npm - create-tigra - Versions diffs - 1.1.0 → 2.0.1 - Mend

create-tigra 1.1.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (243) hide show

package/LICENSE +21 -21
package/README.md +80 -87
package/bin/create-tigra.js +259 -308
package/package.json +49 -41
package/template/_claude/QUICK_REFERENCE.md +193 -0
package/template/_claude/README.md +53 -0
package/template/_claude/commands/create-client.md +881 -0
package/template/_claude/commands/create-server.md +383 -0
package/template/_claude/rules/client/01-project-structure.md +133 -0
package/template/_claude/rules/client/02-components-and-types.md +146 -0
package/template/_claude/rules/client/03-data-and-state.md +156 -0
package/template/_claude/rules/client/04-design-system.md +185 -0
package/template/_claude/rules/client/05-security.md +55 -0
package/template/_claude/rules/client/06-ux-checklist.md +81 -0
package/template/_claude/rules/client/core.md +42 -0
package/template/_claude/rules/global/core.md +77 -0
package/template/_claude/rules/server/core.md +50 -0
package/template/_claude/rules/server/database.md +124 -0
package/template/_claude/rules/server/project-conventions.md +150 -0
package/template/_claude/rules/server/response-handling.md +144 -0
package/template/client/.env.example +5 -0
package/template/client/README.md +36 -0
package/template/client/components.json +23 -0
package/template/client/eslint.config.mjs +18 -0
package/template/client/next.config.ts +34 -0
package/template/client/package.json +44 -0
package/template/client/postcss.config.mjs +7 -0
package/template/client/src/app/(auth)/layout.tsx +18 -0
package/template/client/src/app/(auth)/login/page.tsx +13 -0
package/template/client/src/app/(auth)/register/page.tsx +13 -0
package/template/client/src/app/(main)/dashboard/page.tsx +22 -0
package/template/client/src/app/(main)/layout.tsx +11 -0
package/template/client/src/app/error.tsx +27 -0
package/template/client/src/app/favicon.ico +0 -0
package/template/client/src/app/globals.css +145 -0
package/template/client/src/app/layout.tsx +36 -0
package/template/client/src/app/loading.tsx +11 -0
package/template/client/src/app/not-found.tsx +23 -0
package/template/client/src/app/page.tsx +45 -0
package/template/client/src/app/providers.tsx +43 -0
package/template/client/src/components/common/ConfirmDialog.tsx +56 -0
package/template/client/src/components/common/EmptyState.tsx +31 -0
package/template/client/src/components/common/LoadingSpinner.tsx +30 -0
package/template/client/src/components/common/Pagination.tsx +55 -0
package/template/client/src/components/layout/Footer.tsx +17 -0
package/template/client/src/components/layout/Header.tsx +173 -0
package/template/client/src/components/layout/MainLayout.tsx +18 -0
package/template/client/src/components/ui/alert-dialog.tsx +196 -0
package/template/client/src/components/ui/badge.tsx +48 -0
package/template/client/src/components/ui/button.tsx +64 -0
package/template/client/src/components/ui/card.tsx +92 -0
package/template/client/src/components/ui/input.tsx +21 -0
package/template/client/src/components/ui/label.tsx +24 -0
package/template/client/src/components/ui/select.tsx +190 -0
package/template/client/src/components/ui/skeleton.tsx +13 -0
package/template/client/src/components/ui/table.tsx +116 -0
package/template/client/src/features/auth/components/AuthInitializer.tsx +55 -0
package/template/client/src/features/auth/components/LoginForm.tsx +107 -0
package/template/client/src/features/auth/components/RegisterForm.tsx +178 -0
package/template/client/src/features/auth/hooks/useAuth.ts +84 -0
package/template/client/src/features/auth/services/auth.service.ts +52 -0
