express-genix 1.1.4 → 2.0.0

package/templates/core/server.js.ejs

@@ -1,49 +1,65 @@
-const cluster = require('cluster');
-const os = require('os');
-const app = require('./app');<% if (hasDatabase) { %>
-const db = require('./config/database');<% } %>
-
-const port = process.env.PORT || 3000;
-
-const startServer = async () => {<% if (hasDatabase) { %>
-  await db.connect();<% } %>
-  
-  if (cluster.isMaster) {
-    const numCPUs = os.cpus().length;
-    console.log(`🚀 Master ${process.pid} is running`);
-    console.log(`📊 Forking ${numCPUs} workers...`);
-    
-    // Fork workers
-    for (let i = 0; i < numCPUs; i++) {
-      cluster.fork();
-    }
-    
-    cluster.on('exit', (worker, code, signal) => {
-      console.log(`💥 Worker ${worker.process.pid} died with code ${code} and signal ${signal}`);
-      console.log('🔄 Starting a new worker...');
-      cluster.fork();
-    });
-  } else {
-    app.listen(port, () => {
-      console.log(`🌟 Worker ${process.pid} running on http://localhost:${port}`);
-      console.log(`📚 API Documentation: http://localhost:${port}/api-docs`);
-      console.log(`❤️  Health Check: http://localhost:${port}/health`);
-      console.log(`🛠️  Environment: ${process.env.NODE_ENV || 'development'}`);
-    });
-  }
-};
-
-startServer().catch(console.error);
-
-// Graceful Shutdown
-process.on('SIGTERM', async () => {
-  console.log('🛑 SIGTERM signal received: closing HTTP server');<% if (hasDatabase) { %>
-  await db.disconnect();<% } %>
-  process.exit(0);
-});
-
-process.on('SIGINT', async () => {
-  console.log('🛑 SIGINT signal received: closing HTTP server');<% if (hasDatabase) { %>
-  await db.disconnect();<% } %>
-  process.exit(0);
+require('dotenv').config();
+
+const cluster = require('cluster');
+const os = require('os');
+<% if (hasWebsocket) { %>const http = require('http');<% } %>
+const app = require('./app');<% if (hasDatabase) { %>
+const db = require('./config/database');<% } %><% if (hasRedis) { %>
+const { connectRedis } = require('./config/redis');<% } %><% if (hasWebsocket) { %>
+const { setupWebSocket } = require('./config/websocket');<% } %>
+const { createLogger } = require('./utils/logger');
+
+const logger = createLogger('Server');
+const port = process.env.PORT || 3000;
+const isPrimary = cluster.isPrimary ?? cluster.isMaster;
+
+const startServer = async () => {
+  if (process.env.NODE_ENV === 'production' && isPrimary) {
+    const numCPUs = os.cpus().length;
+    logger.info(`Master ${process.pid} is running, forking ${numCPUs} workers`);
+
+    for (let i = 0; i < numCPUs; i++) {
+      cluster.fork();
+    }
+
+    cluster.on('exit', (worker, code, signal) => {
+      logger.warn(`Worker ${worker.process.pid} died (code: ${code}, signal: ${signal}). Restarting...`);
+      cluster.fork();
+    });
+  } else {<% if (hasDatabase) { %>
+    await db.connect();<% } %><% if (hasRedis) { %>
+    await connectRedis();<% } %>
+
+<% if (hasWebsocket) { %>    const httpServer = http.createServer(app);
+    const io = setupWebSocket(httpServer);
+    app.set('io', io);
+
+    const server = httpServer.listen(port, () => {<% } else { %>    const server = app.listen(port, () => {<% } %>
+      logger.info(`Worker ${process.pid} running on http://localhost:${port}`);
+      logger.info(`Environment: ${process.env.NODE_ENV || 'development'}`);
+    });
+
+    // Graceful shutdown
+    const shutdown = async (signal) => {
+      logger.info(`${signal} received — shutting down gracefully`);
+      server.close(async () => {<% if (hasDatabase) { %>
+        await db.disconnect();<% } %>
+        process.exit(0);
+      });
+
+      // Force exit after 10s
+      setTimeout(() => {
+        logger.error('Forced shutdown after timeout');
+        process.exit(1);
+      }, 10000);
+    };
+
+    process.on('SIGTERM', () => shutdown('SIGTERM'));
+    process.on('SIGINT', () => shutdown('SIGINT'));
+  }
+};
+
+startServer().catch((err) => {
+  logger.error('Failed to start server', { error: err.message });
+  process.exit(1);
 });

package/templates/core/tsconfig.json.ejs

@@ -0,0 +1,19 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["ES2020"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "tests"]
+}

