my-crud-lib 1.0.0

package/README.md

@@ -0,0 +1,208 @@
+# my-crud-lib
+
+A modular, TypeScript-first **Auth + User/Profile CRUD** library for Node.js, designed to be **framework-light**, **DB-agnostic** (via adapters), and **highly extensible** (schemas + hooks). Ship a secure `/auth/register`, `/auth/login`, and `/me` in minutes—then customize without forking the core.
+
+> Works great with Express and Prisma out of the box, but you can plug in your own repo adapter.
+
+---
+
+## Features
+
+- ✅ Ready-made routes: `POST /auth/register`, `POST /auth/login`, `GET /me`
+- 🔐 JWT-based auth with pluggable lifecycle hooks (before/after create, before issuing JWT, etc.)
+- 🧩 Extensible validation via **Zod**: merge your own fields into the base schemas
+- 🗄️ Repository interfaces (DB-agnostic) + optional Prisma adapter
+- 🧰 Cleanly separated core logic & web router
+- 🧪 TypeScript types exported for DX
+
+---
+
+## Installation
+
+```bash
+npm i my-crud-lib zod jsonwebtoken bcryptjs
+# If using Prisma adapter in your app:
+npm i @prisma/client
+```
+
+> Node.js `>= 18.17` is required.
+
+---
+
+## Quickstart (Express)
+
+```ts
+import express from "express";
+import { json } from "body-parser";
+import { createLibrary } from "my-crud-lib";
+// Optional: Prisma adapter (provided in your app)
+import { PrismaClient } from "@prisma/client";
+import { makePrismaUserRepo } from "my-crud-lib/adapter-prisma"; // if you expose this path
+
+const prisma = new PrismaClient();
+
+const app = express();
+app.use(json());
+
+const lib = createLibrary(
+  {
+    auth: {
+      jwtSecret: process.env.JWT_SECRET!, // e.g. "supersecret"
+      jwtExpiresIn: "7d",
+      passwordHashRounds: 10,
+    },
+    routesPrefix: "/api", // optional
+  },
+  { userRepo: makePrismaUserRepo(prisma) }
+);
+
+app.use(lib.router);
+
+app.listen(3000, () => console.log("API running on http://localhost:3000"));
+```
+
+### Available Routes
+
+- `POST /auth/register` → create user (email + password + optional name)
+- `POST /auth/login` → returns `{ accessToken }`
+- `GET /me` → authenticated endpoint, returns the current user
+
+> Protect `/me` with the `isAuth` middleware already wired inside the library router.
+
+---
+
+## Configuration
+
+```ts
+type AuthConfig = {
+  jwtSecret: string;
+  jwtExpiresIn: string; // e.g. "7d"
+  passwordHashRounds: number; // e.g. 10
+};
+
+type LibraryConfig = {
+  auth: AuthConfig;
+  routesPrefix?: string; // e.g. "/api"
+};
+```
+
+Create the library:
+
+```ts
+const lib = createLibrary(config, { userRepo });
+```
+
+---
+
+## Extending Schemas (Zod)
+
+The library exports base Zod schemas and a factory to merge your custom fields.
+
+```ts
+// consumer app
+import { z } from "zod";
+import { makeCreateUserSchema } from "my-crud-lib/schemas";
+
+const ExtraUserFields = z.object({
+  companyVat: z.string().min(5),
+  marketingOptIn: z.boolean().default(false),
+});
+
+export const CreateUserSchema = makeCreateUserSchema(ExtraUserFields);
+
+// Later in your route (if you override the built-in):
+const data = CreateUserSchema.parse(req.body);
+```
+
+**Tip:** The default Prisma schema (if you use it) exposes `profile.extra: Json?` so you can store arbitrary fields without altering the core tables.
+
+---
+
+## Hooks (Lifecycle)
+
+Use hooks to change data or enrich tokens without forking.
+
+```ts
+import { plugins } from "my-crud-lib";
+
+plugins.use({
+  beforeCreateUser: async (data, ctx) => {
+    if (data.companyVat) data.companyVat = data.companyVat.toUpperCase();
+    return data;
+  },
+  afterCreateUser: async (user, ctx) => {
+    // e.g., send welcome email or audit log
+  },
+  beforeIssueJwt: (payload, ctx) => {
+    return { ...payload, tenantId: "acme-123" };
+  },
+});
+```
+
+**Available hooks**
+- `beforeCreateUser(data, ctx)`
+- `afterCreateUser(user, ctx)`
+- `beforeUpdateUser(data, ctx)`
+- `beforeIssueJwt(payload, ctx)`
+
+`ctx` includes the request and useful dependencies (e.g., repos).
+
+---
+
+## Repository Adapters (DB-agnostic)
+
+Core interface:
+
+```ts
+export interface UserRepo {
+  create(data: any): Promise<any>;
+  update(id: string, data: any): Promise<any>;
+  findById(id: string): Promise<any | null>;
+  findByEmail(email: string): Promise<any | null>;
+}
+```
+
+Example Prisma adapter (in your app or provided by the lib):
+
+```ts
+export function makePrismaUserRepo(prisma: any): UserRepo {
+  return {
+    create: (data) => prisma.user.create({ data }),
+    update: (id, data) => prisma.user.update({ where: { id }, data }),
+    findById: (id) => prisma.user.findUnique({ where: { id } }),
+    findByEmail: (email) => prisma.user.findUnique({ where: { email } }),
+  };
+}
+```
+
+---
+
+## Types
+
+The package exports the main public types:
+
+- `LibraryConfig`, `AuthConfig`
+- `UserRepo`
+- schema types (e.g., `CreateUserBase`)
+
+---
+
+## Security Notes
+
+- Keep `JWT_SECRET` secure; rotate if compromised.
+- Consider adding rate limiting in your app (e.g., `express-rate-limit`).
+- Store password hashes using `bcryptjs` with adequate rounds (default shown: `10`).
+- Use HTTPS in production.
+
+---
+
+
+## Contributing
+
+PRs and issues are welcome! Please follow conventional commits or include a clear description. For releases, we recommend Changesets or semantic-release.
+
+---
+
+## License
+
+MIT © Riccardo

