npm - kybernus - Versions diffs - 3.1.0 → 3.2.0 - Mend

kybernus 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

package/templates/ecommerce/apps/api/src/presentation/modules/profile/profile.controller.ts ADDED Viewed

@@ -0,0 +1,92 @@
+import { Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { profileService } from '../../../infrastructure/config/registry/profile.registry';
+import { tokenService } from '../../../infrastructure/config/registry/auth.registry';
+const REFRESH_COOKIE = 'refreshToken';
+export async function getProfile(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const profile = await profileService.getProfile(req.user!.id);
+    res.status(200).json(profile);
+  } catch (err) {
+    next(err);
+  }
+}
+export async function updateProfile(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = z
+    .object({
+      name: z.string().min(2, 'Nome deve ter pelo menos 2 caracteres').optional(),
+      email: z.string().email('Email inválido').optional(),
+    })
+    .refine((d) => d.name !== undefined || d.email !== undefined, {
+      message: 'Ao menos um campo (name ou email) deve ser informado',
+    })
+    .safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ errors: parsed.error.flatten().fieldErrors, message: parsed.error.errors[0]?.message });
+    return;
+  }
+  try {
+    const profile = await profileService.updateProfile(req.user!.id, parsed.data);
+    res.status(200).json(profile);
+  } catch (err) {
+    next(err);
+  }
+}
+export async function changePassword(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = z
+    .object({
+      currentPassword: z.string().min(1, 'Senha atual é obrigatória'),
+      newPassword: z.string().min(8, 'Nova senha deve ter pelo menos 8 caracteres'),
+    })
+    .safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+  try {
+    await profileService.changePassword(req.user!.id, parsed.data);
+    res.status(204).send();
+  } catch (err) {
+    next(err);
+  }
+}
+export async function deleteAccount(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const parsed = z
+    .object({
+      password: z.string().min(1, 'Senha é obrigatória para confirmar exclusão'),
+    })
+    .safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ errors: parsed.error.flatten().fieldErrors });
+    return;
+  }
+  try {
+    await profileService.deleteAccount(req.user!.id, parsed.data.password);
+    // Best-effort: invalidate the refresh token cookie if present
+    const refreshToken = (req.cookies as Record<string, string | undefined>)[REFRESH_COOKIE];
+    if (refreshToken) {
+      try {
+        await tokenService.invalidateRefreshToken(refreshToken);
+      } catch {
+        // ignore — token may already be expired
+      }
+    }
+    res.clearCookie(REFRESH_COOKIE);
+    res.status(204).send();
+  } catch (err) {
+    next(err);
+  }
+}

package/templates/ecommerce/apps/api/src/presentation/modules/profile/profile.routes.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { Router } from 'express';
+import { authenticate } from '../../middlewares/authenticate';
+import * as profileController from './profile.controller';
+const router = Router();
+router.use(authenticate);
+router.get('/', profileController.getProfile);
+router.patch('/', profileController.updateProfile);
+router.patch('/password', profileController.changePassword);
+router.delete('/', profileController.deleteAccount);
+export default router;

package/templates/ecommerce/apps/api/src/presentation/validators/uuidParam.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { z } from 'zod';
+import { Request, Response, NextFunction } from 'express';
+export const uuidSchema = z.string().uuid('ID inválido — formato UUID esperado');
+/**
+ * Express middleware that validates req.params[paramName] is a valid UUID v4.
+ * Returns 400 immediately for malformed IDs, preventing unnecessary DB queries
+ * and path traversal attempts.
+ */
+export function validateUuidParam(paramName = 'id') {
+  return (req: Request, res: Response, next: NextFunction): void => {
+    const result = uuidSchema.safeParse(req.params[paramName]);
+    if (!result.success) {
+      res.status(400).json({ error: 'ID inválido — formato UUID esperado' });
+      return;
+    }
+    next();
+  };
+}

