npm - lapeeh - Versions diffs - 1.0.0 - Mend

lapeeh 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/.env.example +14 -0
package/LICENSE +21 -0
package/bin/index.js +934 -0
package/doc/en/ARCHITECTURE_GUIDE.md +79 -0
package/doc/en/CHANGELOG.md +203 -0
package/doc/en/CHEATSHEET.md +90 -0
package/doc/en/CLI.md +111 -0
package/doc/en/CONTRIBUTING.md +119 -0
package/doc/en/DEPLOYMENT.md +171 -0
package/doc/en/FAQ.md +69 -0
package/doc/en/FEATURES.md +99 -0
package/doc/en/GETTING_STARTED.md +84 -0
package/doc/en/INTRODUCTION.md +62 -0
package/doc/en/PACKAGES.md +63 -0
package/doc/en/PERFORMANCE.md +98 -0
package/doc/en/ROADMAP.md +104 -0
package/doc/en/SECURITY.md +95 -0
package/doc/en/STRUCTURE.md +79 -0
package/doc/en/TUTORIAL.md +145 -0
package/doc/id/ARCHITECTURE_GUIDE.md +76 -0
package/doc/id/CHANGELOG.md +203 -0
package/doc/id/CHEATSHEET.md +90 -0
package/doc/id/CLI.md +139 -0
package/doc/id/CONTRIBUTING.md +119 -0
package/doc/id/DEPLOYMENT.md +171 -0
package/doc/id/FAQ.md +69 -0
package/doc/id/FEATURES.md +169 -0
package/doc/id/GETTING_STARTED.md +91 -0
package/doc/id/INTRODUCTION.md +62 -0
package/doc/id/PACKAGES.md +63 -0
package/doc/id/PERFORMANCE.md +100 -0
package/doc/id/ROADMAP.md +107 -0
package/doc/id/SECURITY.md +94 -0
package/doc/id/STRUCTURE.md +79 -0
package/doc/id/TUTORIAL.md +145 -0
package/docker-compose.yml +24 -0
package/ecosystem.config.js +17 -0
package/eslint.config.mjs +26 -0
package/gitignore.template +30 -0
package/lib/bootstrap.ts +210 -0
package/lib/core/realtime.ts +34 -0
package/lib/core/redis.ts +139 -0
package/lib/core/serializer.ts +63 -0
package/lib/core/server.ts +70 -0
package/lib/core/store.ts +116 -0
package/lib/middleware/auth.ts +63 -0
package/lib/middleware/error.ts +50 -0
package/lib/middleware/multipart.ts +13 -0
package/lib/middleware/rateLimit.ts +14 -0
package/lib/middleware/requestLogger.ts +27 -0
package/lib/middleware/visitor.ts +178 -0
package/lib/utils/logger.ts +100 -0
package/lib/utils/pagination.ts +56 -0
package/lib/utils/response.ts +88 -0
package/lib/utils/validator.ts +394 -0
package/nodemon.json +6 -0
package/package.json +126 -0
package/readme.md +357 -0
package/scripts/check-update.js +92 -0
package/scripts/config-clear.js +45 -0
package/scripts/generate-jwt-secret.js +38 -0
package/scripts/init-project.js +84 -0
package/scripts/make-module.js +89 -0
package/scripts/release.js +494 -0
package/scripts/seed-json.js +158 -0
package/scripts/verify-rbac-functional.js +187 -0
package/src/config/app.ts +9 -0
package/src/config/cors.ts +5 -0
package/src/modules/Auth/auth.controller.ts +519 -0
package/src/modules/Rbac/rbac.controller.ts +533 -0
package/src/routes/auth.ts +74 -0
package/src/routes/index.ts +7 -0
package/src/routes/rbac.ts +42 -0
package/storage/logs/.gitkeep +0 -0
package/tsconfig.build.json +12 -0
package/tsconfig.json +30 -0