package/dist/config/env.d.ts

@@ -0,0 +1,2 @@
+export declare const JWT_ACCESS_EXPIRES_IN: string, JWT_REFRESH_EXPIRES_IN: string;
+export declare const JWT_SECRET: string;

package/dist/config/env.js

@@ -0,0 +1,5 @@
+import dotenv from "dotenv";
+import { env } from "process";
+dotenv.config();
+export const { JWT_ACCESS_EXPIRES_IN = env.JWT_ACCESS_EXPIRES_IN || "15m", JWT_REFRESH_EXPIRES_IN = env.JWT_REFRESH_EXPIRES_IN || "7d", } = process.env;
+export const JWT_SECRET = process.env.JWT_SECRET;

package/dist/database/prisma.service.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/database/prisma.service.js

@@ -0,0 +1 @@
+export {};

package/dist/dev.d.ts

@@ -0,0 +1 @@
+import 'dotenv/config';

package/dist/dev.js

@@ -0,0 +1,13 @@
+import { createServer } from './index.js';
+import { createAuthRouter } from './modules/auth/auth.controller.js';
+import 'dotenv/config';
+import { createUserRouter } from './modules/user/user.controller.js';
+const app = createServer();
+app.use('/auth', createAuthRouter());
+app.use('/users', createUserRouter());
+const PORT = Number(process.env.PORT) || 3000;
+app.listen(PORT, () => {
+    console.log(`API dev up on http://localhost:${PORT}`);
+    console.log(`   -> POST /auth/register, /auth/login, POST /auth/refresh, GET /auth/me`);
+    console.log(`   -> GET /users/me, PUT /users/me`);
+});

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+import { type Express } from 'express';
+export { createAuthRouter } from './modules/auth/auth.controller.js';
+export declare function createServer(): Express;
+export declare function mountDefaultRoutes(app: Express): void;

package/dist/index.js

@@ -0,0 +1,17 @@
+import express from 'express';
+import cors from 'cors';
+import bodyParser from 'body-parser';
+export { createAuthRouter } from './modules/auth/auth.controller.js';
+//export { createUserRouter } from './modules/user/user.router.js';
+export function createServer() {
+    const app = express();
+    app.use(cors());
+    app.use(bodyParser.json());
+    return app;
+}
+export function mountDefaultRoutes(app) {
+    const { createAuthRouter } = require('./modules/auth/auth.controller.js');
+    const { createUserRouter } = require('./modules/user/user.router.js');
+    app.use('/auth', createAuthRouter());
+    app.use('/users', createUserRouter());
+}

