nebula-starter-kit 0.0.1

package/templates/core/audit/audit.module.ts

@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { AuditController } from './audit.controller';
+import { AuditService } from './audit.service';
+
+@Module({
+  imports: [],
+  controllers: [AuditController],
+  providers: [AuditService],
+})
+export class AuditModule {}

package/templates/core/audit/audit.schema.ts

@@ -0,0 +1,14 @@
+export const AUDIT_TABLE = process.env.AUDIT_TABLE || 'lifeline-audit';
+
+export const AUDIT_TABLE_SCHEMA = {
+  tableName: AUDIT_TABLE,
+  hashKey: 'userId',
+  rangeKey: 'createdAt',
+  gsis: [
+    {
+      indexName: 'userId-auditId-index',
+      partitionKey: 'userId',
+      sortKey: 'auditId',
+    },
+  ],
+};

package/templates/core/audit/audit.service.ts

@@ -0,0 +1,47 @@
+import { Injectable } from '@nestjs/common';
+import { PutCommand } from '@aws-sdk/lib-dynamodb';
+import { EnvironmentService } from '@core/constants/environment.service';
+import { AUDIT_TABLE } from './audit.schema';
+import { createDynamoClient } from '@core/constants/environment.db';
+
+let cached: { db: any } | undefined;
+
+@Injectable()
+export class AuditService {
+  private readonly auditTable = AUDIT_TABLE;
+  constructor(private readonly config: EnvironmentService) {}
+
+  public repository(): { db: any } {
+    try {
+      if (!cached) {
+        const db = createDynamoClient(this.config);
+
+        cached = { db };
+      }
+      return cached!;
+    } catch (error) {
+      throw error;
+    }
+  }
+
+  async log(data: any) {
+    const timestamp = new Date().toISOString();
+
+    const { db } = this.repository();
+    try {
+      await db.send(
+        new PutCommand({
+          TableName: this.auditTable,
+          Item: {
+            pk: `USER#${data.userId || 'anonymous'}`,
+            sk: `TIME#${timestamp}`,
+            ...data,
+            createdAt: timestamp,
+          },
+        }),
+      );
+    } catch (error) {
+      console.error('Error logging audit data:', error);
+    }
+  }
+}

