lapeh 1.0.1

package/src/models/schema.prisma

@@ -0,0 +1,159 @@
+
+model cache {
+  key        String @id @db.VarChar(255)
+  value      String
+  expiration Int
+}
+
+model cache_locks {
+  key        String @id @db.VarChar(255)
+  owner      String @db.VarChar(255)
+  expiration Int
+}
+
+model failed_jobs {
+  id         BigInt   @id @default(autoincrement())
+  uuid       String   @unique(map: "failed_jobs_uuid_unique") @db.VarChar(255)
+  connection String
+  queue      String
+  payload    String
+  exception  String
+  failed_at  DateTime @default(now()) @db.Timestamp(0)
+}
+
+model job_batches {
+  id             String  @id @db.VarChar(255)
+  name           String  @db.VarChar(255)
+  total_jobs     Int
+  pending_jobs   Int
+  failed_jobs    Int
+  failed_job_ids String
+  options        String?
+  cancelled_at   Int?
+  created_at     Int
+  finished_at    Int?
+}
+
+model jobs {
+  id           BigInt @id @default(autoincrement())
+  queue        String @db.VarChar(255)
+  payload      String
+  attempts     Int    @db.SmallInt
+  reserved_at  Int?
+  available_at Int
+  created_at   Int
+
+  @@index([queue], map: "jobs_queue_index")
+}
+
+model migrations {
+  id        Int    @id @default(autoincrement())
+  migration String @db.VarChar(255)
+  batch     Int
+}
+
+model password_reset_tokens {
+  email      String    @id @db.VarChar(255)
+  token      String    @db.VarChar(255)
+  created_at DateTime? @db.Timestamp(0)
+}
+
+model personal_access_tokens {
+  id             BigInt    @id @default(autoincrement())
+  tokenable_type String    @db.VarChar(255)
+  tokenable_id   BigInt
+  name           String
+  token          String    @unique(map: "personal_access_tokens_token_unique") @db.VarChar(64)
+  abilities      String?
+  last_used_at   DateTime? @db.Timestamp(0)
+  expires_at     DateTime? @db.Timestamp(0)
+  created_at     DateTime? @db.Timestamp(0)
+  updated_at     DateTime? @db.Timestamp(0)
+
+  @@index([expires_at], map: "personal_access_tokens_expires_at_index")
+  @@index([tokenable_type, tokenable_id], map: "personal_access_tokens_tokenable_type_tokenable_id_index")
+}
+
+model sessions {
+  id            String  @id @db.VarChar(255)
+  user_id       BigInt?
+  ip_address    String? @db.VarChar(45)
+  user_agent    String?
+  payload       String
+  last_activity Int
+
+  @@index([last_activity], map: "sessions_last_activity_index")
+  @@index([user_id], map: "sessions_user_id_index")
+}
+
+/// This table contains check constraints and requires additional setup for migrations. Visit https://pris.ly/d/check-constraints for more info.
+model users {
+  id                BigInt             @id @default(autoincrement())
+  uuid              String             @unique(map: "users_uuid_unique") @db.Uuid
+  name              String             @db.VarChar(255)
+  email             String             @unique(map: "users_email_unique") @db.VarChar(255)
+  avatar            String?            @db.VarChar(255)
+  avatar_url        String?            @db.VarChar(255)
+  email_verified_at DateTime?          @db.Timestamp(0)
+  password          String             @db.VarChar(255)
+  remember_token    String?            @db.VarChar(100)
+  created_at        DateTime?          @db.Timestamp(0)
+  updated_at        DateTime?          @db.Timestamp(0)
+  user_roles        user_roles[]
+  user_permissions  user_permissions[]
+}
+
+model roles {
+  id               BigInt             @id @default(autoincrement())
+  name             String             @db.VarChar(255)
+  slug             String             @unique @db.VarChar(255)
+  description      String?
+  created_at       DateTime?          @db.Timestamp(0)
+  updated_at       DateTime?          @db.Timestamp(0)
+  user_roles       user_roles[]
+  role_permissions role_permissions[]
+}
+
+model permissions {
+  id               BigInt             @id @default(autoincrement())
+  name             String             @db.VarChar(255)
+  slug             String             @unique @db.VarChar(255)
+  description      String?
+  created_at       DateTime?          @db.Timestamp(0)
+  updated_at       DateTime?          @db.Timestamp(0)
+  user_permissions user_permissions[]
+  role_permissions role_permissions[]
+}
+
+model user_roles {
+  id         BigInt    @id @default(autoincrement())
+  user_id    BigInt
+  role_id    BigInt
+  created_at DateTime? @db.Timestamp(0)
+  users      users     @relation(fields: [user_id], references: [id], onDelete: Cascade, onUpdate: NoAction)
+  roles      roles     @relation(fields: [role_id], references: [id], onDelete: Cascade, onUpdate: NoAction)
+
+  @@unique([user_id, role_id])
+}
+
+model role_permissions {
+  id            BigInt      @id @default(autoincrement())
+  role_id       BigInt
+  permission_id BigInt
+  created_at    DateTime?   @db.Timestamp(0)
+  roles         roles       @relation(fields: [role_id], references: [id], onDelete: Cascade, onUpdate: NoAction)
+  permissions   permissions @relation(fields: [permission_id], references: [id], onDelete: Cascade, onUpdate: NoAction)
+
+  @@unique([role_id, permission_id])
+}
+
+model user_permissions {
+  id            BigInt      @id @default(autoincrement())
+  user_id       BigInt
+  permission_id BigInt
+  created_at    DateTime?   @db.Timestamp(0)
+  users         users       @relation(fields: [user_id], references: [id], onDelete: Cascade, onUpdate: NoAction)
+  permissions   permissions @relation(fields: [permission_id], references: [id], onDelete: Cascade, onUpdate: NoAction)
+
+  @@unique([user_id, permission_id])
+}

