npm - servcraft - Versions diffs - 0.1.0 → 0.1.3 - Mend

servcraft 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/.claude/settings.local.json +30 -0
package/.github/CODEOWNERS +18 -0
package/.github/PULL_REQUEST_TEMPLATE.md +46 -0
package/.github/dependabot.yml +59 -0
package/.github/workflows/ci.yml +188 -0
package/.github/workflows/release.yml +195 -0
package/AUDIT.md +602 -0
package/LICENSE +21 -0
package/README.md +1102 -1
package/dist/cli/index.cjs +2026 -2168
package/dist/cli/index.cjs.map +1 -1
package/dist/cli/index.js +2026 -2168
package/dist/cli/index.js.map +1 -1
package/dist/index.cjs +595 -616
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +114 -52
package/dist/index.d.ts +114 -52
package/dist/index.js +595 -616
package/dist/index.js.map +1 -1
package/docs/CLI-001_MULTI_DB_PLAN.md +546 -0
package/docs/DATABASE_MULTI_ORM.md +399 -0
package/docs/PHASE1_BREAKDOWN.md +346 -0
package/docs/PROGRESS.md +550 -0
package/docs/modules/ANALYTICS.md +226 -0
package/docs/modules/API-VERSIONING.md +252 -0
package/docs/modules/AUDIT.md +192 -0
package/docs/modules/AUTH.md +431 -0
package/docs/modules/CACHE.md +346 -0
package/docs/modules/EMAIL.md +254 -0
package/docs/modules/FEATURE-FLAG.md +291 -0
package/docs/modules/I18N.md +294 -0
package/docs/modules/MEDIA-PROCESSING.md +281 -0
package/docs/modules/MFA.md +266 -0
package/docs/modules/NOTIFICATION.md +311 -0
package/docs/modules/OAUTH.md +237 -0
package/docs/modules/PAYMENT.md +804 -0
package/docs/modules/QUEUE.md +540 -0
package/docs/modules/RATE-LIMIT.md +339 -0
package/docs/modules/SEARCH.md +288 -0
package/docs/modules/SECURITY.md +327 -0
package/docs/modules/SESSION.md +382 -0
package/docs/modules/SWAGGER.md +305 -0
package/docs/modules/UPLOAD.md +296 -0
package/docs/modules/USER.md +505 -0
package/docs/modules/VALIDATION.md +294 -0
package/docs/modules/WEBHOOK.md +270 -0
package/docs/modules/WEBSOCKET.md +691 -0
package/package.json +53 -38
package/prisma/schema.prisma +395 -1
package/src/cli/commands/add-module.ts +520 -87
package/src/cli/commands/db.ts +3 -4
package/src/cli/commands/docs.ts +256 -6
package/src/cli/commands/generate.ts +12 -19
package/src/cli/commands/init.ts +384 -214
package/src/cli/index.ts +0 -4
package/src/cli/templates/repository.ts +6 -1
package/src/cli/templates/routes.ts +6 -21
package/src/cli/utils/docs-generator.ts +6 -7
package/src/cli/utils/env-manager.ts +717 -0
package/src/cli/utils/field-parser.ts +16 -7
package/src/cli/utils/interactive-prompt.ts +223 -0
package/src/cli/utils/template-manager.ts +346 -0
package/src/config/database.config.ts +183 -0
package/src/config/env.ts +0 -10
package/src/config/index.ts +0 -14
package/src/core/server.ts +1 -1
package/src/database/adapters/mongoose.adapter.ts +132 -0
package/src/database/adapters/prisma.adapter.ts +118 -0
package/src/database/connection.ts +190 -0
package/src/database/interfaces/database.interface.ts +85 -0
package/src/database/interfaces/index.ts +7 -0
package/src/database/interfaces/repository.interface.ts +129 -0
package/src/database/models/mongoose/index.ts +7 -0
package/src/database/models/mongoose/payment.schema.ts +347 -0
package/src/database/models/mongoose/user.schema.ts +154 -0
package/src/database/prisma.ts +1 -4
package/src/database/redis.ts +101 -0
package/src/database/repositories/mongoose/index.ts +7 -0
package/src/database/repositories/mongoose/payment.repository.ts +380 -0
package/src/database/repositories/mongoose/user.repository.ts +255 -0
package/src/database/seed.ts +6 -1
package/src/index.ts +9 -20
package/src/middleware/security.ts +2 -6
package/src/modules/analytics/analytics.routes.ts +80 -0
