farheen-psql 1.0.0

package/migrations/1781264731432_create-users-table.js

@@ -0,0 +1,37 @@
+/**
+ * @type {import('node-pg-migrate').ColumnDefinitions | undefined}
+ */
+export const shorthands = undefined;
+
+/**
+ * @param pgm {import('node-pg-migrate').MigrationBuilder}
+ * @param run {() => void | undefined}
+ * @returns {Promise<void> | void}
+ */
+export const up = (pgm) => {
+  pgm.createTable('users', {
+    id: 'id',
+    name: { type: 'varchar(100)', notNull: true },
+    email: { type: 'varchar(100)', notNull: true, unique: true },
+    age: { type: 'integer' },
+    created_at: {
+      type: 'timestamp',
+      notNull: true,
+      default: pgm.func('current_timestamp'),
+    },
+    updated_at: {
+      type: 'timestamp',
+      notNull: true,
+      default: pgm.func('current_timestamp'),
+    },
+  });
+};
+
+/**
+ * @param pgm {import('node-pg-migrate').MigrationBuilder}
+ * @param run {() => void | undefined}
+ * @returns {Promise<void> | void}
+ */
+export const down = (pgm) => {
+  pgm.dropTable('users');
+};

package/migrations/1781340925498_add-password-and-role-to-users.js

@@ -0,0 +1,26 @@
+/**
+ * @type {import('node-pg-migrate').ColumnDefinitions | undefined}
+ */
+export const shorthands = undefined;
+
+/**
+ * @param pgm {import('node-pg-migrate').MigrationBuilder}
+ * @param run {() => void | undefined}
+ * @returns {Promise<void> | void}
+ */
+export const up = (pgm) => {
+  pgm.addColumn('users', {
+    password: { type: 'varchar(255)' },
+    role: { type: 'varchar(50)', default: 'USER', notNull: true }
+  });
+};
+
+/**
+ * @param pgm {import('node-pg-migrate').MigrationBuilder}
+ * @param run {() => void | undefined}
+ * @returns {Promise<void> | void}
+ */
+export const down = (pgm) => {
+  pgm.dropColumn('users', 'password');
+  pgm.dropColumn('users', 'role');
+};

package/migrations/1781365601015_create-rbac-tables.js

@@ -0,0 +1,97 @@
+/**
+ * @type {import('node-pg-migrate').ColumnDefinitions | undefined}
+ */
+export const shorthands = undefined;
+
+/**
+ * @param pgm {import('node-pg-migrate').MigrationBuilder}
+ * @param run {() => void | undefined}
+ * @returns {Promise<void> | void}
+ */
+export const up = (pgm) => {
+  // 1. Create `roles` table
+  pgm.createTable('roles', {
+    id: { type: 'serial', primaryKey: true },
+    name: { type: 'varchar(50)', notNull: true, unique: true },
+    created_at: {
+      type: 'timestamp',
+      notNull: true,
+      default: pgm.func('current_timestamp'),
+    },
+  });
+
+  // 2. Create `permissions` table
+  pgm.createTable('permissions', {
+    id: { type: 'serial', primaryKey: true },
+    module: { type: 'varchar(50)', notNull: true },
+    action: { type: 'varchar(50)', notNull: true },
+    created_at: {
+      type: 'timestamp',
+      notNull: true,
+      default: pgm.func('current_timestamp'),
+    },
+  });
+
+  // Unique constraint to prevent duplicate permissions for the same module/action
+  pgm.addConstraint('permissions', 'unique_module_action', {
+    unique: ['module', 'action'],
+  });
+
+  // 3. Create `role_permissions` join table
+  pgm.createTable('role_permissions', {
+    role_id: {
+      type: 'integer',
+      notNull: true,
+      references: '"roles"',
+      onDelete: 'CASCADE',
+    },
+    permission_id: {
+      type: 'integer',
+      notNull: true,
+      references: '"permissions"',
+      onDelete: 'CASCADE',
+    },
+  });
+
+  // A role can only have a specific permission once
+  pgm.addConstraint('role_permissions', 'unique_role_permission', {
+    unique: ['role_id', 'permission_id'],
+  });
+
+  // 4. Update `users` table: add `role_id` and drop `role` string
+  pgm.addColumn('users', {
+    role_id: {
+      type: 'integer',
+      notNull: false, // nullable because roles might be empty initially
+      references: '"roles"',
+      onDelete: 'SET NULL',
+    },
+  });
+
+  // Finally drop the old string column
+  pgm.dropColumn('users', 'role');
+};
+
+/**
+ * @param pgm {import('node-pg-migrate').MigrationBuilder}
+ * @param run {() => void | undefined}
+ * @returns {Promise<void> | void}
+ */
+export const down = (pgm) => {
+  // Add back the `role` column
+  pgm.addColumn('users', {
+    role: {
+      type: 'varchar(50)',
+      notNull: false,
+    },
+  });
+
+  // Make it not null and drop role_id
+  pgm.alterColumn('users', 'role', { notNull: true, default: 'USER' });
+  pgm.dropColumn('users', 'role_id');
+
+  // Drop tables
+  pgm.dropTable('role_permissions');
+  pgm.dropTable('permissions');
+  pgm.dropTable('roles');
+};

