lapeh 2.3.8 → 2.4.0

package/.env.example

@@ -0,0 +1,19 @@
+PORT=8000
+DATABASE_PROVIDER="postgresql"
+DATABASE_URL="postgresql://sianu:12341234@localhost:5432/db_example_test?schema=public"   
+
+# Used for all encryption-related tasks in the framework (JWT, etc.)
+JWT_SECRET="replace_this_with_a_secure_random_string"
+
+# Framework Timezone
+TZ="Asia/Jakarta"
+
+# Redis Configuration (Optional)
+# If REDIS_URL is not set or connection fails, the framework will automatically 
+# switch to an in-memory Redis mock (bundled). No installation required for development.
+# REDIS_URL="redis://lapeh:12341234@localhost:6379"
+# NO_REDIS="true"
+
+# To force disable Redis and use in-memory mock even if Redis is available:
+# NO_REDIS="true"
+

package/bin/index.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 
 const fs = require('fs');
 const path = require('path');
@@ -47,7 +47,9 @@ function runDev() {
     const bootstrapPath = fs.existsSync(localBootstrapPath) ? localBootstrapPath : fallbackBootstrapPath;
 
     // We execute a script that requires ts-node to run lib/bootstrap.ts
-    execSync(`npx nodemon --watch src --watch lib --ext ts,json --exec "node -r ${tsNodePath} -r ${tsConfigPathsPath} ${bootstrapPath}"`, { stdio: 'inherit' });
+    // Use JSON.stringify to properly escape paths for the shell command
+    const cmd = `npx nodemon --watch src --watch lib --ext ts,json --exec "node -r ${JSON.stringify(tsNodePath)} -r ${JSON.stringify(tsConfigPathsPath)} ${JSON.stringify(bootstrapPath)}"`;
+    execSync(cmd, { stdio: 'inherit' });
   } catch (error) {
     // Ignore error
   }
@@ -157,14 +159,17 @@ function runStart() {
       }
       
       if (tsNodePath && tsConfigPathsPath) {
-          cmd = `node -r ${tsNodePath} -r ${tsConfigPathsPath} -e "require('${bootstrapPath.replace(/\\/g, '/')}').bootstrap()"`;
+          const script = `require(${JSON.stringify(bootstrapPath)}).bootstrap()`;
+          cmd = `node -r ${JSON.stringify(tsNodePath)} -r ${JSON.stringify(tsConfigPathsPath)} -e ${JSON.stringify(script)}`;
       } else {
           // Fallback to npx if resolution fails
-          cmd = `npx ts-node -r tsconfig-paths/register -e "require('${bootstrapPath.replace(/\\/g, '/')}').bootstrap()"`;
+          const script = `require(${JSON.stringify(bootstrapPath)}).bootstrap()`;
+          cmd = `npx ts-node -r tsconfig-paths/register -e ${JSON.stringify(script)}`;
       }
   } else {
       // JS file, run with node
-      cmd = `node -e "require('${bootstrapPath.replace(/\\/g, '/')}').bootstrap()"`;
+      const script = `require(${JSON.stringify(bootstrapPath)}).bootstrap()`;
+      cmd = `node -e ${JSON.stringify(script)}`;
   }
 
   execSync(cmd, { 
@@ -508,6 +513,12 @@ function createProject() {
     console.log('\n📂 Copying template files...');
     copyDir(templateDir, projectDir);
 
+    // Rename gitignore.template to .gitignore
+    const gitignoreTemplate = path.join(projectDir, 'gitignore.template');
+    if (fs.existsSync(gitignoreTemplate)) {
+        fs.renameSync(gitignoreTemplate, path.join(projectDir, '.gitignore'));
+    }
+
     // Update package.json
     console.log('📝 Updating package.json...');
     const packageJsonPath = path.join(projectDir, 'package.json');

package/docker-compose.yml

@@ -0,0 +1,24 @@
+version: "3.9"
+services:
+  redis:
+    image: redis:7-alpine
+    command: 
+      - "redis-server"
+      - "--appendonly"
+      - "yes"
+      - "--user"
+      - "default on >12341234 ~* +@all"
+      - "--user"
+      - "lapeh on >12341234 ~* +@all"
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  redis_data:

