saas-backend-kit 1.0.0

package/dist/index.mjs

@@ -0,0 +1,1281 @@
+import { z } from 'zod';
+import pino from 'pino';
+import { Queue, Worker } from 'bullmq';
+import jwt from 'jsonwebtoken';
+import bcrypt from 'bcryptjs';
+import nodemailer from 'nodemailer';
+import { Response } from 'express';
+
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/auth/types.ts
+var DEFAULT_PERMISSIONS;
+var init_types = __esm({
+  "src/auth/types.ts"() {
+    DEFAULT_PERMISSIONS = {
+      admin: ["*"],
+      user: ["read", "write:own"],
+      guest: ["read:public"]
+    };
+  }
+});
+var envSchema, ConfigManager, globalConfig, config;
+var init_config = __esm({
+  "src/config/index.ts"() {
+    envSchema = z.object({
+      NODE_ENV: z.enum(["development", "production", "test"]).default("development"),
+      PORT: z.string().default("3000"),
+      DATABASE_URL: z.string().optional(),
+      REDIS_URL: z.string().default("redis://localhost:6379"),
+      JWT_SECRET: z.string().min(32).optional(),
+      JWT_EXPIRES_IN: z.string().default("7d"),
+      JWT_REFRESH_SECRET: z.string().min(32).optional(),
+      JWT_REFRESH_EXPIRES_IN: z.string().default("30d"),
+      GOOGLE_CLIENT_ID: z.string().optional(),
+      GOOGLE_CLIENT_SECRET: z.string().optional(),
+      GOOGLE_REDIRECT_URI: z.string().optional(),
+      SMTP_HOST: z.string().optional(),
+      SMTP_PORT: z.string().default("587"),
+      SMTP_USER: z.string().optional(),
+      SMTP_PASS: z.string().optional(),
+      SMTP_FROM: z.string().optional(),
+      TWILIO_ACCOUNT_SID: z.string().optional(),
+      TWILIO_AUTH_TOKEN: z.string().optional(),
+      TWILIO_PHONE_NUMBER: z.string().optional(),
+      SLACK_WEBHOOK_URL: z.string().optional(),
+      RATE_LIMIT_WINDOW: z.string().default("1m"),
+      RATE_LIMIT_LIMIT: z.string().default("100"),
+      LOG_LEVEL: z.enum(["fatal", "error", "warn", "info", "debug", "trace"]).default("info")
+    });
+    ConfigManager = class {
+      config = null;
+      schema;
+      validate;
+      constructor(options = {}) {
+        this.schema = options.schema || envSchema;
+        this.validate = options.validate ?? true;
+      }
+      load() {
+        if (this.config) return this.config;
+        const env = {};
+        for (const key of Object.keys(this.schema.shape)) {
+          env[key] = process.env[key];
+        }
+        if (this.validate) {
+          const result = this.schema.safeParse(env);
+          if (!result.success) {
+            const errors = result.error.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join(", ");
+            throw new Error(`Config validation failed: ${errors}`);
+          }
+          this.config = result.data;
+        } else {
+          this.config = env;
+        }
+        return this.config;
+      }
+      get(key) {
+        if (!this.config) this.load();
+        return this.config[key];
+      }
+      int(key) {
+        const value = this.get(key);
+        if (typeof value === "string") return parseInt(value, 10);
+        return Number(value);
+      }
+      bool(key) {
+        const value = this.get(key);
+        if (typeof value === "boolean") return value;
+        if (typeof value === "string") return value.toLowerCase() === "true";
+        return Boolean(value);
+      }
+      isProduction() {
+        return this.get("NODE_ENV") === "production";
+      }
+      isDevelopment() {
+        return this.get("NODE_ENV") === "development";
+      }
+      isTest() {
+        return this.get("NODE_ENV") === "test";
+      }
+      getAll() {
+        if (!this.config) this.load();
+        return this.config;
+      }
+    };
+    globalConfig = new ConfigManager();
+    config = {
+      load: () => globalConfig.load(),
+      get: (key) => globalConfig.get(key),
+      int: (key) => globalConfig.int(key),
+      bool: (key) => globalConfig.bool(key),
+      isProduction: () => globalConfig.isProduction(),
+      isDevelopment: () => globalConfig.isDevelopment(),
+      isTest: () => globalConfig.isTest(),
+      getAll: () => globalConfig.getAll(),
+      create: (options) => new ConfigManager(options)
+    };
+  }
+});
+
+// src/auth/rbac.ts
+var RBACService, rbacService;
+var init_rbac = __esm({
+  "src/auth/rbac.ts"() {
+    init_types();
+    RBACService = class {
+      permissions;
+      constructor(permissions = DEFAULT_PERMISSIONS) {
+        this.permissions = permissions;
+      }
+      setPermissions(permissions) {
+        this.permissions = permissions;
+      }
+      addPermission(role, permission) {
+        if (!this.permissions[role]) {
+          this.permissions[role] = [];
+        }
+        if (!this.permissions[role].includes(permission)) {
+          this.permissions[role].push(permission);
+        }
+      }
+      removePermission(role, permission) {
+        if (this.permissions[role]) {
+          this.permissions[role] = this.permissions[role].filter((p) => p !== permission);
+        }
+      }
+      getPermissions(role) {
+        return this.permissions[role] || [];
+      }
+      hasPermission(role, requiredPermission) {
+        const rolePermissions = this.getPermissions(role);
