stackkit 0.2.7 → 0.2.9

package/modules/auth/better-auth/files/express/modules/auth/auth.service.ts

@@ -0,0 +1,403 @@
+import status from "http-status";
+import { JwtPayload } from "jsonwebtoken";
+import { envVars } from "../../config/env";
+import { prisma } from "../../database/prisma";
+import { auth } from "../../lib/auth";
+import { AppError } from "../../shared/errors/app-error";
+import { jwtUtils } from "../../shared/utils/jwt";
+import { tokenUtils } from "../../shared/utils/token";
+import {
+    IChangePasswordPayload,
+    ILoginUserPayload,
+    IRegisterUserPayload,
+    IRequestUser,
+} from "./auth.interface";
+
+const registerUser = async (payload: IRegisterUserPayload) => {
+    const { name, email, password } = payload;
+
+    const data = await auth.api.signUpEmail({
+      body: {
+        name,
+        email,
+        password,
+      },
+    });
+
+    if (!data.user) {
+      throw new AppError(status.BAD_REQUEST, "Failed to register user");
+    }
+
+    try {
+      const accessToken = tokenUtils.getAccessToken({
+        userId: data.user.id,
+        role: data.user.role,
+        name: data.user.name,
+        email: data.user.email,
+        status: data.user.status,
+        isDeleted: data.user.isDeleted,
+        emailVerified: data.user.emailVerified,
+      });
+
+      const refreshToken = tokenUtils.getRefreshToken({
+        userId: data.user.id,
+        role: data.user.role,
+        name: data.user.name,
+        email: data.user.email,
+        status: data.user.status,
+        isDeleted: data.user.isDeleted,
+        emailVerified: data.user.emailVerified,
+      });
+
+      return {
+        ...data,
+        accessToken,
+        refreshToken,
+        user: data.user,
+      };
+    } catch (error) {
+      await prisma.user.delete({
+        where: {
+          id: data.user.id,
+        },
+      });
+      throw error;
+    }
+
+}
+
+const loginUser = async (payload: ILoginUserPayload) => {
+    const { email, password } = payload;
+
+    const data = await auth.api.signInEmail({
+        body: {
+            email,
+            password,
+        }
+    })
+
+    if (data.user.status === "BLOCKED") {
+      throw new AppError(status.FORBIDDEN, "User is blocked");
+    }
+
+    if (data.user.isDeleted || data.user.status === "DELETED") {
+      throw new AppError(status.NOT_FOUND, "User is deleted");
+    }
+
+    const accessToken = tokenUtils.getAccessToken({
+        userId: data.user.id,
+        role: data.user.role,
+        name: data.user.name,
+        email: data.user.email,
+        status: data.user.status,
+        isDeleted: data.user.isDeleted,
+        emailVerified: data.user.emailVerified,
+    });
+
+    const refreshToken = tokenUtils.getRefreshToken({
+        userId: data.user.id,
+        role: data.user.role,
+        name: data.user.name,
+        email: data.user.email,
+        status: data.user.status,
+        isDeleted: data.user.isDeleted,
+        emailVerified: data.user.emailVerified,
+    });
+
+    return {
+      ...data,
+      accessToken,
+      refreshToken,
+    };
+}
+
+const getMe = async (user : IRequestUser) => {
+    const isUserExists = await prisma.user.findUnique({
+      where: {
+        id: user.id,
+      },
+      // Include other related models if needed
+    });
+
+    if (!isUserExists) {
+        throw new AppError(status.NOT_FOUND, "User not found");
+    }
+
+    return isUserExists;
+}
+
