create-tigra 1.1.0 → 2.0.1

package/template/server/REMAINING_IMPORT_FIXES.md

@@ -1,150 +0,0 @@
-# Final Import Fix Guide - Remaining 9 Files
-
-## Completed So Far (11/20)
-1. ✅ server.ts
-2. ✅ app.ts
-3. ✅ libs/db.ts
-4. ✅ libs/redis.ts
-5. ✅ libs/queue.ts
-6. ✅ libs/error-handler.ts
-7. ✅ libs/auth/authenticate.middleware.ts
-8. ✅ libs/auth/rbac.middleware.ts
-9. ✅ hooks/request-timing.hook.ts
-10. ✅ plugins/security.plugin.ts
-11. ✅ (Continue from here)
-
-## Remaining Files - Exact Changes Needed
-
-### 1. plugins/rate-limit.plugin.ts
-**File location:** `src/plugins/rate-limit.plugin.ts`
-
-**Changes:**
-- Line 3: `from '@/libs/redis'` → `from '../libs/redis.js'`
-- Line 4: `from '@/config/env'` → `from '../config/env.js'`
-
-### 2. routes/health.routes.ts
-**File location:** `src/routes/health.routes.ts`
-
-**Changes:**
-- Line 2: `from '@/libs/db'` → `from '../libs/db.js'`
-- Line 3: `from '@/libs/redis'` → `from '../libs/redis.js'`
-
-### 3. workers/file.worker.ts
-**File location:** `src/workers/file.worker.ts`
-
-**Changes:**
-- Line 11: `from '@/libs/redis'` → `from '../libs/redis.js'`
-- Line 12: `from '@/libs/logger'` → `from '../libs/logger.js'`
-
-### 4. types/fastify.d.ts
-**File location:** `src/types/fastify.d.ts`
-
-**Changes:**
-- `from '@/modules/auth/auth.types'` → `from '../modules/auth/auth.types.js'`
-- `from '@/libs/auth/rbac.middleware'` → `from '../libs/auth/rbac.middleware.js'`
-
-### 5. modules/auth/auth.controller.ts
-**File location:** `src/modules/auth/auth.controller.ts`
-
-**Changes:**
-- `from '@/utils/response'` → `from '../../utils/response.js'`
-- `from '@/utils/errors'` → `from '../../utils/errors.js'`
-- `from './auth.service'` → `from './auth.service.js'`
-- `from './auth.repo'` → `from './auth.repo.js'`
-- `from './auth.schemas'` → `from './auth.schemas.js'` (appears twice)
-
-### 6. modules/auth/auth.service.ts
-**File location:** `src/modules/auth/auth.service.ts`
-
-**Changes:**
-- `from '@/config/env'` → `from '../../config/env.js'`
-- `from '@/libs/logger'` → `from '../../libs/logger.js'`
-- `from '@/utils/errors'` → `from '../../utils/errors.js'`
-- `from './auth.repo'` → `from './auth.repo.js'`
-- `from './auth.types'` → `from './auth.types.js'`
-- `from './auth.schemas'` → `from './auth.schemas.js'`
-
-### 7. modules/auth/auth.repo.ts
-**File location:** `src/modules/auth/auth.repo.ts`
-
-**Changes:**
-- `from '@/libs/db'` → `from '../../libs/db.js'`
-- `from './auth.types'` → `from './auth.types.js'`
-
-### 8. modules/admin/admin.controller.ts
-**File location:** `src/modules/admin/admin.controller.ts`
-
-**Changes:**
-- `from '@/utils/response'` → `from '../../utils/response.js'`
-- `from '@/utils/errors'` → `from '../../utils/errors.js'`
-- `from './admin.service'` → `from './admin.service.js'`
-- `from './admin.schemas'` → `from './admin.schemas.js'`
-
-### 9. modules/admin/admin.service.ts
-**File location:** `src/modules/admin/admin.service.ts`
-
-**Changes:**
-- `from '@/libs/db'` → `from '../../libs/db.js'`
-- `from '@/utils/errors'` → `from '../../utils/errors.js'`
-- `from '@/libs/logger'` → `from '../../libs/logger.js'`
-
-### 10. modules/resources/resources.controller.ts
-**File location:** `src/modules/resources/resources.controller.ts`
-
-**Changes:**
