npm - create-velox-app - Versions diffs - 0.4.3 → 0.4.5 - Mend

create-velox-app 0.4.3 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

package/src/templates/source/api/procedures/auth.ts ADDED Viewed

@@ -0,0 +1,285 @@
+/**
+ * Auth Procedures
+ *
+ * Authentication procedures for user registration, login, and token management.
+ *
+ * REST Endpoints:
+ * - POST /auth/register - Create new account
+ * - POST /auth/login    - Authenticate and get tokens
+ * - POST /auth/refresh  - Refresh access token
+ * - POST /auth/logout   - Revoke current token
+ * - GET  /auth/me       - Get current user (protected)
+ */
+import {
+  AuthError,
+  authenticated,
+  createAuthRateLimiter,
+  hashPassword,
+  jwtManager,
+  verifyPassword,
+  defineProcedures,
+  procedure,
+  z,
+} from '@veloxts/velox';
+import { authConfig, parseUserRoles, tokenStore } from '../config/auth.js';
+import { prisma } from '../config/database.js';
+// ============================================================================
+// Rate Limiter
+// ============================================================================
+const rateLimiter = createAuthRateLimiter({
+  login: {
+    maxAttempts: 5,
+    windowMs: 15 * 60 * 1000,
+    lockoutDurationMs: 15 * 60 * 1000,
+    progressiveBackoff: true,
+  },
+  register: {
+    maxAttempts: 3,
+    windowMs: 60 * 60 * 1000,
+    lockoutDurationMs: 60 * 60 * 1000,
+  },
+  refresh: {
+    maxAttempts: 10,
+    windowMs: 60 * 1000,
+    lockoutDurationMs: 60 * 1000,
+  },
+});
+// ============================================================================
+// Password Blacklist
+// ============================================================================
+const COMMON_PASSWORDS = new Set([
+  'password', 'password123', '12345678', '123456789',
+  'qwerty123', 'letmein', 'welcome', 'admin123',
+]);
+// ============================================================================
+// Schemas
+// ============================================================================
+const PasswordSchema = z
+  .string()
+  .min(12, 'Password must be at least 12 characters')
+  .max(128, 'Password must not exceed 128 characters')
+  .refine((pwd) => /[a-z]/.test(pwd), 'Password must contain at least one lowercase letter')
+  .refine((pwd) => /[A-Z]/.test(pwd), 'Password must contain at least one uppercase letter')
+  .refine((pwd) => /[0-9]/.test(pwd), 'Password must contain at least one number')
+  .refine(
+    (pwd) => !COMMON_PASSWORDS.has(pwd.toLowerCase()),
+    'Password is too common. Please choose a stronger password.'
+  );
+const EmailSchema = z
+  .string()
+  .email('Invalid email address')
+  .transform((email) => email.toLowerCase().trim());
+const RegisterInput = z.object({
+  name: z.string().min(2).max(100).trim(),
+  email: EmailSchema,
+  password: PasswordSchema,
+});
+const LoginInput = z.object({
+  email: EmailSchema,
+  password: z.string().min(1),
+});
+const RefreshInput = z.object({
+  refreshToken: z.string(),
+});
+const TokenResponse = z.object({
+  accessToken: z.string(),
+  refreshToken: z.string(),
+  expiresIn: z.number(),
+  tokenType: z.literal('Bearer'),
+});
+const UserResponse = z.object({
+  id: z.string(),
+  name: z.string(),
+  email: z.string(),
+  roles: z.array(z.string()),
+});
+const LogoutResponse = z.object({
+  success: z.boolean(),
+  message: z.string(),
+});
+// ============================================================================
+// JWT Manager
+// ============================================================================
+const jwt = jwtManager(authConfig.jwt);
+// Dummy hash for timing attack prevention
+const DUMMY_HASH = '$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/X4.uy7dPSSXB5G6Uy';
+// ============================================================================
+// Auth Procedures
+// ============================================================================
+export const authProcedures = defineProcedures('auth', {
+  register: procedure()
+    .rest({ method: 'POST', path: '/auth/register' })
+    .use(rateLimiter.register())
+    .input(RegisterInput)
+    .output(TokenResponse)
+    .mutation(async ({ input }) => {
+      const normalizedEmail = input.email.toLowerCase().trim();
