npm - create-tigra - Versions diffs - 2.1.5 → 2.2.0 - Mend

create-tigra 2.1.5 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/template/server/src/modules/users/users.controller.ts CHANGED Viewed

@@ -9,7 +9,8 @@ import path from 'path';
 import { usersService } from './users.service.js';
 import { validateImageFile, validateFileSize } from '@libs/storage/file-validator.js';
 import { successResponse } from '@shared/responses/successResponse.js';
-import type { GetUserAvatarParams } from './users.schemas.js';
+import { clearAuthCookies } from '@libs/cookies.js';
+import type { GetUserAvatarParams, UpdateProfileInput, ChangePasswordInput, DeleteAccountInput } from './users.schemas.js';
 import type { AuthenticatedRequest } from '@shared/types/index.js';
 import { logger } from '@libs/logger.js';
 import { BadRequestError } from '@shared/errors/errors.js';
@@ -114,6 +115,74 @@ class UsersController {
     // Send file directly
     return reply.sendFile(path.basename(filePath), path.dirname(filePath));
   }
+  /**
+   * Update profile handler
+   *
+   * PATCH /api/v1/users/me
+   * Auth: Required (JWT)
+   *
+   * @param request - Fastify request (authenticated)
+   * @param reply - Fastify reply
+   */
+  async updateProfile(
+    request: FastifyRequest<{ Body: UpdateProfileInput }>,
+    reply: FastifyReply
+  ): Promise<void> {
+    const userId = request.user.userId;
+    logger.info({ msg: 'Update profile request', userId });
+    const updatedUser = await usersService.updateProfile(userId, request.body);
+    return reply.send(successResponse('Profile updated successfully', updatedUser));
+  }
+  /**
+   * Change password handler
+   *
+   * PATCH /api/v1/users/me/password
+   * Auth: Required (JWT)
+   *
+   * @param request - Fastify request (authenticated)
+   * @param reply - Fastify reply
+   */
+  async changePassword(
+    request: FastifyRequest<{ Body: ChangePasswordInput }>,
+    reply: FastifyReply
+  ): Promise<void> {
+    const userId = request.user.userId;
+    logger.info({ msg: 'Change password request', userId });
+    await usersService.changePassword(userId, request.body);
+    return reply.send(successResponse('Password changed successfully', null));
+  }
+  /**
+   * Delete account handler
+   *
+   * DELETE /api/v1/users/me
+   * Auth: Required (JWT)
+   *
+   * @param request - Fastify request (authenticated)
+   * @param reply - Fastify reply
+   */
+  async deleteAccount(
+    request: FastifyRequest<{ Body: DeleteAccountInput }>,
+    reply: FastifyReply
+  ): Promise<void> {
+    const userId = request.user.userId;
+    logger.info({ msg: 'Delete account request', userId });
+    await usersService.deleteAccount(userId, request.body.password);
+    clearAuthCookies(reply);
+    return reply.send(successResponse('Account deleted successfully', null));
+  }
 }
 // Export singleton instance

package/template/server/src/modules/users/users.repo.ts CHANGED Viewed

@@ -71,6 +71,33 @@ class UsersRepository {
       select: userSelect,
     });
   }
+  /**
+   * Updates a user's profile fields
+   */
+  async updateUserProfile(
+    userId: string,
+    data: { firstName?: string; lastName?: string }
+  ): Promise<SafeUser> {
+    return prisma.user.update({
+      where: { id: userId },
+      data,
+      select: userSelect,
+    });
+  }
+  /**
+   * Soft deletes a user by setting deletedAt and isActive = false
+   */
+  async softDeleteUser(userId: string): Promise<void> {
+    await prisma.user.update({
+      where: { id: userId },
+      data: {
+        deletedAt: new Date(),
+        isActive: false,
+      },
+    });
+  }
 }
 // Export singleton instance

