servcraft 0.1.0

package/src/config/index.ts

@@ -0,0 +1,97 @@
+import { env, isDevelopment, isProduction, isTest, isStaging } from './env.js';
+import type { Env } from './env.js';
+
+export interface AppConfig {
+  env: Env;
+  server: {
+    port: number;
+    host: string;
+  };
+  jwt: {
+    secret: string;
+    accessExpiresIn: string;
+    refreshExpiresIn: string;
+  };
+  security: {
+    corsOrigin: string | string[];
+    rateLimit: {
+      max: number;
+      windowMs: number;
+    };
+  };
+  email: {
+    host?: string;
+    port?: number;
+    user?: string;
+    pass?: string;
+    from?: string;
+  };
+  database: {
+    url?: string;
+  };
+  redis: {
+    url?: string;
+  };
+  swagger: {
+    enabled: boolean;
+    route: string;
+    title: string;
+    description: string;
+    version: string;
+  };
+}
+
+function parseCorsOrigin(origin: string): string | string[] {
+  if (origin === '*') return '*';
+  if (origin.includes(',')) {
+    return origin.split(',').map((o) => o.trim());
+  }
+  return origin;
+}
+
+export function createConfig(): AppConfig {
+  return {
+    env,
+    server: {
+      port: env.PORT,
+      host: env.HOST,
+    },
+    jwt: {
+      secret: env.JWT_SECRET || 'change-me-in-production-please-32chars',
+      accessExpiresIn: env.JWT_ACCESS_EXPIRES_IN,
+      refreshExpiresIn: env.JWT_REFRESH_EXPIRES_IN,
+    },
+    security: {
+      corsOrigin: parseCorsOrigin(env.CORS_ORIGIN),
+      rateLimit: {
+        max: env.RATE_LIMIT_MAX,
+        windowMs: env.RATE_LIMIT_WINDOW_MS,
+      },
+    },
+    email: {
+      host: env.SMTP_HOST,
+      port: env.SMTP_PORT,
+      user: env.SMTP_USER,
+      pass: env.SMTP_PASS,
+      from: env.SMTP_FROM,
+    },
+    database: {
+      url: env.DATABASE_URL,
+    },
+    redis: {
+      url: env.REDIS_URL,
+    },
+    swagger: {
+      enabled: env.SWAGGER_ENABLED,
+      route: env.SWAGGER_ROUTE,
+      title: env.SWAGGER_TITLE,
+      description: env.SWAGGER_DESCRIPTION,
+      version: env.SWAGGER_VERSION,
+    },
+  };
+}
+
+export const config = createConfig();
+
+export { env, isDevelopment, isProduction, isTest, isStaging };
+export type { Env };

package/src/core/index.ts

@@ -0,0 +1,5 @@
+export { Server, createServer } from './server.js';
+export type { ServerConfig } from './server.js';
+
+export { logger, createLogger } from './logger.js';
+export type { Logger, LoggerConfig } from './logger.js';

package/src/core/logger.ts

@@ -0,0 +1,43 @@
+import pino from 'pino';
+import type { Logger } from 'pino';
+
+export interface LoggerConfig {
+  level: string;
+  pretty: boolean;
+  name?: string;
+}
+
+const defaultConfig: LoggerConfig = {
+  level: process.env.LOG_LEVEL || 'info',
+  pretty: process.env.NODE_ENV !== 'production',
+  name: 'servcraft',
+};
+
+export function createLogger(config: Partial<LoggerConfig> = {}): Logger {
+  const mergedConfig = { ...defaultConfig, ...config };
+
+  const transport = mergedConfig.pretty
+    ? {
+        target: 'pino-pretty',
+        options: {
+          colorize: true,
+          translateTime: 'SYS:standard',
+          ignore: 'pid,hostname',
+        },
+      }
+    : undefined;
+
+  return pino({
+    name: mergedConfig.name,
+    level: mergedConfig.level,
+    transport,
+    formatters: {
+      level: (label) => ({ level: label }),
+    },
+    timestamp: pino.stdTimeFunctions.isoTime,
+  });
+}
+
+export const logger = createLogger();
+
+export type { Logger };