package/templates/middleware/auth.js.ejs

@@ -1,66 +1,80 @@
-const jwt = require('jsonwebtoken');
-const { AppError } = require('../utils/errors');
-
-const jwtSecret = process.env.JWT_SECRET || 'your-secret-key';
-
-/**
- * Middleware to authenticate JWT tokens
- */
-const authenticateToken = (req, res, next) => {
-  const authHeader = req.headers['authorization'];
-  const token = authHeader && authHeader.split(' ')[1];
-  
-  if (!token) {
-    return next(new AppError('Access token is required', 401));
-  }
-  
-  jwt.verify(token, jwtSecret, (err, decoded) => {
-    if (err) {
-      return next(new AppError('Invalid or expired token', 403));
-    }
-    
-    req.user = decoded;
-    next();
-  });
-};
-
-/**
- * Optional authentication middleware - doesn't require token
- */
-const optionalAuth = (req, res, next) => {
-  const authHeader = req.headers['authorization'];
-  const token = authHeader && authHeader.split(' ')[1];
-  
-  if (token) {
-    jwt.verify(token, jwtSecret, (err, decoded) => {
-      if (!err) {
-        req.user = decoded;
-      }
-    });
-  }
-  
-  next();
-};
-
-/**
- * Middleware to check if user has specific role
- */
-const requireRole = (role) => {
-  return (req, res, next) => {
-    if (!req.user) {
-      return next(new AppError('Authentication required', 401));
-    }
-    
-    if (req.user.role !== role) {
-      return next(new AppError('Insufficient permissions', 403));
-    }
-    
-    next();
-  };
-};
-
-module.exports = {
-  authenticateToken,
-  optionalAuth,
-  requireRole,
-};
+const jwt = require('jsonwebtoken');
+const { AppError } = require('../utils/errors');
+const authService = require('../services/authService');
+
+const authenticateToken = <% if (hasRedis) { %>async <% } %>(req, res, next) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+
+  if (!token) {
+    return next(new AppError('Access token is required', 401));
+  }
+
+<% if (hasRedis) { %>
+  try {
+    const blacklisted = await authService.isTokenBlacklisted(token);
+    if (blacklisted) {
+      return next(new AppError('Token has been revoked', 401));
+    }
+  } catch {
+    return next(new AppError('Token validation failed', 500));
+  }
+<% } else { %>
+  if (authService.isTokenBlacklisted(token)) {
+    return next(new AppError('Token has been revoked', 401));
+  }
+<% } %>
+
+  jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
+    if (err) {
+      return next(new AppError('Invalid or expired token', 403));
+    }
+    req.user = decoded;
+    next();
+  });
+};
+
+const optionalAuth = <% if (hasRedis) { %>async <% } %>(req, res, next) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+
+<% if (hasRedis) { %>
+  if (token) {
+    try {
+      const blacklisted = await authService.isTokenBlacklisted(token);
+      if (!blacklisted) {
+        jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
+          if (!err) {
+            req.user = decoded;
+          }
+        });
+      }
+    } catch {
+      // Silently skip auth on Redis failure for optional auth
+    }
+  }
+<% } else { %>
+  if (token && !authService.isTokenBlacklisted(token)) {
+    jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
+      if (!err) {
+        req.user = decoded;
+      }
+    });
+  }
+<% } %>
+  next();
+};
+
+const requireRole = (role) => {
+  return (req, res, next) => {
+    if (!req.user) {
+      return next(new AppError('Authentication required', 401));
+    }
+    if (req.user.role !== role) {
+      return next(new AppError('Insufficient permissions', 403));
+    }
+    next();
+  };
+};
+
+module.exports = { authenticateToken, optionalAuth, requireRole };