package/templates/core/auth/auth.controller.ts

@@ -0,0 +1,207 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Body,
+  Req,
+  Res,
+  NotFoundException,
+  BadRequestException,
+} from '@nestjs/common';
+import { AuthService } from './auth.service';
+import {
+  ConfirmUserDto,
+  ForgotPasswordDto,
+  LoginDto,
+  RegisterDTO,
+  ResetPasswordDto,
+} from './auth.dto';
+import {
+  CognitoIdentityProviderClient,
+  ListUsersCommandOutput,
+} from '@aws-sdk/client-cognito-identity-provider';
+import { EnvironmentService } from '@core/constants/environment.service';
+import {
+  confirmUserBySelf,
+  forgotPassword,
+  initiateLogin,
+  listUsersInPool,
+  resetPassword,
+  signUpUser,
+} from './utils';
+
+import * as dotenv from 'dotenv';
+dotenv.config();
+
+@Controller('auth')
+export class AuthController {
+  private client: CognitoIdentityProviderClient;
+  private CLIENT_ID: any;
+  private USER_POOL_ID: any;
+  constructor(
+    // private readonly authService: AuthService,
+    private readonly environment: EnvironmentService,
+  ) {
+    this.client = new CognitoIdentityProviderClient({
+      region: this.environment?.region() || process.env.REGION,
+    });
+    this.CLIENT_ID =
+      this.environment?.COGNITO_CLIENT_ID() || process.env.COGNITO_CLIENT_ID;
+    this.USER_POOL_ID =
+      this.environment?.COGNITO_USER_POOL_ID() ||
+      process.env.COGNITO_USER_POOL_ID;
+  }
+
+  @Post('register')
+  async register(@Body() body: RegisterDTO): Promise<any> {
+    try {
+      console.log('body', body);
+      if (!body) {
+        throw new BadRequestException('Request body missing');
+      }
+      const { email, password, name } = body;
+      let username = email;
+      let preferred_username = name;
+
+      if (!username || !password || !name) {
+        throw new NotFoundException('username, password and name are required');
+      }
+
+      const result = await signUpUser({
+        username,
+        password,
+        email,
+        name,
+        preferred_username,
+        client: this.client,
+        clientId: this.CLIENT_ID,
+      });
+      if (result?.$metadata?.httpStatusCode || 200) {
+        return result;
+      }
+    } catch (err: any) {
+      console.error(err.message);
+      const msg = err?.message || JSON.stringify(err);
+      throw err;
+    }
+  }
+
+  @Post('login')
+  async login(@Body() body: LoginDto): Promise<any> {
+    try {
+      if (!body) {
+        throw new BadRequestException('Request body missing');
+      }
+      const { email, password } = body;
+
+      if (!email || !password) {
+        throw new NotFoundException('email and password are required');
+      }
+
+      const result = await initiateLogin({
+        email,
+        password,
+        client: this.client,
+        clientId: this.CLIENT_ID,
+      });
+      if (result?.$metadata?.httpStatusCode === 200) {
+        return { token: result.AuthenticationResult?.AccessToken };
+      }
+    } catch (err: any) {
+      console.error(err.message);
+      const msg = err?.message || JSON.stringify(err);
+      throw err;
+    }
+  }
+
+  @Post('confirm')
+  async confirmUser(@Body() body: ConfirmUserDto): Promise<any> {
+    try {
+      if (!body) {
+        throw new BadRequestException('Request body missing');
+      }
+      const { email, code } = body;
+      if (!email || !code) {
+        throw new NotFoundException('email and code are required');
+      }
+
+      await confirmUserBySelf(email, code, this.client, this.CLIENT_ID);
+      return { success: true, message: `✅ User ${email} confirmed` };
+    } catch (err: any) {
+      console.error('Error confirming user:', err.message);
+      throw err;
+    }
+  }
+
+  @Post('forgot-password')
+  async forgotPassword(@Body() body: ForgotPasswordDto): Promise<any> {
+    try {
+      if (!body) {
+        throw new BadRequestException('Request body missing');
+      }
+      const { email } = body;
+      if (!email) {
+        throw new NotFoundException('email is required');
+      }
+
+      await forgotPassword(email, this.client, this.CLIENT_ID);
+      return {
+        success: true,
+        message: `✅ Password reset link sent to ${email}`,
+      };
+    } catch (err: any) {
+      console.error('Error sending forgot password email:', err.message);
+      throw err;
+    }
+  }
+
+  @Post('reset-password')
+  async resetPassword(@Body() body: ResetPasswordDto): Promise<any> {
+    try {
+      if (!body) {
+        throw new BadRequestException('Request body missing');
+      }
+      const { email, code, newPassword } = body;
+      if (!email || !code || !newPassword) {
+        throw new NotFoundException('email, code and newPassword are required');
+      }
+
+      await resetPassword(
+        email,
+        code,
+        newPassword,
+        this.client,
+        this.CLIENT_ID,
+      );
+      return {
+        success: true,
+        message: `✅ Password for ${email} has been reset`,
+      };
+    } catch (err: any) {
+      console.error('Error resetting password:', err.message);
+      throw err;
+    }
+  }
+
+  @Get()
+  async listUsers(): Promise<any> {
+    try {
+      const result: ListUsersCommandOutput = await listUsersInPool(
+        this.USER_POOL_ID,
+        this.client,
+      );
+      const users = (result.Users || []).map((user) => {
+        const attributes = user.Attributes || [];
+        return {
+          email: attributes.find((attr) => attr.Name === 'email')?.Value,
+          name: attributes.find((attr) => attr.Name === 'name')?.Value,
+        };
+      });
+      console.log('Users in pool:', users.length);
+      return { users };
+    } catch (err: any) {
+      console.error('Error listing users in pool:', err.message);
+      throw err;
+    }
+  }
+}

