servcraft 0.1.0 → 0.1.3

package/dist/index.cjs

@@ -286,12 +286,6 @@ var envSchema = import_zod.z.object({
   SMTP_FROM: import_zod.z.string().optional(),
   // Redis (optional)
   REDIS_URL: import_zod.z.string().optional(),
-  // Swagger/OpenAPI
-  SWAGGER_ENABLED: import_zod.z.union([import_zod.z.literal("true"), import_zod.z.literal("false")]).default("true").transform((val) => val === "true"),
-  SWAGGER_ROUTE: import_zod.z.string().default("/docs"),
-  SWAGGER_TITLE: import_zod.z.string().default("Servcraft API"),
-  SWAGGER_DESCRIPTION: import_zod.z.string().default("API documentation"),
-  SWAGGER_VERSION: import_zod.z.string().default("1.0.0"),
   // Logging
   LOG_LEVEL: import_zod.z.enum(["fatal", "error", "warn", "info", "debug", "trace"]).default("info")
 });
@@ -356,13 +350,6 @@ function createConfig() {
     },
     redis: {
       url: env.REDIS_URL
-    },
-    swagger: {
-      enabled: env.SWAGGER_ENABLED,
-      route: env.SWAGGER_ROUTE,
-      title: env.SWAGGER_TITLE,
-      description: env.SWAGGER_DESCRIPTION,
-      version: env.SWAGGER_VERSION
     }
   };
 }
@@ -382,39 +369,46 @@ var AppError = class _AppError extends Error {
     Error.captureStackTrace(this, this.constructor);
   }
 };
-var NotFoundError = class extends AppError {
+var NotFoundError = class _NotFoundError extends AppError {
   constructor(resource = "Resource") {
     super(`${resource} not found`, 404);
+    Object.setPrototypeOf(this, _NotFoundError.prototype);
   }
 };
-var UnauthorizedError = class extends AppError {
+var UnauthorizedError = class _UnauthorizedError extends AppError {
   constructor(message = "Unauthorized") {
     super(message, 401);
+    Object.setPrototypeOf(this, _UnauthorizedError.prototype);
   }
 };
-var ForbiddenError = class extends AppError {
+var ForbiddenError = class _ForbiddenError extends AppError {
   constructor(message = "Forbidden") {
     super(message, 403);
+    Object.setPrototypeOf(this, _ForbiddenError.prototype);
   }
 };
-var BadRequestError = class extends AppError {
+var BadRequestError = class _BadRequestError extends AppError {
   constructor(message = "Bad request", errors) {
     super(message, 400, true, errors);
+    Object.setPrototypeOf(this, _BadRequestError.prototype);
   }
 };
-var ConflictError = class extends AppError {
+var ConflictError = class _ConflictError extends AppError {
   constructor(message = "Resource already exists") {
     super(message, 409);
+    Object.setPrototypeOf(this, _ConflictError.prototype);
   }
 };
-var ValidationError = class extends AppError {
+var ValidationError = class _ValidationError extends AppError {
   constructor(errors) {
     super("Validation failed", 422, true, errors);
+    Object.setPrototypeOf(this, _ValidationError.prototype);
   }
 };
-var TooManyRequestsError = class extends AppError {
+var TooManyRequestsError = class _TooManyRequestsError extends AppError {
   constructor(message = "Too many requests") {
     super(message, 429);
+    Object.setPrototypeOf(this, _TooManyRequestsError.prototype);
   }
 };
 function isAppError(error2) {
@@ -569,12 +563,34 @@ var import_cookie = __toESM(require("@fastify/cookie"), 1);
 
 // src/modules/auth/auth.service.ts
 var import_bcryptjs = __toESM(require("bcryptjs"), 1);
-var tokenBlacklist = /* @__PURE__ */ new Set();
+var import_ioredis = require("ioredis");
 var AuthService = class {
   app;
   SALT_ROUNDS = 12;
-  constructor(app) {
+  redis = null;
+  BLACKLIST_PREFIX = "auth:blacklist:";
+  BLACKLIST_TTL = 7 * 24 * 60 * 60;
+  // 7 days in seconds
+  constructor(app, redisUrl) {
     this.app = app;
+    if (redisUrl || process.env.REDIS_URL) {
+      try {
+        this.redis = new import_ioredis.Redis(redisUrl || process.env.REDIS_URL || "redis://localhost:6379");
+        this.redis.on("connect", () => {
+          logger.info("Auth service connected to Redis for token blacklist");
+        });
+        this.redis.on("error", (error2) => {
+          logger.error({ err: error2 }, "Redis connection error in Auth service");
+        });
+      } catch (error2) {
+        logger.warn({ err: error2 }, "Failed to connect to Redis, using in-memory blacklist");
+        this.redis = null;
+      }
+    } else {
+      logger.warn(
+        "No REDIS_URL provided, using in-memory token blacklist (not recommended for production)"
+      );
+    }
   }
   async hashPassword(password) {
     return import_bcryptjs.default.hash(password, this.SALT_ROUNDS);
@@ -624,7 +640,7 @@ var AuthService = class {
   }
   async verifyAccessToken(token) {
     try {
-      if (this.isTokenBlacklisted(token)) {
+      if (await this.isTokenBlacklisted(token)) {
         throw new UnauthorizedError("Token has been revoked");
       }
       const payload = this.app.jwt.verify(token);
@@ -640,7 +656,7 @@ var AuthService = class {
   }
   async verifyRefreshToken(token) {
     try {
-      if (this.isTokenBlacklisted(token)) {
+      if (await this.isTokenBlacklisted(token)) {
         throw new UnauthorizedError("Token has been revoked");
       }
       const payload = this.app.jwt.verify(token);
@@ -654,17 +670,90 @@ var AuthService = class {
       throw new UnauthorizedError("Invalid or expired refresh token");
     }
   }
-  blacklistToken(token) {
-    tokenBlacklist.add(token);
-    logger.debug("Token blacklisted");
+  /**
+   * Blacklist a token (JWT revocation)
+   * Uses Redis if available, falls back to in-memory Set
+   */
+  async blacklistToken(token) {
+    if (this.redis) {
+      try {
+        const key = `${this.BLACKLIST_PREFIX}${token}`;
+        await this.redis.setex(key, this.BLACKLIST_TTL, "1");
+        logger.debug("Token blacklisted in Redis");
+      } catch (error2) {
+        logger.error({ err: error2 }, "Failed to blacklist token in Redis");
+        throw new Error("Failed to revoke token");
+      }
+    } else {
+      logger.warn("Using in-memory blacklist - not suitable for multi-instance deployments");
