offbyt 1.0.0

package/templates/response.helper.js

@@ -0,0 +1,179 @@
+/**
+ * Response Helper Utility
+ * Standardizes API responses across the application
+ */
+export class ResponseHelper {
+  /**
+   * Success response with data
+   */
+  static success(res, data, message = 'Success', statusCode = 200) {
+    return res.status(statusCode).json({
+      success: true,
+      message,
+      data
+    });
+  }
+
+  /**
+   * Paginated response
+   */
+  static paginated(res, data, pagination, message = 'Data retrieved successfully', statusCode = 200) {
+    return res.status(statusCode).json({
+      success: true,
+      message,
+      data,
+      pagination
+    });
+  }
+
+  /**
+   * Error response
+   */
+  static error(res, message = 'Internal server error', statusCode = 500, errors = null) {
+    const response = {
+      success: false,
+      message
+    };
+
+    if (errors) {
+      response.errors = errors;
+    }
+
+    return res.status(statusCode).json(response);
+  }
+
+  /**
+   * Validation error response
+   */
+  static validationError(res, errors, message = 'Validation failed') {
+    return res.status(400).json({
+      success: false,
+      message,
+      errors
+    });
+  }
+
+  /**
+   * Not found response
+   */
+  static notFound(res, message = 'Resource not found') {
+    return res.status(404).json({
+      success: false,
+      message
+    });
+  }
+
+  /**
+   * Unauthorized response
+   */
+  static unauthorized(res, message = 'Unauthorized access') {
+    return res.status(401).json({
+      success: false,
+      message
+    });
+  }
+
+  /**
+   * Forbidden response
+   */
+  static forbidden(res, message = 'Access forbidden') {
+    return res.status(403).json({
+      success: false,
+      message
+    });
+  }
+
+  /**
+   * Created response (201)
+   */
+  static created(res, data, message = 'Resource created successfully') {
+    return res.status(201).json({
+      success: true,
+      message,
+      data
+    });
+  }
+
+  /**
+   * Updated response
+   */
+  static updated(res, data, message = 'Resource updated successfully') {
+    return res.status(200).json({
+      success: true,
+      message,
+      data
+    });
+  }
+
+  /**
+   * Deleted response
+   */
+  static deleted(res, message = 'Resource deleted successfully') {
+    return res.status(200).json({
+      success: true,
+      message
+    });
+  }
+
+  /**
+   * Bad request response
+   */
+  static badRequest(res, message = 'Bad request', errors = null) {
+    const response = {
+      success: false,
+      message
+    };
+
+    if (errors) {
+      response.errors = errors;
+    }
+
+    return res.status(400).json(response);
+  }
+
+  /**
+   * Server error response
+   */
+  static serverError(res, error = null, message = 'Internal server error') {
+    const response = {
+      success: false,
+      message
+    };
+
+    // Only include error details in development
+    if (process.env.NODE_ENV === 'development' && error) {
+      response.error = {
+        message: error.message,
+        stack: error.stack
+      };
+    }
+
+    return res.status(500).json(response);
+  }
+
+  /**
+   * Format error details for response
+   */
+  static formatErrors(errorArray) {
+    return errorArray.map(err => ({
+      field: err.field || err.param,
+      message: err.message,
+      value: err.value
+    }));
+  }
+
+  /**
+   * Bulk success response
+   */
+  static bulkSuccess(res, successCount, failureCount, message = 'Bulk operation completed') {
+    return res.status(200).json({
+      success: true,
+      message,
+      data: {
+        total: successCount + failureCount,
+        successful: successCount,
+        failed: failureCount
+      }
+    });
+  }
+}

