npm - servcraft - Versions diffs - 0.1.0 → 0.1.3 - Mend

servcraft 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/.claude/settings.local.json +30 -0
package/.github/CODEOWNERS +18 -0
package/.github/PULL_REQUEST_TEMPLATE.md +46 -0
package/.github/dependabot.yml +59 -0
package/.github/workflows/ci.yml +188 -0
package/.github/workflows/release.yml +195 -0
package/AUDIT.md +602 -0
package/LICENSE +21 -0
package/README.md +1102 -1
package/dist/cli/index.cjs +2026 -2168
package/dist/cli/index.cjs.map +1 -1
package/dist/cli/index.js +2026 -2168
package/dist/cli/index.js.map +1 -1
package/dist/index.cjs +595 -616
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +114 -52
package/dist/index.d.ts +114 -52
package/dist/index.js +595 -616
package/dist/index.js.map +1 -1
package/docs/CLI-001_MULTI_DB_PLAN.md +546 -0
package/docs/DATABASE_MULTI_ORM.md +399 -0
package/docs/PHASE1_BREAKDOWN.md +346 -0
package/docs/PROGRESS.md +550 -0
package/docs/modules/ANALYTICS.md +226 -0
package/docs/modules/API-VERSIONING.md +252 -0
package/docs/modules/AUDIT.md +192 -0
package/docs/modules/AUTH.md +431 -0
package/docs/modules/CACHE.md +346 -0
package/docs/modules/EMAIL.md +254 -0
package/docs/modules/FEATURE-FLAG.md +291 -0
package/docs/modules/I18N.md +294 -0
package/docs/modules/MEDIA-PROCESSING.md +281 -0
package/docs/modules/MFA.md +266 -0
package/docs/modules/NOTIFICATION.md +311 -0
package/docs/modules/OAUTH.md +237 -0
package/docs/modules/PAYMENT.md +804 -0
package/docs/modules/QUEUE.md +540 -0
package/docs/modules/RATE-LIMIT.md +339 -0
package/docs/modules/SEARCH.md +288 -0
package/docs/modules/SECURITY.md +327 -0
package/docs/modules/SESSION.md +382 -0
package/docs/modules/SWAGGER.md +305 -0
package/docs/modules/UPLOAD.md +296 -0
package/docs/modules/USER.md +505 -0
package/docs/modules/VALIDATION.md +294 -0
package/docs/modules/WEBHOOK.md +270 -0
package/docs/modules/WEBSOCKET.md +691 -0
package/package.json +53 -38
package/prisma/schema.prisma +395 -1
package/src/cli/commands/add-module.ts +520 -87
package/src/cli/commands/db.ts +3 -4
package/src/cli/commands/docs.ts +256 -6
package/src/cli/commands/generate.ts +12 -19
package/src/cli/commands/init.ts +384 -214
package/src/cli/index.ts +0 -4
package/src/cli/templates/repository.ts +6 -1
package/src/cli/templates/routes.ts +6 -21
package/src/cli/utils/docs-generator.ts +6 -7
package/src/cli/utils/env-manager.ts +717 -0
package/src/cli/utils/field-parser.ts +16 -7
package/src/cli/utils/interactive-prompt.ts +223 -0
package/src/cli/utils/template-manager.ts +346 -0
package/src/config/database.config.ts +183 -0
package/src/config/env.ts +0 -10
package/src/config/index.ts +0 -14
package/src/core/server.ts +1 -1
package/src/database/adapters/mongoose.adapter.ts +132 -0
package/src/database/adapters/prisma.adapter.ts +118 -0
package/src/database/connection.ts +190 -0
package/src/database/interfaces/database.interface.ts +85 -0
package/src/database/interfaces/index.ts +7 -0
package/src/database/interfaces/repository.interface.ts +129 -0
package/src/database/models/mongoose/index.ts +7 -0
package/src/database/models/mongoose/payment.schema.ts +347 -0
package/src/database/models/mongoose/user.schema.ts +154 -0
package/src/database/prisma.ts +1 -4
package/src/database/redis.ts +101 -0
package/src/database/repositories/mongoose/index.ts +7 -0
package/src/database/repositories/mongoose/payment.repository.ts +380 -0
package/src/database/repositories/mongoose/user.repository.ts +255 -0
package/src/database/seed.ts +6 -1
package/src/index.ts +9 -20
package/src/middleware/security.ts +2 -6
package/src/modules/analytics/analytics.routes.ts +80 -0
package/src/modules/analytics/analytics.service.ts +364 -0
package/src/modules/analytics/index.ts +18 -0
package/src/modules/analytics/types.ts +180 -0
package/src/modules/api-versioning/index.ts +15 -0
package/src/modules/api-versioning/types.ts +86 -0
package/src/modules/api-versioning/versioning.middleware.ts +120 -0
package/src/modules/api-versioning/versioning.routes.ts +54 -0
package/src/modules/api-versioning/versioning.service.ts +189 -0
