lapeeh 1.0.0

package/lib/bootstrap.ts

@@ -0,0 +1,210 @@
+import dotenv from "dotenv";
+dotenv.config();
+
+import moduleAlias from "module-alias";
+import express, { Request, Response, NextFunction } from "express";
+import cors from "cors";
+import helmet from "helmet";
+import compression from "compression";
+import http from "http";
+import path from "path";
+import { initRealtime } from "./core/realtime";
+import { initRedis, redis } from "./core/redis";
+import { visitorCounter } from "./middleware/visitor";
+import { errorHandler } from "./middleware/error";
+import { apiLimiter } from "./middleware/rateLimit";
+import { requestLogger } from "./middleware/requestLogger";
+import { sendSuccess } from "./utils/response";
+
+export async function createApp() {
+  // Register aliases for production runtime
+  // Since user code (compiled JS) uses require('@lapeeh/...')
+  // We map '@lapeeh' to the directory containing this file (lib/ or dist/lib/)
+  moduleAlias.addAlias("@lapeeh", __dirname);
+
+  // Register alias for src directory (@/) to support imports in controllers/routes
+  const isProduction = process.env.NODE_ENV === "production";
+  moduleAlias.addAlias(
+    "@",
+    isProduction
+      ? path.join(process.cwd(), "dist", "src")
+      : path.join(process.cwd(), "src")
+  );
+
+  // LOAD USER CONFIG
+  const configPath = isProduction
+    ? path.join(process.cwd(), "dist", "src", "config")
+    : path.join(process.cwd(), "src", "config");
+
+  let appConfig: any = { timeout: 30000, jsonLimit: "10mb" };
+  let corsConfig: any = {
+    origin: process.env.CORS_ORIGIN || "*",
+    credentials: true,
+    exposedHeaders: ["x-access-token", "x-access-expires-at"],
+  };
+
+  try {
+    const appConfModule = require(path.join(configPath, "app"));
+    if (appConfModule.appConfig)
+      appConfig = { ...appConfig, ...appConfModule.appConfig };
+  } catch (e) {
+    // ignore
+  }
+
+  try {
+    const corsConfModule = require(path.join(configPath, "cors"));
+    if (corsConfModule.corsConfig)
+      corsConfig = { ...corsConfig, ...corsConfModule.corsConfig };
+  } catch (e) {
+    // ignore
+  }
+
+  const app = express();
+
+  app.disable("x-powered-by");
+  app.use(compression());
+
+  // Request Timeout Middleware
+  app.use((_req: Request, res: Response, next: NextFunction) => {
+    const timeout = appConfig.timeout || 30000;
+    res.setTimeout(timeout, () => {
+      res.status(408).send({
+        status: "error",
+        message: `Request Timeout (${timeout / 1000}s limit)`,
+      });
+    });
+    next();
+  });
+
+  app.use(
+    helmet({
+      contentSecurityPolicy: false,
+      crossOriginResourcePolicy: { policy: "cross-origin" },
+    })
+  );
+
+  app.use(cors(corsConfig));
+
+  app.use(requestLogger);
+  app.use(express.json({ limit: appConfig.jsonLimit || "10mb" }));
+  app.use(
+    express.urlencoded({ extended: true, limit: appConfig.jsonLimit || "10mb" })
+  );
+  app.use(apiLimiter);
+  app.use(visitorCounter);
+
+  // Health Check
+  app.get("/", (_req: Request, res: Response) => {
+    sendSuccess(res, 200, "lapeeh API is running", {
+      status: "active",
+      timestamp: new Date(),
+      version: process.env.npm_package_version || "unknown",
+    });
+  });
+
+  // DYNAMIC ROUTE LOADING
+  try {
+    console.log("BOOTSTRAP: Loading routes. NODE_ENV=", process.env.NODE_ENV);
