npm - kybernus - Versions diffs - 3.0.1 → 3.2.0 - Mend

kybernus 3.0.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (392) hide show

package/templates/ecommerce/apps/api/prisma/migrations/migration_lock.toml ADDED Viewed

@@ -0,0 +1,3 @@
+# Please do not edit this file manually
+# It should be added in your version-control system (e.g., Git)
+provider = "postgresql"

package/templates/ecommerce/apps/api/prisma/schema.prisma ADDED Viewed

@@ -0,0 +1,181 @@
+// This is your Prisma schema file,
+// learn more about it in the docs: https://pris.ly/d/prisma-schema
+generator client {
+  provider = "prisma-client-js"
+}
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+// ── Phase 1 — Auth ────────────────────────────────────────────────────────────
+enum Role {
+  CUSTOMER
+  ADMIN
+}
+model User {
+  id           String   @id @default(cuid())
+  name         String
+  email        String   @unique
+  passwordHash String
+  role         Role     @default(CUSTOMER)
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+  passwordResetTokens PasswordResetToken[]
+  @@map("users")
+}
+model PasswordResetToken {
+  id        String   @id @default(cuid())
+  token     String   @unique
+  userId    String
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  expiresAt DateTime
+  usedAt    DateTime?
+  createdAt DateTime @default(now())
+  @@map("password_reset_tokens")
+}
+// Note: RefreshToken blacklist is stored in Redis (not Prisma) for performance.
+// Refresh tokens have short TTL and high write volume — Redis is the right tool.
+// ── Phase 2 — Catalog ─────────────────────────────────────────────────────────
+enum ProductStatus {
+  ACTIVE
+  INACTIVE
+  DELETED
+}
+model Category {
+  id          String    @id @default(cuid())
+  name        String
+  slug        String    @unique
+  description String?
+  parentId    String?
+  parent      Category? @relation("CategoryParent", fields: [parentId], references: [id])
+  children    Category[] @relation("CategoryParent")
+  products    Product[]
+  createdAt   DateTime  @default(now())
+  updatedAt   DateTime  @updatedAt
+  @@map("categories")
+}
+model Product {
+  id          String        @id @default(cuid())
+  name        String
+  slug        String        @unique
+  description String?
+  price       Decimal       @db.Decimal(10, 2)
+  status      ProductStatus @default(ACTIVE)
+  categoryId  String
+  category    Category      @relation(fields: [categoryId], references: [id])
+  images      String[]
+  variants    ProductVariant[]
+  createdAt   DateTime      @default(now())
+  updatedAt   DateTime      @updatedAt
+  @@index([categoryId])
+  @@index([status])
+  @@map("products")
+}
+model ProductVariant {
+  id        String   @id @default(cuid())
+  sku       String   @unique
+  size      String?
+  color     String?
+  stock     Int      @default(0)
+  price     Decimal? @db.Decimal(10, 2)
+  productId String
+  product   Product  @relation(fields: [productId], references: [id], onDelete: Cascade)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  @@index([productId])
+  @@map("product_variants")
+}
+// ── Phase 3 — Cart ───────────────────────────────────────────────────────────
+enum DiscountType {
+  percent
+  fixed
+}
+model Coupon {
+  id            String       @id @default(cuid())
+  code          String       @unique
+  discountType  DiscountType
+  discountValue Decimal      @db.Decimal(10, 2)
+  minOrderValue Decimal      @default(0) @db.Decimal(10, 2)
+  usageLimit    Int?
+  usageCount    Int          @default(0)
+  expiresAt     DateTime?
+  createdAt     DateTime     @default(now())
+  @@map("coupons")
+}
+// Note: Cart and CartItem are stored in Redis (TTL-based), not Postgres.
+// Only Coupon lives in Postgres for persistence and reporting.
+// ── Phase 4 — Checkout & Orders ───────────────────────────────────────────────
+enum OrderStatus {
+  PENDING
+  PAID
+  FAILED
+  SHIPPED
+  DELIVERED
+  CANCELLED
+}
+model Order {
+  id              String      @id @default(cuid())
+  userId          String
+  status          OrderStatus @default(PENDING)
+  subtotal        Decimal     @db.Decimal(10, 2)
+  discount        Decimal     @default(0) @db.Decimal(10, 2)
+  shippingCost    Decimal     @default(0) @db.Decimal(10, 2)
+  tax             Decimal     @default(0) @db.Decimal(10, 2)
+  total           Decimal     @db.Decimal(10, 2)
+  couponCode      String?
+  paymentIntentId String?     @unique
+  trackingCode    String?
+  shippingAddress Json?
+  items           OrderItem[]
+  createdAt       DateTime    @default(now())
+  updatedAt       DateTime    @updatedAt
+  @@index([userId])
+  @@index([status])
+  @@map("orders")
+}
+model OrderItem {
+  id        String  @id @default(cuid())
+  orderId   String
+  order     Order   @relation(fields: [orderId], references: [id], onDelete: Cascade)
+  variantId String
+  productId String
+  name      String
+  sku       String
+  price     Decimal @db.Decimal(10, 2)
+  qty       Int
+  image     String?
+  @@index([orderId])
+  @@map("order_items")
+}
+// Phase 5 — (Order status history — no new model, timestamps in Order)
+// Phase 6 — (Admin aggregations — no new models, only queries)

