servcraft 0.1.0

package/dist/index.js

@@ -0,0 +1,2332 @@
+// src/core/server.ts
+import Fastify from "fastify";
+
+// src/core/logger.ts
+import pino from "pino";
+var defaultConfig = {
+  level: process.env.LOG_LEVEL || "info",
+  pretty: process.env.NODE_ENV !== "production",
+  name: "servcraft"
+};
+function createLogger(config2 = {}) {
+  const mergedConfig = { ...defaultConfig, ...config2 };
+  const transport = mergedConfig.pretty ? {
+    target: "pino-pretty",
+    options: {
+      colorize: true,
+      translateTime: "SYS:standard",
+      ignore: "pid,hostname"
+    }
+  } : void 0;
+  return pino({
+    name: mergedConfig.name,
+    level: mergedConfig.level,
+    transport,
+    formatters: {
+      level: (label) => ({ level: label })
+    },
+    timestamp: pino.stdTimeFunctions.isoTime
+  });
+}
+var logger = createLogger();
+
+// src/core/server.ts
+var defaultConfig2 = {
+  port: parseInt(process.env.PORT || "3000", 10),
+  host: process.env.HOST || "0.0.0.0",
+  trustProxy: true,
+  bodyLimit: 1048576,
+  // 1MB
+  requestTimeout: 3e4
+  // 30s
+};
+var Server = class {
+  app;
+  config;
+  logger;
+  isShuttingDown = false;
+  constructor(config2 = {}) {
+    this.config = { ...defaultConfig2, ...config2 };
+    this.logger = this.config.logger || logger;
+    const fastifyOptions = {
+      logger: this.logger,
+      trustProxy: this.config.trustProxy,
+      bodyLimit: this.config.bodyLimit,
+      requestTimeout: this.config.requestTimeout
+    };
+    this.app = Fastify(fastifyOptions);
+    this.setupHealthCheck();
+    this.setupGracefulShutdown();
+  }
+  get instance() {
+    return this.app;
+  }
+  setupHealthCheck() {
+    this.app.get("/health", async (_request, reply) => {
+      const healthcheck = {
+        status: "ok",
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        uptime: process.uptime(),
+        memory: process.memoryUsage(),
+        version: process.env.npm_package_version || "0.1.0"
+      };
+      return reply.status(200).send(healthcheck);
+    });
+    this.app.get("/ready", async (_request, reply) => {
+      if (this.isShuttingDown) {
+        return reply.status(503).send({ status: "shutting_down" });
+      }
+      return reply.status(200).send({ status: "ready" });
+    });
+  }
+  setupGracefulShutdown() {
+    const signals = ["SIGINT", "SIGTERM", "SIGQUIT"];
+    signals.forEach((signal) => {
+      process.on(signal, async () => {
+        this.logger.info(`Received ${signal}, starting graceful shutdown...`);
+        await this.shutdown();
+      });
+    });
+    process.on("uncaughtException", async (error2) => {
+      this.logger.error({ err: error2 }, "Uncaught exception");
+      await this.shutdown(1);
+    });
+    process.on("unhandledRejection", async (reason) => {
+      this.logger.error({ err: reason }, "Unhandled rejection");
+      await this.shutdown(1);
+    });
+  }
+  async shutdown(exitCode = 0) {
+    if (this.isShuttingDown) {
+      return;
+    }
+    this.isShuttingDown = true;
+    this.logger.info("Graceful shutdown initiated...");
+    const shutdownTimeout = setTimeout(() => {
+      this.logger.error("Graceful shutdown timeout, forcing exit");
+      process.exit(1);
+    }, 3e4);
+    try {
+      await this.app.close();
+      this.logger.info("Server closed successfully");
+      clearTimeout(shutdownTimeout);
+      process.exit(exitCode);
+    } catch (error2) {
+      this.logger.error({ err: error2 }, "Error during shutdown");
+      clearTimeout(shutdownTimeout);
+      process.exit(1);
+    }
+  }
+  async start() {
+    try {
+      await this.app.listen({
+        port: this.config.port,
+        host: this.config.host
+      });
+      this.logger.info(`Server listening on ${this.config.host}:${this.config.port}`);
+    } catch (error2) {
+      this.logger.error({ err: error2 }, "Failed to start server");
+      throw error2;
+    }
+  }
+};
+function createServer(config2 = {}) {
+  return new Server(config2);
+}
+
+// src/config/env.ts
+import { z } from "zod";
+import dotenv from "dotenv";
+dotenv.config();
+var envSchema = z.object({
+  // Server
+  NODE_ENV: z.enum(["development", "staging", "production", "test"]).default("development"),
+  PORT: z.string().transform(Number).default("3000"),
+  HOST: z.string().default("0.0.0.0"),
+  // Database
+  DATABASE_URL: z.string().optional(),
+  // JWT
+  JWT_SECRET: z.string().min(32).optional(),
+  JWT_ACCESS_EXPIRES_IN: z.string().default("15m"),
+  JWT_REFRESH_EXPIRES_IN: z.string().default("7d"),
+  // Security
+  CORS_ORIGIN: z.string().default("*"),
+  RATE_LIMIT_MAX: z.string().transform(Number).default("100"),
+  RATE_LIMIT_WINDOW_MS: z.string().transform(Number).default("60000"),
+  // Email
+  SMTP_HOST: z.string().optional(),
+  SMTP_PORT: z.string().transform(Number).optional(),
+  SMTP_USER: z.string().optional(),
+  SMTP_PASS: z.string().optional(),
+  SMTP_FROM: z.string().optional(),
+  // Redis (optional)
+  REDIS_URL: z.string().optional(),
+  // Swagger/OpenAPI
+  SWAGGER_ENABLED: z.union([z.literal("true"), z.literal("false")]).default("true").transform((val) => val === "true"),
+  SWAGGER_ROUTE: z.string().default("/docs"),
+  SWAGGER_TITLE: z.string().default("Servcraft API"),
+  SWAGGER_DESCRIPTION: z.string().default("API documentation"),
+  SWAGGER_VERSION: z.string().default("1.0.0"),
+  // Logging
+  LOG_LEVEL: z.enum(["fatal", "error", "warn", "info", "debug", "trace"]).default("info")
+});
+function validateEnv() {
+  const parsed = envSchema.safeParse(process.env);
+  if (!parsed.success) {
+    logger.error({ errors: parsed.error.flatten().fieldErrors }, "Invalid environment variables");
+    throw new Error("Invalid environment variables");
+  }
+  return parsed.data;
+}
+var env = validateEnv();
+function isDevelopment() {
+  return env.NODE_ENV === "development";
+}
+function isProduction() {
+  return env.NODE_ENV === "production";
+}
+function isTest() {
+  return env.NODE_ENV === "test";
+}
+function isStaging() {
+  return env.NODE_ENV === "staging";
+}
+
+// src/config/index.ts
+function parseCorsOrigin(origin) {
+  if (origin === "*") return "*";
+  if (origin.includes(",")) {
+    return origin.split(",").map((o) => o.trim());
+  }
+  return origin;
+}
+function createConfig() {
+  return {
+    env,
+    server: {
+      port: env.PORT,
+      host: env.HOST
+    },
+    jwt: {
+      secret: env.JWT_SECRET || "change-me-in-production-please-32chars",
+      accessExpiresIn: env.JWT_ACCESS_EXPIRES_IN,
+      refreshExpiresIn: env.JWT_REFRESH_EXPIRES_IN
+    },
+    security: {
+      corsOrigin: parseCorsOrigin(env.CORS_ORIGIN),
+      rateLimit: {
+        max: env.RATE_LIMIT_MAX,
+        windowMs: env.RATE_LIMIT_WINDOW_MS
+      }
+    },
+    email: {
+      host: env.SMTP_HOST,
+      port: env.SMTP_PORT,
+      user: env.SMTP_USER,
+      pass: env.SMTP_PASS,
+      from: env.SMTP_FROM
+    },
+    database: {
+      url: env.DATABASE_URL
+    },
+    redis: {
+      url: env.REDIS_URL
+    },
+    swagger: {
+      enabled: env.SWAGGER_ENABLED,
+      route: env.SWAGGER_ROUTE,
+      title: env.SWAGGER_TITLE,
+      description: env.SWAGGER_DESCRIPTION,
+      version: env.SWAGGER_VERSION
+    }
+  };
+}
+var config = createConfig();
+
+// src/utils/errors.ts
+var AppError = class _AppError extends Error {
+  statusCode;
+  isOperational;
+  errors;
+  constructor(message, statusCode = 500, isOperational = true, errors) {
+    super(message);
+    this.statusCode = statusCode;
+    this.isOperational = isOperational;
+    this.errors = errors;
+    Object.setPrototypeOf(this, _AppError.prototype);
+    Error.captureStackTrace(this, this.constructor);
+  }
+};
+var NotFoundError = class extends AppError {
+  constructor(resource = "Resource") {
+    super(`${resource} not found`, 404);
+  }
+};
+var UnauthorizedError = class extends AppError {
+  constructor(message = "Unauthorized") {
+    super(message, 401);
+  }
+};
+var ForbiddenError = class extends AppError {
+  constructor(message = "Forbidden") {
+    super(message, 403);
+  }
+};
+var BadRequestError = class extends AppError {
+  constructor(message = "Bad request", errors) {
+    super(message, 400, true, errors);
+  }
+};
+var ConflictError = class extends AppError {
+  constructor(message = "Resource already exists") {
+    super(message, 409);
+  }
+};
+var ValidationError = class extends AppError {
+  constructor(errors) {
+    super("Validation failed", 422, true, errors);
+  }
+};
+var TooManyRequestsError = class extends AppError {