+    const isProduction = process.env.NODE_ENV === "production";
+    let userRoutesPath = isProduction
+      ? path.join(process.cwd(), "dist", "src", "routes")
+      : path.join(process.cwd(), "src", "routes");
+
+    // In test environment, explicitly point to index to ensure resolution
+    if (process.env.NODE_ENV === "test") {
+      // In test environment (ts-jest), we need to point to the TS file
+      // And we might need to use the full path with extension
+      userRoutesPath = path.join(process.cwd(), "src", "routes", "index.ts");
+    }
+
+    // Gunakan require agar sinkron dan mudah dicatch
+    // Check if file exists before requiring to avoid crash in tests/clean env
+    try {
+      const { apiRouter } = require(userRoutesPath);
+      app.use("/api", apiRouter);
+    } catch (e) {
+      // If it's just missing module, maybe we are in test mode or fresh install
+      if (process.env.NODE_ENV !== "test") {
+        console.warn(
+          `⚠️  Could not load user routes from ${userRoutesPath}. (This is expected during initial setup or if src/routes is missing)`
+        );
+      } else {
+        // In test mode, we really want to know if it failed to load
+        console.error(
+          `Error loading routes in test mode from ${userRoutesPath}:`,
+          e
+        );
+        throw e;
+      }
+    }
+  } catch (error) {
+    console.error(error);
+    if (process.env.NODE_ENV === "test") throw error;
+  }
+
+  app.use(errorHandler);
+
+  return app;
+}
+
+export async function bootstrap() {
+  // Validasi Environment Variables
+  const requiredEnvs = ["JWT_SECRET"];
+  const missingEnvs = requiredEnvs.filter((key) => !process.env[key]);
+  if (missingEnvs.length > 0) {
+    console.error(
+      `❌ Missing required environment variables: ${missingEnvs.join(", ")}`
+    );
+    process.exit(1);
+  }
+
+  const app = await createApp();
+  const port = process.env.PORT ? Number(process.env.PORT) : 8000;
+  const server = http.createServer(app);
+
+  initRealtime(server);
+
+  try {
+    await initRedis();
+
+    server.on("error", (e: any) => {
+      if (e.code === "EADDRINUSE") {
+        console.log(`\n❌ Error: Port ${port} is already in use.`);
+        process.exit(1);
+      }
+    });
+
+    server.listen(port, () => {
+      console.log(`✅ API running at http://localhost:${port}`);
+      console.log(`🛡️  Environment: ${process.env.NODE_ENV || "development"}`);
+    });
+  } catch (error) {
+    console.error("❌ Failed to start server:", error);
+    process.exit(1);
+  }
+
+  // Graceful Shutdown
+  const shutdown = async (signal: string) => {
+    console.log(`\n🛑 ${signal} received. Closing resources...`);
+    server.close(() => console.log("Http server closed."));
+    try {
+      if (redis && redis.status === "ready") await redis.quit();
+      process.exit(0);
+    } catch (err) {
+      console.error("Error during shutdown:", err);
+      process.exit(1);
+    }
+  };
+
+  process.on("SIGTERM", () => shutdown("SIGTERM"));
+  process.on("SIGINT", () => shutdown("SIGINT"));
+  process.on("uncaughtException", (error) => {
+    console.error("❌ Uncaught Exception:", error);
+    shutdown("uncaughtException");
+  });
+}
+
+// Self-executing if run directly
+if (require.main === module) {
+  bootstrap();
+}