package/eslint.config.mjs

@@ -0,0 +1,26 @@
+import globals from "globals";
+import pluginJs from "@eslint/js";
+import tseslint from "typescript-eslint";
+
+export default [
+  { files: ["**/*.{js,mjs,cjs,ts}"] },
+  { languageOptions: { globals: globals.node } },
+  pluginJs.configs.recommended,
+  ...tseslint.configs.recommended,
+  {
+    rules: {
+      "@typescript-eslint/no-unused-vars": [
+        "error",
+        {
+          "argsIgnorePattern": "^_",
+          "varsIgnorePattern": "^_",
+          "caughtErrorsIgnorePattern": "^_"
+        }
+      ],
+      "@typescript-eslint/no-explicit-any": "warn"
+    }
+  },
+  {
+    ignores: ["dist/", "node_modules/", "generated/", "scripts/"]
+  }
+];

package/gitignore.template

@@ -0,0 +1,40 @@
+# Node modules
+node_modules
+npm-debug.log
+yarn-error.log
+pnpm-lock.yaml
+
+# Environment variables
+.env
+.env.local
+.env.development
+.env.test
+.env.production
+
+# Build output
+dist
+build
+coverage
+
+# IDEs
+.vscode/sftp.json
+.idea/
+*.swp
+*.swo
+.DS_Store
+
+# Prisma
+generated/prisma
+*.sqlite
+*.db
+*.db-journal
+dev.db
+
+# OS
+Thumbs.db
+
+# Logs
+testing/*
+# Logs
+storage/logs/*
+!storage/logs/.gitkeep

package/nodemon.json

@@ -0,0 +1,6 @@
+{
+  "watch": ["src", ".env"],
+  "ext": "ts,json",
+  "ignore": ["src/**/*.test.ts"],
+  "exec": "ts-node -r tsconfig-paths/register src/index.ts"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lapeh",
-  "version": "2.3.8",
+  "version": "2.4.0",
   "description": "Framework API Express yang siap pakai (Standardized)",
   "main": "dist/lib/bootstrap.js",
   "bin": {
@@ -21,8 +21,17 @@
     "lib",
     "prisma",
     "scripts",
+    "src",
+    "storage",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "tsconfig.json",
+    "nodemon.json",
+    "docker-compose.yml",
+    ".env.example",
+    "eslint.config.mjs",
+    "prisma.config.ts",
+    "gitignore.template"
   ],
   "scripts": {
     "dev": "node bin/index.js dev",

package/prisma.config.ts

@@ -0,0 +1,15 @@
+// This file was generated by Prisma, and assumes you have installed the following:
+// npm install --save-dev prisma dotenv
+import "dotenv/config";
+import { defineConfig, env } from "prisma/config";
+
+export default defineConfig({
+  schema: "prisma/schema.prisma",
+  migrations: {
+    path: "prisma/migrations",
+    seed: "ts-node -r tsconfig-paths/register prisma/seed.ts",
+  },
+  datasource: {
+    url: env("DATABASE_URL"),
+  },
+});

