startx 0.0.1 → 0.1.0

package/packages/@repo/lib/src/otp-module/index.ts

@@ -0,0 +1,91 @@
+import { ENV } from "@repo/env";
+import { logger } from "@repo/logger";
+import { AdminEmailTemplate } from "@repo/mail";
+import { RedisStore } from "@repo/redis";
+
+import { HashingModule } from "../hashing-module/index.js";
+import { SMTPMailService } from "../mail-module/nodemailer.js";
+import { Random } from "../utils.js";
+
+const redisOtpStore = new RedisStore<{
+	email: string;
+	otp: string;
+	status: "pending" | "verified";
+}>({
+	namespace: "otp",
+});
+export class OTPModule {
+	private static otpExpirationMs = 5 * 60 * 1000;
+
+	static async sendMailOTP({ email }: { email: string }): Promise<void> {
+		const normalizedEmail = email.trim().toLowerCase();
+
+		// Generate OTP as a 4-digit string (preserve leading zeros)
+		const otpStr = String(Random.generateNumber(4)).padStart(4, "0");
+		const hash = await HashingModule.hash(otpStr);
+
+		try {
+			await redisOtpStore.set(
+				normalizedEmail,
+				{ email: normalizedEmail, otp: hash, status: "pending" },
+				this.otpExpirationMs
+			);
+		} catch (err) {
+			logger?.error("otp: redis write failed", { email: normalizedEmail, err });
+			throw err;
+		}
+
+		// Do not leak OTP in non-test environments
+		if (["test", "development"].includes(ENV.NODE_ENV)) {
+			// optionally: mock mail send for tests
+			logger?.info("otp: test-mode - OTP generated", { email: normalizedEmail, otp: otpStr });
+			return;
+		}
+		const html = await AdminEmailTemplate.getOtpEmail({ otp: otpStr });
+		await SMTPMailService.sendMail(
+			normalizedEmail,
+			`OTP for ${normalizedEmail}`,
+			`Your OTP is ${otpStr}`,
+			html
+		);
+	}
+
+	static async verifyMailOTP(email: string, otp: string, deleteOtp = false): Promise<boolean> {
+		const normalizedEmail = email.trim().toLowerCase();
+
+		// shortcut for test/dev environments — be careful with this in real dev
+		// if (["test"].includes(ENV.NODE_ENV)) return true;
+
+		const rows = await redisOtpStore.get(normalizedEmail);
+		if (!rows?.otp) return false;
+
+		const firstOtp = rows.otp;
+
+		const verified = await HashingModule.compare(otp, firstOtp);
+		if (!verified) return false;
+
+		if (deleteOtp) {
+			await redisOtpStore.del(normalizedEmail);
+		} else {
+			await redisOtpStore.set(
+				normalizedEmail,
+				{ ...rows, status: "verified" },
+				this.otpExpirationMs
+			);
+		}
+		return true;
+	}
+
+	static async checkOTPStatus(email: string): Promise<boolean> {
+		const normalizedEmail = email.trim().toLowerCase();
+		const rows = await redisOtpStore.get(normalizedEmail);
+		if (!rows?.otp) return false;
+		return rows.status === "verified";
+	}
+
+	static async deleteOTP(email: string): Promise<boolean> {
+		const normalizedEmail = email.trim().toLowerCase();
+		await redisOtpStore.del(normalizedEmail);
+		return true;
+	}
+}