+      const existing = await prisma.user.findUnique({
+        where: { email: normalizedEmail },
+      });
+      if (existing) {
+        throw new AuthError(
+          'Registration failed. If this email is not already registered, please try again.',
+          400,
+          'REGISTRATION_FAILED'
+        );
+      }
+      const hashedPassword = await hashPassword(input.password);
+      const user = await prisma.user.create({
+        data: {
+          name: input.name.trim(),
+          email: normalizedEmail,
+          password: hashedPassword,
+          roles: JSON.stringify(['user']),
+        },
+      });
+      return jwt.createTokenPair({
+        id: user.id,
+        email: user.email,
+        roles: ['user'],
+      });
+    }),
+  login: procedure()
+    .rest({ method: 'POST', path: '/auth/login' })
+    .use(
+      rateLimiter.login((ctx) => {
+        const input = ctx.input as { email?: string } | undefined;
+        return input?.email?.toLowerCase() ?? '';
+      })
+    )
+    .input(LoginInput)
+    .output(TokenResponse)
+    .mutation(async ({ input }) => {
+      const normalizedEmail = input.email.toLowerCase().trim();
+      const user = await prisma.user.findUnique({
+        where: { email: normalizedEmail },
+      });
+      const hashToVerify = user?.password || DUMMY_HASH;
+      const isValid = await verifyPassword(input.password, hashToVerify);
+      if (!user || !user.password || !isValid) {
+        throw new AuthError('Invalid email or password', 401, 'INVALID_CREDENTIALS');
+      }
+      const roles = parseUserRoles(user.roles);
+      return jwt.createTokenPair({
+        id: user.id,
+        email: user.email,
+        roles,
+      });
+    }),
+  refresh: procedure()
+    .rest({ method: 'POST', path: '/auth/refresh' })
+    .use(rateLimiter.refresh())
+    .input(RefreshInput)
+    .output(TokenResponse)
+    .mutation(async ({ input }) => {
+      try {
+        const payload = jwt.verifyToken(input.refreshToken);
+        if (payload.type !== 'refresh') {
+          throw new AuthError('Invalid token type', 401, 'INVALID_TOKEN_TYPE');
+        }
+        if (payload.jti && tokenStore.isRevoked(payload.jti)) {
+          throw new AuthError('Token has been revoked', 401, 'TOKEN_REVOKED');
+        }
+        if (payload.jti) {
+          const previousUserId = tokenStore.isRefreshTokenUsed(payload.jti);
+          if (previousUserId) {
+            tokenStore.revokeAllUserTokens(previousUserId);
+            throw new AuthError(
+              'Security alert: Refresh token reuse detected.',
+              401,
+              'TOKEN_REUSE_DETECTED'
+            );
+          }
+          tokenStore.markRefreshTokenUsed(payload.jti, payload.sub);
+        }
+        const user = await prisma.user.findUnique({
+          where: { id: payload.sub },
+        });
+        if (!user) {
+          throw new AuthError('User not found', 401, 'USER_NOT_FOUND');
+        }
+        return jwt.createTokenPair({
+          id: user.id,
+          email: user.email,
+          roles: parseUserRoles(user.roles),
+        });
+      } catch (error) {
+        if (error instanceof AuthError) throw error;
+        throw new AuthError('Invalid refresh token', 401, 'INVALID_REFRESH_TOKEN');
+      }
+    }),
+  logout: procedure()
+    .rest({ method: 'POST', path: '/auth/logout' })
+    .guard(authenticated)
+    .output(LogoutResponse)
+    .mutation(async ({ ctx }) => {
+      const tokenId = ctx.auth?.token?.jti;
+      if (tokenId) {
+        tokenStore.revoke(tokenId, 15 * 60 * 1000);
+      }
+      return {
+        success: true,
+        message: 'Successfully logged out',
+      };
+    }),
+  getMe: procedure()
+    .rest({ method: 'GET', path: '/auth/me' })
+    .guard(authenticated)
+    .output(UserResponse)
+    .query(async ({ ctx }) => {
+      const user = ctx.user;
+      if (!user) {
+        throw new AuthError('Not authenticated', 401, 'NOT_AUTHENTICATED');
+      }
+      return {
+        id: user.id,
+        name: (user.name as string) || '',
+        email: user.email,
+        roles: Array.isArray(user.roles) ? user.roles : ['user'],
+      };
+    }),
+});