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "farheen-psql",
+  "version": "1.0.0",
+  "type": "module",
+  "main": "server.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node src/server.js",
+    "dev": "nodemon src/server.js",
+    "db:setup": "node scripts/setupDb.js",
+    "migrate": "node-pg-migrate",
+    "migrate:create": "node-pg-migrate create"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "bcrypt": "^6.0.0",
+    "cors": "^2.8.6",
+    "dotenv": "^17.4.2",
+    "express": "^5.2.1",
+    "jsonwebtoken": "^9.0.3",
+    "node-pg-migrate": "^8.0.4",
+    "pg": "^8.21.0",
+    "sequelize": "^6.37.8"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.14"
+  }
+}

package/scripts/setupDb.js

@@ -0,0 +1,42 @@
+import pg from 'pg';
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+const { Client } = pg;
+
+const setupDb = async () => {
+  // Connect to the default database (e.g., 'postgres') first to create the target db if needed
+  const adminClient = new Client({
+    user: process.env.DB_USER,
+    host: process.env.DB_HOST,
+    password: process.env.DB_PASSWORD,
+    port: process.env.DB_PORT || 5432,
+    database: 'postgres',
+  });
+
+  try {
+    await adminClient.connect();
+    console.log('Connected to admin database.');
+
+    const dbName = process.env.DB_NAME;
+
+    // Check if the database exists
+    const checkDbQuery = `SELECT 1 FROM pg_database WHERE datname = '${dbName}'`;
+    const checkDbResult = await adminClient.query(checkDbQuery);
+
+    if (checkDbResult.rowCount === 0) {
+      console.log(`Database '${dbName}' does not exist. Creating...`);
+      await adminClient.query(`CREATE DATABASE ${dbName}`);
+      console.log(`Database '${dbName}' created successfully.`);
+    } else {
+      console.log(`Database '${dbName}' already exists.`);
+    }
+  } catch (error) {
+    console.error('Error checking/creating database:', error);
+  } finally {
+    await adminClient.end();
+  }
+};
+
+setupDb();

package/src/app.js

@@ -0,0 +1,19 @@
+import express from 'express';
+import cors from 'cors';
+import routes from './routes/routes.js';
+
+const app = express();
+
+// Middleware
+app.use(cors());
+app.use(express.json());
+
+// Routes
+app.use('/api', routes);
+
+// Basic health check endpoint
+app.get('/health', (req, res) => {
+  res.status(200).json({ status: 'ok', message: 'Server is healthy' });
+});
+
+export default app;

package/src/config/db.js

@@ -0,0 +1,18 @@
+import { Sequelize } from 'sequelize';
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+const sequelize = new Sequelize(
+  process.env.DB_NAME,
+  process.env.DB_USER,
+  process.env.DB_PASSWORD,
+  {
+    host: process.env.DB_HOST,
+    dialect: 'postgres',
+    port: process.env.DB_PORT || 5432,
+    logging: false, // Set to console.log to see SQL queries
+  }
+);
+
+export default sequelize;

package/src/constants/actions.js

@@ -0,0 +1,6 @@
+export const ACTIONS = {
+  CREATE: 'CREATE',
+  READ: 'READ',
+  UPDATE: 'UPDATE',
+  DELETE: 'DELETE',
+};

package/src/constants/modules.js

@@ -0,0 +1,4 @@
+export const MODULES = {
+  USERS: 'USERS',
+  POSTS: 'POSTS', // Example for future
+};