package/templates/route.template.js

@@ -0,0 +1,130 @@
+import express from 'express';
+import { body, param } from 'express-validator';
+import { validateErrors } from '../middleware/validation.js';
+import { authenticateToken } from '../middleware/auth.js';
+import __MODEL_NAME__ from '../models/__MODEL_NAME__.model.js';
+
+const router = express.Router();
+
+// ========== GET - Fetch All / By Filter ==========
+router.get('/', async (req, res, next) => {
+  try {
+    const data = await __MODEL_NAME__.find().limit(100);
+    
+    if (!data || data.length === 0) {
+      return res.status(404).json({
+        success: false,
+        message: '__MODEL_NAME__ not found'
+      });
+    }
+
+    res.status(200).json({
+      success: true,
+      count: data.length,
+      data
+    });
+  } catch (error) {
+    next(error);
+  }
+});
+
+// ========== GET SINGLE ==========
+router.get('/:id', async (req, res, next) => {
+  try {
+    const data = await __MODEL_NAME__.findById(req.params.id);
+    
+    if (!data) {
+      return res.status(404).json({
+        success: false,
+        message: '__MODEL_NAME__ not found'
+      });
+    }
+
+    res.status(200).json({
+      success: true,
+      data
+    });
+  } catch (error) {
+    next(error);
+  }
+});
+
+// ========== POST - Create New ==========
+router.post('/', authenticateToken, async (req, res, next) => {
+  try {
+    const newData = new __MODEL_NAME__(req.body);
+    const saved = await newData.save();
+
+    res.status(201).json({
+      success: true,
+      message: '__MODEL_NAME__ created successfully',
+      data: saved
+    });
+  } catch (error) {
+    if (error.name === 'ValidationError') {
+      return res.status(400).json({
+        success: false,
+        message: 'Validation Error',
+        errors: Object.values(error.errors).map(e => e.message)
+      });
+    }
+    next(error);
+  }
+});
+
+// ========== PUT - Update Entire Document ==========
+router.put('/:id', authenticateToken, async (req, res, next) => {
+  try {
+    const updated = await __MODEL_NAME__.findByIdAndUpdate(
+      req.params.id,
+      req.body,
+      { new: true, runValidators: true }
+    );
+
+    if (!updated) {
+      return res.status(404).json({
+        success: false,
+        message: '__MODEL_NAME__ not found'
+      });
+    }
+
+    res.status(200).json({
+      success: true,
+      message: '__MODEL_NAME__ updated successfully',
+      data: updated
+    });
+  } catch (error) {
+    if (error.name === 'ValidationError') {
+      return res.status(400).json({
+        success: false,
+        message: 'Validation Error',
+        errors: Object.values(error.errors).map(e => e.message)
+      });
+    }
+    next(error);
+  }
+});
+
+// ========== DELETE ==========
+router.delete('/:id', async (req, res, next) => {
+  try {
+    const deleted = await __MODEL_NAME__.findByIdAndDelete(req.params.id);
+
+    if (!deleted) {
+      return res.status(404).json({
+        success: false,
+        message: '__MODEL_NAME__ not found'
+      });
+    }
+
+    res.status(200).json({
+      success: true,
+      message: '__MODEL_NAME__ deleted successfully',
+      data: deleted
+    });
+  } catch (error) {
+    next(error);
+  }
+});
+
+export default router;

package/templates/security.middleware.js

@@ -0,0 +1,78 @@
+/**
+ * Security Middleware
+ * Implements security best practices
+ */
+
+import helmet from 'helmet';
+import mongoSanitize from 'express-mongo-sanitize';
+import { body, validationResult } from 'express-validator';
+
+// Helmet security headers
+export const securityHeaders = helmet({
+  contentSecurityPolicy: {
+    directives: {
+      defaultSrc: ["'self'"],
+      styleSrc: ["'self'", "'unsafe-inline'"],
+      scriptSrc: ["'self'"],
+      imgSrc: ["'self'", 'data:', 'https:']
+    }
+  },
+  hsts: {
+    maxAge: 31536000, // 1 year
+    includeSubDomains: true,
+    preload: true
+  },
+  frameguard: {
+    action: 'deny'
+  },
+  referrerPolicy: {
+    policy: 'strict-origin-when-cross-origin'
+  }
+});
+
+// MongoDB injection prevention
+export const sanitizeData = (req, res, next) => {
+  // Sanitize req.body
+  if (req.body) {
+    for (const key in req.body) {
+      if (typeof req.body[key] === 'string') {
+        req.body[key] = mongoSanitize.sanitize(req.body[key]);
+      }
+    }
+  }
+
+  // Sanitize req.query
+  if (req.query) {
+    for (const key in req.query) {
+      if (typeof req.query[key] === 'string') {
+        req.query[key] = mongoSanitize.sanitize(req.query[key]);
+      }
+    }
+  }
+
+  next();
+};
+
+// Validation error handler
+export const validateErrors = (req, res, next) => {
+  const errors = validationResult(req);
+  if (!errors.isEmpty()) {
+    return res.status(400).json({
+      success: false,
+      errors: errors.array()
+    });
+  }
+  next();
+};
+
+// Common validation chains
+export const validators = {
+  email: body('email').isEmail().normalizeEmail(),
+  password: body('password').isLength({ min: 8 }).withMessage('Password must be at least 8 characters'),
+  url: body('url').isURL(),
+  id: body('id').isMongoId().withMessage('Invalid ID'),
+  phone: body('phone').isMobilePhone().optional(),
+  date: body('date').isISO8601().optional()
+};
+
+export default { securityHeaders, sanitizeData, validateErrors, validators };