package/src/controllers/authController.ts

@@ -0,0 +1,469 @@
+import { Request, Response } from "express";
+import bcrypt from "bcryptjs";
+import jwt from "jsonwebtoken";
+import { v4 as uuidv4 } from "uuid";
+import { prisma } from "@lapeh/core/database";
+import { sendError, sendFastSuccess } from "@lapeh/utils/response";
+import { Validator } from "@lapeh/utils/validator";
+import { getSerializer, createResponseSchema } from "@lapeh/core/serializer";
+
+export const ACCESS_TOKEN_EXPIRES_IN_SECONDS = 7 * 24 * 60 * 60;
+
+// --- Serializers ---
+
+const registerSchema = {
+  type: "object",
+  properties: {
+    id: { type: "string" },
+    email: { type: "string" },
+    name: { type: "string" },
+    role: { type: "string" },
+  },
+};
+
+const loginSchema = {
+  type: "object",
+  properties: {
+    token: { type: "string" },
+    refreshToken: { type: "string" },
+    expiresIn: { type: "integer" },
+    expiresAt: { type: "string" },
+    name: { type: "string" },
+    role: { type: "string" },
+  },
+};
+
+const userProfileSchema = {
+  type: "object",
+  properties: {
+    id: { type: "string" },
+    name: { type: "string" },
+    email: { type: "string" },
+    role: { type: "string" },
+    avatar: { type: "string", nullable: true },
+    avatar_url: { type: "string", nullable: true },
+    email_verified_at: { type: "string", format: "date-time", nullable: true },
+    created_at: { type: "string", format: "date-time", nullable: true },
+    updated_at: { type: "string", format: "date-time", nullable: true },
+  },
+};
+
+const refreshTokenSchema = {
+  type: "object",
+  properties: {
+    token: { type: "string" },
+    expiresIn: { type: "integer" },
+    expiresAt: { type: "string" },
+    name: { type: "string" },
+    role: { type: "string" },
+  },
+};
+
+const registerSerializer = getSerializer(
+  "auth-register",
+  createResponseSchema(registerSchema)
+);
+const loginSerializer = getSerializer(
+  "auth-login",
+  createResponseSchema(loginSchema)
+);
+const userProfileSerializer = getSerializer(
+  "auth-profile",
+  createResponseSchema(userProfileSchema)
+);
+const refreshTokenSerializer = getSerializer(
+  "auth-refresh",
+  createResponseSchema(refreshTokenSchema)
+);
+
+const voidSerializer = getSerializer(
+  "void",
+  createResponseSchema({ type: "null" })
+);
+
+// --- Controllers ---
+
+export async function register(req: Request, res: Response) {
+  const validator = Validator.make(req.body || {}, {
+    email: "required|email|unique:users,email",
+    name: "required|min:1",
+    password: "required|min:4",
+    confirmPassword: "required|min:4|same:password",
+  });
+
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
+    return;
+  }
+  const { email, name, password } = await validator.validated();
+  // Manual unique check removed as it is handled by validator
+  const hash = await bcrypt.hash(password, 10);
+  const user = await prisma.users.create({
+    data: {
+      email,
+      name,
+      password: hash,
+      uuid: uuidv4(),
+      created_at: new Date(),
+      updated_at: new Date(),
+    },
+  });
+
+  const defaultRole = await prisma.roles.findUnique({
+    where: { slug: "user" },
+  });
+  if (defaultRole) {
+    await prisma.user_roles.create({
+      data: {
+        user_id: user.id,
+        role_id: defaultRole.id,
+        created_at: new Date(),
+      },
+    });
+  }
+
+  sendFastSuccess(res, 200, registerSerializer, {
+    status: "success",
+    message: "Registration successful",
+    data: {
+      id: user.id.toString(),
+      email: user.email,
+      name: user.name,
+      role: defaultRole ? defaultRole.slug : "user",
+    },
+  });
+}
+
+export async function login(req: Request, res: Response) {
+  const validator = Validator.make(req.body || {}, {
+    email: "required|email",
+    password: "required|min:4",
+  });
+
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
+    return;
+  }
+  const { email, password } = await validator.validated();
+  const user = await prisma.users.findUnique({
+    where: { email },
+    include: {
+      user_roles: {
+        include: {
+          role: true,
+        },
+      },
+    },
+  });
+  if (!user) {
+    sendError(res, 401, "Email not registered", {
+      field: "email",
+      message: "Email is not registered, please register first",
+    });
+    return;
+  }
+  const ok = await bcrypt.compare(password, user.password);