package/templates/core/auth/auth.dto.ts

@@ -0,0 +1,50 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
+
+export class ForgotPasswordDto {
+  @ApiProperty({
+    example: 'consultoba@gmail.com',
+    description: 'Email address',
+  })
+  @IsNotEmpty()
+  @IsEmail()
+  email!: string;
+}
+
+export class LoginDto extends ForgotPasswordDto {
+  @ApiProperty({ example: 'Password123@', description: 'Password' })
+  @IsNotEmpty()
+  @IsString()
+  password!: string;
+}
+
+export class RegisterDTO extends LoginDto {
+  @ApiProperty({ example: 'John', description: 'Name' })
+  @IsNotEmpty()
+  name!: string;
+}
+
+export class ConfirmUserDto {
+  @ApiProperty({
+    example: 'consultoba@gmail.com',
+    description: 'Email address',
+  })
+  @IsNotEmpty()
+  @IsEmail()
+  email!: string;
+
+  @ApiProperty({ example: '123123', description: 'Confirmation code' })
+  @IsNotEmpty()
+  @IsString()
+  code!: string;
+}
+
+export class ResetPasswordDto extends ConfirmUserDto {
+  @ApiProperty({
+    example: 'newPassword123@',
+    description: 'New password',
+  })
+  @IsNotEmpty()
+  @IsString()
+  newPassword!: string;
+}

package/templates/core/auth/auth.module.ts

@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+
+@Module({
+  imports: [],
+  controllers: [AuthController],
+  // providers: [AuthService],
+})
+export class AuthModule {}

