express-genix 2.0.0 → 3.0.0

package/templates/graphql/resolvers.js.ejs

@@ -0,0 +1,61 @@
+<% if (hasAuth) { %>const bcrypt = require('bcryptjs');
+const authService = require('../services/authService');
+const userService = require('../services/userService');
+<% } %>
+const resolvers = {
+  Query: {
+    hello: () => 'Hello from GraphQL!',
+<% if (hasAuth) { %>
+    me: async (_, __, { user }) => {
+      if (!user) throw new Error('Authentication required');
+      return userService.findById(user.userId);
+    },
+
+    users: async (_, { page = 1, limit = 20 }, { user }) => {
+      if (!user || user.role !== 'admin') throw new Error('Admin access required');
+      return userService.findAll({ page, limit });
+    },
+<% } %>  },
+<% if (hasAuth) { %>
+  Mutation: {
+    register: async (_, { input }) => {
+      const { username, email, password } = input;
+
+      const existing = await userService.findByEmail(email);
+      if (existing) throw new Error('User already exists with this email');
+
+      const hashedPassword = await bcrypt.hash(password, 12);
+      const user = await userService.create({ username, email, password: hashedPassword });
+      const tokens = authService.generateTokens(user);
+
+      return {
+        user: { id: user.id, username: user.username, email: user.email, role: user.role || 'user', createdAt: user.createdAt },
+        ...tokens,
+      };
+    },
+
+    login: async (_, { input }) => {
+      const { email, password } = input;
+
+      const user = await userService.findByEmail(email);
+      if (!user) throw new Error('Invalid credentials');
+
+      const valid = await bcrypt.compare(password, user.password);
+      if (!valid) throw new Error('Invalid credentials');
+
+      const tokens = authService.generateTokens(user);
+
+      return {
+        user: { id: user.id, username: user.username, email: user.email, role: user.role || 'user', createdAt: user.createdAt },
+        ...tokens,
+      };
+    },
+
+    updateProfile: async (_, { input }, { user }) => {
+      if (!user) throw new Error('Authentication required');
+      return userService.updateById(user.userId, input);
+    },
+  },
+<% } %>};
+
+module.exports = resolvers;

package/templates/graphql/typeDefs.js.ejs

@@ -0,0 +1,53 @@
+const gql = require('graphql-tag');
+
+const typeDefs = gql`
+  type Query {
+    hello: String
+<% if (hasAuth) { %>    me: User
+    users(page: Int, limit: Int): UserList
+<% } %>  }
+
+<% if (hasAuth) { %>  type Mutation {
+    register(input: RegisterInput!): AuthPayload
+    login(input: LoginInput!): AuthPayload
+    updateProfile(input: UpdateProfileInput!): User
+  }
+
+  type User {
+    id: ID!
+    username: String!
+    email: String!
+    role: String!
+    createdAt: String!
+  }
+
+  type UserList {
+    users: [User!]!
+    total: Int!
+    page: Int!
+    totalPages: Int!
+  }
+
+  type AuthPayload {
+    user: User!
+    accessToken: String!
+    refreshToken: String!
+  }
+
+  input RegisterInput {
+    username: String!
+    email: String!
+    password: String!
+  }
+
+  input LoginInput {
+    email: String!
+    password: String!
+  }
+
+  input UpdateProfileInput {
+    username: String
+  }
+<% } %>`;
+
+module.exports = typeDefs;