+  constructor(message = "Too many requests") {
+    super(message, 429);
+  }
+};
+function isAppError(error2) {
+  return error2 instanceof AppError;
+}
+
+// src/middleware/error-handler.ts
+function registerErrorHandler(app) {
+  app.setErrorHandler(
+    (error2, request, reply) => {
+      logger.error(
+        {
+          err: error2,
+          requestId: request.id,
+          method: request.method,
+          url: request.url
+        },
+        "Request error"
+      );
+      if (isAppError(error2)) {
+        return reply.status(error2.statusCode).send({
+          success: false,
+          message: error2.message,
+          errors: error2.errors,
+          ...isProduction() ? {} : { stack: error2.stack }
+        });
+      }
+      if ("validation" in error2 && error2.validation) {
+        const errors = {};
+        for (const err of error2.validation) {
+          const field = err.instancePath?.replace("/", "") || "body";
+          if (!errors[field]) {
+            errors[field] = [];
+          }
+          errors[field].push(err.message || "Invalid value");
+        }
+        return reply.status(400).send({
+          success: false,
+          message: "Validation failed",
+          errors
+        });
+      }
+      if ("statusCode" in error2 && typeof error2.statusCode === "number") {
+        return reply.status(error2.statusCode).send({
+          success: false,
+          message: error2.message,
+          ...isProduction() ? {} : { stack: error2.stack }
+        });
+      }
+      return reply.status(500).send({
+        success: false,
+        message: isProduction() ? "Internal server error" : error2.message,
+        ...isProduction() ? {} : { stack: error2.stack }
+      });
+    }
+  );
+  app.setNotFoundHandler((request, reply) => {
+    return reply.status(404).send({
+      success: false,
+      message: `Route ${request.method} ${request.url} not found`
+    });
+  });
+}
+
+// src/middleware/security.ts
+import helmet from "@fastify/helmet";
+import cors from "@fastify/cors";
+import rateLimit from "@fastify/rate-limit";
+var defaultOptions = {
+  helmet: true,
+  cors: true,
+  rateLimit: true
+};
+async function registerSecurity(app, options = {}) {
+  const opts = { ...defaultOptions, ...options };
+  if (opts.helmet) {
+    await app.register(helmet, {
+      contentSecurityPolicy: {
+        directives: {
+          defaultSrc: ["'self'"],
+          styleSrc: ["'self'", "'unsafe-inline'"],
+          scriptSrc: ["'self'"],
+          imgSrc: ["'self'", "data:", "https:"]
+        }
+      },
+      crossOriginEmbedderPolicy: false
+    });
+    logger.debug("Helmet security headers enabled");
+  }
+  if (opts.cors) {
+    await app.register(cors, {
+      origin: config.security.corsOrigin,
+      credentials: true,
+      methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
+      allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
+      exposedHeaders: ["X-Total-Count", "X-Page", "X-Limit"],
+      maxAge: 86400
+      // 24 hours
+    });
+    logger.debug({ origin: config.security.corsOrigin }, "CORS enabled");
+  }
+  if (opts.rateLimit) {
+    await app.register(rateLimit, {
+      max: config.security.rateLimit.max,
+      timeWindow: config.security.rateLimit.windowMs,
+      errorResponseBuilder: (_request, context) => ({
+        success: false,
+        message: "Too many requests, please try again later",
+        retryAfter: context.after
+      }),
+      keyGenerator: (request) => {
+        return request.headers["x-forwarded-for"]?.toString().split(",")[0] || request.ip || "unknown";
+      }
+    });
+    logger.debug(
+      {
+        max: config.security.rateLimit.max,
+        windowMs: config.security.rateLimit.windowMs
+      },
+      "Rate limiting enabled"
+    );
+  }
+}
+async function registerBruteForceProtection(app, routePrefix, options = {}) {
+  const { max = 5, timeWindow = 3e5 } = options;
+  await app.register(rateLimit, {
+    max,
+    timeWindow,
+    keyGenerator: (request) => {
+      const ip = request.headers["x-forwarded-for"]?.toString().split(",")[0] || request.ip || "unknown";
+      return `brute:${routePrefix}:${ip}`;
+    },
+    errorResponseBuilder: () => ({
+      success: false,
+      message: "Too many attempts. Please try again later."
+    }),
+    onExceeded: (request) => {
+      logger.warn(
+        {
+          ip: request.ip,
+          route: routePrefix
+        },
+        "Brute force protection triggered"
+      );
+    }
+  });
+}
+
+// src/modules/auth/index.ts
+import jwt from "@fastify/jwt";
+import cookie from "@fastify/cookie";
+
+// src/modules/auth/auth.service.ts
+import bcrypt from "bcryptjs";
+var tokenBlacklist = /* @__PURE__ */ new Set();
+var AuthService = class {
+  app;
+  SALT_ROUNDS = 12;
+  constructor(app) {
+    this.app = app;
+  }
+  async hashPassword(password) {
+    return bcrypt.hash(password, this.SALT_ROUNDS);
+  }
+  async verifyPassword(password, hash) {
+    return bcrypt.compare(password, hash);
+  }
+  generateTokenPair(user) {
+    const accessPayload = {
+      sub: user.id,
+      email: user.email,
+      role: user.role,
+      type: "access"
+    };
+    const refreshPayload = {
+      sub: user.id,
+      email: user.email,
+      role: user.role,
+      type: "refresh"
+    };
+    const accessToken = this.app.jwt.sign(accessPayload, {
+      expiresIn: config.jwt.accessExpiresIn
+    });
+    const refreshToken = this.app.jwt.sign(refreshPayload, {
+      expiresIn: config.jwt.refreshExpiresIn
+    });
+    const expiresIn = this.parseExpiration(config.jwt.accessExpiresIn);
+    return { accessToken, refreshToken, expiresIn };
+  }
+  parseExpiration(expiration) {
+    const match = expiration.match(/^(\d+)([smhd])$/);
+    if (!match) return 900;
+    const value = parseInt(match[1] || "0", 10);
+    const unit = match[2];
+    switch (unit) {
+      case "s":
+        return value;
+      case "m":
+        return value * 60;
+      case "h":
+        return value * 3600;
+      case "d":
+        return value * 86400;
+      default:
+        return 900;
+    }
+  }
+  async verifyAccessToken(token) {
+    try {
+      if (this.isTokenBlacklisted(token)) {
+        throw new UnauthorizedError("Token has been revoked");
+      }
+      const payload = this.app.jwt.verify(token);
+      if (payload.type !== "access") {
+        throw new UnauthorizedError("Invalid token type");
+      }
+      return payload;
+    } catch (error2) {
+      if (error2 instanceof UnauthorizedError) throw error2;
+      logger.debug({ err: error2 }, "Token verification failed");
+      throw new UnauthorizedError("Invalid or expired token");
+    }
+  }
+  async verifyRefreshToken(token) {
+    try {
+      if (this.isTokenBlacklisted(token)) {
+        throw new UnauthorizedError("Token has been revoked");
+      }
+      const payload = this.app.jwt.verify(token);
+      if (payload.type !== "refresh") {
+        throw new UnauthorizedError("Invalid token type");
+      }
+      return payload;
+    } catch (error2) {
+      if (error2 instanceof UnauthorizedError) throw error2;
+      logger.debug({ err: error2 }, "Refresh token verification failed");
+      throw new UnauthorizedError("Invalid or expired refresh token");
+    }
+  }
+  blacklistToken(token) {
+    tokenBlacklist.add(token);
+    logger.debug("Token blacklisted");
+  }
+  isTokenBlacklisted(token) {
+    return tokenBlacklist.has(token);
+  }
+  // Clear expired tokens from blacklist periodically
+  cleanupBlacklist() {
+    tokenBlacklist.clear();
+    logger.debug("Token blacklist cleared");
+  }
+};
+function createAuthService(app) {
+  return new AuthService(app);
+}
+
+// src/modules/auth/schemas.ts
+import { z as z2 } from "zod";
+var loginSchema = z2.object({
+  email: z2.string().email("Invalid email address"),
+  password: z2.string().min(1, "Password is required")
+});
+var registerSchema = z2.object({
+  email: z2.string().email("Invalid email address"),
+  password: z2.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number"),
+  name: z2.string().min(2, "Name must be at least 2 characters").optional()
+});
+var refreshTokenSchema = z2.object({
+  refreshToken: z2.string().min(1, "Refresh token is required")
+});
+var passwordResetRequestSchema = z2.object({
+  email: z2.string().email("Invalid email address")
+});
+var passwordResetConfirmSchema = z2.object({
+  token: z2.string().min(1, "Token is required"),
+  password: z2.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number")
