create-tigra 1.1.0 → 2.0.1

package/template/server/biome.json

@@ -1,42 +0,0 @@
-{
-  "$schema": "https://biomejs.dev/schemas/1.9.0/schema.json",
-  "organizeImports": {
-    "enabled": true
-  },
-  "linter": {
-    "enabled": true,
-    "rules": {
-      "recommended": true,
-      "complexity": {
-        "noForEach": "off"
-      },
-      "suspicious": {
-        "noExplicitAny": "warn"
-      },
-      "style": {
-        "noNonNullAssertion": "off"
-      }
-    }
-  },
-  "formatter": {
-    "enabled": true,
-    "indentStyle": "space",
-    "indentWidth": 4,
-    "lineWidth": 100
-  },
-  "javascript": {
-    "formatter": {
-      "quoteStyle": "single",
-      "trailingCommas": "es5",
-      "semicolons": "always"
-    }
-  },
-  "files": {
-    "ignore": [
-      "node_modules",
-      "dist",
-      "coverage",
-      "*.json"
-    ]
-  }
-}

package/template/server/scripts/fix-all-imports.ps1

@@ -1,52 +0,0 @@
-# PowerShell script to fix all @/ imports in TypeScript files
-# Run this from the server directory: .\scripts\fix-all-imports.ps1
-
-$files = Get-ChildItem -Path "src" -Filter "*.ts" -Recurse | Where-Object { $_.Name -notlike "*.d.ts" }
-
-foreach ($file in $files) {
-    $content = Get-Content $file.FullName -Raw
-    $originalContent = $content
-    
-    # Calculate relative path depth based on file location
-    $relativePath = $file.FullName.Replace((Get-Location).Path + "\src\", "")
-    $depth = ($relativePath.Split('\').Length - 1)
-    $prefix = if ($depth -eq 0) { "./" } else { ("../" * $depth) }
-    
-    # Replace @/config/* imports
-    $content = $content -replace "from '@/config/([^']+)'", "from '${prefix}config/`$1.js'"
-    
-    # Replace @/libs/* imports
-    $content = $content -replace "from '@/libs/([^']+)'", "from '${prefix}libs/`$1.js'"
-    
-    # Replace @/modules/* imports  
-    $content = $content -replace "from '@/modules/([^']+)'", "from '${prefix}modules/`$1.js'"
-    
-    # Replace @/utils/* imports
-    $content = $content -replace "from '@/utils/([^']+)'", "from '${prefix}utils/`$1.js'"
-    
-    # Replace @/types/* imports
-    $content = $content -replace "from '@/types/([^']+)'", "from '${prefix}types/`$1.js'"
-    
-    # Replace @/plugins/* imports
-    $content = $content -replace "from '@/plugins/([^']+)'", "from '${prefix}plugins/`$1.js'"
-    
-    # Replace @/hooks/* imports
-    $content = $content -replace "from '@/hooks/([^']+)'", "from '${prefix}hooks/`$1.js'"
-    
-    # Replace @/routes/* imports
-    $content = $content -replace "from '@/routes/([^']+)'", "from '${prefix}routes/`$1.js'"
-    
-    # Replace @/workers/* imports
-    $content = $content -replace "from '@/workers/([^']+)'", "from '${prefix}workers/`$1.js'"
-    
-    # Fix relative imports that don't have .js extension
-    $content = $content -replace "from '\./([^']+)(?<!\.js)'", "from './`$1.js'"
-    $content = $content -replace "from '\.\.\/([^']+)(?<!\.js)'", "from '../`$1.js'"
-    
-    if ($content -ne $originalContent) {
-        Set-Content -Path $file.FullName -Value $content -NoNewline
-        Write-Host "✓ Fixed: $($file.FullName)" -ForegroundColor Green
-    }
-}
-
-Write-Host "`n✅ All imports have been converted!" -ForegroundColor Cyan

