kybernus 3.0.1 → 3.2.0

package/templates/ecommerce/apps/api/src/presentation/modules/auth/auth.controller.ts

@@ -0,0 +1,147 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { authService } from '../../../infrastructure/config/registry/auth.registry';
+
+// ── Validation schemas ────────────────────────────────────────────────────────
+const registerSchema = z.object({
+  name: z.string().min(1, 'Nome é obrigatório'),
+  email: z.string().email('Email inválido'),
+  password: z.string().min(8, 'Senha deve ter pelo menos 8 caracteres'),
+});
+
+const loginSchema = z.object({
+  email: z.string().email('Email inválido'),
+  password: z.string().min(1, 'Senha é obrigatória'),
+});
+
+// ── Cookie helpers ────────────────────────────────────────────────────────────
+const REFRESH_COOKIE = 'refreshToken';
+const COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env['NODE_ENV'] === 'production',
+  sameSite: 'strict' as const,
+  maxAge: 7 * 24 * 60 * 60 * 1000, // 7 days in ms
+};
+
+// ── Controllers ───────────────────────────────────────────────────────────────
+export async function register(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = registerSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const user = await authService.register(parsed.data);
+
+    // Generate tokens right away so the client is logged in after registration
+    const loginResult = await authService.login({
+      email: parsed.data.email,
+      password: parsed.data.password,
+    });
+
+    res.cookie(REFRESH_COOKIE, loginResult.refreshToken, COOKIE_OPTIONS);
+    res.status(201).json({ user, accessToken: loginResult.accessToken });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function login(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = loginSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const { accessToken, refreshToken, user } = await authService.login(parsed.data);
+    res.cookie(REFRESH_COOKIE, refreshToken, COOKIE_OPTIONS);
+    res.status(200).json({ accessToken, user });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function refresh(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const token = (req.cookies as Record<string, string | undefined>)[REFRESH_COOKIE];
+  if (!token) {
+    res.status(401).json({ error: 'Refresh token não encontrado' });
+    return;
+  }
+
+  try {
+    const { accessToken } = await authService.refreshToken(token);
+    res.status(200).json({ accessToken });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function logout(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const token = (req.cookies as Record<string, string | undefined>)[REFRESH_COOKIE];
+
+  try {
+    if (token) {
+      await authService.logout(token);
+    }
+    res.clearCookie(REFRESH_COOKIE);
+    res.status(204).send();
+  } catch (err) {
+    next(err);
+  }
+}
+
+export function me(req: Request, res: Response): void {
+  res.status(200).json(req.user);
+}
+
+export function adminTest(_req: Request, res: Response): void {
+  res.status(200).json({ message: 'Admin access granted' });
+}
+
+export async function forgotPassword(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  const parsed = z
+    .object({ email: z.string().email('Email inválido') })
+    .safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+  try {
+    await authService.forgotPassword({ email: parsed.data.email });
+    // Always respond with the same message to prevent user enumeration
+    res
+      .status(200)
+      .json({ message: 'Se o email existir, você receberá as instruções em breve.' });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function resetPassword(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  const parsed = z
+    .object({
+      token: z.string().min(1, 'Token é obrigatório'),
+      newPassword: z.string().min(6, 'A senha deve ter pelo menos 6 caracteres'),
+    })
+    .safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+  try {
+    await authService.resetPassword(parsed.data);
+    res.status(200).json({ message: 'Senha redefinida com sucesso.' });
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/presentation/modules/auth/auth.routes.ts

@@ -0,0 +1,17 @@
+import { Router } from 'express';
+import { authenticate } from '../../middlewares/authenticate';
+import { authorize } from '../../middlewares/authorize';
+import * as authController from './auth.controller';
+
+const router = Router();
+
+router.post('/register', authController.register);
+router.post('/login', authController.login);
+router.post('/refresh', authController.refresh);
+router.post('/logout', authController.logout);
+router.get('/me', authenticate, authController.me);
+router.get('/admin-test', authenticate, authorize('ADMIN'), authController.adminTest);
+router.post('/forgot-password', authController.forgotPassword);
+router.post('/reset-password', authController.resetPassword);
+
+export default router;

package/templates/ecommerce/apps/api/src/presentation/modules/cart/cart.controller.ts