+});
+var changePasswordSchema = z2.object({
+  currentPassword: z2.string().min(1, "Current password is required"),
+  newPassword: z2.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number")
+});
+
+// src/utils/response.ts
+function success(reply, data, statusCode = 200) {
+  const response = {
+    success: true,
+    data
+  };
+  return reply.status(statusCode).send(response);
+}
+function created(reply, data) {
+  return success(reply, data, 201);
+}
+function noContent(reply) {
+  return reply.status(204).send();
+}
+function error(reply, message, statusCode = 400, errors) {
+  const response = {
+    success: false,
+    message,
+    errors
+  };
+  return reply.status(statusCode).send(response);
+}
+function notFound(reply, message = "Resource not found") {
+  return error(reply, message, 404);
+}
+function unauthorized(reply, message = "Unauthorized") {
+  return error(reply, message, 401);
+}
+function forbidden(reply, message = "Forbidden") {
+  return error(reply, message, 403);
+}
+function badRequest(reply, message = "Bad request", errors) {
+  return error(reply, message, 400, errors);
+}
+function conflict(reply, message = "Resource already exists") {
+  return error(reply, message, 409);
+}
+function internalError(reply, message = "Internal server error") {
+  return error(reply, message, 500);
+}
+
+// src/modules/validation/validator.ts
+import { z as z3 } from "zod";
+function validateBody(schema, data) {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new ValidationError(formatZodErrors(result.error));
+  }
+  return result.data;
+}
+function validateQuery(schema, data) {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new ValidationError(formatZodErrors(result.error));
+  }
+  return result.data;
+}
+function validateParams(schema, data) {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new ValidationError(formatZodErrors(result.error));
+  }
+  return result.data;
+}
+function validate(schema, data) {
+  return validateBody(schema, data);
+}
+function formatZodErrors(error2) {
+  const errors = {};
+  for (const issue of error2.issues) {
+    const path = issue.path.join(".") || "root";
+    if (!errors[path]) {
+      errors[path] = [];
+    }
+    errors[path].push(issue.message);
+  }
+  return errors;
+}
+var idParamSchema = z3.object({
+  id: z3.string().uuid("Invalid ID format")
+});
+var paginationSchema = z3.object({
+  page: z3.string().transform(Number).optional().default("1"),
+  limit: z3.string().transform(Number).optional().default("20"),
+  sortBy: z3.string().optional(),
+  sortOrder: z3.enum(["asc", "desc"]).optional().default("asc")
+});
+var searchSchema = z3.object({
+  q: z3.string().min(1, "Search query is required").optional(),
+  search: z3.string().min(1).optional()
+});
+var emailSchema = z3.string().email("Invalid email address");
+var passwordSchema = z3.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number").regex(/[^A-Za-z0-9]/, "Password must contain at least one special character");
+var urlSchema = z3.string().url("Invalid URL format");
+var phoneSchema = z3.string().regex(
+  /^\+?[1-9]\d{1,14}$/,
+  "Invalid phone number format"
+);
+var dateSchema = z3.coerce.date();
+var futureDateSchema = z3.coerce.date().refine(
+  (date) => date > /* @__PURE__ */ new Date(),
+  "Date must be in the future"
+);
+var pastDateSchema = z3.coerce.date().refine(
+  (date) => date < /* @__PURE__ */ new Date(),
+  "Date must be in the past"
+);
+
+// src/modules/auth/auth.controller.ts
+var AuthController = class {
+  constructor(authService, userService) {
+    this.authService = authService;
+    this.userService = userService;
+  }
+  async register(request, reply) {
+    const data = validateBody(registerSchema, request.body);
+    const existingUser = await this.userService.findByEmail(data.email);
+    if (existingUser) {
+      throw new BadRequestError("Email already registered");
+    }
+    const hashedPassword = await this.authService.hashPassword(data.password);
+    const user = await this.userService.create({
+      email: data.email,
+      password: hashedPassword,
+      name: data.name
+    });
+    const tokens = this.authService.generateTokenPair({
+      id: user.id,
+      email: user.email,
+      role: user.role
+    });
+    created(reply, {
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        role: user.role
+      },
+      ...tokens
+    });
+  }
+  async login(request, reply) {
+    const data = validateBody(loginSchema, request.body);
+    const user = await this.userService.findByEmail(data.email);
+    if (!user) {
+      throw new UnauthorizedError("Invalid credentials");
+    }
+    if (user.status !== "active") {
+      throw new UnauthorizedError("Account is not active");
+    }
+    const isValidPassword = await this.authService.verifyPassword(data.password, user.password);
+    if (!isValidPassword) {
+      throw new UnauthorizedError("Invalid credentials");
+    }
+    await this.userService.updateLastLogin(user.id);
+    const tokens = this.authService.generateTokenPair({
+      id: user.id,
+      email: user.email,
+      role: user.role
+    });
+    success(reply, {
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        role: user.role
+      },
+      ...tokens
+    });
+  }
+  async refresh(request, reply) {
+    const data = validateBody(refreshTokenSchema, request.body);
+    const payload = await this.authService.verifyRefreshToken(data.refreshToken);
+    const user = await this.userService.findById(payload.sub);
+    if (!user || user.status !== "active") {
+      throw new UnauthorizedError("User not found or inactive");
+    }
+    this.authService.blacklistToken(data.refreshToken);
+    const tokens = this.authService.generateTokenPair({
+      id: user.id,
+      email: user.email,
+      role: user.role
+    });
+    success(reply, tokens);
+  }
+  async logout(request, reply) {
+    const authHeader = request.headers.authorization;
+    if (authHeader?.startsWith("Bearer ")) {
+      const token = authHeader.substring(7);
+      this.authService.blacklistToken(token);
+    }
+    success(reply, { message: "Logged out successfully" });
+  }
+  async me(request, reply) {
+    const authRequest = request;
+    const user = await this.userService.findById(authRequest.user.id);
+    if (!user) {
+      throw new UnauthorizedError("User not found");
+    }
+    success(reply, {
+      id: user.id,
+      email: user.email,
+      name: user.name,
+      role: user.role,
+      status: user.status,
+      createdAt: user.createdAt
+    });
+  }
+  async changePassword(request, reply) {
+    const authRequest = request;
+    const data = validateBody(changePasswordSchema, request.body);
+    const user = await this.userService.findById(authRequest.user.id);
+    if (!user) {
+      throw new UnauthorizedError("User not found");
+    }
+    const isValidPassword = await this.authService.verifyPassword(
+      data.currentPassword,
+      user.password
+    );
+    if (!isValidPassword) {
+      throw new BadRequestError("Current password is incorrect");
+    }
+    const hashedPassword = await this.authService.hashPassword(data.newPassword);
+    await this.userService.updatePassword(user.id, hashedPassword);
+    success(reply, { message: "Password changed successfully" });
+  }
+};
+function createAuthController(authService, userService) {
+  return new AuthController(authService, userService);
+}
+
+// src/modules/auth/auth.middleware.ts
+function createAuthMiddleware(authService) {
+  return async function authenticate(request, reply) {
+    const authHeader = request.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      throw new UnauthorizedError("Missing or invalid authorization header");
+    }
+    const token = authHeader.substring(7);
+    const payload = await authService.verifyAccessToken(token);
+    request.user = {
+      id: payload.sub,
+      email: payload.email,
+      role: payload.role
+    };
+  };
+}
+function createRoleMiddleware(allowedRoles) {
+  return async function authorize(request, _reply) {
+    const user = request.user;
+    if (!user) {
+      throw new UnauthorizedError("Authentication required");
+    }
+    if (!allowedRoles.includes(user.role)) {
+      throw new ForbiddenError("Insufficient permissions");
+    }
+  };
+}
+function createPermissionMiddleware(requiredPermissions) {
+  return async function checkPermissions(request, _reply) {
+    const user = request.user;
+    if (!user) {
