db-model-router 1.0.6 → 1.0.7

package/demo/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "demo",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node app.js",
+    "dev": "nodemon app.js",
+    "migrate": "node commons/migrate.js",
+    "add_migration": "node commons/add_migration.js",
+    "docker:build": "docker build -t app .",
+    "docker:up": "docker compose up -d",
+    "docker:down": "docker compose down"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "type": "module",
+  "imports": {
+    "#root/*.js": "./*.js",
+    "#models": "./models/index.js",
+    "#models/*.js": "./models/*.js",
+    "#routes/*.js": "./routes/*.js",
+    "#commons/*.js": "./commons/*.js",
+    "#middleware/*.js": "./middleware/*.js"
+  },
+  "dependencies": {
+    "db-model-router": "latest",
+    "dotenv": "latest",
+    "express": "latest",
+    "express-session": "latest",
+    "better-sqlite3": "latest",
+    "express-rate-limit": "latest",
+    "helmet": "latest",
+    "kafkajs": "latest",
+    "winston": "latest",
+    "swagger-ui-express": "latest"
+  },
+  "devDependencies": {
+    "nodemon": "latest"
+  }
+}

package/demo/routes/addresses/index.js

@@ -0,0 +1,6 @@
+import dbModelRouter from "db-model-router";
+import { addresses } from "#models";
+
+const { route } = dbModelRouter;
+
+export default route(addresses);

package/demo/routes/auth/index.js

@@ -0,0 +1,55 @@
+import express from "express";
+import authenticate from "#middleware/authenticate.js";
+import { verifyPassword } from "#commons/password.js";
+import { users, roles, role_permissions } from "#models";
+
+const router = express.Router();
+
+// POST /api/auth/login - Authenticate user and create session
+router.post("/login", async (req, res) => {
+  try {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      return res.status(401).json({ message: "Invalid credentials" });
+    }
+
+    const userResults = await users.findAll({ email });
+    const user = Array.isArray(userResults) ? userResults[0] : (userResults?.data?.[0] ?? null);
+
+    if (!user) {
+      return res.status(401).json({ message: "Invalid credentials" });
+    }
+
+    const isValid = await verifyPassword(password, user.password_hash);
+    if (!isValid) {
+      return res.status(401).json({ message: "Invalid credentials" });
+    }
+
+    const role = await roles.findById(user.role_id);
+    const permsResult = await role_permissions.findAll({ role_id: user.role_id });
+    const permissionList = Array.isArray(permsResult) ? permsResult : (permsResult?.data ?? []);
+
+    req.session.user = user;
+    req.session.role = role;
+    req.session.permission = permissionList.map((p) =>
+      typeof p.permission === "string" ? JSON.parse(p.permission) : p.permission
+    );
+
+    res.json({ message: "Login successful", user: { id: user.user_id, email: user.email, name: user.name } });
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+// POST /api/auth/logout - Destroy session
+router.post("/logout", authenticate, (req, res) => {
+  req.session.destroy((err) => {
+    if (err) {
+      return res.status(500).json({ message: "Failed to destroy session" });
+    }
+    res.json({ message: "Logout successful" });
+  });
+});
+
+export default router;

package/demo/routes/carts/cart_items/index.js

@@ -0,0 +1,7 @@
+import dbModelRouter from "db-model-router";
+import { cart_items } from "#models";
+
+const { route } = dbModelRouter;
+
+// Child route: scoped by parent carts via cart_id
+export default route(cart_items, { cart_id: "params.cart_id" });

package/demo/routes/carts/index.js

@@ -0,0 +1,6 @@
+import dbModelRouter from "db-model-router";
+import { carts } from "#models";
+
+const { route } = dbModelRouter;
+
+export default route(carts);

package/demo/routes/categories/index.js

@@ -0,0 +1,6 @@
+import dbModelRouter from "db-model-router";
+import { categories } from "#models";
+
+const { route } = dbModelRouter;
+
+export default route(categories);

package/demo/routes/coupons/index.js

@@ -0,0 +1,6 @@
+import dbModelRouter from "db-model-router";
+import { coupons } from "#models";
+
+const { route } = dbModelRouter;
+
+export default route(coupons);