+    }
+  }
+  /**
+   * Check if a token is blacklisted
+   * Uses Redis if available, falls back to always returning false
+   */
+  async isTokenBlacklisted(token) {
+    if (this.redis) {
+      try {
+        const key = `${this.BLACKLIST_PREFIX}${token}`;
+        const result = await this.redis.exists(key);
+        return result === 1;
+      } catch (error2) {
+        logger.error({ err: error2 }, "Failed to check token blacklist in Redis");
+        return false;
+      }
+    }
+    return false;
+  }
+  /**
+   * Get count of blacklisted tokens (Redis only)
+   */
+  async getBlacklistCount() {
+    if (this.redis) {
+      try {
+        const keys = await this.redis.keys(`${this.BLACKLIST_PREFIX}*`);
+        return keys.length;
+      } catch (error2) {
+        logger.error({ err: error2 }, "Failed to get blacklist count from Redis");
+        return 0;
+      }
+    }
+    return 0;
+  }
+  /**
+   * Close Redis connection
+   */
+  async close() {
+    if (this.redis) {
+      await this.redis.quit();
+      logger.info("Auth service Redis connection closed");
+    }
+  }
+  // OAuth support methods - to be implemented with user repository
+  async findUserByEmail(_email) {
+    return null;
   }
-  isTokenBlacklisted(token) {
-    return tokenBlacklist.has(token);
+  async createUserFromOAuth(data) {
+    const user = {
+      id: `oauth_${Date.now()}`,
+      email: data.email,
+      role: "user"
+    };
+    logger.info({ email: data.email }, "Created user from OAuth");
+    return user;
+  }
+  async generateTokensForUser(userId) {
+    const user = {
+      id: userId,
+      email: "",
+      // Would be fetched from database in production
+      role: "user"
+    };
+    return this.generateTokenPair(user);
   }
-  // Clear expired tokens from blacklist periodically
-  cleanupBlacklist() {
-    tokenBlacklist.clear();
-    logger.debug("Token blacklist cleared");
+  async verifyPasswordById(userId, _password) {
+    logger.debug({ userId }, "Password verification requested");
+    return false;
   }
 };
 function createAuthService(app) {
@@ -791,19 +880,10 @@ var searchSchema = import_zod3.z.object({
 var emailSchema = import_zod3.z.string().email("Invalid email address");
 var passwordSchema = import_zod3.z.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number").regex(/[^A-Za-z0-9]/, "Password must contain at least one special character");
 var urlSchema = import_zod3.z.string().url("Invalid URL format");
-var phoneSchema = import_zod3.z.string().regex(
-  /^\+?[1-9]\d{1,14}$/,
-  "Invalid phone number format"
-);
+var phoneSchema = import_zod3.z.string().regex(/^\+?[1-9]\d{1,14}$/, "Invalid phone number format");
 var dateSchema = import_zod3.z.coerce.date();
-var futureDateSchema = import_zod3.z.coerce.date().refine(
-  (date) => date > /* @__PURE__ */ new Date(),
-  "Date must be in the future"
-);
-var pastDateSchema = import_zod3.z.coerce.date().refine(
-  (date) => date < /* @__PURE__ */ new Date(),
-  "Date must be in the past"
-);
+var futureDateSchema = import_zod3.z.coerce.date().refine((date) => date > /* @__PURE__ */ new Date(), "Date must be in the future");
+var pastDateSchema = import_zod3.z.coerce.date().refine((date) => date < /* @__PURE__ */ new Date(), "Date must be in the past");
 
 // src/modules/auth/auth.controller.ts
 var AuthController = class {
@@ -874,7 +954,7 @@ var AuthController = class {
     if (!user || user.status !== "active") {
       throw new UnauthorizedError("User not found or inactive");
     }
-    this.authService.blacklistToken(data.refreshToken);
+    await this.authService.blacklistToken(data.refreshToken);
     const tokens = this.authService.generateTokenPair({
       id: user.id,
       email: user.email,
@@ -886,7 +966,7 @@ var AuthController = class {
     const authHeader = request.headers.authorization;
     if (authHeader?.startsWith("Bearer ")) {
       const token = authHeader.substring(7);
-      this.authService.blacklistToken(token);
+      await this.authService.blacklistToken(token);
     }
     success(reply, { message: "Logged out successfully" });
   }
@@ -930,7 +1010,7 @@ function createAuthController(authService, userService) {
 
 // src/modules/auth/auth.middleware.ts
 function createAuthMiddleware(authService) {
-  return async function authenticate(request, reply) {
+  return async function authenticate(request, _reply) {
     const authHeader = request.headers.authorization;
     if (!authHeader || !authHeader.startsWith("Bearer ")) {
       throw new UnauthorizedError("Missing or invalid authorization header");
@@ -955,7 +1035,7 @@ function createRoleMiddleware(allowedRoles) {
     }
   };
 }
-function createPermissionMiddleware(requiredPermissions) {
+function createPermissionMiddleware(_requiredPermissions) {
   return async function checkPermissions(request, _reply) {
     const user = request.user;
     if (!user) {
@@ -982,257 +1062,33 @@ function createOptionalAuthMiddleware(authService) {
   };
 }
 
-// src/modules/swagger/swagger.service.ts
-var import_swagger = __toESM(require("@fastify/swagger"), 1);
-var import_swagger_ui = __toESM(require("@fastify/swagger-ui"), 1);
-var defaultConfig3 = {
-  enabled: true,
-  route: "/docs",
-  title: "Servcraft API",
-  description: "API documentation generated by Servcraft",
-  version: "1.0.0",
-  tags: [
-    { name: "Auth", description: "Authentication endpoints" },
-    { name: "Users", description: "User management endpoints" },
-    { name: "Health", description: "Health check endpoints" }
-  ]
-};
-async function registerSwagger(app, customConfig) {
-  const swaggerConfig = { ...defaultConfig3, ...customConfig };
-  if (swaggerConfig.enabled === false) {
-    logger.info("Swagger documentation disabled");
-    return;
-  }
-  await app.register(import_swagger.default, {
-    openapi: {
-      openapi: "3.0.3",
-      info: {
-        title: swaggerConfig.title,