+      throw new UnauthorizedError("Authentication required");
+    }
+  };
+}
+function createOptionalAuthMiddleware(authService) {
+  return async function optionalAuthenticate(request, _reply) {
+    const authHeader = request.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      return;
+    }
+    try {
+      const token = authHeader.substring(7);
+      const payload = await authService.verifyAccessToken(token);
+      request.user = {
+        id: payload.sub,
+        email: payload.email,
+        role: payload.role
+      };
+    } catch {
+    }
+  };
+}
+
+// src/modules/swagger/swagger.service.ts
+import swagger from "@fastify/swagger";
+import swaggerUi from "@fastify/swagger-ui";
+var defaultConfig3 = {
+  enabled: true,
+  route: "/docs",
+  title: "Servcraft API",
+  description: "API documentation generated by Servcraft",
+  version: "1.0.0",
+  tags: [
+    { name: "Auth", description: "Authentication endpoints" },
+    { name: "Users", description: "User management endpoints" },
+    { name: "Health", description: "Health check endpoints" }
+  ]
+};
+async function registerSwagger(app, customConfig) {
+  const swaggerConfig = { ...defaultConfig3, ...customConfig };
+  if (swaggerConfig.enabled === false) {
+    logger.info("Swagger documentation disabled");
+    return;
+  }
+  await app.register(swagger, {
+    openapi: {
+      openapi: "3.0.3",
+      info: {
+        title: swaggerConfig.title,
+        description: swaggerConfig.description,
+        version: swaggerConfig.version,
+        contact: swaggerConfig.contact,
+        license: swaggerConfig.license
+      },
+      servers: swaggerConfig.servers || [
+        {
+          url: `http://localhost:${config.server.port}`,
+          description: "Development server"
+        }
+      ],
+      tags: swaggerConfig.tags,
+      components: {
+        securitySchemes: {
+          bearerAuth: {
+            type: "http",
+            scheme: "bearer",
+            bearerFormat: "JWT",
+            description: "Enter your JWT token"
+          }
+        }
+      }
+    }
+  });
+  await app.register(swaggerUi, {
+    routePrefix: swaggerConfig.route || "/docs",
+    uiConfig: {
+      docExpansion: "list",
+      deepLinking: true,
+      displayRequestDuration: true,
+      filter: true,
+      showExtensions: true,
+      showCommonExtensions: true
+    },
+    staticCSP: true,
+    transformStaticCSP: (header) => header
+  });
+  logger.info("Swagger documentation registered at /docs");
+}
+var commonResponses = {
+  success: {
+    type: "object",
+    properties: {
+      success: { type: "boolean", example: true },
+      data: { type: "object" }
+    }
+  },
+  error: {
+    type: "object",
+    properties: {
+      success: { type: "boolean", example: false },
+      message: { type: "string" },
+      errors: {
+        type: "object",
+        additionalProperties: {
+          type: "array",
+          items: { type: "string" }
+        }
+      }
+    }
+  },
+  unauthorized: {
+    type: "object",
+    properties: {
+      success: { type: "boolean", example: false },
+      message: { type: "string", example: "Unauthorized" }
+    }
+  },
+  notFound: {
+    type: "object",
+    properties: {
+      success: { type: "boolean", example: false },
+      message: { type: "string", example: "Resource not found" }
+    }
+  },
+  paginated: {
+    type: "object",
+    properties: {
+      success: { type: "boolean", example: true },
+      data: {
+        type: "object",
+        properties: {
+          data: { type: "array", items: { type: "object" } },
+          meta: {
+            type: "object",
+            properties: {
+              total: { type: "number" },
+              page: { type: "number" },
+              limit: { type: "number" },
+              totalPages: { type: "number" },
+              hasNextPage: { type: "boolean" },
+              hasPrevPage: { type: "boolean" }
+            }
+          }
+        }
+      }
+    }
+  }
+};
+var paginationQuery = {
+  type: "object",
+  properties: {
+    page: { type: "integer", minimum: 1, default: 1, description: "Page number" },
+    limit: { type: "integer", minimum: 1, maximum: 100, default: 20, description: "Items per page" },
+    sortBy: { type: "string", description: "Field to sort by" },
+    sortOrder: { type: "string", enum: ["asc", "desc"], default: "asc", description: "Sort order" },
+    search: { type: "string", description: "Search query" }
+  }
+};
+var idParam = {
+  type: "object",
+  properties: {
+    id: { type: "string", format: "uuid", description: "Resource ID" }
+  },
+  required: ["id"]
+};
+
+// src/modules/auth/auth.routes.ts
+var credentialsBody = {
+  type: "object",
+  required: ["email", "password"],
+  properties: {
+    email: { type: "string", format: "email" },
+    password: { type: "string", minLength: 8 }
+  }
+};
+var changePasswordBody = {
+  type: "object",
+  required: ["currentPassword", "newPassword"],
+  properties: {
+    currentPassword: { type: "string", minLength: 8 },
+    newPassword: { type: "string", minLength: 8 }
+  }
+};
+function registerAuthRoutes(app, controller, authService) {
+  const authenticate = createAuthMiddleware(authService);
+  app.post("/auth/register", {
+    schema: {
+      tags: ["Auth"],
+      summary: "Register a new user",
+      body: credentialsBody,
+      response: {
+        201: commonResponses.success,
+        400: commonResponses.error,
+        409: commonResponses.error
+      }
+    },
+    handler: controller.register.bind(controller)
+  });
+  app.post("/auth/login", {
+    schema: {
+      tags: ["Auth"],
+      summary: "Login and obtain tokens",
+      body: credentialsBody,
+      response: {
+        200: commonResponses.success,
+        400: commonResponses.error,
+        401: commonResponses.unauthorized
+      }
+    },
+    handler: controller.login.bind(controller)
+  });
+  app.post("/auth/refresh", {
+    schema: {
+      tags: ["Auth"],
+      summary: "Refresh access token",
+      body: {
+        type: "object",
+        required: ["refreshToken"],
+        properties: {
+          refreshToken: { type: "string" }
+        }
+      },
+      response: {
+        200: commonResponses.success,
+        401: commonResponses.unauthorized
+      }
+    },
+    handler: controller.refresh.bind(controller)
+  });
+  app.post("/auth/logout", {
+    preHandler: [authenticate],
+    schema: {
+      tags: ["Auth"],
+      summary: "Logout current user",
+      security: [{ bearerAuth: [] }],
+      response: {
+        200: commonResponses.success,
+        401: commonResponses.unauthorized
+      }
+    },
+    handler: controller.logout.bind(controller)
+  });
+  app.get("/auth/me", {
+    preHandler: [authenticate],
+    schema: {
+      tags: ["Auth"],
+      summary: "Get current user profile",
+      security: [{ bearerAuth: [] }],
+      response: {
+        200: commonResponses.success,
+        401: commonResponses.unauthorized
+      }
+    },
+    handler: controller.me.bind(controller)
+  });
+  app.post("/auth/change-password", {
+    preHandler: [authenticate],
+    schema: {
+      tags: ["Auth"],
+      summary: "Change current user password",
+      security: [{ bearerAuth: [] }],
+      body: changePasswordBody,
+      response: {
+        200: commonResponses.success,
+        400: commonResponses.error,
+        401: commonResponses.unauthorized
+      }
+    },
+    handler: controller.changePassword.bind(controller)
+  });
+}
+
+// src/modules/user/user.repository.ts
+import { randomUUID } from "crypto";
+
+// src/utils/pagination.ts
+var DEFAULT_PAGE = 1;
+var DEFAULT_LIMIT = 20;
+var MAX_LIMIT = 100;
+function parsePaginationParams(query) {
+  const page = Math.max(1, parseInt(String(query.page || DEFAULT_PAGE), 10));
+  const limit = Math.min(MAX_LIMIT, Math.max(1, parseInt(String(query.limit || DEFAULT_LIMIT), 10)));
+  const sortBy = typeof query.sortBy === "string" ? query.sortBy : void 0;
+  const sortOrder = query.sortOrder === "desc" ? "desc" : "asc";
+  return { page, limit, sortBy, sortOrder };
+}
+function createPaginatedResult(data, total, params) {
+  const totalPages = Math.ceil(total / params.limit);
+  return {
+    data,
+    meta: {
+      total,
+      page: params.page,
+      limit: params.limit,
+      totalPages,
+      hasNextPage: params.page < totalPages,
+      hasPrevPage: params.page > 1
+    }
+  };
+}
+function getSkip(params) {
+  return (params.page - 1) * params.limit;
+}
+
+// src/modules/user/user.repository.ts