package/src/modules/analytics/analytics.service.ts +364 -0
package/src/modules/analytics/index.ts +18 -0
package/src/modules/analytics/types.ts +180 -0
package/src/modules/api-versioning/index.ts +15 -0
package/src/modules/api-versioning/types.ts +86 -0
package/src/modules/api-versioning/versioning.middleware.ts +120 -0
package/src/modules/api-versioning/versioning.routes.ts +54 -0
package/src/modules/api-versioning/versioning.service.ts +189 -0
package/src/modules/audit/audit.repository.ts +206 -0
package/src/modules/audit/audit.service.ts +27 -59
package/src/modules/auth/auth.controller.ts +2 -2
package/src/modules/auth/auth.middleware.ts +3 -9
package/src/modules/auth/auth.routes.ts +10 -107
package/src/modules/auth/auth.service.ts +126 -23
package/src/modules/auth/index.ts +3 -4
package/src/modules/cache/cache.service.ts +367 -0
package/src/modules/cache/index.ts +10 -0
package/src/modules/cache/types.ts +44 -0
package/src/modules/email/email.service.ts +3 -10
package/src/modules/email/templates.ts +2 -8
package/src/modules/feature-flag/feature-flag.repository.ts +303 -0
package/src/modules/feature-flag/feature-flag.routes.ts +247 -0
package/src/modules/feature-flag/feature-flag.service.ts +566 -0
package/src/modules/feature-flag/index.ts +20 -0
package/src/modules/feature-flag/types.ts +192 -0
package/src/modules/i18n/i18n.middleware.ts +186 -0
package/src/modules/i18n/i18n.routes.ts +191 -0
package/src/modules/i18n/i18n.service.ts +456 -0
package/src/modules/i18n/index.ts +18 -0
package/src/modules/i18n/types.ts +118 -0
package/src/modules/media-processing/index.ts +17 -0
package/src/modules/media-processing/media-processing.routes.ts +111 -0
package/src/modules/media-processing/media-processing.service.ts +245 -0
package/src/modules/media-processing/types.ts +156 -0
package/src/modules/mfa/index.ts +20 -0
package/src/modules/mfa/mfa.repository.ts +206 -0
package/src/modules/mfa/mfa.routes.ts +595 -0
package/src/modules/mfa/mfa.service.ts +572 -0
package/src/modules/mfa/totp.ts +150 -0
package/src/modules/mfa/types.ts +57 -0
package/src/modules/notification/index.ts +20 -0
package/src/modules/notification/notification.repository.ts +356 -0
package/src/modules/notification/notification.service.ts +483 -0
package/src/modules/notification/types.ts +119 -0
package/src/modules/oauth/index.ts +20 -0
package/src/modules/oauth/oauth.repository.ts +219 -0
package/src/modules/oauth/oauth.routes.ts +446 -0
package/src/modules/oauth/oauth.service.ts +293 -0
package/src/modules/oauth/providers/apple.provider.ts +250 -0
package/src/modules/oauth/providers/facebook.provider.ts +181 -0
package/src/modules/oauth/providers/github.provider.ts +248 -0
package/src/modules/oauth/providers/google.provider.ts +189 -0
package/src/modules/oauth/providers/twitter.provider.ts +214 -0
package/src/modules/oauth/types.ts +94 -0
package/src/modules/payment/index.ts +19 -0
package/src/modules/payment/payment.repository.ts +733 -0
package/src/modules/payment/payment.routes.ts +390 -0
package/src/modules/payment/payment.service.ts +354 -0
package/src/modules/payment/providers/mobile-money.provider.ts +274 -0
package/src/modules/payment/providers/paypal.provider.ts +190 -0
package/src/modules/payment/providers/stripe.provider.ts +215 -0
package/src/modules/payment/types.ts +140 -0
package/src/modules/queue/cron.ts +438 -0
package/src/modules/queue/index.ts +87 -0
package/src/modules/queue/queue.routes.ts +600 -0
package/src/modules/queue/queue.service.ts +842 -0
package/src/modules/queue/types.ts +222 -0
package/src/modules/queue/workers.ts +366 -0
package/src/modules/rate-limit/index.ts +59 -0
