npm - create-warlock - Versions diffs - 4.2.6 → 4.2.8 - Mend

create-warlock 4.2.6 → 4.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

package/templates/warlock/src/app/auth/controllers/forgot-password.controller.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { t, type Request, type RequestHandler, type Response } from "@warlock.js/core";
+import { v } from "@warlock.js/seal";
+import { forgotPasswordService } from "../services/forgot-password.service";
+/**
+ * Forgot password controller
+ * POST /auth/forgot-password
+ */
+export const forgotPasswordController: RequestHandler = async (
+  request: Request,
+  response: Response,
+) => {
+  const { email } = request.validated();
+  await forgotPasswordService(email);
+  return response.success({
+    message: t("auth.otpSent"),
+  });
+};
+forgotPasswordController.description = "Request password reset";
+forgotPasswordController.validation = {
+  schema: v.object({
+    email: v.email().required(),
+  }),
+};

package/templates/warlock/src/app/auth/controllers/login.controller.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { type Request, type RequestHandler } from "@warlock.js/core";
+import { type LoginSchema, loginSchema } from "../schema/login.schema";
+import { loginService } from "../services/auth.service";
+/**
+ * Login controller
+ * POST /auth/login
+ */
+export const loginController: RequestHandler<Request<LoginSchema>> = async (request, response) => {
+  const result = await loginService(request.validated(), {
+    userAgent: request.userAgent,
+    ip: request.ip,
+  });
+  return response.success(result);
+};
+loginController.description = "User Login";
+loginController.validation = {
+  schema: loginSchema,
+};

package/templates/warlock/src/app/auth/controllers/logout-all.controller.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { t, type Request, type RequestHandler, type Response } from "@warlock.js/core";
+import { logoutAllService } from "../services/auth.service";
+/**
+ * Logout from all devices controller
+ * POST /auth/logout-all
+ */
+export const logoutAllController: RequestHandler = async (request: Request, response: Response) => {
+  await logoutAllService(request.user);
+  return response.success({
+    message: t("auth.loggedOutAll"),
+  });
+};
+logoutAllController.description = "Logout from all devices";

package/templates/warlock/src/app/auth/controllers/logout.controller.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { t, type Request, type RequestHandler, type Response } from "@warlock.js/core";
+import { logoutService } from "../services/auth.service";
+/**
+ * Logout controller
+ * POST /auth/logout
+ */
+export const logoutController: RequestHandler = async (request: Request, response: Response) => {
+  await logoutService(request.user);
+  return response.success({
+    message: t("auth.loggedOut"),
+  });
+};
+logoutController.description = "User Logout";

package/templates/warlock/src/app/auth/controllers/me.controller.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { type Request, type RequestHandler, type Response } from "@warlock.js/core";
+/**
+ * Get current user controller
+ * GET /auth/me
+ */
+export const meController: RequestHandler = async (request: Request, response: Response) => {
+  return response.success({
+    user: request.user,
+  });
+};
+meController.description = "Get Current User";

package/templates/warlock/src/app/auth/controllers/refresh-token.controller.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { type Request, type RequestHandler, type Response } from "@warlock.js/core";
+import { v } from "@warlock.js/seal";
+import { refreshTokensService } from "../services/auth.service";
+/**
+ * Refresh token controller
+ * POST /auth/refresh-token
+ */
+export const refreshTokenController: RequestHandler = async (
+  request: Request,
+  response: Response,
+) => {
+  const token = request.input("refreshToken");
+  const result = await refreshTokensService(token, {
+    userAgent: request.userAgent,
+    ip: request.ip,
+  });
+  return response.success(result);
+};
+refreshTokenController.description = "Refresh Access Token";
+refreshTokenController.validation = {
+  schema: v.object({
+    refreshToken: v.string().required(),
+  }),
+};

package/templates/warlock/src/app/auth/controllers/reset-password.controller.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { t, type Request, type RequestHandler } from "@warlock.js/core";
+import { resetPasswordSchema, type ResetPasswordSchema } from "../schema/reset-password.schema";
+import { resetPasswordService } from "../services/reset-password.service";
+/**
+ * Reset password controller
+ */
+export const resetPasswordController: RequestHandler<Request<ResetPasswordSchema>> = async (
+  request,
+  response,
+) => {
+  await resetPasswordService(request.validated());
+  return response.success({
+    message: t("auth.passwordResetSuccess"),
+  });
+};
+resetPasswordController.description = "Reset password with OTP";
+resetPasswordController.validation = {
+  schema: resetPasswordSchema,
+};