package/demo/routes/docs.js

@@ -0,0 +1,18 @@
+import express from "express";
+import swaggerUi from "swagger-ui-express";
+import { readFileSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const spec = JSON.parse(readFileSync(join(__dirname, "../openapi.json"), "utf8"));
+
+const router = express.Router();
+
+router.use("/", swaggerUi.serve);
+router.get("/", swaggerUi.setup(spec, {
+  customSiteTitle: "API Documentation",
+  customCss: ".swagger-ui .topbar { display: none }",
+}));
+
+export default router;

package/demo/routes/health.js

@@ -0,0 +1,35 @@
+import express from "express";
+
+const router = express.Router();
+
+/**
+ * GET /health
+ * Returns server health status, uptime, memory, and database connectivity.
+ */
+router.get("/", async (req, res) => {
+  const health = {
+    status: "ok",
+    timestamp: new Date().toISOString(),
+    uptime: process.uptime(),
+    memory: process.memoryUsage(),
+    db: { connected: false },
+  };
+
+  try {
+    if (global.db && typeof global.db.query === "function") {
+      await global.db.query("SELECT NOW()");
+      health.db.connected = true;
+    } else if (global.db && typeof global.db.get === "function") {
+      // NoSQL adapters (mongodb, redis, dynamodb)
+      health.db.connected = true;
+    }
+  } catch (err) {
+    health.status = "degraded";
+    health.db.error = err.message;
+  }
+
+  const statusCode = health.status === "ok" ? 200 : 503;
+  res.status(statusCode).json(health);
+});
+
+export default router;

package/demo/routes/index.js

@@ -0,0 +1,54 @@
+import express from "express";
+
+const router = express.Router();
+
+// SaaS auth & CRUD routes
+import authRoute from "#routes/auth/index.js";
+import saasUsersRoute from "#routes/users/index.js";
+import saasTenantsRoute from "#routes/tenants/index.js";
+import saasRolesRoute from "#routes/roles/index.js";
+import saasPermissionsRoute from "#routes/roles/permissions/index.js";
+
+// Schema-generated routes
+import addressesRoute from "#routes/addresses/index.js";
+import cartsRoute from "#routes/carts/index.js";
+import categoriesRoute from "#routes/categories/index.js";
+import couponsRoute from "#routes/coupons/index.js";
+import ordersRoute from "#routes/orders/index.js";
+import productsRoute from "#routes/products/index.js";
+import wishlistsRoute from "#routes/wishlists/index.js";
+import product_imagesChildRoute from "#routes/products/product_images/index.js";
+import product_variantsChildRoute from "#routes/products/product_variants/index.js";
+import product_reviewsChildRoute from "#routes/products/product_reviews/index.js";
+import cart_itemsChildRoute from "#routes/carts/cart_items/index.js";
+import order_itemsChildRoute from "#routes/orders/order_items/index.js";
+import paymentsChildRoute from "#routes/orders/payments/index.js";
+import shipmentsChildRoute from "#routes/orders/shipments/index.js";
+import docsRoute from "#routes/docs.js";
+
+// SaaS routes
+router.use("/auth", authRoute);
+router.use("/users", saasUsersRoute);
+router.use("/tenants", saasTenantsRoute);
+router.use("/roles", saasRolesRoute);
+router.use("/roles/:role_id/permissions", saasPermissionsRoute);
+
+router.use("/docs", docsRoute);
+router.use("/products/:product_id/product_images", product_imagesChildRoute);
+router.use("/products/:product_id/product_variants", product_variantsChildRoute);
+router.use("/products/:product_id/product_reviews", product_reviewsChildRoute);
+router.use("/carts/:cart_id/cart_items", cart_itemsChildRoute);
+router.use("/orders/:order_id/order_items", order_itemsChildRoute);
+router.use("/orders/:order_id/payments", paymentsChildRoute);
+router.use("/orders/:order_id/shipments", shipmentsChildRoute);
+
+// Schema-generated routes
+router.use("/addresses", addressesRoute);
+router.use("/carts", cartsRoute);
+router.use("/categories", categoriesRoute);
+router.use("/coupons", couponsRoute);
+router.use("/orders", ordersRoute);
+router.use("/products", productsRoute);
+router.use("/wishlists", wishlistsRoute);
+
+export default router;