+        if (rolePermissions.includes("*")) {
+          return true;
+        }
+        if (rolePermissions.includes(requiredPermission)) {
+          return true;
+        }
+        const [requiredAction, requiredScope] = requiredPermission.split(":");
+        for (const perm of rolePermissions) {
+          const [action, scope] = perm.split(":");
+          if (action === "*" && (scope === "*" || scope === requiredScope)) {
+            return true;
+          }
+          if (action === requiredAction && (scope === "*" || scope === requiredScope)) {
+            return true;
+          }
+        }
+        return false;
+      }
+      hasRole(userRole, requiredRole) {
+        const hierarchy = ["guest", "user", "admin"];
+        const userIndex = hierarchy.indexOf(userRole);
+        const requiredIndex = hierarchy.indexOf(requiredRole);
+        if (userIndex === -1 || requiredIndex === -1) {
+          return userRole === requiredRole;
+        }
+        return userIndex >= requiredIndex;
+      }
+      authorize(permission) {
+        return (role) => this.hasPermission(role, permission);
+      }
+      authorizeRole(requiredRole) {
+        return (role) => this.hasRole(role, requiredRole);
+      }
+    };
+    rbacService = new RBACService();
+  }
+});
+var LoggerManager, loggerManager, logger;
+var init_logger = __esm({
+  "src/logger/index.ts"() {
+    init_config();
+    LoggerManager = class {
+      loggers = /* @__PURE__ */ new Map();
+      defaultLogger;
+      constructor() {
+        const level = config.get("LOG_LEVEL") || "info";
+        this.defaultLogger = pino({
+          level,
+          name: "saas-backend-kit",
+          formatters: {
+            bindings: (bindings) => ({
+              ...bindings,
+              service: "saas-backend-kit"
+            })
+          }
+        });
+      }
+      createLogger(options = {}) {
+        const name = options.name || "default";
+        if (this.loggers.has(name)) {
+          return this.loggers.get(name);
+        }
+        const level = options.level || config.get("LOG_LEVEL") || "info";
+        const logger2 = pino({
+          level,
+          name: options.name,
+          ...options
+        });
+        this.loggers.set(name, logger2);
+        return logger2;
+      }
+      getLogger(name) {
+        if (name) {
+          return this.loggers.get(name) || this.defaultLogger;
+        }
+        return this.defaultLogger;
+      }
+      child(bindings, options) {
+        const name = options?.name || "child";
+        const parent = options?.name ? this.getLogger(name) : this.defaultLogger;
+        return parent.child(bindings);
+      }
+    };
+    loggerManager = new LoggerManager();
+    logger = {
+      info: (message, ...args) => loggerManager.getLogger().info(message, ...args),
+      warn: (message, ...args) => loggerManager.getLogger().warn(message, ...args),
+      error: (message, ...args) => loggerManager.getLogger().error(message, ...args),
+      debug: (message, ...args) => loggerManager.getLogger().debug(message, ...args),
+      trace: (message, ...args) => loggerManager.getLogger().trace(message, ...args),
+      fatal: (message, ...args) => loggerManager.getLogger().fatal(message, ...args),
+      child: (bindings, options) => loggerManager.child(bindings, options),
+      create: (options) => loggerManager.createLogger(options),
+      get: (name) => loggerManager.getLogger(name)
+    };
+  }
+});
+
+// src/queue/index.ts
+var queue_exports = {};
+__export(queue_exports, {
+  QueueManager: () => QueueManager,
+  addJob: () => addJob,
+  createQueue: () => createQueue,
+  default: () => queue_default,
+  processJob: () => processJob,
+  queue: () => queue
+});
+var QueueManager, queueManager, createQueue, addJob, processJob, queue, queue_default;
+var init_queue = __esm({
+  "src/queue/index.ts"() {
+    init_config();
+    init_logger();
+    QueueManager = class {
+      queues = /* @__PURE__ */ new Map();
+      workers = /* @__PURE__ */ new Map();
+      redisOptions;
+      constructor() {
+        const redisUrl = config.get("REDIS_URL");
+        if (redisUrl) {
+          this.redisOptions = { url: redisUrl };
+        } else {
+          this.redisOptions = {
+            host: "localhost",
+            port: 6379
+          };
+        }
+      }
+      setRedisOptions(options) {
+        this.redisOptions = options;
+      }
+      createQueue(name, options) {
+        if (this.queues.has(name)) {
+          return this.queues.get(name);
+        }
+        const queue2 = new Queue(name, {
+          connection: this.redisOptions,
+          defaultJobOptions: options?.defaultJobOptions || {
+            removeOnComplete: 100,
+            removeOnFail: 100
+          }
+        });
+        this.queues.set(name, queue2);
+        logger.info(`Queue "${name}" created`);
+        return queue2;
+      }
+      getQueue(name) {
+        return this.queues.get(name);
+      }
+      async addJob(queueName, jobName, data, options) {
+        const queue2 = this.getQueue(queueName) || this.createQueue(queueName);
+        const job = await queue2.add(jobName, data, options);