package/templates/warlock/src/app/auth/main.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { authService } from "@warlock.js/auth";
+import { scheduler } from "app/shared/services/scheduler.service";
+import { cleanupExpiredOtpsService } from "./services/otp.service";
+// Cleanup expired OTPs every hour
+scheduler.newJob("cleanup-expired-otps", cleanupExpiredOtpsService).everyHour();
+// Cleanup expired refresh tokens every hour
+scheduler.newJob("cleanup-expired-tokens", () => authService.cleanupExpiredTokens()).everyHour();

package/templates/warlock/src/app/auth/models/otp/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./otp.model";

package/templates/warlock/src/app/auth/models/otp/migrations/22-12-2025_10-30-20.otp-migration.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { bool, integer, json, Migration, string, timestamp } from "@warlock.js/cascade";
+import { OTP } from "../otp.model";
+export default Migration.create(
+  OTP,
+  {
+    code: string(20).index(),
+    type: string(50),
+    target: string(255),
+    channel: string(50),
+    userId: integer().index(),
+    userType: string(50),
+    expiresAt: timestamp().index(),
+    usedAt: timestamp().nullable(),
+    attempts: integer(),
+    maxAttempts: integer(),
+    metadata: json().nullable(),
+    isActive: bool(),
+    createdBy: json().nullable(),
+    updatedBy: json().nullable(),
+    deletedBy: json().nullable(),
+  },
+  {
+    index: [
+      {
+        columns: ["target", "type"],
+      },
+    ],
+  },
+);

package/templates/warlock/src/app/auth/models/otp/otp.model.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { Model, RegisterModel } from "@warlock.js/cascade";
+import { v, type Infer } from "@warlock.js/seal";
+const otpSchema = v.object({
+  code: v.string().required(),
+  type: v.string().required(),
+  target: v.string().required(),
+  channel: v.string().required(),
+  userId: v.number().required(),
+  userType: v.string().required(),
+  expiresAt: v.date().required(),
+  usedAt: v.date().optional(),
+  attempts: v.number().default(0),
+  maxAttempts: v.number().default(5),
+  metadata: v.record(v.any()).optional(),
+});
+type OTPSchema = Infer<typeof otpSchema>;
+@RegisterModel()
+export class OTP extends Model<OTPSchema> {
+  /**
+   * Table name
+   */
+  public static table = "otps";
+  /**
+   * Model schema
+   */
+  public static schema = otpSchema;
+  /**
+   * Check if OTP is valid (not expired, not used, not max attempts)
+   */
+  public get isValid(): boolean {
+    if (this.get("usedAt")) return false;
+    if ((this.get("attempts") ?? 0) >= (this.get("maxAttempts") ?? 0)) return false;
+    if (new Date() > new Date(this.get("expiresAt"))) return false;
+    return true;
+  }
+  /**
+   * Check if OTP is expired
+   */
+  public get isExpired(): boolean {
+    return new Date() > new Date(this.get("expiresAt"));
+  }
+  /**
+   * Check if max attempts exceeded
+   */
+  public get isMaxAttemptsExceeded(): boolean {
+    return (this.get("attempts") ?? 0) >= (this.get("maxAttempts") ?? 0);
+  }
+  /**
+   * Mark OTP as used
+   */
+  public async markAsUsed(): Promise<this> {
+    return this.set("usedAt", new Date()).save();
+  }
+  /**
+   * Increment failed attempt
+   */
+  public async incrementAttempt(): Promise<this> {
+    return this.set("attempts", (this.get("attempts") ?? 0) + 1).save();
+  }
+}

package/templates/warlock/src/app/auth/requests/guarded.request.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { Request, RequestHandler } from "@warlock.js/core";
+import type { User } from "app/users/models/user";
+export type GuardedRequest<RequestPayload = unknown> = Request<RequestPayload> & {
+  user: User;
+};
+export type GuardedRequestHandler<RequestPayload = unknown> = RequestHandler<
+  GuardedRequest<RequestPayload>
+>;

package/templates/warlock/src/app/auth/routes.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { router } from "@warlock.js/core";
+import { guarded } from "app/shared/utils/router";
+import { forgotPasswordController } from "./controllers/forgot-password.controller";
+import { loginController } from "./controllers/login.controller";
+import { logoutAllController } from "./controllers/logout-all.controller";
+import { logoutController } from "./controllers/logout.controller";
+import { meController } from "./controllers/me.controller";
+import { refreshTokenController } from "./controllers/refresh-token.controller";
+import { resetPasswordController } from "./controllers/reset-password.controller";
+// Auth routes
+router.prefix("/auth", () => {
+  router.post("/login", loginController);
+  router.post("/refresh-token", refreshTokenController);
+  router.post("/forgot-password", forgotPasswordController);
+  router.post("/reset-password", resetPasswordController);
+  guarded(() => {
+    router.post("/logout", logoutController);
+    router.post("/logout-all", logoutAllController);
+    router.get("/me", meController);
+  });
+});