package/templates/middleware/cache.js.ejs

@@ -0,0 +1,67 @@
+const { redis } = require('../config/redis');
+const { createLogger } = require('../utils/logger');
+
+const logger = createLogger('Cache');
+
+/**
+ * Express middleware that caches JSON responses in Redis.
+ *
+ * Usage:
+ *   router.get('/items', cache(300), controller.list); // 5-minute cache
+ *
+ * Cache key is derived from the request method + original URL.
+ * Only successful (2xx) JSON responses are cached.
+ * Set res.locals.skipCache = true inside a handler to bypass.
+ */
+const cache = (ttlSeconds = 60) => {
+  return async (req, res, next) => {
+    if (req.method !== 'GET') {
+      return next();
+    }
+
+    const key = `cache:${req.originalUrl}`;
+
+    try {
+      const cached = await redis.get(key);
+      if (cached) {
+        logger.debug(`Cache hit: ${key}`);
+        return res.status(200).json(JSON.parse(cached));
+      }
+    } catch (err) {
+      logger.warn('Cache read failed, skipping', { error: err.message });
+    }
+
+    // Intercept res.json to cache the response
+    const originalJson = res.json.bind(res);
+    res.json = (body) => {
+      if (res.statusCode >= 200 && res.statusCode < 300 && !res.locals.skipCache) {
+        redis
+          .set(key, JSON.stringify(body), 'EX', ttlSeconds)
+          .catch((err) => logger.warn('Cache write failed', { error: err.message }));
+      }
+      return originalJson(body);
+    };
+
+    next();
+  };
+};
+
+/**
+ * Invalidate cache entries matching a pattern.
+ *
+ * Usage:
+ *   await invalidateCache('/api/items*');
+ */
+const invalidateCache = async (pattern) => {
+  try {
+    const keys = await redis.keys(`cache:${pattern}`);
+    if (keys.length > 0) {
+      await redis.del(...keys);
+      logger.debug(`Invalidated ${keys.length} cache keys matching ${pattern}`);
+    }
+  } catch (err) {
+    logger.warn('Cache invalidation failed', { error: err.message });
+  }
+};
+
+module.exports = { cache, invalidateCache };

package/templates/middleware/errorHandler.js.ejs

@@ -1,47 +1,51 @@
-
-// templates/middleware/errorHandler.js.ejs
-const { AppError } = require('../utils/errors');
-
-const errorHandler = (err, req, res, next) => {
-  let error = { ...err };
-  error.message = err.message;
-
-  console.error(err);
-
-<% if (db === 'mongodb') { %>  // Mongoose bad ObjectId
-  if (err.name === 'CastError') {
-    const message = 'Resource not found';
-    error = new AppError(message, 404);
-  }
-
-  // Mongoose duplicate key
-  if (err.code === 11000) {
-    const message = 'Duplicate field value entered';
-    error = new AppError(message, 400);
-  }
-
-  // Mongoose validation error
-  if (err.name === 'ValidationError') {
-    const message = Object.values(err.errors).map(val => val.message).join(', ');
-    error = new AppError(message, 400);
-  }<% } %>
-
-<% if (hasDatabase) { %>  // JWT errors
-  if (err.name === 'JsonWebTokenError') {
-    const message = 'Invalid token';
-    error = new AppError(message, 401);
-  }
-
-  if (err.name === 'TokenExpiredError') {
-    const message = 'Token expired';
-    error = new AppError(message, 401);
-  }<% } %>
-
-  res.status(error.statusCode || 500).json({
-    success: false,
-    error: error.message || 'Server Error',
-    ...(process.env.NODE_ENV === 'development' && { stack: err.stack }),
-  });
-};
-
+const { AppError } = require('../utils/errors');
+const { createLogger } = require('../utils/logger');
+
+const logger = createLogger('ErrorHandler');
+
+const errorHandler = (err, req, res, next) => {
+  let error = { ...err };
+  error.message = err.message;
+
+  logger.error(err.message, { stack: err.stack });
+
+<% if (db === 'mongodb') { %>
+  if (err.name === 'CastError') {
+    error = new AppError('Resource not found', 404);
+  }
+
+  if (err.code === 11000) {
+    error = new AppError('Duplicate field value entered', 400);
+  }
+
+  if (err.name === 'ValidationError') {
+    const message = Object.values(err.errors).map((val) => val.message).join(', ');
+    error = new AppError(message, 400);
+  }
+<% } %><% if (db === 'postgresql') { %>
+  if (err.name === 'SequelizeUniqueConstraintError') {
+    error = new AppError('Duplicate field value entered', 400);
+  }
+
+  if (err.name === 'SequelizeValidationError') {
+    const message = err.errors.map((e) => e.message).join(', ');
+    error = new AppError(message, 400);
+  }
+<% } %><% if (hasAuth) { %>
+  if (err.name === 'JsonWebTokenError') {
+    error = new AppError('Invalid token', 401);
+  }
+
+  if (err.name === 'TokenExpiredError') {
+    error = new AppError('Token expired', 401);
+  }
+<% } %>
+
+  res.status(error.statusCode || 500).json({
+    success: false,
+    error: error.message || 'Internal Server Error',
+    ...(process.env.NODE_ENV === 'development' && { stack: err.stack }),
+  });
+};
+
 module.exports = errorHandler;

package/templates/middleware/requestId.js.ejs

@@ -0,0 +1,9 @@
+const { v4: uuidv4 } = require('uuid');
+
+const requestId = (req, res, next) => {
+  req.id = req.headers['x-request-id'] || uuidv4();
+  res.setHeader('X-Request-ID', req.id);
+  next();
+};
+
+module.exports = { requestId };