+        logger.debug(`Job "${jobName}" added to queue "${queueName}"`, { jobId: job.id });
+        return job;
+      }
+      async addBulkJobs(queueName, jobs) {
+        const queue2 = this.getQueue(queueName) || this.createQueue(queueName);
+        const bulkJobs = jobs.map((job) => ({
+          name: job.name,
+          data: job.data,
+          ...job.options
+        }));
+        const result = await queue2.addBulk(bulkJobs);
+        logger.debug(`${jobs.length} jobs added to queue "${queueName}"`);
+        return result;
+      }
+      processJob(queueName, processor, options) {
+        this.getQueue(queueName) || this.createQueue(queueName);
+        const worker = new Worker(queueName, async (job) => {
+          logger.debug(`Processing job "${job.name}"`, { jobId: job.id, queue: queueName });
+          return await processor(job);
+        }, {
+          connection: this.redisOptions,
+          concurrency: options?.concurrency || 1,
+          ...options
+        });
+        worker.on("completed", (job) => {
+          logger.debug(`Job completed`, { jobId: job.id, queue: queueName });
+        });
+        worker.on("failed", (job, err) => {
+          logger.error(`Job failed`, { jobId: job?.id, queue: queueName, error: err.message });
+        });
+        worker.on("error", (err) => {
+          logger.error(`Worker error`, { queue: queueName, error: err.message });
+        });
+        this.workers.set(queueName, worker);
+        logger.info(`Worker started for queue "${queueName}"`);
+        return worker;
+      }
+      async getJobCounts(queueName) {
+        const queue2 = this.getQueue(queueName);
+        if (!queue2) {
+          return { waiting: 0, active: 0, completed: 0, failed: 0, delayed: 0 };
+        }
+        return await queue2.getJobCounts();
+      }
+      async getJobs(queueName, start = 0, end = 10) {
+        const queue2 = this.getQueue(queueName);
+        if (!queue2) return [];
+        return await queue2.getJobs(["waiting", "active", "completed", "failed"], start, end);
+      }
+      async closeQueue(name) {
+        const queue2 = this.queues.get(name);
+        if (queue2) {
+          await queue2.close();
+          this.queues.delete(name);
+          logger.info(`Queue "${name}" closed`);
+        }
+      }
+      async closeWorker(name) {
+        const worker = this.workers.get(name);
+        if (worker) {
+          await worker.close();
+          this.workers.delete(name);
+          logger.info(`Worker for queue "${name}" closed`);
+        }
+      }
+      async closeAll() {
+        await Promise.all([
+          ...Array.from(this.queues.values()).map((q) => q.close()),
+          ...Array.from(this.workers.values()).map((w) => w.close())
+        ]);
+        this.queues.clear();
+        this.workers.clear();
+        logger.info("All queues and workers closed");
+      }
+    };
+    queueManager = new QueueManager();
+    createQueue = (name, options) => {
+      return queueManager.createQueue(name, options);
+    };
+    addJob = (queueName, jobName, data, options) => {
+      return queueManager.addJob(queueName, jobName, data, options);
+    };
+    processJob = (queueName, processor, options) => {
+      return queueManager.processJob(queueName, processor, options);
+    };
+    queue = {
+      create: createQueue,
+      add: addJob,
+      process: processJob,
+      get: (name) => queueManager.getQueue(name),
+      getJobCounts: (name) => queueManager.getJobCounts(name),
+      getJobs: (name, start, end) => queueManager.getJobs(name, start, end),
+      close: (name) => queueManager.closeQueue(name),
+      closeAll: () => queueManager.closeAll(),
+      setRedisOptions: (options) => queueManager.setRedisOptions(options)
+    };
+    queue_default = queue;
+  }
+});
+
+// src/rate-limit/express.ts
+function rateLimit(options = {}) {
+  const limiter = new RateLimiter(options);
+  return limiter.middleware();
+}
+function createRateLimiter(options) {
+  return new RateLimiter(options);
+}
+var InMemoryRateLimiter, RateLimiter;
+var init_express = __esm({
+  "src/rate-limit/express.ts"() {
+    init_config();
+    InMemoryRateLimiter = class {
+      store = /* @__PURE__ */ new Map();
+      cleanupInterval;
+      constructor() {
+        this.cleanupInterval = setInterval(() => this.cleanup(), 6e4);
+      }
+      cleanup() {
+        const now = Date.now();
+        for (const [key, record] of this.store.entries()) {
+          if (record.resetTime < now) {
+            this.store.delete(key);
+          }
+        }
+      }
+      increment(key, windowMs) {
+        const now = Date.now();
+        const record = this.store.get(key);
+        if (!record || record.resetTime < now) {
+          const resetTime = now + windowMs;
+          this.store.set(key, { count: 1, resetTime });
+          return { count: 1, resetTime };
+        }
+        record.count++;
+        return record;
+      }
+      get(key) {
+        return this.store.get(key);
+      }
+      destroy() {
+        clearInterval(this.cleanupInterval);
+      }
+    };
+    RateLimiter = class {
+      options;
+      store;
+      constructor(options = {}) {