package/dist/middleware/hasRole.d.ts

@@ -0,0 +1,4 @@
+import { Response, NextFunction } from 'express';
+import { AuthRequest } from './isAuth.js';
+export declare function hasRole(...allowed: Array<'ADMIN' | 'USER'>): (req: AuthRequest, res: Response, next: NextFunction) => Response<any, Record<string, any>> | undefined;
+export declare function isSelfOrAdmin(): (req: AuthRequest, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;

package/dist/middleware/hasRole.js

@@ -0,0 +1,19 @@
+export function hasRole(...allowed) {
+    return (req, res, next) => {
+        const role = req.user?.role;
+        if (!role || !allowed.includes(role)) {
+            return res.status(403).json({ error: 'Forbidden' });
+        }
+        next();
+    };
+}
+export function isSelfOrAdmin() {
+    return (req, res, next) => {
+        const uid = req.user?.id;
+        const role = req.user?.role;
+        const paramId = Number(req.params.id);
+        if (role === 'ADMIN' || uid === paramId)
+            return next();
+        return res.status(403).json({ error: 'Forbidden' });
+    };
+}

package/dist/middleware/isAuth.d.ts

@@ -0,0 +1,8 @@
+import type { Request, Response, NextFunction } from 'express';
+export type AuthRequest = Request & {
+    user?: {
+        id: number;
+        role: 'USER' | 'ADMIN';
+    };
+};
+export declare function isAuth(req: AuthRequest, res: Response, next: NextFunction): void | Response<any, Record<string, any>>;

package/dist/middleware/isAuth.js

@@ -0,0 +1,16 @@
+import { verifyToken } from '../utils/jwt.js';
+export function isAuth(req, res, next) {
+    const auth = req.headers.authorization;
+    if (!auth?.startsWith('Bearer ')) {
+        return res.status(401).json({ error: 'Missing or invalid Authorization header' });
+    }
+    const token = auth.substring('Bearer '.length);
+    try {
+        const payload = verifyToken(token);
+        req.user = { id: payload.sub, role: payload.role };
+        return next();
+    }
+    catch {
+        return res.status(401).json({ error: 'Invalid or expired token' });
+    }
+}

package/dist/modules/auth/auth.controller.d.ts

@@ -0,0 +1 @@
+export declare function createAuthRouter(): import("express-serve-static-core").Router;

package/dist/modules/auth/auth.controller.js

@@ -0,0 +1,67 @@
+import { Router } from 'express';
+import { registerSchema, loginSchema } from './auth.schemas.js';
+import { registerUser, loginUser } from './auth.service.js';
+import { verifyToken, signAccessToken, signRefreshToken } from '../../utils/jwt.js';
+import { isAuth } from '../../middleware/isAuth.js';
+import { prisma } from '../../utils/prisma.js';
+export function createAuthRouter() {
+    const router = Router();
+    router.post('/register', async (req, res) => {
+        try {
+            const data = registerSchema.parse(req.body);
+            const result = await registerUser(data);
+            return res.status(201).json(result);
+        }
+        catch (err) {
+            if (err?.message === 'EMAIL_TAKEN')
+                return res.status(409).json({ error: 'Email già registrata' });
+            if (err?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: err.issues });
+            return res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.post('/login', async (req, res) => {
+        try {
+            const data = loginSchema.parse(req.body);
+            const result = await loginUser(data);
+            return res.json(result);
+        }
+        catch (err) {
+            if (err?.message === 'INVALID_CREDENTIALS')
+                return res.status(401).json({ error: 'Credenziali non valide' });
+            if (err?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: err.issues });
+            return res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.post('/refresh', async (req, res) => {
+        try {
+            const { refreshToken } = req.body;
+            if (!refreshToken)
+                return res.status(400).json({ error: 'Missing refreshToken' });
+            const payload = verifyToken(refreshToken);
+            if (payload.typ !== 'refresh')
+                return res.status(401).json({ error: 'Invalid refresh token' });
+            const user = await prisma.user.findUnique({ where: { id: payload.sub }, select: { id: true, role: true } });
+            if (!user)
+                return res.status(401).json({ error: 'User not found' });
+            const accessToken = signAccessToken({ sub: user.id, role: user.role });
+            const newRefreshToken = signRefreshToken({ sub: user.id, role: user.role });
+            return res.json({ accessToken, refreshToken: newRefreshToken });
+        }
+        catch {
+            return res.status(401).json({ error: 'Invalid or expired refresh token' });
+        }
+    });
+    router.get('/me', isAuth, async (req, res) => {
+        const userId = req.user.id;
+        const me = await prisma.user.findUnique({
+            where: { id: userId },
+            select: { id: true, email: true, name: true, role: true, profile: { select: { bio: true, avatarUrl: true } } },
+        });
+        if (!me)
+            return res.status(404).json({ error: 'User not found' });
+        return res.json(me);
+    });
+    return router;
+}