package/src/modules/rate-limit/rate-limit.middleware.ts +134 -0
package/src/modules/rate-limit/rate-limit.routes.ts +269 -0
package/src/modules/rate-limit/rate-limit.service.ts +348 -0
package/src/modules/rate-limit/stores/memory.store.ts +165 -0
package/src/modules/rate-limit/stores/redis.store.ts +322 -0
package/src/modules/rate-limit/types.ts +153 -0
package/src/modules/search/adapters/elasticsearch.adapter.ts +326 -0
package/src/modules/search/adapters/meilisearch.adapter.ts +261 -0
package/src/modules/search/adapters/memory.adapter.ts +278 -0
package/src/modules/search/index.ts +21 -0
package/src/modules/search/search.service.ts +234 -0
package/src/modules/search/types.ts +214 -0
package/src/modules/security/index.ts +40 -0
package/src/modules/security/sanitize.ts +223 -0
package/src/modules/security/security-audit.service.ts +388 -0
package/src/modules/security/security.middleware.ts +398 -0
package/src/modules/session/index.ts +3 -0
package/src/modules/session/session.repository.ts +159 -0
package/src/modules/session/session.service.ts +340 -0
package/src/modules/session/types.ts +38 -0
package/src/modules/swagger/index.ts +7 -1
package/src/modules/swagger/schema-builder.ts +16 -4
package/src/modules/swagger/swagger.service.ts +9 -10
package/src/modules/swagger/types.ts +0 -2
package/src/modules/upload/index.ts +14 -0
package/src/modules/upload/types.ts +83 -0
package/src/modules/upload/upload.repository.ts +199 -0
package/src/modules/upload/upload.routes.ts +311 -0
package/src/modules/upload/upload.service.ts +448 -0
package/src/modules/user/index.ts +3 -3
package/src/modules/user/user.controller.ts +15 -9
package/src/modules/user/user.repository.ts +237 -113
package/src/modules/user/user.routes.ts +39 -164
package/src/modules/user/user.service.ts +4 -3
package/src/modules/validation/validator.ts +12 -17
package/src/modules/webhook/index.ts +91 -0
package/src/modules/webhook/retry.ts +196 -0
package/src/modules/webhook/signature.ts +135 -0
package/src/modules/webhook/types.ts +181 -0
package/src/modules/webhook/webhook.repository.ts +358 -0
package/src/modules/webhook/webhook.routes.ts +442 -0
package/src/modules/webhook/webhook.service.ts +457 -0
package/src/modules/websocket/features.ts +504 -0
package/src/modules/websocket/index.ts +106 -0
package/src/modules/websocket/middlewares.ts +298 -0
package/src/modules/websocket/types.ts +181 -0
package/src/modules/websocket/websocket.service.ts +692 -0
package/src/utils/errors.ts +7 -0
package/src/utils/pagination.ts +4 -1
package/tests/helpers/db-check.ts +79 -0
package/tests/integration/auth-redis.test.ts +94 -0
package/tests/integration/cache-redis.test.ts +387 -0
package/tests/integration/mongoose-repositories.test.ts +410 -0
package/tests/integration/payment-prisma.test.ts +637 -0
package/tests/integration/queue-bullmq.test.ts +417 -0
package/tests/integration/user-prisma.test.ts +441 -0
package/tests/integration/websocket-socketio.test.ts +552 -0
package/tests/setup.ts +11 -9
package/vitest.config.ts +3 -8
package/npm-cache/_cacache/content-v2/sha512/1c/d0/03440d500a0487621aad1d6402978340698976602046db8e24fa03c01ee6c022c69b0582f969042d9442ee876ac35c038e960dd427d1e622fa24b8eb7dba +0 -0
package/npm-cache/_cacache/content-v2/sha512/42/55/28b493ca491833e5aab0e9c3108d29ab3f36c248ca88f45d4630674fce9130959e56ae308797ac2b6328fa7f09a610b9550ed09cb971d039876d293fc69d +0 -0
package/npm-cache/_cacache/content-v2/sha512/e0/12/f360dc9315ee5f17844a0c8c233ee6bf7c30837c4a02ea0d56c61c7f7ab21c0e958e50ed2c57c59f983c762b93056778c9009b2398ffc26def0183999b13 +0 -0