package/src/core/server.ts

@@ -0,0 +1,132 @@
+import Fastify from 'fastify';
+import type { FastifyInstance, FastifyServerOptions } from 'fastify';
+import { logger, createLogger } from './logger.js';
+import type { Logger } from './logger.js';
+
+export interface ServerConfig {
+  port: number;
+  host: string;
+  logger?: Logger;
+  trustProxy?: boolean;
+  bodyLimit?: number;
+  requestTimeout?: number;
+}
+
+const defaultConfig: ServerConfig = {
+  port: parseInt(process.env.PORT || '3000', 10),
+  host: process.env.HOST || '0.0.0.0',
+  trustProxy: true,
+  bodyLimit: 1048576, // 1MB
+  requestTimeout: 30000, // 30s
+};
+
+export class Server {
+  private app: FastifyInstance;
+  private config: ServerConfig;
+  private logger: Logger;
+  private isShuttingDown = false;
+
+  constructor(config: Partial<ServerConfig> = {}) {
+    this.config = { ...defaultConfig, ...config };
+    this.logger = this.config.logger || logger;
+
+    const fastifyOptions: FastifyServerOptions = {
+      logger: this.logger,
+      trustProxy: this.config.trustProxy,
+      bodyLimit: this.config.bodyLimit,
+      requestTimeout: this.config.requestTimeout,
+    };
+
+    this.app = Fastify(fastifyOptions);
+    this.setupHealthCheck();
+    this.setupGracefulShutdown();
+  }
+
+  get instance(): FastifyInstance {
+    return this.app;
+  }
+
+  private setupHealthCheck(): void {
+    this.app.get('/health', async (_request, reply) => {
+      const healthcheck = {
+        status: 'ok',
+        timestamp: new Date().toISOString(),
+        uptime: process.uptime(),
+        memory: process.memoryUsage(),
+        version: process.env.npm_package_version || '0.1.0',
+      };
+
+      return reply.status(200).send(healthcheck);
+    });
+
+    this.app.get('/ready', async (_request, reply) => {
+      if (this.isShuttingDown) {
+        return reply.status(503).send({ status: 'shutting_down' });
+      }
+      return reply.status(200).send({ status: 'ready' });
+    });
+  }
+
+  private setupGracefulShutdown(): void {
+    const signals: NodeJS.Signals[] = ['SIGINT', 'SIGTERM', 'SIGQUIT'];
+
+    signals.forEach((signal) => {
+      process.on(signal, async () => {
+        this.logger.info(`Received ${signal}, starting graceful shutdown...`);
+        await this.shutdown();
+      });
+    });
+
+    process.on('uncaughtException', async (error) => {
+      this.logger.error({ err: error }, 'Uncaught exception');
+      await this.shutdown(1);
+    });
+
+    process.on('unhandledRejection', async (reason) => {
+      this.logger.error({ err: reason }, 'Unhandled rejection');
+      await this.shutdown(1);
+    });
+  }
+
+  async shutdown(exitCode = 0): Promise<void> {
+    if (this.isShuttingDown) {
+      return;
+    }
+
+    this.isShuttingDown = true;
+    this.logger.info('Graceful shutdown initiated...');
+
+    const shutdownTimeout = setTimeout(() => {
+      this.logger.error('Graceful shutdown timeout, forcing exit');
+      process.exit(1);
+    }, 30000);
+
+    try {
+      await this.app.close();
+      this.logger.info('Server closed successfully');
+      clearTimeout(shutdownTimeout);
+      process.exit(exitCode);
+    } catch (error) {
+      this.logger.error({ err: error }, 'Error during shutdown');
+      clearTimeout(shutdownTimeout);
+      process.exit(1);
+    }
+  }
+
+  async start(): Promise<void> {
+    try {
+      await this.app.listen({
+        port: this.config.port,
+        host: this.config.host,
+      });
+      this.logger.info(`Server listening on ${this.config.host}:${this.config.port}`);
+    } catch (error) {
+      this.logger.error({ err: error }, 'Failed to start server');
+      throw error;
+    }
+  }
+}
+
+export function createServer(config: Partial<ServerConfig> = {}): Server {
+  return new Server(config);
+}