package/src/prisma.ts

@@ -0,0 +1,32 @@
+import { PrismaClient } from "../generated/prisma/client";
+import { PrismaPg } from "@prisma/adapter-pg";
+import { PrismaMariaDb } from "@prisma/adapter-mariadb";
+
+const url = process.env.DATABASE_URL || "";
+const provider = (process.env.DATABASE_PROVIDER || "").toLowerCase();
+
+let prisma: PrismaClient;
+
+if (provider === "postgresql" || url.startsWith("postgres")) {
+  const adapter = new PrismaPg({ connectionString: url });
+  prisma = new PrismaClient({ adapter });
+} else if (
+  provider === "mysql" ||
+  provider === "mariadb" ||
+  url.startsWith("mysql") ||
+  url.startsWith("mariadb")
+) {
+  const adapter = new PrismaMariaDb({
+    host: process.env.DATABASE_HOST,
+    user: process.env.DATABASE_USER,
+    password: process.env.DATABASE_PASSWORD,
+    database: process.env.DATABASE_NAME,
+  } as any);
+  prisma = new PrismaClient({ adapter });
+} else {
+  throw new Error(
+    'Unsupported DATABASE_PROVIDER. Use "postgresql" or "mysql".'
+  );
+}
+
+export { prisma };

package/src/realtime.ts

@@ -0,0 +1,34 @@
+import { Server } from "socket.io";
+import jwt from "jsonwebtoken";
+
+let io: Server | null = null;
+
+export function initRealtime(server: import("http").Server) {
+  io = new Server(server, {
+    cors: { origin: "*", methods: ["GET", "POST", "PUT", "DELETE"] },
+  });
+  io.on("connection", (socket) => {
+    const token =
+      (socket.handshake.query?.token as string) ||
+      socket.handshake.headers["authorization"]
+        ?.toString()
+        ?.replace("Bearer ", "") ||
+      "";
+    const secret = process.env.JWT_SECRET;
+    if (secret && token) {
+      try {
+        const payload = jwt.verify(token, secret) as {
+          userId: string;
+          role: string;
+        };
+        const room = `user:${payload.userId}`;
+        socket.join(room);
+      } catch {}
+    }
+  });
+}
+
+export function notifyUser(userId: string, event: string, payload: any) {
+  if (!io) return;
+  io.to(`user:${userId}`).emit(event, payload);
+}