package/templates/jobs/worker.js.ejs

@@ -0,0 +1,60 @@
+const { Worker } = require('bullmq');
+const { redisConnection } = require('../config/queue');
+const logger = require('../utils/logger');
+
+// Email job processor
+const emailProcessor = async (job) => {
+  logger.info(`Processing email job: ${job.name} (${job.id})`);
+
+  switch (job.name) {
+    case 'send-welcome':
+      // TODO: Integrate with your email service
+      logger.info(`Sending welcome email to ${job.data.email}`);
+      break;
+    case 'send-reset':
+      logger.info(`Sending password reset email to ${job.data.email}`);
+      break;
+    default:
+      logger.warn(`Unknown email job: ${job.name}`);
+  }
+};
+
+// Default job processor
+const defaultProcessor = async (job) => {
+  logger.info(`Processing job: ${job.name} (${job.id})`, job.data);
+
+  switch (job.name) {
+    case 'cleanup':
+      logger.info('Running cleanup task...');
+      break;
+    default:
+      logger.warn(`Unknown job: ${job.name}`);
+  }
+};
+
+const startWorkers = () => {
+  const emailWorker = new Worker('email', emailProcessor, {
+    connection: redisConnection,
+    concurrency: 5,
+  });
+
+  const defaultWorker = new Worker('default', defaultProcessor, {
+    connection: redisConnection,
+    concurrency: 3,
+  });
+
+  [emailWorker, defaultWorker].forEach((worker) => {
+    worker.on('completed', (job) => {
+      logger.info(`Job completed: ${job.name} (${job.id})`);
+    });
+
+    worker.on('failed', (job, err) => {
+      logger.error(`Job failed: ${job.name} (${job.id}) — ${err.message}`);
+    });
+  });
+
+  logger.info('Background workers started');
+  return { emailWorker, defaultWorker };
+};
+
+module.exports = { startWorkers };

package/templates/middleware/auditLog.js.ejs

@@ -0,0 +1,62 @@
+const logger = require('../utils/logger');
+
+/**
+ * Audit Logging Middleware
+ *
+ * Tracks API requests with user context, action, and resource details.
+ * Logs are written via the configured logger (Winston/Pino).
+ *
+ * Usage:
+ *   router.post('/users', authenticateToken, auditLog('CREATE_USER'), handler);
+ *   app.use(auditLog()); // log all requests
+ */
+
+const auditLog = (action) => (req, res, next) => {
+  const startTime = Date.now();
+
+  // Capture response on finish
+  const originalEnd = res.end;
+  res.end = function (...args) {
+    const duration = Date.now() - startTime;
+
+    const auditEntry = {
+      type: 'AUDIT',
+      action: action || `${req.method} ${req.route ? req.route.path : req.path}`,
+      method: req.method,
+      path: req.originalUrl,
+      statusCode: res.statusCode,
+      duration: `${duration}ms`,
+      ip: req.ip,
+      userAgent: req.get('user-agent'),
+      userId: req.user ? req.user.userId : 'anonymous',
+      username: req.user ? req.user.username : 'anonymous',
+      requestId: req.id || req.headers['x-request-id'] || null,
+      timestamp: new Date().toISOString(),
+    };
+
+    // Don't log request/response bodies in production for security
+    if (process.env.NODE_ENV !== 'production') {
+      if (req.body && Object.keys(req.body).length > 0) {
+        // Redact sensitive fields
+        const safeBody = { ...req.body };
+        const sensitiveFields = ['password', 'token', 'refreshToken', 'secret', 'creditCard'];
+        sensitiveFields.forEach((field) => {
+          if (safeBody[field]) safeBody[field] = '[REDACTED]';
+        });
+        auditEntry.requestBody = safeBody;
+      }
+    }
+
+    if (res.statusCode >= 400) {
+      logger.warn(auditEntry);
+    } else {
+      logger.info(auditEntry);
+    }
+
+    originalEnd.apply(res, args);
+  };
+
+  next();
+};
+
+module.exports = { auditLog };

