create-tigra 2.2.0 → 2.3.0

package/bin/create-tigra.js

@@ -21,6 +21,8 @@ const FILES_TO_REPLACE = [
   'server/docker-compose.yml',
   'client/package.json',
   'client/.env.example',
+  'server/postman/collection.json',
+  'server/postman/environment.json',
 ];
 
 // Directories/files to skip when copying

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-tigra",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "type": "module",
   "description": "Create a production-ready full-stack app with Next.js 16 + Fastify 5 + Prisma + Redis",
   "bin": {
@@ -39,6 +39,9 @@
     "url": "https://github.com/blessandsoul/create-tigra/issues"
   },
   "homepage": "https://github.com/blessandsoul/create-tigra#readme",
+  "scripts": {
+    "create:test": "node -e \"import('fs').then(f=>f.rmSync('testapp',{recursive:true,force:true}))\" && node bin/create-tigra.js testapp"
+  },
   "dependencies": {
     "chalk": "^5.4.1",
     "commander": "^13.1.0",

package/template/_claude/commands/create-client.md

@@ -180,8 +180,6 @@ export const API_ENDPOINTS = {
     LOGOUT: '/auth/logout',
     REFRESH: '/auth/refresh',
     ME: '/auth/me',
-    VERIFY_EMAIL: '/auth/verify-email',
-    RESEND_VERIFICATION: '/auth/resend-verification',
     REQUEST_PASSWORD_RESET: '/auth/request-password-reset',
     RESET_PASSWORD: '/auth/reset-password',
   },
@@ -199,7 +197,6 @@ export const ROUTES = {
   HOME: '/',
   LOGIN: '/login',
   REGISTER: '/register',
-  VERIFY_EMAIL: '/verify-email',
   RESET_PASSWORD: '/reset-password',
   DASHBOARD: '/dashboard',
   PROFILE: '/profile',
@@ -369,7 +366,7 @@ Auth types from `02-components-and-types.md`:
 
 #### `src/features/auth/services/auth.service.ts`
 Auth service class from `03-data-and-state.md`:
-- `register`, `login`, `logout`, `refreshToken`, `getMe`, `verifyEmail`, `requestPasswordReset`, `resetPassword`
+- `register`, `login`, `logout`, `refreshToken`, `getMe`, `requestPasswordReset`, `resetPassword`
 - Uses `apiClient` and `API_ENDPOINTS`
 - Singleton export: `export const authService = new AuthService();`
 

package/template/_claude/commands/create-server.md

@@ -325,7 +325,6 @@ model User {
   lastName      String
   role          String    @default("USER")
   isActive      Boolean   @default(true)
-  emailVerified Boolean   @default(false)
   deletedAt     DateTime?
   createdAt     DateTime  @default(now())
   updatedAt     DateTime  @updatedAt

package/template/_claude/rules/client/01-project-structure.md

@@ -78,8 +78,6 @@ export const API_ENDPOINTS = {
     LOGOUT: '/auth/logout',
     REFRESH: '/auth/refresh',
     ME: '/auth/me',
-    VERIFY_EMAIL: '/auth/verify-email',
-    RESEND_VERIFICATION: '/auth/resend-verification',
     REQUEST_PASSWORD_RESET: '/auth/request-password-reset',
     RESET_PASSWORD: '/auth/reset-password',
   },
@@ -103,7 +101,6 @@ export const ROUTES = {
   HOME: '/',
   LOGIN: '/login',
   REGISTER: '/register',
-  VERIFY_EMAIL: '/verify-email',
   RESET_PASSWORD: '/reset-password',
   DASHBOARD: '/dashboard',
   PROFILE: '/profile',