package/template/client/src/features/auth/store/authSlice.ts +38 -0
package/template/client/src/features/auth/types/auth.types.ts +32 -0
package/template/client/src/hooks/useDebounce.ts +14 -0
package/template/client/src/hooks/useLocalStorage.ts +55 -0
package/template/client/src/hooks/useMediaQuery.ts +27 -0
package/template/client/src/lib/api/api.types.ts +34 -0
package/template/client/src/lib/api/axios.config.ts +98 -0
package/template/client/src/lib/constants/api-endpoints.ts +18 -0
package/template/client/src/lib/constants/app.constants.ts +12 -0
package/template/client/src/lib/constants/routes.ts +9 -0
package/template/client/src/lib/utils/error.ts +32 -0
package/template/client/src/lib/utils/format.ts +37 -0
package/template/client/src/lib/utils/security.ts +34 -0
package/template/client/src/lib/utils.ts +6 -0
package/template/client/src/middleware.ts +57 -0
package/template/client/src/store/hooks.ts +7 -0
package/template/client/src/store/index.ts +12 -0
package/template/client/src/types/index.ts +3 -0
package/template/client/tsconfig.json +34 -0
package/template/gitignore +34 -0
package/template/server/.dockerignore +66 -0
package/template/server/.env.example +96 -69
package/template/server/.env.production.example +90 -0
package/template/server/Dockerfile +94 -0
package/template/server/docker-compose.yml +82 -111
package/template/server/docs/logging.md +62 -0
package/template/server/eslint.config.mjs +17 -0
package/template/server/package.json +68 -81
package/template/server/phpmyadmin-config.php +26 -0
package/template/server/postman_collection.json +666 -0
package/template/server/prisma/schema.prisma +77 -93
package/template/server/prisma/seed.ts +46 -142
package/template/server/scripts/flush-redis.ts +41 -0
package/template/server/src/app.ts +243 -71
package/template/server/src/config/env.ts +67 -94
package/template/server/src/libs/auth.ts +88 -0
package/template/server/src/libs/cleanup.ts +35 -0
package/template/server/src/libs/cookies.ts +46 -0
package/template/server/src/libs/logger.ts +33 -60
package/template/server/src/libs/monitoring.ts +205 -0
package/template/server/src/libs/password.ts +38 -0
package/template/server/src/libs/prisma.ts +68 -0
package/template/server/src/libs/redis.ts +60 -79
package/template/server/src/libs/requestLogger.ts +66 -0
package/template/server/src/libs/storage/file-storage.service.ts +211 -0
package/template/server/src/libs/storage/file-validator.ts +97 -0
package/template/server/src/libs/storage/filename-sanitizer.ts +71 -0
package/template/server/src/libs/storage/image-optimizer.service.ts +144 -0
package/template/server/src/modules/auth/__tests__/auth.service.test.ts +365 -0
package/template/server/src/modules/auth/auth.controller.ts +90 -141
package/template/server/src/modules/auth/auth.repo.ts +120 -218
package/template/server/src/modules/auth/auth.routes.ts +96 -83
package/template/server/src/modules/auth/auth.schemas.ts +35 -137
package/template/server/src/modules/auth/auth.service.ts +286 -329
package/template/server/src/modules/auth/session.repo.ts +110 -0
package/template/server/src/modules/users/users.controller.ts +120 -0
package/template/server/src/modules/users/users.repo.ts +77 -0
package/template/server/src/modules/users/users.routes.ts +89 -0
package/template/server/src/modules/users/users.schemas.ts +21 -0
package/template/server/src/modules/users/users.service.ts +169 -0
package/template/server/src/server.ts +58 -139
package/template/server/src/shared/errors/AppError.ts +21 -0
package/template/server/src/shared/errors/errors.ts +43 -0
package/template/server/src/shared/responses/paginatedResponse.ts +38 -0
