kybernus 3.1.0 → 3.2.0

package/templates/ecommerce/apps/api/src/application/admin/dashboard.service.ts

@@ -0,0 +1,102 @@
+import type { IOrderRepository } from '../../domain/checkout/order.repository';
+import type { OrderStatus } from '../../domain/checkout/order.entity';
+
+// ── Types ─────────────────────────────────────────────────────────────────────
+export interface StatsResult {
+  totalRevenue: number;
+  totalOrders: number;
+  totalCustomers: number;
+  avgOrderValue: number;
+}
+
+export interface TopProduct {
+  productId: string;
+  name: string;
+  totalQty: number;
+  totalRevenue: number;
+}
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+const REVENUE_STATUSES: OrderStatus[] = ['PAID', 'SHIPPED', 'DELIVERED'];
+
+function buildRange(
+  period?: string,
+  from?: string,
+  to?: string,
+): { start: Date; end: Date } | null {
+  if (!period) return null;
+  const now = new Date();
+  if (period === 'today') {
+    const start = new Date(now);
+    start.setHours(0, 0, 0, 0);
+    return { start, end: now };
+  }
+  if (period === 'week') {
+    const start = new Date(now);
+    start.setDate(start.getDate() - 7);
+    return { start, end: now };
+  }
+  if (period === 'month') {
+    const start = new Date(now);
+    start.setDate(start.getDate() - 30);
+    return { start, end: now };
+  }
+  if (period === 'custom' && from && to) {
+    return { start: new Date(from), end: new Date(to) };
+  }
+  return null;
+}
+
+// ── DashboardService ──────────────────────────────────────────────────────────
+export class DashboardService {
+  constructor(private readonly orderRepo: IOrderRepository) {}
+
+  async getStats(
+    opts: { period?: string; from?: string; to?: string } = {},
+  ): Promise<StatsResult> {
+    const { items: all } = await this.orderRepo.findAll({ limit: 10_000 });
+    const range = buildRange(opts.period, opts.from, opts.to);
+    const orders = range
+      ? all.filter((o) => o.createdAt >= range.start && o.createdAt <= range.end)
+      : all;
+
+    const revenue = orders.filter((o) => REVENUE_STATUSES.includes(o.status));
+    const totalRevenue = revenue.reduce((s, o) => s + o.total, 0);
+    const totalOrders = orders.length;
+    const totalCustomers = new Set(revenue.map((o) => o.userId)).size;
+    const avgOrderValue = revenue.length > 0 ? totalRevenue / revenue.length : 0;
+
+    return { totalRevenue, totalOrders, totalCustomers, avgOrderValue };
+  }
+
+  async getTopProducts(
+    opts: { period?: string; from?: string; to?: string; limit?: number } = {},
+  ): Promise<TopProduct[]> {
+    const { items: all } = await this.orderRepo.findAll({ limit: 10_000 });
+    const range = buildRange(opts.period, opts.from, opts.to);
+    const orders = range
+      ? all.filter((o) => o.createdAt >= range.start && o.createdAt <= range.end)
+      : all;
+
+    const revenue = orders.filter((o) => REVENUE_STATUSES.includes(o.status));
+    const map = new Map<string, { name: string; totalQty: number; totalRevenue: number }>();
+
+    for (const order of revenue) {
+      for (const item of order.items) {
+        const e = map.get(item.productId) ?? {
+          name: item.name,
+          totalQty: 0,
+          totalRevenue: 0,
+        };
+        e.totalQty += item.qty;
+        e.totalRevenue += item.price * item.qty;
+        map.set(item.productId, e);
+      }
+    }
+
+    return [...map.entries()]
+      .map(([productId, d]) => ({ productId, ...d }))
+      .sort((a, b) => b.totalQty - a.totalQty)
+      .slice(0, opts.limit ?? 10);
+  }
+}

package/templates/ecommerce/apps/api/src/application/auth/auth.service.ts

@@ -0,0 +1,185 @@
+import { hash, compare } from 'bcryptjs';
+import { IUserRepository } from '../../domain/auth/user.repository';
+import { ITokenService, TokenPayload } from '../ports/token.port';
+import { UserEntity, PublicUser } from '../../domain/auth/user.entity';
+import { AppError } from '../../domain/shared/AppError';
+import { IEmailService } from '../ports/email.port';
+
+const BCRYPT_ROUNDS = 10;