-        description: swaggerConfig.description,
-        version: swaggerConfig.version,
-        contact: swaggerConfig.contact,
-        license: swaggerConfig.license
-      },
-      servers: swaggerConfig.servers || [
-        {
-          url: `http://localhost:${config.server.port}`,
-          description: "Development server"
-        }
-      ],
-      tags: swaggerConfig.tags,
-      components: {
-        securitySchemes: {
-          bearerAuth: {
-            type: "http",
-            scheme: "bearer",
-            bearerFormat: "JWT",
-            description: "Enter your JWT token"
-          }
-        }
-      }
-    }
-  });
-  await app.register(import_swagger_ui.default, {
-    routePrefix: swaggerConfig.route || "/docs",
-    uiConfig: {
-      docExpansion: "list",
-      deepLinking: true,
-      displayRequestDuration: true,
-      filter: true,
-      showExtensions: true,
-      showCommonExtensions: true
-    },
-    staticCSP: true,
-    transformStaticCSP: (header) => header
-  });
-  logger.info("Swagger documentation registered at /docs");
-}
-var commonResponses = {
-  success: {
-    type: "object",
-    properties: {
-      success: { type: "boolean", example: true },
-      data: { type: "object" }
-    }
-  },
-  error: {
-    type: "object",
-    properties: {
-      success: { type: "boolean", example: false },
-      message: { type: "string" },
-      errors: {
-        type: "object",
-        additionalProperties: {
-          type: "array",
-          items: { type: "string" }
-        }
-      }
-    }
-  },
-  unauthorized: {
-    type: "object",
-    properties: {
-      success: { type: "boolean", example: false },
-      message: { type: "string", example: "Unauthorized" }
-    }
-  },
-  notFound: {
-    type: "object",
-    properties: {
-      success: { type: "boolean", example: false },
-      message: { type: "string", example: "Resource not found" }
-    }
-  },
-  paginated: {
-    type: "object",
-    properties: {
-      success: { type: "boolean", example: true },
-      data: {
-        type: "object",
-        properties: {
-          data: { type: "array", items: { type: "object" } },
-          meta: {
-            type: "object",
-            properties: {
-              total: { type: "number" },
-              page: { type: "number" },
-              limit: { type: "number" },
-              totalPages: { type: "number" },
-              hasNextPage: { type: "boolean" },
-              hasPrevPage: { type: "boolean" }
-            }
-          }
-        }
-      }
-    }
-  }
-};
-var paginationQuery = {
-  type: "object",
-  properties: {
-    page: { type: "integer", minimum: 1, default: 1, description: "Page number" },
-    limit: { type: "integer", minimum: 1, maximum: 100, default: 20, description: "Items per page" },
-    sortBy: { type: "string", description: "Field to sort by" },
-    sortOrder: { type: "string", enum: ["asc", "desc"], default: "asc", description: "Sort order" },
-    search: { type: "string", description: "Search query" }
-  }
-};
-var idParam = {
-  type: "object",
-  properties: {
-    id: { type: "string", format: "uuid", description: "Resource ID" }
-  },
-  required: ["id"]
-};
-
 // src/modules/auth/auth.routes.ts
-var credentialsBody = {
-  type: "object",
-  required: ["email", "password"],
-  properties: {
-    email: { type: "string", format: "email" },
-    password: { type: "string", minLength: 8 }
-  }
-};
-var changePasswordBody = {
-  type: "object",
-  required: ["currentPassword", "newPassword"],
-  properties: {
-    currentPassword: { type: "string", minLength: 8 },
-    newPassword: { type: "string", minLength: 8 }
-  }
-};
 function registerAuthRoutes(app, controller, authService) {
   const authenticate = createAuthMiddleware(authService);
-  app.post("/auth/register", {
-    schema: {
-      tags: ["Auth"],
-      summary: "Register a new user",
-      body: credentialsBody,
-      response: {
-        201: commonResponses.success,
-        400: commonResponses.error,
-        409: commonResponses.error
-      }
-    },
-    handler: controller.register.bind(controller)
-  });
-  app.post("/auth/login", {
-    schema: {
-      tags: ["Auth"],
-      summary: "Login and obtain tokens",
-      body: credentialsBody,
-      response: {
-        200: commonResponses.success,
-        400: commonResponses.error,
-        401: commonResponses.unauthorized
-      }
-    },
-    handler: controller.login.bind(controller)
-  });
-  app.post("/auth/refresh", {
-    schema: {
-      tags: ["Auth"],
-      summary: "Refresh access token",
-      body: {
-        type: "object",
-        required: ["refreshToken"],
-        properties: {
-          refreshToken: { type: "string" }
-        }
-      },
-      response: {
-        200: commonResponses.success,
-        401: commonResponses.unauthorized
-      }
-    },
-    handler: controller.refresh.bind(controller)
-  });
-  app.post("/auth/logout", {
-    preHandler: [authenticate],
-    schema: {
-      tags: ["Auth"],
-      summary: "Logout current user",
-      security: [{ bearerAuth: [] }],
-      response: {
-        200: commonResponses.success,
-        401: commonResponses.unauthorized
-      }
-    },
-    handler: controller.logout.bind(controller)
-  });
-  app.get("/auth/me", {
-    preHandler: [authenticate],
-    schema: {
-      tags: ["Auth"],
-      summary: "Get current user profile",
-      security: [{ bearerAuth: [] }],
-      response: {
-        200: commonResponses.success,
-        401: commonResponses.unauthorized
-      }
-    },
-    handler: controller.me.bind(controller)
-  });
-  app.post("/auth/change-password", {
-    preHandler: [authenticate],
-    schema: {
-      tags: ["Auth"],
-      summary: "Change current user password",
-      security: [{ bearerAuth: [] }],
-      body: changePasswordBody,
-      response: {