+  if (!ok) {
+    sendError(res, 401, "Invalid credentials", {
+      field: "password",
+      message: "The password you entered is incorrect",
+    });
+    return;
+  }
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    sendError(res, 500, "Server misconfigured");
+    return;
+  }
+  const primaryUserRole =
+    user.user_roles && user.user_roles.length > 0 && user.user_roles[0].role
+      ? user.user_roles[0].role.slug
+      : "user";
+  const accessExpiresInSeconds = ACCESS_TOKEN_EXPIRES_IN_SECONDS;
+  const accessExpiresAt = new Date(
+    Date.now() + accessExpiresInSeconds * 1000
+  ).toISOString();
+  const token = jwt.sign(
+    { userId: user.id.toString(), role: primaryUserRole },
+    secret,
+    { expiresIn: accessExpiresInSeconds }
+  );
+  const refreshExpiresInSeconds = 30 * 24 * 60 * 60;
+  const refreshToken = jwt.sign(
+    {
+      userId: user.id.toString(),
+      role: primaryUserRole,
+      tokenType: "refresh",
+    },
+    secret,
+    { expiresIn: refreshExpiresInSeconds }
+  );
+  sendFastSuccess(res, 200, loginSerializer, {
+    status: "success",
+    message: "Login successful",
+    data: {
+      token,
+      refreshToken,
+      expiresIn: accessExpiresInSeconds,
+      expiresAt: accessExpiresAt,
+      name: user.name,
+      role: primaryUserRole,
+    },
+  });
+}
+
+export async function me(req: Request, res: Response) {
+  const payload = (req as any).user as { userId: string; role: string };
+  if (!payload || !payload.userId) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+  const user = await prisma.users.findUnique({
+    where: { id: BigInt(payload.userId) },
+    include: {
+      user_roles: {
+        include: {
+          role: true,
+        },
+      },
+    },
+  });
+  if (!user) {
+    sendError(res, 404, "User not found");
+    return;
+  }
+  const { password, remember_token, ...rest } = user as any;
+  sendFastSuccess(res, 200, userProfileSerializer, {
+    status: "success",
+    message: "User profile",
+    data: {
+      ...rest,
+      id: user.id.toString(),
+      role:
+        user.user_roles && user.user_roles.length > 0 && user.user_roles[0].role
+          ? user.user_roles[0].role.slug
+          : "user",
+    },
+  });
+}
+
+export async function logout(_req: Request, res: Response) {
+  // In a stateless JWT setup, logout is client-side (delete token).
+  // If using a whitelist/blacklist in Redis, invalidate the token here.
+  // For now, just return success.
+  sendFastSuccess(res, 200, voidSerializer, {
+    status: "success",
+    message: "Logout successful",
+    data: null,
+  });
+}
+
+export async function refreshToken(req: Request, res: Response) {
+  const validator = Validator.make(req.body || {}, {
+    refreshToken: "required|min:1",
+  });
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
+    return;
+  }
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    sendError(res, 500, "Server misconfigured");
+    return;
+  }
+  try {
+    const validatedData = await validator.validated();
+    const decoded = jwt.verify(validatedData.refreshToken, secret) as {
+      userId: string;
+      role: string;
+      tokenType?: string;
+      iat: number;
+      exp: number;
+    };
+    if (decoded.tokenType !== "refresh") {
+      sendError(res, 401, "Invalid refresh token");
+      return;
+    }
+    const user = await prisma.users.findUnique({
+      where: { id: BigInt(decoded.userId) },
+      include: {
+        user_roles: {
+          include: {
+            role: true,
+          },
+        },
+      },
+    });
+    if (!user) {
+      sendError(res, 401, "Invalid refresh token");
+      return;
+    }
+    const primaryUserRole =
+      user.user_roles && user.user_roles.length > 0 && user.user_roles[0].role
+        ? user.user_roles[0].role.slug
+        : "user";
+    const accessExpiresInSeconds = ACCESS_TOKEN_EXPIRES_IN_SECONDS;
+    const accessExpiresAt = new Date(
+      Date.now() + accessExpiresInSeconds * 1000
+    ).toISOString();
+    const token = jwt.sign(
+      { userId: user.id.toString(), role: primaryUserRole },
+      secret,
+      { expiresIn: accessExpiresInSeconds }
+    );
+    sendFastSuccess(res, 200, refreshTokenSerializer, {
+      status: "success",
+      message: "Token refreshed",
+      data: {
+        token,
+        expiresIn: accessExpiresInSeconds,
+        expiresAt: accessExpiresAt,