@@ -0,0 +1,94 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { cartService } from '../../../infrastructure/config/registry/cart.registry';
+import type { CartKey } from '../../../application/cart/cart.service';
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+function cartKey(req: Request): CartKey {
+  // req.user is attached by authenticate middleware — always present on cart routes
+  const user = req.user as { id: string } | undefined;
+  if (user) return { userId: user.id };
+  // Fallback for anonymous access (not currently used — routes all require auth)
+  const sessionId = (req.headers['x-session-id'] as string | undefined) ?? 'anon';
+  return { sessionId };
+}
+
+// ── Zod schemas ───────────────────────────────────────────────────────────────
+const addItemSchema = z.object({
+  productId: z.string().min(1),
+  variantId: z.string().min(1),
+  qty: z.number().int().min(1, 'Quantidade deve ser maior que zero'),
+});
+
+const updateItemSchema = z.object({
+  qty: z.number().int().min(0, 'Quantidade não pode ser negativa'),
+});
+
+const applyCouponSchema = z.object({
+  code: z.string().min(1),
+});
+
+const shippingQuerySchema = z.object({
+  cep: z.string().regex(/^\d{8}$/, 'CEP inválido — use 8 dígitos numéricos'),
+});
+
+// ── Controllers ───────────────────────────────────────────────────────────────
+export async function getCart(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const cart = await cartService.getCart(cartKey(req));
+    res.status(200).json(cart.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function addItem(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const dto = addItemSchema.parse(req.body);
+    const cart = await cartService.addItem(cartKey(req), dto);
+    res.status(201).json(cart.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function updateItem(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const { variantId } = req.params as { variantId: string };
+    const { qty } = updateItemSchema.parse(req.body);
+    const cart = await cartService.updateItem(cartKey(req), variantId, qty);
+    res.status(200).json(cart.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function removeItem(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const { variantId } = req.params as { variantId: string };
+    await cartService.removeItem(cartKey(req), variantId);
+    res.status(204).send();
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function applyCoupon(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const { code } = applyCouponSchema.parse(req.body);
+    const cart = await cartService.applyCoupon(cartKey(req), code);
+    res.status(200).json(cart.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function getShipping(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const { cep } = shippingQuerySchema.parse(req.query);
+    const options = await cartService.getShippingOptions(cartKey(req), cep);
+    res.status(200).json(options);
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/presentation/modules/cart/cart.routes.ts

@@ -0,0 +1,17 @@
+import { Router } from 'express';
+import { authenticate } from '../../middlewares/authenticate';
+import * as cartController from './cart.controller';
+
+const router = Router();
+
+// All cart routes require authentication (users must be logged in)
+router.use(authenticate);
+
+router.get('/', cartController.getCart);
+router.post('/items', cartController.addItem);
+router.patch('/items/:variantId', cartController.updateItem);
+router.delete('/items/:variantId', cartController.removeItem);
+router.post('/coupon', cartController.applyCoupon);
+router.get('/shipping', cartController.getShipping);
+
+export default router;

package/templates/ecommerce/apps/api/src/presentation/modules/catalog/catalog.controller.ts

@@ -0,0 +1,176 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { catalogService } from '../../../infrastructure/config/registry/catalog.registry';
+
+// ── Validation schemas ────────────────────────────────────────────────────────
+const variantSchema = z.object({
+  sku: z.string().min(1),
+  size: z.string().nullish(),
+  color: z.string().nullish(),
+  stock: z.number().int().min(0),
+  price: z.number().positive().nullish(),
+});
+
+const createProductSchema = z.object({
+  name: z.string().min(1, 'Nome é obrigatório'),
+  description: z.string().nullish(),
+  price: z.number({ required_error: 'Preço é obrigatório' }),
+  categoryId: z.string().optional(),
+  categorySlug: z.string().optional(),
+  images: z.array(z.string().url()).default([]),
+  variants: z.array(variantSchema).min(1, 'Pelo menos uma variação é necessária'),
+});
+
+const updateProductSchema = z.object({
+  name: z.string().min(1).optional(),
+  description: z.string().nullish(),
+  price: z.number().optional(),
+  images: z.array(z.string().url()).optional(),
+});
+
+const stockUpdateSchema = z.object({
+  variantId: z.string().min(1),
+  delta: z.number().int(),
+});
+
+const listQuerySchema = z.object({
+  categorySlug: z.string().optional(),
+  categoryId: z.string().optional(),
+  minPrice: z.coerce.number().optional(),
+  maxPrice: z.coerce.number().optional(),
+  q: z.string().optional(),
+  sortBy: z.enum(['price_asc', 'price_desc', 'newest']).optional(),
+  cursor: z.string().optional(),
+  limit: z.coerce.number().int().min(1).max(100).default(20),
+});
+
+// ── Controllers ───────────────────────────────────────────────────────────────
+export async function listProducts(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = listQuerySchema.safeParse(req.query);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    // Resolve categorySlug → categoryId if needed
+    let categoryId = parsed.data.categoryId;
+    if (!categoryId && parsed.data.categorySlug) {
+      const cats = await catalogService.listCategories();
+      const cat = cats.find((c) => c.slug === parsed.data.categorySlug);
+      if (cat) categoryId = cat.id;
+    }
+
+    const result = await catalogService.searchProducts({
+      ...parsed.data,
+      categoryId,
+    });
+
+    res.status(200).json({
+      items: result.items.map((p) => p.toRecord()),
+      nextCursor: result.nextCursor,
+    });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function getProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const product = await catalogService.getProductBySlug(req.params['slug'] ?? '');
+    res.status(200).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function createProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = createProductSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const product = await catalogService.createProduct(parsed.data);
+    res.status(201).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function updateProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = updateProductSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const product = await catalogService.updateProduct(req.params['id'] ?? '', parsed.data);
+    res.status(200).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function deleteProduct(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    await catalogService.deleteProduct(req.params['id'] ?? '');
+    res.status(204).send();
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function updateStock(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = stockUpdateSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(422).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+
+  try {
+    const result = await catalogService.updateStock({
+      productId: req.params['id'] ?? '',
+      variantId: parsed.data.variantId,
+      delta: parsed.data.delta,
+    });
+    res.status(200).json(result);
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function listCategories(_req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const cats = await catalogService.listCategories();
+    res.status(200).json({ data: cats.map((c) => c.toRecord()) });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function uploadProductImage(req: Request, res: Response, next: NextFunction): Promise<void> {
+  if (!req.file) {
+    res.status(400).json({ error: 'Arquivo de imagem obrigatório' });
+    return;
+  }
+
+  const ALLOWED_MIMETYPES = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
+  if (!ALLOWED_MIMETYPES.includes(req.file.mimetype)) {
+    res.status(400).json({ error: 'Apenas imagens JPEG, PNG, GIF ou WebP são aceitas' });
+    return;
+  }
+
+  try {
+    const product = await catalogService.uploadProductImage(
+      req.params['id'] ?? '',
+      req.file.buffer,
+      req.file.mimetype,
+    );
+    res.status(200).json(product.toRecord());
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/presentation/modules/catalog/catalog.routes.ts