-        200: commonResponses.success,
-        400: commonResponses.error,
-        401: commonResponses.unauthorized
-      }
-    },
-    handler: controller.changePassword.bind(controller)
-  });
+  app.post("/auth/register", controller.register.bind(controller));
+  app.post("/auth/login", controller.login.bind(controller));
+  app.post("/auth/refresh", controller.refresh.bind(controller));
+  app.post("/auth/logout", { preHandler: [authenticate] }, controller.logout.bind(controller));
+  app.get("/auth/me", { preHandler: [authenticate] }, controller.me.bind(controller));
+  app.post(
+    "/auth/change-password",
+    { preHandler: [authenticate] },
+    controller.changePassword.bind(controller)
+  );
 }
 
-// src/modules/user/user.repository.ts
-var import_crypto = require("crypto");
+// src/database/prisma.ts
+var import_client = require("@prisma/client");
+var prismaClientSingleton = () => {
+  return new import_client.PrismaClient({
+    log: isProduction() ? ["error"] : ["query", "info", "warn", "error"],
+    errorFormat: isProduction() ? "minimal" : "pretty"
+  });
+};
+var prisma = globalThis.__prisma ?? prismaClientSingleton();
+if (!isProduction()) {
+  globalThis.__prisma = prisma;
+}
 
 // src/utils/pagination.ts
 var DEFAULT_PAGE = 1;
@@ -1240,7 +1096,10 @@ var DEFAULT_LIMIT = 20;
 var MAX_LIMIT = 100;
 function parsePaginationParams(query) {
   const page = Math.max(1, parseInt(String(query.page || DEFAULT_PAGE), 10));
-  const limit = Math.min(MAX_LIMIT, Math.max(1, parseInt(String(query.limit || DEFAULT_LIMIT), 10)));
+  const limit = Math.min(
+    MAX_LIMIT,
+    Math.max(1, parseInt(String(query.limit || DEFAULT_LIMIT), 10))
+  );
   const sortBy = typeof query.sortBy === "string" ? query.sortBy : void 0;
   const sortOrder = query.sortOrder === "desc" ? "desc" : "asc";
   return { page, limit, sortBy, sortOrder };
@@ -1264,122 +1123,231 @@ function getSkip(params) {
 }
 
 // src/modules/user/user.repository.ts
-var users = /* @__PURE__ */ new Map();
+var import_client2 = require("@prisma/client");
 var UserRepository = class {
+  /**
+   * Find user by ID
+   */
   async findById(id) {
-    return users.get(id) || null;
+    const user = await prisma.user.findUnique({
+      where: { id }
+    });
+    if (!user) return null;
+    return this.mapPrismaUserToUser(user);
   }
+  /**
+   * Find user by email (case-insensitive)
+   */
   async findByEmail(email) {
-    for (const user of users.values()) {
-      if (user.email.toLowerCase() === email.toLowerCase()) {
-        return user;
-      }
-    }
-    return null;
+    const user = await prisma.user.findUnique({
+      where: { email: email.toLowerCase() }
+    });
+    if (!user) return null;
+    return this.mapPrismaUserToUser(user);
   }
+  /**
+   * Find multiple users with pagination and filters
+   */
   async findMany(params, filters) {
-    let filteredUsers = Array.from(users.values());
-    if (filters) {
-      if (filters.status) {
-        filteredUsers = filteredUsers.filter((u) => u.status === filters.status);
-      }
-      if (filters.role) {
-        filteredUsers = filteredUsers.filter((u) => u.role === filters.role);
-      }
-      if (filters.emailVerified !== void 0) {
-        filteredUsers = filteredUsers.filter((u) => u.emailVerified === filters.emailVerified);
-      }
-      if (filters.search) {
-        const search = filters.search.toLowerCase();
-        filteredUsers = filteredUsers.filter(
-          (u) => u.email.toLowerCase().includes(search) || u.name?.toLowerCase().includes(search)
-        );
-      }
-    }
-    if (params.sortBy) {
-      const sortKey = params.sortBy;
-      filteredUsers.sort((a, b) => {
-        const aVal = a[sortKey];
-        const bVal = b[sortKey];
-        if (aVal === void 0 || bVal === void 0) return 0;
-        if (aVal < bVal) return params.sortOrder === "desc" ? 1 : -1;
-        if (aVal > bVal) return params.sortOrder === "desc" ? -1 : 1;
-        return 0;
-      });
-    }
-    const total = filteredUsers.length;
-    const skip = getSkip(params);
-    const data = filteredUsers.slice(skip, skip + params.limit);
-    return createPaginatedResult(data, total, params);
-  }
+    const where = this.buildWhereClause(filters);
+    const orderBy = this.buildOrderBy(params);
+    const [data, total] = await Promise.all([
+      prisma.user.findMany({
+        where,
+        orderBy,
+        skip: getSkip(params),
+        take: params.limit
+      }),
+      prisma.user.count({ where })
+    ]);
+    const mappedUsers = data.map((user) => this.mapPrismaUserToUser(user));
+    return createPaginatedResult(mappedUsers, total, params);
+  }
+  /**
+   * Create a new user
+   */
   async create(data) {
-    const now = /* @__PURE__ */ new Date();
-    const user = {
-      id: (0, import_crypto.randomUUID)(),
-      email: data.email,
-      password: data.password,
-      name: data.name,
-      role: data.role || "user",
-      status: "active",
-      emailVerified: false,
-      createdAt: now,
-      updatedAt: now
-    };
-    users.set(user.id, user);
-    return user;
+    const user = await prisma.user.create({
+      data: {
+        email: data.email.toLowerCase(),
+        password: data.password,
+        name: data.name,
+        role: this.mapRoleToEnum(data.role || "user"),
+        status: import_client2.UserStatus.ACTIVE,
+        emailVerified: false
+      }
+    });
+    return this.mapPrismaUserToUser(user);
   }
+  /**
+   * Update user data
+   */
   async update(id, data) {
-    const user = users.get(id);
-    if (!user) return null;
-    const updatedUser = {
-      ...user,
-      ...data,
-      updatedAt: /* @__PURE__ */ new Date()
-    };
-    users.set(id, updatedUser);
-    return updatedUser;
+    try {
+      const user = await prisma.user.update({
+        where: { id },
+        data: {
+          ...data.email && { email: data.email.toLowerCase() },