package/packages/@repo/lib/src/session-module/index.ts

@@ -0,0 +1,113 @@
+import { RedisStore } from "@repo/redis";
+
+import { TokenModule } from "../extra/token-module.js";
+export const constants = {
+	sessionDuration: 60 * 60 * 6,
+};
+
+const accessTokenKey = (key: string) => `access_token:${key}`;
+const refreshTokenKey = (key: string) => `refresh_token:${key}`;
+const userTokensKey = (userId: string) => `session:${userId}`;
+export type SessionUser = {
+	id: string;
+	email: string;
+	fullName: string;
+	countries: string[];
+	department: string;
+	currentScenario?: string;
+	accessToken: string;
+};
+
+const userRedisStore = new RedisStore<SessionUser>({
+	namespace: "user-session",
+});
+
+const userRedisTokenStore = new RedisStore<{ accessToken: string; refreshToken: string }>({
+	namespace: "user-tokens",
+});
+
+export class UserSession {
+	static async getSessionUser(token: string) {
+		return await userRedisStore.get(accessTokenKey(token));
+	}
+
+	static async startSession(payload: Omit<SessionUser, "accessToken">) {
+		await UserSession.endSession(payload.id);
+
+		const accessToken = TokenModule.signAccessToken({
+			userID: payload.id,
+			email: payload.email,
+		});
+
+		const refreshToken = TokenModule.signRefreshToken({
+			userID: payload.id,
+			email: payload.email,
+		});
+
+		const sessionData: SessionUser = { ...payload, accessToken };
+
+		// store access token -> user
+		await userRedisStore.set(accessTokenKey(accessToken), sessionData, constants.sessionDuration);
+
+		// store user -> session (optional but useful)
+		await userRedisStore.set(payload.id, sessionData, constants.sessionDuration);
+
+		// store refresh token -> userId
+		await userRedisTokenStore.set(
+			refreshTokenKey(refreshToken),
+			{ accessToken, refreshToken },
+			constants.sessionDuration
+		);
+
+		// store user -> tokens
+		await userRedisTokenStore.set(
+			userTokensKey(payload.id),
+			{ accessToken, refreshToken },
+			constants.sessionDuration
+		);
+
+		return { accessToken, refreshToken };
+	}
+
+	static async checkRefreshToken(refreshToken: string) {
+		const tokens = await userRedisTokenStore.get(refreshTokenKey(refreshToken));
+		return tokens ?? null;
+	}
+
+	static async updateAccessToken(payload: Omit<SessionUser, "accessToken">) {
+		const tokens = await this.getTokens(payload.id);
+		if (!tokens) return null;
+
+		const accessToken = tokens.accessToken;
+
+		await userRedisStore.set(
+			accessTokenKey(accessToken),
+			{ ...payload, accessToken },
+			constants.sessionDuration
+		);
+
+		return accessToken;
+	}
+
+	static async getTokens(userId: string) {
+		return await userRedisTokenStore.get(userTokensKey(userId));
+	}
+
+	static async logout(accessToken: string) {
+		const session = await userRedisStore.get(accessTokenKey(accessToken));
+		if (!session) return null;
+
+		await this.endSession(session.id);
+		return null;
+	}
+
+	static async endSession(userId: string) {
+		const tokens = await this.getTokens(userId);
+		if (!tokens) return;
+
+		await userRedisTokenStore.del(refreshTokenKey(tokens.refreshToken));
+		await userRedisStore.del(accessTokenKey(tokens.accessToken));
+		await userRedisTokenStore.del(userTokensKey(userId));
+		await userRedisStore.del(userId);
+	}
+}

package/packages/@repo/lib/src/utils.ts

@@ -1,42 +1,43 @@
-import crypto from "crypto";
-import path from "path";
-
-export function __dirname() {
-	if (!process.env.NODE_ENV || process.env.NODE_ENV === "development") {
-		return path.resolve(process.cwd(), "../../");
-	}
-	return process.cwd();
-}
-
-/**
- * @description Utility class for generating random strings and numbers
- */
-export class Random {
-	/**
-	 * @description Generate a random UUID
-	 */
-	static generateUUID() {
-		return crypto.randomUUID();
-	}
-
-	/**
-	 * @description Generate a random string
-	 * @param length
-	 * @param encoding (default: 'hex')
-	 */
-	static generateString(length: number, encoding: BufferEncoding = "hex") {
-		return crypto.randomBytes(length).toString(encoding);
-	}
-
-	/**
-	 * @description Generate a random number
-	 * @param digits (default: 6)
-	 */
-	static generateNumber(digits: number = 6) {
-		return crypto.randomInt(10 ** (digits - 1), 10 ** digits);
-	}
-
-	static generateBoolean() {
-		return crypto.randomInt(0, 2) === 1;
-	}
-}
+import { ENV } from "@repo/env";
+import crypto from "crypto";
+import path from "path";
+
+export function __dirname() {
+	if (ENV.NODE_ENV === "development") {
+		return path.resolve(process.cwd(), "../../");
+	}
+	return process.cwd();
+}
+
+/**
+ * @description Utility class for generating random strings and numbers
+ */
+export class Random {
+	/**
+	 * @description Generate a random UUID
+	 */
+	static generateUUID() {
+		return crypto.randomUUID();
+	}
+
+	/**
+	 * @description Generate a random string
+	 * @param length
+	 * @param encoding (default: 'hex')
+	 */
+	static generateString(length: number, encoding: BufferEncoding = "hex") {
+		return crypto.randomBytes(length).toString(encoding);
+	}
+
+	/**
+	 * @description Generate a random number
+	 * @param digits (default: 6)
+	 */
+	static generateNumber(digits: number = 6) {
+		return crypto.randomInt(10 ** (digits - 1), 10 ** digits);
+	}
+
+	static generateBoolean() {
+		return crypto.randomInt(0, 2) === 1;
+	}
+}

