod Validation Errors
-    if (error instanceof ZodError) {
-        return reply.status(400).send({
-            success: false,
-            error: {
-                code: 'VALIDATION_ERROR',
-                message: error.errors[0]?.message || 'Invalid input data',
-                details: error.errors,
-            },
-        });
-    }
-
-    // 4. Handle Prisma Database Errors
-    if (error instanceof Prisma.PrismaClientKnownRequestError) {
-        // P2002: Unique constraint failed
-        if (error.code === 'P2002') {
-            return reply.status(409).send({
-                success: false,
-                error: { code: 'CONFLICT', message: 'Resource already exists' },
-            });
-        }
-        // P2025: Record not found
-        if (error.code === 'P2025') {
-            return reply.status(404).send({
-                success: false,
-                error: { code: 'NOT_FOUND', message: 'Resource not found' },
-            });
-        }
-    }
-
-    // 5. Handle JWT Errors explicitly
-    if (error instanceof jsonwebtoken.TokenExpiredError) {
-        return reply.status(401).send({
-            success: false,
-            error: { code: 'UNAUTHORIZED', message: 'Token expired' },
-        });
-    }
-
-    if (error instanceof jsonwebtoken.JsonWebTokenError) {
-        return reply.status(401).send({
-            success: false,
-            error: { code: 'UNAUTHORIZED', message: 'Invalid token' },
-        });
-    }
-
-    // 6. Handle Rate Limit Errors
-    if (reply.statusCode === 429) {
-        return reply.send(error); // Keep custom error from rate-limit plugin
-    }
-
-    // 7. Fallback: Internal Server Error
-    const internalError = new InternalError();
-    return reply.status(500).send({
-        success: false,
-        error: {
-            code: internalError.code,
-            message: env.NODE_ENV === 'production'
-                ? 'An unexpected error occurred'
-                : error.message,
-        },
-    });
-}