package/templates/middleware/metrics.js.ejs

@@ -0,0 +1,65 @@
+const client = require('prom-client');
+
+// Create a Registry
+const register = new client.Registry();
+
+// Add default metrics (event loop lag, heap size, etc.)
+client.collectDefaultMetrics({ register });
+
+// Custom metrics
+const httpRequestDuration = new client.Histogram({
+  name: 'http_request_duration_seconds',
+  help: 'Duration of HTTP requests in seconds',
+  labelNames: ['method', 'route', 'status_code'],
+  buckets: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10],
+});
+register.registerMetric(httpRequestDuration);
+
+const httpRequestTotal = new client.Counter({
+  name: 'http_requests_total',
+  help: 'Total number of HTTP requests',
+  labelNames: ['method', 'route', 'status_code'],
+});
+register.registerMetric(httpRequestTotal);
+
+const activeConnections = new client.Gauge({
+  name: 'http_active_connections',
+  help: 'Number of active HTTP connections',
+});
+register.registerMetric(activeConnections);
+
+/**
+ * Metrics middleware — tracks request duration, count, and active connections.
+ */
+const metricsMiddleware = (req, res, next) => {
+  // Skip metrics endpoint itself
+  if (req.path === '/metrics') return next();
+
+  activeConnections.inc();
+  const end = httpRequestDuration.startTimer();
+
+  res.on('finish', () => {
+    const route = req.route ? req.route.path : req.path;
+    const labels = {
+      method: req.method,
+      route,
+      status_code: res.statusCode,
+    };
+
+    end(labels);
+    httpRequestTotal.inc(labels);
+    activeConnections.dec();
+  });
+
+  next();
+};
+
+/**
+ * GET /metrics handler — returns Prometheus-formatted metrics.
+ */
+const metricsEndpoint = async (req, res) => {
+  res.set('Content-Type', register.contentType);
+  res.end(await register.metrics());
+};
+
+module.exports = { metricsMiddleware, metricsEndpoint, register };

package/templates/middleware/rbac.js.ejs

@@ -0,0 +1,86 @@
+const { AppError } = require('../utils/errors');
+
+/**
+ * Role-Based Access Control (RBAC) Middleware
+ *
+ * Roles hierarchy: admin > moderator > user
+ * Usage:
+ *   router.get('/admin', authenticateToken, requireRole('admin'), handler);
+ *   router.put('/posts/:id', authenticateToken, requirePermission('posts:write'), handler);
+ */
+
+const ROLES = {
+  admin: { level: 3, permissions: ['*'] },
+  moderator: { level: 2, permissions: [
+    'users:read', 'users:list',
+    'posts:read', 'posts:write', 'posts:delete',
+    'comments:read', 'comments:write', 'comments:delete',
+  ]},
+  user: { level: 1, permissions: [
+    'users:read',
+    'posts:read', 'posts:write',
+    'comments:read', 'comments:write',
+  ]},
+};
+
+const hasPermission = (role, permission) => {
+  const config = ROLES[role];
+  if (!config) return false;
+  if (config.permissions.includes('*')) return true;
+  return config.permissions.includes(permission);
+};
+
+/**
+ * Require a minimum role level.
+ * @param {...string} roles - Allowed roles (e.g., 'admin', 'moderator')
+ */
+const requireRole = (...roles) => (req, res, next) => {
+  if (!req.user) {
+    return next(new AppError('Authentication required', 401));
+  }
+
+  const userRole = req.user.role || 'user';
+  if (!roles.includes(userRole)) {
+    return next(new AppError(`Role '${userRole}' is not authorized. Required: ${roles.join(' or ')}`, 403));
+  }
+
+  next();
+};
+
+/**
+ * Require a specific permission.
+ * @param {string} permission - e.g., 'users:write', 'posts:delete'
+ */
+const requirePermission = (permission) => (req, res, next) => {
+  if (!req.user) {
+    return next(new AppError('Authentication required', 401));
+  }
+
+  const userRole = req.user.role || 'user';
+  if (!hasPermission(userRole, permission)) {
+    return next(new AppError(`Permission '${permission}' denied for role '${userRole}'`, 403));
+  }
+
+  next();
+};
+
+/**
+ * Require ownership OR a specific role.
+ * Checks req.params[paramName] === req.user.userId, or falls back to role check.
+ */
+const requireOwnerOrRole = (paramName = 'id', ...roles) => (req, res, next) => {
+  if (!req.user) {
+    return next(new AppError('Authentication required', 401));
+  }
+
+  const isOwner = req.params[paramName] === req.user.userId;
+  const userRole = req.user.role || 'user';
+
+  if (isOwner || roles.includes(userRole)) {
+    return next();
+  }
+
+  return next(new AppError('Not authorized to access this resource', 403));
+};
+
+module.exports = { requireRole, requirePermission, requireOwnerOrRole, hasPermission, ROLES };