package/templates/middleware/validation.js.ejs

@@ -1,48 +1,110 @@
-// templates/middleware/validation.js.ejs
-const { AppError } = require('../utils/errors');
-
-const validateEmail = (email) => {
-  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-  return emailRegex.test(email);
-};
-
-const validateLogin = (req, res, next) => {
-  const { email, password } = req.body;
-  
-  if (!email || !password) {
-    return next(new AppError('Email and password are required', 400));
-  }
-  
-  if (!validateEmail(email)) {
-    return next(new AppError('Please provide a valid email address', 400));
-  }
-  
-  next();
-};
-
-const validateRegister = (req, res, next) => {
-  const { username, email, password } = req.body;
-  
-  if (!username || !email || !password) {
-    return next(new AppError('Username, email, and password are required', 400));
-  }
-  
-  if (username.length < 3 || username.length > 50) {
-    return next(new AppError('Username must be between 3 and 50 characters', 400));
-  }
-  
-  if (!validateEmail(email)) {
-    return next(new AppError('Please provide a valid email address', 400));
-  }
-  
-  if (password.length < 6) {
-    return next(new AppError('Password must be at least 6 characters long', 400));
-  }
-  
-  next();
-};
-
-module.exports = {
-  validateLogin,
-  validateRegister,
+const { z } = require('zod');
+const validator = require('validator');
+const { AppError } = require('../utils/errors');
+
+/**
+ * Generic Zod validation middleware.
+ * Pass a Zod schema for body, query, and/or params.
+ *
+ * Usage:
+ *   router.post('/users', validate({ body: createUserSchema }), controller.create);
+ */
+const validate = (schemas) => (req, res, next) => {
+  const errors = [];
+
+  for (const [source, schema] of Object.entries(schemas)) {
+    const result = schema.safeParse(req[source]);
+    if (!result.success) {
+      result.error.issues.forEach((issue) => {
+        errors.push(`${source}.${issue.path.join('.')}: ${issue.message}`);
+      });
+    } else {
+      req[source] = result.data; // replace with parsed/transformed data
+    }
+  }
+
+  if (errors.length > 0) {
+    return next(new AppError(errors.join('; '), 400));
+  }
+
+  next();
+};
+
+// ─── Auth Schemas ───────────────────────────────────
+
+const registerSchema = z.object({
+  username: z
+    .string({ required_error: 'Username is required' })
+    .min(3, 'Username must be at least 3 characters')
+    .max(50, 'Username must be at most 50 characters')
+    .transform((val) => validator.escape(val.trim())),
+  email: z
+    .string({ required_error: 'Email is required' })
+    .email('Please provide a valid email address')
+    .transform((val) => validator.normalizeEmail(val) || val),
+  password: z
+    .string({ required_error: 'Password is required' })
+    .min(8, 'Password must be at least 8 characters')
+    .refine(
+      (val) =>
+        validator.isStrongPassword(val, {
+          minLength: 8,
+          minLowercase: 1,
+          minUppercase: 1,
+          minNumbers: 1,
+          minSymbols: 0,
+        }),
+      { message: 'Password must contain uppercase, lowercase, and a number' }
+    ),
+});
+
+const loginSchema = z.object({
+  email: z
+    .string({ required_error: 'Email is required' })
+    .email('Please provide a valid email address')
+    .transform((val) => validator.normalizeEmail(val) || val),
+  password: z.string({ required_error: 'Password is required' }).min(1),
+});
+
+const refreshSchema = z.object({
+  refreshToken: z.string({ required_error: 'Refresh token is required' }).min(1),
+});
+
+const forgotPasswordSchema = z.object({
+  email: z
+    .string({ required_error: 'Email is required' })
+    .email('Please provide a valid email address'),
+});
+
+const resetPasswordSchema = z.object({
+  token: z.string({ required_error: 'Reset token is required' }).min(1),
+  password: z
+    .string({ required_error: 'Password is required' })
+    .min(8, 'Password must be at least 8 characters')
+    .refine(
+      (val) =>
+        validator.isStrongPassword(val, {
+          minLength: 8,
+          minLowercase: 1,
+          minUppercase: 1,
+          minNumbers: 1,
+          minSymbols: 0,
+        }),
+      { message: 'Password must contain uppercase, lowercase, and a number' }
+    ),
+});
+
+// Backward-compatible named validators
+const validateRegister = validate({ body: registerSchema });
+const validateLogin = validate({ body: loginSchema });
+
+module.exports = {
+  validate,
+  registerSchema,
+  loginSchema,
+  refreshSchema,
+  forgotPasswordSchema,
+  resetPasswordSchema,
+  validateRegister,
+  validateLogin,
 };