package/dist/modules/auth/auth.schemas.d.ts

@@ -0,0 +1,26 @@
+import { z } from 'zod';
+export declare const registerSchema: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+    name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+    name?: string | null | undefined;
+}, {
+    email: string;
+    password: string;
+    name?: string | null | undefined;
+}>;
+export declare const loginSchema: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+}, {
+    email: string;
+    password: string;
+}>;
+export type RegisterInput = z.infer<typeof registerSchema>;
+export type LoginInput = z.infer<typeof loginSchema>;

package/dist/modules/auth/auth.schemas.js

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+export const registerSchema = z.object({
+    email: z.string().email(),
+    password: z.string().min(8),
+    name: z.string().min(1).max(100).nullish(),
+});
+export const loginSchema = z.object({
+    email: z.string().email(),
+    password: z.string().min(8),
+});

package/dist/modules/auth/auth.service.d.ts

@@ -0,0 +1,24 @@
+import type { RegisterInput } from './auth.schemas.js';
+export declare function registerUser(params: RegisterInput): Promise<{
+    user: {
+        email: string;
+        name: string | null;
+        id: number;
+        role: import("@prisma/client").$Enums.Role;
+    };
+    accessToken: string;
+    refreshToken: string;
+}>;
+export declare function loginUser(params: {
+    email: string;
+    password: string;
+}): Promise<{
+    user: {
+        id: number;
+        email: string;
+        name: string | null;
+        role: import("@prisma/client").$Enums.Role;
+    };
+    accessToken: string;
+    refreshToken: string;
+}>;

package/dist/modules/auth/auth.service.js

@@ -0,0 +1,38 @@
+import { prisma } from '../../utils/prisma.js';
+import bcrypt from 'bcryptjs';
+import { signAccessToken, signRefreshToken } from '../../utils/jwt.js';
+export async function registerUser(params) {
+    const exists = await prisma.user.findUnique({ where: { email: params.email } });
+    if (exists)
+        throw new Error('EMAIL_TAKEN');
+    const passwordHash = await bcrypt.hash(params.password, Number(process.env.BCRYPT_SALT) || 10);
+    const user = await prisma.user.create({
+        data: {
+            email: params.email,
+            passwordHash,
+            name: params.name ?? null,
+            role: 'ADMIN',
+            profile: { create: {} },
+        },
+        select: { id: true, email: true, name: true, role: true },
+    });
+    const accessToken = signAccessToken({ sub: user.id, role: user.role });
+    const refreshToken = signRefreshToken({ sub: user.id, role: user.role });
+    return { user, accessToken, refreshToken };
+}
+export async function loginUser(params) {
+    const user = await prisma.user.findUnique({ where: { email: params.email } });
+    if (!user)
+        throw new Error('INVALID_CREDENTIALS');
+    const ok = await bcrypt.compare(params.password, user.passwordHash);
+    if (!ok)
+        throw new Error('INVALID_CREDENTIALS');
+    const payload = { sub: user.id, role: user.role };
+    const accessToken = signAccessToken(payload);
+    const refreshToken = signRefreshToken(payload);
+    return {
+        user: { id: user.id, email: user.email, name: user.name, role: user.role },
+        accessToken,
+        refreshToken,
+    };
+}

package/dist/modules/auth/auth.types.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/modules/auth/auth.types.js

@@ -0,0 +1 @@
+export {};

package/dist/modules/profile/profile.controller.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/modules/profile/profile.controller.js

@@ -0,0 +1 @@
+export {};

package/dist/modules/profile/profile.service.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/modules/profile/profile.service.js

@@ -0,0 +1 @@
+export {};

package/dist/modules/profile/profile.types.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/modules/profile/profile.types.js

