millas 0.2.10 → 0.2.12-beta

package/package.json

@@ -1,13 +1,25 @@
 {
   "name": "millas",
-  "version": "0.2.10",
+  "version": "0.2.12-beta",
   "description": "A modern batteries-included backend framework for Node.js — built on Express, inspired by Laravel, Django, and FastAPI",
   "main": "src/index.js",
   "exports": {
     ".": "./src/index.js",
     "./src": "./src/index.js",
     "./src/*": "./src/*.js",
-    "./bin/*": "./bin/*.js"
+    "./bin/*": "./bin/*.js",
+    "./validation": "./src/validation/Validator.js",
+    "./facades/Http": "./src/facades/Http.js",
+    "./facades/Validation": "./src/facades/Validation.js",
+    "./facades/Database": "./src/facades/Database.js",
+    "./facades/Auth": "./src/facades/Auth.js",
+    "./facades/Log": "./src/facades/Log.js",
+    "./facades/Cache": "./src/facades/Cache.js",
+    "./facades/Mail": "./src/facades/Mail.js",
+    "./facades/Queue": "./src/facades/Queue.js",
+    "./facades/Events": "./src/facades/Events.js",
+    "./facades/Storage": "./src/facades/Storage.js",
+    "./facades/Admin": "./src/facades/Admin.js"
   },
   "bin": {
     "millas": "./bin/millas.js"
@@ -39,6 +51,7 @@
   "dependencies": {
     "bcryptjs": "3.0.2",
     "chalk": "4.1.2",
+    "chokidar": "^3.6.0",
     "commander": "^11.0.0",
     "fs-extra": "^11.0.0",
     "inquirer": "8.2.6",
@@ -46,7 +59,8 @@
     "knex": "^3.1.0",
     "nodemailer": "^6.9.0",
     "nunjucks": "^3.2.4",
-    "ora": "5.4.1"
+    "ora": "5.4.1",
+    "sqlite3": "^5.1.7"
   },
   "peerDependencies": {
     "express": "^4.18.0"

package/src/auth/AuthController.js

@@ -2,62 +2,42 @@
 
 const Controller = require('../controller/Controller');
 const Auth       = require('./Auth');
+const { string, email } = require('../validation/Validator');
 
 /**
  * AuthController
  *
- * Drop-in authentication controller.
- * Register its routes in routes/api.js:
- *
- *   const AuthController = require('millas/src/auth/AuthController');
- *
- *   Route.post('/auth/register', AuthController, 'register');
- *   Route.post('/auth/login',    AuthController, 'login');
- *   Route.post('/auth/logout',   AuthController, 'logout');
- *   Route.get('/auth/me',        AuthController, 'me');
- *   Route.post('/auth/refresh',  AuthController, 'refresh');
- *   Route.post('/auth/forgot-password',  AuthController, 'forgotPassword');
- *   Route.post('/auth/reset-password',   AuthController, 'resetPassword');
- *
- * Or use the convenience helper:
- *   Route.auth()  — registers all routes above under /auth
+ * Drop-in authentication controller using the new ctx signature.
+ * All methods receive RequestContext and return MillasResponse.
  */
 class AuthController extends Controller {
 
-  /**
-   * POST /auth/register
-   * Body: { name, email, password, password_confirmation? }
-   */
-  async register(req, res) {
-    const data = await this.validate(req, {
-      name:     'required|string|min:2|max:100',
-      email:    'required|email',
-      password: 'required|string|min:8',
+  async register({ body }) {
+    const data = await body.validate({
+      name:     string().required().min(2).max(100),
+      email:    email().required(),
+      password: string().required().min(8),
     });
 
     const user  = await Auth.register(data);
     const token = Auth.issueToken(user);
 
-    return this.created(res, {
+    return this.created({
       message: 'Registration successful',
       user:    this._safeUser(user),
       token,
     });
   }
 