package/template/server/scripts/fix-imports-reference.ps1

@@ -1,16 +0,0 @@
-# PowerShell script to convert @/ imports to relative .js imports
-# This is a reference - the actual conversion will be done file by file
-
-Write-Host "This script shows the pattern for converting imports:" -ForegroundColor Yellow
-Write-Host ""
-Write-Host "Pattern to find:" -ForegroundColor Cyan
-Write-Host "  from '@/config/env'"
-Write-Host "  from '@/libs/logger'"
-Write-Host "  from '@/libs/db'"
-Write-Host ""
-Write-Host "Convert to relative paths with .js:" -ForegroundColor Green  
-Write-Host "  from './config/env.js'  (if in src/)"
-Write-Host "  from '../config/env.js' (if in src/subfolder/)"
-Write-Host "  from '../../config/env.js' (if in src/subfolder/subfolder/)"
-Write-Host ""
-Write-Host "The conversion is being done manually for each file." -ForegroundColor Yellow

package/template/server/scripts/fix-imports.mjs

@@ -1,55 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Script to convert @/ path aliases to relative imports with .js extensions
- * Run this after removing path aliases from tsconfig
- */
-
-import { readFileSync, writeFileSync } from 'fs';
-import { glob } from 'glob';
-import { relative, dirname, join } from 'path';
-
-const files = glob.sync('src/**/*.ts', { ignore: ['**/*.d.ts'] });
-
-files.forEach(file => {
-    let content = readFileSync(file, 'utf-8');
-    const lines = content.split('\n');
-
-    const newLines = lines.map(line => {
-        // Match import statements with @/ aliases
-        const match = line.match(/^(import .* from ['"])@\/(.+)(['"];?)$/);
-
-        if (match) {
-            const [, prefix, importPath, suffix] = match;
-            const currentDir = dirname(file);
-            const targetPath = join('src', importPath);
-            let relativePath = relative(currentDir, targetPath);
-
-            // Ensure it starts with ./  or ../
-            if (!relativePath.startsWith('.')) {
-                relativePath = './' + relativePath;
-            }
-
-            // Add .js extension if not already there
-            if (!relativePath.endsWith('.js')) {
-                relativePath += '.js';
-            }
-
-            // Fix Windows backslashes
-            relativePath = relativePath.replace(/\\/g, '/');
-
-            return `${prefix}${relativePath}${suffix}`;
-        }
-
-        return line;
-    });
-
-    const newContent = newLines.join('\n');
-
-    if (newContent !== content) {
-        writeFileSync(file, newContent);
-        console.log(`✓ Fixed: ${file}`);
-    }
-});
-
-console.log('\n✅ All imports converted!');

package/template/server/scripts/setup-env.js

@@ -1,50 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Setup environment file
- * Copies .env.example to .env if .env doesn't exist
- */
-
-import fs from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-import { dirname } from 'path';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-
-const ROOT_DIR = path.resolve(__dirname, '..');
-const ENV_FILE = path.join(ROOT_DIR, '.env');
-const EXAMPLE_ENV_FILE = path.join(ROOT_DIR, '.env.example');
-
-function setupEnv() {
-  // Check if .env already exists
-  if (fs.existsSync(ENV_FILE)) {
-    console.log('✓ .env file already exists');
-    return;
-  }
-
-  // Check if .env.example exists
-  if (!fs.existsSync(EXAMPLE_ENV_FILE)) {
-    console.error('✗ .env.example file not found!');
-    console.error('  Please create a .env.example file first');
-    process.exit(1);
-  }
-
-  // Copy .env.example to .env
-  try {
-    fs.copyFileSync(EXAMPLE_ENV_FILE, ENV_FILE);
-    console.log('✓ Created .env file from .env.example');
-    console.log('');
-    console.log('⚠ IMPORTANT: Please update the following values in .env:');
-    console.log('  - DATABASE_URL (replace {{DATABASE_PASSWORD}} and {{DATABASE_NAME}})');
-    console.log('  - JWT_SECRET (use a strong secret in production)');
-    console.log('  - ADMIN_EMAIL and ADMIN_PASSWORD');
-    console.log('');
-  } catch (error) {
-    console.error('✗ Failed to create .env file:', error.message);
-    process.exit(1);
-  }
-}
-
-setupEnv();