package/templates/ecommerce/apps/api/src/server.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import 'dotenv/config';
+import app from './app';
+import { prisma } from './shared/infra/prisma';
+// ── Startup env validation ────────────────────────────────────────────────────
+const REQUIRED_ENV_VARS = [
+  'DATABASE_URL',
+  'REDIS_URL',
+  'JWT_SECRET',
+  'JWT_REFRESH_SECRET',
+  'JWT_RESET_SECRET',
+  'STRIPE_SECRET_KEY',
+];
+const missing = REQUIRED_ENV_VARS.filter((v) => !process.env[v]);
+if (missing.length > 0) {
+  console.error(`[FATAL] Missing required environment variables: ${missing.join(', ')}`);
+  process.exit(1);
+}
+const PORT = process.env['PORT'] ? parseInt(process.env['PORT'], 10) : 3000;
+const server = app.listen(PORT, () => {
+  console.log(`API running at http://localhost:${PORT}`);
+  console.log(`Environment: ${process.env['NODE_ENV'] ?? 'development'}`);
+});
+// ── Graceful shutdown ─────────────────────────────────────────────────────────
+async function shutdown(signal: string): Promise<void> {
+  console.log(`[${signal}] Shutting down gracefully…`);
+  server.close(async () => {
+    try {
+      await prisma.$disconnect();
+    } catch {
+      // ignore disconnect errors during shutdown
+    }
+    console.log('Server closed.');
+    process.exit(0);
+  });
+  // Force exit if graceful shutdown takes too long
+  setTimeout(() => {
+    console.error('Forced shutdown after timeout.');
+    process.exit(1);
+  }, 30_000).unref();
+}
+process.on('SIGTERM', () => void shutdown('SIGTERM'));
+process.on('SIGINT', () => void shutdown('SIGINT'));

package/templates/ecommerce/apps/api/src/shared/__tests__/uuid.validation.test.ts ADDED Viewed

@@ -0,0 +1,111 @@
+/**
+ * Phase 12 — UUID param validation
+ *
+ * Ensures endpoints that receive :id return 400 immediately for
+ * non-UUID values without hitting the database.
+ */
+import request from 'supertest';
+import app from '../../app';
+let adminToken: string;
+let customerToken: string;
+beforeAll(async () => {
+  const { userRepository } = await import('../../modules/auth/auth.registry');
+  const { UserEntity } = await import('../../modules/auth/user.entity');
+  const { hash } = await import('bcryptjs');
+  const adminEntity = UserEntity.create({
+    name: 'UUID Admin',
+    email: 'uuid.admin@test.com',
+    passwordHash: await hash('pass1234', 10),
+    role: 'ADMIN',
+  });
+  await userRepository.create(adminEntity);
+  const [aRes, cRes] = await Promise.all([
+    request(app)
+      .post('/api/auth/login')
+      .send({ email: 'uuid.admin@test.com', password: 'pass1234' }),
+    request(app)
+      .post('/api/auth/register')
+      .send({ name: 'UUID Customer', email: 'uuid.customer@test.com', password: 'pass1234' }),
+  ]);
+  adminToken = (aRes.body as { accessToken: string }).accessToken;
+  customerToken = (cRes.body as { accessToken: string }).accessToken;
+});
+const INVALID_IDS = ['not-a-uuid', '123', 'abc-def', 'totally-wrong-format'];
+const VALID_UUID = '00000000-0000-4000-8000-000000000001';
+describe('UUID param validation — GET /api/orders/:id', () => {
+  it.each(INVALID_IDS)('400 para id "%s"', async (id) => {
+    const res = await request(app)
+      .get(`/api/orders/${id}`)
+      .set('Authorization', `Bearer ${customerToken}`);
+    expect(res.status).toBe(400);
+    expect((res.body as { error: string }).error).toMatch(/uuid|id inválido/i);
+  });
+  it('404 normal para UUID válido mas inexistente', async () => {
+    const res = await request(app)
+      .get(`/api/orders/${VALID_UUID}`)
+      .set('Authorization', `Bearer ${customerToken}`);
+    expect(res.status).toBe(404);
+  });
+});
+describe('UUID param validation — PATCH /api/admin/orders/:id/status', () => {
+  it.each(INVALID_IDS)('400 para id "%s"', async (id) => {
+    const res = await request(app)
+      .patch(`/api/admin/orders/${id}/status`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ status: 'SHIPPED' });
+    expect(res.status).toBe(400);
+    expect((res.body as { error: string }).error).toMatch(/uuid|id inválido/i);
+  });
+});
+describe('UUID param validation — PATCH /api/admin/users/:id', () => {
+  it.each(INVALID_IDS)('400 para id "%s"', async (id) => {
+    const res = await request(app)
+      .patch(`/api/admin/users/${id}`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ role: 'ADMIN' });
+    expect(res.status).toBe(400);
+    expect((res.body as { error: string }).error).toMatch(/uuid|id inválido/i);
+  });
+});
+describe('UUID param validation — PUT /api/products/:id', () => {
+  it.each(INVALID_IDS)('400 para id "%s"', async (id) => {
+    const res = await request(app)
+      .put(`/api/products/${id}`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ name: 'Updated' });
+    expect(res.status).toBe(400);
+    expect((res.body as { error: string }).error).toMatch(/uuid|id inválido/i);
+  });
+});
+describe('UUID param validation — DELETE /api/products/:id', () => {
+  it.each(INVALID_IDS)('400 para id "%s"', async (id) => {
+    const res = await request(app)
+      .delete(`/api/products/${id}`)
+      .set('Authorization', `Bearer ${adminToken}`);
+    expect(res.status).toBe(400);
+    expect((res.body as { error: string }).error).toMatch(/uuid|id inválido/i);
+  });
+});
+describe('UUID param validation — PATCH /api/products/:id/stock', () => {
+  it.each(INVALID_IDS)('400 para id "%s"', async (id) => {
+    const res = await request(app)
+      .patch(`/api/products/${id}/stock`)
+      .set('Authorization', `Bearer ${adminToken}`)
+      .send({ variantId: 'v1', delta: 5 });
+    expect(res.status).toBe(400);
+    expect((res.body as { error: string }).error).toMatch(/uuid|id inválido/i);
+  });
+});