package/lib/middleware/error.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { Request, Response, NextFunction } from "express";
+import { ZodError } from "zod";
+import { sendError } from "../utils/response";
+import { Log } from "../utils/logger";
+export function errorHandler(
+  err: any,
+  req: Request,
+  res: Response,
+  _next: NextFunction
+) {
+  // 1. Zod Validation Error
+  if (err instanceof ZodError) {
+    const formattedErrors = err.errors.map((e) => ({
+      field: e.path.join("."),
+      message: e.message,
+    }));
+    return sendError(res, 400, "Validation Error", formattedErrors);
+  }
+  // 2. JWT Errors
+  if (err.name === "JsonWebTokenError") {
+    return sendError(res, 401, "Invalid token");
+  }
+  if (err.name === "TokenExpiredError") {
+    return sendError(res, 401, "Token expired");
+  }
+  // 4. Syntax Error (JSON body parsing)
+  if (err instanceof SyntaxError && "body" in err) {
+    return sendError(res, 400, "Invalid JSON format");
+  }
+  // 5. Default / Custom Error
+  const code = err.statusCode || 500;
+  const msg = err.message || "Internal Server Error";
+  // Log error (file log for production, console for dev)
+  if (code === 500) {
+    Log.error(msg, {
+      error: err,
+      path: req.path,
+      method: req.method,
+      ip: req.ip,
+      stack: err.stack,
+    });
+  }
+  return sendError(res, code, msg);
+}

package/lib/middleware/multipart.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import multer from "multer";
+// Middleware for parsing multipart/form-data (text fields only)
+export const parseMultipart = multer().none();
+// Middleware for parsing multipart/form-data with files
+// You can configure storage/limits here as needed
+export const upload = multer({
+  dest: "storage/uploads/",
+  limits: {
+    fileSize: 5 * 1024 * 1024, // 5MB
+  },
+});

package/lib/middleware/rateLimit.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import rateLimit from "express-rate-limit";
+// import { redis } from "../core/redis"; // Optional: Use Redis for distributed rate limiting
+// Rate limiting untuk mencegah brute force dan DDoS ringan
+export const apiLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 menit
+  max: 100, // Batas 100 request per window per IP
+  standardHeaders: true, // Return rate limit info di `RateLimit-*` headers
+  legacyHeaders: false, // Disable `X-RateLimit-*` headers
+  message: {
+    success: false,
+    message: "Terlalu banyak permintaan, silakan coba lagi nanti.",
+  },
+});

package/lib/middleware/requestLogger.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { Request, Response, NextFunction } from "express";
+import { Log } from "../utils/logger";
+export const requestLogger = (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  const start = Date.now();
+  const { method, url, ip } = req;
+  // Log saat response selesai
+  res.on("finish", () => {
+    const duration = Date.now() - start;
+    const { statusCode } = res;
+    const message = `${method} ${url} ${statusCode} - ${duration}ms - ${ip}`;
+    if (statusCode >= 400) {
+      Log.warn(message);
+    } else {
+      Log.info(message);
+    }
+  });
+  next();
+};