package/src/modules/audit/audit.repository.ts +206 -0
package/src/modules/audit/audit.service.ts +27 -59
package/src/modules/auth/auth.controller.ts +2 -2
package/src/modules/auth/auth.middleware.ts +3 -9
package/src/modules/auth/auth.routes.ts +10 -107
package/src/modules/auth/auth.service.ts +126 -23
package/src/modules/auth/index.ts +3 -4
package/src/modules/cache/cache.service.ts +367 -0
package/src/modules/cache/index.ts +10 -0
package/src/modules/cache/types.ts +44 -0
package/src/modules/email/email.service.ts +3 -10
package/src/modules/email/templates.ts +2 -8
package/src/modules/feature-flag/feature-flag.repository.ts +303 -0
package/src/modules/feature-flag/feature-flag.routes.ts +247 -0
package/src/modules/feature-flag/feature-flag.service.ts +566 -0
package/src/modules/feature-flag/index.ts +20 -0
package/src/modules/feature-flag/types.ts +192 -0
package/src/modules/i18n/i18n.middleware.ts +186 -0
package/src/modules/i18n/i18n.routes.ts +191 -0
package/src/modules/i18n/i18n.service.ts +456 -0
package/src/modules/i18n/index.ts +18 -0
package/src/modules/i18n/types.ts +118 -0
package/src/modules/media-processing/index.ts +17 -0
package/src/modules/media-processing/media-processing.routes.ts +111 -0
package/src/modules/media-processing/media-processing.service.ts +245 -0
package/src/modules/media-processing/types.ts +156 -0
package/src/modules/mfa/index.ts +20 -0
package/src/modules/mfa/mfa.repository.ts +206 -0
package/src/modules/mfa/mfa.routes.ts +595 -0
package/src/modules/mfa/mfa.service.ts +572 -0
package/src/modules/mfa/totp.ts +150 -0
package/src/modules/mfa/types.ts +57 -0
package/src/modules/notification/index.ts +20 -0
package/src/modules/notification/notification.repository.ts +356 -0
package/src/modules/notification/notification.service.ts +483 -0
package/src/modules/notification/types.ts +119 -0
package/src/modules/oauth/index.ts +20 -0
package/src/modules/oauth/oauth.repository.ts +219 -0
package/src/modules/oauth/oauth.routes.ts +446 -0
package/src/modules/oauth/oauth.service.ts +293 -0
package/src/modules/oauth/providers/apple.provider.ts +250 -0
package/src/modules/oauth/providers/facebook.provider.ts +181 -0
package/src/modules/oauth/providers/github.provider.ts +248 -0
package/src/modules/oauth/providers/google.provider.ts +189 -0
package/src/modules/oauth/providers/twitter.provider.ts +214 -0
package/src/modules/oauth/types.ts +94 -0
package/src/modules/payment/index.ts +19 -0
package/src/modules/payment/payment.repository.ts +733 -0
package/src/modules/payment/payment.routes.ts +390 -0
package/src/modules/payment/payment.service.ts +354 -0
package/src/modules/payment/providers/mobile-money.provider.ts +274 -0
package/src/modules/payment/providers/paypal.provider.ts +190 -0
package/src/modules/payment/providers/stripe.provider.ts +215 -0
package/src/modules/payment/types.ts +140 -0
package/src/modules/queue/cron.ts +438 -0
package/src/modules/queue/index.ts +87 -0
package/src/modules/queue/queue.routes.ts +600 -0
package/src/modules/queue/queue.service.ts +842 -0
package/src/modules/queue/types.ts +222 -0
package/src/modules/queue/workers.ts +366 -0
package/src/modules/rate-limit/index.ts +59 -0
package/src/modules/rate-limit/rate-limit.middleware.ts +134 -0
package/src/modules/rate-limit/rate-limit.routes.ts +269 -0
package/src/modules/rate-limit/rate-limit.service.ts +348 -0
package/src/modules/rate-limit/stores/memory.store.ts +165 -0
package/src/modules/rate-limit/stores/redis.store.ts +322 -0
package/src/modules/rate-limit/types.ts +153 -0
package/src/modules/search/adapters/elasticsearch.adapter.ts +326 -0
package/src/modules/search/adapters/meilisearch.adapter.ts +261 -0
package/src/modules/search/adapters/memory.adapter.ts +278 -0
package/src/modules/search/index.ts +21 -0
package/src/modules/search/search.service.ts +234 -0
package/src/modules/search/types.ts +214 -0
package/src/modules/security/index.ts +40 -0
package/src/modules/security/sanitize.ts +223 -0
package/src/modules/security/security-audit.service.ts +388 -0
