npm - servcraft - Versions diffs - 0.1.0 → 0.1.1 - Mend

servcraft 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (216) hide show

package/.claude/settings.local.json +29 -0
package/.github/CODEOWNERS +18 -0
package/.github/PULL_REQUEST_TEMPLATE.md +46 -0
package/.github/dependabot.yml +59 -0
package/.github/workflows/ci.yml +188 -0
package/.github/workflows/release.yml +195 -0
package/AUDIT.md +602 -0
package/README.md +1070 -1
package/dist/cli/index.cjs +2026 -2168
package/dist/cli/index.cjs.map +1 -1
package/dist/cli/index.js +2026 -2168
package/dist/cli/index.js.map +1 -1
package/dist/index.cjs +595 -616
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +114 -52
package/dist/index.d.ts +114 -52
package/dist/index.js +595 -616
package/dist/index.js.map +1 -1
package/docs/CLI-001_MULTI_DB_PLAN.md +546 -0
package/docs/DATABASE_MULTI_ORM.md +399 -0
package/docs/PHASE1_BREAKDOWN.md +346 -0
package/docs/PROGRESS.md +550 -0
package/docs/modules/ANALYTICS.md +226 -0
package/docs/modules/API-VERSIONING.md +252 -0
package/docs/modules/AUDIT.md +192 -0
package/docs/modules/AUTH.md +431 -0
package/docs/modules/CACHE.md +346 -0
package/docs/modules/EMAIL.md +254 -0
package/docs/modules/FEATURE-FLAG.md +291 -0
package/docs/modules/I18N.md +294 -0
package/docs/modules/MEDIA-PROCESSING.md +281 -0
package/docs/modules/MFA.md +266 -0
package/docs/modules/NOTIFICATION.md +311 -0
package/docs/modules/OAUTH.md +237 -0
package/docs/modules/PAYMENT.md +804 -0
package/docs/modules/QUEUE.md +540 -0
package/docs/modules/RATE-LIMIT.md +339 -0
package/docs/modules/SEARCH.md +288 -0
package/docs/modules/SECURITY.md +327 -0
package/docs/modules/SESSION.md +382 -0
package/docs/modules/SWAGGER.md +305 -0
package/docs/modules/UPLOAD.md +296 -0
package/docs/modules/USER.md +505 -0
package/docs/modules/VALIDATION.md +294 -0
package/docs/modules/WEBHOOK.md +270 -0
package/docs/modules/WEBSOCKET.md +691 -0
package/package.json +53 -38
package/prisma/schema.prisma +395 -1
package/src/cli/commands/add-module.ts +520 -87
package/src/cli/commands/db.ts +3 -4
package/src/cli/commands/docs.ts +256 -6
package/src/cli/commands/generate.ts +12 -19
package/src/cli/commands/init.ts +384 -214
package/src/cli/index.ts +0 -4
package/src/cli/templates/repository.ts +6 -1
package/src/cli/templates/routes.ts +6 -21
package/src/cli/utils/docs-generator.ts +6 -7
package/src/cli/utils/env-manager.ts +717 -0
package/src/cli/utils/field-parser.ts +16 -7
package/src/cli/utils/interactive-prompt.ts +223 -0
package/src/cli/utils/template-manager.ts +346 -0
package/src/config/database.config.ts +183 -0
package/src/config/env.ts +0 -10
package/src/config/index.ts +0 -14
package/src/core/server.ts +1 -1
package/src/database/adapters/mongoose.adapter.ts +132 -0
package/src/database/adapters/prisma.adapter.ts +118 -0
package/src/database/connection.ts +190 -0
package/src/database/interfaces/database.interface.ts +85 -0
package/src/database/interfaces/index.ts +7 -0
package/src/database/interfaces/repository.interface.ts +129 -0
package/src/database/models/mongoose/index.ts +7 -0
package/src/database/models/mongoose/payment.schema.ts +347 -0
package/src/database/models/mongoose/user.schema.ts +154 -0
package/src/database/prisma.ts +1 -4
package/src/database/redis.ts +101 -0
package/src/database/repositories/mongoose/index.ts +7 -0
package/src/database/repositories/mongoose/payment.repository.ts +380 -0
package/src/database/repositories/mongoose/user.repository.ts +255 -0
package/src/database/seed.ts +6 -1
package/src/index.ts +9 -20
package/src/middleware/security.ts +2 -6
package/src/modules/analytics/analytics.routes.ts +80 -0
package/src/modules/analytics/analytics.service.ts +364 -0
package/src/modules/analytics/index.ts +18 -0
package/src/modules/analytics/types.ts +180 -0
package/src/modules/api-versioning/index.ts +15 -0