+const MIN_PASSWORD_LENGTH = 8;
+
+// ── DTOs ──────────────────────────────────────────────────────────────────────
+export interface RegisterDto {
+  name: string;
+  email: string;
+  password: string;
+}
+
+export interface LoginDto {
+  email: string;
+  password: string;
+}
+
+export interface AuthTokens {
+  accessToken: string;
+  refreshToken: string;
+  user: PublicUser;
+}
+
+export interface ForgotPasswordDto {
+  email: string;
+}
+
+export interface ResetPasswordDto {
+  token: string;
+  newPassword: string;
+}
+
+// ── Service ───────────────────────────────────────────────────────────────────
+export class AuthService {
+  constructor(
+    private readonly userRepository: IUserRepository,
+    private readonly tokenService: ITokenService,
+    private readonly emailService: IEmailService,
+  ) {}
+
+  // ── register ─────────────────────────────────────────────────────────────
+  async register(dto: RegisterDto): Promise<PublicUser> {
+    if (dto.password.length < MIN_PASSWORD_LENGTH) {
+      throw new AppError(`Senha deve ter pelo menos ${MIN_PASSWORD_LENGTH} caracteres`, 422);
+    }
+
+    const existing = await this.userRepository.findByEmail(dto.email);
+    if (existing) {
+      throw new AppError('Email já cadastrado', 409);
+    }
+
+    const passwordHash = await hash(dto.password, BCRYPT_ROUNDS);
+    const user = UserEntity.create({ name: dto.name, email: dto.email, passwordHash });
+    const saved = await this.userRepository.create(user);
+
+    return saved.toPublic();
+  }
+
+  // ── login ─────────────────────────────────────────────────────────────────
+  async login(dto: LoginDto): Promise<AuthTokens> {
+    const user = await this.userRepository.findByEmail(dto.email);
+    if (!user) {
+      throw new AppError('Credenciais inválidas', 401);
+    }
+
+    const passwordMatch = await compare(dto.password, user.passwordHash);
+    if (!passwordMatch) {
+      throw new AppError('Credenciais inválidas', 401);
+    }
+
+    const payload: TokenPayload = { sub: user.id, email: user.email, role: user.role };
+    const accessToken = this.tokenService.generateAccessToken(payload);
+    const refreshToken = this.tokenService.generateRefreshToken(payload);
+
+    return { accessToken, refreshToken, user: user.toPublic() };
+  }
+
+  // ── refreshToken ──────────────────────────────────────────────────────────
+  async refreshToken(token: string): Promise<{ accessToken: string }> {
+    const blacklisted = await this.tokenService.isRefreshTokenBlacklisted(token);
+    if (blacklisted) {
+      throw new AppError('Refresh token inválido', 401);
+    }
+
+    let payload: TokenPayload;
+    try {
+      payload = this.tokenService.verifyRefreshToken(token);
+    } catch {
+      throw new AppError('Refresh token inválido ou expirado', 401);
+    }
+
+    const user = await this.userRepository.findById(payload.sub);
+    if (!user) {
+      throw new AppError('Usuário não encontrado', 401);
+    }
+
+    const accessToken = this.tokenService.generateAccessToken({
+      sub: user.id,
+      email: user.email,
+      role: user.role,
+    });
+
+    return { accessToken };
+  }
+
+  // ── logout ────────────────────────────────────────────────────────────────
+  async logout(refreshToken: string): Promise<void> {
+    await this.tokenService.invalidateRefreshToken(refreshToken);
+  }
+
+  // ── forgotPassword ────────────────────────────────────────────────────────
+  async forgotPassword(dto: ForgotPasswordDto): Promise<void> {
+    const user = await this.userRepository.findByEmail(dto.email);
+
+    // Always return success — prevents user enumeration
+    if (!user) return;
+
+    const resetToken = await this.tokenService.generatePasswordResetToken(user.id);
+    const resetUrl = `${process.env['FRONTEND_URL'] ?? 'http://localhost:5174'}/reset-password?token=${resetToken}`;
+    const html = buildPasswordResetEmail(user.name, resetUrl);
+    await this.emailService.send(user.email, 'Recuperação de senha', html);
+  }
+