package/template/server/scripts/wait-for-db.js

@@ -1,60 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Wait for database to be ready before running migrations
- * This script polls the database connection until it's available
- */
-
-import { createConnection } from 'mysql2/promise';
-import { config } from 'dotenv';
-import { resolve } from 'path';
-
-// Load environment variables
-config({ path: resolve(process.cwd(), '.env') });
-
-const MAX_ATTEMPTS = 30; // 30 attempts
-const RETRY_DELAY = 2000; // 2 seconds between attempts
-
-async function waitForDatabase() {
-  const dbConfig = {
-    host: process.env.DB_HOST || 'localhost',
-    port: parseInt(process.env.DB_PORT || '3306'),
-    user: process.env.DB_USER || 'root',
-    password: process.env.DB_PASSWORD || 'password',
-    database: process.env.DB_NAME,
-  };
-
-  console.log('Waiting for database to be ready...');
-  console.log(`   Host: ${dbConfig.host}:${dbConfig.port}`);
-  console.log(`   Database: ${dbConfig.database}`);
-  console.log();
-
-  for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
-    try {
-      const connection = await createConnection(dbConfig);
-      await connection.ping();
-      await connection.end();
-
-      console.log('Database is ready!');
-      console.log();
-      process.exit(0);
-    } catch (error) {
-      if (attempt === MAX_ATTEMPTS) {
-        console.error('Database failed to become ready after maximum attempts');
-        console.error(`   Error: ${error.message}`);
-        console.error();
-        console.error('Troubleshooting:');
-        console.error('   1. Ensure Docker is running: docker ps');
-        console.error('   2. Check if containers are healthy: docker-compose ps');
-        console.error('   3. View MySQL logs: docker-compose logs mysql');
-        console.error('   4. Restart containers: docker-compose restart');
-        process.exit(1);
-      }
-
-      process.stdout.write(`   Attempt ${attempt}/${MAX_ATTEMPTS} - Database not ready yet, retrying in ${RETRY_DELAY / 1000}s...\r`);
-      await new Promise(resolve => setTimeout(resolve, RETRY_DELAY));
-    }
-  }
-}
-
-waitForDatabase();

package/template/server/src/hooks/request-timing.hook.ts

@@ -1,26 +0,0 @@
-import { FastifyInstance } from 'fastify';
-import { env } from '../config/env.js';
-
-export function registerRequestHooks(app: FastifyInstance) {
-    app.addHook('onRequest', async (request) => {
-        request.startTime = Date.now();
-    });
-
-    app.addHook('onResponse', async (request, reply) => {
-        const duration = Date.now() - request.startTime;
-        const logData = {
-            method: request.method,
-            url: request.url,
-            statusCode: reply.statusCode,
-            duration: `${duration}ms`,
-            ip: request.ip,
-            requestId: request.id,
-        };
-
-        if (duration > env.SLOW_QUERY_THRESHOLD) {
-            app.log.warn(logData, 'Slow response detected');
-        } else {
-            app.log.info(logData, 'Request completed');
-        }
-    });
-}

package/template/server/src/libs/auth/authenticate.middleware.ts

@@ -1,22 +0,0 @@
-import { FastifyReply, FastifyRequest } from 'fastify';
-import { verifyAccessToken } from '../../modules/auth/auth.service.js';
-import { UnauthorizedError, AppError } from '../../utils/errors.js';
-
-export async function authenticateMiddleware(request: FastifyRequest, reply: FastifyReply) {
-    try {
-        const authHeader = request.headers.authorization;
-        if (!authHeader || !authHeader.startsWith('Bearer ')) {
-            throw new UnauthorizedError('Authentication token missing');
-        }
-
-        const token = authHeader.split(' ')[1];
-        if (!token) {
-            throw new UnauthorizedError('Malformed authentication token');
-        }
-
-        const payload = await verifyAccessToken(token);
-        request.user = payload;
-    } catch (error) {
-        throw error instanceof AppError ? error : new UnauthorizedError('Invalid or expired token');
-    }
-}