package/src/modules/api-versioning/types.ts +86 -0
package/src/modules/api-versioning/versioning.middleware.ts +120 -0
package/src/modules/api-versioning/versioning.routes.ts +54 -0
package/src/modules/api-versioning/versioning.service.ts +189 -0
package/src/modules/audit/audit.repository.ts +206 -0
package/src/modules/audit/audit.service.ts +27 -59
package/src/modules/auth/auth.controller.ts +2 -2
package/src/modules/auth/auth.middleware.ts +3 -9
package/src/modules/auth/auth.routes.ts +10 -107
package/src/modules/auth/auth.service.ts +126 -23
package/src/modules/auth/index.ts +3 -4
package/src/modules/cache/cache.service.ts +367 -0
package/src/modules/cache/index.ts +10 -0
package/src/modules/cache/types.ts +44 -0
package/src/modules/email/email.service.ts +3 -10
package/src/modules/email/templates.ts +2 -8
package/src/modules/feature-flag/feature-flag.repository.ts +303 -0
package/src/modules/feature-flag/feature-flag.routes.ts +247 -0
package/src/modules/feature-flag/feature-flag.service.ts +566 -0
package/src/modules/feature-flag/index.ts +20 -0
package/src/modules/feature-flag/types.ts +192 -0
package/src/modules/i18n/i18n.middleware.ts +186 -0
package/src/modules/i18n/i18n.routes.ts +191 -0
package/src/modules/i18n/i18n.service.ts +456 -0
package/src/modules/i18n/index.ts +18 -0
package/src/modules/i18n/types.ts +118 -0
package/src/modules/media-processing/index.ts +17 -0
package/src/modules/media-processing/media-processing.routes.ts +111 -0
package/src/modules/media-processing/media-processing.service.ts +245 -0
package/src/modules/media-processing/types.ts +156 -0
package/src/modules/mfa/index.ts +20 -0
package/src/modules/mfa/mfa.repository.ts +206 -0
package/src/modules/mfa/mfa.routes.ts +595 -0
package/src/modules/mfa/mfa.service.ts +572 -0
package/src/modules/mfa/totp.ts +150 -0
package/src/modules/mfa/types.ts +57 -0
package/src/modules/notification/index.ts +20 -0
package/src/modules/notification/notification.repository.ts +356 -0
package/src/modules/notification/notification.service.ts +483 -0
package/src/modules/notification/types.ts +119 -0
package/src/modules/oauth/index.ts +20 -0
package/src/modules/oauth/oauth.repository.ts +219 -0
package/src/modules/oauth/oauth.routes.ts +446 -0
package/src/modules/oauth/oauth.service.ts +293 -0
package/src/modules/oauth/providers/apple.provider.ts +250 -0
package/src/modules/oauth/providers/facebook.provider.ts +181 -0
package/src/modules/oauth/providers/github.provider.ts +248 -0
package/src/modules/oauth/providers/google.provider.ts +189 -0
package/src/modules/oauth/providers/twitter.provider.ts +214 -0
package/src/modules/oauth/types.ts +94 -0
package/src/modules/payment/index.ts +19 -0
package/src/modules/payment/payment.repository.ts +733 -0
package/src/modules/payment/payment.routes.ts +390 -0
package/src/modules/payment/payment.service.ts +354 -0
package/src/modules/payment/providers/mobile-money.provider.ts +274 -0
package/src/modules/payment/providers/paypal.provider.ts +190 -0
package/src/modules/payment/providers/stripe.provider.ts +215 -0
package/src/modules/payment/types.ts +140 -0
package/src/modules/queue/cron.ts +438 -0
package/src/modules/queue/index.ts +87 -0
package/src/modules/queue/queue.routes.ts +600 -0
package/src/modules/queue/queue.service.ts +842 -0
package/src/modules/queue/types.ts +222 -0
package/src/modules/queue/workers.ts +366 -0
package/src/modules/rate-limit/index.ts +59 -0
package/src/modules/rate-limit/rate-limit.middleware.ts +134 -0
package/src/modules/rate-limit/rate-limit.routes.ts +269 -0
package/src/modules/rate-limit/rate-limit.service.ts +348 -0
package/src/modules/rate-limit/stores/memory.store.ts +165 -0
package/src/modules/rate-limit/stores/redis.store.ts +322 -0
package/src/modules/rate-limit/types.ts +153 -0