+        const defaultWindow = config.get("RATE_LIMIT_WINDOW") || "1m";
+        const defaultLimit = parseInt(config.get("RATE_LIMIT_LIMIT") || "100", 10);
+        this.options = {
+          window: options.window || defaultWindow,
+          limit: options.limit || defaultLimit,
+          keyGenerator: options.keyGenerator || ((req) => req.ip || "unknown"),
+          handler: options.handler || this.defaultHandler,
+          skipSuccessfulRequests: options.skipSuccessfulRequests || false,
+          skipFailedRequests: options.skipFailedRequests || false,
+          skip: options.skip || (() => false)
+        };
+        this.store = new InMemoryRateLimiter();
+      }
+      getWindowMs() {
+        const window = this.options.window;
+        const match = window.match(/^(\d+)(s|m|h|d)$/);
+        if (!match) return 6e4;
+        const value = parseInt(match[1], 10);
+        const unit = match[2];
+        switch (unit) {
+          case "s":
+            return value * 1e3;
+          case "m":
+            return value * 60 * 1e3;
+          case "h":
+            return value * 60 * 60 * 1e3;
+          case "d":
+            return value * 24 * 60 * 60 * 1e3;
+          default:
+            return 6e4;
+        }
+      }
+      defaultHandler(req, res) {
+        res.status(429).json({
+          error: "Too many requests",
+          message: `Rate limit exceeded. Please try again later.`
+        });
+      }
+      middleware() {
+        const windowMs = this.getWindowMs();
+        return (req, res, next) => {
+          if (this.options.skip(req)) {
+            return next();
+          }
+          const key = this.options.keyGenerator(req);
+          const record = this.store.increment(key, windowMs);
+          const remaining = Math.max(0, this.options.limit - record.count);
+          new Date(record.resetTime);
+          res.setHeader("X-RateLimit-Limit", this.options.limit);
+          res.setHeader("X-RateLimit-Remaining", remaining);
+          res.setHeader("X-RateLimit-Reset", Math.ceil(record.resetTime / 1e3));
+          if (record.count > this.options.limit) {
+            return this.options.handler(req, res);
+          }
+          next();
+        };
+      }
+      destroy() {
+        this.store.destroy();
+      }
+    };
+  }
+});
+
+// src/auth/index.ts
+init_types();
+
+// src/auth/jwt.ts
+init_config();
+var JWTService = class {
+  secret;
+  expiresIn;
+  refreshSecret;
+  refreshExpiresIn;
+  constructor(options = {}) {
+    this.secret = options.jwtSecret || config.get("JWT_SECRET") || "default-secret-change-in-production";
+    this.expiresIn = options.jwtExpiresIn || config.get("JWT_EXPIRES_IN") || "7d";
+    this.refreshSecret = options.refreshSecret || config.get("JWT_REFRESH_SECRET") || this.secret;
+    this.refreshExpiresIn = options.refreshExpiresIn || config.get("JWT_REFRESH_EXPIRES_IN") || "30d";
+  }
+  generateToken(payload) {
+    return jwt.sign(payload, this.secret, { expiresIn: this.expiresIn });
+  }
+  generateRefreshToken(payload) {
+    return jwt.sign(payload, this.refreshSecret, { expiresIn: this.refreshExpiresIn });
+  }
+  generateTokenPair(payload) {
+    return {
+      accessToken: this.generateToken(payload),
+      refreshToken: this.generateRefreshToken(payload)
+    };
+  }
+  verifyToken(token) {
+    return jwt.verify(token, this.secret);
+  }
+  verifyRefreshToken(token) {
+    return jwt.verify(token, this.refreshSecret);
+  }
+  refreshTokens(refreshToken) {
+    const payload = this.verifyRefreshToken(refreshToken);
+    return this.generateTokenPair(payload);
+  }
+};
+var jwtService = new JWTService();
+
+// src/auth/index.ts
+init_rbac();
+
+// src/auth/oauth.ts
+init_config();
+var OAuthService = class {
+  providers = /* @__PURE__ */ new Map();
+  constructor() {
+    const googleClientId = config.get("GOOGLE_CLIENT_ID");
+    const googleClientSecret = config.get("GOOGLE_CLIENT_SECRET");
+    const googleRedirectUri = config.get("GOOGLE_REDIRECT_URI");
+    if (googleClientId && googleClientSecret && googleRedirectUri) {
+      this.registerProvider("google", {
+        name: "google",
+        clientId: googleClientId,
+        clientSecret: googleClientSecret,
+        redirectUri: googleRedirectUri,
+        authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+        tokenUrl: "https://oauth2.googleapis.com/token",
+        userInfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo"
+      });
+    }
+  }
+  registerProvider(name, provider) {
+    this.providers.set(name, provider);
+  }
+  getProvider(name) {
+    return this.providers.get(name);
+  }
+  getAuthorizationUrl(providerName, state) {
+    const provider = this.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`OAuth provider ${providerName} not registered`);
+    }
+    const params = new URLSearchParams({
+      client_id: provider.clientId,
+      redirect_uri: provider.redirectUri,
+      response_type: "code",
+      scope: "openid email profile",
+      state: state || ""
+    });
+    return `${provider.authorizationUrl}?${params.toString()}`;
+  }
+  async exchangeCode(providerName, code) {