+const getNewToken = async (refreshToken : string, sessionToken : string) => {
+
+    const isSessionTokenExists = await prisma.session.findUnique({
+        where : {
+            token : sessionToken,
+        },
+        include : {
+            user : true,
+        }
+    })
+
+    if(!isSessionTokenExists){
+        throw new AppError(status.UNAUTHORIZED, "Invalid session token");
+    }
+
+    const verifiedRefreshToken = jwtUtils.verifyToken(refreshToken, envVars.REFRESH_TOKEN_SECRET)
+
+    if(!verifiedRefreshToken.success && verifiedRefreshToken.error){
+        throw new AppError(status.UNAUTHORIZED, "Invalid refresh token");
+    }
+
+    const data = verifiedRefreshToken.data as JwtPayload;
+
+    const newAccessToken = tokenUtils.getAccessToken({
+        userId: data.userId,
+        role: data.role,
+        name: data.name,
+        email: data.email,
+        status: data.status,
+        isDeleted: data.isDeleted,
+        emailVerified: data.emailVerified,
+    });
+
+    const newRefreshToken = tokenUtils.getRefreshToken({
+        userId: data.userId,
+        role: data.role,
+        name: data.name,
+        email: data.email,
+        status: data.status,
+        isDeleted: data.isDeleted,
+        emailVerified: data.emailVerified,
+    });
+
+    const {token} = await prisma.session.update({
+        where : {
+            token : sessionToken
+        },
+        data : {
+            token : sessionToken,
+            expiresAt: new Date(Date.now() + 60 * 60 * 60 * 24 * 1000),
+            updatedAt: new Date(),
+        }
+    })
+
+    return {
+        accessToken : newAccessToken,
+        refreshToken : newRefreshToken,
+        sessionToken : token,
+    }
+
+}
+
+const changePassword = async (payload : IChangePasswordPayload, sessionToken : string) =>{
+    const session = await auth.api.getSession({
+        headers : new Headers({
+            Authorization : `Bearer ${sessionToken}`
+        })
+    })
+
+    if(!session){
+        throw new AppError(status.UNAUTHORIZED, "Invalid session token");
+    }
+
+    const {currentPassword, newPassword} = payload;
+
+    const result = await auth.api.changePassword({
+        body :{
+            currentPassword,
+            newPassword,
+            revokeOtherSessions: true,
+        },
+        headers : new Headers({
+            Authorization : `Bearer ${sessionToken}`
+        })
+    })
+
+    if(session.user.needPasswordChange){
+        await prisma.user.update({
+            where: {
+                id: session.user.id,
+            },
+            data: {
+                needPasswordChange: false,
+            }
+        })
+    }
+
+    const accessToken = tokenUtils.getAccessToken({
+        userId: session.user.id,
+        role: session.user.role,
+        name: session.user.name,
+        email: session.user.email,
+        status: session.user.status,
+        isDeleted: session.user.isDeleted,
+        emailVerified: session.user.emailVerified,
+    });
+
+    const refreshToken = tokenUtils.getRefreshToken({
+        userId: session.user.id,
+        role: session.user.role,
+        name: session.user.name,
+        email: session.user.email,
+        status: session.user.status,
+        isDeleted: session.user.isDeleted,
+        emailVerified: session.user.emailVerified,
+    });
+    
+
+    return {
+        ...result,
+        accessToken,
+        refreshToken,
+    }
+}
+
+const logoutUser = async (sessionToken : string) => {