package/lib/middleware/visitor.ts ADDED Viewed

@@ -0,0 +1,178 @@
+import { Request, Response, NextFunction } from "express";
+import { v4 as uuidv4 } from "uuid";
+import { redis } from "../core/redis";
+type DayMemoryStats = {
+  requests: number;
+  newVisitors: number;
+  visitors: Set<string>;
+  newVisitorsMobile: number;
+  visitorsMobile: Set<string>;
+  ipAddresses: number;
+  ipSet: Set<string>;
+  sessions: number;
+  sessionSet: Set<string>;
+};
+const memoryStats = new Map<string, DayMemoryStats>();
+const globalVisitors = new Set<string>();
+function formatDateKey(d: Date) {
+  const dd = String(d.getDate()).padStart(2, "0");
+  const mm = String(d.getMonth() + 1).padStart(2, "0");
+  const yyyy = d.getFullYear();
+  return `${dd}-${mm}-${yyyy}`;
+}
+function parseCookies(header: string | undefined) {
+  const cookies: Record<string, string> = {};
+  if (!header) return cookies;
+  const parts = header.split(";");
+  for (const part of parts) {
+    const [k, v] = part.split("=").map((s) => s.trim());
+    if (k && v) cookies[k] = decodeURIComponent(v);
+  }
+  return cookies;
+}
+function isMobileUserAgent(ua: string | undefined) {
+  if (!ua) return false;
+  return /Mobile|Android|iPhone|iPad|iPod/i.test(ua);
+}
+export async function visitorCounter(
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  const now = new Date();
+  const dateKey = formatDateKey(now);
+  const ip =
+    req.ip ||
+    (req.headers["x-forwarded-for"] as string | undefined) ||
+    req.socket.remoteAddress ||
+    "";
+  const userAgent = req.headers["user-agent"] as string | undefined;
+  const mobile = isMobileUserAgent(userAgent);
+  const cookies = parseCookies(req.headers.cookie);
+  let visitorId = cookies["visitor_id"];
+  if (!visitorId) {
+    visitorId = uuidv4();
+    res.cookie("visitor_id", visitorId, {
+      httpOnly: true,
+      sameSite: "lax",
+      maxAge: 365 * 24 * 60 * 60 * 1000,
+    });
+  }
+  let sessionId = cookies["visitor_session_id"];
+  if (!sessionId) {
+    sessionId = uuidv4();
+    res.cookie("visitor_session_id", sessionId, {
+      httpOnly: true,
+      sameSite: "lax",
+    });
+  }
+  if (redis && redis.status === "ready") {
+    const base = dateKey;
+    const kRequests = `requests-${base}`;
+    const kNewVisitors = `new-visitors-${base}`;
+    const kVisitors = `visitors-${base}`;
+    const kNewVisitorsMobile = `new-visitors-from-mobile-${base}`;
+    const kVisitorsMobile = `visitors-from-mobile-${base}`;
+    const kIpAddresses = `ip-addresses-${base}`;
+    const kSessions = `sessions-${base}`;
+    const kVisitorsSet = `visitors-set-${base}`;
+    const kVisitorsMobileSet = `visitors-from-mobile-set-${base}`;
+    const kIpSet = `ip-addresses-set-${base}`;
+    const kSessionsSet = `sessions-set-${base}`;
+    const kVisitorsAll = `visitors-all`;
+    try {
+      await redis.incr(kRequests);
+      const isNewEver = await redis.sadd(kVisitorsAll, visitorId);
+      if (isNewEver === 1) {
+        await redis.incr(kNewVisitors);
+      }
+      const addedVisitor = await redis.sadd(kVisitorsSet, visitorId);
+      if (addedVisitor === 1) {
+        await redis.incr(kVisitors);
+      }
+      if (mobile) {
+        const addedMobileVisitor = await redis.sadd(
+          kVisitorsMobileSet,
+          visitorId
+        );
+        if (addedMobileVisitor === 1) {
+          await redis.incr(kVisitorsMobile);
+        }
+        if (isNewEver === 1) {
+          await redis.incr(kNewVisitorsMobile);
+        }
+      }
+      if (ip) {
+        const addedIp = await redis.sadd(kIpSet, ip);
+        if (addedIp === 1) {
+          await redis.incr(kIpAddresses);
+        }
+      }
+      const addedSession = await redis.sadd(kSessionsSet, sessionId);
+      if (addedSession === 1) {
+        await redis.incr(kSessions);
+      }
+    } catch {}
+  } else {
+    let stats = memoryStats.get(dateKey);
+    if (!stats) {
+      stats = {
+        requests: 0,
+        newVisitors: 0,
+        visitors: new Set<string>(),
+        newVisitorsMobile: 0,
+        visitorsMobile: new Set<string>(),
+        ipAddresses: 0,
+        ipSet: new Set<string>(),
+        sessions: 0,
+        sessionSet: new Set<string>(),
+      };
+      memoryStats.set(dateKey, stats);
+    }
+    stats.requests += 1;
+    if (!globalVisitors.has(visitorId)) {
+      globalVisitors.add(visitorId);
+      stats.newVisitors += 1;
+      if (mobile) {
+        stats.newVisitorsMobile += 1;
+      }
+    }
+    if (!stats.visitors.has(visitorId)) {
+      stats.visitors.add(visitorId);
+    }
+    if (mobile && !stats.visitorsMobile.has(visitorId)) {
+      stats.visitorsMobile.add(visitorId);
+    }
+    if (ip && !stats.ipSet.has(ip)) {
+      stats.ipSet.add(ip);
+      stats.ipAddresses += 1;
+    }
+    if (!stats.sessionSet.has(sessionId)) {
+      stats.sessionSet.add(sessionId);
+      stats.sessions += 1;
+    }
+  }
+  next();
+}