package/templates/core/auth/auth.service.ts

@@ -0,0 +1,178 @@
+import { Injectable, NotFoundException } from '@nestjs/common';
+import {
+  confirmUserBySelf,
+  forgotPassword,
+  getUserPools,
+  initiateLogin,
+  listUsersInPool,
+  resetPassword,
+  signUpUser,
+} from './utils';
+import {
+  CognitoIdentityProviderClient,
+  ListUsersCommandOutput,
+} from '@aws-sdk/client-cognito-identity-provider';
+import { EnvironmentService } from '../constants/environment.service';
+import {
+  ConfirmUserDto,
+  ForgotPasswordDto,
+  LoginDto,
+  RegisterDTO,
+  ResetPasswordDto,
+} from './auth.dto';
+
+@Injectable()
+export class AuthService {
+  private client: CognitoIdentityProviderClient;
+  private CLIENT_ID: string;
+  private USER_POOL_ID: string;
+
+  constructor(private readonly environment: EnvironmentService) {
+    this.client = new CognitoIdentityProviderClient({
+      region: this.environment?.region(),
+    });
+    this.CLIENT_ID = this.environment?.COGNITO_CLIENT_ID();
+    this.USER_POOL_ID = this.environment?.COGNITO_USER_POOL_ID();
+  }
+
+  public async register(payload: RegisterDTO): Promise<any> {
+    try {
+      const { email, password, name } = payload;
+      let username = email;
+      let preferred_username = name;
+
+      if (!username || !password || !name) {
+        throw new NotFoundException('username, password and name are required');
+      }
+
+      const result = await signUpUser({
+        username,
+        password,
+        email,
+        name,
+        preferred_username,
+        client: this.client,
+        clientId: this.CLIENT_ID,
+      });
+      if (result?.$metadata?.httpStatusCode || 200) {
+        return result;
+      }
+    } catch (err: any) {
+      console.error(err.message);
+      const msg = err?.message || JSON.stringify(err);
+      throw err;
+    }
+  }
+
+  public async login(payload: LoginDto): Promise<any> {
+    try {
+      const { email, password } = payload;
+
+      if (!email || !password) {
+        throw new NotFoundException('email and password are required');
+      }
+
+      const result = await initiateLogin({
+        email,
+        password,
+        client: this.client,
+        clientId: this.CLIENT_ID,
+      });
+      if (result?.$metadata?.httpStatusCode === 200) {
+        return { token: result.AuthenticationResult?.AccessToken };
+      }
+    } catch (err: any) {
+      console.error(err.message);
+      const msg = err?.message || JSON.stringify(err);
+      throw err;
+    }
+  }
+
+  public async confirmUser(payload: ConfirmUserDto): Promise<any> {
+    try {
+      const { email, code } = payload;
+      if (!email || !code) {
+        throw new NotFoundException('email and code are required');
+      }
+
+      await confirmUserBySelf(email, code, this.client, this.CLIENT_ID);
+      return { success: true, message: `✅ User ${email} confirmed` };
+    } catch (err: any) {
+      console.error('Error confirming user:', err.message);
+      throw err;
+    }
+  }
+
+  public async forgotPassword(payload: ForgotPasswordDto): Promise<any> {
+    try {
+      const { email } = payload;
+      if (!email) {
+        throw new NotFoundException('email is required');
+      }
+
+      await forgotPassword(email, this.client, this.CLIENT_ID);
+      return {
+        success: true,
+        message: `✅ Password reset link sent to ${email}`,
+      };
+    } catch (err: any) {
+      console.error('Error sending forgot password email:', err.message);
+      throw err;
+    }
+  }
+
+  public async resetPassword(payload: ResetPasswordDto): Promise<any> {
+    try {
+      const { email, code, newPassword } = payload;
+      if (!email || !code || !newPassword) {
+        throw new NotFoundException('email, code and newPassword are required');
+      }
+
+      await resetPassword(
+        email,
+        code,
+        newPassword,
+        this.client,
+        this.CLIENT_ID,
+      );
+      return {
+        success: true,
+        message: `✅ Password for ${email} has been reset`,
+      };
+    } catch (err: any) {
+      console.error('Error resetting password:', err.message);
+      throw err;
+    }
+  }
+
+  public async listUserPools(): Promise<any> {
+    try {
+      const result = await getUserPools(this.client);
+      return result;
+    } catch (err: any) {
+      console.error('Error listing user pools:', err.message);
+      throw err;
+    }
+  }
+
+  public async listUsersInPool(): Promise<any> {
+    try {
+      const result: ListUsersCommandOutput = await listUsersInPool(
+        this.USER_POOL_ID,
+        this.client,
+      );
+      const users = (result.Users || []).map((user) => {
+        const attributes = user.Attributes || [];
+        return {
+          email: attributes.find((attr) => attr.Name === 'email')?.Value,
+          name: attributes.find((attr) => attr.Name === 'name')?.Value,
+        };
+      });
+      console.log('Users in pool:', users.length);
+      return users;
+    } catch (err: any) {
+      console.error('Error listing users in pool:', err.message);
+      throw err;
+    }
+  }
+}