package/src/database/index.ts

@@ -0,0 +1,7 @@
+export {
+  prisma,
+  connectDatabase,
+  disconnectDatabase,
+  checkDatabaseHealth,
+  PrismaClient,
+} from './prisma.js';

package/src/database/prisma.ts

@@ -0,0 +1,54 @@
+import { PrismaClient } from '@prisma/client';
+import { logger } from '../core/logger.js';
+import { isProduction } from '../config/index.js';
+
+declare global {
+  // eslint-disable-next-line no-var
+  var __prisma: PrismaClient | undefined;
+}
+
+const prismaClientSingleton = (): PrismaClient => {
+  return new PrismaClient({
+    log: isProduction()
+      ? ['error']
+      : ['query', 'info', 'warn', 'error'],
+    errorFormat: isProduction() ? 'minimal' : 'pretty',
+  });
+};
+
+// Use singleton pattern to prevent multiple instances in development
+export const prisma = globalThis.__prisma ?? prismaClientSingleton();
+
+if (!isProduction()) {
+  globalThis.__prisma = prisma;
+}
+
+export async function connectDatabase(): Promise<void> {
+  try {
+    await prisma.$connect();
+    logger.info('Database connected successfully');
+  } catch (error) {
+    logger.error({ err: error }, 'Failed to connect to database');
+    throw error;
+  }
+}
+
+export async function disconnectDatabase(): Promise<void> {
+  try {
+    await prisma.$disconnect();
+    logger.info('Database disconnected');
+  } catch (error) {
+    logger.error({ err: error }, 'Error disconnecting from database');
+  }
+}
+
+export async function checkDatabaseHealth(): Promise<boolean> {
+  try {
+    await prisma.$queryRaw`SELECT 1`;
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export { PrismaClient };

package/src/database/seed.ts

@@ -0,0 +1,59 @@
+import { prisma } from './prisma.js';
+import bcrypt from 'bcryptjs';
+import { logger } from '../core/logger.js';
+
+async function main(): Promise<void> {
+  logger.info('Starting database seed...');
+
+  // Create default admin user
+  const hashedPassword = await bcrypt.hash('Admin@123456', 12);
+
+  const admin = await prisma.user.upsert({
+    where: { email: 'admin@servcraft.local' },
+    update: {},
+    create: {
+      email: 'admin@servcraft.local',
+      password: hashedPassword,
+      name: 'Administrator',
+      role: 'SUPER_ADMIN',
+      status: 'ACTIVE',
+      emailVerified: true,
+    },
+  });
+
+  logger.info({ userId: admin.id }, 'Admin user created/updated');
+
+  // Create default settings
+  const defaultSettings = [
+    { key: 'app.name', value: 'Servcraft', type: 'string', group: 'general' },
+    { key: 'app.description', value: 'A modular Node.js backend framework', type: 'string', group: 'general' },
+    { key: 'auth.registration_enabled', value: true, type: 'boolean', group: 'auth' },
+    { key: 'auth.email_verification_required', value: false, type: 'boolean', group: 'auth' },
+    { key: 'email.enabled', value: false, type: 'boolean', group: 'email' },
+  ];
+
+  for (const setting of defaultSettings) {
+    await prisma.setting.upsert({
+      where: { key: setting.key },
+      update: { value: setting.value },
+      create: {
+        key: setting.key,
+        value: setting.value,
+        type: setting.type,
+        group: setting.group,
+      },
+    });
+  }
+
+  logger.info('Default settings created');
+  logger.info('Seed completed successfully');
+}
+
+main()
+  .catch((e) => {
+    logger.error({ err: e }, 'Seed failed');
+    process.exit(1);
+  })
+  .finally(async () => {
+    await prisma.$disconnect();
+  });