+    const result = await auth.api.signOut({
+        headers : new Headers({
+            Authorization : `Bearer ${sessionToken}`
+        })
+    })
+
+    return result;
+}
+
+const verifyEmail = async (email : string, otp : string) => {
+
+    const result = await auth.api.verifyEmailOTP({
+        body:{
+            email,
+            otp,
+        }
+    })
+
+    if(result.status && !result.user.emailVerified){
+        await prisma.user.update({
+            where : {
+                email,
+            },
+            data : {
+                emailVerified: true,
+            }
+        })
+    }
+}
+
+const forgetPassword = async (email : string) => {
+    const isUserExist = await prisma.user.findUnique({
+        where : {
+            email,
+        }
+    })
+
+    if(!isUserExist){
+        throw new AppError(status.NOT_FOUND, "User not found");
+    }
+
+    if(!isUserExist.emailVerified){
+        throw new AppError(status.BAD_REQUEST, "Email not verified");
+    }
+
+    if (isUserExist.isDeleted || isUserExist.status === "DELETED") {
+      throw new AppError(status.NOT_FOUND, "User not found");
+    }
+
+    await auth.api.requestPasswordResetEmailOTP({
+        body:{
+            email,
+        }
+    })
+}
+
+const resetPassword = async (email : string, otp : string, newPassword : string) => {
+    const isUserExist = await prisma.user.findUnique({
+        where: {
+            email,
+        }
+    })
+
+    if (!isUserExist) {
+        throw new AppError(status.NOT_FOUND, "User not found");
+    }
+
+    if (!isUserExist.emailVerified) {
+        throw new AppError(status.BAD_REQUEST, "Email not verified");
+    }
+
+    if (isUserExist.isDeleted || isUserExist.status === "DELETED") {
+      throw new AppError(status.NOT_FOUND, "User not found");
+    }
+
+    await auth.api.resetPasswordEmailOTP({
+        body:{
+            email,
+            otp,
+            password : newPassword,
+        }
+    })
+
+    if (isUserExist.needPasswordChange) {
+        await prisma.user.update({
+            where: {
+                id: isUserExist.id,
+            },
+            data: {
+                needPasswordChange: false,
+            }
+        })
+    }
+
+    await prisma.session.deleteMany({
+        where:{
+            userId : isUserExist.id,
+        }
+    })
+}
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const googleLoginSuccess = async (session : Record<string, any>) =>{
+    const isCustomerExists = await prisma.user.findUnique({
+      where: {
+        id: session.user.id,
+      },
+    });
+
+    if (!isCustomerExists) {
+      await prisma.user.create({
+        data: {
+          id: session.user.id,
+          name: session.user.name,
+          email: session.user.email,
+        },
+      });
+    }
+
+    const accessToken = tokenUtils.getAccessToken({
+        userId: session.user.id,
+        role: session.user.role,
+        name: session.user.name,
+    });
+
+    const refreshToken = tokenUtils.getRefreshToken({
+        userId: session.user.id,
+        role: session.user.role,
+        name: session.user.name,
+    });
+
+    return {
+        accessToken,
+        refreshToken,
+    }
+}
+
+export const authService = {
+    registerUser: registerUser,
+    loginUser,
+    getMe,
+    getNewToken,
+    changePassword,
+    logoutUser,
+    verifyEmail,
+    forgetPassword,
+    resetPassword,
+    googleLoginSuccess,
+};