package/src/modules/security/security.middleware.ts +398 -0
package/src/modules/session/index.ts +3 -0
package/src/modules/session/session.repository.ts +159 -0
package/src/modules/session/session.service.ts +340 -0
package/src/modules/session/types.ts +38 -0
package/src/modules/swagger/index.ts +7 -1
package/src/modules/swagger/schema-builder.ts +16 -4
package/src/modules/swagger/swagger.service.ts +9 -10
package/src/modules/swagger/types.ts +0 -2
package/src/modules/upload/index.ts +14 -0
package/src/modules/upload/types.ts +83 -0
package/src/modules/upload/upload.repository.ts +199 -0
package/src/modules/upload/upload.routes.ts +311 -0
package/src/modules/upload/upload.service.ts +448 -0
package/src/modules/user/index.ts +3 -3
package/src/modules/user/user.controller.ts +15 -9
package/src/modules/user/user.repository.ts +237 -113
package/src/modules/user/user.routes.ts +39 -164
package/src/modules/user/user.service.ts +4 -3
package/src/modules/validation/validator.ts +12 -17
package/src/modules/webhook/index.ts +91 -0
package/src/modules/webhook/retry.ts +196 -0
package/src/modules/webhook/signature.ts +135 -0
package/src/modules/webhook/types.ts +181 -0
package/src/modules/webhook/webhook.repository.ts +358 -0
package/src/modules/webhook/webhook.routes.ts +442 -0
package/src/modules/webhook/webhook.service.ts +457 -0
package/src/modules/websocket/features.ts +504 -0
package/src/modules/websocket/index.ts +106 -0
package/src/modules/websocket/middlewares.ts +298 -0
package/src/modules/websocket/types.ts +181 -0
package/src/modules/websocket/websocket.service.ts +692 -0
package/src/utils/errors.ts +7 -0
package/src/utils/pagination.ts +4 -1
package/tests/helpers/db-check.ts +79 -0
package/tests/integration/auth-redis.test.ts +94 -0
package/tests/integration/cache-redis.test.ts +387 -0
package/tests/integration/mongoose-repositories.test.ts +410 -0
package/tests/integration/payment-prisma.test.ts +637 -0
package/tests/integration/queue-bullmq.test.ts +417 -0
package/tests/integration/user-prisma.test.ts +441 -0
package/tests/integration/websocket-socketio.test.ts +552 -0
package/tests/setup.ts +11 -9
package/vitest.config.ts +3 -8
package/npm-cache/_cacache/content-v2/sha512/1c/d0/03440d500a0487621aad1d6402978340698976602046db8e24fa03c01ee6c022c69b0582f969042d9442ee876ac35c038e960dd427d1e622fa24b8eb7dba +0 -0
package/npm-cache/_cacache/content-v2/sha512/42/55/28b493ca491833e5aab0e9c3108d29ab3f36c248ca88f45d4630674fce9130959e56ae308797ac2b6328fa7f09a610b9550ed09cb971d039876d293fc69d +0 -0
package/npm-cache/_cacache/content-v2/sha512/e0/12/f360dc9315ee5f17844a0c8c233ee6bf7c30837c4a02ea0d56c61c7f7ab21c0e958e50ed2c57c59f983c762b93056778c9009b2398ffc26def0183999b13 +0 -0
package/npm-cache/_cacache/content-v2/sha512/ed/b0/fae1161902898f4c913c67d7f6cdf6be0665aec3b389b9c4f4f0a101ca1da59badf1b59c4e0030f5223023b8d63cfe501c46a32c20c895d4fb3f11ca2232 +0 -0
package/npm-cache/_cacache/index-v5/58/94/c2cba79e0f16b4c10e95a87e32255741149e8222cc314a476aab67c39cc0 +0 -5

package/src/modules/oauth/providers/facebook.provider.ts ADDED Viewed

@@ -0,0 +1,181 @@
+import { randomBytes } from 'crypto';
+import { logger } from '../../../core/logger.js';
+import type { FacebookOAuthConfig, OAuthUser, OAuthTokens, OAuthState } from '../types.js';
+const FACEBOOK_AUTH_URL = 'https://www.facebook.com/v18.0/dialog/oauth';
+const FACEBOOK_TOKEN_URL = 'https://graph.facebook.com/v18.0/oauth/access_token';
+const FACEBOOK_USERINFO_URL = 'https://graph.facebook.com/v18.0/me';
+const DEFAULT_SCOPES = ['email', 'public_profile'];
+export class FacebookOAuthProvider {
+  private config: FacebookOAuthConfig;
+  private callbackUrl: string;
+  constructor(config: FacebookOAuthConfig, callbackBaseUrl: string) {
+    this.config = config;
+    this.callbackUrl = `${callbackBaseUrl}/auth/oauth/facebook/callback`;
+  }
+  /**
+   * Generate authorization URL
+   */
+  generateAuthUrl(state?: string): { url: string; state: OAuthState } {
+    const stateValue = state || randomBytes(32).toString('hex');
+    const scopes = this.config.scopes || DEFAULT_SCOPES;