package/demo/routes/orders/index.js

@@ -0,0 +1,6 @@
+import dbModelRouter from "db-model-router";
+import { orders } from "#models";
+
+const { route } = dbModelRouter;
+
+export default route(orders);

package/demo/routes/orders/order_items/index.js

@@ -0,0 +1,7 @@
+import dbModelRouter from "db-model-router";
+import { order_items } from "#models";
+
+const { route } = dbModelRouter;
+
+// Child route: scoped by parent orders via order_id
+export default route(order_items, { order_id: "params.order_id" });

package/demo/routes/orders/payments/index.js

@@ -0,0 +1,7 @@
+import dbModelRouter from "db-model-router";
+import { payments } from "#models";
+
+const { route } = dbModelRouter;
+
+// Child route: scoped by parent orders via order_id
+export default route(payments, { order_id: "params.order_id" });

package/demo/routes/orders/shipments/index.js

@@ -0,0 +1,7 @@
+import dbModelRouter from "db-model-router";
+import { shipments } from "#models";
+
+const { route } = dbModelRouter;
+
+// Child route: scoped by parent orders via order_id
+export default route(shipments, { order_id: "params.order_id" });

package/demo/routes/products/index.js

@@ -0,0 +1,6 @@
+import dbModelRouter from "db-model-router";
+import { products } from "#models";
+
+const { route } = dbModelRouter;
+
+export default route(products);

package/demo/routes/products/product_images/index.js

@@ -0,0 +1,7 @@
+import dbModelRouter from "db-model-router";
+import { product_images } from "#models";
+
+const { route } = dbModelRouter;
+
+// Child route: scoped by parent products via product_id
+export default route(product_images, { product_id: "params.product_id" });

package/demo/routes/products/product_reviews/index.js

@@ -0,0 +1,7 @@
+import dbModelRouter from "db-model-router";
+import { product_reviews } from "#models";
+
+const { route } = dbModelRouter;
+
+// Child route: scoped by parent products via product_id
+export default route(product_reviews, { product_id: "params.product_id" });

package/demo/routes/products/product_variants/index.js

@@ -0,0 +1,7 @@
+import dbModelRouter from "db-model-router";
+import { product_variants } from "#models";
+
+const { route } = dbModelRouter;
+
+// Child route: scoped by parent products via product_id
+export default route(product_variants, { product_id: "params.product_id" });

package/demo/routes/roles/index.js

@@ -0,0 +1,75 @@
+import express from "express";
+import authenticate from "#middleware/authenticate.js";
+import tenantIsolation from "#middleware/tenantIsolation.js";
+import hasPermission from "#middleware/hasPermission.js";
+import { roles } from "#models";
+
+const router = express.Router();
+
+function userHasGlobalPermission(req) {
+  return req.session.permission.some((p) => p.scope === "global");
+}
+
+function guardSystemRole(req, res, role) {
+  if (role.tenant_id === null && !userHasGlobalPermission(req)) {
+    res.status(403).json({ message: "Cannot modify system roles" });
+    return true;
+  }
+  return false;
+}
+
+function guardGlobalPermissionEscalation(req, res) {
+  const permissions = req.body.permissions || [];
+  const hasGlobalEntry = permissions.some((p) => p.scope === "global");
+  if (hasGlobalEntry && !userHasGlobalPermission(req)) {
+    res.status(403).json({ message: "Cannot assign global permissions" });
+    return true;
+  }
+  return false;
+}
+
+router.get("/", authenticate, tenantIsolation, hasPermission("roles", "read"), async (req, res) => {
+  try {
+    const results = await roles.findAll(req.query);
+    res.json(results);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.post("/", authenticate, tenantIsolation, hasPermission("roles", "write"), async (req, res) => {
+  try {
+    if (guardGlobalPermissionEscalation(req, res)) return;
+    const result = await roles.create(req.body);
+    res.status(201).json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.put("/:id", authenticate, tenantIsolation, hasPermission("roles", "update"), async (req, res) => {
+  try {
+    const role = await roles.findById(req.params.id);
+    if (!role) return res.status(404).json({ message: "Role not found" });
+    if (guardSystemRole(req, res, role)) return;
+    if (guardGlobalPermissionEscalation(req, res)) return;
+    const result = await roles.update(req.params.id, req.body);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.delete("/:id", authenticate, tenantIsolation, hasPermission("roles", "delete"), async (req, res) => {
+  try {
+    const role = await roles.findById(req.params.id);
+    if (!role) return res.status(404).json({ message: "Role not found" });
+    if (guardSystemRole(req, res, role)) return;
+    const result = await roles.delete(req.params.id);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+export default router;