package/template/server/src/libs/auth/rbac.middleware.test.ts

@@ -1,134 +0,0 @@
-/**
- * RBAC Middleware Tests
- * 
- * Tests for role-based access control middleware functions.
- */
-
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import type { FastifyRequest, FastifyReply } from 'fastify';
-import { requireRole, requireAdmin, requireUser, hasRole, isAdmin } from './rbac.middleware';
-import { ForbiddenError, UnauthorizedError } from '../../utils/errors';
-
-describe('RBAC Middleware', () => {
-    let mockRequest: any;
-    let mockReply: any;
-
-    beforeEach(() => {
-        mockRequest = {
-            user: undefined,
-        };
-        mockReply = {};
-    });
-
-    describe('requireRole', () => {
-        it('should allow access when user has required role', async () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-            const middleware = requireRole('ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should allow access when user has one of multiple allowed roles', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireRole('USER', 'ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should throw UnauthorizedError when user is not authenticated', async () => {
-            mockRequest.user = undefined;
-            const middleware = requireRole('ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(UnauthorizedError);
-        });
-
-        it('should throw ForbiddenError when user lacks required role', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireRole('ADMIN');
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(ForbiddenError);
-        });
-    });
-
-    describe('requireAdmin', () => {
-        it('should allow access for ADMIN users', async () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-            const middleware = requireAdmin();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should deny access for USER role', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireAdmin();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(ForbiddenError);
-        });
-    });
-
-    describe('requireUser', () => {
-        it('should allow access for USER role', async () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-            const middleware = requireUser();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).resolves.not.toThrow();
-        });
-
-        it('should deny access for ADMIN role', async () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-            const middleware = requireUser();
-
-            await expect(
-                middleware(mockRequest as FastifyRequest, mockReply as FastifyReply)
-            ).rejects.toThrow(ForbiddenError);
-        });
-    });
-
-    describe('hasRole utility', () => {
-        it('should return true when user has the role', () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-
-            expect(hasRole(mockRequest as FastifyRequest, 'ADMIN')).toBe(true);
-        });
-
-        it('should return false when user does not have the role', () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-
-            expect(hasRole(mockRequest as FastifyRequest, 'ADMIN')).toBe(false);
-        });
-
-        it('should return false when user is not authenticated', () => {
-            mockRequest.user = undefined;
-
-            expect(hasRole(mockRequest as FastifyRequest, 'ADMIN')).toBe(false);
-        });
-    });
-
-    describe('isAdmin utility', () => {
-        it('should return true for ADMIN users', () => {
-            mockRequest.user = { userId: '123', email: 'admin@test.com', role: 'ADMIN' };
-
-            expect(isAdmin(mockRequest as FastifyRequest)).toBe(true);
-        });
-
-        it('should return false for non-ADMIN users', () => {
-            mockRequest.user = { userId: '123', email: 'user@test.com', role: 'USER' };
-
-            expect(isAdmin(mockRequest as FastifyRequest)).toBe(false);
-        });
-    });
-});