+    const provider = this.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`OAuth provider ${providerName} not registered`);
+    }
+    const response2 = await fetch(provider.tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        client_id: provider.clientId,
+        client_secret: provider.clientSecret,
+        code,
+        grant_type: "authorization_code",
+        redirect_uri: provider.redirectUri
+      })
+    });
+    if (!response2.ok) {
+      const error = await response2.text();
+      throw new Error(`OAuth token exchange failed: ${error}`);
+    }
+    const data = await response2.json();
+    return {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token
+    };
+  }
+  async getUserInfo(providerName, accessToken) {
+    const provider = this.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`OAuth provider ${providerName} not registered`);
+    }
+    const response2 = await fetch(provider.userInfoUrl, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`
+      }
+    });
+    if (!response2.ok) {
+      const error = await response2.text();
+      throw new Error(`OAuth user info fetch failed: ${error}`);
+    }
+    const data = await response2.json();
+    return {
+      id: data.id,
+      email: data.email,
+      name: data.name,
+      picture: data.picture
+    };
+  }
+};
+var oauthService = new OAuthService();
+init_rbac();
+var InMemoryUserStore = class {
+  users = /* @__PURE__ */ new Map();
+  async findByEmail(email) {
+    for (const user of this.users.values()) {
+      if (user.email === email) return user;
+    }
+    return null;
+  }
+  async findById(id) {
+    return this.users.get(id) || null;
+  }
+  async create(data) {
+    const id = Math.random().toString(36).substr(2, 9);
+    const hashedPassword = await bcrypt.hash(data.password, 10);
+    const user = {
+      id,
+      email: data.email,
+      password: hashedPassword,
+      role: data.role || "user",
+      name: data.name
+    };
+    this.users.set(id, user);
+    return user;
+  }
+  async update(id, data) {
+    const user = this.users.get(id);
+    if (!user) throw new Error("User not found");
+    const updated = { ...user, ...data };
+    this.users.set(id, updated);
+    return updated;
+  }
+};
+var AuthService = class {
+  userStore;
+  options;
+  initialized = false;
+  constructor(options = {}, userStore) {
+    this.options = {
+      jwtSecret: options.jwtSecret || process.env.JWT_SECRET || "default-secret-change-in-production",
+      jwtExpiresIn: options.jwtExpiresIn || "7d",
+      refreshSecret: options.refreshSecret || process.env.JWT_REFRESH_SECRET || "default-secret-change-in-production",
+      refreshExpiresIn: options.refreshExpiresIn || "30d",
+      googleClientId: options.googleClientId || process.env.GOOGLE_CLIENT_ID || "",
+      googleClientSecret: options.googleClientSecret || process.env.GOOGLE_CLIENT_SECRET || "",
+      googleRedirectUri: options.googleRedirectUri || process.env.GOOGLE_REDIRECT_URI || ""
+    };
+    this.userStore = userStore || new InMemoryUserStore();
+  }
+  async initialize() {
+    if (this.options.googleClientId && this.options.googleClientSecret && this.options.googleRedirectUri) {
+      oauthService.registerProvider("google", {
+        name: "google",
+        clientId: this.options.googleClientId,
+        clientSecret: this.options.googleClientSecret,
+        redirectUri: this.options.googleRedirectUri,
+        authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+        tokenUrl: "https://oauth2.googleapis.com/token",
+        userInfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo"
+      });
+    }
+    this.initialized = true;
+  }
+  async register(data) {
+    const existing = await this.userStore.findByEmail(data.email);
+    if (existing) {
+      throw new Error("User already exists");
+    }
+    const user = await this.userStore.create(data);
+    const tokens = jwtService.generateTokenPair({
+      userId: user.id,
+      email: user.email,
+      role: user.role
+    });
+    return { user, tokens };
+  }
+  async login(credentials) {
+    const user = await this.userStore.findByEmail(credentials.email);
+    if (!user || !user.password) {
+      throw new Error("Invalid credentials");
+    }
+    const isValid = await bcrypt.compare(credentials.password, user.password);
+    if (!isValid) {
+      throw new Error("Invalid credentials");
+    }
+    const tokens = jwtService.generateTokenPair({
+      userId: user.id,
+      email: user.email,
+      role: user.role
+    });
+    return { user, tokens };
+  }
+  async refresh(refreshToken) {
+    return jwtService.refreshTokens(refreshToken);
+  }
+  async getGoogleAuthUrl(state) {
+    return oauthService.getAuthorizationUrl("google", state);
+  }
+  async handleGoogleCallback(code) {
+    const { accessToken } = await oauthService.exchangeCode("google", code);
+    const userInfo = await oauthService.getUserInfo("google", accessToken);
+    let user = await this.userStore.findByEmail(userInfo.email);
+    if (!user) {
+      user = await this.userStore.create({
+        email: userInfo.email,
+        password: Math.random().toString(36).substr(2, 20),