package/src/modules/search/adapters/elasticsearch.adapter.ts +326 -0
package/src/modules/search/adapters/meilisearch.adapter.ts +261 -0
package/src/modules/search/adapters/memory.adapter.ts +278 -0
package/src/modules/search/index.ts +21 -0
package/src/modules/search/search.service.ts +234 -0
package/src/modules/search/types.ts +214 -0
package/src/modules/security/index.ts +40 -0
package/src/modules/security/sanitize.ts +223 -0
package/src/modules/security/security-audit.service.ts +388 -0
package/src/modules/security/security.middleware.ts +398 -0
package/src/modules/session/index.ts +3 -0
package/src/modules/session/session.repository.ts +159 -0
package/src/modules/session/session.service.ts +340 -0
package/src/modules/session/types.ts +38 -0
package/src/modules/swagger/index.ts +7 -1
package/src/modules/swagger/schema-builder.ts +16 -4
package/src/modules/swagger/swagger.service.ts +9 -10
package/src/modules/swagger/types.ts +0 -2
package/src/modules/upload/index.ts +14 -0
package/src/modules/upload/types.ts +83 -0
package/src/modules/upload/upload.repository.ts +199 -0
package/src/modules/upload/upload.routes.ts +311 -0
package/src/modules/upload/upload.service.ts +448 -0
package/src/modules/user/index.ts +3 -3
package/src/modules/user/user.controller.ts +15 -9
package/src/modules/user/user.repository.ts +237 -113
package/src/modules/user/user.routes.ts +39 -164
package/src/modules/user/user.service.ts +4 -3
package/src/modules/validation/validator.ts +12 -17
package/src/modules/webhook/index.ts +91 -0
package/src/modules/webhook/retry.ts +196 -0
package/src/modules/webhook/signature.ts +135 -0
package/src/modules/webhook/types.ts +181 -0
package/src/modules/webhook/webhook.repository.ts +358 -0
package/src/modules/webhook/webhook.routes.ts +442 -0
package/src/modules/webhook/webhook.service.ts +457 -0
package/src/modules/websocket/features.ts +504 -0
package/src/modules/websocket/index.ts +106 -0
package/src/modules/websocket/middlewares.ts +298 -0
package/src/modules/websocket/types.ts +181 -0
package/src/modules/websocket/websocket.service.ts +692 -0
package/src/utils/errors.ts +7 -0
package/src/utils/pagination.ts +4 -1
package/tests/helpers/db-check.ts +79 -0
package/tests/integration/auth-redis.test.ts +94 -0
package/tests/integration/cache-redis.test.ts +387 -0
package/tests/integration/mongoose-repositories.test.ts +410 -0
package/tests/integration/payment-prisma.test.ts +637 -0
package/tests/integration/queue-bullmq.test.ts +417 -0
package/tests/integration/user-prisma.test.ts +441 -0
package/tests/integration/websocket-socketio.test.ts +552 -0
package/tests/setup.ts +11 -9
package/vitest.config.ts +3 -8
package/npm-cache/_cacache/content-v2/sha512/1c/d0/03440d500a0487621aad1d6402978340698976602046db8e24fa03c01ee6c022c69b0582f969042d9442ee876ac35c038e960dd427d1e622fa24b8eb7dba +0 -0
package/npm-cache/_cacache/content-v2/sha512/42/55/28b493ca491833e5aab0e9c3108d29ab3f36c248ca88f45d4630674fce9130959e56ae308797ac2b6328fa7f09a610b9550ed09cb971d039876d293fc69d +0 -0
package/npm-cache/_cacache/content-v2/sha512/e0/12/f360dc9315ee5f17844a0c8c233ee6bf7c30837c4a02ea0d56c61c7f7ab21c0e958e50ed2c57c59f983c762b93056778c9009b2398ffc26def0183999b13 +0 -0
package/npm-cache/_cacache/content-v2/sha512/ed/b0/fae1161902898f4c913c67d7f6cdf6be0665aec3b389b9c4f4f0a101ca1da59badf1b59c4e0030f5223023b8d63cfe501c46a32c20c895d4fb3f11ca2232 +0 -0
package/npm-cache/_cacache/index-v5/58/94/c2cba79e0f16b4c10e95a87e32255741149e8222cc314a476aab67c39cc0 +0 -5

package/src/modules/oauth/oauth.repository.ts ADDED Viewed

@@ -0,0 +1,219 @@
+/**
+ * OAuth Repository
+ * Prisma-based persistence for linked OAuth accounts
+ */
+import { Prisma } from '@prisma/client';
+import type {
+  LinkedAccount as PrismaLinkedAccount,
+  OAuthProvider as PrismaOAuthProvider,
+  PrismaClient,
+} from '@prisma/client';
