nodejs-quickstart-structure 2.0.0 → 2.1.0

package/templates/common/auth/ts/controllers/authController.ts.ejs

@@ -0,0 +1,165 @@
+import { Request, Response, NextFunction } from 'express';
+import bcrypt from 'bcryptjs';
+<% if (architecture === 'MVC') { -%>
+import User from '@/models/User';
+import { JwtService } from '@/services/jwtService';
+import logger from '@/utils/logger';
+<% if (caching !== 'None') { -%>
+import cacheService from '<% if (caching === "Redis") { %>@/config/redisClient<% } else { %>@/config/memoryCache<% } %>';
+<% } -%>
+<% } else { -%>
+import User from '@/infrastructure/database/models/User';
+import { JwtService } from '@/infrastructure/auth/jwtService';
+import logger from '@/infrastructure/log/logger';
+<% if (caching !== 'None') { -%>
+import cacheService from '<% if (caching === "Redis") { %>@/infrastructure/caching/redisClient<% } else { %>@/infrastructure/caching/memoryCache<% } %>';
+<% } -%>
+<% } -%>
+import { HTTP_STATUS } from '@/utils/httpCodes';
+
+export class AuthController {
+  async login(req: Request, res: Response, next: NextFunction) {
+    try {
+      const { email, password } = req.body;
+      <%_ if (database === 'MongoDB' || database === 'None') { -%>
+      const user = await User.findOne({ email });
+      <%_ } else { -%>
+      const user = await User.findOne({ where: { email } });
+      <%_ } -%>
+      if (!user) {
+        return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Invalid credentials' });
+      }
+
+      const isPasswordValid = await bcrypt.compare(password, user.password!);
+      if (!isPasswordValid) {
+        return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Invalid credentials' });
+      }
+
+      const userId = String(user.id || ((user as unknown) as { _id?: string | number })._id);
+      
+      const refreshToken = JwtService.generateRefreshToken({ id: userId, email: user.email });
+      const refreshJti = JwtService.decodeToken(refreshToken)?.jti;
+      const accessToken = JwtService.generateToken({ id: userId, email: user.email, sid: refreshJti });
+      
+      // Store refresh token
+      <%_ if (caching !== 'None') { -%>
+      const cacheKey = `refresh_tokens:${userId}`;
+      const activeTokens = await cacheService.get<string[]>(cacheKey) || [];
+      activeTokens.push(refreshJti!);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60); // 7 days
+      <%_ } else { -%>
+      const activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      activeTokens.push(refreshJti!);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);<% } %>
+
+      res.json({ token: accessToken, accessToken, refreshToken });
+    } catch (error) {
+      logger.error('Login error:', error);
+      next(error);
+    }
+  }
+
+  async refresh(req: Request, res: Response, next: NextFunction) {
+    try {
+      const { refreshToken } = req.body;
+      if (!refreshToken) {
+        return res.status(HTTP_STATUS.BAD_REQUEST).json({ message: 'Refresh token is required' });
+      }
+
+      const decoded = JwtService.verifyRefreshToken(refreshToken);
+      if (!decoded || !decoded.id || !decoded.jti) {
+        return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Invalid refresh token' });
+      }
+
+      const userId = String(decoded.id);
+      const incomingJti = decoded.jti;
+
+      <% if (caching !== 'None') { %>
+      const cacheKey = `refresh_tokens:${userId}`;
+      let activeTokens = await cacheService.get<string[]>(cacheKey) || [];
+      
+      if (!activeTokens.includes(incomingJti)) {
+        // Theft detection! Revoke all sessions
+        logger.warn(`Token theft detected for user ${userId}. Revoking all sessions.`);