package/src/constants/roles.js

@@ -0,0 +1,4 @@
+export const ROLES = {
+  ADMIN: 'ADMIN',
+  USER: 'USER',
+};

package/src/controllers/authController.js

@@ -0,0 +1,25 @@
+import * as authService from '../services/authService.js';
+
+export const register = async (req, res) => {
+  try {
+    const user = await authService.register(req.body);
+    res.status(201).json(user);
+  } catch (error) {
+    console.error('Registration error:', error);
+    res.status(400).json({ error: error.message || 'Registration failed' });
+  }
+};
+
+export const login = async (req, res) => {
+  try {
+    const { email, password } = req.body;
+    if (!email || !password) {
+      return res.status(400).json({ error: 'Email and password are required' });
+    }
+    const result = await authService.login(email, password);
+    res.status(200).json(result);
+  } catch (error) {
+    console.error('Login error:', error);
+    res.status(401).json({ error: error.message || 'Login failed' });
+  }
+};

package/src/controllers/permissionController.js

@@ -0,0 +1,69 @@
+import * as permissionService from '../services/permissionService.js';
+
+export const getAllPermissions = async (req, res) => {
+  try {
+    const permissions = await permissionService.getAllPermissions();
+    res.status(200).json(permissions);
+  } catch (error) {
+    console.error('Error fetching permissions:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const getPermissionById = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const permission = await permissionService.getPermissionById(id);
+    if (!permission) {
+      return res.status(404).json({ error: 'Permission not found' });
+    }
+    res.status(200).json(permission);
+  } catch (error) {
+    console.error('Error fetching permission:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const createPermission = async (req, res) => {
+  try {
+    const { module, action } = req.body;
+    if (!module || !action) {
+      return res.status(400).json({ error: 'module and action are required' });
+    }
+    const newPermission = await permissionService.createPermission({ module, action });
+    res.status(201).json(newPermission);
+  } catch (error) {
+    console.error('Error creating permission:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const updatePermission = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const { module, action } = req.body;
+    
+    const updatedPermission = await permissionService.updatePermission(id, { module, action });
+    if (!updatedPermission) {
+      return res.status(404).json({ error: 'Permission not found' });
+    }
+    res.status(200).json(updatedPermission);
+  } catch (error) {
+    console.error('Error updating permission:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const deletePermission = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const deletedPermission = await permissionService.deletePermission(id);
+    if (!deletedPermission) {
+      return res.status(404).json({ error: 'Permission not found' });
+    }
+    res.status(200).json({ message: 'Permission deleted successfully', permission: deletedPermission });
+  } catch (error) {
+    console.error('Error deleting permission:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};

package/src/controllers/roleController.js

@@ -0,0 +1,104 @@
+import * as roleService from '../services/roleService.js';
+
+export const getAllRoles = async (req, res) => {
+  try {
+    const roles = await roleService.getAllRoles();
+    res.status(200).json(roles);
+  } catch (error) {
+    console.error('Error fetching roles:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const getRoleById = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const role = await roleService.getRoleById(id);
+    if (!role) {
+      return res.status(404).json({ error: 'Role not found' });
+    }
+    res.status(200).json(role);
+  } catch (error) {
+    console.error('Error fetching role:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const createRole = async (req, res) => {
+  try {
+    const { name } = req.body;
+    if (!name) {
+      return res.status(400).json({ error: 'Role name is required' });
+    }
+    const newRole = await roleService.createRole({ name });
+    res.status(201).json(newRole);
+  } catch (error) {
+    console.error('Error creating role:', error);
+    if (error.message === 'Role name already exists') {
+      return res.status(400).json({ error: error.message });
+    }
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const updateRole = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const { name } = req.body;
+    
+    const updatedRole = await roleService.updateRole(id, { name });
+    if (!updatedRole) {
+      return res.status(404).json({ error: 'Role not found' });
+    }
+    res.status(200).json(updatedRole);
+  } catch (error) {
+    console.error('Error updating role:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const deleteRole = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const deletedRole = await roleService.deleteRole(id);
+    if (!deletedRole) {
+      return res.status(404).json({ error: 'Role not found' });
+    }
+    res.status(200).json({ message: 'Role deleted successfully', role: deletedRole });
+  } catch (error) {
+    console.error('Error deleting role:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+// Custom controller to assign multiple permissions to a single role
+export const assignPermissions = async (req, res) => {
+  try {
+    const { id } = req.params; // Role ID
+    const { permissionIds } = req.body; // Array of Permission IDs
+    
+    if (!Array.isArray(permissionIds)) {
+      return res.status(400).json({ error: 'permissionIds must be an array of integers' });
+    }
+
+    const updatedRolePermissions = await roleService.assignPermissions(id, permissionIds);
+    res.status(200).json({ message: 'Permissions assigned', permissions: updatedRolePermissions });
+  } catch (error) {
+    console.error('Error assigning permissions:', error);
+    if (error.message === 'Role not found') {
+      return res.status(404).json({ error: error.message });
+    }
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const getRolePermissions = async (req, res) => {
+  try {
+    const { id } = req.params; // Role ID
+    const permissions = await roleService.getRolePermissions(id);
+    res.status(200).json(permissions);
+  } catch (error) {
+    console.error('Error fetching role permissions:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};