package/npm-cache/_cacache/content-v2/sha512/ed/b0/fae1161902898f4c913c67d7f6cdf6be0665aec3b389b9c4f4f0a101ca1da59badf1b59c4e0030f5223023b8d63cfe501c46a32c20c895d4fb3f11ca2232 +0 -0
package/npm-cache/_cacache/index-v5/58/94/c2cba79e0f16b4c10e95a87e32255741149e8222cc314a476aab67c39cc0 +0 -5

package/src/modules/security/security-audit.service.ts ADDED Viewed

@@ -0,0 +1,388 @@
+/**
+ * Security Audit Service
+ * Tracks and logs security-related events for compliance and monitoring
+ */
+import { randomUUID } from 'crypto';
+import type { FastifyRequest } from 'fastify';
+import type { Prisma } from '@prisma/client';
+import { logger } from '../../core/logger.js';
+import { getRedis } from '../../database/redis.js';
+import { prisma } from '../../database/prisma.js';
+export type SecurityEventType =
+  | 'auth.login.success'
+  | 'auth.login.failed'
+  | 'auth.logout'
+  | 'auth.token.revoked'
+  | 'auth.password.changed'
+  | 'auth.password.reset.requested'
+  | 'auth.password.reset.completed'
+  | 'auth.mfa.enabled'
+  | 'auth.mfa.disabled'
+  | 'auth.mfa.verified'
+  | 'auth.mfa.failed'
+  | 'auth.session.created'
+  | 'auth.session.destroyed'
+  | 'access.denied'
+  | 'access.granted'
+  | 'rate.limit.exceeded'
+  | 'suspicious.activity'
+  | 'csrf.violation'
+  | 'xss.attempt'
+  | 'sqli.attempt'
+  | 'brute.force.detected'
+  | 'account.locked'
+  | 'account.unlocked'
+  | 'permission.changed'
+  | 'role.changed'
+  | 'api.key.created'
+  | 'api.key.revoked'
+  | 'data.export'
+  | 'data.deletion'
+  | 'admin.action';
+export interface SecurityEvent {
+  id: string;
+  type: SecurityEventType;
+  severity: 'low' | 'medium' | 'high' | 'critical';
+  userId?: string;
+  ip?: string;
+  userAgent?: string;
+  resource?: string;
+  action?: string;
+  details?: Record<string, unknown>;
+  success: boolean;
+  timestamp: Date;
+}
+export interface SecurityEventInput {
+  type: SecurityEventType;
+  severity?: 'low' | 'medium' | 'high' | 'critical';
+  userId?: string;
+  request?: FastifyRequest;
+  resource?: string;
+  action?: string;
+  details?: Record<string, unknown>;
+  success?: boolean;
+}
+// Default severity levels for event types
+const DEFAULT_SEVERITY: Record<SecurityEventType, SecurityEvent['severity']> = {
+  'auth.login.success': 'low',
+  'auth.login.failed': 'medium',
+  'auth.logout': 'low',
+  'auth.token.revoked': 'low',
+  'auth.password.changed': 'medium',
+  'auth.password.reset.requested': 'medium',
+  'auth.password.reset.completed': 'medium',
+  'auth.mfa.enabled': 'medium',
+  'auth.mfa.disabled': 'high',
+  'auth.mfa.verified': 'low',
+  'auth.mfa.failed': 'medium',
+  'auth.session.created': 'low',
+  'auth.session.destroyed': 'low',
+  'access.denied': 'medium',
+  'access.granted': 'low',
+  'rate.limit.exceeded': 'medium',
+  'suspicious.activity': 'high',
+  'csrf.violation': 'high',
+  'xss.attempt': 'critical',
+  'sqli.attempt': 'critical',
+  'brute.force.detected': 'high',
+  'account.locked': 'high',
+  'account.unlocked': 'medium',
+  'permission.changed': 'high',
+  'role.changed': 'high',
+  'api.key.created': 'medium',
+  'api.key.revoked': 'medium',
+  'data.export': 'high',
+  'data.deletion': 'critical',
+  'admin.action': 'high',
+};
+export class SecurityAuditService {
+  private redis = getRedis();
+  private readonly REDIS_KEY_PREFIX = 'security:audit:';
+  private readonly REDIS_ALERTS_KEY = 'security:alerts:recent';
+  private readonly MAX_RECENT_ALERTS = 100;
+  /**
+   * Log a security event
+   */
+  async log(input: SecurityEventInput): Promise<SecurityEvent> {
+    const event: SecurityEvent = {
+      id: randomUUID(),
+      type: input.type,