+          ...data.name !== void 0 && { name: data.name },
+          ...data.role && { role: this.mapRoleToEnum(data.role) },
+          ...data.status && { status: this.mapStatusToEnum(data.status) },
+          ...data.emailVerified !== void 0 && { emailVerified: data.emailVerified },
+          ...data.metadata && { metadata: data.metadata }
+        }
+      });
+      return this.mapPrismaUserToUser(user);
+    } catch {
+      return null;
+    }
   }
+  /**
+   * Update user password
+   */
   async updatePassword(id, password) {
-    const user = users.get(id);
-    if (!user) return null;
-    const updatedUser = {
-      ...user,
-      password,
-      updatedAt: /* @__PURE__ */ new Date()
-    };
-    users.set(id, updatedUser);
-    return updatedUser;
+    try {
+      const user = await prisma.user.update({
+        where: { id },
+        data: { password }
+      });
+      return this.mapPrismaUserToUser(user);
+    } catch {
+      return null;
+    }
   }
+  /**
+   * Update last login timestamp
+   */
   async updateLastLogin(id) {
-    const user = users.get(id);
-    if (!user) return null;
-    const updatedUser = {
-      ...user,
-      lastLoginAt: /* @__PURE__ */ new Date(),
-      updatedAt: /* @__PURE__ */ new Date()
-    };
-    users.set(id, updatedUser);
-    return updatedUser;
+    try {
+      const user = await prisma.user.update({
+        where: { id },
+        data: { lastLoginAt: /* @__PURE__ */ new Date() }
+      });
+      return this.mapPrismaUserToUser(user);
+    } catch {
+      return null;
+    }
   }
+  /**
+   * Delete user by ID
+   */
   async delete(id) {
-    return users.delete(id);
+    try {
+      await prisma.user.delete({
+        where: { id }
+      });
+      return true;
+    } catch {
+      return false;
+    }
   }
+  /**
+   * Count users with optional filters
+   */
   async count(filters) {
-    let count = 0;
-    for (const user of users.values()) {
-      if (filters) {
-        if (filters.status && user.status !== filters.status) continue;
-        if (filters.role && user.role !== filters.role) continue;
-        if (filters.emailVerified !== void 0 && user.emailVerified !== filters.emailVerified)
-          continue;
+    const where = this.buildWhereClause(filters);
+    return prisma.user.count({ where });
+  }
+  /**
+   * Helper to clear all users (for testing only)
+   * WARNING: This deletes all users from the database
+   */
+  async clear() {
+    await prisma.user.deleteMany();
+  }
+  /**
+   * Build Prisma where clause from filters
+   */
+  buildWhereClause(filters) {
+    if (!filters) return {};
+    return {
+      ...filters.status && { status: this.mapStatusToEnum(filters.status) },
+      ...filters.role && { role: this.mapRoleToEnum(filters.role) },
+      ...filters.emailVerified !== void 0 && { emailVerified: filters.emailVerified },
+      ...filters.search && {
+        OR: [
+          { email: { contains: filters.search, mode: "insensitive" } },
+          { name: { contains: filters.search, mode: "insensitive" } }
+        ]
       }
-      count++;
+    };
+  }
+  /**
+   * Build Prisma orderBy clause from pagination params
+   */
+  buildOrderBy(params) {
+    if (!params.sortBy) {
+      return { createdAt: "desc" };
     }
-    return count;
+    return {
+      [params.sortBy]: params.sortOrder || "asc"
+    };
   }
-  // Helper to clear all users (for testing)
-  async clear() {
-    users.clear();
+  /**
+   * Map Prisma User to application User type
+   */
+  mapPrismaUserToUser(prismaUser) {
+    return {
+      id: prismaUser.id,
+      email: prismaUser.email,
+      password: prismaUser.password,
+      name: prismaUser.name ?? void 0,
+      role: this.mapEnumToRole(prismaUser.role),
+      status: this.mapEnumToStatus(prismaUser.status),
+      emailVerified: prismaUser.emailVerified,
+      lastLoginAt: prismaUser.lastLoginAt ?? void 0,
+      metadata: prismaUser.metadata,
+      createdAt: prismaUser.createdAt,
+      updatedAt: prismaUser.updatedAt
+    };
+  }
+  /**
+   * Map application role to Prisma enum
+   */
+  mapRoleToEnum(role) {
+    const roleMap = {
+      user: import_client2.UserRole.USER,
+      moderator: import_client2.UserRole.MODERATOR,
+      admin: import_client2.UserRole.ADMIN,
+      super_admin: import_client2.UserRole.SUPER_ADMIN
+    };
+    return roleMap[role] || import_client2.UserRole.USER;
+  }
+  /**
+   * Map Prisma enum to application role
+   */
+  mapEnumToRole(role) {
+    const roleMap = {
+      [import_client2.UserRole.USER]: "user",
+      [import_client2.UserRole.MODERATOR]: "moderator",
+      [import_client2.UserRole.ADMIN]: "admin",
+      [import_client2.UserRole.SUPER_ADMIN]: "super_admin"
+    };
+    return roleMap[role];
+  }
+  /**
+   * Map application status to Prisma enum
+   */
+  mapStatusToEnum(status) {
+    const statusMap = {
+      active: import_client2.UserStatus.ACTIVE,
+      inactive: import_client2.UserStatus.INACTIVE,
+      suspended: import_client2.UserStatus.SUSPENDED,
+      banned: import_client2.UserStatus.BANNED
+    };
+    return statusMap[status] || import_client2.UserStatus.ACTIVE;
+  }
+  /**
+   * Map Prisma enum to application status
+   */
+  mapEnumToStatus(status) {
+    const statusMap = {
+      [import_client2.UserStatus.ACTIVE]: "active",
+      [import_client2.UserStatus.INACTIVE]: "inactive",
+      [import_client2.UserStatus.SUSPENDED]: "suspended",
+      [import_client2.UserStatus.BANNED]: "banned"
+    };
+    return statusMap[status];
   }
 };
 function createUserRepository() {
@@ -1425,7 +1393,7 @@ var UserService = class {
     const result = await this.repository.findMany(params, filters);
     return {
       ...result,
-      data: result.data.map(({ password, ...user }) => user)
+      data: result.data.map(({ password: _password, ...user }) => user)
     };
   }
   async create(data) {
@@ -1502,7 +1470,7 @@ var UserService = class {