+import type { LinkedAccount, OAuthProvider } from './types.js';
+// Enum mappings (Prisma UPPERCASE ↔ Application lowercase)
+const providerToPrisma: Record<OAuthProvider, PrismaOAuthProvider> = {
+  google: 'GOOGLE',
+  facebook: 'FACEBOOK',
+  github: 'GITHUB',
+  twitter: 'TWITTER',
+  apple: 'APPLE',
+};
+const providerFromPrisma: Record<PrismaOAuthProvider, OAuthProvider> = {
+  GOOGLE: 'google',
+  FACEBOOK: 'facebook',
+  GITHUB: 'github',
+  TWITTER: 'twitter',
+  APPLE: 'apple',
+};
+export class OAuthRepository {
+  constructor(private prisma: PrismaClient) {}
+  /**
+   * Create a linked account
+   */
+  async create(
+    data: Omit<LinkedAccount, 'id' | 'createdAt' | 'updatedAt'>
+  ): Promise<LinkedAccount> {
+    const account = await this.prisma.linkedAccount.create({
+      data: {
+        userId: data.userId,
+        provider: providerToPrisma[data.provider],
+        providerAccountId: data.providerAccountId,
+        email: data.email,
+        name: data.name,
+        picture: data.picture,
+        accessToken: data.accessToken,
+        refreshToken: data.refreshToken,
+        expiresAt: data.expiresAt,
+      },
+    });
+    return this.mapFromPrisma(account);
+  }
+  /**
+   * Get linked account by ID
+   */
+  async getById(id: string): Promise<LinkedAccount | null> {
+    const account = await this.prisma.linkedAccount.findUnique({
+      where: { id },
+    });
+    return account ? this.mapFromPrisma(account) : null;
+  }
+  /**
+   * Find linked account by provider and provider account ID
+   */
+  async findByProviderAccount(
+    provider: OAuthProvider,
+    providerAccountId: string
+  ): Promise<LinkedAccount | null> {
+    const account = await this.prisma.linkedAccount.findUnique({
+      where: {
+        provider_providerAccountId: {
+          provider: providerToPrisma[provider],
+          providerAccountId,
+        },
+      },
+    });
+    return account ? this.mapFromPrisma(account) : null;
+  }
+  /**
+   * Get all linked accounts for a user
+   */
+  async getByUserId(userId: string): Promise<LinkedAccount[]> {
+    const accounts = await this.prisma.linkedAccount.findMany({
+      where: { userId },
+      orderBy: { createdAt: 'desc' },
+    });
+    return accounts.map((a) => this.mapFromPrisma(a));
+  }
+  /**
+   * Get linked account by user and provider
+   */
+  async getByUserAndProvider(
+    userId: string,
+    provider: OAuthProvider
+  ): Promise<LinkedAccount | null> {
+    const account = await this.prisma.linkedAccount.findFirst({
+      where: {
+        userId,
+        provider: providerToPrisma[provider],
+      },
+    });
+    return account ? this.mapFromPrisma(account) : null;
+  }
+  /**
+   * Update linked account
+   */
+  async update(
+    id: string,
+    data: Partial<
+      Pick<
+        LinkedAccount,
+        'email' | 'name' | 'picture' | 'accessToken' | 'refreshToken' | 'expiresAt'
+      >
+    >
+  ): Promise<LinkedAccount | null> {
+    try {
+      const updateData: Prisma.LinkedAccountUpdateInput = {};
+      if (data.email !== undefined) updateData.email = data.email;
+      if (data.name !== undefined) updateData.name = data.name;
+      if (data.picture !== undefined) updateData.picture = data.picture;
+      if (data.accessToken !== undefined) updateData.accessToken = data.accessToken;
+      if (data.refreshToken !== undefined) updateData.refreshToken = data.refreshToken;
+      if (data.expiresAt !== undefined) updateData.expiresAt = data.expiresAt;
+      const account = await this.prisma.linkedAccount.update({
+        where: { id },
+        data: updateData,
+      });
+      return this.mapFromPrisma(account);
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError && error.code === 'P2025') {
+        return null;
+      }
+      throw error;
+    }
+  }