+        await cacheService.del(cacheKey);
+        return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Invalid session' });
+      }
+
+      // Valid rotation
+      activeTokens = activeTokens.filter(t => t !== incomingJti);
+      const newRefreshToken = JwtService.generateRefreshToken({ id: userId, email: decoded.email });
+      const newRefreshJti = JwtService.decodeToken(newRefreshToken)?.jti;
+      const newAccessToken = JwtService.generateToken({ id: userId, email: decoded.email, sid: newRefreshJti });
+      
+      activeTokens.push(newRefreshJti!);
+      await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+      <% } else { -%>
+      let activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+      
+      if (!activeTokens.includes(incomingJti)) {
+        // Theft detection!
+        logger.warn(`Token theft detected for user ${userId}. Revoking all sessions.`);
+        JwtService.activeRefreshTokens.delete(userId);
+        return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Invalid session' });
+      }
+
+      activeTokens = activeTokens.filter(t => t !== incomingJti);
+      const newRefreshToken = JwtService.generateRefreshToken({ id: userId, email: decoded.email });
+      const newRefreshJti = JwtService.decodeToken(newRefreshToken)?.jti;
+      const newAccessToken = JwtService.generateToken({ id: userId, email: decoded.email, sid: newRefreshJti });
+      
+      activeTokens.push(newRefreshJti!);
+      JwtService.activeRefreshTokens.set(userId, activeTokens);
+      <% } %>
+      res.json({ accessToken: newAccessToken, refreshToken: newRefreshToken });
+    } catch (error) {
+      logger.error('Refresh token error:', error);
+      next(error);
+    }
+  }
+
+  async logout(req: Request, res: Response, next: NextFunction) {
+    try {
+      const authHeader = req.headers.authorization;
+      if (!authHeader) {
+        return res.status(HTTP_STATUS.BAD_REQUEST).json({ message: 'No token provided' });
+      }
+
+      const accessTokenStr = authHeader.split(' ')[1];
+      const decodedAccess = JwtService.decodeToken(accessTokenStr);
+      
+      if (decodedAccess && decodedAccess.jti && decodedAccess.exp) {
+        const remainingTime = Math.max(0, decodedAccess.exp - Math.floor(Date.now() / 1000));
+        <%_ if (caching !== 'None') { -%>
+        if (remainingTime > 0) {
+            await cacheService.set(`blacklist:${decodedAccess.jti}`, true, remainingTime);
+        }<%_ } else { -%>
+        if (remainingTime > 0) {
+            JwtService.blacklistedTokens.set(decodedAccess.jti, Date.now() + remainingTime * 1000);
+        }<%_ } -%>
+      }
+
+      const { refreshToken } = req.body;
+      if (refreshToken) {
+        const decodedRefresh = JwtService.decodeToken(refreshToken);
+        if (decodedRefresh && decodedRefresh.id && decodedRefresh.jti) {
+           const userId = String(decodedRefresh.id);
+           <%_ if (caching !== 'None') { -%>
+           const cacheKey = `refresh_tokens:${userId}`;
+           let activeTokens = await cacheService.get<string[]>(cacheKey) || [];
+           activeTokens = activeTokens.filter(t => t !== decodedRefresh.jti);
+           await cacheService.set(cacheKey, activeTokens, 7 * 24 * 60 * 60);
+           <%_ } else { -%>
+           let activeTokens = JwtService.activeRefreshTokens.get(userId) || [];
+           activeTokens = activeTokens.filter(t => t !== decodedRefresh.jti);
+           JwtService.activeRefreshTokens.set(userId, activeTokens);<% } %>
+        }
+      }
+
+      res.json({ message: 'Logged out successfully' });
+    } catch (error) {
+      logger.error('Logout error:', error);
+      next(error);
+    }
+  }
+}