package/template/server/src/libs/auth/rbac.middleware.ts

@@ -1,147 +0,0 @@
-/**
- * Role-Based Access Control (RBAC) Middleware
- * 
- * Provides middleware functions to enforce role-based permissions on routes.
- * Must be used AFTER the authenticate middleware.
- * 
- * @see /mnt/project/02-general-rules.md
- */
-
-import type { FastifyRequest, FastifyReply } from 'fastify';
-import { ForbiddenError, UnauthorizedError } from '../../utils/errors.js';
-
-/**
- * User Role Type
- * 
- * Must match the roles defined in Prisma schema and JWT payload
- */
-export type UserRole = 'USER' | 'ADMIN';
-
-/**
- * RBAC Middleware Factory
- * 
- * Creates a preHandler middleware that checks if the authenticated user
- * has one of the required roles.
- * 
- * @param allowedRoles - Array of roles that are allowed to access the route
- * @returns Fastify preHandler function
- * 
- * @example
- * // Single role
- * app.get('/admin/users', {
- *   preHandler: [app.authenticate, requireRole('ADMIN')],
- *   handler: adminController.listUsers
- * });
- * 
- * @example
- * // Multiple roles
- * app.post('/resources', {
- *   preHandler: [app.authenticate, requireRole('USER', 'ADMIN')],
- *   handler: resourceController.create
- * });
- */
-export function requireRole(...allowedRoles: UserRole[]) {
-    return async (request: FastifyRequest, _reply: FastifyReply): Promise<void> => {
-        // Ensure user is authenticated (should be set by app.authenticate)
-        if (!request.user) {
-            throw new UnauthorizedError('Authentication required');
-        }
-
-        const userRole = request.user.role as UserRole;
-
-        // Validate that user's role is in the allowed roles list
-        if (!allowedRoles.includes(userRole)) {
-            throw new ForbiddenError(
-                `Access denied. Required role: ${allowedRoles.join(' or ')}`
-            );
-        }
-
-        // User has required role, allow request to proceed
-    };
-}
-
-/**
- * Require ADMIN role
- * 
- * Shorthand helper for routes that require admin access only.
- * 
- * @example
- * app.delete('/users/:id', {
- *   preHandler: [app.authenticate, requireAdmin()],
- *   handler: userController.deleteUser
- * });
- */
-export const requireAdmin = () => requireRole('ADMIN');
-
-/**
- * Require USER role
- * 
- * Shorthand helper for routes that require standard user access.
- * Note: This excludes ADMIN users. Use requireAny() to allow both.
- * 
- * @example
- * app.get('/profile', {
- *   preHandler: [app.authenticate, requireUser()],
- *   handler: userController.getProfile
- * });
- */
-export const requireUser = () => requireRole('USER');
-
-/**
- * Require any authenticated user (USER or ADMIN)
- * 
- * Shorthand helper for routes that require authentication but accept any role.
- * This is equivalent to just using app.authenticate without role checking.
- * 
- * @example
- * app.get('/resources', {
- *   preHandler: [app.authenticate, requireAny()],
- *   handler: resourceController.list
- * });
- */
-export const requireAny = () => requireRole('USER', 'ADMIN');
-
-/**
- * Check if user has specific role (utility function)
- * 
- * Can be used within route handlers for conditional logic.
- * 
- * @param request - Fastify request object
- * @param role - Role to check
- * @returns true if user has the role, false otherwise
- * 
- * @example
- * export async function getResources(request: FastifyRequest) {
- *   const resources = await resourceRepo.findAll();
- *   
- *   // Filter sensitive data for non-admin users
- *   if (!hasRole(request, 'ADMIN')) {
- *     return resources.map(r => omit(r, 'internalNotes'));
- *   }
- *   
- *   return resources;
- * }
- */
-export function hasRole(request: FastifyRequest, role: UserRole): boolean {
-    return request.user?.role === role;
-}
-
-/**
- * Check if user is admin (utility function)
- * 
- * @param request - Fastify request object
- * @returns true if user is admin, false otherwise
- */
-export function isAdmin(request: FastifyRequest): boolean {
-    return hasRole(request, 'ADMIN');
-}
-
-/**
- * Check if user is regular user (utility function)
- * 
- * @param request - Fastify request object
- * @returns true if user is regular user, false otherwise
- */
-export function isUser(request: FastifyRequest): boolean {
-    return hasRole(request, 'USER');
-}

package/template/server/src/libs/db.ts

@@ -1,76 +0,0 @@
-/**
- * Database Connection
- * 
- * Prisma Client instance with query logging and error handling.
- * 
- * @see /mnt/project/01-db-and-migrations.md
- * @see /mnt/project/08-observability.md
- */
-
-import { PrismaClient, Prisma } from '@prisma/client';
-import logger from './logger.js';
-
-/**
- * Create Prisma Client instance
- * 
- * Features:
- * - Slow query logging (> 1000ms)
- * - Error logging
- * - Query logging in development (optional)
- */
-const prisma = new PrismaClient({
-    log:
-        process.env['PRISMA_QUERY_LOG'] === 'true'
-            ? [
-                { level: 'query', emit: 'event' },
-                { level: 'info', emit: 'stdout' },
-                { level: 'warn', emit: 'stdout' },
-                { level: 'error', emit: 'event' },
-            ]
-            : [
-                { level: 'warn', emit: 'stdout' },
-                { level: 'error', emit: 'event' },
-                { level: 'query', emit: 'event' },
-            ],
-});
-
-/**
- * Slow Query Logging
- * 
- * Logs a warning when a query takes longer than the threshold.
- * Helps identify performance bottlenecks.
- */
-prisma.$on('query', (e: Prisma.QueryEvent) => {
-    const threshold = parseInt(process.env['SLOW_QUERY_THRESHOLD'] || '1000');
-
-    if (e.duration > threshold) {
-        logger.warn(
-            {
-                query: e.query,
-                params: e.params,
-                duration: e.duration,
-                target: e.target,
-            },
-            `Slow query detected (${e.duration}ms)`
-        );
-    }
-});
-
-/**
- * Error Logging
- * 
- * Logs database errors for monitoring and debugging.
- */
-prisma.$on('error', (e: Prisma.LogEvent) => {
-    logger.error(
-        {
-            message: e.message,
-            target: e.target,
-        },
-        'Database error occurred'
-    );
-});
-
-
-
-export { prisma };