package/src/redis.ts

@@ -0,0 +1,69 @@
+import Redis from "ioredis";
+
+export const useRedis = !!process.env.REDIS_URL;
+
+let redis: Redis | null = null;
+if (useRedis) {
+  redis = new Redis(process.env.REDIS_URL as string, {
+    lazyConnect: true,
+    maxRetriesPerRequest: 0,
+    enableOfflineQueue: false,
+  });
+}
+
+const memory = new Map<string, { value: any; expireAt: number }>();
+
+export async function getCache(key: string) {
+  if (useRedis && redis) {
+    try {
+      const v = await redis.get(key);
+      return v ? JSON.parse(v) : null;
+    } catch {
+      // fall through
+    }
+  } else {
+    const entry = memory.get(key);
+    if (entry && entry.expireAt > Date.now()) return entry.value;
+    if (entry) memory.delete(key);
+  }
+  return null;
+}
+
+export async function setCache(key: string, value: any, ttlSeconds = 60) {
+  if (useRedis && redis) {
+    try {
+      await redis.set(key, JSON.stringify(value), "EX", ttlSeconds);
+      return;
+    } catch {
+      // fall through
+    }
+  } else {
+    memory.set(key, { value, expireAt: Date.now() + ttlSeconds * 1000 });
+  }
+}
+
+export async function delCache(key: string) {
+  if (useRedis && redis) {
+    try {
+      await redis.del(key);
+      return;
+    } catch {
+      // fall through
+    }
+  } else {
+    memory.delete(key);
+  }
+}
+
+export async function pingRedis(): Promise<boolean> {
+  if (!useRedis || !redis) return false;
+  try {
+    await redis.connect();
+    const res = await redis.ping();
+    return res === "PONG";
+  } catch {
+    return false;
+  }
+}
+
+export { redis };

package/src/routes/auth.ts

@@ -0,0 +1,74 @@
+import { Router } from "express";
+import rateLimit from "express-rate-limit";
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const multer = require("multer");
+import path from "path";
+import fs from "fs";
+import {
+  register,
+  login,
+  me,
+  logout,
+  refreshToken,
+  updatePassword,
+  updateProfile,
+  updateAvatar,
+} from "../controllers/authController";
+import { requireAuth } from "../middleware/auth";
+
+const authLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 50,
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
+const avatarUploadDir = process.env.AVATAR_UPLOAD_DIR || "uploads/avatars";
+if (!fs.existsSync(avatarUploadDir)) {
+  fs.mkdirSync(avatarUploadDir, { recursive: true });
+}
+
+const storage = (multer as any).diskStorage({
+  destination(
+    req: any,
+    file: any,
+    cb: (error: Error | null, destination: string) => void
+  ) {
+    cb(null, avatarUploadDir);
+  },
+  filename(
+    req: any,
+    file: any,
+    cb: (error: Error | null, filename: string) => void
+  ) {
+    const ext = path.extname(file.originalname);
+    const base = path.basename(file.originalname, ext);
+    const unique = Date.now() + "-" + Math.round(Math.random() * 1e9);
+    cb(null, base + "-" + unique + ext);
+  },
+});
+
+const uploadAvatar = multer({ storage });
+
+export const authRouter = Router();
+
+authRouter.post("/register", authLimiter, register);
+
+authRouter.post("/login", authLimiter, login);
+
+authRouter.get("/me", requireAuth, me);
+
+authRouter.post("/logout", requireAuth, logout);
+
+authRouter.post("/refresh", authLimiter, refreshToken);
+
+authRouter.put("/password", requireAuth, updatePassword);
+
+authRouter.put("/profile", requireAuth, updateProfile);
+
+authRouter.post(
+  "/avatar",
+  requireAuth,
+  uploadAvatar.single("avatar"),
+  updateAvatar
+);

package/src/routes/rbac.ts

@@ -0,0 +1,55 @@
+import { Router } from "express";
+import { requireAdmin } from "../middleware/auth";
+import {
+  createRole,
+  listRoles,
+  updateRole,
+  deleteRole,
+  createPermission,
+  listPermissions,
+  updatePermission,
+  deletePermission,
+  assignRoleToUser,
+  removeRoleFromUser,
+  assignPermissionToRole,
+  removePermissionFromRole,
+  assignPermissionToUser,
+  removePermissionFromUser,
+} from "../controllers/rbacController";
+
+export const rbacRouter = Router();
+
+rbacRouter.post("/roles", requireAdmin, createRole);
+rbacRouter.get("/roles", requireAdmin, listRoles);
+rbacRouter.put("/roles/:id", requireAdmin, updateRole);
+rbacRouter.delete("/roles/:id", requireAdmin, deleteRole);
+
+rbacRouter.post("/permissions", requireAdmin, createPermission);
+rbacRouter.get("/permissions", requireAdmin, listPermissions);
+rbacRouter.put("/permissions/:id", requireAdmin, updatePermission);
+rbacRouter.delete("/permissions/:id", requireAdmin, deletePermission);
+
+rbacRouter.post("/users/assign-role", requireAdmin, assignRoleToUser);
+rbacRouter.post("/users/remove-role", requireAdmin, removeRoleFromUser);
+
+rbacRouter.post(
+  "/roles/assign-permission",
+  requireAdmin,
+  assignPermissionToRole
+);
+rbacRouter.post(
+  "/roles/remove-permission",
+  requireAdmin,
+  removePermissionFromRole
+);
+
+rbacRouter.post(
+  "/users/assign-permission",
+  requireAdmin,
+  assignPermissionToUser
+);
+rbacRouter.post(
+  "/users/remove-permission",
+  requireAdmin,
+  removePermissionFromUser
+);