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      redirect_uri: this.callbackUrl,
+      response_type: 'code',
+      scope: scopes.join(','),
+      state: stateValue,
+      auth_type: 'rerequest', // Re-request declined permissions
+    });
+    const oauthState: OAuthState = {
+      state: stateValue,
+      redirectUri: this.callbackUrl,
+      createdAt: Date.now(),
+    };
+    return {
+      url: `${FACEBOOK_AUTH_URL}?${params.toString()}`,
+      state: oauthState,
+    };
+  }
+  /**
+   * Exchange authorization code for tokens
+   */
+  async exchangeCode(code: string): Promise<OAuthTokens> {
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      client_secret: this.config.clientSecret,
+      code,
+      redirect_uri: this.callbackUrl,
+    });
+    const response = await fetch(`${FACEBOOK_TOKEN_URL}?${params.toString()}`);
+    if (!response.ok) {
+      const error = await response.text();
+      logger.error({ error }, 'Facebook token exchange failed');
+      throw new Error(`Failed to exchange code: ${error}`);
+    }
+    const data = (await response.json()) as {
+      access_token: string;
+      token_type: string;
+      expires_in: number;
+    };
+    return {
+      accessToken: data.access_token,
+      tokenType: data.token_type,
+      expiresIn: data.expires_in,
+    };
+  }
+  /**
+   * Get user information from Facebook
+   */
+  async getUser(accessToken: string): Promise<OAuthUser> {
+    const fields = 'id,email,name,first_name,last_name,picture.type(large)';
+    const url = `${FACEBOOK_USERINFO_URL}?fields=${fields}&access_token=${accessToken}`;
+    const response = await fetch(url);
+    if (!response.ok) {
+      const error = await response.text();
+      logger.error({ error }, 'Failed to get Facebook user info');
+      throw new Error(`Failed to get user info: ${error}`);
+    }
+    const data = (await response.json()) as {
+      id: string;
+      email?: string;
+      name: string;
+      first_name: string;
+      last_name: string;
+      picture?: { data: { url: string } };
+    };
+    return {
+      id: data.id,
+      email: data.email || null,
+      emailVerified: !!data.email, // Facebook only returns verified emails
+      name: data.name,
+      firstName: data.first_name,
+      lastName: data.last_name,
+      picture: data.picture?.data?.url || null,
+      provider: 'facebook',
+      providerAccountId: data.id,
+      accessToken,
+      raw: data,
+    };
+  }
+  /**
+   * Get long-lived access token (60 days instead of ~2 hours)
+   */
+  async getLongLivedToken(shortLivedToken: string): Promise<OAuthTokens> {
+    const params = new URLSearchParams({
+      grant_type: 'fb_exchange_token',
+      client_id: this.config.clientId,
+      client_secret: this.config.clientSecret,
+      fb_exchange_token: shortLivedToken,
+    });
+    const response = await fetch(`${FACEBOOK_TOKEN_URL}?${params.toString()}`);
+    if (!response.ok) {
+      throw new Error('Failed to get long-lived token');
+    }
+    const data = (await response.json()) as {
+      access_token: string;
+      token_type: string;
+      expires_in: number;
+    };
+    return {
+      accessToken: data.access_token,
+      tokenType: data.token_type,
+      expiresIn: data.expires_in,
+    };
+  }
+  /**
+   * Debug/inspect access token
+   */
+  async inspectToken(
+    accessToken: string
+  ): Promise<{ isValid: boolean; userId: string; expiresAt: number }> {
+    const appToken = `${this.config.clientId}|${this.config.clientSecret}`;
+    const url = `https://graph.facebook.com/debug_token?input_token=${accessToken}&access_token=${appToken}`;
+    const response = await fetch(url);
+    const data = (await response.json()) as {
+      data: {
+        is_valid: boolean;
+        user_id: string;
+        expires_at: number;
+      };
+    };
+    return {
+      isValid: data.data.is_valid,
+      userId: data.data.user_id,
+      expiresAt: data.data.expires_at,
+    };
+  }
+  /**
+   * Revoke access (user must re-authorize)
+   */