package/template/server/src/shared/responses/successResponse.ts +17 -0
package/template/server/src/shared/schemas/pagination.schema.ts +12 -0
package/template/server/src/shared/types/index.ts +26 -0
package/template/server/src/test/setup.ts +74 -38
package/template/server/tsconfig.json +27 -89
package/template/server/uploads/avatars/.gitkeep +1 -0
package/template/server/vitest.config.ts +43 -98
package/template/.agent/rules/client/01-project-structure.md +0 -326
package/template/.agent/rules/client/02-component-patterns.md +0 -249
package/template/.agent/rules/client/03-typescript-rules.md +0 -226
package/template/.agent/rules/client/04-state-management.md +0 -474
package/template/.agent/rules/client/05-api-integration.md +0 -129
package/template/.agent/rules/client/06-forms-validation.md +0 -129
package/template/.agent/rules/client/07-common-patterns.md +0 -150
package/template/.agent/rules/client/08-color-system.md +0 -93
package/template/.agent/rules/client/09-security-rules.md +0 -97
package/template/.agent/rules/client/10-testing-strategy.md +0 -370
package/template/.agent/rules/global/ai-edit-safety.md +0 -38
package/template/.agent/rules/server/01-db-and-migrations.md +0 -242
package/template/.agent/rules/server/02-general-rules.md +0 -111
package/template/.agent/rules/server/03-migrations.md +0 -20
package/template/.agent/rules/server/04-pagination.md +0 -130
package/template/.agent/rules/server/05-project-conventions.md +0 -71
package/template/.agent/rules/server/06-response-handling.md +0 -173
package/template/.agent/rules/server/07-testing-strategy.md +0 -506
package/template/.agent/rules/server/08-observability.md +0 -180
package/template/.agent/rules/server/10-background-jobs-v2.md +0 -185
package/template/.agent/rules/server/11-rate-limiting-v2.md +0 -210
package/template/.agent/rules/server/12-performance-optimization.md +0 -567
package/template/.claude/rules/client-01-project-structure.md +0 -327
package/template/.claude/rules/client-02-component-patterns.md +0 -250
package/template/.claude/rules/client-03-typescript-rules.md +0 -227
package/template/.claude/rules/client-04-state-management.md +0 -475
package/template/.claude/rules/client-05-api-integration.md +0 -130
package/template/.claude/rules/client-06-forms-validation.md +0 -130
package/template/.claude/rules/client-07-common-patterns.md +0 -151
package/template/.claude/rules/client-08-color-system.md +0 -94
package/template/.claude/rules/client-09-security-rules.md +0 -98
package/template/.claude/rules/client-10-testing-strategy.md +0 -371
package/template/.claude/rules/global-ai-edit-safety.md +0 -39
package/template/.claude/rules/server-01-db-and-migrations.md +0 -243
package/template/.claude/rules/server-02-general-rules.md +0 -112
package/template/.claude/rules/server-03-migrations.md +0 -21
package/template/.claude/rules/server-04-pagination.md +0 -131
package/template/.claude/rules/server-05-project-conventions.md +0 -72
package/template/.claude/rules/server-06-response-handling.md +0 -174
package/template/.claude/rules/server-07-testing-strategy.md +0 -507
package/template/.claude/rules/server-08-observability.md +0 -181
package/template/.claude/rules/server-10-background-jobs-v2.md +0 -186
package/template/.claude/rules/server-11-rate-limiting-v2.md +0 -211
package/template/.claude/rules/server-12-performance-optimization.md +0 -568
package/template/.cursor/rules/client-01-project-structure.mdc +0 -327
package/template/.cursor/rules/client-02-component-patterns.mdc +0 -250
package/template/.cursor/rules/client-03-typescript-rules.mdc +0 -227