+        name: userInfo.name,
+        role: "user"
+      });
+    }
+    const tokens = jwtService.generateTokenPair({
+      userId: user.id,
+      email: user.email,
+      role: user.role
+    });
+    return { user, tokens };
+  }
+  getMiddleware() {
+    return (req, res, next) => {
+      const authHeader = req.headers.authorization;
+      if (!authHeader || !authHeader.startsWith("Bearer ")) {
+        return res.status(401).json({ error: "No token provided" });
+      }
+      const token = authHeader.substring(7);
+      try {
+        const payload = jwtService.verifyToken(token);
+        req.user = {
+          ...payload,
+          id: payload.userId
+        };
+        next();
+      } catch (error) {
+        return res.status(401).json({ error: "Invalid token" });
+      }
+    };
+  }
+  requireUser() {
+    return (req, res, next) => {
+      if (!req.user) {
+        return res.status(401).json({ error: "Authentication required" });
+      }
+      next();
+    };
+  }
+  requireRole(role) {
+    return (req, res, next) => {
+      if (!req.user) {
+        return res.status(401).json({ error: "Authentication required" });
+      }
+      if (!rbacService.hasRole(req.user.role, role)) {
+        return res.status(403).json({ error: "Insufficient permissions" });
+      }
+      next();
+    };
+  }
+  requirePermission(permission) {
+    return (req, res, next) => {
+      if (!req.user) {
+        return res.status(401).json({ error: "Authentication required" });
+      }
+      if (!rbacService.hasPermission(req.user.role, permission)) {
+        return res.status(403).json({ error: "Insufficient permissions" });
+      }
+      next();
+    };
+  }
+};
+var authServiceInstance = null;
+function createAuth(options, userStore) {
+  authServiceInstance = new AuthService(options, userStore);
+  return authServiceInstance;
+}
+function auth() {
+  if (!authServiceInstance) {
+    authServiceInstance = new AuthService();
+  }
+  return authServiceInstance;
+}
+var Auth = {
+  initialize: (options) => {
+    const service = createAuth(options);
+    return {
+      service,
+      getMiddleware: () => service.getMiddleware(),
+      requireUser: () => service.requireUser(),
+      requireRole: (role) => service.requireRole(role),
+      requirePermission: (permission) => service.requirePermission(permission)
+    };
+  }
+};
+
+// src/index.ts
+init_queue();
+
+// src/notifications/index.ts
+init_config();
+init_logger();
+var EmailService = class {
+  transporter = null;
+  from;
+  constructor() {
+    this.from = config.get("SMTP_FROM") || "noreply@example.com";
+    this.initialize();
+  }
+  initialize() {
+    const host = config.get("SMTP_HOST");
+    const port = parseInt(config.get("SMTP_PORT") || "587", 10);
+    const user = config.get("SMTP_USER");
+    const pass = config.get("SMTP_PASS");
+    if (host && user && pass) {
+      this.transporter = nodemailer.createTransport({
+        host,
+        port,
+        secure: port === 465,
+        auth: {
+          user,
+          pass
+        }
+      });
+      logger.info("Email service initialized");
+    }
+  }
+  setTransporter(transporter) {
+    this.transporter = transporter;
+  }
+  async send(options) {
+    if (!this.transporter) {
+      logger.warn("Email transporter not configured, skipping email");
+      return { messageId: "mock-message-id" };
+    }
+    const mailOptions = {
+      from: options.from || this.from,
+      to: Array.isArray(options.to) ? options.to.join(", ") : options.to,
+      subject: options.subject,
+      text: options.text,
+      html: options.html || this.renderTemplate(options.template, options.templateData),
+      cc: options.cc,
+      bcc: options.bcc,
+      attachments: options.attachments
+    };
+    const result = await this.transporter.sendMail(mailOptions);
+    logger.info(`Email sent to ${options.to}`, { messageId: result.messageId });
+    return { messageId: result.messageId };
+  }
+  renderTemplate(templateName, data) {
+    if (!templateName || !data) return void 0;
+    const templates = {
+      welcome: (data2) => `
+        <h1>Welcome, ${data2.name || "User"}!</h1>
+        <p>Thank you for joining ${data2.appName || "our platform"}.</p>
+        <p>Get started by verifying your email.</p>
+      `,
+      passwordReset: (data2) => `
+        <h1>Password Reset</h1>
+        <p>Click <a href="${data2.resetUrl}">here</a> to reset your password.</p>
+        <p>This link expires in ${data2.expiry || "1 hour"}.</p>
+      `,
+      verification: (data2) => `
+        <h1>Verify Your Email</h1>
+        <p>Click <a href="${data2.verifyUrl}">here</a> to verify your email.</p>
+      `
+    };
+    const template = templates[templateName];
+    return template ? template(data) : void 0;
+  }
+};
+var SMSService = class {
+  accountSid;
+  authToken;
+  phoneNumber;
+  initialized = false;
+  constructor() {
+    this.accountSid = config.get("TWILIO_ACCOUNT_SID") || "";
+    this.authToken = config.get("TWILIO_AUTH_TOKEN") || "";
+    this.phoneNumber = config.get("TWILIO_PHONE_NUMBER") || "";
+    this.initialized = !!(this.accountSid && this.authToken && this.phoneNumber);