@@ -0,0 +1 @@
+export {};

package/dist/modules/user/user.controller.d.ts

@@ -0,0 +1 @@
+export declare function createUserRouter(): import("express-serve-static-core").Router;

package/dist/modules/user/user.controller.js

@@ -0,0 +1,86 @@
+import { Router } from 'express';
+import { isAuth } from '../../middleware/isAuth.js';
+import { hasRole, isSelfOrAdmin } from '../../middleware/hasRole.js';
+import { listUsersQuerySchema, updateMeSchema, adminCreateUserSchema, adminUpdateUserSchema, } from './user.schemas.js';
+import { listUsers, getUserById, updateMe, adminCreateUser, adminUpdateUser, adminDeleteUser, } from './user.service.js';
+export function createUserRouter() {
+    const router = Router();
+    router.get('/', isAuth, hasRole('ADMIN'), async (req, res) => {
+        try {
+            const q = listUsersQuerySchema.parse(req.query);
+            const data = await listUsers(q);
+            res.json(data);
+        }
+        catch (e) {
+            if (e?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: e.issues });
+            res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.get('/:id', isAuth, isSelfOrAdmin(), async (req, res) => {
+        const id = Number(req.params.id);
+        const data = await getUserById(id);
+        if (!data)
+            return res.status(404).json({ error: 'User not found' });
+        res.json(data);
+    });
+    router.get('/me/self', isAuth, async (req, res) => {
+        const data = await getUserById(req.user.id);
+        if (!data)
+            return res.status(404).json({ error: 'User not found' });
+        res.json(data);
+    });
+    router.put('/me', isAuth, async (req, res) => {
+        try {
+            const body = updateMeSchema.parse(req.body);
+            const data = await updateMe(req.user.id, body);
+            res.json(data);
+        }
+        catch (e) {
+            if (e?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: e.issues });
+            res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.post('/', isAuth, hasRole('ADMIN'), async (req, res) => {
+        try {
+            const body = adminCreateUserSchema.parse(req.body);
+            const data = await adminCreateUser(body);
+            res.status(201).json(data);
+        }
+        catch (e) {
+            if (e?.message === 'EMAIL_TAKEN')
+                return res.status(409).json({ error: 'Email already in use' });
+            if (e?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: e.issues });
+            res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.put('/:id', isAuth, isSelfOrAdmin(), async (req, res) => {
+        try {
+            const id = Number(req.params.id);
+            const body = adminUpdateUserSchema.parse(req.body);
+            if (req.user.role !== 'ADMIN' && body.role) {
+                return res.status(403).json({ error: 'Forbidden: cannot change role' });
+            }
+            const data = await adminUpdateUser(id, body);
+            res.json(data);
+        }
+        catch (e) {
+            if (e?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: e.issues });
+            res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.delete('/:id', isAuth, hasRole('ADMIN'), async (req, res) => {
+        try {
+            const id = Number(req.params.id);
+            const data = await adminDeleteUser(id);
+            res.json(data);
+        }
+        catch {
+            res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    return router;
+}

package/dist/modules/user/user.schemas.d.ts

@@ -0,0 +1,75 @@
+import { z } from 'zod';
+export declare const listUsersQuerySchema: z.ZodObject<{
+    page: z.ZodDefault<z.ZodNumber>;
+    pageSize: z.ZodDefault<z.ZodNumber>;
+    search: z.ZodOptional<z.ZodString>;
+    role: z.ZodOptional<z.ZodEnum<["USER", "ADMIN"]>>;
+    sort: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    sort: string;
+    page: number;
+    pageSize: number;
+    search?: string | undefined;
+    role?: "USER" | "ADMIN" | undefined;
+}, {
+    sort?: string | undefined;
+    search?: string | undefined;
+    role?: "USER" | "ADMIN" | undefined;
+    page?: number | undefined;
+    pageSize?: number | undefined;
+}>;
+export declare const updateMeSchema: z.ZodObject<{
+    name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    bio: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    avatarUrl: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    name?: string | null | undefined;
+    bio?: string | null | undefined;
+    avatarUrl?: string | null | undefined;
+}, {
+    name?: string | null | undefined;
+    bio?: string | null | undefined;
+    avatarUrl?: string | null | undefined;
+}>;
+export declare const adminCreateUserSchema: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+    name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    role: z.ZodDefault<z.ZodEnum<["USER", "ADMIN"]>>;
+    bio: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    avatarUrl: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+    role: "USER" | "ADMIN";
+    name?: string | null | undefined;
+    bio?: string | null | undefined;
+    avatarUrl?: string | null | undefined;
+}, {
+    email: string;
+    password: string;
+    name?: string | null | undefined;
+    role?: "USER" | "ADMIN" | undefined;
+    bio?: string | null | undefined;
+    avatarUrl?: string | null | undefined;
+}>;
+export declare const adminUpdateUserSchema: z.ZodObject<{
+    name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    role: z.ZodOptional<z.ZodNullable<z.ZodEnum<["USER", "ADMIN"]>>>;
+    bio: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    avatarUrl: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    name?: string | null | undefined;
+    role?: "USER" | "ADMIN" | null | undefined;
+    bio?: string | null | undefined;
+    avatarUrl?: string | null | undefined;
+}, {
+    name?: string | null | undefined;
+    role?: "USER" | "ADMIN" | null | undefined;
+    bio?: string | null | undefined;
+    avatarUrl?: string | null | undefined;
+}>;
+export type ListUsersQuery = z.infer<typeof listUsersQuerySchema>;
+export type UpdateMeInput = z.infer<typeof updateMeSchema>;
+export type AdminCreateUserInput = z.infer<typeof adminCreateUserSchema>;
+export type AdminUpdateUserInput = z.infer<typeof adminUpdateUserSchema>;