package/templates/warlock/src/app/auth/schema/login.schema.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { v, type Infer } from "@warlock.js/seal";
+export const loginSchema = v.object({
+  email: v.email().required(),
+  password: v.string().required(),
+});
+export type LoginSchema = Infer<typeof loginSchema>;

package/templates/warlock/src/app/auth/schema/reset-password.schema.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { v, type Infer } from "@warlock.js/seal";
+export const resetPasswordSchema = v.object({
+  email: v.string().email().required(),
+  code: v.string().required(),
+  newPassword: v.string().min(8).required(),
+});
+export type ResetPasswordSchema = Infer<typeof resetPasswordSchema>;

package/templates/warlock/src/app/auth/services/auth.service.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import type { AccessTokenOutput, Auth } from "@warlock.js/auth";
+import { authService, type DeviceInfo, type TokenPair } from "@warlock.js/auth";
+import { t, UnAuthorizedError } from "@warlock.js/core";
+import { User } from "app/users/models/user/user.model";
+export type LoginCredentials = {
+  email: string;
+  password: string;
+};
+export type LoginResult =
+  | {
+      user: User;
+      tokens: TokenPair;
+    }
+  | null
+  | {
+      user: User;
+      accessToken: AccessTokenOutput;
+    };
+/**
+ * Login with email and password
+ */
+export async function loginService(
+  credentials: LoginCredentials,
+  deviceInfo?: DeviceInfo,
+): Promise<LoginResult> {
+  const result = await authService.login(User, credentials, deviceInfo);
+  if (!result) {
+    throw new UnAuthorizedError(t("auth.invalidCredentials"));
+  }
+  return result;
+}
+/**
+ * Logout user
+ */
+export async function logoutService(user: Auth): Promise<void> {
+  return authService.logout(user);
+}
+/**
+ * Logout from all devices
+ */
+export async function logoutAllService(user: Auth): Promise<void> {
+  return authService.revokeAllTokens(user);
+}
+/**
+ * Refresh tokens
+ */
+export async function refreshTokensService(
+  refreshToken: string,
+  deviceInfo?: DeviceInfo,
+): Promise<TokenPair> {
+  const result = await authService.refreshTokens(refreshToken, deviceInfo);
+  if (!result) {
+    throw new UnAuthorizedError(t("auth.invalidRefreshToken"));
+  }
+  return result;
+}

package/templates/warlock/src/app/auth/services/forgot-password.service.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { getFirstUserService } from "app/users/services/list-users.service";
+import { createOtpService } from "./otp.service";
+/**
+ * Example Usage:
+ * await forgotPasswordService("user@example.com");
+ */
+/**
+ * Handle forgot password request
+ *
+ * @param email - User email address
+ * @returns Promise<void>
+ */
+export async function forgotPasswordService(email: string): Promise<void> {
+  // Find user by email (silent fail for security)
+  const user = await getFirstUserService({ email });
+  // Create a password-reset OTP. Wire a mail service to deliver its code —
+  // e.g. `sendPasswordResetEmail(user, otp.get("code"))`.
+  await createOtpService({
+    target: email,
+    channel: "email",
+    type: "password-reset",
+    userId: user.id,
+    userType: user.userType,
+  });
+}