package/templates/ecommerce/apps/api/src/shared/errors/AppError.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { AppError } from '../../domain/shared/AppError';

package/templates/ecommerce/apps/api/src/shared/infra/email/EtherealEmailService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/email/ethereal.email.service';

package/templates/ecommerce/apps/api/src/shared/infra/email/IEmailService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../application/ports/email.port';

package/templates/ecommerce/apps/api/src/shared/infra/email/NoopEmailService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/email/noop.email.service';

package/templates/ecommerce/apps/api/src/shared/infra/email/SmtpEmailService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/email/smtp.email.service';

package/templates/ecommerce/apps/api/src/shared/infra/email/__tests__/ethereal.email.integration.test.ts ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * Integration test for EtherealEmailService.
+ * Hits the real Ethereal SMTP endpoint (no real delivery — Ethereal captures it).
+ * Run with: npm test (jest picks up all *.test.ts)
+ */
+import { EtherealEmailService } from '../EtherealEmailService';
+describe('EtherealEmailService', () => {
+  let service: EtherealEmailService;
+  beforeEach(() => {
+    service = new EtherealEmailService();
+  });
+  it('deve enviar email sem lançar erro', async () => {
+    await expect(
+      service.send('dest@example.com', 'Teste', '<p>Hello</p>'),
+    ).resolves.not.toThrow();
+  }, 15_000); // network timeout — ethereal can be slow
+  it('deve registrar preview URL após envio', async () => {
+    const consoleSpy = jest.spyOn(console, 'log').mockImplementation(() => {});
+    await service.send('dest@example.com', 'Preview URL test', '<p>Test</p>');
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining('Ethereal'),
+    );
+    consoleSpy.mockRestore();
+  }, 15_000);
+});

package/templates/ecommerce/apps/api/src/shared/infra/email/email.registry.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/email/email.registry';