     if (permissions.includes(permission)) {
       return true;
     }
-    const [resource, action] = permission.split(":");
+    const [resource] = permission.split(":");
     const managePermission = `${resource}:manage`;
     if (permissions.includes(managePermission)) {
       return true;
@@ -1534,7 +1502,6 @@ async function registerAuthModule(app) {
   const authController = createAuthController(authService, userService);
   registerAuthRoutes(app, authController, authService);
   logger.info("Auth module registered");
-  return authService;
 }
 
 // src/modules/user/schemas.ts
@@ -1571,6 +1538,11 @@ var userQuerySchema = import_zod4.z.object({
 });
 
 // src/modules/user/user.controller.ts
+function omitPassword(user) {
+  const { password, ...userData } = user;
+  void password;
+  return userData;
+}
 var UserController = class {
   constructor(userService) {
     this.userService = userService;
@@ -1595,14 +1567,12 @@ var UserController = class {
         message: "User not found"
       });
     }
-    const { password, ...userData } = user;
-    success(reply, userData);
+    success(reply, omitPassword(user));
   }
   async update(request, reply) {
     const data = validateBody(updateUserSchema, request.body);
     const user = await this.userService.update(request.params.id, data);
-    const { password, ...userData } = user;
-    success(reply, userData);
+    success(reply, omitPassword(user));
   }
   async delete(request, reply) {
     const authRequest = request;
@@ -1618,7 +1588,7 @@ var UserController = class {
       throw new ForbiddenError("Cannot suspend your own account");
     }
     const user = await this.userService.suspend(request.params.id);
-    const { password, ...userData } = user;
+    const userData = omitPassword(user);
     success(reply, userData);
   }
   async ban(request, reply) {
@@ -1627,12 +1597,12 @@ var UserController = class {
       throw new ForbiddenError("Cannot ban your own account");
     }
     const user = await this.userService.ban(request.params.id);
-    const { password, ...userData } = user;
+    const userData = omitPassword(user);
     success(reply, userData);
   }
   async activate(request, reply) {
     const user = await this.userService.activate(request.params.id);
-    const { password, ...userData } = user;
+    const userData = omitPassword(user);
     success(reply, userData);
   }
   // Profile routes (for authenticated user)
@@ -1645,14 +1615,14 @@ var UserController = class {
         message: "User not found"
       });
     }
-    const { password, ...userData } = user;
+    const userData = omitPassword(user);
     success(reply, userData);
   }
   async updateProfile(request, reply) {
     const authRequest = request;
     const data = validateBody(updateProfileSchema, request.body);
     const user = await this.userService.update(authRequest.user.id, data);
-    const { password, ...userData } = user;
+    const userData = omitPassword(user);
     success(reply, userData);
   }
 };
@@ -1661,186 +1631,61 @@ function createUserController(userService) {
 }
 
 // src/modules/user/user.routes.ts
-var userTag = "Users";
-var userResponse = {
+var idParamsSchema = {
   type: "object",
   properties: {
-    success: { type: "boolean", example: true },
-    data: { type: "object" }
-  }
+    id: { type: "string" }
+  },
+  required: ["id"]
 };
 function registerUserRoutes(app, controller, authService) {
   const authenticate = createAuthMiddleware(authService);
   const isAdmin = createRoleMiddleware(["admin", "super_admin"]);
   const isModerator = createRoleMiddleware(["moderator", "admin", "super_admin"]);
-  app.get(
-    "/profile",
-    {
-      preHandler: [authenticate],
-      schema: {
-        tags: [userTag],
-        summary: "Get current user profile",
-        security: [{ bearerAuth: [] }],
-        response: {
-          200: userResponse,
-          401: commonResponses.unauthorized
-        }
-      }
-    },
-    controller.getProfile.bind(controller)
-  );
-  app.patch(
-    "/profile",
-    {
-      preHandler: [authenticate],
-      schema: {
-        tags: [userTag],
-        summary: "Update current user profile",
-        security: [{ bearerAuth: [] }],
-        body: { type: "object" },
-        response: {
-          200: userResponse,
-          401: commonResponses.unauthorized,
-          400: commonResponses.error
-        }
-      }
-    },
-    controller.updateProfile.bind(controller)
-  );
-  app.get(
-    "/users",
-    {
-      preHandler: [authenticate, isModerator],
-      schema: {
-        tags: [userTag],
-        summary: "List users",
-        security: [{ bearerAuth: [] }],
-        querystring: {
-          ...paginationQuery,
-          properties: {
-            ...paginationQuery.properties,
-            status: { type: "string", enum: ["active", "inactive", "suspended", "banned"] },
-            role: { type: "string", enum: ["user", "admin", "moderator", "super_admin"] },
-            search: { type: "string" },
-            emailVerified: { type: "boolean" }
-          }
-        },
-        response: {
-          200: commonResponses.paginated,
-          401: commonResponses.unauthorized
-        }
-      }
-    },
-    controller.list.bind(controller)
-  );
+  app.get("/profile", { preHandler: [authenticate] }, controller.getProfile.bind(controller));
+  app.patch("/profile", { preHandler: [authenticate] }, controller.updateProfile.bind(controller));
+  app.get("/users", { preHandler: [authenticate, isModerator] }, controller.list.bind(controller));
   app.get(
     "/users/:id",
-    {
-      preHandler: [authenticate, isModerator],
-      schema: {
-        tags: [userTag],
-        summary: "Get user by id",
-        security: [{ bearerAuth: [] }],
-        params: idParam,
-        response: {
-          200: userResponse,
-          401: commonResponses.unauthorized,