+  /**
+   * Delete linked account by ID
+   */
+  async delete(id: string): Promise<boolean> {
+    try {
+      await this.prisma.linkedAccount.delete({ where: { id } });
+      return true;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError && error.code === 'P2025') {
+        return false;
+      }
+      throw error;
+    }
+  }
+  /**
+   * Delete linked account by user and provider
+   */
+  async deleteByUserAndProvider(userId: string, provider: OAuthProvider): Promise<boolean> {
+    const result = await this.prisma.linkedAccount.deleteMany({
+      where: {
+        userId,
+        provider: providerToPrisma[provider],
+      },
+    });
+    return result.count > 0;
+  }
+  /**
+   * Delete all linked accounts for a user
+   */
+  async deleteByUserId(userId: string): Promise<number> {
+    const result = await this.prisma.linkedAccount.deleteMany({
+      where: { userId },
+    });
+    return result.count;
+  }
+  /**
+   * Count linked accounts for a user
+   */
+  async countByUser(userId: string): Promise<number> {
+    return this.prisma.linkedAccount.count({
+      where: { userId },
+    });
+  }
+  /**
+   * Map Prisma model to application type
+   */
+  private mapFromPrisma(prismaAccount: PrismaLinkedAccount): LinkedAccount {
+    return {
+      id: prismaAccount.id,
+      userId: prismaAccount.userId,
+      provider: providerFromPrisma[prismaAccount.provider],
+      providerAccountId: prismaAccount.providerAccountId,
+      email: prismaAccount.email || undefined,
+      name: prismaAccount.name || undefined,
+      picture: prismaAccount.picture || undefined,
+      accessToken: prismaAccount.accessToken || undefined,
+      refreshToken: prismaAccount.refreshToken || undefined,
+      expiresAt: prismaAccount.expiresAt || undefined,
+      createdAt: prismaAccount.createdAt,
+      updatedAt: prismaAccount.updatedAt,
+    };
+  }
+}

package/src/modules/oauth/oauth.routes.ts ADDED Viewed

@@ -0,0 +1,446 @@
+import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import type { AuthService } from '../auth/auth.service.js';
+import { createAuthMiddleware } from '../auth/auth.middleware.js';
+import { commonResponses } from '../swagger/index.js';
+import { getOAuthService } from './oauth.service.js';
+import type { OAuthProvider, OAuthCallbackParams } from './types.js';
+const oauthTag = 'OAuth';
+export function registerOAuthRoutes(app: FastifyInstance, authService: AuthService): void {
+  const authenticate = createAuthMiddleware(authService);
+  const oauthService = getOAuthService();
+  // Get supported providers
+  app.get(
+    '/auth/oauth/providers',
+    {
+      schema: {
+        tags: [oauthTag],
+        summary: 'Get supported OAuth providers',
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              success: { type: 'boolean' },
+              data: {
+                type: 'object',
+                properties: {
+                  providers: {
+                    type: 'array',
+                    items: {
+                      type: 'string',
+                      enum: ['google', 'facebook', 'github', 'twitter', 'apple'],
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+    async (_request: FastifyRequest, reply: FastifyReply) => {
+      const providers = oauthService.getSupportedProviders();
+      return reply.send({ success: true, data: { providers } });
+    }
+  );
+  // Initiate OAuth flow
+  app.get(
+    '/auth/oauth/:provider',
+    {
+      schema: {
+        tags: [oauthTag],
+        summary: 'Initiate OAuth authentication',
+        description: 'Redirects to the OAuth provider for authentication',
+        params: {
+          type: 'object',
+          properties: {
+            provider: {
+              type: 'string',
+              enum: ['google', 'facebook', 'github', 'twitter', 'apple'],