package/lib/core/realtime.ts

@@ -0,0 +1,34 @@
+import { Server } from "socket.io";
+import jwt from "jsonwebtoken";
+
+let io: Server | null = null;
+
+export function initRealtime(server: import("http").Server) {
+  io = new Server(server, {
+    cors: { origin: "*", methods: ["GET", "POST", "PUT", "DELETE"] },
+  });
+  io.on("connection", (socket) => {
+    const token =
+      (socket.handshake.query?.token as string) ||
+      socket.handshake.headers["authorization"]
+        ?.toString()
+        ?.replace("Bearer ", "") ||
+      "";
+    const secret = process.env.JWT_SECRET;
+    if (secret && token) {
+      try {
+        const payload = jwt.verify(token, secret) as {
+          userId: string;
+          role: string;
+        };
+        const room = `user:${payload.userId}`;
+        socket.join(room);
+      } catch {}
+    }
+  });
+}
+
+export function notifyUser(userId: string, event: string, payload: any) {
+  if (!io) return;
+  io.to(`user:${userId}`).emit(event, payload);
+}

package/lib/core/redis.ts

@@ -0,0 +1,139 @@
+import Redis from "ioredis";
+// @ts-ignore
+import RedisMock from "ioredis-mock";
+
+const redisUrl = process.env.REDIS_URL || "redis://localhost:6379";
+
+// Create a wrapper to handle connection attempts
+let redis: Redis;
+let isRedisConnected = false;
+
+// If explicitly disabled via env
+if (process.env.NO_REDIS === "true") {
+  console.log("Redis disabled via NO_REDIS, using in-memory mock.");
+  redis = new RedisMock();
+  isRedisConnected = true;
+} else {
+  // Try to connect to real Redis
+  redis = new Redis(redisUrl, {
+    lazyConnect: true,
+    maxRetriesPerRequest: 1,
+    retryStrategy: (times) => {
+      // Retry 3 times then give up
+      if (times > 3) return null;
+      return 200;
+    },
+  });
+}
+
+redis.on("ready", () => {
+  isRedisConnected = true;
+  // console.log("Redis connected!");
+});
+
+redis.on("error", (_err) => {
+  // If connection fails and we haven't switched to mock yet
+  if (!isRedisConnected && !(redis instanceof RedisMock)) {
+    // console.log("Redis connection failed, switching to in-memory mock...");
+    // Replace the global redis instance with mock
+    // Note: This is a runtime switch. Existing listeners might be lost if we don't handle carefully.
+    // However, for a simple fallback, we can just use the mock for future calls.
+    // Better approach: Since we exported 'redis' as a const (reference), we can't reassign it easily
+    // if other modules already imported it.
+    // BUT, ioredis instance itself is an EventEmitter.
+    // Strategy: We keep 'redis' as the main interface.
+    // If real redis fails, we just don't set isRedisConnected to true for the *real* one.
+    // But wait, the user wants 'bundle redis'.
+    // The best way is to detect failure during init and SWAP the implementation.
+  }
+  isRedisConnected = false;
+});
+
+// We need a way to seamlessly switch or just default to Mock if connect fails.
+// Since 'redis' is exported immediately, we can't easily swap the object reference for importers.
+// PROXY APPROACH:
+// We export a Proxy that forwards to real redis OR mock redis.
+
+const mockRedis = new RedisMock();
+let activeRedis = redis; // Start with real redis attempt
+
+// Custom init function to determine which one to use
+export async function initRedis() {
+  if (process.env.NO_REDIS === "true") {
+    activeRedis = mockRedis;
+    console.log("✅ Redis: Active (Source: Zero-Config Redis [NO_REDIS=true])");
+    if (process.env.NODE_ENV === "production") {
+      console.warn(
+        "⚠️  WARNING: Running in PRODUCTION with in-memory Redis mock. Data will be lost on restart and not shared between instances."
+      );
+    }
+    return;
+  }
+
+  try {
+    await redis.connect();
+    activeRedis = redis; // Keep using real redis
+    isRedisConnected = true;
+
+    // Determine source label
+    const sourceLabel = process.env.REDIS_URL
+      ? redisUrl
+      : "Zero-Config Redis (Localhost)";
+
+    console.log(`✅ Redis: Active (Source: ${sourceLabel})`);
+  } catch (err) {
+    // Connection failed, switch to mock
+    console.log(
+      `⚠️  Redis: Connection failed to ${redisUrl}, switching to fallback (Source: Zero-Config Redis [Mock])`
+    );
+    activeRedis = mockRedis;
+    isRedisConnected = true; // Mock is always "connected"
+    if (process.env.NODE_ENV === "production") {
+      console.warn(
+        "⚠️  WARNING: Redis connection failed in PRODUCTION. Switched to in-memory mock. Data will be lost on restart."
+      );
+    }
+  }
+}
+
+// Proxy handler to forward all calls to activeRedis
+const redisProxy = new Proxy({} as Redis, {
+  get: (_target, prop) => {
+    // If accessing a property on the proxy, forward it to activeRedis
+    const value = (activeRedis as any)[prop];
+    return value;
+  },
+});
+
+export async function getCache(key: string) {
+  try {
+    const v = await activeRedis.get(key);
+    return v ? JSON.parse(v) : null;
+  } catch {
+    return null;
+  }
+}
+
+export async function setCache(key: string, value: any, ttlSeconds = 60) {
+  try {
+    await activeRedis.set(key, JSON.stringify(value), "EX", ttlSeconds);
+  } catch {}
+}
+
+export async function delCache(key: string) {
+  try {
+    await activeRedis.del(key);
+  } catch {}
+}
+
+export async function delCachePattern(pattern: string) {
+  try {
+    const keys = await activeRedis.keys(pattern);
+    if (keys.length > 0) {
+      await activeRedis.del(...keys);
+    }
+  } catch {}
+}
+
+// Export the proxy as 'redis' so consumers use it transparently
+export { redisProxy as redis };