+var users = /* @__PURE__ */ new Map();
+var UserRepository = class {
+  async findById(id) {
+    return users.get(id) || null;
+  }
+  async findByEmail(email) {
+    for (const user of users.values()) {
+      if (user.email.toLowerCase() === email.toLowerCase()) {
+        return user;
+      }
+    }
+    return null;
+  }
+  async findMany(params, filters) {
+    let filteredUsers = Array.from(users.values());
+    if (filters) {
+      if (filters.status) {
+        filteredUsers = filteredUsers.filter((u) => u.status === filters.status);
+      }
+      if (filters.role) {
+        filteredUsers = filteredUsers.filter((u) => u.role === filters.role);
+      }
+      if (filters.emailVerified !== void 0) {
+        filteredUsers = filteredUsers.filter((u) => u.emailVerified === filters.emailVerified);
+      }
+      if (filters.search) {
+        const search = filters.search.toLowerCase();
+        filteredUsers = filteredUsers.filter(
+          (u) => u.email.toLowerCase().includes(search) || u.name?.toLowerCase().includes(search)
+        );
+      }
+    }
+    if (params.sortBy) {
+      const sortKey = params.sortBy;
+      filteredUsers.sort((a, b) => {
+        const aVal = a[sortKey];
+        const bVal = b[sortKey];
+        if (aVal === void 0 || bVal === void 0) return 0;
+        if (aVal < bVal) return params.sortOrder === "desc" ? 1 : -1;
+        if (aVal > bVal) return params.sortOrder === "desc" ? -1 : 1;
+        return 0;
+      });
+    }
+    const total = filteredUsers.length;
+    const skip = getSkip(params);
+    const data = filteredUsers.slice(skip, skip + params.limit);
+    return createPaginatedResult(data, total, params);
+  }
+  async create(data) {
+    const now = /* @__PURE__ */ new Date();
+    const user = {
+      id: randomUUID(),
+      email: data.email,
+      password: data.password,
+      name: data.name,
+      role: data.role || "user",
+      status: "active",
+      emailVerified: false,
+      createdAt: now,
+      updatedAt: now
+    };
+    users.set(user.id, user);
+    return user;
+  }
+  async update(id, data) {
+    const user = users.get(id);
+    if (!user) return null;
+    const updatedUser = {
+      ...user,
+      ...data,
+      updatedAt: /* @__PURE__ */ new Date()
+    };
+    users.set(id, updatedUser);
+    return updatedUser;
+  }
+  async updatePassword(id, password) {
+    const user = users.get(id);
+    if (!user) return null;
+    const updatedUser = {
+      ...user,
+      password,
+      updatedAt: /* @__PURE__ */ new Date()
+    };
+    users.set(id, updatedUser);
+    return updatedUser;
+  }
+  async updateLastLogin(id) {
+    const user = users.get(id);
+    if (!user) return null;
+    const updatedUser = {
+      ...user,
+      lastLoginAt: /* @__PURE__ */ new Date(),
+      updatedAt: /* @__PURE__ */ new Date()
+    };
+    users.set(id, updatedUser);
+    return updatedUser;
+  }
+  async delete(id) {
+    return users.delete(id);
+  }
+  async count(filters) {
+    let count = 0;
+    for (const user of users.values()) {
+      if (filters) {
+        if (filters.status && user.status !== filters.status) continue;
+        if (filters.role && user.role !== filters.role) continue;
+        if (filters.emailVerified !== void 0 && user.emailVerified !== filters.emailVerified)
+          continue;
+      }
+      count++;
+    }
+    return count;
+  }
+  // Helper to clear all users (for testing)
+  async clear() {
+    users.clear();
+  }
+};
+function createUserRepository() {
+  return new UserRepository();
+}
+
+// src/modules/user/types.ts
+var DEFAULT_ROLE_PERMISSIONS = {
+  user: ["profile:read", "profile:update"],
+  moderator: [
+    "profile:read",
+    "profile:update",
+    "users:read",
+    "content:read",
+    "content:update",
+    "content:delete"
+  ],
+  admin: [
+    "profile:read",
+    "profile:update",
+    "users:read",
+    "users:update",
+    "users:delete",
+    "content:manage",
+    "settings:read"
+  ],
+  super_admin: ["*:manage"]
+  // All permissions
+};
+
+// src/modules/user/user.service.ts
+var UserService = class {
+  constructor(repository) {
+    this.repository = repository;
+  }
+  async findById(id) {
+    return this.repository.findById(id);
+  }
+  async findByEmail(email) {
+    return this.repository.findByEmail(email);
+  }
+  async findMany(params, filters) {
+    const result = await this.repository.findMany(params, filters);
+    return {
+      ...result,
+      data: result.data.map(({ password, ...user }) => user)
+    };
+  }
+  async create(data) {
+    const existing = await this.repository.findByEmail(data.email);
+    if (existing) {
+      throw new ConflictError("User with this email already exists");
+    }
+    const user = await this.repository.create(data);
+    logger.info({ userId: user.id, email: user.email }, "User created");
+    return user;
+  }
+  async update(id, data) {
+    const user = await this.repository.findById(id);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    if (data.email && data.email !== user.email) {
+      const existing = await this.repository.findByEmail(data.email);
+      if (existing) {
+        throw new ConflictError("Email already in use");
+      }
+    }
+    const updatedUser = await this.repository.update(id, data);
+    if (!updatedUser) {
+      throw new NotFoundError("User");
+    }
+    logger.info({ userId: id }, "User updated");
+    return updatedUser;
+  }
+  async updatePassword(id, hashedPassword) {
+    const user = await this.repository.updatePassword(id, hashedPassword);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    logger.info({ userId: id }, "User password updated");
+    return user;
+  }
+  async updateLastLogin(id) {
+    const user = await this.repository.updateLastLogin(id);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    return user;
+  }
+  async delete(id) {
+    const user = await this.repository.findById(id);
+    if (!user) {
+      throw new NotFoundError("User");
+    }
+    await this.repository.delete(id);
+    logger.info({ userId: id }, "User deleted");
+  }
+  async suspend(id) {
+    return this.update(id, { status: "suspended" });
+  }
+  async ban(id) {
+    return this.update(id, { status: "banned" });
+  }
+  async activate(id) {
+    return this.update(id, { status: "active" });
+  }
+  async verifyEmail(id) {
+    return this.update(id, { emailVerified: true });
+  }
+  async changeRole(id, role) {
+    return this.update(id, { role });
+  }
+  // RBAC helpers
+  hasPermission(role, permission) {
+    const permissions = DEFAULT_ROLE_PERMISSIONS[role] || [];
+    if (permissions.includes("*:manage")) {
+      return true;
+    }
+    if (permissions.includes(permission)) {
+      return true;
+    }
+    const [resource, action] = permission.split(":");
+    const managePermission = `${resource}:manage`;
+    if (permissions.includes(managePermission)) {
+      return true;
+    }
+    return false;
+  }
+  getPermissions(role) {
+    return DEFAULT_ROLE_PERMISSIONS[role] || [];
+  }
+};
+function createUserService(repository) {
+  return new UserService(repository || createUserRepository());
+}
+
+// src/modules/auth/index.ts
+async function registerAuthModule(app) {
+  await app.register(jwt, {
+    secret: config.jwt.secret,
+    sign: {
+      algorithm: "HS256"
+    }
+  });
+  await app.register(cookie, {
+    secret: config.jwt.secret,
+    hook: "onRequest"
+  });
+  const authService = createAuthService(app);
+  const userService = createUserService();
+  const authController = createAuthController(authService, userService);
+  registerAuthRoutes(app, authController, authService);
+  logger.info("Auth module registered");
+  return authService;
+}
+
+// src/modules/user/schemas.ts
+import { z as z4 } from "zod";
+var userStatusEnum = z4.enum(["active", "inactive", "suspended", "banned"]);
+var userRoleEnum = z4.enum(["user", "admin", "moderator", "super_admin"]);
+var createUserSchema = z4.object({
+  email: z4.string().email("Invalid email address"),
+  password: z4.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number"),
+  name: z4.string().min(2, "Name must be at least 2 characters").optional(),
+  role: userRoleEnum.optional().default("user")
+});
+var updateUserSchema = z4.object({
+  email: z4.string().email("Invalid email address").optional(),
+  name: z4.string().min(2, "Name must be at least 2 characters").optional(),
+  role: userRoleEnum.optional(),
+  status: userStatusEnum.optional(),
+  emailVerified: z4.boolean().optional(),