+            },
+          },
+          required: ['provider'],
+        },
+        querystring: {
+          type: 'object',
+          properties: {
+            redirect: { type: 'string', description: 'URL to redirect after auth' },
+          },
+        },
+        response: {
+          302: { description: 'Redirect to OAuth provider' },
+          400: commonResponses.error,
+        },
+      },
+    },
+    async (
+      request: FastifyRequest<{
+        Params: { provider: string };
+        Querystring: { redirect?: string };
+      }>,
+      reply: FastifyReply
+    ) => {
+      const provider = request.params.provider as OAuthProvider;
+      if (!oauthService.isProviderEnabled(provider)) {
+        return reply.status(400).send({
+          success: false,
+          message: `OAuth provider '${provider}' is not configured`,
+        });
+      }
+      const { url, state } = await oauthService.getAuthorizationUrl(provider);
+      // Store redirect URL in cookie if provided
+      if (request.query.redirect) {
+        reply.setCookie('oauth_redirect', request.query.redirect, {
+          httpOnly: true,
+          secure: process.env.NODE_ENV === 'production',
+          maxAge: 600, // 10 minutes
+          path: '/',
+        });
+      }
+      // Store state in cookie for CSRF protection
+      reply.setCookie('oauth_state', state, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        maxAge: 600,
+        path: '/',
+      });
+      return reply.redirect(url);
+    }
+  );
+  // OAuth callback
+  app.get(
+    '/auth/oauth/:provider/callback',
+    {
+      schema: {
+        tags: [oauthTag],
+        summary: 'OAuth callback endpoint',
+        description: 'Handles the OAuth provider callback after authentication',
+        params: {
+          type: 'object',
+          properties: {
+            provider: {
+              type: 'string',
+              enum: ['google', 'facebook', 'github', 'twitter', 'apple'],
+            },
+          },
+          required: ['provider'],
+        },
+        querystring: {
+          type: 'object',
+          properties: {
+            code: { type: 'string' },
+            state: { type: 'string' },
+            error: { type: 'string' },
+            error_description: { type: 'string' },
+          },
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              success: { type: 'boolean' },
+              data: {
+                type: 'object',
+                properties: {
+                  user: { type: 'object' },
+                  accessToken: { type: 'string' },
+                  refreshToken: { type: 'string' },
+                  isNewUser: { type: 'boolean' },
+                },
+              },
+            },
+          },
+          400: commonResponses.error,
+        },
+      },
+    },
+    async (
+      request: FastifyRequest<{
+        Params: { provider: string };
+        Querystring: OAuthCallbackParams;
+      }>,
+      reply: FastifyReply
+    ) => {
+      const provider = request.params.provider as OAuthProvider;
+      const { code, state, error, errorDescription } = request.query;
+      // Check for OAuth error
+      if (error) {
+        return reply.status(400).send({
+          success: false,
+          message: errorDescription || error,
+        });
+      }
+      if (!code || !state) {
+        return reply.status(400).send({
+          success: false,
+          message: 'Missing code or state parameter',
+        });
+      }
+      // Verify state from cookie
+      const storedState = request.cookies.oauth_state;
+      if (storedState !== state) {
+        return reply.status(400).send({
+          success: false,
+          message: 'Invalid state parameter',
+        });
+      }
+      // Clear state cookie