package/dist/modules/user/user.schemas.js

@@ -0,0 +1,30 @@
+import { z } from 'zod';
+export const listUsersQuerySchema = z.object({
+    page: z.coerce.number().int().min(1).default(1),
+    pageSize: z.coerce.number().int().min(1).max(100).default(10),
+    search: z.string().trim().min(1).optional(),
+    role: z.enum(['USER', 'ADMIN']).optional(),
+    sort: z
+        .string()
+        .regex(/^(createdAt|updatedAt|email|name):(asc|desc)$/i)
+        .default('createdAt:desc'),
+});
+export const updateMeSchema = z.object({
+    name: z.string().min(1).max(100).nullish(),
+    bio: z.string().max(500).nullish(),
+    avatarUrl: z.string().url().nullish(),
+});
+export const adminCreateUserSchema = z.object({
+    email: z.string().email(),
+    password: z.string().min(8),
+    name: z.string().min(1).max(100).nullish(),
+    role: z.enum(['USER', 'ADMIN']).default('USER'),
+    bio: z.string().max(500).nullish(),
+    avatarUrl: z.string().url().nullish(),
+});
+export const adminUpdateUserSchema = z.object({
+    name: z.string().min(1).max(100).nullish(),
+    role: z.enum(['USER', 'ADMIN']).nullish(),
+    bio: z.string().max(500).nullish(),
+    avatarUrl: z.string().url().nullish(),
+});

package/dist/modules/user/user.service.d.ts

@@ -0,0 +1,68 @@
+import type { AdminCreateUserInput, AdminUpdateUserInput, ListUsersQuery, UpdateMeInput } from './user.schemas.js';
+export declare function listUsers(q: ListUsersQuery): Promise<{
+    page: number;
+    pageSize: number;
+    total: number;
+    items: {
+        email: string;
+        name: string | null;
+        id: number;
+        role: import("@prisma/client").$Enums.Role;
+        createdAt: Date;
+        updatedAt: Date;
+        profile: {
+            bio: string | null;
+            avatarUrl: string | null;
+        } | null;
+    }[];
+    totalPages: number;
+}>;
+export declare function getUserById(id: number): Promise<{
+    email: string;
+    name: string | null;
+    id: number;
+    role: import("@prisma/client").$Enums.Role;
+    createdAt: Date;
+    updatedAt: Date;
+    profile: {
+        bio: string | null;
+        avatarUrl: string | null;
+    } | null;
+} | null>;
+export declare function updateMe(userId: number, data: UpdateMeInput): Promise<{
+    email: string;
+    name: string | null;
+    id: number;
+    role: import("@prisma/client").$Enums.Role;
+    profile: {
+        bio: string | null;
+        avatarUrl: string | null;
+    } | null;
+}>;
+export declare function adminCreateUser(input: AdminCreateUserInput): Promise<{
+    email: string;
+    name: string | null;
+    id: number;
+    role: import("@prisma/client").$Enums.Role;
+    createdAt: Date;
+    updatedAt: Date;
+    profile: {
+        bio: string | null;
+        avatarUrl: string | null;
+    } | null;
+}>;
+export declare function adminUpdateUser(id: number, input: AdminUpdateUserInput): Promise<{
+    email: string;
+    name: string | null;
+    id: number;
+    role: import("@prisma/client").$Enums.Role;
+    createdAt: Date;
+    updatedAt: Date;
+    profile: {
+        bio: string | null;
+        avatarUrl: string | null;
+    } | null;
+}>;
+export declare function adminDeleteUser(id: number): Promise<{
+    ok: boolean;
+}>;