+      severity: input.severity || DEFAULT_SEVERITY[input.type] || 'medium',
+      userId: input.userId,
+      ip: input.request?.ip,
+      userAgent: input.request?.headers['user-agent'],
+      resource: input.resource,
+      action: input.action,
+      details: input.details,
+      success: input.success ?? true,
+      timestamp: new Date(),
+    };
+    // Log to structured logger
+    const logMethod = event.severity === 'critical' || event.severity === 'high' ? 'warn' : 'info';
+    logger[logMethod](
+      {
+        securityEvent: true,
+        eventId: event.id,
+        eventType: event.type,
+        severity: event.severity,
+        userId: event.userId,
+        ip: event.ip,
+        success: event.success,
+        ...event.details,
+      },
+      `Security: ${event.type}`
+    );
+    // Store in Redis for real-time monitoring (last 24 hours)
+    try {
+      const key = `${this.REDIS_KEY_PREFIX}${event.id}`;
+      await this.redis.setex(key, 86400, JSON.stringify(event));
+      // Add to recent alerts if high/critical severity
+      if (event.severity === 'high' || event.severity === 'critical') {
+        await this.redis.lpush(this.REDIS_ALERTS_KEY, JSON.stringify(event));
+        await this.redis.ltrim(this.REDIS_ALERTS_KEY, 0, this.MAX_RECENT_ALERTS - 1);
+      }
+    } catch (error) {
+      logger.error({ err: error }, 'Failed to store security event in Redis');
+    }
+    // Store in database for long-term retention
+    try {
+      await prisma.auditLog.create({
+        data: {
+          userId: event.userId,
+          action: event.type,
+          resource: event.resource || 'security',
+          resourceId: event.id,
+          ipAddress: event.ip,
+          userAgent: event.userAgent,
+          metadata: {
+            severity: event.severity,
+            success: event.success,
+            details: event.details || null,
+          } as Prisma.InputJsonValue,
+        },
+      });
+    } catch (error) {
+      logger.error({ err: error }, 'Failed to store security event in database');
+    }
+    return event;
+  }
+  /**
+   * Log authentication success
+   */
+  async logLoginSuccess(userId: string, request?: FastifyRequest): Promise<void> {
+    await this.log({
+      type: 'auth.login.success',
+      userId,
+      request,
+      success: true,
+    });
+  }
+  /**
+   * Log authentication failure
+   */
+  async logLoginFailed(email: string, reason: string, request?: FastifyRequest): Promise<void> {
+    await this.log({
+      type: 'auth.login.failed',
+      request,
+      details: { email, reason },
+      success: false,
+    });
+  }
+  /**
+   * Log suspicious activity
+   */
+  async logSuspiciousActivity(
+    description: string,
+    request?: FastifyRequest,
+    details?: Record<string, unknown>
+  ): Promise<void> {
+    await this.log({
+      type: 'suspicious.activity',
+      request,
+      details: { description, ...details },
+      success: false,
+    });
+  }
+  /**
+   * Log rate limit exceeded
+   */
+  async logRateLimitExceeded(request: FastifyRequest, limit: number): Promise<void> {
+    await this.log({
+      type: 'rate.limit.exceeded',
+      request,
+      details: { limit, path: request.url },
+      success: false,
+    });
+  }
+  /**
+   * Log brute force detection
+   */
+  async logBruteForceDetected(
+    request: FastifyRequest,
+    attempts: number,
+    targetResource: string
+  ): Promise<void> {
+    await this.log({
+      type: 'brute.force.detected',
+      request,
+      resource: targetResource,
+      details: { attempts },
+      success: false,
+    });