package/template/_claude/rules/client/03-data-and-state.md

@@ -92,7 +92,7 @@ class ItemService {
 export const itemService = new ItemService();
 ```
 
-Auth service methods: `register`, `login`, `logout`, `refreshToken`, `getMe`, `verifyEmail`, `requestPasswordReset`, `resetPassword`.
+Auth service methods: `register`, `login`, `logout`, `refreshToken`, `getMe`, `requestPasswordReset`, `resetPassword`.
 
 ---
 

package/template/_claude/rules/server/project-conventions.md

@@ -212,3 +212,16 @@ const apiClient = axios.create({ ...httpClient.defaults, baseURL: 'https://api.e
 - Always use `httpClient` — never `fetch`, `node:http`, or inline `axios.create()`.
 - Never add auth headers, cookies, or credentials to the singleton itself.
 - Never log response bodies (may contain PII or secrets).
+
+## File Storage
+
+Upload directory structure: `uploads/users/{userId}/<media-type>/`
+
+| Media type | Path | Example |
+|---|---|---|
+| Avatar | `uploads/users/{userId}/avatar/` | `uploads/users/abc123/avatar/john-doe-avatar.webp` |
+
+- All user media lives under `uploads/users/{userId}/` for easy per-user cleanup.
+- On account purge, delete the entire `uploads/users/{userId}/` directory via `deleteUserMedia()`.
+- Public URL pattern: `/uploads/users/{userId}/<media-type>/{filename}`
+- New media types follow the same pattern: add a subfolder under the user directory.

package/template/client/package.json

@@ -6,7 +6,8 @@
     "dev": "next dev",
     "build": "next build",
     "start": "next start",
-    "lint": "eslint src/"
+    "lint": "eslint src/",
+    "generate:env": "node -e \"import('fs').then(f=>{if(f.existsSync('.env'))console.log('.env already exists, skipping');else{f.copyFileSync('.env.example','.env');console.log('.env created from .env.example')}})\""
   },
   "dependencies": {
     "@hookform/resolvers": "^5.2.2",

package/template/server/package.json

@@ -22,7 +22,8 @@
     "redis:flush": "tsx scripts/flush-redis.ts",
     "docker:up": "docker compose up -d",
     "docker:down": "docker compose down",
-    "docker:logs": "docker compose logs -f"
+    "docker:logs": "docker compose logs -f",
+    "generate:env": "node -e \"import('fs').then(f=>{if(f.existsSync('.env'))console.log('.env already exists, skipping');else{f.copyFileSync('.env.example','.env');console.log('.env created from .env.example')}})\""
   },
   "prisma": {
     "seed": "tsx prisma/seed.ts"

package/template/server/postman/collection.json

@@ -1,8 +1,8 @@
 {
   "info": {
-    "name": "Tigra Server API",
-    "_postman_id": "tigra-server-collection",
-    "description": "API collection for the Tigra server template.\n\nAll authenticated requests inherit Bearer Token auth from the collection root.\nLogin/Register requests auto-set tokens via test scripts.",
+    "name": "{{PROJECT_DISPLAY_NAME}} API",
+    "_postman_id": "{{PROJECT_NAME}}-server-collection",
+    "description": "API collection for {{PROJECT_DISPLAY_NAME}}.\n\nAll authenticated requests inherit Bearer Token auth from the collection root.\nLogin/Register requests auto-set tokens via test scripts.",
     "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
   },
   "auth": {
@@ -31,6 +31,10 @@
     {
       "key": "userId",
       "value": ""
+    },
+    {
+      "key": "targetUserId",
+      "value": ""
     }
   ],
   "item": [
@@ -358,6 +362,111 @@
       "name": "Admin",
       "description": "Admin-only endpoints. Requires ADMIN role. Auth inherited from collection root.",
       "item": [
+        {
+          "name": "User Management",
+          "description": "Manage users by ID. Requires ADMIN role. Set {{targetUserId}} before calling.",
+          "item": [
+            {
+              "name": "Update Profile (by ID)",
+              "request": {
+                "method": "PATCH",
+                "header": [
+                  {
+                    "key": "Content-Type",
+                    "value": "application/json"
+                  }
+                ],
+                "body": {
+                  "mode": "raw",