package/lib/core/serializer.ts

@@ -0,0 +1,63 @@
+import fastJson from "fast-json-stringify";
+
+// Cache untuk menyimpan fungsi stringify yang sudah dicompile
+// Key: Nama schema/Identifier, Value: Fungsi stringify
+const serializerCache = new Map<string, (doc: any) => string>();
+
+/**
+ * Membuat atau mengambil serializer yang sudah dicompile.
+ *
+ * @param key Identifier unik untuk schema (misal: 'UserResponse', 'ProductList')
+ * @param schema JSON Schema definition (Standard JSON Schema)
+ * @returns Fungsi yang mengubah object menjadi JSON string dengan sangat cepat
+ */
+export function getSerializer(key: string, schema: any) {
+  if (serializerCache.has(key)) {
+    return serializerCache.get(key)!;
+  }
+
+  const stringify = fastJson(schema);
+  serializerCache.set(key, stringify);
+  return stringify;
+}
+
+/**
+ * Helper untuk mendefinisikan schema standar response lapeeh
+ * { status: "success", message: string, data: T }
+ */
+export function createResponseSchema(dataSchema: any) {
+  return {
+    title: "StandardResponse",
+    type: "object",
+    properties: {
+      status: { type: "string" },
+      message: { type: "string" },
+      data: dataSchema,
+    },
+  };
+}
+
+/**
+ * Helper khusus untuk response paginasi
+ * { status: "success", message: string, data: { data: T[], meta: ... } }
+ */
+export function createPaginatedResponseSchema(itemSchema: any) {
+  return createResponseSchema({
+    type: "object",
+    properties: {
+      data: {
+        type: "array",
+        items: itemSchema,
+      },
+      meta: {
+        type: "object",
+        properties: {
+          page: { type: "integer" },
+          perPage: { type: "integer" },
+          total: { type: "integer" },
+          lastPage: { type: "integer" },
+        },
+      },
+    },
+  });
+}

package/lib/core/server.ts

@@ -0,0 +1,70 @@
+import express, { Request, Response, NextFunction } from "express";
+import cors from "cors";
+import helmet from "helmet";
+import compression from "compression";
+// import { apiRouter } from "@/routes"; // Routes are now loaded dynamically in bootstrap.ts
+import { visitorCounter } from "../middleware/visitor";
+// import { errorHandler } from "../middleware/error";
+import { apiLimiter } from "../middleware/rateLimit";
+import { requestLogger } from "../middleware/requestLogger";
+import { sendSuccess } from "../utils/response";
+
+export const app = express();
+
+app.disable("x-powered-by");
+
+// Compression (Gzip)
+app.use(compression());
+
+// Request Timeout Middleware (30s)
+app.use((_req: Request, res: Response, next: NextFunction) => {
+  res.setTimeout(30000, () => {
+    res.status(408).send({
+      status: "error",
+      message: "Request Timeout (30s limit)",
+    });
+  });
+  next();
+});
+
+// Security Headers
+app.use(
+  helmet({
+    contentSecurityPolicy: false, // Disarankan true jika menggunakan frontend di domain yang sama
+    crossOriginResourcePolicy: { policy: "cross-origin" },
+  })
+);
+
+const corsOrigin = process.env.CORS_ORIGIN || "*";
+app.use(
+  cors({
+    origin: corsOrigin,
+    credentials: true,
+    exposedHeaders: ["x-access-token", "x-access-expires-at"],
+  })
+);
+
+// Logging & Parsing
+app.use(requestLogger);
+app.use(express.json({ limit: "10mb" })); // Limit dinaikkan untuk upload file base64/besar
+app.use(express.urlencoded({ extended: true, limit: "10mb" }));
+
+// Rate Limiting (Global)
+app.use(apiLimiter);
+
+app.use(visitorCounter);
+
+// Health Check Endpoint
+app.get("/", (_req: Request, res: Response) => {
+  sendSuccess(res, 200, "lapeeh API is running", {
+    status: "active",
+    timestamp: new Date(),
+    version: process.env.npm_package_version || "2.1.6",
+  });
+});
+
+// Routes are loaded in bootstrap.ts via app.use('/api', userApiRouter)
+
+// Global Error Handler
+// Note: We don't attach error handler here because we want to attach it AFTER routes are loaded in bootstrap
+// app.use(errorHandler);