package/template/.cursor/rules/client-04-state-management.mdc +0 -475
package/template/.cursor/rules/client-05-api-integration.mdc +0 -130
package/template/.cursor/rules/client-06-forms-validation.mdc +0 -130
package/template/.cursor/rules/client-07-common-patterns.mdc +0 -151
package/template/.cursor/rules/client-08-color-system.mdc +0 -94
package/template/.cursor/rules/client-09-security-rules.mdc +0 -98
package/template/.cursor/rules/client-10-testing-strategy.mdc +0 -371
package/template/.cursor/rules/global-ai-edit-safety.mdc +0 -39
package/template/.cursor/rules/server-01-db-and-migrations.mdc +0 -243
package/template/.cursor/rules/server-02-general-rules.mdc +0 -112
package/template/.cursor/rules/server-03-migrations.mdc +0 -21
package/template/.cursor/rules/server-04-pagination.mdc +0 -131
package/template/.cursor/rules/server-05-project-conventions.mdc +0 -72
package/template/.cursor/rules/server-06-response-handling.mdc +0 -174
package/template/.cursor/rules/server-07-testing-strategy.mdc +0 -507
package/template/.cursor/rules/server-08-observability.mdc +0 -181
package/template/.cursor/rules/server-09-api-documentation-v2.mdc +0 -169
package/template/.cursor/rules/server-10-background-jobs-v2.mdc +0 -186
package/template/.cursor/rules/server-11-rate-limiting-v2.mdc +0 -211
package/template/.cursor/rules/server-12-performance-optimization.mdc +0 -568
package/template/CLAUDE.md +0 -207
package/template/server/.tsc-aliasrc.json +0 -13
package/template/server/IMPORT_FIX_CHECKLIST.md +0 -98
package/template/server/IMPORT_FIX_COMPLETE.md +0 -89
package/template/server/README.md +0 -183
package/template/server/REMAINING_IMPORT_FIXES.md +0 -150
package/template/server/SECURITY.md +0 -190
package/template/server/Tigra-API.postman_collection.json +0 -733
package/template/server/biome.json +0 -42
package/template/server/scripts/fix-all-imports.ps1 +0 -52
package/template/server/scripts/fix-imports-reference.ps1 +0 -16
package/template/server/scripts/fix-imports.mjs +0 -55
package/template/server/scripts/setup-env.js +0 -50
package/template/server/scripts/wait-for-db.js +0 -60
package/template/server/src/hooks/request-timing.hook.ts +0 -26
package/template/server/src/libs/auth/authenticate.middleware.ts +0 -22
package/template/server/src/libs/auth/rbac.middleware.test.ts +0 -134
package/template/server/src/libs/auth/rbac.middleware.ts +0 -147
package/template/server/src/libs/db.ts +0 -76
package/template/server/src/libs/error-handler.ts +0 -89
package/template/server/src/libs/queue.ts +0 -79
package/template/server/src/modules/admin/admin.controller.ts +0 -122
package/template/server/src/modules/admin/admin.routes.ts +0 -62
package/template/server/src/modules/admin/admin.schemas.ts +0 -35
package/template/server/src/modules/admin/admin.service.ts +0 -167
package/template/server/src/modules/auth/auth.integration.test.ts +0 -150
package/template/server/src/modules/auth/auth.service.test.ts +0 -119
package/template/server/src/modules/auth/auth.types.ts +0 -97
package/template/server/src/modules/resources/resources.controller.ts +0 -218
package/template/server/src/modules/resources/resources.repo.ts +0 -253
package/template/server/src/modules/resources/resources.routes.ts +0 -116
package/template/server/src/modules/resources/resources.schemas.ts +0 -146
package/template/server/src/modules/resources/resources.service.ts +0 -218
package/template/server/src/modules/resources/resources.types.ts +0 -73
package/template/server/src/plugins/rate-limit.plugin.ts +0 -21
package/template/server/src/plugins/security.plugin.ts +0 -21
package/template/server/src/routes/health.routes.ts +0 -31