+  metadata: z4.record(z4.unknown()).optional()
+});
+var updateProfileSchema = z4.object({
+  name: z4.string().min(2, "Name must be at least 2 characters").optional(),
+  metadata: z4.record(z4.unknown()).optional()
+});
+var userQuerySchema = z4.object({
+  page: z4.string().transform(Number).optional(),
+  limit: z4.string().transform(Number).optional(),
+  sortBy: z4.string().optional(),
+  sortOrder: z4.enum(["asc", "desc"]).optional(),
+  status: userStatusEnum.optional(),
+  role: userRoleEnum.optional(),
+  search: z4.string().optional(),
+  emailVerified: z4.string().transform((val) => val === "true").optional()
+});
+
+// src/modules/user/user.controller.ts
+var UserController = class {
+  constructor(userService) {
+    this.userService = userService;
+  }
+  async list(request, reply) {
+    const query = validateQuery(userQuerySchema, request.query);
+    const pagination = parsePaginationParams(query);
+    const filters = {
+      status: query.status,
+      role: query.role,
+      search: query.search,
+      emailVerified: query.emailVerified
+    };
+    const result = await this.userService.findMany(pagination, filters);
+    success(reply, result);
+  }
+  async getById(request, reply) {
+    const user = await this.userService.findById(request.params.id);
+    if (!user) {
+      return reply.status(404).send({
+        success: false,
+        message: "User not found"
+      });
+    }
+    const { password, ...userData } = user;
+    success(reply, userData);
+  }
+  async update(request, reply) {
+    const data = validateBody(updateUserSchema, request.body);
+    const user = await this.userService.update(request.params.id, data);
+    const { password, ...userData } = user;
+    success(reply, userData);
+  }
+  async delete(request, reply) {
+    const authRequest = request;
+    if (authRequest.user.id === request.params.id) {
+      throw new ForbiddenError("Cannot delete your own account");
+    }
+    await this.userService.delete(request.params.id);
+    noContent(reply);
+  }
+  async suspend(request, reply) {
+    const authRequest = request;
+    if (authRequest.user.id === request.params.id) {
+      throw new ForbiddenError("Cannot suspend your own account");
+    }
+    const user = await this.userService.suspend(request.params.id);
+    const { password, ...userData } = user;
+    success(reply, userData);
+  }
+  async ban(request, reply) {
+    const authRequest = request;
+    if (authRequest.user.id === request.params.id) {
+      throw new ForbiddenError("Cannot ban your own account");
+    }
+    const user = await this.userService.ban(request.params.id);
+    const { password, ...userData } = user;
+    success(reply, userData);
+  }
+  async activate(request, reply) {
+    const user = await this.userService.activate(request.params.id);
+    const { password, ...userData } = user;
+    success(reply, userData);
+  }
+  // Profile routes (for authenticated user)
+  async getProfile(request, reply) {
+    const authRequest = request;
+    const user = await this.userService.findById(authRequest.user.id);
+    if (!user) {
+      return reply.status(404).send({
+        success: false,
+        message: "User not found"
+      });
+    }
+    const { password, ...userData } = user;
+    success(reply, userData);
+  }
+  async updateProfile(request, reply) {
+    const authRequest = request;
+    const data = validateBody(updateProfileSchema, request.body);
+    const user = await this.userService.update(authRequest.user.id, data);
+    const { password, ...userData } = user;
+    success(reply, userData);
+  }
+};
+function createUserController(userService) {
+  return new UserController(userService);
+}
+
+// src/modules/user/user.routes.ts
+var userTag = "Users";
+var userResponse = {
+  type: "object",
+  properties: {
+    success: { type: "boolean", example: true },
+    data: { type: "object" }
+  }
+};
+function registerUserRoutes(app, controller, authService) {
+  const authenticate = createAuthMiddleware(authService);
+  const isAdmin = createRoleMiddleware(["admin", "super_admin"]);
+  const isModerator = createRoleMiddleware(["moderator", "admin", "super_admin"]);
+  app.get(
+    "/profile",
+    {
+      preHandler: [authenticate],
+      schema: {
+        tags: [userTag],
+        summary: "Get current user profile",
+        security: [{ bearerAuth: [] }],
+        response: {
+          200: userResponse,
+          401: commonResponses.unauthorized
+        }
+      }
+    },
+    controller.getProfile.bind(controller)
+  );
+  app.patch(
+    "/profile",
+    {
+      preHandler: [authenticate],
+      schema: {
+        tags: [userTag],
+        summary: "Update current user profile",
+        security: [{ bearerAuth: [] }],
+        body: { type: "object" },
+        response: {
+          200: userResponse,
+          401: commonResponses.unauthorized,
+          400: commonResponses.error
+        }
+      }
+    },
+    controller.updateProfile.bind(controller)
+  );
+  app.get(
+    "/users",
+    {
+      preHandler: [authenticate, isModerator],
+      schema: {
+        tags: [userTag],
+        summary: "List users",
+        security: [{ bearerAuth: [] }],
+        querystring: {
+          ...paginationQuery,
+          properties: {
+            ...paginationQuery.properties,
+            status: { type: "string", enum: ["active", "inactive", "suspended", "banned"] },
+            role: { type: "string", enum: ["user", "admin", "moderator", "super_admin"] },
+            search: { type: "string" },
+            emailVerified: { type: "boolean" }
+          }
+        },
+        response: {
+          200: commonResponses.paginated,
+          401: commonResponses.unauthorized
+        }
+      }
+    },
+    controller.list.bind(controller)
+  );
+  app.get(
+    "/users/:id",
+    {
+      preHandler: [authenticate, isModerator],
+      schema: {
+        tags: [userTag],
+        summary: "Get user by id",
+        security: [{ bearerAuth: [] }],
+        params: idParam,
+        response: {
+          200: userResponse,
+          401: commonResponses.unauthorized,
+          404: commonResponses.notFound
+        }
+      }
+    },
+    controller.getById.bind(controller)
+  );
+  app.patch(
+    "/users/:id",
+    {
+      preHandler: [authenticate, isAdmin],
+      schema: {
+        tags: [userTag],
+        summary: "Update user",
+        security: [{ bearerAuth: [] }],
+        params: idParam,
+        body: { type: "object" },
+        response: {
+          200: userResponse,
+          401: commonResponses.unauthorized,
+          404: commonResponses.notFound
+        }
+      }
+    },
+    controller.update.bind(controller)
+  );
+  app.delete(
+    "/users/:id",
+    {
+      preHandler: [authenticate, isAdmin],
+      schema: {
+        tags: [userTag],
+        summary: "Delete user",
+        security: [{ bearerAuth: [] }],
+        params: idParam,
+        response: {
+          204: { description: "User deleted" },
+          401: commonResponses.unauthorized,
+          404: commonResponses.notFound
+        }
+      }
+    },
+    controller.delete.bind(controller)
+  );
+  app.post(
+    "/users/:id/suspend",
+    {
+      preHandler: [authenticate, isAdmin],
+      schema: {
+        tags: [userTag],
+        summary: "Suspend user",
+        security: [{ bearerAuth: [] }],
+        params: idParam,
+        response: {
+          200: userResponse,
+          401: commonResponses.unauthorized,
+          404: commonResponses.notFound
+        }
+      }
+    },
+    controller.suspend.bind(controller)
+  );
+  app.post(
+    "/users/:id/ban",
+    {
+      preHandler: [authenticate, isAdmin],
+      schema: {
+        tags: [userTag],
+        summary: "Ban user",
+        security: [{ bearerAuth: [] }],
+        params: idParam,
+        response: {
+          200: userResponse,
+          401: commonResponses.unauthorized,
+          404: commonResponses.notFound
+        }
+      }
+    },
+    controller.ban.bind(controller)
+  );
+  app.post(
+    "/users/:id/activate",
+    {
+      preHandler: [authenticate, isAdmin],
+      schema: {
+        tags: [userTag],
+        summary: "Activate user",
+        security: [{ bearerAuth: [] }],
+        params: idParam,
+        response: {
+          200: userResponse,
+          401: commonResponses.unauthorized,
+          404: commonResponses.notFound
+        }
+      }
+    },
+    controller.activate.bind(controller)
+  );
+}
+