+  }
+  async send(options) {
+    if (!this.initialized) {
+      logger.warn("Twilio not configured, skipping SMS");
+      return { sid: "mock-sid" };
+    }
+    try {
+      const twilio = await import('twilio');
+      const client = twilio.default(this.accountSid, this.authToken);
+      const result = await client.messages.create({
+        body: options.message,
+        from: options.from || this.phoneNumber,
+        to: options.to
+      });
+      logger.info(`SMS sent to ${options.to}`, { sid: result.sid });
+      return { sid: result.sid };
+    } catch (error) {
+      logger.error("Failed to send SMS", { error });
+      throw error;
+    }
+  }
+};
+var WebhookService = class {
+  async send(options) {
+    const response2 = await fetch(options.url, {
+      method: options.method || "POST",
+      headers: {
+        "Content-Type": "application/json",
+        ...options.headers
+      },
+      body: options.body ? JSON.stringify(options.body) : void 0,
+      signal: options.timeout ? AbortSignal.timeout(options.timeout) : void 0
+    });
+    const body = await response2.json().catch(() => null);
+    logger.info(`Webhook sent to ${options.url}`, { status: response2.status });
+    return { status: response2.status, body };
+  }
+};
+var SlackService = class {
+  webhookUrl;
+  constructor() {
+    this.webhookUrl = config.get("SLACK_WEBHOOK_URL") || "";
+  }
+  setWebhookUrl(url) {
+    this.webhookUrl = url;
+  }
+  async send(options) {
+    if (!this.webhookUrl) {
+      logger.warn("Slack webhook not configured, skipping message");
+      return { ok: false };
+    }
+    const payload = {
+      text: options.text,
+      blocks: options.blocks,
+      channel: options.channel,
+      username: options.username,
+      icon_emoji: options.iconEmoji
+    };
+    const response2 = await fetch(this.webhookUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload)
+    });
+    const ok = response2.ok;
+    if (ok) {
+      logger.info("Slack message sent");
+    } else {
+      logger.error("Failed to send Slack message");
+    }
+    return { ok };
+  }
+};
+var NotificationService = class {
+  email;
+  sms;
+  webhook;
+  slack;
+  constructor() {
+    this.email = new EmailService();
+    this.sms = new SMSService();
+    this.webhook = new WebhookService();
+    this.slack = new SlackService();
+  }
+};
+var notify = new NotificationService();
+var notification = {
+  email: (options) => notify.email.send(options),
+  sms: (options) => notify.sms.send(options),
+  webhook: (options) => notify.webhook.send(options),
+  slack: (options) => notify.slack.send(options)
+};
+
+// src/index.ts
+init_logger();
+
+// src/rate-limit/index.ts
+init_express();
+
+// src/index.ts
+init_config();
+var ResponseHelper = class {
+  static success(res, data, message, statusCode = 200) {
+    const response2 = {
+      success: true,
+      data,
+      message
+    };
+    return res.status(statusCode).json(response2);
+  }
+  static created(res, data, message = "Resource created") {
+    return this.success(res, data, message, 201);
+  }
+  static updated(res, data, message = "Resource updated") {
+    return this.success(res, data, message, 200);
+  }
+  static deleted(res, message = "Resource deleted") {
+    return this.success(res, null, message, 200);
+  }
+  static error(res, error, statusCode = 400, code, details) {
+    const response2 = {
+      success: false,
+      error,
+      code,
+      ...details && { details }
+    };
+    return res.status(statusCode).json(response2);
+  }
+  static badRequest(res, error = "Bad request", code) {
+    return this.error(res, error, 400, code);
+  }
+  static unauthorized(res, error = "Unauthorized", code) {
+    return this.error(res, error, 401, code);
+  }
+  static forbidden(res, error = "Forbidden", code) {
+    return this.error(res, error, 403, code);
+  }
+  static notFound(res, error = "Resource not found", code) {
+    return this.error(res, error, 404, code);
+  }
+  static conflict(res, error = "Conflict", code) {
+    return this.error(res, error, 409, code);
+  }
+  static validationError(res, error, details) {
+    return this.error(res, error, 422, "VALIDATION_ERROR", details);
+  }
+  static internalError(res, error = "Internal server error") {
+    return this.error(res, error, 500, "INTERNAL_ERROR");
+  }
+  static paginated(res, data, page, limit, total) {
+    const totalPages = Math.ceil(total / limit);
+    const response2 = {
+      success: true,
+      data,
+      meta: {
+        page,
+        limit,
+        total,
+        totalPages
+      }
+    };
+    return res.status(200).json(response2);
+  }
+  static noContent(res) {
+    return res.status(204).send();
+  }
+};
+Response.prototype.success = function(data, message, statusCode = 200) {
+  return ResponseHelper.success(this, data, message, statusCode);
+};
+Response.prototype.created = function(data, message) {
+  return ResponseHelper.created(this, data, message);
+};
+Response.prototype.updated = function(data, message) {
+  return ResponseHelper.updated(this, data, message);
+};
+Response.prototype.deleted = function(message) {