package/template/server/src/types/fastify.d.ts +0 -36
package/template/server/src/utils/errors.ts +0 -108
package/template/server/src/utils/pagination.ts +0 -120
package/template/server/src/utils/response.ts +0 -110
package/template/server/src/workers/file.worker.ts +0 -106
package/template/server/tsconfig.build.json +0 -30
package/template/server/tsconfig.test.json +0 -22

package/template/server/src/modules/auth/session.repo.ts ADDED Viewed

@@ -0,0 +1,110 @@
+import { prisma } from '@libs/prisma.js';
+import type { Session } from '@prisma/client';
+export class SessionRepository {
+  /**
+   * Create a new session
+   */
+  async createSession(data: {
+    userId: string;
+    deviceInfo?: string;
+    ipAddress?: string;
+    expiresAt: Date;
+  }): Promise<Session> {
+    return prisma.session.create({
+      data: {
+        userId: data.userId,
+        deviceInfo: data.deviceInfo,
+        ipAddress: data.ipAddress,
+        expiresAt: data.expiresAt,
+      },
+    });
+  }
+  /**
+   * Get all active sessions for a user
+   */
+  async getUserSessions(userId: string): Promise<Session[]> {
+    return prisma.session.findMany({
+      where: {
+        userId,
+        expiresAt: {
+          gt: new Date(),
+        },
+      },
+      orderBy: {
+        lastActiveAt: 'desc',
+      },
+    });
+  }
+  /**
+   * Update session last active timestamp
+   */
+  async updateLastActive(sessionId: string): Promise<Session> {
+    return prisma.session.update({
+      where: { id: sessionId },
+      data: {
+        lastActiveAt: new Date(),
+      },
+    });
+  }
+  /**
+   * Delete a specific session
+   */
+  async deleteSession(sessionId: string): Promise<void> {
+    await prisma.session.delete({
+      where: { id: sessionId },
+    });
+  }
+  /**
+   * Delete all sessions for a user
+   */
+  async deleteAllUserSessions(userId: string): Promise<number> {
+    const result = await prisma.session.deleteMany({
+      where: { userId },
+    });
+    return result.count;
+  }
+  /**
+   * Delete expired sessions (for cleanup cron job)
+   */
+  async deleteExpiredSessions(): Promise<number> {
+    const result = await prisma.session.deleteMany({
+      where: {
+        expiresAt: {
+          lt: new Date(),
+        },
+      },
+    });
+    return result.count;
+  }
+  /**
+   * Get session by ID
+   */
+  async getSessionById(sessionId: string): Promise<Session | null> {
+    return prisma.session.findUnique({
+      where: { id: sessionId },
+    });
+  }
+  /**
+   * Count active sessions for a user
+   */
+  async countUserSessions(userId: string): Promise<number> {
+    return prisma.session.count({
+      where: {
+        userId,
+        expiresAt: {
+          gt: new Date(),
+        },
+      },
+    });
+  }
+}
+export const sessionRepository = new SessionRepository();

package/template/server/src/modules/users/users.controller.ts ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * Users Controller
+ *
+ * Request handlers for user endpoints.
+ */
+import type { FastifyRequest, FastifyReply } from 'fastify';
+import path from 'path';
+import { usersService } from './users.service.js';
+import { validateImageFile, validateFileSize } from '@libs/storage/file-validator.js';
+import { successResponse } from '@shared/responses/successResponse.js';
+import type { GetUserAvatarParams } from './users.schemas.js';
+import type { AuthenticatedRequest } from '@shared/types/index.js';
+import { logger } from '@libs/logger.js';
+import { BadRequestError } from '@shared/errors/errors.js';
+/**
+ * Users Controller Class
+ *
+ * Handles HTTP requests for user operations.