-          404: commonResponses.notFound
-        }
-      }
-    },
-    controller.getById.bind(controller)
+    { preHandler: [authenticate, isModerator], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.getById(request, reply);
+    }
   );
   app.patch(
     "/users/:id",
-    {
-      preHandler: [authenticate, isAdmin],
-      schema: {
-        tags: [userTag],
-        summary: "Update user",
-        security: [{ bearerAuth: [] }],
-        params: idParam,
-        body: { type: "object" },
-        response: {
-          200: userResponse,
-          401: commonResponses.unauthorized,
-          404: commonResponses.notFound
-        }
-      }
-    },
-    controller.update.bind(controller)
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.update(request, reply);
+    }
   );
   app.delete(
     "/users/:id",
-    {
-      preHandler: [authenticate, isAdmin],
-      schema: {
-        tags: [userTag],
-        summary: "Delete user",
-        security: [{ bearerAuth: [] }],
-        params: idParam,
-        response: {
-          204: { description: "User deleted" },
-          401: commonResponses.unauthorized,
-          404: commonResponses.notFound
-        }
-      }
-    },
-    controller.delete.bind(controller)
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.delete(request, reply);
+    }
   );
   app.post(
     "/users/:id/suspend",
-    {
-      preHandler: [authenticate, isAdmin],
-      schema: {
-        tags: [userTag],
-        summary: "Suspend user",
-        security: [{ bearerAuth: [] }],
-        params: idParam,
-        response: {
-          200: userResponse,
-          401: commonResponses.unauthorized,
-          404: commonResponses.notFound
-        }
-      }
-    },
-    controller.suspend.bind(controller)
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.suspend(request, reply);
+    }
   );
   app.post(
     "/users/:id/ban",
-    {
-      preHandler: [authenticate, isAdmin],
-      schema: {
-        tags: [userTag],
-        summary: "Ban user",
-        security: [{ bearerAuth: [] }],
-        params: idParam,
-        response: {
-          200: userResponse,
-          401: commonResponses.unauthorized,
-          404: commonResponses.notFound
-        }
-      }
-    },
-    controller.ban.bind(controller)
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.ban(request, reply);
+    }
   );
   app.post(
     "/users/:id/activate",
-    {
-      preHandler: [authenticate, isAdmin],
-      schema: {
-        tags: [userTag],
-        summary: "Activate user",
-        security: [{ bearerAuth: [] }],
-        params: idParam,
-        response: {
-          200: userResponse,
-          401: commonResponses.unauthorized,
-          404: commonResponses.notFound
-        }
-      }
-    },
-    controller.activate.bind(controller)
+    { preHandler: [authenticate, isAdmin], schema: { params: idParamsSchema } },
+    async (request, reply) => {
+      return controller.activate(request, reply);
+    }
   );
 }
 
@@ -2100,10 +1945,7 @@ var EmailService = class {
         return { success: true, messageId: "dev-mode" };
       }
       const result = await this.transporter.sendMail(mailOptions);
-      logger.info(
-        { messageId: result.messageId, to: options.to },
-        "Email sent successfully"
-      );
+      logger.info({ messageId: result.messageId, to: options.to }, "Email sent successfully");
       return {
         success: true,
         messageId: result.messageId
@@ -2203,18 +2045,178 @@ function createEmailService(config2) {
   return new EmailService(config2);
 }
 
+// src/modules/audit/audit.repository.ts
+var AuditRepository = class {
+  constructor(prisma2) {
+    this.prisma = prisma2;
+  }
+  /**
+   * Create a new audit log entry
+   */
+  async create(entry) {
+    const log = await this.prisma.auditLog.create({
+      data: {
+        userId: entry.userId,
+        action: entry.action,
+        resource: entry.resource,
+        resourceId: entry.resourceId,
+        oldValue: entry.oldValue,
+        newValue: entry.newValue,
+        ipAddress: entry.ipAddress,
+        userAgent: entry.userAgent,
+        metadata: entry.metadata
+      }
+    });
+    return this.mapFromPrisma(log);
+  }
+  /**
+   * Create multiple audit log entries
+   */
+  async createMany(entries) {
+    const result = await this.prisma.auditLog.createMany({
+      data: entries.map((entry) => ({
+        userId: entry.userId,
+        action: entry.action,
+        resource: entry.resource,
+        resourceId: entry.resourceId,
+        oldValue: entry.oldValue,
+        newValue: entry.newValue,
+        ipAddress: entry.ipAddress,
+        userAgent: entry.userAgent,
+        metadata: entry.metadata
+      }))
+    });
+    return result.count;
+  }
+  /**
+   * Find audit log by ID
+   */
+  async findById(id) {
+    const log = await this.prisma.auditLog.findUnique({
+      where: { id }
+    });
+    return log ? this.mapFromPrisma(log) : null;
+  }
+  /**
+   * Query audit logs with filters and pagination
+   */
+  async query(params) {
+    const { page = 1, limit = 20 } = params;
+    const pagination = { page, limit };
+    const where = {};
+    if (params.userId) where.userId = params.userId;
+    if (params.action) where.action = params.action;
+    if (params.resource) where.resource = params.resource;
+    if (params.resourceId) where.resourceId = params.resourceId;
+    if (params.startDate || params.endDate) {
+      where.createdAt = {};
+      if (params.startDate) where.createdAt.gte = params.startDate;
+      if (params.endDate) where.createdAt.lte = params.endDate;
+    }
+    const [logs, total] = await Promise.all([
+      this.prisma.auditLog.findMany({
+        where,
+        orderBy: { createdAt: "desc" },
+        skip: getSkip(pagination),
+        take: limit
+      }),
+      this.prisma.auditLog.count({ where })
+    ]);