@@ -0,0 +1,38 @@
+import { Router } from 'express';
+import multer from 'multer';
+import { authenticate } from '../../middlewares/authenticate';
+import { authorize } from '../../middlewares/authorize';
+import { validateUuidParam } from '../../validators/uuidParam';
+import * as catalogController from './catalog.controller';
+
+const router = Router();
+
+// Multer: memory storage, 5 MB limit — MIME validation done in controller
+const imageUpload = multer({
+  storage: multer.memoryStorage(),
+  limits: { fileSize: 5 * 1024 * 1024 },
+});
+
+// ── Public routes ─────────────────────────────────────────────────────────────
+router.get('/', catalogController.listProducts);
+router.get('/:slug', catalogController.getProduct);
+
+// ── Admin-only routes ─────────────────────────────────────────────────────────
+router.post('/', authenticate, authorize('ADMIN'), catalogController.createProduct);
+router.put('/:id', authenticate, authorize('ADMIN'), validateUuidParam(), catalogController.updateProduct);
+router.delete('/:id', authenticate, authorize('ADMIN'), validateUuidParam(), catalogController.deleteProduct);
+router.patch('/:id/stock', authenticate, authorize('ADMIN'), validateUuidParam(), catalogController.updateStock);
+router.post(
+  '/:id/image',
+  authenticate,
+  authorize('ADMIN'),
+  validateUuidParam(),
+  imageUpload.single('image'),
+  catalogController.uploadProductImage,
+);
+
+export default router;
+
+// ── Stand-alone categories router ─────────────────────────────────────────────
+export const categoryRouter = Router();
+categoryRouter.get('/', catalogController.listCategories);

package/templates/ecommerce/apps/api/src/presentation/modules/checkout/checkout.controller.ts

@@ -0,0 +1,59 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { checkoutRegistry } from '../../../infrastructure/config/registry/checkout.registry';
+import { AppError } from '../../../domain/shared/AppError';
+
+// ── Zod schemas ───────────────────────────────────────────────────────────────
+const checkoutSchema = z.object({
+  shippingCost: z.number().min(0),
+  shippingAddress: z
+    .record(z.string(), z.string())
+    .nullable()
+    .optional()
+    .transform((v) => v ?? null),
+});
+
+// ── POST /api/checkout ────────────────────────────────────────────────────────
+export async function checkout(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const user = req.user as { id: string };
+    const dto = checkoutSchema.parse(req.body);
+
+    const result = await checkoutRegistry.checkoutService.checkout({
+      userId: user.id,
+      shippingCost: dto.shippingCost,
+      shippingAddress: dto.shippingAddress ?? null,
+    });
+
+    res.status(201).json(result);
+  } catch (err) {
+    next(err);
+  }
+}
+
+// ── POST /api/checkout/webhook ────────────────────────────────────────────────
+export async function webhook(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const signature = req.headers['stripe-signature'];
+    if (!signature || typeof signature !== 'string') {
+      throw new AppError('Header stripe-signature ausente', 400);
+    }
+
+    // req.body is a Buffer when using express.raw()
+    const payload =
+      Buffer.isBuffer(req.body) ? req.body.toString('utf-8') : JSON.stringify(req.body);
+
+    await checkoutRegistry.webhookHandler.handleEvent(payload, signature);
+    res.status(200).json({ received: true });
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/presentation/modules/checkout/checkout.routes.ts

