npm - create-tigra - Versions diffs - 2.2.0 → 2.3.0 - Mend

create-tigra 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/template/server/src/modules/users/users.schemas.ts CHANGED Viewed

@@ -7,14 +7,17 @@
 import { z } from 'zod';
 /**
- * Schema for getting a user's avatar
+ * Schema for :userId URL parameter
  *
- * Validates userId parameter in URL
+ * Reused across all routes that take :userId in the URL.
  */
-export const GetUserAvatarSchema = z.object({
+export const UserIdParamSchema = z.object({
   userId: z.string().uuid({ message: 'Invalid user ID format' }),
 });
+/** Alias for backward compatibility */
+export const GetUserAvatarSchema = UserIdParamSchema;
 /**
  * Schema for updating user profile
  *
@@ -50,10 +53,27 @@ export const DeleteAccountSchema = z.object({
   password: z.string().min(1, 'Password is required'),
 });
+/**
+ * Schema for admin-initiated password change
+ *
+ * Admin does not need to provide the user's current password.
+ */
+export const AdminChangePasswordSchema = z.object({
+  newPassword: z
+    .string()
+    .min(8, 'Password must be at least 8 characters')
+    .max(128, 'Password must be at most 128 characters')
+    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
+    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
+    .regex(/[0-9]/, 'Password must contain at least one number'),
+});
 /**
  * Type inference from schemas
  */
-export type GetUserAvatarParams = z.infer<typeof GetUserAvatarSchema>;
+export type UserIdParams = z.infer<typeof UserIdParamSchema>;
+export type GetUserAvatarParams = UserIdParams;
 export type UpdateProfileInput = z.infer<typeof UpdateProfileSchema>;
 export type ChangePasswordInput = z.infer<typeof ChangePasswordSchema>;
+export type AdminChangePasswordInput = z.infer<typeof AdminChangePasswordSchema>;
 export type DeleteAccountInput = z.infer<typeof DeleteAccountSchema>;

package/template/server/src/modules/users/users.service.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import { verifyPassword, hashPassword } from '@libs/password.js';
 import { NotFoundError, BadRequestError, UnauthorizedError } from '@shared/errors/errors.js';
 import { logger } from '@libs/logger.js';
 import path from 'path';
-import type { UpdateProfileInput, ChangePasswordInput } from './users.schemas.js';
+import type { UpdateProfileInput, ChangePasswordInput, AdminChangePasswordInput } from './users.schemas.js';
 /**
  * Users Service Class
@@ -144,7 +144,7 @@ class UsersService {
     }
     // Extract filename from URL (last segment)
-    // URL format: /uploads/avatars/{userId}/{filename}
+    // URL format: /uploads/users/{userId}/avatar/{filename}
     const filename = path.basename(user.avatarUrl);
     // Build full file path
@@ -214,15 +214,22 @@ class UsersService {
    * @throws UnauthorizedError if current password is wrong
    * @throws BadRequestError if new password same as current
    */
-  async changePassword(userId: string, input: ChangePasswordInput): Promise<void> {
+  async changePassword(
+    userId: string,
+    input: ChangePasswordInput | AdminChangePasswordInput,
+    skipPasswordVerification: boolean = false
+  ): Promise<void> {
     const user = await authRepo.findUserById(userId);
     if (!user) {
       throw new NotFoundError('User not found', 'USER_NOT_FOUND');
     }
-    const isValid = await verifyPassword(input.currentPassword, user.password);
-    if (!isValid) {
-      throw new UnauthorizedError('Current password is incorrect', 'INVALID_CREDENTIALS');
+    if (!skipPasswordVerification) {
+      const fullInput = input as ChangePasswordInput;
+      const isValid = await verifyPassword(fullInput.currentPassword, user.password);
+      if (!isValid) {
+        throw new UnauthorizedError('Current password is incorrect', 'INVALID_CREDENTIALS');
+      }
     }
     const isSamePassword = await verifyPassword(input.newPassword, user.password);
@@ -250,15 +257,21 @@ class UsersService {
    * @throws NotFoundError if user not found
    * @throws UnauthorizedError if password is wrong
    */
-  async deleteAccount(userId: string, password: string): Promise<void> {
+  async deleteAccount(
+    userId: string,
+    password: string,
+    skipPasswordVerification: boolean = false
+  ): Promise<void> {
     const user = await authRepo.findUserById(userId);
     if (!user) {
       throw new NotFoundError('User not found', 'USER_NOT_FOUND');
     }
-    const isValid = await verifyPassword(password, user.password);
-    if (!isValid) {
-      throw new UnauthorizedError('Incorrect password', 'INVALID_CREDENTIALS');
+    if (!skipPasswordVerification) {
+      const isValid = await verifyPassword(password, user.password);
+      if (!isValid) {
+        throw new UnauthorizedError('Incorrect password', 'INVALID_CREDENTIALS');
+      }
     }
     logger.info({ msg: 'Soft-deleting user account', userId });

package/template/server/src/shared/types/index.ts CHANGED Viewed

@@ -18,6 +18,8 @@ declare module 'fastify' {
   interface FastifyRequest {
     user: JwtPayload;
     startTime?: number; // Added for duration calculation
+    targetUserId?: string;    // Set by resolveMe or resolveTargetUser middleware
+    isAdminAction?: boolean;  // True when admin is acting on another user
   }
 }