+  // ── resetPassword ─────────────────────────────────────────────────────────
+  async resetPassword(dto: ResetPasswordDto): Promise<void> {
+    if (dto.newPassword.length < MIN_PASSWORD_LENGTH) {
+      throw new AppError(`Senha deve ter pelo menos ${MIN_PASSWORD_LENGTH} caracteres`, 422);
+    }
+
+    let userId: string;
+    try {
+      userId = await this.tokenService.verifyPasswordResetToken(dto.token);
+    } catch (err) {
+      if (err instanceof AppError) throw err;
+      throw new AppError('Token de recuperação inválido ou expirado', 400);
+    }
+
+    const user = await this.userRepository.findById(userId);
+    if (!user) {
+      throw new AppError('Usuário não encontrado', 400);
+    }
+
+    const newHash = await hash(dto.newPassword, BCRYPT_ROUNDS);
+    const updated = user.withPasswordHash(newHash);
+    await this.userRepository.update(updated);
+    await this.tokenService.invalidatePasswordResetToken(dto.token);
+  }
+}
+
+// ── Email template ────────────────────────────────────────────────────────────
+function escapeHtml(text: string): string {
+  return text
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;');
+}
+
+function buildPasswordResetEmail(name: string, resetUrl: string): string {
+  return `
+<!DOCTYPE html>
+<html lang="pt-BR">
+<head><meta charset="UTF-8"></head>
+<body style="font-family: Arial, sans-serif; background: #f4f4f4; padding: 32px;">
+  <div style="max-width: 520px; margin: 0 auto; background: #fff; border-radius: 8px; padding: 32px;">
+    <h2 style="color: #1a1a2e; margin-top: 0;">Recuperação de senha</h2>
+    <p>Olá, <strong>${escapeHtml(name)}</strong>!</p>
+    <p>Você solicitou a recuperação de senha. Clique no botão abaixo para redefinir:</p>
+    <p style="text-align: center; margin: 32px 0;">
+      <a href="${resetUrl}"
+         style="background:#6366f1;color:#fff;padding:12px 28px;border-radius:6px;text-decoration:none;font-weight:bold;">
+        Redefinir senha
+      </a>
+    </p>
+    <p style="font-size:13px;color:#555;">Este link expira em 1 hora. Se você não solicitou isso, ignore este email.</p>
+  </div>
+</body>
+</html>
+  `.trim();
+}

package/templates/ecommerce/apps/api/src/application/cart/cart.service.ts

@@ -0,0 +1,151 @@
+import { AppError } from '../../domain/shared/AppError';
+import { CartEntity, CartItemProps } from '../../domain/cart/cart.entity';
+import { ICartRepository } from '../../domain/cart/cart.repository';
+import { ICouponRepository } from '../../domain/cart/coupon.repository';
+import { IShippingService, ShippingOption } from '../ports/shipping.port';
+import { IProductRepository } from '../../domain/catalog/product.repository';
+
+// ── Types ─────────────────────────────────────────────────────────────────────
+export interface CartKey {
+  userId?: string;
+  sessionId?: string;
+}
+
+export interface AddItemDto {
+  productId: string;
+  variantId: string;
+  qty: number;
+}
+
+// ── CartService ───────────────────────────────────────────────────────────────
+export class CartService {
+  constructor(
+    private readonly cartRepo: ICartRepository,
+    private readonly couponRepo: ICouponRepository,
+    private readonly shippingService: IShippingService,
+    private readonly productRepo: IProductRepository,
+  ) {}
+
+  // ── getCart ───────────────────────────────────────────────────────────────
+  async getCart(key: CartKey): Promise<CartEntity> {
+    const existing = await this._find(key);
+    if (existing) return existing;
+    return CartEntity.create(key.userId ?? null, key.sessionId ?? null);
+  }
+
+  private async _find(key: CartKey): Promise<CartEntity | null> {
+    if (key.userId) return this.cartRepo.findByUserId(key.userId);
+    if (key.sessionId) return this.cartRepo.findBySessionId(key.sessionId);
+    return null;
+  }
+
+  private async _findProductByVariantId(variantId: string) {
+    const all = await this.productRepo.findAll();
+    return all.find((p) => p.variants.some((v) => v.id === variantId)) ?? null;
+  }
+