package/lib/utils/logger.ts ADDED Viewed

@@ -0,0 +1,100 @@
+import winston from "winston";
+import "winston-daily-rotate-file";
+import path from "path";
+import fs from "fs";
+const logDirectory = path.join(process.cwd(), "storage", "logs");
+// Ensure log directory exists
+if (!fs.existsSync(logDirectory)) {
+  fs.mkdirSync(logDirectory, { recursive: true });
+}
+const dailyRotateFileTransport = new winston.transports.DailyRotateFile({
+  filename: "lapeeh-%DATE%.log",
+  dirname: logDirectory,
+  datePattern: "YYYY-MM-DD",
+  zippedArchive: true,
+  maxSize: "20m",
+  maxFiles: "3d",
+  format: winston.format.combine(
+    winston.format.timestamp({ format: "YYYY-MM-DD HH:mm:ss" }),
+    winston.format.printf((info: any) => {
+      let log = `[${info.timestamp}] ${info.level.toUpperCase()}: ${
+        info.message
+      }`;
+      // Handle metadata (errors, etc)
+      const { timestamp, level, message, service, ...meta } = info;
+      if (Object.keys(meta).length > 0) {
+        // If meta has 'errors', nicely format it
+        if (meta.errors) {
+          log += `\nErrors: ${JSON.stringify(meta.errors, null, 2)}`;
+          delete meta.errors;
+        }
+        // If there are other meta properties remaining, log them
+        if (Object.keys(meta).length > 0 && !meta.stack && !meta.error) {
+          log += `\nMeta: ${JSON.stringify(meta)}`;
+        }
+      }
+      if (info.stack) {
+        log += `\n${info.stack}`;
+      } else if (info.error && info.error.stack) {
+        log += `\n${info.error.stack}`;
+      }
+      return log;
+    })
+  ),
+});
+const logger = winston.createLogger({
+  level: process.env.LOG_LEVEL || "info",
+  format: winston.format.combine(
+    winston.format.timestamp({ format: "YYYY-MM-DD HH:mm:ss" }),
+    winston.format.errors({ stack: true }),
+    winston.format.splat(),
+    winston.format.json()
+  ),
+  defaultMeta: { service: "lapeeh-service" },
+  transports: [
+    // Write all logs with importance level of `error` or less to `error.log`
+    // new winston.transports.File({ filename: 'error.log', level: 'error' }),
+    // Write all logs to `combined.log`
+    // new winston.transports.File({ filename: 'combined.log' }),
+    dailyRotateFileTransport,
+  ],
+});
+// If we're not in production then log to the `console` with the format:
+// `${info.level}: ${info.message} JSON.stringify({ ...rest }) `
+if (process.env.NODE_ENV !== "production") {
+  logger.add(
+    new winston.transports.Console({
+      format: winston.format.combine(
+        winston.format.colorize(),
+        winston.format.simple()
+      ),
+    })
+  );
+}
+export class Log {
+  static info(message: string, meta?: any) {
+    logger.info(message, meta);
+  }
+  static error(message: string, meta?: any) {
+    logger.error(message, meta);
+  }
+  static warn(message: string, meta?: any) {
+    logger.warn(message, meta);
+  }
+  static debug(message: string, meta?: any) {
+    logger.debug(message, meta);
+  }
+}
+export default logger;