-  /**
-   * POST /auth/login
-   * Body: { email, password }
-   */
-  async login(req, res) {
-    const { email, password } = await this.validate(req, {
-      email:    'required|email',
-      password: 'required|string',
+  async login({ body }) {
+    const { email: emailVal, password } = await body.validate({
+      email:    email().required(),
+      password: string().required(),
     });
 
-    const { user, token, refreshToken } = await Auth.login(email, password);
+    const { user, token, refreshToken } = await Auth.login(emailVal, password);
 
-    return this.ok(res, {
+    return this.ok({
       message: 'Login successful',
       user:    this._safeUser(user),
       token,
@@ -65,123 +45,52 @@ class AuthController extends Controller {
     });
   }
 
-  /**
-   * POST /auth/logout
-   * Header: Authorization: Bearer <token>
-   *
-   * JWT is stateless — logout just instructs the client to discard the token.
-   * Phase 11 (cache) will add token blocklisting.
-   */
-  async logout(req, res) {
-    return this.ok(res, { message: 'Logged out successfully' });
+  async logout() {
+    return this.ok({ message: 'Logged out successfully' });
   }
 
-  /**
-   * GET /auth/me
-   * Header: Authorization: Bearer <token>
-   */
-  async me(req, res) {
-    try {
-      const user = await Auth.userOrFail(req);
-      return this.ok(res, { user: this._safeUser(user) });
-    } catch (err) {
-      if (err.status === 401) return this.unauthorized(res, err.message);
-      return this.unauthorized(res, 'Unauthenticated');
+  async me({ user }) {
+    if (!user) {
+      const HttpError = require('../errors/HttpError');
+      throw new HttpError(401, 'Unauthenticated');
     }
+    return this.ok({ user: this._safeUser(user) });
   }
 
-  /**
-   * POST /auth/refresh
-   * Body: { refresh_token }
-   */
-  async refresh(req, res) {
-    const { refresh_token } = await this.validate(req, {
-      refresh_token: 'required|string',
+  async refresh({ body }) {
+    const { refresh_token } = await body.validate({
+      refresh_token: string().required(),
     });
 
-    // Verify the refresh token
-    let payload;
-    try {
-      payload = Auth.verify(refresh_token);
-    } catch {
-      return this.unauthorized(res, 'Invalid or expired refresh token');
-    }
-
-    const user = await Auth.user({ headers: { authorization: `Bearer ${refresh_token}` } });
-    if (!user) return this.unauthorized(res, 'User not found');
-
-    const newToken        = Auth.issueToken(user);
-    const newRefreshToken = Auth.issueToken(user, { expiresIn: '30d' });
-
-    return this.ok(res, {
-      token:         newToken,
-      refresh_token: newRefreshToken,
-    });
+    const tokens = await Auth.refresh(refresh_token);
+    return this.ok(tokens);
   }
 
-  /**
-   * POST /auth/forgot-password
-   * Body: { email }
-   */
-  async forgotPassword(req, res) {
-    const { email } = await this.validate(req, {
-      email: 'required|email',
+  async forgotPassword({ body }) {
+    const { email: emailVal } = await body.validate({
+      email: email().required(),
     });
 
-    // Always return 200 to prevent email enumeration
-    try {
-      const user = await Auth.user({ headers: {} });
-      if (user) {
-        const resetToken = Auth.generateResetToken(user);
-        // Phase 8: Mail.send({ to: email, template: 'password-reset', data: { resetToken } })
-        // For now, return token in dev mode only
-        if (process.env.APP_ENV !== 'production') {
-          return this.ok(res, {
-            message:     'Reset link sent (dev mode — token exposed)',
-            reset_token: resetToken,
-          });
-        }
-      }
-    } catch { /* silent */ }
-
-    return this.ok(res, {
-      message: 'If that email exists, a reset link has been sent.',
-    });
+    await Auth.sendPasswordResetEmail(emailVal);
+    return this.ok({ message: 'Password reset email sent' });
   }
 