+                  "raw": "{\n  \"firstName\": \"Jane\",\n  \"lastName\": \"Smith\"\n}"
+                },
+                "url": {
+                  "raw": "{{baseUrl}}/users/{{targetUserId}}",
+                  "host": ["{{baseUrl}}"],
+                  "path": ["users", "{{targetUserId}}"]
+                },
+                "description": "Update a user's profile by ID. Requires owner or admin access."
+              },
+              "response": []
+            },
+            {
+              "name": "Change Password (by ID)",
+              "request": {
+                "method": "PATCH",
+                "header": [
+                  {
+                    "key": "Content-Type",
+                    "value": "application/json"
+                  }
+                ],
+                "body": {
+                  "mode": "raw",
+                  "raw": "{\n  \"newPassword\": \"NewPassword456\"\n}"
+                },
+                "url": {
+                  "raw": "{{baseUrl}}/users/{{targetUserId}}/password",
+                  "host": ["{{baseUrl}}"],
+                  "path": ["users", "{{targetUserId}}", "password"]
+                },
+                "description": "Change a user's password by ID. Admin: only newPassword required. Invalidates all target user sessions."
+              },
+              "response": []
+            },
+            {
+              "name": "Delete Account (by ID)",
+              "request": {
+                "method": "DELETE",
+                "header": [],
+                "url": {
+                  "raw": "{{baseUrl}}/users/{{targetUserId}}",
+                  "host": ["{{baseUrl}}"],
+                  "path": ["users", "{{targetUserId}}"]
+                },
+                "description": "Soft-delete a user's account by ID. No password required for admin. Invalidates all target user sessions."
+              },
+              "response": []
+            },
+            {
+              "name": "Upload Avatar (by ID)",
+              "request": {
+                "method": "POST",
+                "header": [],
+                "body": {
+                  "mode": "formdata",
+                  "formdata": [
+                    {
+                      "key": "file",
+                      "type": "file",
+                      "src": "",
+                      "description": "Image file (JPEG, PNG, or WebP, max 10MB)"
+                    }
+                  ]
+                },
+                "url": {
+                  "raw": "{{baseUrl}}/users/{{targetUserId}}/avatar",
+                  "host": ["{{baseUrl}}"],
+                  "path": ["users", "{{targetUserId}}", "avatar"]
+                },
+                "description": "Upload or replace a user's avatar by ID. Requires admin access. Accepts JPEG, PNG, or WebP."
+              },
+              "response": []
+            },
+            {
+              "name": "Delete Avatar (by ID)",
+              "request": {
+                "method": "DELETE",
+                "header": [],
+                "url": {
+                  "raw": "{{baseUrl}}/users/{{targetUserId}}/avatar",
+                  "host": ["{{baseUrl}}"],
+                  "path": ["users", "{{targetUserId}}", "avatar"]
+                },
+                "description": "Delete a user's avatar by ID. Requires admin access."
+              },
+              "response": []
+            }
+          ]
+        },
         {
           "name": "List Blocked IPs",
           "request": {
@@ -384,14 +493,14 @@
             ],
             "body": {
               "mode": "raw",
-              "raw": "{\n  \"ip\": \"1.2.3.4\"\n}"
+              "raw": "{\n  \"ip\": \"1.2.3.4\",\n  \"reason\": \"Spam bot\"\n}"
             },
             "url": {
               "raw": "{{baseUrl}}/admin/blocked-ips",
               "host": ["{{baseUrl}}"],
               "path": ["admin", "blocked-ips"]
             },
-            "description": "Permanently block an IP address. Blocked IPs receive 403 IP_BLOCKED on all requests."