+ */
+class UsersController {
+  /**
+   * Upload avatar handler
+   *
+   * POST /api/v1/users/avatar
+   * Requires: multipart/form-data with file field
+   * Auth: Required (JWT)
+   *
+   * @param request - Fastify request (authenticated)
+   * @param reply - Fastify reply
+   */
+  async uploadAvatar(request: AuthenticatedRequest, reply: FastifyReply): Promise<void> {
+    // Get uploaded file from multipart request
+    const data = await request.file();
+    if (!data) {
+      throw new BadRequestError('No file uploaded', 'NO_FILE');
+    }
+    // Validate file (MIME type, extension)
+    validateImageFile(data);
+    // Read file buffer
+    const buffer = await data.toBuffer();
+    // Validate file size
+    validateFileSize(buffer);
+    // Get authenticated user ID
+    const userId = request.user.userId;
+    logger.info({
+      msg: 'Avatar upload request',
+      userId,
+      filename: data.filename,
+      mimetype: data.mimetype,
+      size: buffer.length,
+    });
+    // Call service to process and save avatar
+    const updatedUser = await usersService.uploadAvatar(userId, buffer, data.filename);
+    return reply.send(
+      successResponse('Avatar uploaded successfully', {
+        avatarUrl: updatedUser.avatarUrl,
+      })
+    );
+  }
+  /**
+   * Delete avatar handler
+   *
+   * DELETE /api/v1/users/avatar
+   * Auth: Required (JWT)
+   *
+   * @param request - Fastify request (authenticated)
+   * @param reply - Fastify reply
+   */
+  async deleteAvatar(request: AuthenticatedRequest, reply: FastifyReply): Promise<void> {
+    // Get authenticated user ID
+    const userId = request.user.userId;
+    logger.info({ msg: 'Avatar delete request', userId });
+    // Call service to delete avatar
+    await usersService.deleteAvatar(userId);
+    return reply.send(successResponse('Avatar deleted successfully', null));
+  }
+  /**
+   * Get avatar handler
+   *
+   * GET /api/v1/users/:userId/avatar
+   * Auth: Not required (public endpoint)
+   *
+   * Returns the avatar file directly or 404 if not found.
+   *
+   * @param request - Fastify request
+   * @param reply - Fastify reply
+   */
+  async getAvatar(
+    request: FastifyRequest<{ Params: GetUserAvatarParams }>,
+    reply: FastifyReply
+  ): Promise<void> {
+    const { userId } = request.params;
+    logger.info({ msg: 'Avatar fetch request', userId });
+    // Get avatar file path
+    const { path: filePath } = await usersService.getAvatar(userId);
+    // Send file directly
+    return reply.sendFile(path.basename(filePath), path.dirname(filePath));
+  }
+}
+// Export singleton instance
+export const usersController = new UsersController();

package/template/server/src/modules/users/users.repo.ts ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * Users Repository
+ *
+ * Data access layer for user operations.
+ */
+import { prisma } from '@libs/prisma.js';
+import type { UserRole } from '@shared/types/index.js';
+/**
+ * User selection fields (excludes sensitive data)
+ */
+const userSelect = {
+  id: true,
+  email: true,
+  firstName: true,
+  lastName: true,
+  role: true,
+  avatarUrl: true,
+  isActive: true,
+  createdAt: true,
+  updatedAt: true,
+} as const;
+export type SafeUser = {
+  id: string;
+  email: string;
+  firstName: string;
+  lastName: string;
+  role: UserRole;
+  avatarUrl: string | null;
+  isActive: boolean;
+  createdAt: Date;
+  updatedAt: Date;
+};
+/**
+ * Users Repository Class
+ *
+ * Handles all database operations for users.
+ */
+class UsersRepository {
+  /**
+   * Gets a user by ID
+   */
+  async getUserById(userId: string): Promise<SafeUser | null> {
+    return prisma.user.findUnique({
+      where: { id: userId, deletedAt: null },
+      select: userSelect,
+    });
+  }
+  /**
+   * Updates a user's avatar URL
+   */
+  async updateUserAvatar(userId: string, avatarUrl: string): Promise<SafeUser> {
+    return prisma.user.update({
+      where: { id: userId },
+      data: { avatarUrl },
+      select: userSelect,
+    });
+  }
+  /**
+   * Clears a user's avatar URL
+   */
+  async clearUserAvatar(userId: string): Promise<SafeUser> {
+    return prisma.user.update({
+      where: { id: userId },
+      data: { avatarUrl: null },
+      select: userSelect,
+    });
+  }
+}
+// Export singleton instance
+export const usersRepository = new UsersRepository();

package/template/server/src/modules/users/users.routes.ts ADDED Viewed

@@ -0,0 +1,89 @@
+/**
+ * Users Routes
+ *
+ * Defines HTTP routes for user operations.