-  /**
-   * POST /auth/reset-password
-   * Body: { token, password }
-   */
-  async resetPassword(req, res) {
-    const { token, password } = await this.validate(req, {
-      token:    'required|string',
-      password: 'required|string|min:8',
-    });
-
-    const payload = Auth.verifyResetToken(token);
-    const user    = await Auth.user({
-      headers: { authorization: `Bearer ${token}` },
+  async resetPassword({ body }) {
+    const { token, password } = await body.validate({
+      token:    string().required(),
+      password: string().required().min(8).confirmed(),
     });
 
-    if (!user || user.email !== payload.email) {
-      return this.badRequest(res, 'Invalid reset token');
-    }
-
-    const hashed = await Auth.hashPassword(password);
-    await user.update({ password: hashed });
-
-    return this.ok(res, { message: 'Password reset successfully' });
+    await Auth.resetPassword(token, password);
+    return this.ok({ message: 'Password reset successfully' });
   }
 
-  // ─── Internal ─────────────────────────────────────────────────────────────
-
   _safeUser(user) {
     if (!user) return null;
-    const obj = user.toJSON ? user.toJSON() : { ...user };
-    delete obj.password;
-    delete obj.remember_token;
-    return obj;
+    const data = user.toJSON ? user.toJSON() : { ...user };
+    delete data.password;
+    delete data.remember_token;
+    return data;
   }
 }
 

package/src/auth/AuthMiddleware.js

@@ -8,25 +8,15 @@ const Auth       = require('./Auth');
  * AuthMiddleware
  *
  * Guards routes from unauthenticated access using JWT.
- *
  * Reads the Bearer token from the Authorization header,
- * verifies it, loads the user from the database,
- * and attaches them to req.user.
- *
- * Throws 401 if:
- *   - No Authorization header
- *   - Token is malformed / expired
- *   - User no longer exists in DB
+ * verifies it, loads the user, and attaches them to req.user.
  *
- * Register in bootstrap/app.js:
- *   app.middleware('auth', AuthMiddleware)
- *
- * Apply to routes:
- *   Route.prefix('/api').middleware(['auth']).group(() => { ... })
+ * Uses the Millas middleware signature: handle(req, next)
+ * No Express res — returns a MillasResponse or calls next().
  */
 class AuthMiddleware extends Middleware {
-  async handle(req, res, next) {
-    const header = req.headers['authorization'];
+  async handle({ headers, req }, next) {
+    const header = headers.authorization || headers.Authorization;
 
     if (!header) {
       throw new HttpError(401, 'Authorization header missing');
@@ -41,26 +31,25 @@ class AuthMiddleware extends Middleware {
       throw new HttpError(401, 'Token is empty');
     }
 
-    // Verify token — throws 401 if expired or invalid
     const payload = Auth.verify(token);
 
-    // Load user from DB
     let user;
     try {
-      user = await Auth.user(req);
+      user = await Auth.user(req.raw);
     } catch {
       throw new HttpError(401, 'Authentication service not configured');
     }
+
     if (!user) {
       throw new HttpError(401, 'User not found or has been deleted');
     }
 
-    // Attach to request
-    req.user     = user;
-    req.token    = token;
-    req.tokenPayload = payload;
+    // Attach to the underlying request so downstream handlers see req.user
+    req.raw.user         = user;
+    req.raw.token        = token;
+    req.raw.tokenPayload = payload;
 
-    next();
+    return next();
   }
 }
 

package/src/auth/RoleMiddleware.js

@@ -6,38 +6,28 @@ const HttpError  = require('../errors/HttpError');
 /**
  * RoleMiddleware
  *
- * Restricts route access to users with specific roles.
- * Must be used AFTER AuthMiddleware (requires req.user).
- *
- * Usage:
- *   middlewareRegistry.register('admin', new RoleMiddleware(['admin']));
- *   middlewareRegistry.register('staff', new RoleMiddleware(['admin', 'staff']));
- *
- *   Route.prefix('/admin').middleware(['auth', 'admin']).group(() => { ... });
+ * Restricts access to users with specific roles.
+ * Must run after AuthMiddleware (requires ctx.user).
  */
 class RoleMiddleware extends Middleware {
-  /**
-   * @param {string[]} roles — list of allowed role values
-   */
   constructor(roles = []) {
     super();
     this.roles = Array.isArray(roles) ? roles : [roles];
   }
 