package/templates/ecommerce/apps/api/src/shared/infra/prisma.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../infrastructure/persistence/prisma-client';

package/templates/ecommerce/apps/api/src/shared/infra/redis.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../infrastructure/cache/redis';

package/templates/ecommerce/apps/api/src/shared/infra/storage/IStorageService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../application/ports/storage.port';

package/templates/ecommerce/apps/api/src/shared/infra/storage/InMemoryStorageService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/storage/in-memory.storage.service';

package/templates/ecommerce/apps/api/src/shared/infra/storage/LocalDiskStorageService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/storage/local-disk.storage.service';

package/templates/ecommerce/apps/api/src/shared/infra/storage/S3StorageService.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/storage/s3.storage.service';

package/templates/ecommerce/apps/api/src/shared/infra/storage/__tests__/s3.storage.unit.test.ts ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * Unit tests for S3StorageService.
+ * Mocks the AWS SDK so no real S3/MinIO is needed.
+ */
+const mockSend = jest.fn();
+jest.mock('@aws-sdk/client-s3', () => ({
+  S3Client: jest.fn().mockImplementation(() => ({ send: mockSend })),
+  PutObjectCommand: jest.fn().mockImplementation((params) => params),
+}));
+import { S3StorageService } from '../S3StorageService';
+describe('S3StorageService', () => {
+  const OLD_ENV = process.env;
+  beforeEach(() => {
+    process.env = {
+      ...OLD_ENV,
+      S3_BUCKET: 'test-bucket',
+      S3_REGION: 'us-east-1',
+      S3_ENDPOINT: 'http://localhost:9000',
+      AWS_ACCESS_KEY_ID: 'minioadmin',
+      AWS_SECRET_ACCESS_KEY: 'minioadmin',
+    };
+    mockSend.mockClear();
+    mockSend.mockResolvedValue({});
+    jest.resetModules();
+  });
+  afterEach(() => {
+    process.env = OLD_ENV;
+  });
+  it('deve chamar PutObjectCommand com bucket, key e body corretos', async () => {
+    const { S3StorageService: FreshService } = await import('../S3StorageService');
+    const service = new FreshService();
+    const buf = Buffer.from('image-data');
+    await service.upload('products/abc/photo.jpg', buf, 'image/jpeg');
+    const { PutObjectCommand } = await import('@aws-sdk/client-s3');
+    expect(PutObjectCommand).toHaveBeenCalledWith(
+      expect.objectContaining({
+        Bucket: 'test-bucket',
+        Key: 'products/abc/photo.jpg',
+        Body: buf,
+        ContentType: 'image/jpeg',
+      }),
+    );
+  });
+  it('deve retornar URL pública no formato correto', async () => {
+    const { S3StorageService: FreshService } = await import('../S3StorageService');
+    const service = new FreshService();
+    const url = await service.upload('products/id/image.png', Buffer.from('x'), 'image/png');
+    expect(url).toContain('test-bucket');
+    expect(url).toContain('products/id/image.png');
+  });
+  it('deve propagar erro do S3 como AppError', async () => {
+    mockSend.mockRejectedValue(new Error('Network error'));
+    const { S3StorageService: FreshService } = await import('../S3StorageService');
+    const service = new FreshService();
+    await expect(
+      service.upload('products/id/fail.jpg', Buffer.from('x'), 'image/jpeg'),
+    ).rejects.toMatchObject({ statusCode: 500 });
+  });
+});

package/templates/ecommerce/apps/api/src/shared/infra/storage/storage.registry.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../../infrastructure/services/storage/storage.registry';

package/templates/ecommerce/apps/api/src/shared/middlewares/authenticate.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../presentation/middlewares/authenticate';

package/templates/ecommerce/apps/api/src/shared/middlewares/authorize.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../presentation/middlewares/authorize';

package/templates/ecommerce/apps/api/src/shared/middlewares/errorHandler.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../presentation/middlewares/errorHandler';

package/templates/ecommerce/apps/api/src/shared/validators/uuidParam.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from '../../presentation/validators/uuidParam';