+  // ── addItem ───────────────────────────────────────────────────────────────
+  async addItem(key: CartKey, dto: AddItemDto): Promise<CartEntity> {
+    if (dto.qty <= 0) throw new AppError('Quantidade deve ser maior que zero', 400);
+
+    const product = await this.productRepo.findById(dto.productId);
+    if (!product) throw new AppError('Produto não encontrado', 404);
+
+    const variant = product.variants.find((v) => v.id === dto.variantId);
+    if (!variant) throw new AppError('Variante não encontrada', 404);
+
+    // Stock check: existing cart qty + new qty must not exceed stock
+    let cart = await this.getCart(key);
+    const existingItem = cart.items.find((i) => i.variantId === dto.variantId);
+    const currentQty = existingItem?.qty ?? 0;
+    if (currentQty + dto.qty > variant.stock) {
+      throw new AppError('Estoque insuficiente', 409);
+    }
+
+    const price = variant.price !== null && variant.price !== undefined
+      ? Number(variant.price)
+      : Number(product.price);
+
+    const item: CartItemProps = {
+      variantId: dto.variantId,
+      productId: dto.productId,
+      name: product.name,
+      sku: variant.sku,
+      price,
+      qty: dto.qty,
+      image: product.images[0] ?? null,
+    };
+
+    cart = cart.addItem(item);
+    return this.cartRepo.save(cart);
+  }
+
+  // ── updateItem ────────────────────────────────────────────────────────────
+  async updateItem(key: CartKey, variantId: string, qty: number): Promise<CartEntity> {
+    if (qty < 0) throw new AppError('Quantidade não pode ser negativa', 400);
+
+    let cart = await this.getCart(key);
+
+    if (qty > 0) {
+      const product = await this._findProductByVariantId(variantId);
+      const variant = product?.variants.find((v) => v.id === variantId);
+      if (variant && qty > variant.stock) {
+        throw new AppError('Estoque insuficiente', 409);
+      }
+    }
+
+    cart = cart.updateItem(variantId, qty);
+    return this.cartRepo.save(cart);
+  }
+
+  // ── removeItem ────────────────────────────────────────────────────────────
+  async removeItem(key: CartKey, variantId: string): Promise<CartEntity> {
+    const cart = (await this.getCart(key)).removeItem(variantId);
+    return this.cartRepo.save(cart);
+  }
+
+  // ── applyCoupon ───────────────────────────────────────────────────────────
+  async applyCoupon(key: CartKey, code: string): Promise<CartEntity> {
+    const coupon = await this.couponRepo.findByCode(code);
+    if (!coupon) throw new AppError('Cupom não encontrado', 404);
+
+    let cart = await this.getCart(key);
+    cart = cart.applyCoupon(coupon); // throws 400 if expired / minimum not met
+    return this.cartRepo.save(cart);
+  }
+
+  // ── getShippingOptions ────────────────────────────────────────────────────
+  async getShippingOptions(key: CartKey, cep: string): Promise<ShippingOption[]> {
+    const cart = await this.getCart(key);
+    const items = cart.items.map((i) => ({ qty: i.qty }));
+    return this.shippingService.calculate(cep, items);
+  }
+
+  // ── mergeAnonymousCart ────────────────────────────────────────────────────
+  async mergeAnonymousCart(userId: string, sessionId: string): Promise<CartEntity> {
+    const [anonCart, userCart] = await Promise.all([
+      this.cartRepo.findBySessionId(sessionId),
+      this.cartRepo.findByUserId(userId),
+    ]);
+
+    if (!anonCart) {
+      return userCart ?? CartEntity.create(userId);
+    }
+
+    let merged = userCart ?? CartEntity.create(userId);
+    for (const item of anonCart.items) {
+      merged = merged.addItem({ ...item });
+    }
+
+    if (anonCart.coupon) {
+      try {
+        merged = merged.applyCoupon(anonCart.coupon);
+      } catch {
+        // Ignore coupon errors during merge
+      }
+    }
+
+    await this.cartRepo.delete({ sessionId });
+    return this.cartRepo.save(merged);
+  }
+}

package/templates/ecommerce/apps/api/src/application/cart/coupon.service.ts

@@ -0,0 +1,51 @@
+import { z } from 'zod';
+import { AppError } from '../../domain/shared/AppError';