package/dist/modules/user/user.service.js

@@ -0,0 +1,136 @@
+import { prisma } from '../../utils/prisma.js';
+import bcrypt from 'bcryptjs';
+export async function listUsers(q) {
+    const { page, pageSize, role, search } = q;
+    const [rawField, rawDir] = (q.sort ?? 'createdAt:desc').split(':');
+    const allowedFields = ['createdAt', 'updatedAt', 'email', 'name'];
+    const sortField = allowedFields.includes(rawField || '')
+        ? rawField
+        : 'createdAt';
+    const sortDir = rawDir === 'asc' || rawDir === 'desc' ? rawDir : 'desc';
+    const where = {};
+    if (role)
+        where.role = role;
+    if (search && search.trim() !== '') {
+        const s = search.trim();
+        where.OR = [
+            { email: { contains: s, mode: 'insensitive' } },
+            { name: { contains: s, mode: 'insensitive' } },
+        ];
+    }
+    const orderBy = { [sortField]: sortDir };
+    const [total, items] = await Promise.all([
+        prisma.user.count({ where }),
+        prisma.user.findMany({
+            where,
+            orderBy,
+            skip: (page - 1) * pageSize,
+            take: pageSize,
+            select: {
+                id: true,
+                email: true,
+                name: true,
+                role: true,
+                createdAt: true,
+                updatedAt: true,
+                profile: { select: { bio: true, avatarUrl: true } },
+            },
+        }),
+    ]);
+    return {
+        page,
+        pageSize,
+        total,
+        items,
+        totalPages: Math.ceil(total / pageSize),
+    };
+}
+export async function getUserById(id) {
+    return prisma.user.findUnique({
+        where: { id },
+        select: {
+            id: true,
+            email: true,
+            name: true,
+            role: true,
+            createdAt: true,
+            updatedAt: true,
+            profile: { select: { bio: true, avatarUrl: true } },
+        },
+    });
+}
+export async function updateMe(userId, data) {
+    return prisma.user.update({
+        where: { id: userId },
+        data: {
+            name: data.name ?? undefined,
+            profile: {
+                upsert: {
+                    create: { bio: data.bio ?? null, avatarUrl: data.avatarUrl ?? null },
+                    update: { bio: data.bio ?? null, avatarUrl: data.avatarUrl ?? null },
+                },
+            },
+        },
+        select: {
+            id: true,
+            email: true,
+            name: true,
+            role: true,
+            profile: { select: { bio: true, avatarUrl: true } },
+        },
+    });
+}
+export async function adminCreateUser(input) {
+    const exists = await prisma.user.findUnique({ where: { email: input.email } });
+    if (exists)
+        throw new Error('EMAIL_TAKEN');
+    const passwordHash = await bcrypt.hash(input.password, Number(process.env.BCRYPT_SALT) || 10);
+    return prisma.user.create({
+        data: {
+            email: input.email,
+            passwordHash,
+            name: input.name ?? null,
+            role: input.role ?? 'USER',
+            profile: {
+                create: {
+                    bio: input.bio ?? null,
+                    avatarUrl: input.avatarUrl ?? null,
+                },
+            },
+        },
+        select: {
+            id: true,
+            email: true,
+            name: true,
+            role: true,
+            profile: { select: { bio: true, avatarUrl: true } },
+            createdAt: true,
+            updatedAt: true,
+        },
+    });
+}
+export async function adminUpdateUser(id, input) {
+    return prisma.user.update({
+        where: { id },
+        data: {
+            name: input.name ?? undefined,
+            role: input.role ?? undefined,
+            profile: {
+                upsert: {
+                    create: { bio: input.bio ?? null, avatarUrl: input.avatarUrl ?? null },
+                    update: { bio: input.bio ?? null, avatarUrl: input.avatarUrl ?? null },
+                },
+            },
+        },
+        select: {
+            id: true, email: true, name: true, role: true,
+            profile: { select: { bio: true, avatarUrl: true } },
+            createdAt: true, updatedAt: true,
+        },
+    });
+}
+export async function adminDeleteUser(id) {
+    const user = await prisma.user.findUnique({ where: { id } });
+    await prisma.user.delete({ where: { id } });
+    return { ok: true };
+}

package/dist/modules/user/user.types.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/modules/user/user.types.js

@@ -0,0 +1 @@
+export {};

package/dist/utils/bcrypt.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/bcrypt.js