package/src/schema/auth-schema.ts

@@ -0,0 +1,62 @@
+import z from "zod";
+
+export const registerSchema = z
+  .object({
+    email: z
+      .string({ required_error: "Email wajib diisi" })
+      .email("Format email tidak valid"),
+    name: z
+      .string({ required_error: "Nama wajib diisi" })
+      .min(1, "Nama wajib diisi"),
+    password: z
+      .string({ required_error: "Password wajib diisi" })
+      .min(4, "Password minimal 4 karakter"),
+    confirmPassword: z
+      .string({ required_error: "Konfirmasi password wajib diisi" })
+      .min(4, "Konfirmasi password minimal 4 karakter"),
+  })
+  .refine((data) => data.password === data.confirmPassword, {
+    path: ["confirmPassword"],
+    message: "Konfirmasi password tidak sama",
+  });
+
+export const loginSchema = z.object({
+  email: z
+    .string({ required_error: "Email wajib diisi" })
+    .email("Format email tidak valid"),
+  password: z
+    .string({ required_error: "Password wajib diisi" })
+    .min(4, "Password minimal 4 karakter"),
+});
+
+export const refreshSchema = z.object({
+  refreshToken: z
+    .string({ required_error: "Refresh token wajib diisi" })
+    .min(1, "Refresh token wajib diisi"),
+});
+
+export const updatePasswordSchema = z
+  .object({
+    currentPassword: z
+      .string({ required_error: "Password saat ini wajib diisi" })
+      .min(4, "Password saat ini minimal 4 karakter"),
+    newPassword: z
+      .string({ required_error: "Password baru wajib diisi" })
+      .min(4, "Password baru minimal 4 karakter"),
+    confirmPassword: z
+      .string({ required_error: "Konfirmasi password wajib diisi" })
+      .min(4, "Konfirmasi password minimal 4 karakter"),
+  })
+  .refine((data) => data.newPassword === data.confirmPassword, {
+    path: ["confirmPassword"],
+    message: "Konfirmasi password tidak sama",
+  });
+
+export const updateProfileSchema = z.object({
+  name: z
+    .string({ required_error: "Nama wajib diisi" })
+    .min(1, "Nama wajib diisi"),
+  email: z
+    .string({ required_error: "Email wajib diisi" })
+    .email("Format email tidak valid"),
+});

package/src/schema/user-schema.ts

@@ -0,0 +1,57 @@
+import z from "zod";
+
+export const createUserSchema = z
+  .object({
+    email: z
+      .string({ required_error: "Email wajib diisi" })
+      .email("Format email tidak valid"),
+    name: z
+      .string({ required_error: "Nama wajib diisi" })
+      .min(1, "Nama wajib diisi"),
+    password: z
+      .string({ required_error: "Password wajib diisi" })
+      .min(6, "Password minimal 6 karakter"),
+    confirmPassword: z
+      .string({ required_error: "Konfirmasi password wajib diisi" })
+      .min(4, "Konfirmasi password minimal 4 karakter"),
+    roleId: z.string().optional(),
+    permissionIds: z.array(z.string()).optional(),
+  })
+  .refine((data) => data.password === data.confirmPassword, {
+    path: ["confirmPassword"],
+    message: "Konfirmasi password tidak sama",
+  });
+
+export const updateUserSchema = z
+  .object({
+    email: z
+      .string({ required_error: "Email wajib diisi" })
+      .email("Format email tidak valid")
+      .optional(),
+    name: z
+      .string({ required_error: "Nama wajib diisi" })
+      .min(1, "Nama wajib diisi")
+      .optional(),
+    password: z
+      .string({ required_error: "Password wajib diisi" })
+      .min(6, "Password minimal 6 karakter")
+      .optional(),
+    confirmPassword: z
+      .string({ required_error: "Konfirmasi password wajib diisi" })
+      .min(4, "Konfirmasi password minimal 4 karakter")
+      .optional(),
+    roleId: z.string().optional(),
+    permissionIds: z.array(z.string()).optional(),
+  })
+  .refine(
+    (data) => {
+      if (!data.password) {
+        return true;
+      }
+      return data.password === data.confirmPassword;
+    },
+    {
+      path: ["confirmPassword"],
+      message: "Konfirmasi password tidak sama",
+    }
+  );