+    const data = logs.map((log) => this.mapFromPrisma(log));
+    return createPaginatedResult(data, total, pagination);
+  }
+  /**
+   * Find logs by user ID
+   */
+  async findByUser(userId, limit = 50) {
+    const logs = await this.prisma.auditLog.findMany({
+      where: { userId },
+      orderBy: { createdAt: "desc" },
+      take: limit
+    });
+    return logs.map((log) => this.mapFromPrisma(log));
+  }
+  /**
+   * Find logs by resource
+   */
+  async findByResource(resource, resourceId, limit = 50) {
+    const where = { resource };
+    if (resourceId) where.resourceId = resourceId;
+    const logs = await this.prisma.auditLog.findMany({
+      where,
+      orderBy: { createdAt: "desc" },
+      take: limit
+    });
+    return logs.map((log) => this.mapFromPrisma(log));
+  }
+  /**
+   * Find logs by action
+   */
+  async findByAction(action, limit = 50) {
+    const logs = await this.prisma.auditLog.findMany({
+      where: { action },
+      orderBy: { createdAt: "desc" },
+      take: limit
+    });
+    return logs.map((log) => this.mapFromPrisma(log));
+  }
+  /**
+   * Count logs with optional filters
+   */
+  async count(filters) {
+    const where = {};
+    if (filters?.userId) where.userId = filters.userId;
+    if (filters?.action) where.action = filters.action;
+    if (filters?.resource) where.resource = filters.resource;
+    return this.prisma.auditLog.count({ where });
+  }
+  /**
+   * Delete old audit logs (for data retention)
+   */
+  async deleteOlderThan(days) {
+    const cutoffDate = /* @__PURE__ */ new Date();
+    cutoffDate.setDate(cutoffDate.getDate() - days);
+    const result = await this.prisma.auditLog.deleteMany({
+      where: {
+        createdAt: { lt: cutoffDate }
+      }
+    });
+    return result.count;
+  }
+  /**
+   * Clear all audit logs (for testing)
+   */
+  async clear() {
+    await this.prisma.auditLog.deleteMany();
+  }
+  /**
+   * Map Prisma model to domain type
+   */
+  mapFromPrisma(log) {
+    return {
+      id: log.id,
+      userId: log.userId ?? void 0,
+      action: log.action,
+      resource: log.resource,
+      resourceId: log.resourceId ?? void 0,
+      oldValue: log.oldValue,
+      newValue: log.newValue,
+      ipAddress: log.ipAddress ?? void 0,
+      userAgent: log.userAgent ?? void 0,
+      metadata: log.metadata,
+      createdAt: log.createdAt
+    };
+  }
+};
+
 // src/modules/audit/audit.service.ts
-var import_crypto2 = require("crypto");
-var auditLogs = /* @__PURE__ */ new Map();
 var AuditService = class {
+  repository;
+  constructor() {
+    this.repository = new AuditRepository(prisma);
+  }
   async log(entry) {
-    const id = (0, import_crypto2.randomUUID)();
-    const auditEntry = {
-      ...entry,
-      id,
-      createdAt: /* @__PURE__ */ new Date()
-    };
-    auditLogs.set(id, auditEntry);
+    await this.repository.create(entry);
     logger.info(
       {
         audit: true,
@@ -2228,39 +2230,13 @@ var AuditService = class {
     );
   }
   async query(params) {
-    const { page = 1, limit = 20 } = params;
-    let logs = Array.from(auditLogs.values());
-    if (params.userId) {
-      logs = logs.filter((log) => log.userId === params.userId);
-    }
-    if (params.action) {
-      logs = logs.filter((log) => log.action === params.action);
-    }
-    if (params.resource) {
-      logs = logs.filter((log) => log.resource === params.resource);
-    }
-    if (params.resourceId) {
-      logs = logs.filter((log) => log.resourceId === params.resourceId);
-    }
-    if (params.startDate) {
-      logs = logs.filter((log) => log.createdAt >= params.startDate);
-    }
-    if (params.endDate) {
-      logs = logs.filter((log) => log.createdAt <= params.endDate);
-    }
-    logs.sort((a, b) => b.createdAt.getTime() - a.createdAt.getTime());
-    const total = logs.length;
-    const skip = (page - 1) * limit;
-    const data = logs.slice(skip, skip + limit);
-    return createPaginatedResult(data, total, { page, limit });
+    return this.repository.query(params);
   }
   async findByUser(userId, limit = 50) {
-    const result = await this.query({ userId, limit });
-    return result.data;
+    return this.repository.findByUser(userId, limit);
   }
   async findByResource(resource, resourceId, limit = 50) {
-    const result = await this.query({ resource, resourceId, limit });
-    return result.data;
+    return this.repository.findByResource(resource, resourceId, limit);
   }
   // Shortcut methods for common audit events
   async logCreate(resource, resourceId, userId, newValue, meta) {
@@ -2318,9 +2294,17 @@ var AuditService = class {
       ...meta
     });
   }
+  // Data retention: delete old logs
+  async cleanupOldLogs(retentionDays) {
+    const count = await this.repository.deleteOlderThan(retentionDays);
+    if (count > 0) {
+      logger.info({ count, retentionDays }, "Cleaned up old audit logs");
+    }
+    return count;
+  }
   // Clear all logs (for testing)
   async clear() {
-    auditLogs.clear();
+    await this.repository.clear();
   }
 };
 var auditService = null;
@@ -2343,20 +2327,15 @@ async function bootstrap() {
   const app = server.instance;
   registerErrorHandler(app);
   await registerSecurity(app);
-  await registerSwagger(app, {
-    enabled: config.swagger.enabled,
-    route: config.swagger.route,
-    title: config.swagger.title,
-    description: config.swagger.description,
-    version: config.swagger.version
-  });
-  const authService = await registerAuthModule(app);
-  await registerUserModule(app, authService);
+  await registerAuthModule(app);
   await server.start();
-  logger.info({
-    env: config.env.NODE_ENV,
-    port: config.server.port
-  }, "Servcraft server started");
+  logger.info(
+    {
+      env: config.env.NODE_ENV,
+      port: config.server.port
+    },
+    "Servcraft server started"
+  );
 }
 bootstrap().catch((err) => {
   logger.error({ err }, "Failed to start server");