package/lib/utils/pagination.ts ADDED Viewed

@@ -0,0 +1,56 @@
+export type PaginationQuery = {
+  page?: string | string[] | number;
+  per_page?: string | string[] | number;
+};
+export type PaginationParams = {
+  page: number;
+  perPage: number;
+  skip: number;
+  take: number;
+};
+export type PaginationMeta = {
+  page: number;
+  perPage: number;
+  total: number;
+  lastPage: number;
+};
+function toNumber(value: string | string[] | number | undefined) {
+  if (Array.isArray(value)) {
+    if (value.length === 0) return undefined;
+    return toNumber(value[0]);
+  }
+  if (typeof value === "number") {
+    return value;
+  }
+  if (typeof value === "string") {
+    const n = parseInt(value, 10);
+    if (!Number.isNaN(n)) {
+      return n;
+    }
+  }
+  return undefined;
+}
+export function getPagination(query: PaginationQuery): PaginationParams {
+  const pageRaw = toNumber(query.page);
+  const perPageRaw = toNumber(query.per_page);
+  const page = pageRaw && pageRaw > 0 ? pageRaw : 1;
+  const perPage =
+    perPageRaw && perPageRaw > 0 && perPageRaw <= 100 ? perPageRaw : 10;
+  const skip = (page - 1) * perPage;
+  const take = perPage;
+  return { page, perPage, skip, take };
+}
+export function buildPaginationMeta(
+  page: number,
+  perPage: number,
+  total: number
+): PaginationMeta {
+  const lastPage = total === 0 ? 1 : Math.ceil(total / perPage);
+  return { page, perPage, total, lastPage };
+}

package/lib/utils/response.ts ADDED Viewed

@@ -0,0 +1,88 @@
+import { Response } from "express";
+import { Log } from "./logger";
+type SuccessStatus = "success";
+type ErrorStatus = "error";
+type SuccessBody<T> = {
+  status: SuccessStatus;
+  message: string;
+  data?: T;
+};
+type ErrorBody<T = unknown> = {
+  status: ErrorStatus;
+  message: string;
+  errors?: T;
+};
+function toJsonSafe(value: unknown): unknown {
+  if (value instanceof Date) {
+    return value.toISOString();
+  }
+  if (typeof value === "bigint") {
+    return value.toString();
+  }
+  if (Array.isArray(value)) {
+    return value.map((item) => toJsonSafe(item));
+  }
+  if (value && typeof value === "object") {
+    const result: Record<string, unknown> = {};
+    for (const [key, val] of Object.entries(value)) {
+      result[key] = toJsonSafe(val);
+    }
+    return result;
+  }
+  return value;
+}
+export function sendSuccess<T = any>(
+  res: Response,
+  statusCode: number,
+  message: string,
+  data?: T
+) {
+  const body: SuccessBody<T | undefined> = { status: "success", message, data };
+  return res.status(statusCode).json(toJsonSafe(body));
+}
+/**
+ * Mengirim response sukses dengan performa tinggi menggunakan Schema Serialization (Fastify-style).
+ * Melewati proses JSON.stringify standar yang lambat.
+ *
+ * @param serializer Fungsi serializer yang sudah dicompile dari src/core/serializer
+ */
+export function sendFastSuccess(
+  res: Response,
+  statusCode: number,
+  serializer: (doc: any) => string,
+  data: any
+) {
+  // Set header manual karena kita mengirim raw string
+  res.setHeader("Content-Type", "application/json");
+  res.status(statusCode);
+  // Serializer mengembalikan string JSON
+  const jsonString = serializer(data);
+  return res.send(jsonString);
+}
+export function sendError<T = unknown>(
+  res: Response,
+  statusCode: number,
+  message: string,
+  errors?: T
+) {
+  // Log the error
+  if (statusCode >= 500) {
+    Log.error(message, { statusCode, errors });
+  } else if (statusCode >= 400) {
+    Log.warn(message, { statusCode, errors });
+  }
+  const body: ErrorBody<T> = { status: "error", message };
+  if (errors !== undefined) {
+    body.errors = errors;
+  }
+  return res.status(statusCode).json(toJsonSafe(body));
+}