-- `from '@/utils/response'` → `from '../../utils/response.js'`
-- `from '@/utils/pagination'` → `from '../../utils/pagination.js'`
-- `from './resources.service'` → `from './resources.service.js'`
-- `from './resources.schemas'` → `from './resources.schemas.js'` (appears twice)
-
-### 11. modules/resources/resources.service.ts
-**File location:** `src/modules/resources/resources.service.ts`
-
-**Changes:**
-- `from '@/libs/logger'` → `from '../../libs/logger.js'`
-- `from '@/utils/errors'` → `from '../../utils/errors.js'`
-- `from './resources.repo'` → `from './resources.repo.js'`
-- `from './resources.types'` → `from './resources.types.js'`
-- `from './resources.schemas'` → `from './resources.schemas.js'`
-
-### 12. modules/resources/resources.repo.ts
-**File location:** `src/modules/resources/resources.repo.ts`
-
-**Changes:**
-- `from '@/libs/db'` → `from '../../libs/db.js'`
-- `from './resources.types'` → `from './resources.types.js'`
-- `from './resources.schemas'` → `from './resources.schemas.js'`
-
-## Pattern Summary
-
-### For files in `src/` (depth 0):
-- `@/config/*` → `./config/*.js`
-- `@/libs/*` → `./libs/*.js`
-- `@/modules/*` → `./modules/*.js`
-
-### For files in `src/subfolder/` (depth 1):
-- `@/config/*` → `../config/*.js`
-- `@/libs/*` → `../libs/*.js`
-- `@/modules/*` → `../modules/*.js`
-- `@/utils/*` → `../utils/*.js`
-
-### For files in `src/subfolder/subfolder/` (depth 2):
-- `@/config/*` → `../../config/*.js`
-- `@/libs/*` → `../../libs/*.js`
-- `@/utils/*` → `../../utils/*.js`
-- `./file` → `./file.js`
-
-## After Completing All Fixes
-
-1. Delete `.tsc-aliasrc.json`
-2. Run `npm run build` to test compilation
-3. Fix any remaining errors
-4. Run `npm start` to test execution
-
-## Quick Test Command
-```powershell
-# From template/server directory
-npm run build
-```
-
-If build succeeds, all imports are correctly fixed!

package/template/server/SECURITY.md

@@ -1,190 +0,0 @@
-# Security Considerations
-
-## Overview
-
-This document outlines known security considerations for this project. We take security seriously and regularly audit our dependencies for vulnerabilities.
-
-**Last Security Audit**: January 10, 2026  
-**Next Scheduled Audit**: February 10, 2026
-
----
-
-## Current Security Status
-
-**Production Dependencies**: 100% Secure (0 vulnerabilities)  
-**Development Dependencies**: 100% Secure (0 vulnerabilities)  
-**Overall Security Score**: 100/100
-
----
-
-## Known Issues
-
-**None** - All dependencies are currently secure with no known vulnerabilities.
-
----
-
-## Security Best Practices
-
-### Dependency Management
-
-1. **Monthly Security Audits**
-   ```bash
-   npm audit
-   npm outdated
-   ```
-
-2. **Automated Monitoring**
-   - Enable GitHub Dependabot
-   - Subscribe to security advisories
-   - Monitor npm security feeds
-
-3. **Update Strategy**
-   - Patch versions: Update immediately
-   - Minor versions: Update monthly
-   - Major versions: Review and test before updating
-
-### Environment Variables
-
-1. **Never Commit Secrets**
-   - Use `.env` files (gitignored)
-   - Use environment-specific configurations
-   - Rotate secrets regularly
-
-2. **Required Environment Variables**
-   ```bash
-   # See .env.example for full list
-   DATABASE_URL=mysql://...
