phos 1.0.3 → 1.2.0

package/src/templates/backend/elysia/src/sql/user_sql.ts

@@ -0,0 +1,191 @@
+import db from "../db";
+import bcrypt from "bcrypt";
+import type { User, CreateUserDto, UpdateUserDto } from "../types/user_type";
+
+const SALT_ROUNDS = 10;
+
+export async function getUsers(): Promise<User[]> {
+  const result = await db`
+    SELECT id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+    FROM users
+    WHERE is_active = true
+    ORDER BY created_at DESC
+  `;
+  return result as unknown as User[];
+}
+
+export async function getUserById(id: number): Promise<User | null> {
+  const result = await db`
+    SELECT id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+    FROM users
+    WHERE id = ${id}
+  `;
+  if (result.length === 0) return null;
+  return result[0] as unknown as User;
+}
+
+export async function getUserByEmail(email: string): Promise<User | null> {
+  const result = await db`
+    SELECT id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+    FROM users
+    WHERE email = ${email}
+  `;
+  if (result.length === 0) return null;
+  return result[0] as unknown as User;
+}
+
+export async function getUserByUsername(username: string): Promise<User | null> {
+  const result = await db`
+    SELECT id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+    FROM users
+    WHERE username = ${username}
+  `;
+  if (result.length === 0) return null;
+  return result[0] as unknown as User;
+}
+
+export async function createUser(data: CreateUserDto): Promise<User> {
+  const hashedPassword = await bcrypt.hash(data.password, SALT_ROUNDS);
+
+  const result = await db`
+    INSERT INTO users (email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at)
+    VALUES (
+      ${data.email},
+      ${data.username},
+      ${data.full_name},
+      ${hashedPassword},
+      ${data.avatar_url ?? null},
+      ${data.bio ?? null},
+      ${data.role ?? "user"},
+      true,
+      CURRENT_TIMESTAMP,
+      CURRENT_TIMESTAMP
+    )
+    RETURNING id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+  `;
+  return result[0] as unknown as User;
+}
+
+export async function updateUser(id: number, data: UpdateUserDto): Promise<User | null> {
+  const setParts: string[] = [];
+  const values: any[] = [];
+  let paramIndex = 1;
+
+  if (data.email !== undefined) {
+    setParts.push(`email = $${paramIndex}`);
+    values.push(data.email);
+    paramIndex++;
+  }
+  if (data.username !== undefined) {
+    setParts.push(`username = $${paramIndex}`);
+    values.push(data.username);
+    paramIndex++;
+  }
+  if (data.full_name !== undefined) {
+    setParts.push(`full_name = $${paramIndex}`);
+    values.push(data.full_name);
+    paramIndex++;
+  }
+  if (data.password !== undefined) {
+    const hashedPassword = await bcrypt.hash(data.password, SALT_ROUNDS);
+    setParts.push(`password = $${paramIndex}`);
+    values.push(hashedPassword);
+    paramIndex++;
+  }
+  if (data.avatar_url !== undefined) {
+    setParts.push(`avatar_url = $${paramIndex}`);
+    values.push(data.avatar_url);
+    paramIndex++;
+  }
+  if (data.bio !== undefined) {
+    setParts.push(`bio = $${paramIndex}`);
+    values.push(data.bio);
+    paramIndex++;
+  }
+  if (data.role !== undefined) {
+    setParts.push(`role = $${paramIndex}`);
+    values.push(data.role);
+    paramIndex++;
+  }
+  if (data.is_active !== undefined) {
+    setParts.push(`is_active = $${paramIndex}`);
+    values.push(data.is_active);
+    paramIndex++;
+  }
+
+  if (setParts.length === 0) {
+    return getUserById(id);
+  }
+
+  setParts.push(`updated_at = CURRENT_TIMESTAMP`);
+  const query = `
+    UPDATE users
+    SET ${setParts.join(", ")}
+    WHERE id = $${paramIndex}
+    RETURNING id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+  `;
+  values.push(id);
+
+  const result = await db.unsafe(query, values);
+  if (result.length === 0) return null;
+  return result[0] as unknown as User;
+}
+
+export async function deleteUser(id: number): Promise<boolean> {
+  const result = await db`
+    DELETE FROM users
+    WHERE id = ${id}
+  `;
+  return result.count > 0;
+}
+
+export async function softDeleteUser(id: number): Promise<User | null> {
+  const result = await db`
+    UPDATE users
+    SET is_active = false, updated_at = CURRENT_TIMESTAMP
+    WHERE id = ${id}
+    RETURNING id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+  `;
+  if (result.length === 0) return null;
+  return result[0] as unknown as User;
+}
+
+export async function searchUsers(keyword: string): Promise<User[]> {
+  const result = await db`
+    SELECT id, email, username, full_name, password, avatar_url, bio, role, is_active, created_at, updated_at
+    FROM users
+    WHERE is_active = true
+      AND (
+        email ILIKE ${`%${keyword}%`}
+        OR username ILIKE ${`%${keyword}%`}
+        OR full_name ILIKE ${`%${keyword}%`}
+      )
+    ORDER BY created_at DESC
+  `;
+  return result as unknown as User[];
+}
+
+export async function verifyPassword(plainPassword: string, hashedPassword: string): Promise<boolean> {
+  return await bcrypt.compare(plainPassword, hashedPassword);
+}
+
+export const userTableSchema = `
+CREATE TABLE IF NOT EXISTS users (
+  id SERIAL PRIMARY KEY,
+  email VARCHAR(255) UNIQUE NOT NULL,
+  username VARCHAR(100) UNIQUE NOT NULL,
+  full_name VARCHAR(255) NOT NULL,
+  password VARCHAR(255) NOT NULL,
+  avatar_url TEXT,
+  bio TEXT,
+  role VARCHAR(50) DEFAULT 'user',
+  is_active BOOLEAN DEFAULT true,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
+CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
+CREATE INDEX IF NOT EXISTS idx_users_role ON users(role);
+CREATE INDEX IF NOT EXISTS idx_users_is_active ON users(is_active);
+`;