+      reply.clearCookie('oauth_state', { path: '/' });
+      try {
+        // Handle OAuth callback
+        const oauthUser = await oauthService.handleCallback(provider, code, state);
+        // Check if user exists by linked account
+        let userId = await oauthService.findUserByOAuth(provider, oauthUser.providerAccountId);
+        let isNewUser = false;
+        if (!userId) {
+          // Check if user exists by email
+          if (oauthUser.email) {
+            const existingUser = await authService.findUserByEmail(oauthUser.email);
+            if (existingUser) {
+              userId = existingUser.id;
+              // Link the account
+              await oauthService.linkAccount(userId, oauthUser);
+            }
+          }
+          // Create new user if not found
+          if (!userId) {
+            const newUser = await authService.createUserFromOAuth({
+              email: oauthUser.email || `${oauthUser.providerAccountId}@${provider}.oauth`,
+              name: oauthUser.name ?? undefined,
+              picture: oauthUser.picture ?? undefined,
+              emailVerified: oauthUser.emailVerified,
+            });
+            userId = newUser.id;
+            isNewUser = true;
+            await oauthService.linkAccount(userId, oauthUser);
+          }
+        }
+        // Generate JWT tokens
+        const tokens = await authService.generateTokensForUser(userId);
+        // Get redirect URL from cookie
+        const redirectUrl = request.cookies.oauth_redirect;
+        reply.clearCookie('oauth_redirect', { path: '/' });
+        // If redirect URL is provided, redirect with tokens
+        if (redirectUrl) {
+          const url = new URL(redirectUrl);
+          url.searchParams.set('access_token', tokens.accessToken);
+          url.searchParams.set('refresh_token', tokens.refreshToken);
+          url.searchParams.set('is_new_user', String(isNewUser));
+          return reply.redirect(url.toString());
+        }
+        // Otherwise return JSON response
+        return reply.send({
+          success: true,
+          data: {
+            user: {
+              id: userId,
+              email: oauthUser.email,
+              name: oauthUser.name,
+              picture: oauthUser.picture,
+            },
+            accessToken: tokens.accessToken,
+            refreshToken: tokens.refreshToken,
+            isNewUser,
+          },
+        });
+      } catch (err) {
+        const message = err instanceof Error ? err.message : 'OAuth authentication failed';
+        return reply.status(400).send({ success: false, message });
+      }
+    }
+  );
+  // Link OAuth account (authenticated users)
+  app.post(
+    '/auth/oauth/:provider/link',
+    {
+      preHandler: [authenticate],
+      schema: {
+        tags: [oauthTag],
+        summary: 'Link OAuth account to current user',
+        description: 'Initiates the process to link an OAuth account to the authenticated user',
+        security: [{ bearerAuth: [] }],
+        params: {
+          type: 'object',
+          properties: {
+            provider: {
+              type: 'string',
+              enum: ['google', 'facebook', 'github', 'twitter', 'apple'],
+            },
+          },
+          required: ['provider'],
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              success: { type: 'boolean' },
+              data: {
+                type: 'object',
+                properties: {
+                  authUrl: { type: 'string' },
+                },
+              },
+            },
+          },
+          400: commonResponses.error,
+          401: commonResponses.unauthorized,
+        },
+      },
+    },
+    async (request: FastifyRequest, reply: FastifyReply) => {
+      const params = request.params as { provider: string };