+import { CouponEntity, DiscountType } from '../../domain/cart/coupon.entity';
+import { ICouponRepository } from '../../domain/cart/coupon.repository';
+
+// ── Validation schema ─────────────────────────────────────────────────────────
+export const createCouponSchema = z.object({
+  code: z.string().min(1).max(50).toUpperCase(),
+  discountType: z.enum(['percent', 'fixed'] as [DiscountType, ...DiscountType[]]),
+  discountValue: z.number().positive({ message: 'discountValue must be > 0' }),
+  minOrderValue: z.number().min(0).default(0),
+  usageLimit: z.number().int().positive().nullable().default(null),
+  expiresAt: z
+    .string()
+    .datetime()
+    .nullable()
+    .optional()
+    .transform((v) => (v ? new Date(v) : null))
+    .default(null),
+});
+
+export type CreateCouponDTO = z.infer<typeof createCouponSchema>;
+
+// ── CouponAdminService ────────────────────────────────────────────────────────
+export class CouponAdminService {
+  constructor(private readonly couponRepo: ICouponRepository) {}
+
+  async create(dto: CreateCouponDTO): Promise<CouponEntity> {
+    const existing = await this.couponRepo.findByCode(dto.code);
+    if (existing) {
+      throw new AppError(`Coupon code "${dto.code}" already exists`, 409);
+    }
+    const coupon = CouponEntity.create({
+      code: dto.code,
+      discountType: dto.discountType,
+      discountValue: dto.discountValue,
+      minOrderValue: dto.minOrderValue,
+      usageLimit: dto.usageLimit ?? null,
+      expiresAt: dto.expiresAt ?? null,
+    });
+    return this.couponRepo.save(coupon);
+  }
+
+  async list(): Promise<CouponEntity[]> {
+    return this.couponRepo.findAll();
+  }
+
+  async delete(id: string): Promise<void> {
+    await this.couponRepo.deleteById(id);
+  }
+}

package/templates/ecommerce/apps/api/src/application/catalog/catalog.service.ts

@@ -0,0 +1,168 @@
+import { randomUUID } from 'crypto';
+import { ICategoryRepository } from '../../domain/catalog/category.repository';
+import { IProductRepository, SearchParams, SearchResult } from '../../domain/catalog/product.repository';
+import { ProductEntity } from '../../domain/catalog/product.entity';
+import { AppError } from '../../domain/shared/AppError';
+import { IStorageService } from '../ports/storage.port';
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+function toSlug(text: string): string {
+  return text
+    .toLowerCase()
+    .normalize('NFD')
+    .replace(/[\u0300-\u036f]/g, '') // strip accents
+    .replace(/[^a-z0-9\s-]/g, '')
+    .trim()
+    .replace(/\s+/g, '-');
+}
+
+// ── DTOs ──────────────────────────────────────────────────────────────────────
+export interface CreateProductDto {
+  name: string;
+  description?: string | null;
+  price: number;
+  categoryId?: string;
+  categorySlug?: string;
+  images?: string[];
+  variants: Array<{
+    sku: string;
+    size?: string | null;
+    color?: string | null;
+    stock: number;
+    price?: number | null;
+  }>;
+}
+
+export interface UpdateProductDto {
+  name?: string;
+  description?: string | null;
+  price?: number;
+  images?: string[];
+}
+
+export interface UpdateStockDto {
+  productId: string;
+  variantId: string;
+  delta: number;
+}
+
+// ── Service ───────────────────────────────────────────────────────────────────
+export class CatalogService {
+  constructor(
+    private readonly categoryRepository: ICategoryRepository,
+    private readonly productRepository: IProductRepository,
+    private readonly storageService?: IStorageService,
+  ) {}
+
+  // ── createProduct ─────────────────────────────────────────────────────────
+  async createProduct(dto: CreateProductDto): Promise<ProductEntity> {
+    // Validate price eagerly before category lookup
+    if (dto.price < 0) {
+      throw new AppError('Preço não pode ser negativo', 422);
+    }
+
+    // Resolve category (accepts either categoryId or categorySlug)
+    let categoryId = dto.categoryId;
+    if (!categoryId && dto.categorySlug) {
+      const category = await this.categoryRepository.findBySlug(dto.categorySlug);