+  async revokeAccess(userId: string, accessToken: string): Promise<void> {
+    const url = `https://graph.facebook.com/v18.0/${userId}/permissions?access_token=${accessToken}`;
+    await fetch(url, { method: 'DELETE' });
+  }
+}

package/src/modules/oauth/providers/github.provider.ts ADDED Viewed

@@ -0,0 +1,248 @@
+import { randomBytes } from 'crypto';
+import { logger } from '../../../core/logger.js';
+import type { GitHubOAuthConfig, OAuthUser, OAuthTokens, OAuthState } from '../types.js';
+const GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize';
+const GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token';
+const GITHUB_API_URL = 'https://api.github.com';
+const DEFAULT_SCOPES = ['read:user', 'user:email'];
+export class GitHubOAuthProvider {
+  private config: GitHubOAuthConfig;
+  private callbackUrl: string;
+  constructor(config: GitHubOAuthConfig, callbackBaseUrl: string) {
+    this.config = config;
+    this.callbackUrl = `${callbackBaseUrl}/auth/oauth/github/callback`;
+  }
+  /**
+   * Generate authorization URL
+   */
+  generateAuthUrl(state?: string): { url: string; state: OAuthState } {
+    const stateValue = state || randomBytes(32).toString('hex');
+    const scopes = this.config.scopes || DEFAULT_SCOPES;
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      redirect_uri: this.callbackUrl,
+      scope: scopes.join(' '),
+      state: stateValue,
+      allow_signup: 'true',
+    });
+    const oauthState: OAuthState = {
+      state: stateValue,
+      redirectUri: this.callbackUrl,
+      createdAt: Date.now(),
+    };
+    return {
+      url: `${GITHUB_AUTH_URL}?${params.toString()}`,
+      state: oauthState,
+    };
+  }
+  /**
+   * Exchange authorization code for tokens
+   */
+  async exchangeCode(code: string): Promise<OAuthTokens> {
+    const response = await fetch(GITHUB_TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Accept: 'application/json',
+      },
+      body: JSON.stringify({
+        client_id: this.config.clientId,
+        client_secret: this.config.clientSecret,
+        code,
+        redirect_uri: this.callbackUrl,
+      }),
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      logger.error({ error }, 'GitHub token exchange failed');
+      throw new Error(`Failed to exchange code: ${error}`);
+    }
+    const data = (await response.json()) as {
+      access_token: string;
+      token_type: string;
+      scope: string;
+      error?: string;
+      error_description?: string;
+    };
+    if (data.error) {
+      throw new Error(data.error_description || data.error);
+    }
+    return {
+      accessToken: data.access_token,
+      tokenType: data.token_type,
+      scope: data.scope,
+    };
+  }
+  /**
+   * Get user information from GitHub
+   */
+  async getUser(accessToken: string): Promise<OAuthUser> {
+    // Get user profile
+    const userResponse = await fetch(`${GITHUB_API_URL}/user`, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        Accept: 'application/vnd.github.v3+json',
+      },
+    });
+    if (!userResponse.ok) {
+      const error = await userResponse.text();
+      logger.error({ error }, 'Failed to get GitHub user info');
+      throw new Error(`Failed to get user info: ${error}`);
+    }
+    const userData = (await userResponse.json()) as {
+      id: number;
+      login: string;
+      name: string | null;
+      email: string | null;
+      avatar_url: string;
+      bio: string | null;
+      company: string | null;
+      location: string | null;
+      html_url: string;
+    };
+    // Get user emails (email might be private)
+    let primaryEmail: string | null = userData.email;
+    let emailVerified = false;
+    if (!primaryEmail) {
+      const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          Accept: 'application/vnd.github.v3+json',
+        },
+      });
+      if (emailsResponse.ok) {
+        const emails = (await emailsResponse.json()) as Array<{
+          email: string;
+          primary: boolean;
+          verified: boolean;
+        }>;