package/src/templates/backend/elysia/src/types/user_type.ts

@@ -0,0 +1,54 @@
+export interface User {
+  id: number;
+  email: string;
+  username: string;
+  full_name: string;
+  password: string;
+  avatar_url: string | null;
+  bio: string | null;
+  role: string;
+  is_active: boolean;
+  created_at: Date;
+  updated_at: Date;
+}
+
+export interface CreateUserDto {
+  email: string;
+  username: string;
+  full_name: string;
+  password: string;
+  avatar_url?: string | null;
+  bio?: string | null;
+  role?: string;
+}
+
+export interface UpdateUserDto {
+  email?: string;
+  username?: string;
+  full_name?: string;
+  password?: string;
+  avatar_url?: string | null;
+  bio?: string | null;
+  role?: string;
+  is_active?: boolean;
+}
+
+export interface UserResponse {
+  id: number;
+  email: string;
+  username: string;
+  full_name: string;
+  avatar_url: string | null;
+  bio: string | null;
+  role: string;
+  is_active: boolean;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface ApiResponse<T> {
+  success: boolean;
+  data?: T;
+  message?: string;
+  error?: string;
+}

package/src/templates/backend/fastapi/src/api/user_api.py

@@ -0,0 +1,163 @@
+from fastapi import APIRouter, HTTPException, status
+from src.service.user_service import user_service
+from src.types.user_type import CreateUserDto, UpdateUserDto, ApiResponse
+from src.function.helper import validate_create_user_dto, validate_update_user_dto, validate_string
+
+router = APIRouter(prefix="/users", tags=["Users"])
+
+
+@router.get("/", response_model=ApiResponse)
+async def get_all_users():
+    try:
+        users = await user_service.get_all_users()
+        return ApiResponse(
+            success=True,
+            data=users,
+            message="Users retrieved successfully",
+        )
+    except ValueError as e:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=str(e))
+
+
+@router.get("/{user_id}", response_model=ApiResponse)
+async def get_user_by_id(user_id: int):
+    try:
+        if user_id <= 0:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid user ID")
+
+        user = await user_service.get_user_by_id(user_id)
+        if not user:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
+
+        return ApiResponse(
+            success=True,
+            data=user,
+            message="User retrieved successfully",
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=str(e))
+
+
+@router.get("/search/{keyword}", response_model=ApiResponse)
+async def search_users(keyword: str):
+    try:
+        if not validate_string(keyword, 1, 100):
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Search keyword must be between 1 and 100 characters")
+
+        users = await user_service.search_users(keyword)
+        return ApiResponse(
+            success=True,
+            data=users,
+            message="Users retrieved successfully",
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=str(e))
+
+
+@router.post("/", response_model=ApiResponse, status_code=status.HTTP_201_CREATED)
+async def create_user(data: dict):
+    try:
+        validated_data = validate_create_user_dto(data)
+        user = await user_service.create_user(validated_data)
+        return ApiResponse(
+            success=True,
+            data=user,
+            message="User created successfully",
+        )
+    except ValueError as e:
+        error_message = str(e)
+        if "already exists" in error_message or "already taken" in error_message:
+            raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail=error_message)
+        else:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=error_message)
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=str(e))
+
+
+@router.put("/{user_id}", response_model=ApiResponse)
+async def update_user(user_id: int, data: dict):
+    try:
+        if user_id <= 0:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid user ID")
+
+        validated_data = validate_update_user_dto(data)
+        user = await user_service.update_user(user_id, validated_data)
+        if not user:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
+
+        return ApiResponse(
+            success=True,
+            data=user,
+            message="User updated successfully",
+        )
+    except ValueError as e:
+        error_message = str(e)
+        if "already in use" in error_message or "already taken" in error_message:
+            raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail=error_message)
+        elif "not found" in error_message:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=error_message)
+        else:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=error_message)
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=str(e))
+
+
+@router.delete("/{user_id}", response_model=ApiResponse)
+async def delete_user(user_id: int):
+    try:
+        if user_id <= 0:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid user ID")
+
+        deleted = await user_service.delete_user(user_id)