package/templates/ecommerce/apps/api/tsconfig.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "module": "commonjs",
+    "moduleResolution": "node",
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["src/*"]
+    }
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "**/__tests__/**"]
+}

package/templates/ecommerce/apps/web/.env.example ADDED Viewed

@@ -0,0 +1,8 @@
+# ─── API ──────────────────────────────────────────────────────────────────────
+# URL base da API (backend Express). Em dev aponta para localhost.
+VITE_API_URL="http://localhost:3000"
+# ─── Stripe ───────────────────────────────────────────────────────────────────
+# Chave PÚBLICA do Stripe (pode ser exposta no frontend com segurança).
+# Chaves de teste: https://dashboard.stripe.com/test/apikeys
+VITE_STRIPE_PUBLIC_KEY="pk_test_..."

package/templates/ecommerce/apps/web/index.html ADDED Viewed

@@ -0,0 +1,19 @@
+<!doctype html>
+<html lang="pt-BR">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/logo.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Minha Loja</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com" />
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+    <link
+      href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap"
+      rel="stylesheet"
+    />
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>

package/templates/ecommerce/apps/web/jest.config.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import type { Config } from 'jest';
+const config: Config = {
+  preset: 'ts-jest',
+  testEnvironment: 'jsdom',
+  rootDir: '.',
+  testMatch: ['<rootDir>/src/**/__tests__/**/*.test.{ts,tsx}'],
+  moduleNameMapper: {
+    '^@/(.*)$': '<rootDir>/src/$1',
+    '\\.(css|less|scss|sass)$': '<rootDir>/src/__mocks__/styleMock.ts',
+    '\\.(jpg|jpeg|png|gif|webp|svg)$': '<rootDir>/src/__mocks__/fileMock.ts',
+  },
+  setupFilesAfterEnv: ['<rootDir>/src/setupTests.ts'],
+  transform: {
+    '^.+\\.tsx?$': [
+      'ts-jest',
+      {
+        tsconfig: '<rootDir>/tsconfig.jest.json',
+      },
+    ],
+  },
+  coverageDirectory: 'coverage',
+  collectCoverageFrom: [
+    'src/**/*.{ts,tsx}',
+    '!src/**/*.d.ts',
+    '!src/main.tsx',
+    '!src/__mocks__/**',
+    '!src/vite-env.d.ts',
+  ],
+  coverageThreshold: {
+    global: {
+      branches: 80,
+      functions: 80,
+      lines: 80,
+      statements: 80,
+    },
+  },
+  clearMocks: true,
+  restoreMocks: true,
+  transformIgnorePatterns: [
+    '/node_modules/(?!(react-router|react-router-dom)/)',
+  ],
+};
+export default config;

package/templates/ecommerce/apps/web/package.json ADDED Viewed

@@ -0,0 +1,38 @@
+{
+  "name": "@ecommerce/web",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc && vite build",
+    "preview": "vite preview",
+    "test": "jest",
+    "test:coverage": "jest --coverage",
+    "lint": "tsc --noEmit"
+  },
+  "dependencies": {
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "react-router-dom": "^7.2.0",
+    "zustand": "^5.0.3",
+    "@tanstack/react-query": "^5.67.2",
+    "@stripe/react-stripe-js": "^3.1.0",
+    "@stripe/stripe-js": "^5.6.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.7.3",
+    "@types/react": "^18.3.18",
+    "@types/react-dom": "^18.3.5",
+    "@types/jest": "^29.5.14",
+    "vite": "^6.2.0",
+    "@vitejs/plugin-react": "^4.3.4",
+    "jest": "^29.7.0",
+    "jest-environment-jsdom": "^29.7.0",
+    "@testing-library/react": "^16.2.0",
+    "@testing-library/jest-dom": "^6.6.3",
+    "@testing-library/user-event": "^14.5.2",
+    "msw": "^2.7.0",
+    "ts-jest": "^29.2.6",
+    "ts-node": "^10.9.2"
+  }
+}