package/templates/middleware/upload.js.ejs

@@ -0,0 +1,50 @@
+const multer = require('multer');
+const path = require('path');
+const crypto = require('crypto');
+const { AppError } = require('../utils/errors');
+
+// Allowed MIME types
+const ALLOWED_TYPES = {
+  image: ['image/jpeg', 'image/png', 'image/gif', 'image/webp'],
+  document: ['application/pdf', 'application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document'],
+  any: null, // allow all
+};
+
+// Storage configuration
+const storage = multer.diskStorage({
+  destination: (req, file, cb) => {
+    cb(null, path.join(process.cwd(), process.env.UPLOAD_DIR || 'uploads'));
+  },
+  filename: (req, file, cb) => {
+    const uniqueSuffix = crypto.randomBytes(16).toString('hex');
+    const ext = path.extname(file.originalname).toLowerCase();
+    cb(null, `${uniqueSuffix}${ext}`);
+  },
+});
+
+const createUpload = (options = {}) => {
+  const {
+    maxSize = parseInt(process.env.UPLOAD_MAX_SIZE, 10) || 5 * 1024 * 1024, // 5MB
+    allowedTypes = 'image',
+  } = options;
+
+  const allowedMimes = ALLOWED_TYPES[allowedTypes];
+
+  return multer({
+    storage,
+    limits: { fileSize: maxSize },
+    fileFilter: (req, file, cb) => {
+      if (allowedMimes && !allowedMimes.includes(file.mimetype)) {
+        return cb(new AppError(`File type '${file.mimetype}' not allowed. Allowed: ${allowedMimes.join(', ')}`, 400));
+      }
+      cb(null, true);
+    },
+  });
+};
+
+// Pre-configured upload instances
+const uploadImage = createUpload({ allowedTypes: 'image' });
+const uploadDocument = createUpload({ allowedTypes: 'document', maxSize: 10 * 1024 * 1024 });
+const uploadAny = createUpload({ allowedTypes: 'any', maxSize: 10 * 1024 * 1024 });
+
+module.exports = { createUpload, uploadImage, uploadDocument, uploadAny };

package/templates/models/User.mongo.js.ejs

@@ -22,9 +22,38 @@ const userSchema = new mongoose.Schema({
     required: [true, 'Password is required'],
     minlength: [8, 'Password must be at least 8 characters long'],
   },
+  role: {
+    type: String,
+    enum: ['user', 'moderator', 'admin'],
+    default: 'user',
+  },<% if (hasSoftDelete) { %>
+  deletedAt: {
+    type: Date,
+    default: null,
+    index: true,
+  },<% } %>
 }, {
   timestamps: true,
 });
+<% if (hasSoftDelete) { %>
+// Soft delete: exclude deleted documents by default
+userSchema.pre(/^find/, function (next) {
+  if (!this.getQuery().includeDeleted) {
+    this.where({ deletedAt: null });
+  } else {
+    delete this.getQuery().includeDeleted;
+  }
+  next();
+});
 
+userSchema.methods.softDelete = function () {
+  this.deletedAt = new Date();
+  return this.save();
+};
 
+userSchema.methods.restore = function () {
+  this.deletedAt = null;
+  return this.save();
+};
+<% } %>
 module.exports = mongoose.model('User', userSchema);

package/templates/models/User.postgres.js.ejs

@@ -33,8 +33,14 @@ const User = sequelize.define('User', {
       notEmpty: true,
     },
   },
+  role: {
+    type: DataTypes.ENUM('user', 'moderator', 'admin'),
+    defaultValue: 'user',
+    allowNull: false,
+  },
 }, {
-  timestamps: true,
+  timestamps: true,<% if (hasSoftDelete) { %>
+  paranoid: true, // Enables soft deletes (adds deletedAt column)<% } %>
   tableName: 'users',
 });
 