+// src/modules/user/index.ts
+async function registerUserModule(app, authService) {
+  const repository = createUserRepository();
+  const userService = createUserService(repository);
+  const userController = createUserController(userService);
+  registerUserRoutes(app, userController, authService);
+  logger.info("User module registered");
+}
+
+// src/modules/email/email.service.ts
+import nodemailer from "nodemailer";
+
+// src/modules/email/templates.ts
+import Handlebars from "handlebars";
+var baseLayout = `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>{{subject}}</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+      line-height: 1.6;
+      color: #333;
+      max-width: 600px;
+      margin: 0 auto;
+      padding: 20px;
+      background-color: #f5f5f5;
+    }
+    .container {
+      background-color: #ffffff;
+      border-radius: 8px;
+      padding: 40px;
+      box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+    }
+    .header {
+      text-align: center;
+      margin-bottom: 30px;
+    }
+    .logo {
+      font-size: 24px;
+      font-weight: bold;
+      color: #2563eb;
+    }
+    .content {
+      margin-bottom: 30px;
+    }
+    .button {
+      display: inline-block;
+      padding: 12px 24px;
+      background-color: #2563eb;
+      color: #ffffff !important;
+      text-decoration: none;
+      border-radius: 6px;
+      font-weight: 500;
+    }
+    .button:hover {
+      background-color: #1d4ed8;
+    }
+    .footer {
+      text-align: center;
+      font-size: 12px;
+      color: #666;
+      margin-top: 30px;
+      padding-top: 20px;
+      border-top: 1px solid #eee;
+    }
+    .warning {
+      background-color: #fef3c7;
+      border: 1px solid #f59e0b;
+      border-radius: 6px;
+      padding: 12px;
+      margin: 20px 0;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="header">
+      <div class="logo">{{appName}}</div>
+    </div>
+    <div class="content">
+      {{{body}}}
+    </div>
+    <div class="footer">
+      <p>&copy; {{year}} {{appName}}. All rights reserved.</p>
+      <p>This email was sent to {{userEmail}}</p>
+    </div>
+  </div>
+</body>
+</html>
+`;
+var templates = {
+  welcome: `
+    <h2>Welcome to {{appName}}!</h2>
+    <p>Hi {{userName}},</p>
+    <p>Thank you for joining {{appName}}. We're excited to have you on board!</p>
+    <p>To get started, please verify your email address by clicking the button below:</p>
+    <p style="text-align: center; margin: 30px 0;">
+      <a href="{{actionUrl}}" class="button">Verify Email</a>
+    </p>
+    <p>If you didn't create an account with us, you can safely ignore this email.</p>
+  `,
+  "verify-email": `
+    <h2>Verify Your Email</h2>
+    <p>Hi {{userName}},</p>
+    <p>Please verify your email address by clicking the button below:</p>
+    <p style="text-align: center; margin: 30px 0;">
+      <a href="{{actionUrl}}" class="button">Verify Email</a>
+    </p>
+    <p>This link will expire in {{expiresIn}}.</p>
+    <p>If you didn't request this verification, you can safely ignore this email.</p>
+  `,
+  "password-reset": `
+    <h2>Reset Your Password</h2>
+    <p>Hi {{userName}},</p>
+    <p>We received a request to reset your password. Click the button below to create a new password:</p>
+    <p style="text-align: center; margin: 30px 0;">
+      <a href="{{actionUrl}}" class="button">Reset Password</a>
+    </p>
+    <p>This link will expire in {{expiresIn}}.</p>
+    <div class="warning">
+      <strong>Security Notice:</strong> If you didn't request this password reset, please ignore this email and your password will remain unchanged.
+    </div>
+  `,
+  "password-changed": `
+    <h2>Password Changed</h2>
+    <p>Hi {{userName}},</p>
+    <p>Your password has been successfully changed.</p>
+    <p>If you didn't make this change, please contact our support team immediately and secure your account.</p>
+    <div class="warning">
+      <strong>Details:</strong><br>
+      Time: {{timestamp}}<br>
+      IP Address: {{ipAddress}}<br>
+      Device: {{userAgent}}
+    </div>
+  `,
+  "login-alert": `
+    <h2>New Login Detected</h2>
+    <p>Hi {{userName}},</p>
+    <p>We detected a new login to your account.</p>
+    <div class="warning">
+      <strong>Login Details:</strong><br>
+      Time: {{timestamp}}<br>
+      IP Address: {{ipAddress}}<br>
+      Device: {{userAgent}}<br>
+      Location: {{location}}
+    </div>
+    <p>If this was you, you can safely ignore this email.</p>
+    <p>If you didn't log in, please change your password immediately and contact support.</p>
+  `,
+  "account-suspended": `
+    <h2>Account Suspended</h2>
+    <p>Hi {{userName}},</p>
+    <p>Your account has been suspended due to: {{reason}}</p>
+    <p>If you believe this is a mistake, please contact our support team.</p>
+  `
+};
+var compiledLayout = Handlebars.compile(baseLayout);
+var compiledTemplates = {};
+for (const [name, template] of Object.entries(templates)) {
+  compiledTemplates[name] = Handlebars.compile(template);
+}
+function renderTemplate(templateName, data) {
+  const template = compiledTemplates[templateName];
+  if (!template) {
+    throw new Error(`Template "${templateName}" not found`);
+  }
+  const body = template(data);
+  return compiledLayout({
+    ...data,
+    body,
+    year: (/* @__PURE__ */ new Date()).getFullYear(),
+    appName: data.appName || "Servcraft"
+  });
+}
+function renderCustomTemplate(htmlTemplate, data) {
+  const template = Handlebars.compile(htmlTemplate);
+  const body = template(data);
+  return compiledLayout({
+    ...data,
+    body,
+    year: (/* @__PURE__ */ new Date()).getFullYear(),
+    appName: data.appName || "Servcraft"
+  });
+}
+Handlebars.registerHelper("formatDate", (date) => {
+  return new Date(date).toLocaleDateString("en-US", {
+    year: "numeric",
+    month: "long",
+    day: "numeric",
+    hour: "2-digit",
+    minute: "2-digit"
+  });
+});
+Handlebars.registerHelper("eq", (a, b) => a === b);
+Handlebars.registerHelper("ne", (a, b) => a !== b);
+
+// src/modules/email/email.service.ts
+var EmailService = class {
+  transporter = null;
+  config = null;
+  constructor(emailConfig) {
+    if (emailConfig?.host || config.email.host) {
+      this.config = {
+        host: emailConfig?.host || config.email.host || "",
+        port: emailConfig?.port || config.email.port || 587,
+        secure: (emailConfig?.port || config.email.port || 587) === 465,
+        auth: {
+          user: emailConfig?.auth?.user || config.email.user || "",
+          pass: emailConfig?.auth?.pass || config.email.pass || ""
+        },
+        from: emailConfig?.from || config.email.from || "noreply@localhost"
+      };
+      this.transporter = nodemailer.createTransport({
+        host: this.config.host,
+        port: this.config.port,
+        secure: this.config.secure,
+        auth: {
+          user: this.config.auth.user,
+          pass: this.config.auth.pass
+        }
+      });
+      logger.info("Email service initialized");
+    } else {
+      logger.warn("Email service not configured - emails will be logged only");
+    }
+  }
+  async send(options) {
+    try {
+      let html = options.html;
+      let text = options.text;
+      if (options.template && options.data) {
+        html = renderTemplate(options.template, options.data);
+      }
+      if (html && !text) {
+        text = this.htmlToText(html);
+      }
+      const mailOptions = {
+        from: this.config?.from || "noreply@localhost",
+        to: Array.isArray(options.to) ? options.to.join(", ") : options.to,
+        subject: options.subject,
+        html,
+        text,
+        replyTo: options.replyTo,
+        cc: options.cc,
+        bcc: options.bcc,
+        attachments: options.attachments
+      };
+      if (!this.transporter) {
+        logger.info({ email: mailOptions }, "Email would be sent (no transporter configured)");
+        return { success: true, messageId: "dev-mode" };
+      }
+      const result = await this.transporter.sendMail(mailOptions);
+      logger.info(
+        { messageId: result.messageId, to: options.to },
+        "Email sent successfully"
+      );
+      return {
+        success: true,
+        messageId: result.messageId
+      };
+    } catch (error2) {
+      const errorMessage = error2 instanceof Error ? error2.message : "Unknown error";
+      logger.error({ err: error2, to: options.to }, "Failed to send email");
+      return {
+        success: false,
+        error: errorMessage
+      };
+    }
+  }