@@ -0,0 +1 @@
+export {};

package/dist/utils/errorHandler.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/errorHandler.js

@@ -0,0 +1 @@
+export {};

package/dist/utils/jwt.d.ts

@@ -0,0 +1,8 @@
+export type JwtPayload = {
+    sub: number;
+    role: "USER" | "ADMIN";
+    typ?: "refresh";
+};
+export declare function signAccessToken(payload: JwtPayload): string;
+export declare function signRefreshToken(payload: JwtPayload): string;
+export declare function verifyToken<T = JwtPayload>(token: string): T;

package/dist/utils/jwt.js

@@ -0,0 +1,15 @@
+import jwt from "jsonwebtoken";
+import { JWT_ACCESS_EXPIRES_IN, JWT_REFRESH_EXPIRES_IN, JWT_SECRET } from "../config/env.js";
+export function signAccessToken(payload) {
+    return jwt.sign(payload, JWT_SECRET, {
+        expiresIn: JWT_ACCESS_EXPIRES_IN,
+    });
+}
+export function signRefreshToken(payload) {
+    return jwt.sign({ ...payload, typ: "refresh" }, JWT_SECRET, {
+        expiresIn: JWT_REFRESH_EXPIRES_IN,
+    });
+}
+export function verifyToken(token) {
+    return jwt.verify(token, JWT_SECRET);
+}

package/dist/utils/prisma.d.ts

@@ -0,0 +1,5 @@
+import { PrismaClient } from '@prisma/client';
+declare global {
+    var prisma: PrismaClient | undefined;
+}
+export declare const prisma: PrismaClient<import("@prisma/client").Prisma.PrismaClientOptions, never, import("@prisma/client/runtime/library").DefaultArgs>;

package/dist/utils/prisma.js

@@ -0,0 +1,4 @@
+import { PrismaClient } from '@prisma/client';
+export const prisma = global.prisma ?? new PrismaClient();
+if (process.env.NODE_ENV !== 'production')
+    global.prisma = prisma;

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "my-crud-lib",
+  "version": "1.0.0",
+  "description": "Libreria CRUD modulare (Auth/User/Profile) con Prisma + TS",
+  "license": "MIT",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "prisma/schema.prisma"
+  ],
+  "engines": {
+    "node": ">=18.17"
+  },
+  "prisma": {
+    "schema": "prisma/schema.prisma"
+  },
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "node --loader ts-node/esm --no-warnings=ExperimentalWarning src/dev.ts",
+    "dev:db:up": "docker-compose up -d",
+    "dev:db:down": "docker-compose down -v",
+    "prisma:generate": "prisma generate",
+    "prisma:migrate": "prisma migrate dev",
+    "prisma:studio": "prisma studio",
+    "postinstall": "prisma generate",
+    "prepublishOnly": "npm run build",
+    "db:schema": "docker exec -i mycrud_postgres psql -U app -d mycrud -v ON_ERROR_STOP=1 -f /dev/stdin < prisma/schema.sql",
+    "db:seed": "docker exec -i mycrud_postgres psql -U app -d mycrud -v ON_ERROR_STOP=1 -f /dev/stdin < prisma/seed.sql",
+    "db:init": "npm run db:schema && npm run db:seed",
+    "generate:secret": "node scripts/generateSecret.js"
+  },
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
+    "@types/cors": "^2.8.19",
+    "@types/express": "^5.0.3",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/node": "^24.3.0",
+    "prisma": "^6.14.0",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.2"
+  },
+  "dependencies": {
+    "@prisma/client": "^6.14.0",
+    "bcryptjs": "^2.4.3",
+    "dotenv": "^16.3.1",
+    "jsonwebtoken": "^9.0.2",
+    "zod": "^3.23.8"
+  },
+  "peerDependencies": {
+    "body-parser": "^1.20.2",
+    "cors": "^2.8.5",
+    "express": "^4.18.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/prisma/schema.prisma

@@ -0,0 +1,32 @@
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+
+model User {
+  id           Int      @id @default(autoincrement())
+  email        String   @unique
+  passwordHash String
+  name         String?
+  role         Role     @default(USER)
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+  profile      Profile?
+}
+
+model Profile {
+  id        Int     @id @default(autoincrement())
+  userId    Int     @unique
+  bio       String?
+  avatarUrl String?
+  user      User    @relation(fields: [userId], references: [id], onDelete: Cascade)
+}
+
+enum Role {
+  USER
+  ADMIN
+}