@@ -0,0 +1,18 @@
+import { Router } from 'express';
+import express from 'express';
+import { authenticate } from '../../middlewares/authenticate';
+import * as checkoutController from './checkout.controller';
+
+const router = Router();
+
+// POST /api/checkout — create order and payment intent
+router.post('/', authenticate, checkoutController.checkout);
+
+// POST /api/checkout/webhook — Stripe webhook (raw body required for signature verification)
+router.post(
+  '/webhook',
+  express.raw({ type: 'application/json' }),
+  checkoutController.webhook,
+);
+
+export default router;

package/templates/ecommerce/apps/api/src/presentation/modules/orders/order.controller.ts

@@ -0,0 +1,96 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { orderService } from '../../../infrastructure/config/registry/orders.registry';
+import type { OrderStatus } from '../../../domain/checkout/order.entity';
+
+// ── Zod schemas ───────────────────────────────────────────────────────────────
+const paginationSchema = z.object({
+  cursor: z.string().optional(),
+  limit: z.coerce.number().int().min(1).max(100).optional(),
+});
+
+const updateStatusSchema = z.object({
+  status: z.enum(['PENDING', 'PAID', 'FAILED', 'SHIPPED', 'DELIVERED', 'CANCELLED']),
+  trackingCode: z.string().optional(),
+});
+
+const statusFilterSchema = z.object({
+  status: z.enum(['PENDING', 'PAID', 'FAILED', 'SHIPPED', 'DELIVERED', 'CANCELLED']).optional(),
+  cursor: z.string().optional(),
+  limit: z.coerce.number().int().min(1).max(100).optional(),
+});
+
+function serializeOrder(order: { toRecord: () => object }) {
+  return order.toRecord();
+}
+
+// ── Customer controllers ──────────────────────────────────────────────────────
+export async function listOrders(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const user = req.user as { id: string };
+    const { cursor, limit } = paginationSchema.parse(req.query);
+    const result = await orderService.getOrdersByUser(user.id, { cursor, limit });
+    res.status(200).json({
+      items: result.items.map(serializeOrder),
+      nextCursor: result.nextCursor,
+    });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function getOrder(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const user = req.user as { id: string };
+    const { id } = req.params as { id: string };
+    const order = await orderService.getOrderById(id, user.id);
+    res.status(200).json(serializeOrder(order));
+  } catch (err) {
+    next(err);
+  }
+}
+
+// ── Admin controllers ─────────────────────────────────────────────────────────
+export async function adminListOrders(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const { status, cursor, limit } = statusFilterSchema.parse(req.query);
+    const result = await orderService.getAllOrders({
+      status: status as OrderStatus | undefined,
+      cursor,
+      limit,
+    });
+    res.status(200).json({
+      items: result.items.map(serializeOrder),
+      nextCursor: result.nextCursor,
+    });
+  } catch (err) {
+    next(err);
+  }
+}
+
+export async function adminUpdateOrderStatus(
+  req: Request,
+  res: Response,
+  next: NextFunction,
+): Promise<void> {
+  try {
+    const { id } = req.params as { id: string };
+    const { status, trackingCode } = updateStatusSchema.parse(req.body);
+    const order = await orderService.updateOrderStatus(id, status, trackingCode);
+    res.status(200).json(serializeOrder(order));
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/presentation/modules/orders/order.routes.ts

@@ -0,0 +1,17 @@
+import { Router } from 'express';
+import { authenticate } from '../../middlewares/authenticate';
+import { authorize } from '../../middlewares/authorize';
+import { validateUuidParam } from '../../validators/uuidParam';
+import * as orderController from './order.controller';
+
+// ── Customer routes — mounted at /api/orders ──────────────────────────────────
+export const orderRoutes = Router();
+orderRoutes.use(authenticate);
+orderRoutes.get('/', orderController.listOrders);
+orderRoutes.get('/:id', validateUuidParam(), orderController.getOrder);
+
+// ── Admin routes — mounted at /api/admin/orders ───────────────────────────────
+export const adminOrderRoutes = Router();
+adminOrderRoutes.use(authenticate, authorize('ADMIN'));
+adminOrderRoutes.get('/', orderController.adminListOrders);
+adminOrderRoutes.patch('/:id/status', validateUuidParam(), orderController.adminUpdateOrderStatus);