+            "description": "Permanently block an IP address. Persisted to database and cached in Redis. Blocked IPs receive 403 IP_BLOCKED on all requests. Optional reason field for audit trail."
           },
           "response": []
         },

package/template/server/postman/environment.json

@@ -1,6 +1,6 @@
 {
-  "id": "tigra-server-env",
-  "name": "Tigra Server - Local",
+  "id": "{{PROJECT_NAME}}-server-env",
+  "name": "{{PROJECT_DISPLAY_NAME}} Server - Local",
   "values": [
     {
       "key": "baseUrl",

package/template/server/prisma/schema.prisma

@@ -18,7 +18,7 @@ model User {
   password      String
   firstName     String
   lastName      String
-  avatarUrl     String?   // SEO-friendly path: /uploads/avatars/{userId}/{firstName-lastName}-avatar.webp
+  avatarUrl     String?   // SEO-friendly path: /uploads/users/{userId}/avatar/{firstName-lastName}-avatar.webp
   role          UserRole  @default(USER)
   isActive      Boolean   @default(true)
   deletedAt     DateTime?
@@ -32,6 +32,7 @@ model User {
 
   refreshTokens RefreshToken[]
   sessions      Session[]
+  blockedIps    BlockedIp[]
 
   // Performance indexes for high-traffic scenarios (10K-100K users/day)
   @@index([role])           // For role-based authorization queries
@@ -75,3 +76,18 @@ model Session {
   @@index([expiresAt])         // For expired session cleanup
   @@map("sessions")
 }
+
+model BlockedIp {
+  id        String   @id @default(uuid())
+  ip        String   @unique @db.VarChar(45)
+  reason    String?  @db.VarChar(500)
+  blockedBy String
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  user User @relation(fields: [blockedBy], references: [id])
+
+  @@index([ip])
+  @@map("blocked_ips")
+}

package/template/server/src/app.ts

@@ -21,7 +21,7 @@ import { adminRoutes } from '@modules/admin/admin.routes.js';
 import { fileStorageService } from '@libs/storage/file-storage.service.js';
 import { registerJobs } from '@jobs/index.js';
 import { RATE_LIMIT_ENABLED, getRateLimitRedisStore } from '@config/rate-limit.config.js';
-import { isIpBlocked, recordRateLimitViolation } from '@libs/ip-block.js';
+import { isIpBlocked, recordRateLimitViolation, syncBlockedIpsToRedis } from '@libs/ip-block.js';
 import { ForbiddenError } from '@shared/errors/errors.js';
 import {
   serializerCompiler,
@@ -135,6 +135,9 @@ export async function buildApp() {
   // Initialize file storage (create directories)
   await fileStorageService.initialize();
 
+  // --- Sync permanent IP blocks from DB to Redis ---
+  await syncBlockedIpsToRedis();
+
   // --- IP Block Check (runs before everything else) ---
   app.addHook('onRequest', async (request: FastifyRequest) => {
     if (await isIpBlocked(request.ip)) {

package/template/server/src/jobs/cleanup-deleted-accounts.job.ts

@@ -2,7 +2,7 @@
  * Cleanup Deleted Accounts Job
  *
  * Permanently purges soft-deleted user accounts after a 30-day retention period.
- * Deletes avatar files from disk and hard-deletes the user record (cascades to
+ * Deletes all user media from disk and hard-deletes the user record (cascades to
  * refresh tokens and sessions via onDelete: Cascade).
  *
  * Runs once daily.
@@ -32,7 +32,6 @@ export function startCleanupDeletedAccountsJob(app: FastifyInstance): void {
         },
         select: {
           id: true,
-          avatarUrl: true,
         },
       });
 
@@ -49,10 +48,8 @@ export function startCleanupDeletedAccountsJob(app: FastifyInstance): void {
 
       for (const user of usersToDelete) {
         try {
-          // Delete avatar files from disk if they exist
-          if (user.avatarUrl) {
-            await fileStorageService.deleteAvatar(user.id);
-          }
+          // Delete all user media from disk (no-op if dir doesn't exist)
+          await fileStorageService.deleteUserMedia(user.id);
 
           // Hard delete user record (cascades to RefreshToken + Session)
           await prisma.user.delete({

package/template/server/src/libs/auth.ts

@@ -2,7 +2,7 @@ import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