package/src/index.ts

@@ -0,0 +1,63 @@
+import { Server, createServer } from './core/server.js';
+import { logger } from './core/logger.js';
+import { config } from './config/index.js';
+import { registerSecurity, registerErrorHandler } from './middleware/index.js';
+import { registerAuthModule } from './modules/auth/index.js';
+import { registerUserModule } from './modules/user/index.js';
+import { registerSwagger } from './modules/swagger/index.js';
+
+async function bootstrap(): Promise<void> {
+  // Create server instance
+  const server = createServer({
+    port: config.server.port,
+    host: config.server.host,
+  });
+
+  const app = server.instance;
+
+  // Register error handler
+  registerErrorHandler(app);
+
+  // Register security middleware
+  await registerSecurity(app);
+
+  // Register Swagger documentation (auto-updates as routes are added)
+  await registerSwagger(app, {
+    enabled: config.swagger.enabled,
+    route: config.swagger.route,
+    title: config.swagger.title,
+    description: config.swagger.description,
+    version: config.swagger.version,
+  });
+
+  // Register auth module
+  const authService = await registerAuthModule(app);
+
+  // Register user module (depends on auth for guard middleware)
+  await registerUserModule(app, authService);
+
+  // Start server
+  await server.start();
+
+  logger.info({
+    env: config.env.NODE_ENV,
+    port: config.server.port,
+  }, 'Servcraft server started');
+}
+
+bootstrap().catch((err) => {
+  logger.error({ err }, 'Failed to start server');
+  process.exit(1);
+});
+
+// Export for library usage
+export * from './core/index.js';
+export * from './config/index.js';
+export * from './middleware/index.js';
+export * from './utils/index.js';
+export * from './types/index.js';
+export * from './modules/auth/index.js';
+export * from './modules/user/index.js';
+export * from './modules/email/index.js';
+export * from './modules/validation/index.js';
+export * from './modules/audit/index.js';

package/src/middleware/error-handler.ts

@@ -0,0 +1,73 @@
+import type { FastifyInstance, FastifyError, FastifyRequest, FastifyReply } from 'fastify';
+import { isAppError } from '../utils/errors.js';
+import { logger } from '../core/logger.js';
+import { isProduction } from '../config/index.js';
+
+export function registerErrorHandler(app: FastifyInstance): void {
+  app.setErrorHandler(
+    (error: FastifyError | Error, request: FastifyRequest, reply: FastifyReply) => {
+      // Log the error
+      logger.error(
+        {
+          err: error,
+          requestId: request.id,
+          method: request.method,
+          url: request.url,
+        },
+        'Request error'
+      );
+
+      // Handle AppError (our custom errors)
+      if (isAppError(error)) {
+        return reply.status(error.statusCode).send({
+          success: false,
+          message: error.message,
+          errors: error.errors,
+          ...(isProduction() ? {} : { stack: error.stack }),
+        });
+      }
+
+      // Handle Fastify validation errors
+      if ('validation' in error && error.validation) {
+        const errors: Record<string, string[]> = {};
+        for (const err of error.validation) {
+          const field = err.instancePath?.replace('/', '') || 'body';
+          if (!errors[field]) {
+            errors[field] = [];
+          }
+          errors[field].push(err.message || 'Invalid value');
+        }
+
+        return reply.status(400).send({
+          success: false,
+          message: 'Validation failed',
+          errors,
+        });
+      }
+
+      // Handle Fastify errors with statusCode
+      if ('statusCode' in error && typeof error.statusCode === 'number') {
+        return reply.status(error.statusCode).send({
+          success: false,
+          message: error.message,
+          ...(isProduction() ? {} : { stack: error.stack }),
+        });
+      }
+
+      // Handle unknown errors
+      return reply.status(500).send({
+        success: false,
+        message: isProduction() ? 'Internal server error' : error.message,
+        ...(isProduction() ? {} : { stack: error.stack }),
+      });
+    }
+  );
+
+  // Handle 404
+  app.setNotFoundHandler((request: FastifyRequest, reply: FastifyReply) => {
+    return reply.status(404).send({
+      success: false,
+      message: `Route ${request.method} ${request.url} not found`,
+    });
+  });
+}