package/templates/common/auth/ts/middleware/authMiddleware.spec.ts.ejs

@@ -0,0 +1,128 @@
+<%_ if (architecture === 'Clean Architecture') { _%>
+import { authMiddleware } from '@/infrastructure/webserver/middleware/authMiddleware';
+import { JwtService } from '@/infrastructure/auth/jwtService';
+<%_ } else { _%>
+import { authMiddleware } from '@/middleware/authMiddleware';
+import { JwtService } from '@/services/jwtService';
+<%_ } _%>
+import { HTTP_STATUS } from '@/utils/httpCodes';
+import { Request, Response, NextFunction } from 'express';
+
+<%_ if (architecture === 'Clean Architecture') { _%>
+jest.mock('@/infrastructure/auth/jwtService');
+<%_ } else { _%>
+jest.mock('@/services/jwtService');
+<%_ } _%>
+
+<%_ if (caching !== 'None') { _%>
+<%_ const cachePath = (architecture === "MVC") ? (caching === "Redis" ? "@/config/redisClient" : "@/config/memoryCache") : (caching === "Redis" ? "@/infrastructure/caching/redisClient" : "@/infrastructure/caching/memoryCache"); _%>
+jest.mock('<%= cachePath %>', () => ({
+  __esModule: true,
+  default: {
+    get: jest.fn(),
+    set: jest.fn(),
+    del: jest.fn()
+  }
+}), { virtual: true });
+import cacheService from '<%= cachePath %>';
+<%_ } _%>
+
+describe('AuthMiddleware', () => {
+  let mockRequest: any;
+  let mockResponse: any;
+  const nextFunction: NextFunction = jest.fn();
+
+  beforeEach(() => {
+    mockRequest = {
+      headers: {}
+    };
+    mockResponse = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn()
+    };
+    jest.clearAllMocks();
+  });
+
+  it('should return 401 if no authorization header is provided', async () => {
+    await authMiddleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+    expect(mockResponse.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    expect(mockResponse.json).toHaveBeenCalledWith({ message: 'No token provided' });
+    expect(nextFunction).not.toHaveBeenCalled();
+  });
+
+  it('should return 401 if token is invalid', async () => {
+    mockRequest.headers.authorization = 'Bearer invalid-token';
+    (JwtService.verifyToken as jest.Mock).mockReturnValue(null);
+
+    await authMiddleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+    expect(mockResponse.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    expect(mockResponse.json).toHaveBeenCalledWith({ message: 'Invalid or expired token' });
+    expect(nextFunction).not.toHaveBeenCalled();
+  });
+
+  it('should return 401 if token is blacklisted', async () => {
+    const payload = { id: 1, email: 'test@example.com', jti: 'blacklisted-jti' };
+    mockRequest.headers.authorization = 'Bearer valid-token';
+    (JwtService.verifyToken as jest.Mock).mockReturnValue(payload);
+    
+    // Mock the blacklist check
+    <% if (caching !== 'None') { %>
+    (cacheService.get as jest.Mock).mockResolvedValue(true);
+    <% } else { %>
+    JwtService.blacklistedTokens.set('blacklisted-jti', Date.now() + 10000);
+    <% } %>
+
+    await authMiddleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+    expect(mockResponse.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    expect(mockResponse.json).toHaveBeenCalledWith({ message: 'Token revoked' });
+    expect(nextFunction).not.toHaveBeenCalled();
+  });
+
+  it('should return 401 if session is expired (sid not in activeTokens)', async () => {
+    const payload = { id: 1, email: 'test@example.com', jti: 'valid-jti', sid: 'expired-sid' };
+    mockRequest.headers.authorization = 'Bearer valid-token';
+    (JwtService.verifyToken as jest.Mock).mockReturnValue(payload);
+    
+    <% if (caching !== 'None') { %>
+    (cacheService.get as jest.Mock).mockImplementation((key: string) => {
+      if (key.startsWith('blacklist:')) return Promise.resolve(false);
+      if (key === 'refresh_tokens:1') return Promise.resolve(['other-sid']);
+      return Promise.resolve(null);
+    });
+    <% } else { %>
+    JwtService.blacklistedTokens.delete('valid-jti');
+    JwtService.activeRefreshTokens.set('1', ['other-sid']);
+    <% } %>
+
+    await authMiddleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+    expect(mockResponse.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    expect(mockResponse.json).toHaveBeenCalledWith({ message: 'Session expired' });
+    expect(nextFunction).not.toHaveBeenCalled();
+  });
+
+  it('should call next() and set req.user if token is valid, not blacklisted and session is active', async () => {
+    const payload = { id: 1, email: 'test@example.com', jti: 'valid-jti', sid: 'active-sid' };
+    mockRequest.headers.authorization = 'Bearer valid-token';
+    (JwtService.verifyToken as jest.Mock).mockReturnValue(payload);
+    
+    <% if (caching !== 'None') { %>
+    (cacheService.get as jest.Mock).mockImplementation((key: string) => {
+      if (key.startsWith('blacklist:')) return Promise.resolve(false);
+      if (key === 'refresh_tokens:1') return Promise.resolve(['active-sid']);
+      return Promise.resolve(null);
+    });
+    <% } else { %>
+    JwtService.blacklistedTokens.delete('valid-jti');
+    JwtService.activeRefreshTokens.set('1', ['active-sid']);
+    <% } %>
+
+    await authMiddleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+    expect(mockRequest.user).toEqual(payload);
+    expect(nextFunction).toHaveBeenCalled();
+  });
+});