package/src/templates/source/api/procedures/health.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Health Check Procedures
+ */
+import { VELOX_VERSION, defineProcedures, procedure, z } from '@veloxts/velox';
+export const healthProcedures = defineProcedures('health', {
+  getHealth: procedure()
+    .rest({ method: 'GET', path: '/health' })
+    .output(
+      z.object({
+        status: z.literal('ok'),
+        version: z.string(),
+        timestamp: z.string().datetime(),
+        uptime: z.number(),
+      })
+    )
+    .query(async () => ({
+      status: 'ok' as const,
+      version: VELOX_VERSION,
+      timestamp: new Date().toISOString(),
+      uptime: process.uptime(),
+    })),
+});

package/src/templates/source/api/procedures/users.auth.ts ADDED Viewed

@@ -0,0 +1,170 @@
+/**
+ * User Procedures
+ *
+ * CRUD procedures for user management with authentication guards.
+ */
+import {
+  AuthError,
+  authenticated,
+  hasRole,
+  defineProcedures,
+  GuardError,
+  procedure,
+  paginationInputSchema,
+  z,
+} from '@veloxts/velox';
+import {
+  CreateUserInput,
+  UpdateUserInput,
+  type User,
+  UserSchema,
+} from '../schemas/user.js';
+// ============================================================================
+// Database Types
+// ============================================================================
+interface DbUser {
+  id: string;
+  name: string;
+  email: string;
+  createdAt: Date;
+  updatedAt: Date;
+}
+interface DbClient {
+  user: {
+    findUnique: (args: { where: { id: string } }) => Promise<DbUser | null>;
+    findMany: (args?: { skip?: number; take?: number }) => Promise<DbUser[]>;
+    create: (args: { data: { name: string; email: string } }) => Promise<DbUser>;
+    update: (args: { where: { id: string }; data: { name?: string; email?: string } }) => Promise<DbUser>;
+    delete: (args: { where: { id: string } }) => Promise<DbUser>;
+    count: () => Promise<number>;
+  };
+}
+function getDb(ctx: { db: unknown }): DbClient {
+  return ctx.db as DbClient;
+}
+function toUserResponse(dbUser: DbUser): User {
+  return {
+    id: dbUser.id,
+    name: dbUser.name,
+    email: dbUser.email,
+    createdAt: dbUser.createdAt instanceof Date ? dbUser.createdAt.toISOString() : dbUser.createdAt,
+    updatedAt: dbUser.updatedAt instanceof Date ? dbUser.updatedAt.toISOString() : dbUser.updatedAt,
+  };
+}
+// ============================================================================
+// User Procedures
+// ============================================================================
+export const userProcedures = defineProcedures('users', {
+  getUser: procedure()
+    .input(z.object({ id: z.string().uuid() }))
+    .output(UserSchema.nullable())
+    .query(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const user = await db.user.findUnique({ where: { id: input.id } });
+      return user ? toUserResponse(user) : null;
+    }),
+  listUsers: procedure()
+    .input(paginationInputSchema.optional())
+    .output(
+      z.object({
+        data: z.array(UserSchema),
+        meta: z.object({
+          page: z.number(),
+          limit: z.number(),
+          total: z.number(),
+        }),
+      })
+    )
+    .query(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const page = input?.page ?? 1;
+      const limit = input?.limit ?? 10;
+      const skip = (page - 1) * limit;
+      const [dbUsers, total] = await Promise.all([
+        db.user.findMany({ skip, take: limit }),
+        db.user.count(),
+      ]);
+      return {
+        data: dbUsers.map(toUserResponse),
+        meta: { page, limit, total },
+      };
+    }),
+  createUser: procedure()
+    .guard(authenticated)
+    .input(CreateUserInput)
+    .output(UserSchema)
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const user = await db.user.create({ data: input });
+      return toUserResponse(user);
+    }),
+  updateUser: procedure()
+    .guard(authenticated)
+    .input(z.object({ id: z.string().uuid() }).merge(UpdateUserInput))
+    .output(UserSchema)
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const { id, ...data } = input;
+      if (!ctx.user) {
+        throw new AuthError('Authentication required', 401, 'NOT_AUTHENTICATED');
+      }
+      const isOwner = ctx.user.id === id;
+      const isAdmin = Array.isArray(ctx.user.roles) && ctx.user.roles.includes('admin');
+      if (!isOwner && !isAdmin) {
+        throw new GuardError('ownership', 'You can only update your own profile', 403);
+      }
+      const updated = await db.user.update({ where: { id }, data });
+      return toUserResponse(updated);
+    }),
+  patchUser: procedure()
+    .guard(authenticated)
+    .input(z.object({ id: z.string().uuid() }).merge(UpdateUserInput))
+    .output(UserSchema)
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const { id, ...data } = input;
+      if (!ctx.user) {
+        throw new AuthError('Authentication required', 401, 'NOT_AUTHENTICATED');
+      }
+      const isOwner = ctx.user.id === id;
+      const isAdmin = Array.isArray(ctx.user.roles) && ctx.user.roles.includes('admin');
+      if (!isOwner && !isAdmin) {
+        throw new GuardError('ownership', 'You can only update your own profile', 403);
+      }
+      const updated = await db.user.update({ where: { id }, data });
+      return toUserResponse(updated);
+    }),
+  deleteUser: procedure()
+    .guard(hasRole('admin'))
+    .input(z.object({ id: z.string().uuid() }))
+    .output(z.object({ success: z.boolean() }))
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      await db.user.delete({ where: { id: input.id } });
+      return { success: true };
+    }),
+});