package/template/server/src/modules/users/users.routes.ts CHANGED Viewed

@@ -6,20 +6,99 @@
 import type { FastifyInstance } from 'fastify';
 import { usersController } from './users.controller.js';
-import { GetUserAvatarSchema } from './users.schemas.js';
+import {
+  GetUserAvatarSchema,
+  UpdateProfileSchema,
+  ChangePasswordSchema,
+  DeleteAccountSchema,
+} from './users.schemas.js';
 import { authenticate } from '@libs/auth.js';
+import { RATE_LIMITS } from '@config/rate-limit.config.js';
 /**
  * Users routes plugin
  *
  * Endpoints:
- * - POST   /users/avatar       - Upload avatar (authenticated)
- * - DELETE /users/avatar       - Delete avatar (authenticated)
- * - GET    /users/:userId/avatar - Get avatar (public)
+ * - PATCH  /users/me              - Update profile (authenticated)
+ * - PATCH  /users/me/password     - Change password (authenticated)
+ * - DELETE /users/me              - Delete account (authenticated)
+ * - POST   /users/avatar          - Upload avatar (authenticated)
+ * - DELETE /users/avatar          - Delete avatar (authenticated)
+ * - GET    /users/:userId/avatar  - Get avatar (public)
  *
  * @param fastify - Fastify instance
  */
 export async function usersRoutes(fastify: FastifyInstance): Promise<void> {
+  // --- Profile Management ---
+  /**
+   * Update profile
+   *
+   * PATCH /api/v1/users/me
+   * Body: { firstName?, lastName? }
+   * Auth: Required
+   * Rate limit: 10 requests per minute
+   */
+  fastify.patch(
+    '/users/me',
+    {
+      preValidation: [authenticate],
+      schema: {
+        body: UpdateProfileSchema,
+      },
+      config: {
+        rateLimit: RATE_LIMITS.USERS_UPDATE_PROFILE,
+      },
+    },
+    usersController.updateProfile.bind(usersController)
+  );
+  /**
+   * Change password
+   *
+   * PATCH /api/v1/users/me/password
+   * Body: { currentPassword, newPassword }
+   * Auth: Required
+   * Rate limit: 5 requests per minute
+   */
+  fastify.patch(
+    '/users/me/password',
+    {
+      preValidation: [authenticate],
+      schema: {
+        body: ChangePasswordSchema,
+      },
+      config: {
+        rateLimit: RATE_LIMITS.USERS_CHANGE_PASSWORD,
+      },
+    },
+    usersController.changePassword.bind(usersController)
+  );
+  /**
+   * Delete account
+   *
+   * DELETE /api/v1/users/me
+   * Body: { password }
+   * Auth: Required
+   * Rate limit: 3 requests per minute
+   */
+  fastify.delete(
+    '/users/me',
+    {
+      preValidation: [authenticate],
+      schema: {
+        body: DeleteAccountSchema,
+      },
+      config: {
+        rateLimit: RATE_LIMITS.USERS_DELETE_ACCOUNT,
+      },
+    },
+    usersController.deleteAccount.bind(usersController)
+  );
+  // --- Avatar Management ---
   /**
    * Upload avatar
    *
@@ -34,10 +113,7 @@ export async function usersRoutes(fastify: FastifyInstance): Promise<void> {
     {
       preValidation: [authenticate],
       config: {
-        rateLimit: {
-          max: 5,
-          timeWindow: '1 minute',
-        },
+        rateLimit: RATE_LIMITS.USERS_UPLOAD_AVATAR,
       },
     },
     usersController.uploadAvatar.bind(usersController)
@@ -55,10 +131,7 @@ export async function usersRoutes(fastify: FastifyInstance): Promise<void> {
     {
       preValidation: [authenticate],
       config: {
-        rateLimit: {
-          max: 10,
-          timeWindow: '1 minute',
-        },
+        rateLimit: RATE_LIMITS.USERS_DELETE_AVATAR,
       },
     },
     usersController.deleteAvatar.bind(usersController)
@@ -78,10 +151,7 @@ export async function usersRoutes(fastify: FastifyInstance): Promise<void> {
         params: GetUserAvatarSchema,
       },
       config: {
-        rateLimit: {
-          max: 100,
-          timeWindow: '1 minute',
-        },
+        rateLimit: RATE_LIMITS.USERS_GET_AVATAR,
       },
     },
     usersController.getAvatar.bind(usersController)

package/template/server/src/modules/users/users.schemas.ts CHANGED Viewed

@@ -15,7 +15,45 @@ export const GetUserAvatarSchema = z.object({
   userId: z.string().uuid({ message: 'Invalid user ID format' }),
 });
+/**
+ * Schema for updating user profile
+ *
+ * All fields optional — at least one must be provided (validated in service layer)
+ */
+export const UpdateProfileSchema = z.object({
+  firstName: z.string().min(2, 'First name must be at least 2 characters').max(100).trim().optional(),
+  lastName: z.string().min(2, 'Last name must be at least 2 characters').max(100).trim().optional(),
+});
+/**
+ * Schema for changing user password
+ *
+ * Requires current password for verification and new password meeting strength rules
+ */
+export const ChangePasswordSchema = z.object({
+  currentPassword: z.string().min(1, 'Current password is required'),
+  newPassword: z
+    .string()
+    .min(8, 'Password must be at least 8 characters')
+    .max(128, 'Password must be at most 128 characters')
+    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
+    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
+    .regex(/[0-9]/, 'Password must contain at least one number'),
+});
+/**
+ * Schema for deleting user account
+ *
+ * Requires password confirmation for security
+ */
+export const DeleteAccountSchema = z.object({
+  password: z.string().min(1, 'Password is required'),
+});
 /**
  * Type inference from schemas
  */
 export type GetUserAvatarParams = z.infer<typeof GetUserAvatarSchema>;
+export type UpdateProfileInput = z.infer<typeof UpdateProfileSchema>;
+export type ChangePasswordInput = z.infer<typeof ChangePasswordSchema>;
+export type DeleteAccountInput = z.infer<typeof DeleteAccountSchema>;