+        if not deleted:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
+
+        return ApiResponse(
+            success=True,
+            message="User deleted successfully",
+        )
+    except ValueError as e:
+        error_message = str(e)
+        if "not found" in error_message:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=error_message)
+        else:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=error_message)
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=str(e))
+
+
+@router.post("/{user_id}/soft-delete", response_model=ApiResponse)
+async def soft_delete_user(user_id: int):
+    try:
+        if user_id <= 0:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid user ID")
+
+        user = await user_service.soft_delete_user(user_id)
+        if not user:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
+
+        return ApiResponse(
+            success=True,
+            data=user,
+            message="User soft deleted successfully",
+        )
+    except ValueError as e:
+        error_message = str(e)
+        if "not found" in error_message:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=error_message)
+        else:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=error_message)
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=str(e))

package/src/templates/backend/fastapi/src/function/helper.py

@@ -0,0 +1,107 @@
+import re
+from typing import Any
+from src.types.user_type import CreateUserDto, UpdateUserDto
+
+
+def validate_email(email: str) -> bool:
+    email_regex = r"^[^\s@]+@[^\s@]+\.[^\s@]+$"
+    return re.match(email_regex, email) is not None
+
+
+def validate_string(value: Any, min_length: int = 1, max_length: int = 255) -> bool:
+    return isinstance(value, str) and min_length <= len(value) <= max_length
+
+
+def validate_boolean(value: Any) -> bool:
+    return isinstance(value, bool)
+
+
+def validate_create_user_dto(data: dict) -> CreateUserDto:
+    errors = []
+
+    if not validate_email(data.get("email", "")):
+        errors.append("Invalid email format")
+
+    if not validate_string(data.get("username"), 3, 100):
+        errors.append("Username must be between 3 and 100 characters")
+
+    if not validate_string(data.get("full_name"), 1, 255):
+        errors.append("Full name must be between 1 and 255 characters")
+
+    if not validate_string(data.get("password"), 6, 255):
+        errors.append("Password must be at least 6 characters")
+
+    avatar_url = data.get("avatar_url")
+    if avatar_url is not None and not validate_string(avatar_url, 1, 1000):
+        errors.append("Avatar URL must be a valid string")
+
+    bio = data.get("bio")
+    if bio is not None and not validate_string(bio, 1, 1000):
+        errors.append("Bio must be a valid string")
+
+    role = data.get("role")
+    if role is not None and not validate_string(role, 1, 50):
+        errors.append("Role must be a valid string")
+
+    if errors:
+        raise ValueError(f"Validation error: {', '.join(errors)}")
+
+    return CreateUserDto(
+        email=data["email"],
+        username=data["username"],
+        full_name=data["full_name"],
+        password=data["password"],
+        avatar_url=avatar_url,
+        bio=bio,
+        role=role or "user",
+    )
+
+
+def validate_update_user_dto(data: dict) -> UpdateUserDto:
+    errors = []
+
+    email = data.get("email")
+    if email is not None and not validate_email(email):
+        errors.append("Invalid email format")
+
+    username = data.get("username")
+    if username is not None and not validate_string(username, 3, 100):
+        errors.append("Username must be between 3 and 100 characters")
+
+    full_name = data.get("full_name")
+    if full_name is not None and not validate_string(full_name, 1, 255):
+        errors.append("Full name must be between 1 and 255 characters")
+
+    password = data.get("password")
+    if password is not None and not validate_string(password, 6, 255):
+        errors.append("Password must be at least 6 characters")
+
+    avatar_url = data.get("avatar_url")
+    if avatar_url is not None and not validate_string(avatar_url, 1, 1000) and avatar_url is not None:
+        errors.append("Avatar URL must be a valid string or None")
+
+    bio = data.get("bio")
+    if bio is not None and not validate_string(bio, 1, 1000) and bio is not None:
+        errors.append("Bio must be a valid string or None")
+
+    role = data.get("role")
+    if role is not None and not validate_string(role, 1, 50):
+        errors.append("Role must be a valid string")
+
+    is_active = data.get("is_active")
+    if is_active is not None and not validate_boolean(is_active):
+        errors.append("is_active must be a boolean")
+
+    if errors:
+        raise ValueError(f"Validation error: {', '.join(errors)}")
+
+    return UpdateUserDto(
+        email=email,
+        username=username,
+        full_name=full_name,
+        password=password,
+        avatar_url=avatar_url,
+        bio=bio,
+        role=role,
+        is_active=is_active,
+    )