+      const provider = params.provider as OAuthProvider;
+      const user = (request as FastifyRequest & { user: { id: string } }).user;
+      if (!oauthService.isProviderEnabled(provider)) {
+        return reply.status(400).send({
+          success: false,
+          message: `OAuth provider '${provider}' is not configured`,
+        });
+      }
+      const { url, state } = await oauthService.getAuthorizationUrl(provider);
+      // Store user ID in cookie for linking after callback
+      reply.setCookie('oauth_link_user', user.id, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        maxAge: 600,
+        path: '/',
+      });
+      reply.setCookie('oauth_state', state, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        maxAge: 600,
+        path: '/',
+      });
+      return reply.send({ success: true, data: { authUrl: url } });
+    }
+  );
+  // Unlink OAuth account
+  app.delete(
+    '/auth/oauth/:provider/unlink',
+    {
+      preHandler: [authenticate],
+      schema: {
+        tags: [oauthTag],
+        summary: 'Unlink OAuth account from current user',
+        security: [{ bearerAuth: [] }],
+        params: {
+          type: 'object',
+          properties: {
+            provider: {
+              type: 'string',
+              enum: ['google', 'facebook', 'github', 'twitter', 'apple'],
+            },
+          },
+          required: ['provider'],
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              success: { type: 'boolean' },
+              message: { type: 'string' },
+            },
+          },
+          400: commonResponses.error,
+          401: commonResponses.unauthorized,
+          404: commonResponses.notFound,
+        },
+      },
+    },
+    async (request: FastifyRequest, reply: FastifyReply) => {
+      const params = request.params as { provider: string };
+      const provider = params.provider as OAuthProvider;
+      const user = (request as FastifyRequest & { user: { id: string } }).user;
+      await oauthService.unlinkAccount(user.id, provider);
+      return reply.send({
+        success: true,
+        message: `${provider} account unlinked successfully`,
+      });
+    }
+  );
+  // Get linked accounts
+  app.get(
+    '/auth/oauth/linked',
+    {
+      preHandler: [authenticate],
+      schema: {
+        tags: [oauthTag],
+        summary: 'Get linked OAuth accounts',
+        security: [{ bearerAuth: [] }],
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              success: { type: 'boolean' },
+              data: {
+                type: 'object',
+                properties: {
+                  accounts: {
+                    type: 'array',
+                    items: {
+                      type: 'object',
+                      properties: {
+                        provider: { type: 'string' },
+                        email: { type: 'string' },
+                        name: { type: 'string' },
+                        picture: { type: 'string' },
+                        createdAt: { type: 'string', format: 'date-time' },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+          },
+          401: commonResponses.unauthorized,
+        },
+      },
+    },
+    async (request: FastifyRequest, reply: FastifyReply) => {
+      const user = (request as FastifyRequest & { user: { id: string } }).user;
+      const accounts = await oauthService.getUserLinkedAccounts(user.id);
+      // Remove sensitive data
+      const safeAccounts = accounts.map((account) => ({
+        provider: account.provider,
+        email: account.email,
+        name: account.name,
+        picture: account.picture,
+        createdAt: account.createdAt,
+      }));
+      return reply.send({ success: true, data: { accounts: safeAccounts } });
+    }
+  );
+}