+  }
+  /**
+   * Log access denied
+   */
+  async logAccessDenied(
+    userId: string | undefined,
+    resource: string,
+    action: string,
+    request?: FastifyRequest
+  ): Promise<void> {
+    await this.log({
+      type: 'access.denied',
+      userId,
+      request,
+      resource,
+      action,
+      success: false,
+    });
+  }
+  /**
+   * Log admin action
+   */
+  async logAdminAction(
+    adminUserId: string,
+    action: string,
+    targetResource: string,
+    details?: Record<string, unknown>,
+    request?: FastifyRequest
+  ): Promise<void> {
+    await this.log({
+      type: 'admin.action',
+      userId: adminUserId,
+      request,
+      resource: targetResource,
+      action,
+      details,
+      success: true,
+    });
+  }
+  /**
+   * Get recent security alerts
+   */
+  async getRecentAlerts(limit = 50): Promise<SecurityEvent[]> {
+    try {
+      const alerts = await this.redis.lrange(this.REDIS_ALERTS_KEY, 0, limit - 1);
+      return alerts.map((a) => JSON.parse(a) as SecurityEvent);
+    } catch {
+      return [];
+    }
+  }
+  /**
+   * Get security events for a user
+   */
+  async getUserEvents(userId: string, limit = 100): Promise<SecurityEvent[]> {
+    const logs = await prisma.auditLog.findMany({
+      where: {
+        userId,
+        action: {
+          startsWith: 'auth.',
+        },
+      },
+      orderBy: { createdAt: 'desc' },
+      take: limit,
+    });
+    return logs.map((log) => ({
+      id: log.id,
+      type: log.action as SecurityEventType,
+      severity:
+        ((log.metadata as Record<string, unknown>)?.severity as SecurityEvent['severity']) || 'low',
+      userId: log.userId || undefined,
+      ip: log.ipAddress || undefined,
+      userAgent: log.userAgent || undefined,
+      resource: log.resource,
+      action: log.action,
+      details: (log.metadata as Record<string, unknown>)?.details as
+        | Record<string, unknown>
+        | undefined,
+      success: ((log.metadata as Record<string, unknown>)?.success as boolean) ?? true,
+      timestamp: log.createdAt,
+    }));
+  }
+  /**
+   * Get security stats
+   */
+  async getStats(hours = 24): Promise<{
+    totalEvents: number;
+    failedLogins: number;
+    suspiciousActivities: number;
+    rateLimitExceeded: number;
+    criticalAlerts: number;
+  }> {
+    const since = new Date();
+    since.setHours(since.getHours() - hours);
+    const [totalEvents, failedLogins, suspiciousActivities, rateLimitExceeded, criticalAlerts] =
+      await Promise.all([
+        prisma.auditLog.count({
+          where: { createdAt: { gte: since } },
+        }),
+        prisma.auditLog.count({
+          where: { action: 'auth.login.failed', createdAt: { gte: since } },
+        }),
+        prisma.auditLog.count({
+          where: { action: 'suspicious.activity', createdAt: { gte: since } },
+        }),
+        prisma.auditLog.count({
+          where: { action: 'rate.limit.exceeded', createdAt: { gte: since } },
+        }),
+        prisma.auditLog.count({
+          where: {
+            createdAt: { gte: since },
+            metadata: { path: ['severity'], equals: 'critical' },
+          },
+        }),
+      ]);
+    return {
+      totalEvents,
+      failedLogins,
+      suspiciousActivities,
+      rateLimitExceeded,
+      criticalAlerts,
+    };
+  }
+}
+let securityAuditService: SecurityAuditService | null = null;
+export function getSecurityAuditService(): SecurityAuditService {
+  if (!securityAuditService) {
+    securityAuditService = new SecurityAuditService();
+  }
+  return securityAuditService;
+}