package/lib/core/store.ts

@@ -0,0 +1,116 @@
+import fs from "fs";
+import path from "path";
+
+export interface User {
+  id: string;
+  email: string;
+  name: string;
+  password?: string;
+  uuid: string;
+  avatar?: string | null;
+  avatar_url?: string | null;
+  email_verified_at?: string | Date | null;
+  created_at: string | Date;
+  updated_at: string | Date;
+}
+
+export interface Role {
+  id: string;
+  name: string;
+  slug: string;
+  description?: string | null;
+  created_at: string | Date;
+  updated_at: string | Date;
+}
+
+export interface Permission {
+  id: string;
+  name: string;
+  slug: string;
+  description?: string | null;
+  created_at: string | Date;
+  updated_at: string | Date;
+}
+
+export interface UserRole {
+  id: string;
+  user_id: string;
+  role_id: string;
+  created_at: string | Date;
+}
+
+export interface RolePermission {
+  id: string;
+  role_id: string;
+  permission_id: string;
+  created_at: string | Date;
+}
+
+export interface UserPermission {
+  id: string;
+  user_id: string;
+  permission_id: string;
+  created_at: string | Date;
+}
+
+// Database file path
+const dbPath = path.resolve(process.cwd(), "database.json");
+
+// Load data function
+function loadData() {
+  if (fs.existsSync(dbPath)) {
+    const raw = fs.readFileSync(dbPath, "utf-8");
+    return JSON.parse(raw);
+  }
+  return {
+    users: [],
+    roles: [
+      {
+        id: "1",
+        name: "Admin",
+        slug: "admin",
+        description: "Administrator",
+        created_at: new Date(),
+        updated_at: new Date(),
+      },
+      {
+        id: "2",
+        name: "User",
+        slug: "user",
+        description: "Standard User",
+        created_at: new Date(),
+        updated_at: new Date(),
+      },
+    ],
+    permissions: [],
+    user_roles: [],
+    role_permissions: [],
+    user_permissions: [],
+  };
+}
+
+const data = loadData();
+
+// Export mutable arrays
+export const users: User[] = data.users;
+export const roles: Role[] = data.roles;
+export const permissions: Permission[] = data.permissions;
+export const user_roles: UserRole[] = data.user_roles;
+export const role_permissions: RolePermission[] = data.role_permissions;
+export const user_permissions: UserPermission[] = data.user_permissions;
+
+// Helper to save data
+export function saveStore() {
+  const payload = {
+    users,
+    roles,
+    permissions,
+    user_roles,
+    role_permissions,
+    user_permissions,
+  };
+  fs.writeFileSync(dbPath, JSON.stringify(payload, null, 2), "utf-8");
+}
+
+// Helper to generate IDs
+export const generateId = () => Math.random().toString(36).substr(2, 9);

package/lib/middleware/auth.ts

@@ -0,0 +1,63 @@
+import { Request, Response, NextFunction } from "express";
+import jwt from "jsonwebtoken";
+import { sendError } from "../utils/response";
+// Note: We should ideally avoid importing from controllers in middleware
+// But for now we'll keep it to maintain functionality, but point to src if needed
+// However, authController is in src (user land) or lib?
+// Wait, authController was NOT moved to lib. It is in src/controllers.
+// So this import will fail if we use relative paths.
+// But we are in lib.
+// We should probably move ACCESS_TOKEN_EXPIRES_IN_SECONDS to a config or constants file in lib.
+const ACCESS_TOKEN_EXPIRES_IN_SECONDS = 7 * 24 * 60 * 60;
+
+export function requireAuth(req: Request, res: Response, next: NextFunction) {
+  const header = req.headers.authorization;
+  if (!header || !header.startsWith("Bearer ")) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+  const token = header.slice(7);
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    sendError(res, 500, "Server misconfigured");
+    return;
+  }
+  try {
+    const payload = jwt.verify(token, secret) as {
+      userId: string;
+      role: string;
+    };
+    (req as any).user = { userId: payload.userId, role: payload.role };
+
+    const accessExpiresInSeconds = ACCESS_TOKEN_EXPIRES_IN_SECONDS;
+    const accessExpiresAt = new Date(
+      Date.now() + accessExpiresInSeconds * 1000
+    ).toISOString();
+    const newToken = jwt.sign(
+      { userId: payload.userId, role: payload.role },
+      secret,
+      { expiresIn: accessExpiresInSeconds }
+    );
+    res.setHeader("x-access-token", newToken);
+    res.setHeader("x-access-expires-at", accessExpiresAt);
+
+    next();
+  } catch (err: any) {
+    sendError(res, 401, "Invalid token");
+  }
+}
+
+export function requireAdmin(req: Request, res: Response, next: NextFunction) {
+  const user = (req as any).user as
+    | { userId: string; role: string }
+    | undefined;
+  if (!user) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+  if (user.role !== "admin" && user.role !== "super_admin") {
+    sendError(res, 403, "Forbidden");
+    return;
+  }
+  next();
+}