package/src/server.ts

@@ -0,0 +1,32 @@
+import express from "express";
+import cors from "cors";
+import helmet from "helmet";
+import { authRouter } from "./routes/auth";
+import { rbacRouter } from "./routes/rbac";
+import { visitorCounter } from "./middleware/visitor";
+import { errorHandler } from "./middleware/error";
+
+export const app = express();
+
+app.disable("x-powered-by");
+app.use(
+  helmet({
+    contentSecurityPolicy: false,
+  })
+);
+
+const corsOrigin = process.env.CORS_ORIGIN || "*";
+app.use(
+  cors({
+    origin: corsOrigin,
+    credentials: true,
+    exposedHeaders: ["x-access-token", "x-access-expires-at"],
+  })
+);
+app.use(express.json({ limit: "1mb" }));
+app.use(visitorCounter);
+
+app.use("/api/auth", authRouter);
+app.use("/api/rbac", rbacRouter);
+
+app.use(errorHandler);

package/src/utils/pagination.ts

@@ -0,0 +1,56 @@
+export type PaginationQuery = {
+  page?: string | string[] | number;
+  per_page?: string | string[] | number;
+};
+
+export type PaginationParams = {
+  page: number;
+  perPage: number;
+  skip: number;
+  take: number;
+};
+
+export type PaginationMeta = {
+  page: number;
+  perPage: number;
+  total: number;
+  lastPage: number;
+};
+
+function toNumber(value: string | string[] | number | undefined) {
+  if (Array.isArray(value)) {
+    if (value.length === 0) return undefined;
+    return toNumber(value[0]);
+  }
+  if (typeof value === "number") {
+    return value;
+  }
+  if (typeof value === "string") {
+    const n = parseInt(value, 10);
+    if (!Number.isNaN(n)) {
+      return n;
+    }
+  }
+  return undefined;
+}
+
+export function getPagination(query: PaginationQuery): PaginationParams {
+  const pageRaw = toNumber(query.page);
+  const perPageRaw = toNumber(query.per_page);
+  const page = pageRaw && pageRaw > 0 ? pageRaw : 1;
+  const perPage =
+    perPageRaw && perPageRaw > 0 && perPageRaw <= 100 ? perPageRaw : 10;
+  const skip = (page - 1) * perPage;
+  const take = perPage;
+  return { page, perPage, skip, take };
+}
+
+export function buildPaginationMeta(
+  page: number,
+  perPage: number,
+  total: number
+): PaginationMeta {
+  const lastPage = total === 0 ? 1 : Math.ceil(total / perPage);
+  return { page, perPage, total, lastPage };
+}
+

package/src/utils/response.ts

@@ -0,0 +1,59 @@
+import { Response } from "express";
+
+type SuccessStatus = "success";
+type ErrorStatus = "error";
+
+type SuccessBody<T> = {
+  status: SuccessStatus;
+  message: string;
+  data: T;
+};
+
+type ErrorBody<T = unknown> = {
+  status: ErrorStatus;
+  message: string;
+  errors?: T;
+};
+
+function toJsonSafe(value: unknown): unknown {
+  if (value instanceof Date) {
+    return value.toISOString();
+  }
+  if (typeof value === "bigint") {
+    return value.toString();
+  }
+  if (Array.isArray(value)) {
+    return value.map((item) => toJsonSafe(item));
+  }
+  if (value && typeof value === "object") {
+    const result: Record<string, unknown> = {};
+    for (const [key, val] of Object.entries(value)) {
+      result[key] = toJsonSafe(val);
+    }
+    return result;
+  }
+  return value;
+}
+
+export function sendSuccess<T>(
+  res: Response,
+  statusCode: number,
+  message: string,
+  data: T
+) {
+  const body: SuccessBody<T> = { status: "success", message, data };
+  return res.status(statusCode).json(toJsonSafe(body));
+}
+
+export function sendError<T = unknown>(
+  res: Response,
+  statusCode: number,
+  message: string,
+  errors?: T
+) {
+  const body: ErrorBody<T> = { status: "error", message };
+  if (errors !== undefined) {
+    body.errors = errors;
+  }
+  return res.status(statusCode).json(toJsonSafe(body));
+}