package/src/controllers/userController.js

@@ -0,0 +1,76 @@
+import * as userService from '../services/userService.js';
+
+export const getAllUsers = async (req, res) => {
+  try {
+    const users = await userService.getAllUsers();
+    res.status(200).json(users);
+  } catch (error) {
+    console.error('Error fetching users:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const getUserById = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const user = await userService.getUserById(id);
+    if (!user) {
+      return res.status(404).json({ error: 'User not found' });
+    }
+    res.status(200).json(user);
+  } catch (error) {
+    console.error('Error fetching user:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const createUser = async (req, res) => {
+  try {
+    const { name, email, age } = req.body;
+    if (!name || !email) {
+      return res.status(400).json({ error: 'Name and email are required' });
+    }
+    const newUser = await userService.createUser({ name, email, age });
+    res.status(201).json(newUser);
+  } catch (error) {
+    console.error('Error creating user:', error);
+    // Handle specific service errors
+    if (error.message === 'Age cannot be negative') {
+      return res.status(400).json({ error: error.message });
+    }
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const updateUser = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const { name, email, age } = req.body;
+    
+    const updatedUser = await userService.updateUser(id, { name, email, age });
+    if (!updatedUser) {
+      return res.status(404).json({ error: 'User not found' });
+    }
+    res.status(200).json(updatedUser);
+  } catch (error) {
+    console.error('Error updating user:', error);
+    if (error.message === 'Age cannot be negative') {
+      return res.status(400).json({ error: error.message });
+    }
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};
+
+export const deleteUser = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const deletedUser = await userService.deleteUser(id);
+    if (!deletedUser) {
+      return res.status(404).json({ error: 'User not found' });
+    }
+    res.status(200).json({ message: 'User deleted successfully', user: deletedUser });
+  } catch (error) {
+    console.error('Error deleting user:', error);
+    res.status(500).json({ error: 'Internal Server Error' });
+  }
+};

package/src/middlewares/authMiddleware.js

@@ -0,0 +1,19 @@
+import jwt from 'jsonwebtoken';
+
+export const authMiddleware = (req, res, next) => {
+  const authHeader = req.headers.authorization;
+
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return res.status(401).json({ error: 'Unauthorized: No token provided' });
+  }
+
+  const token = authHeader.split(' ')[1];
+
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET || 'secret');
+    req.user = decoded;
+    next();
+  } catch (error) {
+    return res.status(401).json({ error: 'Unauthorized: Invalid token' });
+  }
+};

package/src/middlewares/authorizeMiddleware.js

@@ -0,0 +1,20 @@
+import { ROLES } from '../constants/roles.js';
+
+export const authorizeMiddleware = (moduleName, actionName) => {
+  return (req, res, next) => {
+    // Ensure the user exists and has permissions attached (from token)
+    if (!req.user || !req.user.permissions) {
+      return res.status(401).json({ error: 'Unauthorized: User permissions not found' });
+    }
+
+    const requiredPermission = `${moduleName}:${actionName}`;
+    
+    // Check if the user's token permissions array includes the required one
+    if (!req.user.permissions.includes(requiredPermission)) {
+      return res.status(403).json({ error: `Forbidden: Missing '${requiredPermission}' permission` });
+    }
+
+    // Passed all checks!
+    next();
+  };
+};