package/demo/routes/roles/permissions/index.js

@@ -0,0 +1,47 @@
+import express from "express";
+import authenticate from "#middleware/authenticate.js";
+import tenantIsolation from "#middleware/tenantIsolation.js";
+import hasPermission from "#middleware/hasPermission.js";
+import { role_permissions } from "#models";
+
+const router = express.Router({ mergeParams: true });
+
+router.get("/", authenticate, tenantIsolation, hasPermission("permissions", "read"), async (req, res) => {
+  try {
+    const query = { ...req.query, role_id: req.params.role_id };
+    const results = await role_permissions.findAll(query);
+    res.json(results);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.post("/", authenticate, tenantIsolation, hasPermission("permissions", "write"), async (req, res) => {
+  try {
+    const data = { ...req.body, role_id: req.params.role_id };
+    const result = await role_permissions.create(data);
+    res.status(201).json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.put("/:permission_id", authenticate, tenantIsolation, hasPermission("permissions", "update"), async (req, res) => {
+  try {
+    const result = await role_permissions.update(req.params.permission_id, req.body);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.delete("/:permission_id", authenticate, tenantIsolation, hasPermission("permissions", "delete"), async (req, res) => {
+  try {
+    const result = await role_permissions.delete(req.params.permission_id);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+export default router;

package/demo/routes/tenants/index.js

@@ -0,0 +1,45 @@
+import express from "express";
+import authenticate from "#middleware/authenticate.js";
+import tenantIsolation from "#middleware/tenantIsolation.js";
+import hasPermission from "#middleware/hasPermission.js";
+import { tenants } from "#models";
+
+const router = express.Router();
+
+router.get("/", authenticate, tenantIsolation, hasPermission("tenants", "read"), async (req, res) => {
+  try {
+    const results = await tenants.findAll(req.query);
+    res.json(results);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.post("/", authenticate, tenantIsolation, hasPermission("tenants", "write"), async (req, res) => {
+  try {
+    const result = await tenants.create(req.body);
+    res.status(201).json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.put("/:id", authenticate, tenantIsolation, hasPermission("tenants", "update"), async (req, res) => {
+  try {
+    const result = await tenants.update(req.params.id, req.body);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.delete("/:id", authenticate, tenantIsolation, hasPermission("tenants", "delete"), async (req, res) => {
+  try {
+    const result = await tenants.delete(req.params.id);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+export default router;

package/demo/routes/users/index.js

@@ -0,0 +1,45 @@
+import express from "express";
+import authenticate from "#middleware/authenticate.js";
+import tenantIsolation from "#middleware/tenantIsolation.js";
+import hasPermission from "#middleware/hasPermission.js";
+import { users } from "#models";
+
+const router = express.Router();
+
+router.get("/", authenticate, tenantIsolation, hasPermission("users", "read"), async (req, res) => {
+  try {
+    const results = await users.findAll(req.query);
+    res.json(results);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.post("/", authenticate, tenantIsolation, hasPermission("users", "write"), async (req, res) => {
+  try {
+    const result = await users.create(req.body);
+    res.status(201).json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.put("/:id", authenticate, tenantIsolation, hasPermission("users", "update"), async (req, res) => {
+  try {
+    const result = await users.update(req.params.id, req.body);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+router.delete("/:id", authenticate, tenantIsolation, hasPermission("users", "delete"), async (req, res) => {
+  try {
+    const result = await users.delete(req.params.id);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ message: err.message });
+  }
+});
+
+export default router;

package/demo/routes/wishlists/index.js

@@ -0,0 +1,6 @@
+import dbModelRouter from "db-model-router";
+import { wishlists } from "#models";
+
+const { route } = dbModelRouter;
+
+export default route(wishlists);