package/templates/ecommerce/apps/api/prisma/seed.ts ADDED Viewed

@@ -0,0 +1,159 @@
+/**
+ * Prisma seed — popula o banco com dados de demonstração.
+ * Execute com: npm run db:seed  (dentro de apps/api) ou
+ *              npm run db:seed  (na raiz do monorepo)
+ */
+import { PrismaClient, Role, ProductStatus } from '@prisma/client';
+import bcrypt from 'bcryptjs';
+const prisma = new PrismaClient();
+async function main() {
+  console.log('🌱 Seeding database…');
+  // ── Admin user ─────────────────────────────────────────────────────────────
+  const adminPassword = await bcrypt.hash('Admin@1234', 10);
+  const admin = await prisma.user.upsert({
+    where: { email: 'admin@minhaloja.com.br' },
+    update: {},
+    create: {
+      name: 'Administrador',
+      email: 'admin@minhaloja.com.br',
+      passwordHash: adminPassword,
+      role: Role.ADMIN,
+    },
+  });
+  console.log(`  ✔ Admin: ${admin.email}`);
+  // ── Demo customer ──────────────────────────────────────────────────────────
+  const customerPassword = await bcrypt.hash('Cliente@1234', 10);
+  const customer = await prisma.user.upsert({
+    where: { email: 'cliente@exemplo.com.br' },
+    update: {},
+    create: {
+      name: 'João Silva',
+      email: 'cliente@exemplo.com.br',
+      passwordHash: customerPassword,
+      role: Role.CUSTOMER,
+    },
+  });
+  console.log(`  ✔ Customer: ${customer.email}`);
+  // ── Categories ─────────────────────────────────────────────────────────────
+  const catCamisetas = await prisma.category.upsert({
+    where: { slug: 'camisetas' },
+    update: {},
+    create: { name: 'Camisetas', slug: 'camisetas', description: 'Camisetas e básicos' },
+  });
+  const catCalcas = await prisma.category.upsert({
+    where: { slug: 'calcas' },
+    update: {},
+    create: { name: 'Calças', slug: 'calcas', description: 'Calças e bermudas' },
+  });
+  const catAcessorios = await prisma.category.upsert({
+    where: { slug: 'acessorios' },
+    update: {},
+    create: { name: 'Acessórios', slug: 'acessorios', description: 'Bolsas, cintos, bonés' },
+  });
+  console.log(`  ✔ Categories: ${catCamisetas.name}, ${catCalcas.name}, ${catAcessorios.name}`);
+  // ── Products ───────────────────────────────────────────────────────────────
+  const products = [
+    {
+      name: 'Camiseta Básica Branca',
+      slug: 'camiseta-basica-branca',
+      description: 'Camiseta 100% algodão, corte regular, disponível em vários tamanhos.',
+      price: 49.9,
+      categoryId: catCamisetas.id,
+      images: ['https://placehold.co/600x600?text=Camiseta+Branca'],
+      variants: [
+        { sku: 'CAM-BRA-P', size: 'P', color: 'Branco', stock: 20 },
+        { sku: 'CAM-BRA-M', size: 'M', color: 'Branco', stock: 30 },
+        { sku: 'CAM-BRA-G', size: 'G', color: 'Branco', stock: 25 },