package/templates/warlock/src/app/auth/services/otp.service.ts ADDED Viewed

@@ -0,0 +1,173 @@
+import { ForbiddenError, t } from "@warlock.js/core";
+import { OTP } from "../models/otp";
+import { AuthErrorCode } from "../utils/auth-error-code";
+import type { OTPChannel, OTPType } from "../utils/types";
+/** Human-friendly duration parts, summed to milliseconds by `parseDurationToMs`. */
+type Duration = {
+  milliseconds?: number;
+  seconds?: number;
+  minutes?: number;
+  hours?: number;
+  days?: number;
+  weeks?: number;
+};
+// Default OTP expiration
+const DEFAULT_OTP_EXPIRATION: Duration = { minutes: 15 };
+// Parse duration to milliseconds
+function parseDurationToMs(duration: Duration): number {
+  let ms = 0;
+  if (duration.milliseconds) ms += duration.milliseconds;
+  if (duration.seconds) ms += duration.seconds * 1000;
+  if (duration.minutes) ms += duration.minutes * 60 * 1000;
+  if (duration.hours) ms += duration.hours * 60 * 60 * 1000;
+  if (duration.days) ms += duration.days * 24 * 60 * 60 * 1000;
+  if (duration.weeks) ms += duration.weeks * 7 * 24 * 60 * 60 * 1000;
+  return ms;
+}
+export type CreateOTPOptions = {
+  target: string;
+  channel: OTPChannel;
+  type: OTPType;
+  userId?: number | string;
+  userType?: string;
+  expiresIn?: Duration;
+  length?: number;
+  alphanumeric?: boolean;
+  maxAttempts?: number;
+  metadata?: object;
+};
+/**
+ * Generate OTP code
+ */
+function generateCode(length: number = 6, alphanumeric: boolean = false): string {
+  if (alphanumeric) {
+    // Generate alphanumeric code
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+    let code = "";
+    for (let i = 0; i < length; i++) {
+      code += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return code;
+  }
+  // Generate numeric code
+  const min = Math.pow(10, length - 1);
+  const max = Math.pow(10, length) - 1;
+  return Math.floor(min + Math.random() * (max - min + 1)).toString();
+}
+/**
+ * Create a new OTP
+ */
+export async function createOtpService(options: CreateOTPOptions): Promise<OTP> {
+  const {
+    target,
+    channel,
+    type,
+    userId,
+    userType,
+    expiresIn = DEFAULT_OTP_EXPIRATION,
+    length = 6,
+    alphanumeric = false,
+    maxAttempts = 5,
+    metadata,
+  } = options;
+  // Invalidate any existing unused OTPs for this target+type
+  await cleanupOtpService(target, type);
+  const code = generateCode(length, alphanumeric);
+  const expiresAt = new Date(Date.now() + parseDurationToMs(expiresIn));
+  return OTP.create({
+    code,
+    type,
+    target,
+    channel,
+    userId,
+    userType,
+    expiresAt,
+    maxAttempts,
+    metadata,
+  });
+}
+/**
+ * Verify an OTP
+ */
+export async function verifyOtpService(
+  code: string,
+  target: string,
+  type: OTPType,
+): Promise<OTP | never> {
+  const otp = await OTP.first({
+    code,
+    target,
+    type,
+    usedAt: null,
+  });
+  if (!otp) {
+    throw new ForbiddenError(t("auth.missingOtp"), {
+      errorCode: AuthErrorCode.OTP_NOT_FOUND,
+    });
+  }
+  if (otp.isExpired) {
+    throw new ForbiddenError(t("auth.otpExpired"), {
+      errorCode: AuthErrorCode.OTP_EXPIRED,
+    });
+  }
+  if (otp.isMaxAttemptsExceeded) {
+    throw new ForbiddenError(t("auth.otpMaxAttempts"), {
+      errorCode: AuthErrorCode.OTP_MAX_ATTEMPTS,
+    });
+  }
+  // Mark as used
+  await otp.markAsUsed();
+  return otp;
+}
+export async function cleanupOtpService(target: string, type: OTPType): Promise<void> {
+  await OTP.delete({
+    target,
+    type,
+    usedAt: null,
+  });
+}
+/**
+ * Resend OTP (invalidate old and create new)
+ */
+export async function resendOtpService(
+  target: string,
+  type: OTPType,
+  channel: OTPChannel,
+  options?: Partial<CreateOTPOptions>,
+): Promise<OTP> {
+  await cleanupOtpService(target, type);
+  return createOtpService({
+    target,
+    type,
+    channel,
+    ...options,
+  });
+}
+/**
+ * Cleanup expired OTPs
+ */
+export async function cleanupExpiredOtpsService(): Promise<number> {
+  const expiredOtps = await OTP.query().where("expiresAt", "<", new Date()).get();
+  await Promise.all(expiredOtps.map((otp) => otp.destroy()));
+  return expiredOtps.length;
+}

package/templates/warlock/src/app/auth/services/reset-password.service.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { authService } from "@warlock.js/auth";
+import { BadRequestError, t } from "@warlock.js/core";
+import { User } from "app/users/models/user";
+import { AuthErrorCode } from "../utils/auth-error-code";
+import { verifyOtpService } from "./otp.service";
+type ResetPasswordOptions = {
+  email: string;
+  code: string;
+  newPassword: string;
+};
+/**
+ * Reset user password using OTP verification
+ */
+export async function resetPasswordService(options: ResetPasswordOptions): Promise<User> {
+  const { email, code, newPassword } = options;
+  // Verify OTP
+  const otp = await verifyOtpService(code, email, "password-reset");
+  // Find user
+  const user = await User.find(otp.get("userId"));
+  if (!user) {
+    throw new BadRequestError(t("auth.otpInvalid"), {
+      errorCode: AuthErrorCode.OTP_INVALID,
+    });
+  }
+  // Update password
+  await user.set("password", newPassword).save();
+  // Revoke all tokens (force re-login)
+  // Or make it an option through user decision.
+  await authService.revokeAllTokens(user);
+  return user;
+}

package/templates/warlock/src/app/auth/utils/auth-error-code.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export enum AuthErrorCode {
+  OTP_NOT_FOUND = "OTX001", // OTP Not Found
+  OTP_EXPIRED = "OTX002", // OTP Expired
+  OTP_MAX_ATTEMPTS = "OTX003", // OTP Max Attempts
+  OTP_INVALID = "OTX004", // OTP Invalid
+}