package/src/middleware/index.ts

@@ -0,0 +1,3 @@
+export { registerErrorHandler } from './error-handler.js';
+export { registerSecurity, registerBruteForceProtection } from './security.js';
+export type { SecurityOptions } from './security.js';

package/src/middleware/security.ts

@@ -0,0 +1,116 @@
+import type { FastifyInstance } from 'fastify';
+import helmet from '@fastify/helmet';
+import cors from '@fastify/cors';
+import rateLimit from '@fastify/rate-limit';
+import { config } from '../config/index.js';
+import { logger } from '../core/logger.js';
+
+export interface SecurityOptions {
+  helmet?: boolean;
+  cors?: boolean;
+  rateLimit?: boolean;
+}
+
+const defaultOptions: SecurityOptions = {
+  helmet: true,
+  cors: true,
+  rateLimit: true,
+};
+
+export async function registerSecurity(
+  app: FastifyInstance,
+  options: SecurityOptions = {}
+): Promise<void> {
+  const opts = { ...defaultOptions, ...options };
+
+  // Helmet - Security headers
+  if (opts.helmet) {
+    await app.register(helmet, {
+      contentSecurityPolicy: {
+        directives: {
+          defaultSrc: ["'self'"],
+          styleSrc: ["'self'", "'unsafe-inline'"],
+          scriptSrc: ["'self'"],
+          imgSrc: ["'self'", 'data:', 'https:'],
+        },
+      },
+      crossOriginEmbedderPolicy: false,
+    });
+    logger.debug('Helmet security headers enabled');
+  }
+
+  // CORS
+  if (opts.cors) {
+    await app.register(cors, {
+      origin: config.security.corsOrigin,
+      credentials: true,
+      methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
+      allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
+      exposedHeaders: ['X-Total-Count', 'X-Page', 'X-Limit'],
+      maxAge: 86400, // 24 hours
+    });
+    logger.debug({ origin: config.security.corsOrigin }, 'CORS enabled');
+  }
+
+  // Rate Limiting
+  if (opts.rateLimit) {
+    await app.register(rateLimit, {
+      max: config.security.rateLimit.max,
+      timeWindow: config.security.rateLimit.windowMs,
+      errorResponseBuilder: (_request, context) => ({
+        success: false,
+        message: 'Too many requests, please try again later',
+        retryAfter: context.after,
+      }),
+      keyGenerator: (request) => {
+        // Use X-Forwarded-For if behind proxy, otherwise use IP
+        return (
+          request.headers['x-forwarded-for']?.toString().split(',')[0] ||
+          request.ip ||
+          'unknown'
+        );
+      },
+    });
+    logger.debug(
+      {
+        max: config.security.rateLimit.max,
+        windowMs: config.security.rateLimit.windowMs,
+      },
+      'Rate limiting enabled'
+    );
+  }
+}
+
+// Brute force protection for specific routes (login, etc.)
+export async function registerBruteForceProtection(
+  app: FastifyInstance,
+  routePrefix: string,
+  options: { max?: number; timeWindow?: number } = {}
+): Promise<void> {
+  const { max = 5, timeWindow = 300000 } = options; // 5 attempts per 5 minutes
+
+  await app.register(rateLimit, {
+    max,
+    timeWindow,
+    keyGenerator: (request) => {
+      const ip =
+        request.headers['x-forwarded-for']?.toString().split(',')[0] ||
+        request.ip ||
+        'unknown';
+      return `brute:${routePrefix}:${ip}`;
+    },
+    errorResponseBuilder: () => ({
+      success: false,
+      message: 'Too many attempts. Please try again later.',
+    }),
+    onExceeded: (request) => {
+      logger.warn(
+        {
+          ip: request.ip,
+          route: routePrefix,
+        },
+        'Brute force protection triggered'
+      );
+    },
+  });
+}