package/src/models/Permission.js

@@ -0,0 +1,27 @@
+import { DataTypes } from 'sequelize';
+import sequelize from '../config/db.js';
+
+// This is exactly like mongoose.Schema({ ... })
+const Permission = sequelize.define('Permission', {
+  module: {
+    type: DataTypes.STRING(50),
+    allowNull: false,
+  },
+  action: {
+    type: DataTypes.STRING(50),
+    allowNull: false,
+  }
+}, {
+  tableName: 'permissions',
+  timestamps: true,
+  createdAt: 'created_at',
+  updatedAt: false,
+  indexes: [
+    {
+      unique: true,
+      fields: ['module', 'action']
+    }
+  ]
+});
+
+export default Permission;

package/src/models/Role.js

@@ -0,0 +1,18 @@
+import { DataTypes } from 'sequelize';
+import sequelize from '../config/db.js';
+
+// This is exactly like mongoose.Schema({ ... })
+const Role = sequelize.define('Role', {
+  name: {
+    type: DataTypes.STRING(50),
+    allowNull: false,
+    unique: true,
+  }
+}, {
+  tableName: 'roles',
+  timestamps: true, // Adds created_at
+  createdAt: 'created_at',
+  updatedAt: false, // We didn't define updated_at for roles
+});
+
+export default Role;

package/src/models/User.js

@@ -0,0 +1,33 @@
+import { DataTypes } from 'sequelize';
+import sequelize from '../config/db.js';
+
+// ---------------------------------------------------------
+// This is exactly like mongoose.Schema({ ... })
+// ---------------------------------------------------------
+const User = sequelize.define('User', {
+  name: {
+    type: DataTypes.STRING(100),
+    allowNull: false, // This is like required: true in Mongoose
+  },
+  email: {
+    type: DataTypes.STRING(100),
+    allowNull: false,
+    unique: true,     // Same as Mongoose unique: true
+  },
+  age: {
+    type: DataTypes.INTEGER,
+  },
+  password: {
+    type: DataTypes.STRING(255),
+  },
+  role_id: {
+    type: DataTypes.INTEGER,
+  }
+}, {
+  tableName: 'users',
+  timestamps: true, // Auto-manages created_at and updated_at
+  createdAt: 'created_at',
+  updatedAt: 'updated_at',
+});
+
+export default User;

package/src/models/index.js

@@ -0,0 +1,29 @@
+import User from './User.js';
+import Role from './Role.js';
+import Permission from './Permission.js';
+
+// ---------------------------------------------------------
+// RELATIONSHIPS
+// ---------------------------------------------------------
+
+// 1 User belongs to 1 Role
+User.belongsTo(Role, { foreignKey: 'role_id' });
+// 1 Role has many Users
+Role.hasMany(User, { foreignKey: 'role_id' });
+
+// Many-to-Many: 1 Role has Many Permissions, and 1 Permission belongs to Many Roles
+Role.belongsToMany(Permission, { 
+  through: 'role_permissions', 
+  foreignKey: 'role_id',
+  otherKey: 'permission_id',
+  timestamps: false 
+});
+Permission.belongsToMany(Role, { 
+  through: 'role_permissions', 
+  foreignKey: 'permission_id',
+  otherKey: 'role_id',
+  timestamps: false 
+});
+
+// Export all models so they can be imported together from this file
+export { User, Role, Permission };

package/src/repositories/permissionRepository.js

@@ -0,0 +1,26 @@
+import { Permission } from '../models/index.js';
+
+export const findAll = async () => {
+  return await Permission.findAll({ order: [['created_at', 'DESC']] });
+};
+
+export const findById = async (id) => {
+  return await Permission.findByPk(id);
+};
+
+export const create = async (permissionData) => {
+  return await Permission.create(permissionData);
+};
+
+export const update = async (id, permissionData) => {
+  const permission = await Permission.findByPk(id);
+  if (!permission) return null;
+  return await permission.update(permissionData);
+};
+
+export const remove = async (id) => {
+  const permission = await Permission.findByPk(id);
+  if (!permission) return null;
+  await permission.destroy();
+  return permission;
+};