-   JWT_SECRET=<minimum-32-characters>
-   REDIS_HOST=localhost
-   ```
-
-3. **Validation**
-   - All environment variables are validated at startup
-   - See `src/config/env.ts` for schema
-
-### Authentication & Authorization
-
-1. **JWT Security**
-   - Tokens include issuer validation
-   - Access tokens expire in 15 minutes
-   - Refresh tokens expire in 7 days
-   - Secure secret (minimum 32 characters)
-
-2. **Password Security**
-   - bcrypt with 10 rounds
-   - Minimum password requirements enforced
-   - No password storage in logs
-
-3. **Role-Based Access Control (RBAC)**
-   - Implemented via middleware
-   - Three roles: USER, ORGANIZATION, ADMIN
-   - Route-level permission checks
-
-### API Security
-
-1. **Rate Limiting**
-   - Global: 100 requests per 15 minutes
-   - Login: 5 requests per 15 minutes
-   - Configurable per route
-
-2. **Input Validation**
-   - All inputs validated with Zod schemas
-   - Type-safe validation
-   - Automatic error responses
-
-3. **Security Headers**
-   - Helmet.js for security headers
-   - CORS properly configured
-   - CSP enabled in production
-
-### Database Security
-
-1. **SQL Injection Prevention**
-   - Prisma ORM (parameterized queries)
-   - No raw SQL with user input
-   - Type-safe database access
-
-2. **Connection Security**
-   - Encrypted connections (SSL/TLS)
-   - Connection pooling
-   - Credential rotation
-
-### Monitoring & Logging
-
-1. **Structured Logging**
-   - Pino for high-performance logging
-   - Sensitive data redaction
-   - Request ID tracking
-
-2. **Error Handling**
-   - No stack traces in production responses
-   - Internal errors logged securely
-   - User-friendly error messages
-
----
-
-## Reporting Security Issues
-
-If you discover a security vulnerability, please follow responsible disclosure:
-
-1. **Do NOT** open a public GitHub issue
-2. Email security concerns to: [itorn9777@gmail.com]
-3. Include:
-   - Description of the vulnerability
-   - Steps to reproduce
-   - Potential impact
-   - Suggested fix (if any)
-
-We will respond within 48 hours and work with you to address the issue.
-
----
-
-## Security Audit History
-
-### January 10, 2026
-- **Action**: Comprehensive dependency update
-- **Vulnerabilities Fixed**: 8 out of 8 (100%)
-- **Status**: All dependencies 100% secure
-- **Remaining**: None
-- **Next Review**: February 10, 2026
-
-### Previous Audits
-- Initial security setup and configuration
-
----
-
-## Compliance & Standards
-
-This project follows security best practices including:
-
-- OWASP Top 10 guidelines
-- Secure coding standards
-- Regular dependency audits
-- Input validation and sanitization
-- Secure authentication and authorization
-- Encrypted data transmission
-- Comprehensive logging and monitoring
-
----
-
-## Additional Resources
-
-**Security Tools:**
-- npm audit: Built-in vulnerability scanner
-- Snyk: https://snyk.io/
-- GitHub Dependabot: Automated dependency updates
-
-**Security Guides:**
-- OWASP: https://owasp.org/
-- Node.js Security Best Practices: https://nodejs.org/en/docs/guides/security/
-- Fastify Security: https://www.fastify.io/docs/latest/Guides/Security/
-
-**Monitoring:**
-- npm Security Advisories: https://github.com/advisories
-- Node.js Security Releases: https://nodejs.org/en/blog/vulnerability/
-
----
-
-**Last Updated**: January 10, 2026  
-**Maintained By**: Development Team  
-**Review Schedule**: Monthly