package/templates/common/auth/ts/middleware/authMiddleware.ts.ejs

@@ -0,0 +1,59 @@
+import { Request, Response, NextFunction } from 'express';
+<% if (architecture === 'MVC') { %>
+import { JwtService, JwtPayload } from '@/services/jwtService';
+<% if (caching !== 'None') { -%>
+import cacheService from '<% if (caching === "Redis") { %>@/config/redisClient<% } else { %>@/config/memoryCache<% } %>';
+<% } -%>
+<% } else { %>
+import { JwtService, JwtPayload } from '@/infrastructure/auth/jwtService';
+<% if (caching !== 'None') { -%>
+import cacheService from '<% if (caching === "Redis") { %>@/infrastructure/caching/redisClient<% } else { %>@/infrastructure/caching/memoryCache<% } %>';
+<% } -%>
+<% } %>
+import { HTTP_STATUS } from '@/utils/httpCodes';
+
+interface CustomRequest extends Request {
+  user?: JwtPayload;
+}
+
+export const authMiddleware = async (req: CustomRequest, res: Response, next: NextFunction) => {
+  const authHeader = req.headers.authorization;
+
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'No token provided' });
+  }
+
+  const token = authHeader.split(' ')[1];
+  const decoded = JwtService.verifyToken(token);
+
+  if (!decoded) {
+    return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Invalid or expired token' });
+  }
+
+  if (decoded.jti) {
+    <%_ if (caching !== 'None') { -%>
+    const isBlacklisted = await cacheService.get(`blacklist:${decoded.jti}`);
+    if (isBlacklisted) {
+      return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Token revoked' });
+    }<%_ } else { -%>
+    const expiryDate = JwtService.blacklistedTokens.get(decoded.jti);
+    if (expiryDate && Date.now() < expiryDate) {
+      return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Token revoked' });
+    }<% } %>
+  }
+
+  if (decoded.sid) {
+    <%_ if (caching !== 'None') { -%>
+    const activeTokens = await cacheService.get<string[]>(`refresh_tokens:${decoded.id}`) || [];
+    if (!activeTokens.includes(decoded.sid)) {
+      return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Session expired' });
+    }<%_ } else { -%>
+    const activeTokens = JwtService.activeRefreshTokens.get(String(decoded.id)) || [];
+    if (!activeTokens.includes(decoded.sid)) {
+      return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Session expired' });
+    }<% } %>
+  }
+
+  req.user = decoded;
+  next();
+};

package/templates/common/auth/ts/routes/authRoutes.ts.ejs

@@ -0,0 +1,20 @@
+import { Router } from 'express';
+<%_ if (architecture === 'MVC') { -%>
+import { AuthController } from '@/controllers/authController';
+<%_ } else { -%>
+import { AuthController } from '@/interfaces/controllers/auth/authController';
+<%_ } -%>
+<%_ if (architecture === 'MVC') { -%>
+import { authMiddleware } from '@/middleware/authMiddleware';
+<%_ } else { -%>
+import { authMiddleware } from '@/infrastructure/webserver/middleware/authMiddleware';
+<%_ } -%>
+
+const router = Router();
+const authController = new AuthController();
+
+router.post('/login', (req, res, next) => authController.login(req, res, next));
+router.post('/refresh', (req, res, next) => authController.refresh(req, res, next));
+router.post('/logout', authMiddleware, (req, res, next) => authController.logout(req, res, next));
+
+export default router;