+      ],
+    },
+    {
+      name: 'Camiseta Básica Preta',
+      slug: 'camiseta-basica-preta',
+      description: 'Camiseta 100% algodão, corte regular.',
+      price: 49.9,
+      categoryId: catCamisetas.id,
+      images: ['https://placehold.co/600x600?text=Camiseta+Preta'],
+      variants: [
+        { sku: 'CAM-PTO-P', size: 'P', color: 'Preto', stock: 15 },
+        { sku: 'CAM-PTO-M', size: 'M', color: 'Preto', stock: 20 },
+        { sku: 'CAM-PTO-G', size: 'G', color: 'Preto', stock: 18 },
+      ],
+    },
+    {
+      name: 'Calça Slim Jeans',
+      slug: 'calca-slim-jeans',
+      description: 'Calça slim fit em denim stretch, confortável para o dia a dia.',
+      price: 149.9,
+      categoryId: catCalcas.id,
+      images: ['https://placehold.co/600x600?text=Calça+Jeans'],
+      variants: [
+        { sku: 'CAL-JEA-38', size: '38', color: 'Azul', stock: 10 },
+        { sku: 'CAL-JEA-40', size: '40', color: 'Azul', stock: 12 },
+        { sku: 'CAL-JEA-42', size: '42', color: 'Azul', stock: 8 },
+      ],
+    },
+    {
+      name: 'Boné Snapback',
+      slug: 'bone-snapback',
+      description: 'Boné aba reta com fecho snapback, tamanho único.',
+      price: 59.9,
+      categoryId: catAcessorios.id,
+      images: ['https://placehold.co/600x600?text=Boné'],
+      variants: [
+        { sku: 'BON-BLK-UN', color: 'Preto', stock: 40 },
+        { sku: 'BON-WHT-UN', color: 'Branco', stock: 35 },
+      ],
+    },
+  ];
+  for (const p of products) {
+    const { variants, ...productData } = p;
+    const product = await prisma.product.upsert({
+      where: { slug: productData.slug },
+      update: {},
+      create: {
+        ...productData,
+        price: productData.price,
+        status: ProductStatus.ACTIVE,
+        variants: {
+          createMany: { data: variants, skipDuplicates: true },
+        },
+      },
+    });
+    console.log(`  ✔ Product: ${product.name}`);
+  }
+  // ── Coupon ─────────────────────────────────────────────────────────────────
+  const coupon = await prisma.coupon.upsert({
+    where: { code: 'BEMVINDO10' },
+    update: {},
+    create: {
+      code: 'BEMVINDO10',
+      discountType: 'percent',
+      discountValue: 10,
+      minOrderValue: 50,
+    },
+  });
+  console.log(`  ✔ Coupon: ${coupon.code} (${coupon.discountValue}% off)`);
+  console.log('\n✅ Seed concluído!');
+  console.log('\nCredenciais para teste:');
+  console.log('  Admin  → admin@minhaloja.com.br / Admin@1234');
+  console.log('  Cliente → cliente@exemplo.com.br / Cliente@1234');
+  console.log('  Cupom  → BEMVINDO10 (10% off em pedidos acima de R$50)');
+}
+main()
+  .catch((e) => {
+    console.error(e);
+    process.exit(1);
+  })
+  .finally(() => prisma.$disconnect());