-  async handle(req, res, next) {
-    if (!req.user) {
-      throw new HttpError(401, 'Unauthenticated — run AuthMiddleware before RoleMiddleware');
+  async handle({ user }, next) {
+    if (!user) {
+      throw new HttpError(401, 'Unauthenticated — AuthMiddleware must run first');
     }
 
-    const userRole = req.user.role || null;
-
+    const userRole = user.role || null;
     if (!userRole || !this.roles.includes(userRole)) {
       throw new HttpError(403,
         `Access denied. Required role: ${this.roles.join(' or ')}`
       );
     }
 
-    next();
+    return next();
   }
 }
 

package/src/commands/migrate.js

@@ -6,17 +6,15 @@ const fs    = require('fs-extra');
 
 module.exports = function (program) {
 
-  // ── makemigrations ────────────────────────────────────────────────────────
-
+  // ── makemigrations ──────────────────────────────────────────────────────────
   program
     .command('makemigrations')
     .description('Scan model files, detect schema changes, generate migration files')
     .action(async () => {
       try {
-        const ctx       = getProjectContext();
-        // Fixed: was incorrectly destructured as { ModelInspector }
+        const ctx            = getProjectContext();
         const ModelInspector = require('../orm/migration/ModelInspector');
-        const inspector = new ModelInspector(
+        const inspector      = new ModelInspector(
           ctx.modelsPath,
           ctx.migrationsPath,
           ctx.snapshotPath,
@@ -31,14 +29,12 @@ module.exports = function (program) {
           console.log(chalk.gray('\n  Run: millas migrate   to apply these migrations.\n'));
         }
       } catch (err) {
-        console.error(chalk.red(`\n  ✖  makemigrations failed: ${err.message}\n`));
-        if (process.env.DEBUG) console.error(err.stack);
-        process.exit(1);
+        bail('makemigrations', err);
       }
+      // makemigrations doesn't open a DB connection so no closeDb() needed
     });
 
-  // ── migrate ───────────────────────────────────────────────────────────────
-
+  // ── migrate ─────────────────────────────────────────────────────────────────
   program
     .command('migrate')
     .description('Run all pending migrations')
@@ -46,14 +42,15 @@ module.exports = function (program) {
       try {
         const runner = await getRunner();
         const result = await runner.migrate();
-        printResult(result, 'Ran');
+        printMigrationResult(result, 'Ran');
       } catch (err) {
         bail('migrate', err);
+      } finally {
+        await closeDb();
       }
     });
 
-  // ── migrate:fresh ─────────────────────────────────────────────────────────
-
+  // ── migrate:fresh ────────────────────────────────────────────────────────────
   program
     .command('migrate:fresh')
     .description('Drop ALL tables then re-run every migration from scratch')
@@ -62,14 +59,15 @@ module.exports = function (program) {
         console.log(chalk.yellow('\n  ⚠  Dropping all tables…\n'));
         const runner = await getRunner();
         const result = await runner.fresh();
-        printResult(result, 'Ran');
+        printMigrationResult(result, 'Ran');
       } catch (err) {
         bail('migrate:fresh', err);
+      } finally {
+        await closeDb();
       }
     });
 
-  // ── migrate:rollback ──────────────────────────────────────────────────────
-
+  // ── migrate:rollback ─────────────────────────────────────────────────────────
   program
     .command('migrate:rollback')
     .description('Rollback the last batch of migrations')
@@ -78,14 +76,15 @@ module.exports = function (program) {
       try {
         const runner = await getRunner();
         const result = await runner.rollback(Number(options.steps));
-        printResult(result, 'Rolled back');
+        printMigrationResult(result, 'Rolled back');
       } catch (err) {
         bail('migrate:rollback', err);
+      } finally {
+        await closeDb();
       }
     });
 