package/template/server/src/modules/users/users.service.ts CHANGED Viewed

@@ -6,16 +6,20 @@
 import { usersRepository } from './users.repo.js';
 import type { SafeUser } from './users.repo.js';
+import * as authRepo from '@modules/auth/auth.repo.js';
+import { sessionRepository } from '@modules/auth/session.repo.js';
 import { fileStorageService } from '@libs/storage/file-storage.service.js';
 import { imageOptimizerService } from '@libs/storage/image-optimizer.service.js';
-import { NotFoundError, BadRequestError } from '@shared/errors/errors.js';
+import { verifyPassword, hashPassword } from '@libs/password.js';
+import { NotFoundError, BadRequestError, UnauthorizedError } from '@shared/errors/errors.js';
 import { logger } from '@libs/logger.js';
 import path from 'path';
+import type { UpdateProfileInput, ChangePasswordInput } from './users.schemas.js';
 /**
  * Users Service Class
  *
- * Handles business logic for user avatar operations.
+ * Handles business logic for user profile and avatar operations.
  */
 class UsersService {
   /**
@@ -163,6 +167,110 @@ class UsersService {
       url: user.avatarUrl,
     };
   }
+  /**
+   * Updates a user's profile
+   *
+   * @param userId - User's unique ID
+   * @param input - Fields to update (firstName, lastName)
+   * @returns Updated user
+   * @throws NotFoundError if user not found
+   * @throws BadRequestError if no fields provided
+   */
+  async updateProfile(userId: string, input: UpdateProfileInput): Promise<SafeUser> {
+    const { firstName, lastName } = input;
+    if (!firstName && !lastName) {
+      throw new BadRequestError('At least one field must be provided', 'INVALID_INPUT');
+    }
+    const user = await usersRepository.getUserById(userId);
+    if (!user) {
+      throw new NotFoundError('User not found', 'USER_NOT_FOUND');
+    }
+    logger.info({
+      msg: 'Updating user profile',
+      userId,
+      fields: Object.keys(input).filter(k => input[k as keyof UpdateProfileInput] !== undefined),
+    });
+    const updateData: { firstName?: string; lastName?: string } = {};
+    if (firstName) updateData.firstName = firstName;
+    if (lastName) updateData.lastName = lastName;
+    const updatedUser = await usersRepository.updateUserProfile(userId, updateData);
+    logger.info({ msg: 'User profile updated', userId });
+    return updatedUser;
+  }
+  /**
+   * Changes a user's password
+   *
+   * @param userId - User's unique ID
+   * @param input - Current and new password
+   * @throws NotFoundError if user not found
+   * @throws UnauthorizedError if current password is wrong
+   * @throws BadRequestError if new password same as current
+   */
+  async changePassword(userId: string, input: ChangePasswordInput): Promise<void> {
+    const user = await authRepo.findUserById(userId);
+    if (!user) {
+      throw new NotFoundError('User not found', 'USER_NOT_FOUND');
+    }
+    const isValid = await verifyPassword(input.currentPassword, user.password);
+    if (!isValid) {
+      throw new UnauthorizedError('Current password is incorrect', 'INVALID_CREDENTIALS');
+    }
+    const isSamePassword = await verifyPassword(input.newPassword, user.password);
+    if (isSamePassword) {
+      throw new BadRequestError('New password must be different from current password', 'SAME_PASSWORD');
+    }
+    const hashedPassword = await hashPassword(input.newPassword);
+    await authRepo.updateUserPassword(userId, hashedPassword);
+    logger.info({ msg: 'User password changed', userId });
+    // Security: invalidate all sessions and refresh tokens
+    await sessionRepository.deleteAllUserSessions(userId);
+    await authRepo.deleteRefreshTokensByUserId(userId);
+    logger.info({ msg: 'All sessions invalidated after password change', userId });
+  }
+  /**
+   * Soft-deletes a user account
+   *
+   * @param userId - User's unique ID
+   * @param password - Password confirmation
+   * @throws NotFoundError if user not found
+   * @throws UnauthorizedError if password is wrong
+   */
+  async deleteAccount(userId: string, password: string): Promise<void> {
+    const user = await authRepo.findUserById(userId);
+    if (!user) {
+      throw new NotFoundError('User not found', 'USER_NOT_FOUND');
+    }
+    const isValid = await verifyPassword(password, user.password);
+    if (!isValid) {
+      throw new UnauthorizedError('Incorrect password', 'INVALID_CREDENTIALS');
+    }
+    logger.info({ msg: 'Soft-deleting user account', userId });
+    await usersRepository.softDeleteUser(userId);
+    // Delete all sessions and refresh tokens
+    await sessionRepository.deleteAllUserSessions(userId);
+    await authRepo.deleteRefreshTokensByUserId(userId);
+    logger.info({ msg: 'User account deleted', userId });
+  }
 }
 // Export singleton instance

package/template/server/tsconfig.json CHANGED Viewed

@@ -19,7 +19,8 @@
       "@modules/*": ["./src/modules/*"],
       "@libs/*": ["./src/libs/*"],
       "@config/*": ["./src/config/*"],
-      "@shared/*": ["./src/shared/*"]
+      "@shared/*": ["./src/shared/*"],
+      "@jobs/*": ["./src/jobs/*"]
     }
   },
   "include": ["src/**/*"],

package/template/server/uploads/avatars/.gitkeep DELETED Viewed

	@@ -1 +0,0 @@
1	-