package/src/repositories/roleRepository.js

@@ -0,0 +1,51 @@
+import { Role, Permission } from '../models/index.js';
+
+export const findAll = async () => {
+  return await Role.findAll({ order: [['created_at', 'DESC']] });
+};
+
+export const findById = async (id) => {
+  return await Role.findByPk(id);
+};
+
+export const findByName = async (name) => {
+  return await Role.findOne({ where: { name } });
+};
+
+export const create = async (roleData) => {
+  return await Role.create(roleData);
+};
+
+export const update = async (id, roleData) => {
+  const role = await Role.findByPk(id);
+  if (!role) return null;
+  return await role.update(roleData);
+};
+
+export const remove = async (id) => {
+  const role = await Role.findByPk(id);
+  if (!role) return null;
+  await role.destroy();
+  return role;
+};
+
+export const assignPermissionsToRole = async (roleId, permissionIds) => {
+  const role = await Role.findByPk(roleId);
+  if (!role) return null;
+  
+  // Sequelize auto-generates setPermissions for belongsToMany relationships
+  await role.setPermissions(permissionIds);
+  return role;
+};
+
+export const getRolePermissions = async (roleId) => {
+  const role = await Role.findByPk(roleId, {
+    include: [{
+      model: Permission,
+      through: { attributes: [] }
+    }]
+  });
+  
+  if (!role) return [];
+  return role.Permissions;
+};

package/src/repositories/userRepository.js

@@ -0,0 +1,47 @@
+import { User } from '../models/index.js';
+
+export const findAll = async () => {
+  return await User.findAll({ 
+    order: [['created_at', 'DESC']],
+    attributes: { exclude: ['password'] }
+  });
+};
+
+export const findById = async (id) => {
+  return await User.findByPk(id, {
+    attributes: { exclude: ['password'] }
+  });
+};
+
+export const findByEmail = async (email) => {
+  return await User.findOne({ where: { email } });
+};
+
+export const create = async (userData) => {
+  const user = await User.create(userData);
+  const userObj = user.toJSON();
+  delete userObj.password;
+  return userObj;
+};
+
+export const update = async (id, userData) => {
+  const user = await User.findByPk(id);
+  if (!user) return null;
+  
+  await user.update(userData);
+  
+  const userObj = user.toJSON();
+  delete userObj.password;
+  return userObj;
+};
+
+export const remove = async (id) => {
+  const user = await User.findByPk(id);
+  if (!user) return null;
+  
+  await user.destroy();
+  
+  const userObj = user.toJSON();
+  delete userObj.password;
+  return userObj;
+};

package/src/routes/authRoutes.js

@@ -0,0 +1,9 @@
+import express from 'express';
+import * as authController from '../controllers/authController.js';
+
+const router = express.Router();
+
+router.post('/register', authController.register);
+router.post('/login', authController.login);
+
+export default router;

package/src/routes/permissionRoutes.js

@@ -0,0 +1,20 @@
+import express from 'express';
+import * as permissionController from '../controllers/permissionController.js';
+import { authMiddleware } from '../middlewares/authMiddleware.js';
+import { authorizeMiddleware } from '../middlewares/authorizeMiddleware.js';
+import { MODULES } from '../constants/modules.js';
+import { ACTIONS } from '../constants/actions.js';
+
+const router = express.Router();
+
+// Apply authMiddleware to all permission routes
+router.use(authMiddleware);
+
+// Restrict all permission management to users who have PERMISSIONS module permissions
+router.get('/', authorizeMiddleware(MODULES.PERMISSIONS, ACTIONS.READ), permissionController.getAllPermissions);
+router.get('/:id', authorizeMiddleware(MODULES.PERMISSIONS, ACTIONS.READ), permissionController.getPermissionById);
+router.post('/', authorizeMiddleware(MODULES.PERMISSIONS, ACTIONS.CREATE), permissionController.createPermission);
+router.put('/:id', authorizeMiddleware(MODULES.PERMISSIONS, ACTIONS.UPDATE), permissionController.updatePermission);
+router.delete('/:id', authorizeMiddleware(MODULES.PERMISSIONS, ACTIONS.DELETE), permissionController.deletePermission);
+
+export default router;