package/templates/common/auth/ts/services/jwtService.spec.ts.ejs

@@ -0,0 +1,89 @@
+<% if (architecture === 'Clean Architecture') { -%>
+import { JwtService } from '@/infrastructure/auth/jwtService';
+<% } else { -%>
+import { JwtService } from '@/services/jwtService';
+<% } -%>
+import jwt from 'jsonwebtoken';
+
+jest.mock('jsonwebtoken');
+jest.mock('@/config/env', () => ({
+  env: {
+    JWT_SECRET: 'test-secret',
+    JWT_REFRESH_SECRET: 'test-refresh-secret',
+    JWT_EXPIRES_IN: '15m'
+  }
+}));
+
+describe('JwtService', () => {
+  const secret = 'test-secret';
+  const refreshSecret = 'test-refresh-secret';
+  const payload = { id: 1, email: 'test@example.com' };
+  const token = 'mock-token';
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('generateToken', () => {
+    it('should generate a token with standard expiration and jti', () => {
+      (jwt.sign as jest.Mock).mockReturnValue(token);
+
+      const result = JwtService.generateToken(payload);
+
+      expect(jwt.sign).toHaveBeenCalledWith(
+        expect.objectContaining({ ...payload, jti: expect.any(String) }),
+        secret,
+        { expiresIn: '15m' }
+      );
+      expect(result).toBe(token);
+    });
+  });
+
+  describe('generateRefreshToken', () => {
+    it('should generate a refresh token with refresh secret and jti', () => {
+      (jwt.sign as jest.Mock).mockReturnValue(token);
+
+      const result = JwtService.generateRefreshToken(payload);
+
+      expect(jwt.sign).toHaveBeenCalledWith(
+        expect.objectContaining({ ...payload, jti: expect.any(String) }),
+        refreshSecret,
+        { expiresIn: '7d' }
+      );
+      expect(result).toBe(token);
+    });
+  });
+
+  describe('verifyToken', () => {
+    it('should return decoded payload for a valid token', () => {
+      (jwt.verify as jest.Mock).mockReturnValue(payload);
+
+      const result = JwtService.verifyToken(token);
+
+      expect(jwt.verify).toHaveBeenCalledWith(token, secret);
+      expect(result).toEqual(payload);
+    });
+  });
+
+  describe('verifyRefreshToken', () => {
+    it('should return decoded payload for a valid refresh token', () => {
+      (jwt.verify as jest.Mock).mockReturnValue(payload);
+
+      const result = JwtService.verifyRefreshToken(token);
+
+      expect(jwt.verify).toHaveBeenCalledWith(token, refreshSecret);
+      expect(result).toEqual(payload);
+    });
+  });
+
+  describe('decodeToken', () => {
+    it('should return decoded payload without verification', () => {
+      (jwt.decode as jest.Mock).mockReturnValue(payload);
+
+      const result = JwtService.decodeToken(token);
+
+      expect(jwt.decode).toHaveBeenCalledWith(token);
+      expect(result).toEqual(payload);
+    });
+  });
+});

package/templates/common/auth/ts/services/jwtService.ts.ejs

@@ -0,0 +1,60 @@
+import jwt from 'jsonwebtoken';
+import crypto from 'crypto';
+import { env } from '@/config/env';
+
+export interface JwtPayload {
+  id: string | number;
+  email: string;
+  jti?: string;
+  sid?: string;
+  exp?: number;
+}
+
+export class JwtService {
+  private static readonly SECRET = env.JWT_SECRET || 'your-secret-key';
+  private static readonly REFRESH_SECRET = env.JWT_REFRESH_SECRET || 'your-refresh-secret-key';
+  private static readonly EXPIRES_IN = env.JWT_EXPIRES_IN || '15m'; // Access tokens should be short-lived
+  private static readonly REFRESH_EXPIRES_IN = env.JWT_REFRESH_EXPIRES_IN || '7d';
+
+  static generateToken(payload: Partial<JwtPayload>, expiresIn?: string): string {
+    const jti = crypto.randomUUID();
+    return jwt.sign({ ...payload, jti }, this.SECRET, { 
+      expiresIn: expiresIn || this.EXPIRES_IN 
+    } as jwt.SignOptions);
+  }
+
+  static generateRefreshToken(payload: Partial<JwtPayload>, expiresIn?: string): string {
+    const jti = crypto.randomUUID();
+    return jwt.sign({ ...payload, jti }, this.REFRESH_SECRET, { 
+      expiresIn: expiresIn || this.REFRESH_EXPIRES_IN 
+    } as jwt.SignOptions);
+  }
+
+  static verifyToken(token: string): JwtPayload | null {
+    try {
+      return jwt.verify(token, this.SECRET) as JwtPayload;
+    } catch {
+      return null;
+    }
+  }
+
+  static verifyRefreshToken(token: string): JwtPayload | null {
+    try {
+      return jwt.verify(token, this.REFRESH_SECRET) as JwtPayload;
+    } catch {
+      return null;
+    }
+  }
+
+  static decodeToken(token: string): JwtPayload | null {
+    try {
+      return jwt.decode(token) as JwtPayload;
+    } catch {
+      return null;
+    }
+  }
+
+  // Fallback in-memory storage if caching = 'None'
+  static activeRefreshTokens = new Map<string, string[]>();
+  static blacklistedTokens = new Map<string, number>();
+}