package/templates/ecommerce/apps/api/src/__tests__/app.test.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import request from 'supertest';
+import app from '../app';
+describe('App — Health & Error Handling', () => {
+  describe('GET /health', () => {
+    it('deve retornar 200 com { status: "ok" }', async () => {
+      const res = await request(app).get('/health');
+      expect(res.status).toBe(200);
+      expect(res.body).toEqual({ status: 'ok' });
+    });
+  });
+  describe('Rota inexistente', () => {
+    it('deve retornar 404 com shape { error: string }', async () => {
+      const res = await request(app).get('/rota-que-nao-existe');
+      expect(res.status).toBe(404);
+      expect(res.body).toHaveProperty('error');
+      expect(typeof res.body.error).toBe('string');
+    });
+  });
+  describe('Error Handler Global', () => {
+    it('deve retornar 500 sem vazar stack trace em producao', async () => {
+      const originalEnv = process.env['NODE_ENV'];
+      process.env['NODE_ENV'] = 'production';
+      // /test-error lança um Error propositalmente (rota de teste)
+      const res = await request(app).get('/test-error');
+      expect(res.status).toBe(500);
+      expect(res.body).toHaveProperty('error');
+      expect(res.body.stack).toBeUndefined();
+      process.env['NODE_ENV'] = originalEnv;
+    });
+  });
+});

package/templates/ecommerce/apps/api/src/__tests__/globalSetup.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { execSync } from 'child_process';
+import path from 'path';
+/**
+ * Runs before all integration test workers.
+ * - Ensures the test database exists
+ * - Applies all pending Prisma migrations against TEST_DATABASE_URL
+ */
+export default async function globalSetup(): Promise<void> {
+  const testDbUrl =
+    process.env['TEST_DATABASE_URL'] ??
+    'postgresql://ecommerce:ecommerce@localhost:5435/ecommerce_test';
+  // __dirname = apps/api/src/__tests__ → two levels up = apps/api
+  const apiRoot = path.resolve(__dirname, '../..');
+  // Create test database if it doesn't exist (via docker exec)
+  try {
+    execSync(
+      `docker exec ecommerce_postgres createdb -U ecommerce ecommerce_test`,
+      { stdio: 'pipe', timeout: 10_000 },
+    );
+  } catch {
+    // Likely "already exists" — not an error
+  }
+  // Apply migrations to the test database
+  execSync('npx prisma migrate deploy', {
+    cwd: apiRoot,
+    env: { ...process.env, DATABASE_URL: testDbUrl },
+    stdio: 'pipe',
+    timeout: 60_000,
+  });
+}

package/templates/ecommerce/apps/api/src/__tests__/globalTeardown.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Global teardown for integration tests.
+ * Runs once after all test suites complete in the integration config.
+ * Closes the Redis connection to allow the process to exit cleanly.
+ */
+import Redis from 'ioredis';
+export default async function globalTeardown(): Promise<void> {
+  const redisUrl = process.env['REDIS_URL'] ?? 'redis://localhost:6379';
+  const client = new Redis(redisUrl, { lazyConnect: false, maxRetriesPerRequest: 1 });
+  try {
+    await client.quit();
+  } catch {
+    // ignore — redis may already be closed
+  }
+}

package/templates/ecommerce/apps/api/src/__tests__/setup.db.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Runs inside each integration test worker process (via `setupFiles`).
+ * Sets DATABASE_URL to the test database before any module is imported.
+ */
+process.env['JWT_SECRET'] =
+  process.env['JWT_SECRET'] ?? 'test-jwt-secret-min-32-chars-long!';
+process.env['JWT_REFRESH_SECRET'] =
+  process.env['JWT_REFRESH_SECRET'] ?? 'test-refresh-secret-min-32-chars-long!';
+process.env['NODE_ENV'] = 'test';
+// Point PrismaClient to the test database
+const testDbUrl =
+  process.env['TEST_DATABASE_URL'] ??
+  'postgresql://ecommerce:ecommerce@localhost:5435/ecommerce_test';
+process.env['DATABASE_URL'] = testDbUrl;
+// Point Redis client to the test Redis instance
+process.env['REDIS_URL'] = process.env['REDIS_URL'] ?? 'redis://localhost:6379';