+  return ResponseHelper.deleted(this, message);
+};
+Response.prototype.error = function(error, statusCode = 400, code, details) {
+  return ResponseHelper.error(this, error, statusCode, code, details);
+};
+Response.prototype.badRequest = function(error, code) {
+  return ResponseHelper.badRequest(this, error, code);
+};
+Response.prototype.unauthorized = function(error, code) {
+  return ResponseHelper.unauthorized(this, error, code);
+};
+Response.prototype.forbidden = function(error, code) {
+  return ResponseHelper.forbidden(this, error, code);
+};
+Response.prototype.notFound = function(error, code) {
+  return ResponseHelper.notFound(this, error, code);
+};
+Response.prototype.conflict = function(error, code) {
+  return ResponseHelper.conflict(this, error, code);
+};
+Response.prototype.validationError = function(error, details) {
+  return ResponseHelper.validationError(this, error, details);
+};
+Response.prototype.internalError = function(error) {
+  return ResponseHelper.internalError(this, error);
+};
+Response.prototype.paginated = function(data, page, limit, total) {
+  return ResponseHelper.paginated(this, data, page, limit, total);
+};
+var response = ResponseHelper;
+
+// src/plugin.ts
+init_logger();
+init_config();
+var PluginManager = class {
+  plugins = /* @__PURE__ */ new Map();
+  app = null;
+  authService = null;
+  queueManager = null;
+  register(plugin) {
+    this.plugins.set(plugin.name, plugin);
+    logger.info(`Plugin "${plugin.name}" registered`);
+  }
+  unregister(name) {
+    this.plugins.delete(name);
+    logger.info(`Plugin "${name}" unregistered`);
+  }
+  get(name) {
+    return this.plugins.get(name);
+  }
+  getAll() {
+    return Array.from(this.plugins.values());
+  }
+  has(name) {
+    return this.plugins.has(name);
+  }
+  async initializeAll(app) {
+    this.app = app;
+    for (const plugin of this.plugins.values()) {
+      logger.info(`Initializing plugin "${plugin.name}"`);
+      await plugin.initialize(app);
+      if (plugin.middleware && "use" in app) {
+        for (const mw of plugin.middleware) {
+          app.use(mw);
+        }
+      }
+    }
+  }
+};
+var SaaSAppBuilder = class {
+  options;
+  pluginManager;
+  initialized = false;
+  constructor(options = {}) {
+    this.options = options;
+    this.pluginManager = new PluginManager();
+  }
+  use(plugin) {
+    this.pluginManager.register(plugin);
+    return this;
+  }
+  async initialize(app) {
+    if (this.initialized) {
+      throw new Error("App already initialized");
+    }
+    config.load();
+    if (this.options.logger !== false) {
+      const loggerOptions = typeof this.options.logger === "object" ? this.options.logger : {};
+      logger.create(loggerOptions);
+    }
+    if (this.options.auth !== false) {
+      const authOptions = typeof this.options.auth === "object" ? this.options.auth : {};
+      this.authService = createAuth(authOptions);
+      await this.authService.initialize();
+      this.pluginManager.register({
+        name: "auth",
+        initialize: (app2) => {
+          if ("use" in app2) {
+            app2.use(this.authService.getMiddleware());
+          }
+        },
+        middleware: [this.authService.getMiddleware()]
+      });
+    }
+    if (this.options.queue !== false) {
+      const queueOptions = typeof this.options.queue === "object" ? this.options.queue : {};
+      if (queueOptions.redisUrl) {
+        (await Promise.resolve().then(() => (init_queue(), queue_exports))).queue.setRedisOptions({ url: queueOptions.redisUrl });
+      }
+      this.pluginManager.register({
+        name: "queue",
+        initialize: () => {
+        }
+      });
+    }
+    if (this.options.rateLimit !== false) {
+      const rateLimitOptions = typeof this.options.rateLimit === "object" ? this.options.rateLimit : {};
+      this.pluginManager.register({
+        name: "rate-limit",
+        initialize: (app2) => {
+          if ("use" in app2) {
+            app2.use(rateLimit(rateLimitOptions));
+          }
+        },
+        middleware: [rateLimit(rateLimitOptions)]
+      });
+    }
+    if (this.options.notifications !== false) {
+      this.pluginManager.register({
+        name: "notifications",
+        initialize: () => {
+        }
+      });
+    }
+    await this.pluginManager.initializeAll(app);
+    this.initialized = true;
+    logger.info("SaaS App initialized");
+  }
+  getAuth() {
+    return this.authService;
+  }
+  getPluginManager() {
+    return this.pluginManager;
+  }
+};
+function createApp(options = {}) {
+  return new SaaSAppBuilder(options);
+}
+function createExpressApp(options = {}) {
+  const express = __require("express");
+  const app = express();
+  const builder = createApp({ ...options, framework: "express" });
+  builder.initialize(app);
+  return app;
+}
+
+// src/index.ts
+init_types();
+init_queue();
+init_logger();
+init_config();
+
+export { Auth, AuthService, PluginManager, QueueManager, ResponseHelper, SaaSAppBuilder, auth, config, createApp, createAuth, createExpressApp, createQueue, createRateLimiter, logger, notification, notify, queue, rateLimit, response };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map