+        const primary = emails.find((e) => e.primary && e.verified);
+        if (primary) {
+          primaryEmail = primary.email;
+          emailVerified = primary.verified;
+        } else {
+          const verified = emails.find((e) => e.verified);
+          if (verified) {
+            primaryEmail = verified.email;
+            emailVerified = true;
+          }
+        }
+      }
+    } else {
+      emailVerified = true; // Public emails are verified
+    }
+    // Parse name into first/last
+    let firstName: string | null = null;
+    let lastName: string | null = null;
+    if (userData.name) {
+      const parts = userData.name.split(' ');
+      firstName = parts[0] ?? null;
+      lastName = parts.slice(1).join(' ') || null;
+    }
+    return {
+      id: userData.id.toString(),
+      email: primaryEmail,
+      emailVerified,
+      name: userData.name || userData.login,
+      firstName,
+      lastName,
+      picture: userData.avatar_url,
+      provider: 'github',
+      providerAccountId: userData.id.toString(),
+      accessToken,
+      raw: userData,
+    };
+  }
+  /**
+   * Get user's repositories
+   */
+  async getRepositories(
+    accessToken: string,
+    options: { page?: number; perPage?: number; sort?: 'created' | 'updated' | 'pushed' } = {}
+  ): Promise<Array<{ id: number; name: string; fullName: string; private: boolean; url: string }>> {
+    const params = new URLSearchParams({
+      page: (options.page || 1).toString(),
+      per_page: (options.perPage || 30).toString(),
+      sort: options.sort || 'updated',
+    });
+    const response = await fetch(`${GITHUB_API_URL}/user/repos?${params}`, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        Accept: 'application/vnd.github.v3+json',
+      },
+    });
+    if (!response.ok) {
+      throw new Error('Failed to get repositories');
+    }
+    const repos = (await response.json()) as Array<{
+      id: number;
+      name: string;
+      full_name: string;
+      private: boolean;
+      html_url: string;
+    }>;
+    return repos.map((repo) => ({
+      id: repo.id,
+      name: repo.name,
+      fullName: repo.full_name,
+      private: repo.private,
+      url: repo.html_url,
+    }));
+  }
+  /**
+   * Check if user has access to a specific repository
+   */
+  async checkRepoAccess(accessToken: string, owner: string, repo: string): Promise<boolean> {
+    const response = await fetch(`${GITHUB_API_URL}/repos/${owner}/${repo}`, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        Accept: 'application/vnd.github.v3+json',
+      },
+    });
+    return response.ok;
+  }
+  /**
+   * Revoke access token
+   */
+  async revokeToken(accessToken: string): Promise<void> {
+    await fetch(`https://api.github.com/applications/${this.config.clientId}/token`, {
+      method: 'DELETE',
+      headers: {
+        Authorization: `Basic ${Buffer.from(`${this.config.clientId}:${this.config.clientSecret}`).toString('base64')}`,
+        Accept: 'application/vnd.github.v3+json',
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ access_token: accessToken }),
+    });
+  }
+}

package/src/modules/oauth/providers/google.provider.ts ADDED Viewed

@@ -0,0 +1,189 @@
+import { randomBytes, createHash } from 'crypto';
+import { logger } from '../../../core/logger.js';
+import type { GoogleOAuthConfig, OAuthUser, OAuthTokens, OAuthState } from '../types.js';
+const GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth';
+const GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+const GOOGLE_USERINFO_URL = 'https://www.googleapis.com/oauth2/v2/userinfo';
+const DEFAULT_SCOPES = [
+  'openid',
+  'https://www.googleapis.com/auth/userinfo.email',
+  'https://www.googleapis.com/auth/userinfo.profile',
+];
+export class GoogleOAuthProvider {
+  private config: GoogleOAuthConfig;
+  private callbackUrl: string;
+  constructor(config: GoogleOAuthConfig, callbackBaseUrl: string) {
+    this.config = config;
+    this.callbackUrl = `${callbackBaseUrl}/auth/oauth/google/callback`;
+  }
+  /**
+   * Generate authorization URL with PKCE