package/modules/auth/better-auth/files/express/templates/google-redirect.ejs

@@ -0,0 +1,91 @@
+<!doctype html>
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <title>
+        <%= appName || "Your App" %> - Continue with Google
+    </title>
+</head>
+
+<body style="margin:0; padding:0; background-color:#f3f4f6;">
+    <div style="display:none; max-height:0; overflow:hidden; opacity:0; color:transparent;">
+        Continue your Google sign-in securely.
+    </div>
+<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"
+    style="background-color:#f3f4f6; padding:24px 12px;">
+    <tr>
+        <td align="center">
+            <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"
+                style="max-width:600px; background:#ffffff; border:1px solid #e5e7eb; border-radius:12px; overflow:hidden;">
+                <tr>
+                    <td style="padding:28px 24px 16px 24px; font-family:Arial, Helvetica, sans-serif; color:#111827;">
+                        <h1 style="margin:0; font-size:22px; line-height:30px; font-weight:700;">Continue with
+                            Google</h1>
+                        <p style="margin:14px 0 0; font-size:15px; line-height:24px; color:#374151;">
+                            Hi <%= userName || "there" %>,
+                        </p>
+                        <p style="margin:10px 0 0; font-size:15px; line-height:24px; color:#374151;">
+                            We received a request to continue authentication with Google for your <strong>
+                                <%= appName || "account" %>
+                            </strong>.
+                        </p>
+                    </td>
+                </tr>
+
+                <tr>
+                    <td style="padding:0 24px 24px 24px; font-family:Arial, Helvetica, sans-serif;">
+                        <table role="presentation" cellspacing="0" cellpadding="0" border="0">
+                            <tr>
+                                <td align="center" bgcolor="#111827" style="border-radius:8px;">
+                                    <a href="<%= redirectUrl %>" target="_blank"
+                                        style="display:inline-block; padding:12px 22px; font-size:15px; line-height:20px; font-weight:600; color:#ffffff; text-decoration:none;">
+                                        Continue Sign-in
+                                    </a>
+                                </td>
+                            </tr>
+                        </table>
+
+                        <p
+                            style="margin:14px 0 0; font-size:13px; line-height:20px; color:#6b7280; word-break:break-word;">
+                            Button not working? Copy and paste this URL into your browser:<br />
+                            <a href="<%= redirectUrl %>" target="_blank"
+                                style="color:#2563eb; text-decoration:underline;">
+                                <%= redirectUrl %>
+                            </a>
+                        </p>
+                    </td>
+                </tr>
+
+                    <tr>
+                        <td style="padding:0 24px 24px 24px; font-family:Arial, Helvetica, sans-serif; color:#4b5563;">
+                            <p style="margin:0; font-size:14px; line-height:22px;">
+                                If you didn’t request this, you can safely ignore this email. No changes will be made
+                                unless you continue.
+                            </p>
+                        </td>
+                    </tr>
+
+                    <tr>
+                        <td
+                            style="padding:16px 24px 24px 24px; border-top:1px solid #e5e7eb; font-family:Arial, Helvetica, sans-serif; color:#6b7280;">
+                            <p style="margin:0; font-size:12px; line-height:18px;">
+                                Need help? Contact us at
+                                <a href="mailto:<%= supportEmail || " support@example.com" %>" style="color:#2563eb;
+                                    text-decoration:underline;"><%= supportEmail || "support@example.com" %></a>.
+                            </p>
+                            <p style="margin:6px 0 0; font-size:12px; line-height:18px;">
+                                © <%= year || new Date().getFullYear() %>
+                                    <%= appName || "Your App" %>. All rights reserved.
+                            </p>
+                        </td>
+                        </tr>
+                        </table>
+                        </td>
+                        </tr>
+                        </table>
+                        </body>
+
+</html>