+      if (!category) throw new AppError(`Categoria '${dto.categorySlug}' não encontrada`, 404);
+      categoryId = category.id;
+    } else if (categoryId) {
+      const category = await this.categoryRepository.findById(categoryId);
+      if (!category) throw new AppError('Categoria não encontrada', 404);
+    } else {
+      throw new AppError('Categoria é obrigatória', 422);
+    }
+
+    // Generate unique slug
+    const baseSlug = toSlug(dto.name);
+    let slug = baseSlug;
+    let attempt = 0;
+    while (await this.productRepository.slugExists(slug)) {
+      attempt++;
+      slug = `${baseSlug}-${attempt}`;
+    }
+
+    const product = ProductEntity.create({
+      name: dto.name,
+      slug,
+      description: dto.description,
+      price: dto.price,
+      categoryId,
+      images: dto.images,
+      variants: dto.variants,
+    });
+
+    return this.productRepository.create(product);
+  }
+
+  // ── updateProduct ─────────────────────────────────────────────────────────
+  async updateProduct(id: string, dto: UpdateProductDto): Promise<ProductEntity> {
+    const product = await this.productRepository.findById(id);
+    if (!product) throw new AppError('Produto não encontrado', 404);
+
+    if (dto.price !== undefined && dto.price < 0) {
+      throw new AppError('Preço não pode ser negativo', 422);
+    }
+
+    const updated = product.withUpdates(dto);
+    return this.productRepository.update(updated);
+  }
+
+  // ── deleteProduct ─────────────────────────────────────────────────────────
+  async deleteProduct(id: string): Promise<undefined> {
+    const product = await this.productRepository.findById(id);
+    if (!product) throw new AppError('Produto não encontrado', 404);
+    return this.productRepository.softDelete(id);
+  }
+
+  // ── getProductBySlug ──────────────────────────────────────────────────────
+  async getProductBySlug(slug: string): Promise<ProductEntity> {
+    const product = await this.productRepository.findBySlug(slug);
+    if (!product) throw new AppError('Produto não encontrado', 404);
+    return product;
+  }
+
+  // ── updateStock ───────────────────────────────────────────────────────────
+  async updateStock(dto: UpdateStockDto): Promise<{ variantId: string; stock: number }> {
+    const product = await this.productRepository.findById(dto.productId);
+    if (!product) throw new AppError('Produto não encontrado', 404);
+
+    const variant = product.variants.find((v) => v.id === dto.variantId);
+    if (!variant) throw new AppError('Variação não encontrada', 404);
+
+    const newStock = variant.stock + dto.delta;
+    if (newStock < 0) {
+      throw new AppError('Estoque insuficiente', 409);
+    }
+
+    await this.productRepository.updateVariantStock(dto.productId, dto.variantId, newStock);
+    return { variantId: dto.variantId, stock: newStock };
+  }
+
+  // ── searchProducts ────────────────────────────────────────────────────────
+  async searchProducts(params: SearchParams): Promise<SearchResult> {
+    return this.productRepository.search(params);
+  }
+
+  // ── Category helpers ──────────────────────────────────────────────────────
+  async listCategories() {
+    return this.categoryRepository.findAll();
+  }
+
+  // ── uploadProductImage ────────────────────────────────────────────────────
+  async uploadProductImage(productId: string, buffer: Buffer, mimetype: string): Promise<ProductEntity> {
+    if (!this.storageService) {
+      throw new AppError('Storage service not configured', 500);
+    }
+    const product = await this.productRepository.findById(productId);
+    if (!product) throw new AppError('Produto não encontrado', 404);
+
+    const ext = mimetype.split('/')[1] ?? 'jpg';
+    const key = `products/${productId}/${randomUUID()}.${ext}`;
+    const url = await this.storageService.upload(key, buffer, mimetype);
+
+    const updated = product.withUpdates({ images: [...product.images, url] });
+    return this.productRepository.update(updated);
+  }
+}