 import { v4 as uuidv4 } from 'uuid';
 import { env } from '@config/env.js';
 import { prisma } from '@libs/prisma.js';
-import { UnauthorizedError, ForbiddenError } from '@shared/errors/errors.js';
+import { UnauthorizedError, ForbiddenError, BadRequestError } from '@shared/errors/errors.js';
 import type { JwtPayload, UserRole } from '@shared/types/index.js';
 
 let app: FastifyInstance | null = null;
@@ -97,3 +97,47 @@ export function authorize(...roles: UserRole[]) {
   };
 }
 
+/**
+ * Middleware: resolves targetUserId from the authenticated user's JWT.
+ * Used for /users/me routes.
+ * Must run AFTER authenticate.
+ */
+export async function resolveMe(
+  request: FastifyRequest,
+  _reply: FastifyReply,
+): Promise<void> {
+  request.targetUserId = request.user.userId;
+  request.isAdminAction = false;
+}
+
+/**
+ * Middleware: resolves targetUserId from :userId param.
+ * Allows access if the authenticated user is the owner OR has ADMIN role.
+ * Must run AFTER authenticate.
+ *
+ * Sets:
+ * - request.targetUserId: the resolved user ID from params
+ * - request.isAdminAction: true if admin is acting on a different user
+ */
+export async function resolveTargetUser(
+  request: FastifyRequest,
+  _reply: FastifyReply,
+): Promise<void> {
+  const params = request.params as { userId?: string };
+  const targetUserId = params.userId;
+
+  if (!targetUserId) {
+    throw new BadRequestError('Missing userId parameter', 'MISSING_USER_ID');
+  }
+
+  const isOwner = request.user.userId === targetUserId;
+  const isAdmin = request.user.role === 'ADMIN';
+
+  if (!isOwner && !isAdmin) {
+    throw new ForbiddenError('You do not have permission to perform this action');
+  }
+
+  request.targetUserId = targetUserId;
+  request.isAdminAction = !isOwner && isAdmin;
+}
+

package/template/server/src/libs/ip-block.ts

@@ -1,18 +1,22 @@
 /**
  * IP Blocking Service
  *
- * Redis-backed IP blocking with two tiers:
- * - Permanent blocks: Redis SET (admin-managed via API)
+ * Two-tier IP blocking:
+ * - Permanent blocks: DB (source of truth) + Redis SET (hot cache). Admin-managed via API.
  * - Auto-blocks: Redis ZSET with expiry timestamps (triggered by excessive rate-limit violations)
  *
  * Design decisions:
+ * - DB is the source of truth for permanent blocks — survives Redis restarts
+ * - Redis is the hot cache — all runtime checks hit Redis only (O(1))
+ * - On server boot, syncBlockedIpsToRedis() loads all permanent blocks from DB into Redis
  * - Fails open: if Redis is down, requests are NOT blocked (availability > security for rate limiting)
- * - O(1) lookups: both SISMEMBER and ZSCORE are constant-time operations
  * - Lazy cleanup: expired auto-blocks are removed on check, no separate cleanup job needed
  */
 
+import { prisma } from '@libs/prisma.js';
 import { getRedis } from '@libs/redis.js';
 import { logger } from '@libs/logger.js';
+import { ConflictError } from '@shared/errors/errors.js';
 
 // Redis keys
 const BLOCKED_IPS_KEY = 'blocked_ips';
@@ -24,6 +28,30 @@ const AUTO_BLOCK_THRESHOLD = 10;         // violations before auto-block
 const AUTO_BLOCK_WINDOW_SECONDS = 300;   // 5-minute sliding window
 const AUTO_BLOCK_DURATION_SECONDS = 3600; // block for 1 hour
 
+/**
+ * Sync all permanent blocked IPs from DB to Redis.
+ * Called once during server startup.
+ */
+export async function syncBlockedIpsToRedis(): Promise<void> {
+  try {
+    const blockedIps = await prisma.blockedIp.findMany({ select: { ip: true } });
+
+    const redis = getRedis();
+
+    // Clear stale Redis state and repopulate from DB
+    await redis.del(BLOCKED_IPS_KEY);
+
+    if (blockedIps.length > 0) {
+      await redis.sadd(BLOCKED_IPS_KEY, ...blockedIps.map((b) => b.ip));
+    }
+
+    logger.info(`[IP-BLOCK] Synced ${blockedIps.length} blocked IPs from DB to Redis`);
+  } catch (error) {
+    logger.warn('[IP-BLOCK] Failed to sync blocked IPs from DB to Redis — permanent blocks may not be enforced until next restart');
+    logger.debug(error);
+  }
+}
+
 /**
  * Check if an IP is blocked (permanent or auto-blocked).