package/modules/auth/better-auth/files/express/templates/otp.ejs

@@ -0,0 +1,87 @@
+<!doctype html>
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <title>
+        <%= appName || "Your App" %> - Your OTP Code
+    </title>
+</head>
+
+<body style="margin:0; padding:0; background-color:#f3f4f6;">
+    <div style="display:none; max-height:0; overflow:hidden; opacity:0; color:transparent;">
+        Your one-time verification code is ready.
+    </div>
+
+    <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"
+        style="background-color:#f3f4f6; padding:24px 12px;">
+        <tr>
+            <td align="center">
+                <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"
+                    style="max-width:600px; background:#ffffff; border:1px solid #e5e7eb; border-radius:12px; overflow:hidden;">
+                    <tr>
+                        <td
+                            style="padding:28px 24px 16px 24px; font-family:Arial, Helvetica, sans-serif; color:#111827;">
+                            <h1 style="margin:0; font-size:22px; line-height:30px; font-weight:700;">Verification Code
+                            </h1>
+                            <p style="margin:14px 0 0; font-size:15px; line-height:24px; color:#374151;">
+                                Hi <%= userName || "there" %>,
+                            </p>
+                            <p style="margin:10px 0 0; font-size:15px; line-height:24px; color:#374151;">
+                                Use the one-time password (OTP) below to verify your identity for <strong>
+                                    <%= appName || "your account" %>
+                                </strong>.
+                            </p>
+                        </td>
+                    </tr>
+
+                    <tr>
+                        <td align="center"
+                            style="padding:8px 24px 20px 24px; font-family:Arial, Helvetica, sans-serif;">
+                            <div
+                                style="display:inline-block; padding:12px 20px; border-radius:10px; border:1px solid #d1d5db; background:#f9fafb; letter-spacing:7px; font-size:28px; line-height:34px; font-weight:700; color:#111827;">
+                                <%= otp %>
+                            </div>
+                        </td>
+                    </tr>
+
+                    <tr>
+                        <td style="padding:0 24px 22px 24px; font-family:Arial, Helvetica, sans-serif; color:#4b5563;">
+                            <p style="margin:0; font-size:14px; line-height:22px;">
+                                This code will expire in <strong>
+                                    <%= expiresInMinutes || 2 %> minutes
+                                </strong>.
+                            </p>
+                            <p style="margin:10px 0 0; font-size:14px; line-height:22px;">
+                                If you didn’t request this code, please ignore this email and consider changing your
+                                password.
+                            </p>
+                        </td>
+                    </tr>
+
+                    <tr>
+                        <td
+                            style="padding:16px 24px 24px 24px; border-top:1px solid #e5e7eb; font-family:Arial, Helvetica, sans-serif; color:#6b7280;">
+                            <p style="margin:0; font-size:12px; line-height:18px;">
+                                For security, never share this OTP with anyone.
+                            </p>
+                            <p style="margin:6px 0 0; font-size:12px; line-height:18px;">
+                                Need help? Contact
+                                <a href="mailto:<%= supportEmail || " support@example.com" %>" style="color:#2563eb;
+                                    text-decoration:underline;"><%= supportEmail || "support@example.com" %></a>.
+                            </p>
+                            <p style="margin:6px 0 0; font-size:12px; line-height:18px;">
+                                © <%= year || new Date().getFullYear() %>
+                                    <%= appName || "Your App" %>. All rights reserved.
+                            </p>
+                        </td>
+                    </tr>
+                </table>
+            </td>
+        </tr>
+    </table>
+</body>
+
+</html>

package/modules/auth/better-auth/files/express/types/express.d.ts

@@ -1,16 +1,14 @@
 declare global {
     namespace Express {
         interface Request {
-            user?: {
-                id: string;
-                email: string;
-                name: string;
-                role: string;
-                emailVerified: boolean;
-            }
+          user: {
+            id: string;
+            name: string;
+            email: string;
+            role: string;
+          };
         }
     }
 }
 
 export { };
-

package/modules/auth/better-auth/files/express/utils/cookie.ts

@@ -0,0 +1,19 @@
+import { CookieOptions, Request, Response } from "express";
+
+const setCookie = (res: Response, key: string, value: string, options: CookieOptions) => {
+    res.cookie(key, value, options);
+}
+
+const getCookie = (req: Request, key: string) => {
+    return req.cookies[key];
+}
+
+const clearCookie = (res: Response, key: string, options: CookieOptions) => {
+    res.clearCookie(key, options);
+}
+
+export const cookieUtils = {
+    setCookie,
+    getCookie,
+    clearCookie,
+}

package/modules/auth/better-auth/files/express/utils/jwt.ts

@@ -0,0 +1,34 @@
+import jwt, { JwtPayload, SignOptions } from "jsonwebtoken";
+
+const createToken = (payload: JwtPayload, secret: string, { expiresIn }: SignOptions) => {
+    const token = jwt.sign(payload, secret, { expiresIn });
+    return token;
+}
+
+const verifyToken = (token: string, secret: string) => {
+    try {
+        const decoded = jwt.verify(token, secret) as JwtPayload;
+        return {
+            success: true,
+            data: decoded
+        }
+    } catch (error: unknown) {
+        const message = error instanceof Error ? error.message : "Unknown error";
+        return {
+            success: false,
+            message,
+            error
+        }
+    }
+}
+
+const decodeToken = (token: string) => {
+    const decoded = jwt.decode(token) as JwtPayload;
+    return decoded;
+}
+
+export const jwtUtils = {
+    createToken,
+    verifyToken,
+    decodeToken,
+}