package/src/routes/roleRoutes.js

@@ -0,0 +1,24 @@
+import express from 'express';
+import * as roleController from '../controllers/roleController.js';
+import { authMiddleware } from '../middlewares/authMiddleware.js';
+import { authorizeMiddleware } from '../middlewares/authorizeMiddleware.js';
+import { MODULES } from '../constants/modules.js';
+import { ACTIONS } from '../constants/actions.js';
+
+const router = express.Router();
+
+// Apply authMiddleware to all role routes
+router.use(authMiddleware);
+
+// Restrict all role management to users who have ROLES module permissions
+router.get('/', authorizeMiddleware(MODULES.ROLES, ACTIONS.READ), roleController.getAllRoles);
+router.get('/:id', authorizeMiddleware(MODULES.ROLES, ACTIONS.READ), roleController.getRoleById);
+router.post('/', authorizeMiddleware(MODULES.ROLES, ACTIONS.CREATE), roleController.createRole);
+router.put('/:id', authorizeMiddleware(MODULES.ROLES, ACTIONS.UPDATE), roleController.updateRole);
+router.delete('/:id', authorizeMiddleware(MODULES.ROLES, ACTIONS.DELETE), roleController.deleteRole);
+
+// Special endpoints for managing permissions of a role
+router.get('/:id/permissions', authorizeMiddleware(MODULES.ROLES, ACTIONS.READ), roleController.getRolePermissions);
+router.post('/:id/permissions', authorizeMiddleware(MODULES.ROLES, ACTIONS.UPDATE), roleController.assignPermissions);
+
+export default router;

package/src/routes/routes.js

@@ -0,0 +1,14 @@
+import express from 'express';
+import authRoutes from './authRoutes.js';
+import userRoutes from './userRoutes.js';
+import roleRoutes from './roleRoutes.js';
+import permissionRoutes from './permissionRoutes.js';
+
+const router = express.Router();
+
+router.use('/auth', authRoutes);
+router.use('/user', userRoutes);
+router.use('/roles', roleRoutes);
+router.use('/permissions', permissionRoutes);
+
+export default router;

package/src/routes/userRoutes.js

@@ -0,0 +1,28 @@
+import express from 'express';
+import * as userController from '../controllers/userController.js';
+import { authMiddleware } from '../middlewares/authMiddleware.js';
+import { authorizeMiddleware } from '../middlewares/authorizeMiddleware.js';
+import { MODULES } from '../constants/modules.js';
+import { ACTIONS } from '../constants/actions.js';
+
+const router = express.Router();
+
+// Apply authMiddleware to all user routes
+router.use(authMiddleware);
+
+// GET all users
+router.get('/', authorizeMiddleware(MODULES.USERS, ACTIONS.READ), userController.getAllUsers);
+
+// GET a user by ID
+router.get('/:id', authorizeMiddleware(MODULES.USERS, ACTIONS.READ), userController.getUserById);
+
+// POST a new user
+router.post('/', authorizeMiddleware(MODULES.USERS, ACTIONS.CREATE), userController.createUser);
+
+// PUT (update) a user
+router.put('/:id', authorizeMiddleware(MODULES.USERS, ACTIONS.UPDATE), userController.updateUser);
+
+// DELETE a user
+router.delete('/:id', authorizeMiddleware(MODULES.USERS, ACTIONS.DELETE), userController.deleteUser);
+
+export default router;

package/src/server.js

@@ -0,0 +1,30 @@
+import app from './app.js';
+import dotenv from 'dotenv';
+import sequelize from './config/db.js';
+import './models/index.js'; // Import models and relationships so Sequelize knows about them before syncing
+
+dotenv.config();
+
+const PORT = process.env.PORT || 3000;
+
+const startServer = async () => {
+  try {
+    // Check database connection and sync models automatically
+    await sequelize.authenticate();
+    console.log('✅ Connected to PostgreSQL Database successfully with Sequelize');
+    
+    // Auto-sync database (creates/alters tables based on Models)
+    // Warning: { alter: true } is great for dev, but in production use proper migrations
+    await sequelize.sync({ alter: true });
+    console.log('✅ Database schemas synchronized');
+
+    app.listen(PORT, () => {
+      console.log(`🚀 Server is running on http://localhost:${PORT}`);
+    });
+  } catch (error) {
+    console.error('❌ Unable to connect to the database:', error);
+    process.exit(1);
+  }
+};
+
+startServer();