package/templates/core/auth/utils.ts

@@ -0,0 +1,160 @@
+import {
+  AdminConfirmSignUpCommand,
+  CognitoIdentityProviderClient,
+  ConfirmSignUpCommand,
+  InitiateAuthCommand,
+  ListUserPoolsCommand,
+  SignUpCommand,
+  ListUsersCommand,
+  ForgotPasswordCommand,
+  ConfirmForgotPasswordCommand,
+} from '@aws-sdk/client-cognito-identity-provider';
+
+export async function signUpUser({
+  username,
+  password,
+  email,
+  name,
+  preferred_username,
+  client,
+  clientId,
+}: {
+  username: string;
+  password: string;
+  email: string;
+  name: string;
+  preferred_username: string;
+  client: CognitoIdentityProviderClient;
+  clientId: string;
+}) {
+  const input = {
+    ClientId: clientId,
+    Username: username,
+    Password: password,
+    UserAttributes: [
+      { Name: 'email', Value: email },
+      { Name: 'name', Value: name },
+      { Name: 'preferred_username', Value: preferred_username },
+    ] as any,
+  };
+
+  const cmd = new SignUpCommand(input);
+  return await client.send(cmd);
+}
+
+export async function initiateLogin({
+  email,
+  password,
+  client,
+  clientId,
+}: {
+  email: string;
+  password: string;
+  client: CognitoIdentityProviderClient;
+  clientId: string;
+}) {
+  const input = {
+    AuthFlow: 'USER_PASSWORD_AUTH',
+    ClientId: clientId,
+    AuthParameters: {
+      USERNAME: email,
+      PASSWORD: password,
+    },
+  } as any;
+
+  const cmd = new InitiateAuthCommand(input);
+  return await client.send(cmd);
+}
+
+// Optional: admin confirm (if you want to auto-confirm users via admin privileges)
+export async function adminConfirm(
+  username: string,
+  client: CognitoIdentityProviderClient,
+  UserPoolId: string,
+) {
+  const cmd = new AdminConfirmSignUpCommand({
+    UserPoolId,
+    Username: username,
+  });
+  return await client.send(cmd);
+}
+
+export async function confirmUserBySelf(
+  username: string,
+  code: number | string,
+  client: CognitoIdentityProviderClient,
+  clientId: string,
+) {
+  const confirmCommand = new ConfirmSignUpCommand({
+    ClientId: clientId,
+    Username: username,
+    ConfirmationCode: code.toString(),
+  });
+
+  console.log('✅ User confirmed successfully');
+  return await client.send(confirmCommand);
+}
+
+export async function confirmUser(
+  username: string,
+  UserPoolId: string,
+  client: CognitoIdentityProviderClient,
+) {
+  const command = new AdminConfirmSignUpCommand({
+    UserPoolId,
+    Username: username,
+  });
+
+  console.log(`✅ User ${username} confirmed`);
+  return await client.send(command);
+}
+
+export async function forgotPassword(
+  email: string,
+  client: CognitoIdentityProviderClient,
+  clientId: string,
+) {
+  const command = new ForgotPasswordCommand({
+    ClientId: clientId,
+    Username: email,
+  });
+
+  console.log(`✅ Forgot password initiated for ${email}`);
+  return await client.send(command);
+}
+
+export async function resetPassword(
+  email: string,
+  code: string,
+  newPassword: string,
+  client: CognitoIdentityProviderClient,
+  clientId: string,
+) {
+  const command = new ConfirmForgotPasswordCommand({
+    ClientId: clientId,
+    Username: email,
+    ConfirmationCode: code,
+    Password: newPassword,
+  });
+
+  console.log(`✅ Password reset initiated for ${email}`);
+  return await client.send(command);
+}
+
+export async function getUserPools(client: CognitoIdentityProviderClient) {
+  const command = new ListUserPoolsCommand({ MaxResults: 10 });
+  const response = await client.send(command);
+  console.log(response.UserPools);
+  return response.UserPools;
+}
+
+export async function listUsersInPool(
+  userPoolId: string,
+  client: CognitoIdentityProviderClient,
+) {
+  const command = new ListUsersCommand({
+    UserPoolId: userPoolId,
+  });
+  const response = await client.send(command);
+  return response;
+}

package/templates/core/constants/environment.db.ts

@@ -0,0 +1,27 @@
+import { DynamoDBClient } from '@aws-sdk/client-dynamodb';
+import { DynamoDBDocumentClient } from '@aws-sdk/lib-dynamodb';
+import { EnvironmentService } from './environment.service';
+
+let cached: DynamoDBDocumentClient;
+
+export const createDynamoClient = (env?: EnvironmentService) => {
+  if (cached) return cached;
+
+  const raw = new DynamoDBClient({
+    region: env?.region() || process.env.REGION,
+    ...(env &&
+      !env.isLambda() && {
+        endpoint: env.dynamoEndpoint(),
+        credentials: {
+          accessKeyId: env.accessKeyId(),
+          secretAccessKey: env.secretAccessKey(),
+        },
+      }),
+  });
+
+  cached = DynamoDBDocumentClient.from(raw, {
+    marshallOptions: { removeUndefinedValues: true },
+  });
+
+  return cached;
+};