+        name: user.name,
+        role: primaryUserRole,
+      },
+    });
+  } catch {
+    sendError(res, 401, "Invalid refresh token");
+  }
+}
+
+export async function updateAvatar(req: Request, res: Response) {
+  const payload = (req as any).user as { userId: string; role: string };
+  if (!payload || !payload.userId) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+
+  const data = {
+    avatar: (req as any).file,
+  };
+
+  const validator = Validator.make(data, {
+    avatar: "nullable|image|mimes:jpeg,png,jpg,gif|max:2048",
+  });
+
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
+    return;
+  }
+
+  const { avatar: file } = await validator.validated();
+
+  if (!file) {
+    sendError(res, 400, "Avatar file is required");
+    return;
+  }
+  const userId = BigInt(payload.userId);
+  const avatar = file.filename;
+  const avatar_url =
+    process.env.AVATAR_BASE_URL || `/uploads/avatars/${file.filename}`;
+  const updated = await prisma.users.update({
+    where: { id: userId },
+    data: {
+      avatar,
+      avatar_url,
+      updated_at: new Date(),
+    },
+  });
+  const { password, remember_token, ...rest } = updated as any;
+  // Note: user_roles might not be fetched in update, so role defaults to "user" or fetched if needed.
+  // Ideally we should refetch or pass existing role.
+  // For now assuming role is preserved or handled by frontend state, but API should return it.
+  // Let's rely on nullable role or simple "user" fallback if not present in `updated`.
+  // Actually `update` returns what was updated. Relations are not included unless specified.
+  // For now we will return it compatible with userProfileSchema.
+
+  sendFastSuccess(res, 200, userProfileSerializer, {
+    status: "success",
+    message: "Avatar updated successfully",
+    data: {
+      ...rest,
+      id: updated.id.toString(),
+      role: payload.role, // Use role from JWT payload as it shouldn't change here
+    },
+  });
+}
+
+export async function updatePassword(req: Request, res: Response) {
+  const payload = (req as any).user as { userId: string; role: string };
+  if (!payload || !payload.userId) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+  const validator = Validator.make(req.body || {}, {
+    currentPassword: "required|min:4",
+    newPassword: "required|min:4",
+    confirmPassword: "required|min:4|same:newPassword",
+  });
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
+    return;
+  }
+  const { currentPassword, newPassword } = await validator.validated();
+  const user = await prisma.users.findUnique({
+    where: { id: BigInt(payload.userId) },
+  });
+  if (!user) {
+    sendError(res, 404, "User not found");
+    return;
+  }
+  const ok = await bcrypt.compare(currentPassword, user.password);
+  if (!ok) {
+    sendError(res, 401, "Invalid credentials", {
+      field: "currentPassword",
+      message: "Current password is incorrect",
+    });
+    return;
+  }
+  const hash = await bcrypt.hash(newPassword, 10);
+  await prisma.users.update({
+    where: { id: user.id },
+    data: {
+      password: hash,
+      updated_at: new Date(),
+    },
+  });
+  sendFastSuccess(res, 200, voidSerializer, {
+    status: "success",
+    message: "Password updated successfully",
+    data: null,
+  });
+}
+
+export async function updateProfile(req: Request, res: Response) {
+  const payload = (req as any).user as { userId: string; role: string };
+  if (!payload || !payload.userId) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+  const validator = Validator.make(req.body || {}, {
+    name: "required|min:1",
+    email: `required|email|unique:users,email,${payload.userId}`,
+  });
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
+    return;
+  }
+  const { name, email } = await validator.validated();
+  const userId = BigInt(payload.userId);
+  // Manual unique check removed as it is handled by validator
+
+  const updated = await prisma.users.update({
+    where: { id: userId },
+    data: {
+      name,
+      email,
+      updated_at: new Date(),
+    },
+  });
+  const { password, remember_token, ...rest } = updated as any;
+  sendFastSuccess(res, 200, userProfileSerializer, {
+    status: "success",
+    message: "Profile updated successfully",
+    data: {
+      ...rest,
+      id: updated.id.toString(),
+      role: payload.role, // Use role from JWT payload
+    },
+  });
+}