package/src/services/authService.js

@@ -0,0 +1,71 @@
+import bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+import * as userRepository from '../repositories/userRepository.js';
+import * as roleRepository from '../repositories/roleRepository.js';
+
+export const register = async (userData) => {
+  const { name, email, password, age, role_id } = userData;
+
+  const existingUser = await userRepository.findByEmail(email);
+  if (existingUser) {
+    throw new Error('Email already in use');
+  }
+
+  // Find the ID for the default USER role, if not provided
+  let assignedRoleId = role_id;
+  if (!assignedRoleId) {
+    const defaultRole = await roleRepository.findByName('USER');
+    assignedRoleId = defaultRole ? defaultRole.id : null;
+  }
+
+  const hashedPassword = await bcrypt.hash(password, 10);
+
+  const newUser = await userRepository.create({
+    name,
+    email,
+    password: hashedPassword,
+    age,
+    role_id: assignedRoleId
+  });
+
+  // Convert Sequelize model to plain JSON before modifying
+  const userObj = newUser.toJSON();
+  delete userObj.password;
+  return userObj;
+};
+
+export const login = async (email, password) => {
+  const user = await userRepository.findByEmail(email);
+
+  if (!user) {
+    throw new Error('Invalid email or password');
+  }
+
+  const isMatch = await bcrypt.compare(password, user.password);
+
+  if (!isMatch) {
+    throw new Error('Invalid email or password');
+  }
+
+  // Fetch the role name and exact permissions from the database
+  const permissions = await roleRepository.getRolePermissions(user.role_id);
+  
+  // Format permissions into an array of string identifiers (e.g. ['USERS:READ'])
+  const permissionStrings = permissions.map(p => `${p.module}:${p.action}`);
+
+  const token = jwt.sign(
+    { 
+      id: user.id, 
+      email: user.email, 
+      role_id: user.role_id,
+      permissions: permissionStrings // Embed DB-driven permissions into the token!
+    },
+    process.env.JWT_SECRET || 'secret',
+    { expiresIn: '1d' }
+  );
+
+  const userObj = user.toJSON();
+  delete userObj.password;
+
+  return { user: userObj, token };
+};

package/src/services/permissionService.js

@@ -0,0 +1,22 @@
+import * as permissionRepository from '../repositories/permissionRepository.js';
+
+export const getAllPermissions = async () => {
+  return await permissionRepository.findAll();
+};
+
+export const getPermissionById = async (id) => {
+  return await permissionRepository.findById(id);
+};
+
+export const createPermission = async (permissionData) => {
+  // In a real app you might want to check if the module+action combo already exists
+  return await permissionRepository.create(permissionData);
+};
+
+export const updatePermission = async (id, permissionData) => {
+  return await permissionRepository.update(id, permissionData);
+};
+
+export const deletePermission = async (id) => {
+  return await permissionRepository.remove(id);
+};

package/src/services/roleService.js

@@ -0,0 +1,44 @@
+import * as roleRepository from '../repositories/roleRepository.js';
+
+export const getAllRoles = async () => {
+  return await roleRepository.findAll();
+};
+
+export const getRoleById = async (id) => {
+  return await roleRepository.findById(id);
+};
+
+export const createRole = async (roleData) => {
+  // Prevent duplicate roles
+  const existingRole = await roleRepository.findByName(roleData.name);
+  if (existingRole) {
+    throw new Error('Role name already exists');
+  }
+  return await roleRepository.create(roleData);
+};
+
+export const updateRole = async (id, roleData) => {
+  return await roleRepository.update(id, roleData);
+};
+
+export const deleteRole = async (id) => {
+  return await roleRepository.remove(id);
+};
+
+export const assignPermissions = async (roleId, permissionIds) => {
+  // Ensure role exists
+  const role = await roleRepository.findById(roleId);
+  if (!role) {
+    throw new Error('Role not found');
+  }
+  
+  // Update permissions in join table
+  await roleRepository.assignPermissionsToRole(roleId, permissionIds);
+  
+  // Return the updated role with its permissions
+  return await roleRepository.getRolePermissions(roleId);
+};
+
+export const getRolePermissions = async (roleId) => {
+  return await roleRepository.getRolePermissions(roleId);
+};

package/src/services/userService.js

@@ -0,0 +1,28 @@
+import * as userRepository from '../repositories/userRepository.js';
+
+export const getAllUsers = async () => {
+  return await userRepository.findAll();
+};
+
+export const getUserById = async (id) => {
+  return await userRepository.findById(id);
+};
+
+export const createUser = async (userData) => {
+  // Example of business logic in service
+  if (userData.age && userData.age < 0) {
+    throw new Error('Age cannot be negative');
+  }
+  return await userRepository.create(userData);
+};
+
+export const updateUser = async (id, userData) => {
+  if (userData.age && userData.age < 0) {
+    throw new Error('Age cannot be negative');
+  }
+  return await userRepository.update(id, userData);
+};
+
+export const deleteUser = async (id) => {
+  return await userRepository.remove(id);
+};