package/src/templates/backend/fastapi/src/service/user_service.py

@@ -0,0 +1,94 @@
+import src.sql.user_sql as UserSQL
+from src.types.user_type import User, CreateUserDto, UpdateUserDto, UserResponse
+
+
+class UserService:
+    async def get_all_users(self):
+        users = await UserSQL.get_users()
+        return [self.map_to_response(user) for user in users]
+
+    async def get_user_by_id(self, user_id: int):
+        user = await UserSQL.get_user_by_id(user_id)
+        if not user:
+            return None
+        return self.map_to_response(user)
+
+    async def get_user_by_email(self, email: str):
+        return await UserSQL.get_user_by_email(email)
+
+    async def get_user_by_username(self, username: str):
+        return await UserSQL.get_user_by_username(username)
+
+    async def create_user(self, data: CreateUserDto):
+        existing_user = await UserSQL.get_user_by_email(data.email)
+        if existing_user:
+            raise ValueError("User with this email already exists")
+
+        existing_username = await UserSQL.get_user_by_username(data.username)
+        if existing_username:
+            raise ValueError("Username already taken")
+
+        user = await UserSQL.create_user(data)
+        return self.map_to_response(user)
+
+    async def update_user(self, user_id: int, data: UpdateUserDto):
+        existing_user = await UserSQL.get_user_by_id(user_id)
+        if not existing_user:
+            raise ValueError("User not found")
+
+        if data.email:
+            email_user = await UserSQL.get_user_by_email(data.email)
+            if email_user and email_user["id"] != user_id:
+                raise ValueError("Email already in use")
+
+        if data.username:
+            username_user = await UserSQL.get_user_by_username(data.username)
+            if username_user and username_user["id"] != user_id:
+                raise ValueError("Username already taken")
+
+        filtered_data = {k: v for k, v in data.model_dump().items() if v is not None}
+        if not filtered_data:
+            return await self.get_user_by_id(user_id)
+
+        user = await UserSQL.update_user(user_id, UpdateUserDto(**filtered_data))
+        if not user:
+            return None
+        return self.map_to_response(user)
+
+    async def delete_user(self, user_id: int) -> bool:
+        existing_user = await UserSQL.get_user_by_id(user_id)
+        if not existing_user:
+            raise ValueError("User not found")
+
+        return await UserSQL.delete_user(user_id)
+
+    async def soft_delete_user(self, user_id: int):
+        existing_user = await UserSQL.get_user_by_id(user_id)
+        if not existing_user:
+            raise ValueError("User not found")
+
+        user = await UserSQL.soft_delete_user(user_id)
+        if not user:
+            return None
+        return self.map_to_response(user)
+
+    async def search_users(self, keyword: str):
+        users = await UserSQL.search_users(keyword)
+        return [self.map_to_response(user) for user in users]
+
+    def map_to_response(self, user: dict) -> dict:
+        return {
+            "id": user["id"],
+            "email": user["email"],
+            "username": user["username"],
+            "full_name": user["full_name"],
+            "avatar_url": user["avatar_url"],
+            "bio": user["bio"],
+            "role": user["role"],
+            "is_active": user["is_active"],
+            "created_at": user["created_at"],
+            "updated_at": user["updated_at"],
+        }
+
+
+user_service = UserService()