+   */
+  generateAuthUrl(state?: string): { url: string; state: OAuthState } {
+    const stateValue = state || randomBytes(32).toString('hex');
+    const codeVerifier = randomBytes(32).toString('base64url');
+    const codeChallenge = createHash('sha256').update(codeVerifier).digest('base64url');
+    const scopes = this.config.scopes || DEFAULT_SCOPES;
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      redirect_uri: this.callbackUrl,
+      response_type: 'code',
+      scope: scopes.join(' '),
+      state: stateValue,
+      code_challenge: codeChallenge,
+      code_challenge_method: 'S256',
+      access_type: 'offline',
+      prompt: 'consent',
+    });
+    const oauthState: OAuthState = {
+      state: stateValue,
+      codeVerifier,
+      redirectUri: this.callbackUrl,
+      createdAt: Date.now(),
+    };
+    return {
+      url: `${GOOGLE_AUTH_URL}?${params.toString()}`,
+      state: oauthState,
+    };
+  }
+  /**
+   * Exchange authorization code for tokens
+   */
+  async exchangeCode(code: string, codeVerifier?: string): Promise<OAuthTokens> {
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      client_secret: this.config.clientSecret,
+      code,
+      grant_type: 'authorization_code',
+      redirect_uri: this.callbackUrl,
+    });
+    if (codeVerifier) {
+      params.append('code_verifier', codeVerifier);
+    }
+    const response = await fetch(GOOGLE_TOKEN_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: params.toString(),
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      logger.error({ error }, 'Google token exchange failed');
+      throw new Error(`Failed to exchange code: ${error}`);
+    }
+    const data = (await response.json()) as {
+      access_token: string;
+      refresh_token?: string;
+      expires_in: number;
+      token_type: string;
+      scope: string;
+      id_token?: string;
+    };
+    return {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token,
+      expiresIn: data.expires_in,
+      tokenType: data.token_type,
+      scope: data.scope,
+      idToken: data.id_token,
+    };
+  }
+  /**
+   * Get user information from Google
+   */
+  async getUser(accessToken: string): Promise<OAuthUser> {
+    const response = await fetch(GOOGLE_USERINFO_URL, {
+      headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      logger.error({ error }, 'Failed to get Google user info');
+      throw new Error(`Failed to get user info: ${error}`);
+    }
+    const data = (await response.json()) as {
+      id: string;
+      email: string;
+      verified_email: boolean;
+      name: string;
+      given_name: string;
+      family_name: string;
+      picture: string;
+    };
+    return {
+      id: data.id,
+      email: data.email,
+      emailVerified: data.verified_email,
+      name: data.name,
+      firstName: data.given_name,
+      lastName: data.family_name,
+      picture: data.picture,
+      provider: 'google',
+      providerAccountId: data.id,
+      accessToken,
+      raw: data,
+    };
+  }
+  /**
+   * Refresh access token
+   */
+  async refreshToken(refreshToken: string): Promise<OAuthTokens> {
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      client_secret: this.config.clientSecret,
+      refresh_token: refreshToken,
+      grant_type: 'refresh_token',
+    });
+    const response = await fetch(GOOGLE_TOKEN_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: params.toString(),
+    });
+    if (!response.ok) {
+      throw new Error('Failed to refresh token');
+    }
+    const data = (await response.json()) as {
+      access_token: string;
+      expires_in: number;
+      token_type: string;
+      scope: string;
+    };
+    return {
+      accessToken: data.access_token,
+      expiresIn: data.expires_in,
+      tokenType: data.token_type,
+      scope: data.scope,
+    };
+  }
+  /**
+   * Revoke access token
+   */
+  async revokeToken(token: string): Promise<void> {
+    await fetch(`https://oauth2.googleapis.com/revoke?token=${token}`, {
+      method: 'POST',
+    });
+  }
+}