+  async sendTemplate(to, template, data) {
+    const subjects = {
+      welcome: `Welcome to ${data.appName || "Servcraft"}!`,
+      "verify-email": "Verify Your Email",
+      "password-reset": "Reset Your Password",
+      "password-changed": "Password Changed Successfully",
+      "login-alert": "New Login Detected",
+      "account-suspended": "Account Suspended"
+    };
+    return this.send({
+      to,
+      subject: subjects[template] || "Notification",
+      template,
+      data
+    });
+  }
+  async sendWelcome(email, name, verifyUrl) {
+    return this.sendTemplate(email, "welcome", {
+      userName: name,
+      userEmail: email,
+      actionUrl: verifyUrl
+    });
+  }
+  async sendVerifyEmail(email, name, verifyUrl) {
+    return this.sendTemplate(email, "verify-email", {
+      userName: name,
+      userEmail: email,
+      actionUrl: verifyUrl,
+      expiresIn: "24 hours"
+    });
+  }
+  async sendPasswordReset(email, name, resetUrl) {
+    return this.sendTemplate(email, "password-reset", {
+      userName: name,
+      userEmail: email,
+      actionUrl: resetUrl,
+      expiresIn: "1 hour"
+    });
+  }
+  async sendPasswordChanged(email, name, ipAddress, userAgent) {
+    return this.sendTemplate(email, "password-changed", {
+      userName: name,
+      userEmail: email,
+      ipAddress: ipAddress || "Unknown",
+      userAgent: userAgent || "Unknown",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+  async sendLoginAlert(email, name, ipAddress, userAgent, location) {
+    return this.sendTemplate(email, "login-alert", {
+      userName: name,
+      userEmail: email,
+      ipAddress,
+      userAgent,
+      location: location || "Unknown",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+  async verify() {
+    if (!this.transporter) {
+      return false;
+    }
+    try {
+      await this.transporter.verify();
+      logger.info("Email service connection verified");
+      return true;
+    } catch (error2) {
+      logger.error({ err: error2 }, "Email service connection failed");
+      return false;
+    }
+  }
+  htmlToText(html) {
+    return html.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, "").replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "").replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
+  }
+};
+var emailService = null;
+function getEmailService() {
+  if (!emailService) {
+    emailService = new EmailService();
+  }
+  return emailService;
+}
+function createEmailService(config2) {
+  return new EmailService(config2);
+}
+
+// src/modules/audit/audit.service.ts
+import { randomUUID as randomUUID2 } from "crypto";
+var auditLogs = /* @__PURE__ */ new Map();
+var AuditService = class {
+  async log(entry) {
+    const id = randomUUID2();
+    const auditEntry = {
+      ...entry,
+      id,
+      createdAt: /* @__PURE__ */ new Date()
+    };
+    auditLogs.set(id, auditEntry);
+    logger.info(
+      {
+        audit: true,
+        userId: entry.userId,
+        action: entry.action,
+        resource: entry.resource,
+        resourceId: entry.resourceId,
+        ipAddress: entry.ipAddress
+      },
+      `Audit: ${entry.action} on ${entry.resource}`
+    );
+  }
+  async query(params) {
+    const { page = 1, limit = 20 } = params;
+    let logs = Array.from(auditLogs.values());
+    if (params.userId) {
+      logs = logs.filter((log) => log.userId === params.userId);
+    }
+    if (params.action) {
+      logs = logs.filter((log) => log.action === params.action);
+    }
+    if (params.resource) {
+      logs = logs.filter((log) => log.resource === params.resource);
+    }
+    if (params.resourceId) {
+      logs = logs.filter((log) => log.resourceId === params.resourceId);
+    }
+    if (params.startDate) {
+      logs = logs.filter((log) => log.createdAt >= params.startDate);
+    }
+    if (params.endDate) {
+      logs = logs.filter((log) => log.createdAt <= params.endDate);
+    }
+    logs.sort((a, b) => b.createdAt.getTime() - a.createdAt.getTime());
+    const total = logs.length;
+    const skip = (page - 1) * limit;
+    const data = logs.slice(skip, skip + limit);
+    return createPaginatedResult(data, total, { page, limit });
+  }
+  async findByUser(userId, limit = 50) {
+    const result = await this.query({ userId, limit });
+    return result.data;
+  }
+  async findByResource(resource, resourceId, limit = 50) {
+    const result = await this.query({ resource, resourceId, limit });
+    return result.data;
+  }
+  // Shortcut methods for common audit events
+  async logCreate(resource, resourceId, userId, newValue, meta) {
+    await this.log({
+      action: "create",
+      resource,
+      resourceId,
+      userId,
+      newValue,
+      ...meta
+    });
+  }
+  async logUpdate(resource, resourceId, userId, oldValue, newValue, meta) {
+    await this.log({
+      action: "update",
+      resource,
+      resourceId,
+      userId,
+      oldValue,
+      newValue,
+      ...meta
+    });
+  }
+  async logDelete(resource, resourceId, userId, oldValue, meta) {
+    await this.log({
+      action: "delete",
+      resource,
+      resourceId,
+      userId,
+      oldValue,
+      ...meta
+    });
+  }
+  async logLogin(userId, meta) {
+    await this.log({
+      action: "login",
+      resource: "auth",
+      userId,
+      ...meta
+    });
+  }
+  async logLogout(userId, meta) {
+    await this.log({
+      action: "logout",
+      resource: "auth",
+      userId,
+      ...meta
+    });
+  }
+  async logPasswordChange(userId, meta) {
+    await this.log({
+      action: "password_change",
+      resource: "auth",
+      userId,
+      ...meta
+    });
+  }
+  // Clear all logs (for testing)
+  async clear() {
+    auditLogs.clear();
+  }
+};
+var auditService = null;
+function getAuditService() {
+  if (!auditService) {
+    auditService = new AuditService();
+  }
+  return auditService;
+}
+function createAuditService() {
+  return new AuditService();
+}
+
+// src/index.ts
+async function bootstrap() {
+  const server = createServer({
+    port: config.server.port,
+    host: config.server.host
+  });
+  const app = server.instance;
+  registerErrorHandler(app);
+  await registerSecurity(app);
+  await registerSwagger(app, {
+    enabled: config.swagger.enabled,
+    route: config.swagger.route,
+    title: config.swagger.title,
+    description: config.swagger.description,
+    version: config.swagger.version
+  });
+  const authService = await registerAuthModule(app);
+  await registerUserModule(app, authService);
+  await server.start();
+  logger.info({
+    env: config.env.NODE_ENV,
+    port: config.server.port
+  }, "Servcraft server started");
+}
+bootstrap().catch((err) => {
+  logger.error({ err }, "Failed to start server");
+  process.exit(1);
+});
+export {
+  AppError,
+  AuditService,
+  AuthController,
+  AuthService,
+  BadRequestError,
+  ConflictError,
+  DEFAULT_LIMIT,
+  DEFAULT_PAGE,
+  DEFAULT_ROLE_PERMISSIONS,
+  EmailService,
+  ForbiddenError,
+  MAX_LIMIT,
+  NotFoundError,
+  Server,
+  TooManyRequestsError,
+  UnauthorizedError,
+  UserController,
+  UserRepository,
+  UserService,
+  ValidationError,
+  badRequest,
+  changePasswordSchema,
+  config,
+  conflict,
+  createAuditService,
+  createAuthController,
+  createAuthMiddleware,
+  createAuthService,
+  createConfig,
+  createEmailService,
+  createLogger,
+  createOptionalAuthMiddleware,
+  createPaginatedResult,
+  createPermissionMiddleware,
+  createRoleMiddleware,
+  createServer,
+  createUserController,
+  createUserRepository,
+  createUserSchema,
+  createUserService,
+  created,
+  dateSchema,
+  emailSchema,
+  env,
+  error,
+  forbidden,
+  futureDateSchema,
+  getAuditService,
+  getEmailService,
+  getSkip,
+  idParamSchema,
+  internalError,
+  isAppError,
+  isDevelopment,
+  isProduction,
+  isStaging,
+  isTest,
+  logger,
+  loginSchema,
+  noContent,
+  notFound,
+  paginationSchema,
+  parsePaginationParams,
+  passwordResetConfirmSchema,
+  passwordResetRequestSchema,
+  passwordSchema,
+  pastDateSchema,
+  phoneSchema,
+  refreshTokenSchema,
+  registerAuthModule,
+  registerBruteForceProtection,
+  registerErrorHandler,
+  registerSchema,
+  registerSecurity,
+  registerUserModule,
+  renderCustomTemplate,
+  renderTemplate,
+  searchSchema,
+  success,
+  unauthorized,
+  updateProfileSchema,
+  updateUserSchema,
+  urlSchema,
+  userQuerySchema,
+  userRoleEnum,
+  userStatusEnum,
+  validate,
+  validateBody,
+  validateParams,
+  validateQuery
+};
+//# sourceMappingURL=index.js.map