+ */
+import type { FastifyInstance } from 'fastify';
+import { usersController } from './users.controller.js';
+import { GetUserAvatarSchema } from './users.schemas.js';
+import { authenticate } from '@libs/auth.js';
+/**
+ * Users routes plugin
+ *
+ * Endpoints:
+ * - POST   /users/avatar       - Upload avatar (authenticated)
+ * - DELETE /users/avatar       - Delete avatar (authenticated)
+ * - GET    /users/:userId/avatar - Get avatar (public)
+ *
+ * @param fastify - Fastify instance
+ */
+export async function usersRoutes(fastify: FastifyInstance): Promise<void> {
+  /**
+   * Upload avatar
+   *
+   * POST /api/v1/users/avatar
+   * Content-Type: multipart/form-data
+   * Body: { file: File }
+   * Auth: Required
+   * Rate limit: 5 requests per minute
+   */
+  fastify.post(
+    '/users/avatar',
+    {
+      preValidation: [authenticate],
+      config: {
+        rateLimit: {
+          max: 5,
+          timeWindow: '1 minute',
+        },
+      },
+    },
+    usersController.uploadAvatar.bind(usersController)
+  );
+  /**
+   * Delete avatar
+   *
+   * DELETE /api/v1/users/avatar
+   * Auth: Required
+   * Rate limit: 10 requests per minute
+   */
+  fastify.delete(
+    '/users/avatar',
+    {
+      preValidation: [authenticate],
+      config: {
+        rateLimit: {
+          max: 10,
+          timeWindow: '1 minute',
+        },
+      },
+    },
+    usersController.deleteAvatar.bind(usersController)
+  );
+  /**
+   * Get user avatar
+   *
+   * GET /api/v1/users/:userId/avatar
+   * Auth: Not required (public)
+   * Rate limit: 100 requests per minute per IP
+   */
+  fastify.get<{ Params: { userId: string } }>(
+    '/users/:userId/avatar',
+    {
+      schema: {
+        params: GetUserAvatarSchema,
+      },
+      config: {
+        rateLimit: {
+          max: 100,
+          timeWindow: '1 minute',
+        },
+      },
+    },
+    usersController.getAvatar.bind(usersController)
+  );
+}

package/template/server/src/modules/users/users.schemas.ts ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * Users Module Zod Schemas
+ *
+ * Validation schemas for user endpoints.
+ */
+import { z } from 'zod';
+/**
+ * Schema for getting a user's avatar
+ *
+ * Validates userId parameter in URL
+ */
+export const GetUserAvatarSchema = z.object({
+  userId: z.string().uuid({ message: 'Invalid user ID format' }),
+});
+/**
+ * Type inference from schemas
+ */
+export type GetUserAvatarParams = z.infer<typeof GetUserAvatarSchema>;

package/template/server/src/modules/users/users.service.ts ADDED Viewed

@@ -0,0 +1,169 @@
+/**
+ * Users Service
+ *
+ * Business logic for user operations.
+ */
+import { usersRepository } from './users.repo.js';
+import type { SafeUser } from './users.repo.js';
+import { fileStorageService } from '@libs/storage/file-storage.service.js';
+import { imageOptimizerService } from '@libs/storage/image-optimizer.service.js';
+import { NotFoundError, BadRequestError } from '@shared/errors/errors.js';
+import { logger } from '@libs/logger.js';
+import path from 'path';
+/**
+ * Users Service Class
+ *
+ * Handles business logic for user avatar operations.