package/templates/common/bitbucket-pipelines.yml.ejs

@@ -0,0 +1,60 @@
+image: node:22-slim
+
+pipelines:
+  default:
+    - step:
+        name: Install Dependencies
+        caches:
+          - node
+        script:
+          - npm ci
+    - parallel:
+        - step:
+            name: Lint Code
+            script:
+              - npm ci
+              - npm run lint
+        - step:
+            name: Run Unit Tests
+            script:
+              - npm ci
+              - npm run test:coverage -- --maxWorkers=2
+    - step:
+        name: Run E2E Tests
+        image: docker:20.10.16
+        services:
+          - docker
+        script:
+          - apk add --no-cache nodejs npm docker-compose
+          - npm ci
+          - export DOCKER_BUILDKIT=0
+          - npm run test:e2e
+<% if (includeSecurity) { %>
+    - parallel:
+        - step:
+            name: Snyk Security Scan
+            script:
+              - pipe: snyk/snyk-scan:1.0.0
+                variables:
+                  SNYK_TOKEN: $SNYK_TOKEN
+                  LANGUAGE: "npm"
+                  SEVERITY_THRESHOLD: "high"
+        - step:
+            name: SonarQube Analysis
+            script:
+              - pipe: sonarsource/sonarcloud-scan:2.0.0
+                variables:
+                  SONAR_TOKEN: $SONAR_TOKEN
+<% } %>
+    - step:
+        name: Build Application
+        script:
+          - npm ci
+          - npm run build --if-present
+
+definitions:
+  services:
+    docker:
+      memory: 2048
+  caches:
+    node: ~/.npm

package/templates/common/caching/clean/js/CreateUser.js.ejs

@@ -1,9 +1,12 @@
 const User = require('../domain/models/User');
-<%_ if (caching === 'Redis') { -%>
+<% if (auth.includes('JWT')) { -%>
+const bcrypt = require('bcryptjs');
+<% } -%>
+<% if (caching === 'Redis') { -%>
 const cacheService = require('../infrastructure/caching/redisClient');
-<%_ } else if (caching === 'Memory Cache') { -%>
+<% } else if (caching === 'Memory Cache') { -%>
 const cacheService = require('../infrastructure/caching/memoryCache');
-<%_ } -%>
+<% } -%>
 const logger = require('../infrastructure/log/logger');
 
 class CreateUser {
@@ -11,8 +14,14 @@ class CreateUser {
         this.userRepository = userRepository;
     }
 
-    async execute(name, email) {
-        const user = new User(null, name, email);
+    async execute(name, email, password) {
+        let finalPassword = password;
+        <% if (auth.includes('JWT')) { -%>
+        if (password) {
+            finalPassword = await bcrypt.hash(password, 10);
+        }
+        <% } -%>
+        const user = new User(null, name, email, finalPassword);
         const savedUser = await this.userRepository.save(user);
 
         try {

package/templates/common/caching/clean/js/DeleteUser.js.ejs

@@ -15,7 +15,8 @@ class DeleteUser {
 
         try {
             await cacheService.del('users:all');
-            logger.info('Invalidated users:all cache');
+            await cacheService.del(`user:${id}`);
+            logger.info(`Invalidated cache for user:${id} and all users`);
         } catch (error) {
              logger.error('Cache error (del):', error);
         }

package/templates/common/caching/clean/js/GetUserById.js.ejs

@@ -0,0 +1,39 @@
+<%_ if (caching === 'Redis') { -%>
+const cacheService = require('../infrastructure/caching/redisClient');
+<%_ } else if (caching === 'Memory Cache') { -%>
+const cacheService = require('../infrastructure/caching/memoryCache');
+<%_ } -%>
+const logger = require('../infrastructure/log/logger');
+
+class GetUserById {
+  constructor(userRepository) {
+    this.userRepository = userRepository;
+  }
+
+  async execute(id) {
+    const cacheKey = `user:${id}`;
+    try {
+      const cachedUser = await cacheService.get(cacheKey);
+      if (cachedUser) {
+        logger.info(`Serving user ${id} from cache`);
+        return cachedUser;
+      }
+    } catch (error) {
+      logger.error('Cache error (get):', error);
+    }
+
+    const user = await this.userRepository.findById(id);
+
+    if (user) {
+      try {
+        await cacheService.set(cacheKey, user, 3600); // Cache for 1 hour
+      } catch (error) {
+        logger.error('Cache error (set):', error);
+      }
+    }
+
+    return user;
+  }
+}
+
+module.exports = GetUserById;

package/templates/common/caching/clean/js/UpdateUser.js.ejs

@@ -15,7 +15,8 @@ class UpdateUser {
 
         try {
             await cacheService.del('users:all');
-            logger.info('Invalidated users:all cache');
+            await cacheService.del(`user:${id}`);
+            logger.info(`Invalidated cache for user:${id} and all users`);
         } catch (error) {
             logger.error('Cache error (del):', error);
         }