-  // ── migrate:reset ─────────────────────────────────────────────────────────
-
+  // ── migrate:reset ────────────────────────────────────────────────────────────
   program
     .command('migrate:reset')
     .description('Rollback ALL migrations')
@@ -93,14 +92,15 @@ module.exports = function (program) {
       try {
         const runner = await getRunner();
         const result = await runner.reset();
-        printResult(result, 'Rolled back');
+        printMigrationResult(result, 'Rolled back');
       } catch (err) {
         bail('migrate:reset', err);
+      } finally {
+        await closeDb();
       }
     });
 
-  // ── migrate:refresh ───────────────────────────────────────────────────────
-
+  // ── migrate:refresh ──────────────────────────────────────────────────────────
   program
     .command('migrate:refresh')
     .description('Rollback all then re-run all migrations')
@@ -108,14 +108,15 @@ module.exports = function (program) {
       try {
         const runner = await getRunner();
         const result = await runner.refresh();
-        printResult(result, 'Ran');
+        printMigrationResult(result, 'Ran');
       } catch (err) {
         bail('migrate:refresh', err);
+      } finally {
+        await closeDb();
       }
     });
 
-  // ── migrate:status ────────────────────────────────────────────────────────
-
+  // ── migrate:status ───────────────────────────────────────────────────────────
   program
     .command('migrate:status')
     .description('Show the status of all migration files')
@@ -143,11 +144,12 @@ module.exports = function (program) {
         console.log();
       } catch (err) {
         bail('migrate:status', err);
+      } finally {
+        await closeDb();
       }
     });
 
-  // ── db:seed ───────────────────────────────────────────────────────────────
-
+  // ── db:seed ──────────────────────────────────────────────────────────────────
   program
     .command('db:seed')
     .description('Run all database seeders')
@@ -180,6 +182,8 @@ module.exports = function (program) {
         console.log();
       } catch (err) {
         bail('db:seed', err);
+      } finally {
+        await closeDb();
       }
     });
 };
@@ -208,14 +212,25 @@ async function getDbConnection() {
 }
 
 async function getRunner() {
-  // Fixed: was incorrectly destructured as { MigrationRunner }
   const MigrationRunner = require('../orm/migration/MigrationRunner');
   const ctx = getProjectContext();
   const db  = await getDbConnection();
   return new MigrationRunner(db, ctx.migrationsPath);
 }
 
-function printResult(result, verb) {
+/**
+ * Destroy all open knex connection pools so the CLI process exits cleanly.
+ * Without this, knex keeps the event loop alive indefinitely after the
+ * command finishes, causing the terminal to appear to hang.
+ */
+async function closeDb() {
+  try {
+    const DatabaseManager = require('../orm/drivers/DatabaseManager');
+    await DatabaseManager.closeAll();
+  } catch { /* already closed or never opened — safe to ignore */ }
+}
+
+function printMigrationResult(result, verb) {
   const list = result.ran || result.rolledBack || [];
   if (list.length === 0) {
     console.log(chalk.yellow(`\n  ${result.message}\n`));
@@ -223,7 +238,7 @@ function printResult(result, verb) {
   }
   console.log(chalk.green(`\n  ✔  ${result.message}`));
   list.forEach(f =>
-    console.log(chalk.cyan(`     ${verb === 'Ran' ? '+' : '-'} ${f}`)),
+    console.log(chalk.cyan(`     ${verb === 'Ran' ? '+' : '-'} ${f}`))
   );
   console.log();
 }
@@ -231,5 +246,5 @@ function printResult(result, verb) {
 function bail(cmd, err) {
   console.error(chalk.red(`\n  ✖  ${cmd} failed: ${err.message}\n`));
   if (process.env.DEBUG) console.error(err.stack);
-  process.exit(1);
+  closeDb().finally(() => process.exit(1));
 }