package/templates/ecommerce/apps/api/src/__tests__/setup.env.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Environment setup for API tests.
+ * Runs before each test file in the worker process via jest `setupFiles`.
+ * This ensures env vars are available before any module (including singletons
+ * in auth.registry.ts) is first imported.
+ *
+ * Forces NODE_ENV=test-inmemory so the registry always uses InMemoryUserRepository
+ * and InMemoryTokenBlacklist, regardless of DATABASE_URL or REDIS_URL present in
+ * the developer's .env file. DB integration tests use their own setup (setup.db.ts).
+ */
+process.env['JWT_SECRET'] = process.env['JWT_SECRET'] ?? 'test-jwt-secret-min-32-chars-long!';
+process.env['JWT_REFRESH_SECRET'] =
+  process.env['JWT_REFRESH_SECRET'] ?? 'test-refresh-secret-min-32-chars-long!';
+process.env['NODE_ENV'] = 'test-inmemory';

package/templates/ecommerce/apps/api/src/app.ts ADDED Viewed

@@ -0,0 +1,133 @@
+import express, { Request, Response, NextFunction } from 'express';
+import cors from 'cors';
+import cookieParser from 'cookie-parser';
+import helmet from 'helmet';
+import rateLimit from 'express-rate-limit';
+import path from 'path';
+import { errorHandler } from './shared/middlewares/errorHandler';
+import { AppError } from './shared/errors/AppError';
+import authRoutes from './modules/auth/auth.routes';
+import catalogRoutes, { categoryRouter } from './modules/catalog/catalog.routes';
+import cartRoutes from './modules/cart/cart.routes';
+import checkoutRoutes from './modules/checkout/checkout.routes';
+import { orderRoutes, adminOrderRoutes } from './modules/orders/order.routes';
+import { adminRoutes } from './modules/admin/admin.routes';
+import profileRoutes from './modules/profile/profile.routes';
+import { prisma } from './shared/infra/prisma';
+import { redis } from './shared/infra/redis';
+const app = express();
+// ── Trust proxy (required when running behind a reverse proxy / load balancer)
+// Rate limiting uses the real client IP from X-Forwarded-For instead of the
+// proxy IP. Set to the number of trusted proxy hops (1 = one hop, e.g. nginx).
+if (process.env['NODE_ENV'] === 'production') {
+  app.set('trust proxy', 1);
+}
+// ── Stripe webhook MUST receive the raw body for signature verification.
+// Register express.raw() for this path BEFORE express.json() runs globally,
+// otherwise express.json() will parse the body first and the raw bytes are lost.
+app.use('/api/checkout/webhook', express.raw({ type: 'application/json' }));
+// ── Security headers ─────────────────────────────────────────────────────────
+app.use(helmet());
+// ── Core middlewares ─────────────────────────────────────────────────────────
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+app.use(
+  cors({
+    origin: process.env['CORS_ORIGIN'] || 'http://localhost:5173',
+    credentials: true,
+  }),
+);
+app.use(cookieParser());
+// ── Static file serving (product images) ────────────────────────────────────
+// Serves LocalDiskStorageService uploads from apps/api/public/
+app.use('/public', express.static(path.join(__dirname, '../public')));
+// ── Rate limiting (disabled in test environment) ────────────────────────────
+if (process.env['NODE_ENV'] !== 'test' && process.env['NODE_ENV'] !== 'test-inmemory') {
+  const makeLimiter = (max: number, windowMs = 60_000) =>
+    rateLimit({
+      windowMs,
+      max,
+      standardHeaders: true,
+      legacyHeaders: false,
+      message: { error: 'Too many requests, please try again later.' },
+    });
+  // Auth: strict — brute-force protection
+  const authLimiter = makeLimiter(20);