package/src/templates/source/api/procedures/users.default.ts ADDED Viewed

@@ -0,0 +1,119 @@
+/**
+ * User Procedures
+ */
+import { defineProcedures, procedure, paginationInputSchema, z } from '@veloxts/velox';
+import { CreateUserInput, UpdateUserInput, UserSchema } from '../schemas/user.js';
+// Database types
+interface DbUser {
+  id: string;
+  name: string;
+  email: string;
+  createdAt: Date;
+  updatedAt: Date;
+}
+interface DbClient {
+  user: {
+    findUnique: (args: { where: { id: string } }) => Promise<DbUser | null>;
+    findMany: (args?: { skip?: number; take?: number }) => Promise<DbUser[]>;
+    create: (args: { data: { name: string; email: string } }) => Promise<DbUser>;
+    update: (args: { where: { id: string }; data: { name?: string; email?: string } }) => Promise<DbUser>;
+    delete: (args: { where: { id: string } }) => Promise<DbUser>;
+    count: () => Promise<number>;
+  };
+}
+function getDb(ctx: { db: unknown }): DbClient {
+  return ctx.db as DbClient;
+}
+function toUserResponse(dbUser: DbUser) {
+  return {
+    id: dbUser.id,
+    name: dbUser.name,
+    email: dbUser.email,
+    createdAt: dbUser.createdAt.toISOString(),
+    updatedAt: dbUser.updatedAt.toISOString(),
+  };
+}
+export const userProcedures = defineProcedures('users', {
+  getUser: procedure()
+    .input(z.object({ id: z.string().uuid() }))
+    .output(UserSchema.nullable())
+    .query(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const user = await db.user.findUnique({ where: { id: input.id } });
+      return user ? toUserResponse(user) : null;
+    }),
+  listUsers: procedure()
+    .input(paginationInputSchema.optional())
+    .output(
+      z.object({
+        data: z.array(UserSchema),
+        meta: z.object({
+          page: z.number(),
+          limit: z.number(),
+          total: z.number(),
+        }),
+      })
+    )
+    .query(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const page = input?.page ?? 1;
+      const limit = input?.limit ?? 10;
+      const skip = (page - 1) * limit;
+      const [dbUsers, total] = await Promise.all([
+        db.user.findMany({ skip, take: limit }),
+        db.user.count(),
+      ]);
+      return {
+        data: dbUsers.map(toUserResponse),
+        meta: { page, limit, total },
+      };
+    }),
+  createUser: procedure()
+    .input(CreateUserInput)
+    .output(UserSchema)
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const user = await db.user.create({ data: input });
+      return toUserResponse(user);
+    }),
+  updateUser: procedure()
+    .input(z.object({ id: z.string().uuid() }).merge(UpdateUserInput))
+    .output(UserSchema)
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const { id, ...data } = input;
+      const user = await db.user.update({ where: { id }, data });
+      return toUserResponse(user);
+    }),
+  patchUser: procedure()
+    .input(z.object({ id: z.string().uuid() }).merge(UpdateUserInput))
+    .output(UserSchema)
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      const { id, ...data } = input;
+      const user = await db.user.update({ where: { id }, data });
+      return toUserResponse(user);
+    }),
+  deleteUser: procedure()
+    .input(z.object({ id: z.string().uuid() }))
+    .output(z.object({ success: z.boolean() }))
+    .mutation(async ({ input, ctx }) => {
+      const db = getDb(ctx);
+      await db.user.delete({ where: { id: input.id } });
+      return { success: true };
+    }),
+});

package/src/templates/source/api/schemas/user.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * User Schemas
+ */
+import { createIdSchema, emailSchema, z } from '@veloxts/velox';
+export const UserSchema = z.object({
+  id: createIdSchema('uuid'),
+  name: z.string().min(1).max(100),
+  email: emailSchema,
+  createdAt: z.coerce.date().transform((d) => d.toISOString()),
+  updatedAt: z.coerce.date().transform((d) => d.toISOString()),
+});
+export type User = z.infer<typeof UserSchema>;
+export const CreateUserInput = z.object({
+  name: z.string().min(1).max(100),
+  email: emailSchema,
+});
+export type CreateUserData = z.infer<typeof CreateUserInput>;
+export const UpdateUserInput = z.object({
+  name: z.string().min(1).max(100).optional(),
+  email: emailSchema.optional(),
+});
+export type UpdateUserData = z.infer<typeof UpdateUserInput>;

package/src/templates/source/api/tsconfig.json ADDED Viewed

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "rootDir": "./src",
+    "outDir": "./dist",
+    "declaration": false,
+    "declarationMap": false
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"]
+}

package/src/templates/source/api/tsup.config.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { defineConfig } from 'tsup';
+export default defineConfig({
+  entry: ['src/index.ts'],
+  format: ['esm'],
+  target: 'node18',
+  clean: true,
+  dts: false,
+  sourcemap: true,
+});