package/templates/routes/adminRoutes.js.ejs

@@ -0,0 +1,150 @@
+const express = require('express');
+const adminController = require('../controllers/adminController');
+const { authenticateToken } = require('../middleware/auth');
+const { requireRole } = require('../middleware/rbac');
+
+const router = express.Router();
+
+/**
+ * @swagger
+ * /admin/users:
+ *   get:
+ *     summary: List all users (admin only)
+ *     tags: [Admin]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: query
+ *         name: page
+ *         schema:
+ *           type: integer
+ *           default: 1
+ *       - in: query
+ *         name: limit
+ *         schema:
+ *           type: integer
+ *           default: 20
+ *     responses:
+ *       200:
+ *         description: List of users
+ *       403:
+ *         description: Forbidden — admin role required
+ */
+router.get('/users', authenticateToken, requireRole('admin'), adminController.listUsers);
+
+/**
+ * @swagger
+ * /admin/users/{id}:
+ *   get:
+ *     summary: Get user by ID (admin only)
+ *     tags: [Admin]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: id
+ *         required: true
+ *         schema:
+ *           type: string
+ *     responses:
+ *       200:
+ *         description: User details
+ *       404:
+ *         description: User not found
+ */
+router.get('/users/:id', authenticateToken, requireRole('admin', 'moderator'), adminController.getUserById);
+
+/**
+ * @swagger
+ * /admin/users/{id}/role:
+ *   patch:
+ *     summary: Update user role (admin only)
+ *     tags: [Admin]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: id
+ *         required: true
+ *         schema:
+ *           type: string
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             required:
+ *               - role
+ *             properties:
+ *               role:
+ *                 type: string
+ *                 enum: [user, moderator, admin]
+ *                 example: moderator
+ *     responses:
+ *       200:
+ *         description: Role updated
+ *       400:
+ *         description: Invalid role
+ */
+router.patch('/users/:id/role', authenticateToken, requireRole('admin'), adminController.updateUserRole);
+
+/**
+ * @swagger
+ * /admin/users/{id}:
+ *   delete:
+ *     summary: Delete a user (admin only)
+ *     tags: [Admin]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: id
+ *         required: true
+ *         schema:
+ *           type: string
+ *     responses:
+ *       200:
+ *         description: User deleted
+ *       400:
+ *         description: Cannot delete own account
+ */
+router.delete('/users/:id', authenticateToken, requireRole('admin'), adminController.deleteUser);
+<% if (hasSoftDelete) { %>
+/**
+ * @swagger
+ * /admin/users/{id}/restore:
+ *   post:
+ *     summary: Restore a soft-deleted user (admin only)
+ *     tags: [Admin]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: id
+ *         required: true
+ *         schema:
+ *           type: string
+ *     responses:
+ *       200:
+ *         description: User restored
+ *       404:
+ *         description: User not found or not deleted
+ */
+router.post('/users/:id/restore', authenticateToken, requireRole('admin'), adminController.restoreUser);
+
+/**
+ * @swagger
+ * /admin/users/deleted:
+ *   get:
+ *     summary: List soft-deleted users (admin only)
+ *     tags: [Admin]
+ *     security:
+ *       - bearerAuth: []
+ *     responses:
+ *       200:
+ *         description: List of deleted users
+ */
+router.get('/users/deleted', authenticateToken, requireRole('admin'), adminController.listDeletedUsers);
+<% } %>
+module.exports = router;

package/templates/routes/index.js.ejs

@@ -1,14 +1,20 @@
 const express = require('express');
 <% if (hasAuth) { %>const authRoutes = require('./authRoutes');
 const userRoutes = require('./userRoutes');
+const adminRoutes = require('./adminRoutes');
 <% } else { %>const exampleRoutes = require('./exampleRoutes');
+<% } %><% if (hasFileUpload) { %>const uploadRoutes = require('./uploadRoutes');
+<% } %><% if (hasBackgroundJobs) { %>const jobRoutes = require('./jobRoutes');
 <% } %>
 
 const router = express.Router();
 
 <% if (hasAuth) { %>router.use('/auth', authRoutes);
 router.use('/users', userRoutes);
+router.use('/admin', adminRoutes);
 <% } else { %>router.use('/examples', exampleRoutes);
+<% } %><% if (hasFileUpload) { %>router.use('/uploads', uploadRoutes);
+<% } %><% if (hasBackgroundJobs) { %>router.use('/jobs', jobRoutes);
 <% } %>
 
 /**