+  app.use('/api/auth/login', authLimiter);
+  app.use('/api/auth/register', authLimiter);
+  app.use('/api/auth/forgot-password', authLimiter);
+  app.use('/api/auth/reset-password', authLimiter);
+  // Checkout: 10 requests/min — prevents order spam and payment intent abuse
+  app.use('/api/checkout', makeLimiter(10));
+  // Orders: 60 requests/min — prevents enumeration scraping
+  app.use('/api/orders', makeLimiter(60));
+  app.use('/api/admin/orders', makeLimiter(60));
+  // Admin: 120 requests/min — still generous for legitimate use
+  app.use('/api/admin', makeLimiter(120));
+}
+// ── Health check (liveness) ──────────────────────────────────────────────────
+app.get('/health', (_req: Request, res: Response) => {
+  res.status(200).json({ status: 'ok' });
+});
+// ── Readiness probe — checks DB + Redis ─────────────────────────────────────
+app.get('/health/ready', async (_req: Request, res: Response) => {
+  const checks: Record<string, string> = {};
+  let ok = true;
+  try {
+    await prisma.$queryRaw`SELECT 1`;
+    checks['database'] = 'ok';
+  } catch {
+    checks['database'] = 'unreachable';
+    ok = false;
+  }
+  try {
+    await redis.ping();
+    checks['redis'] = 'ok';
+  } catch {
+    checks['redis'] = 'unreachable';
+    ok = false;
+  }
+  res.status(ok ? 200 : 503).json({ status: ok ? 'ok' : 'degraded', checks });
+});
+// ── Test-only route (throws intentionally to exercise the error handler) ─────
+// Available in 'test' and 'development' — never in production
+if (process.env['NODE_ENV'] !== 'production') {
+  app.get('/test-error', (_req: Request, _res: Response, next: NextFunction) => {
+    next(new Error('Intentional test error'));
+  });
+}
+// ── Feature routes ────────────────────────────────────────────────────────────
+app.use('/api/auth', authRoutes);        // Phase 1 ✅
+app.use('/api/products', catalogRoutes); // Phase 2 ✅
+app.use('/api/categories', categoryRouter); // Phase 2 ✅
+app.use('/api/cart', cartRoutes);        // Phase 3 ✅
+app.use('/api/checkout', checkoutRoutes); // Phase 4 ✅
+app.use('/api/orders', orderRoutes);      // Phase 5 ✅
+app.use('/api/admin/orders', adminOrderRoutes); // Phase 5 ✅
+app.use('/api/admin', adminRoutes);       // Phase 6 ✅
+app.use('/api/me', profileRoutes);        // Phase 16 ✅
+// ── 404 handler ──────────────────────────────────────────────────────────────
+app.use((_req: Request, _res: Response, next: NextFunction) => {
+  next(new AppError('Route not found', 404));
+});
+// ── Global error handler ─────────────────────────────────────────────────────
+app.use(errorHandler);
+export default app;

package/templates/ecommerce/apps/api/src/application/admin/admin-user.service.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import type { IUserRepository } from '../../domain/auth/user.repository';
+import type { UserRole } from '../../domain/auth/user.entity';
+import { AppError } from '../../domain/shared/AppError';
+export class AdminUserService {
+  constructor(private readonly userRepo: IUserRepository) {}
+  async listUsers(opts?: { role?: UserRole; cursor?: string; limit?: number }) {
+    return this.userRepo.findAll(opts);
+  }
+  async updateUserRole(
+    targetId: string,
+    newRole: UserRole,
+    requesterId: string,
+  ): Promise<void> {
+    if (targetId === requesterId) {
+      throw new AppError('Não é possível alterar o próprio role', 403);
+    }
+    const user = await this.userRepo.findById(targetId);
+    if (!user) throw new AppError('Usuário não encontrado', 404);
+    await this.userRepo.update(user.withRole(newRole));
+  }
+}