+ */
+class UsersService {
+  /**
+   * Uploads and sets a user's avatar
+   *
+   * Process:
+   * 1. Get user from database (need first/last name for SEO filename)
+   * 2. Optimize image (resize, compress, convert to WebP)
+   * 3. Generate SEO-friendly filename
+   * 4. Save to user-specific directory
+   * 5. Update user record with avatar URL
+   *
+   * @param userId - User's unique ID
+   * @param fileBuffer - Uploaded image buffer
+   * @param originalFilename - Original filename (for logging)
+   * @returns Updated user with new avatar URL
+   * @throws NotFoundError if user not found
+   */
+  async uploadAvatar(
+    userId: string,
+    fileBuffer: Buffer,
+    originalFilename: string
+  ): Promise<SafeUser> {
+    // Get current user
+    const user = await usersRepository.getUserById(userId);
+    if (!user) {
+      throw new NotFoundError('User not found', 'USER_NOT_FOUND');
+    }
+    logger.info({
+      msg: 'Processing avatar upload',
+      userId,
+      originalFilename,
+      fileSize: fileBuffer.length,
+    });
+    // Optimize image (resize, compress, convert to WebP)
+    const optimizedBuffer = await imageOptimizerService.optimizeAvatar(fileBuffer);
+    // Save to user-specific directory with SEO-friendly filename
+    const { filename, url } = await fileStorageService.saveAvatar(
+      userId,
+      optimizedBuffer,
+      user.firstName,
+      user.lastName
+    );
+    logger.info({
+      msg: 'Avatar file saved',
+      userId,
+      filename,
+      url,
+    });
+    // Update user record with avatar URL
+    const updatedUser = await usersRepository.updateUserAvatar(userId, url);
+    logger.info({ msg: 'Avatar upload complete', userId, avatarUrl: url });
+    return updatedUser;
+  }
+  /**
+   * Deletes a user's avatar
+   *
+   * Process:
+   * 1. Get user from database
+   * 2. Verify user has an avatar
+   * 3. Delete avatar directory from file system
+   * 4. Clear avatar URL in database
+   *
+   * @param userId - User's unique ID
+   * @throws NotFoundError if user not found
+   * @throws BadRequestError if user has no avatar to delete
+   */
+  async deleteAvatar(userId: string): Promise<void> {
+    // Get current user
+    const user = await usersRepository.getUserById(userId);
+    if (!user) {
+      throw new NotFoundError('User not found', 'USER_NOT_FOUND');
+    }
+    // Check if user has an avatar
+    if (!user.avatarUrl) {
+      throw new BadRequestError('User has no avatar to delete', 'NO_AVATAR');
+    }
+    logger.info({ msg: 'Deleting user avatar', userId, avatarUrl: user.avatarUrl });
+    // Delete avatar directory and all contents
+    await fileStorageService.deleteAvatar(userId);
+    // Clear avatar URL in database
+    await usersRepository.clearUserAvatar(userId);
+    logger.info({ msg: 'Avatar deleted successfully', userId });
+  }
+  /**
+   * Gets a user's avatar file path
+   *
+   * Process:
+   * 1. Get user from database
+   * 2. Verify user has an avatar
+   * 3. Extract filename from avatar URL
+   * 4. Build and verify file path
+   *
+   * @param userId - User's unique ID
+   * @returns Absolute file path and public URL
+   * @throws NotFoundError if user not found or has no avatar
+   */
+  async getAvatar(userId: string): Promise<{ path: string; url: string }> {
+    // Get user
+    const user = await usersRepository.getUserById(userId);
+    if (!user) {
+      throw new NotFoundError('User not found', 'USER_NOT_FOUND');
+    }
+    // Check if user has an avatar
+    if (!user.avatarUrl) {
+      throw new NotFoundError('User has no avatar', 'NO_AVATAR');
+    }
+    // Extract filename from URL (last segment)
+    // URL format: /uploads/avatars/{userId}/{filename}
+    const filename = path.basename(user.avatarUrl);
+    // Build full file path
+    const filePath = fileStorageService.getAvatarPath(userId, filename);
+    // Verify file exists on disk
+    const exists = await fileStorageService.fileExists(filePath);
+    if (!exists) {
+      logger.error({
+        msg: 'Avatar file missing from disk',
+        userId,
+        avatarUrl: user.avatarUrl,
+        filePath,
+      });
+      throw new NotFoundError('Avatar file not found on disk', 'AVATAR_FILE_NOT_FOUND');
+    }
+    return {
+      path: filePath,
+      url: user.avatarUrl,
+    };
+  }
+}
+// Export singleton instance
+export const usersService = new UsersService();