  *
@@ -57,51 +85,84 @@ export async function isIpBlocked(ip: string): Promise<boolean> {
 }
 
 /**
- * Add an IP to the permanent block list (admin-managed).
+ * Block an IP permanently. Writes to DB (source of truth) + Redis (hot cache).
  *
  * @param ip - IP address to block
+ * @param blockedBy - Admin user ID who initiated the block
+ * @param reason - Optional reason for the block
  */
-export async function blockIp(ip: string): Promise<void> {
-  const redis = getRedis();
-  await redis.sadd(BLOCKED_IPS_KEY, ip);
-  logger.info({ ip }, '[IP-BLOCK] IP permanently blocked');
+export async function blockIp(
+  ip: string,
+  blockedBy: string,
+  reason?: string,
+): Promise<{ id: string; ip: string; reason: string | null; blockedBy: string; createdAt: Date }> {
+  // Write to DB (source of truth)
+  const existing = await prisma.blockedIp.findUnique({ where: { ip } });
+  if (existing) {
+    throw new ConflictError('IP is already blocked', 'IP_ALREADY_BLOCKED');
+  }
+
+  const blocked = await prisma.blockedIp.create({
+    data: { ip, blockedBy, reason: reason ?? null },
+  });
+
+  // Sync to Redis cache
+  try {
+    const redis = getRedis();
+    await redis.sadd(BLOCKED_IPS_KEY, ip);
+  } catch {
+    logger.warn({ ip }, '[IP-BLOCK] Failed to sync block to Redis — will be synced on next restart');
+  }
+
+  logger.info({ ip, blockedBy, reason }, '[IP-BLOCK] IP permanently blocked');
+  return blocked;
 }
 
 /**
- * Remove an IP from the permanent block list.
+ * Unblock an IP. Removes from DB + Redis + auto-block list.
  *
  * @param ip - IP address to unblock
  */
 export async function unblockIp(ip: string): Promise<void> {
-  const redis = getRedis();
-  await redis.srem(BLOCKED_IPS_KEY, ip);
-  // Also remove from auto-block list if present
-  await redis.zrem(AUTO_BLOCKED_KEY, ip);
+  // Remove from DB
+  await prisma.blockedIp.deleteMany({ where: { ip } });
+
+  // Remove from Redis (both permanent and auto-block)
+  try {
+    const redis = getRedis();
+    await redis.srem(BLOCKED_IPS_KEY, ip);
+    await redis.zrem(AUTO_BLOCKED_KEY, ip);
+  } catch {
+    logger.warn({ ip }, '[IP-BLOCK] Failed to sync unblock to Redis — will be synced on next restart');
+  }
+
   logger.info({ ip }, '[IP-BLOCK] IP unblocked');
 }
 
 /**
- * List all currently blocked IPs (permanent + active auto-blocks).
- *
- * @returns Object with permanent and autoBlocked arrays
+ * List all currently blocked IPs (permanent from DB + active auto-blocks from Redis).
  */
 export async function getBlockedIps(): Promise<{
-  permanent: string[];
+  permanent: { id: string; ip: string; reason: string | null; blockedBy: string; createdAt: Date }[];
   autoBlocked: string[];
 }> {
-  const redis = getRedis();
-  const nowSeconds = Date.now() / 1000;
-
-  const permanent = await redis.smembers(BLOCKED_IPS_KEY);
-
-  // Get auto-blocked IPs that haven't expired yet
-  const autoBlockedWithScores = await redis.zrangebyscore(
-    AUTO_BLOCKED_KEY,
-    nowSeconds,
-    '+inf',
-  );
+  // Permanent blocks from DB (source of truth)
+  const permanent = await prisma.blockedIp.findMany({
+    select: { id: true, ip: true, reason: true, blockedBy: true, createdAt: true },
+    orderBy: { createdAt: 'desc' },
+  });
+
+  // Auto-blocks from Redis
+  let autoBlocked: string[] = [];
+  try {
+    const redis = getRedis();
+    const nowSeconds = Date.now() / 1000;
+    autoBlocked = await redis.zrangebyscore(AUTO_BLOCKED_KEY, nowSeconds, '+inf');
+  } catch {
+    logger.warn('[IP-BLOCK] Redis unavailable, cannot retrieve auto-blocked IPs');
+  }
 
-  return { permanent, autoBlocked: autoBlockedWithScores };
+  return { permanent, autoBlocked };
 }
 
 /**

package/template/server/src/libs/requestLogger.ts

@@ -29,7 +29,7 @@ function getStatusColor(statusCode: number): string {
 }
 
 function formatDuration(ms: number): string {
-  if (ms < 1) return `${(ms * 1000).toFixed(0)}μs`;
+  if (ms < 1) return `${(ms * 1000).toFixed(0)}us`;
   if (ms < 1000) return `${ms.toFixed(0)}ms`;
   return `${(ms / 1000).toFixed(2)}s`;
 }