package/templates/server.template.js

@@ -0,0 +1,91 @@
+import 'dotenv/config';
+import express from 'express';
+import cors from 'cors';
+import helmet from 'helmet';
+import mongoose from 'mongoose';
+import errorHandler from './middleware/errorHandler.js';
+import requestLogger from './middleware/requestLogger.js';
+
+const app = express();
+const PORT = process.env.PORT || 5000;
+const MONGODB_URI = process.env.MONGODB_URI || 'mongodb://localhost:27017/__DB_NAME__';
+
+// ============ MIDDLEWARE ============
+app.use(express.json({ limit: '10mb' }));
+app.use(express.urlencoded({ limit: '10mb', extended: true }));
+app.use(cors());
+app.use(requestLogger);
+
+// ============ ROUTES ============
+// Routes should be registered with /api prefix in __ROUTES__
+// Example: app.use(`/api/users`, usersRoutes);
+// 
+// Frontend Configuration:
+//   ✅ CORRECT:   VITE_API_URL = http://localhost:5000
+//   ❌ WRONG:     VITE_API_URL = http://localhost:5000/api
+// __ROUTES__
+
+// ============ HEALTH CHECK ============
+const healthHandler = (req, res) => {
+  res.status(200).json({ 
+    status: 'OK', 
+    timestamp: new Date().toISOString(),
+    database: mongoose.connection.readyState ? 'Connected' : 'Disconnected'
+  });
+};
+
+app.get('/health', healthHandler);
+app.get(`/api/health`, healthHandler);
+
+// ============ ERROR HANDLER ============
+app.use(errorHandler);
+
+// ============ 404 HANDLER ============
+app.use((req, res) => {
+  res.status(404).json({
+    error: 'Not Found',
+    path: req.path,
+    method: req.method
+  });
+});
+
+// ============ DATABASE CONNECTION ============
+async function connectDB() {
+  try {
+    await mongoose.connect(MONGODB_URI, {
+      useNewUrlParser: true,
+      useUnifiedTopology: true,
+      serverSelectionTimeoutMS: 5000
+    });
+    console.log('✅ MongoDB Connected');
+  } catch (error) {
+    console.error('❌ MongoDB Connection Failed:', error.message);
+    process.exit(1);
+  }
+}
+
+// ============ START SERVER ============
+async function startServer() {
+  await connectDB();
+  
+  app.listen(PORT, () => {
+    console.log(`\n🚀 Backend Server Running`);
+    console.log(`   URL: http://localhost:${PORT}`);
+    console.log(`   Health: http://localhost:${PORT}/health`);
+    console.log(`   API Health: http://localhost:${PORT}/api/health\n`);
+  });
+}
+
+// ============ GRACEFUL SHUTDOWN ============
+process.on('SIGINT', async () => {
+  console.log('\n⛔ Shutting down...');
+  await mongoose.disconnect();
+  process.exit(0);
+});
+
+startServer().catch(err => {
+  console.error(err);
+  process.exit(1);
+});
+
+export default app;