package/packages/@repo/lib/src/validation-module/index.ts

@@ -0,0 +1,242 @@
+import vine from "@vinejs/vine";
+import type { Infer, SchemaTypes } from "@vinejs/vine/types";
+import type { NextFunction, Request, Response } from "express";
+
+import { ErrorResponse } from "../error-handlers-module/index.js";
+import { logger } from "@repo/logger";
+
+type ExpressHandler<P = unknown, ResBody = unknown, ReqBody = unknown, Query = unknown> = (
+	req: Request<P, ResBody, ReqBody, Query>,
+	res: Response,
+	next: NextFunction
+) => unknown;
+export async function validateBody<T extends SchemaTypes>(
+	schema: T,
+	payload: unknown
+): Promise<{ data?: Infer<T>; error: string[] }> {
+	try {
+		const validator = vine.compile(schema);
+		const data = await validator.validate(payload);
+
+		return { data, error: [] };
+	} catch (err: unknown) {
+		if (err && typeof err === "object" && "messages" in err) {
+			const messages = (err as { messages: Array<{ message: string }> }).messages;
+			return {
+				error: messages.map(e => e.message),
+			};
+		}
+
+		return { error: ["Validation failed"] };
+	}
+}
+export function bodyValidator<T extends SchemaTypes>(schema: T) {
+	return function <F extends ExpressHandler<unknown, unknown, Infer<T>, unknown>>(
+		_target: unknown,
+		_propertyKey: string,
+		descriptor: TypedPropertyDescriptor<F>
+	) {
+		const originalMethod = descriptor.value!;
+
+		descriptor.value = async function (
+			this: unknown,
+			req: Request<unknown, unknown, Infer<T>>,
+			res: Response,
+			next: NextFunction
+		) {
+			const { error, data } = await validateBody(schema, req.body);
+
+			logger.info(`Body: ${JSON.stringify(req.body, null, 2)}`, {
+				logType: "requestBody",
+			});
+
+			if (!data || error.length) {
+				logger.error(error.join("\n"), { logType: "validationErrors" });
+				return res.status(422).json({ message: error.join("\n") });
+			}
+
+			req.body = data;
+
+			return originalMethod.call(this, req, res, next);
+		} as F;
+
+		return descriptor;
+	};
+}
+export function paramsValidator<T extends SchemaTypes>(schema: T) {
+	return function <F extends ExpressHandler<Infer<T>, unknown, unknown, unknown>>(
+		_target: unknown,
+		_propertyKey: string,
+		descriptor: TypedPropertyDescriptor<F>
+	) {
+		const originalMethod = descriptor.value!;
+
+		descriptor.value = async function (
+			this: unknown,
+			req: Request<Infer<T>>,
+			res: Response,
+			next: NextFunction
+		) {
+			const { error, data } = await validateBody(schema, req.params);
+
+			if (!data || error.length) {
+				logger.error(error.join("\n"), { logType: "validationErrors" });
+				return res.status(422).json({ message: error.join("\n") });
+			}
+
+			req.params = data;
+
+			return originalMethod.call(this, req, res, next);
+		} as F;
+
+		return descriptor;
+	};
+}
+
+export function queryValidator<T extends SchemaTypes>(schema: T) {
+	return function <F extends ExpressHandler<unknown, unknown, unknown, Infer<T>>>(
+		_target: unknown,
+		_propertyKey: string,
+		descriptor: TypedPropertyDescriptor<F>
+	) {
+		const originalMethod = descriptor.value!;
+
+		descriptor.value = async function (
+			this: unknown,
+			req: Request<unknown, unknown, unknown, Infer<T>>,
+			res: Response,
+			next: NextFunction
+		) {
+			const { error, data } = await validateBody(schema, req.query);
+
+			if (!data || error.length) {
+				logger.error(error.join("\n"), { logType: "validationErrors" });
+				return res.status(422).json({ message: error.join("\n") });
+			}
+
+			req.query = data;
+
+			return originalMethod.call(this, req, res, next);
+		} as F;
+
+		return descriptor;
+	};
+}
+// export function authValidator({ optional = false }: { optional?: boolean } | undefined = {}) {
+// 	return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {
+// 		const originalMethod = descriptor.value;
+// 		descriptor.value = async function (req: Request, res: Response, next: NextFunction) {
+// 			try {
+// 				const accessToken = req.headers["authorization"]?.split(" ")[1];
+// 				if (optional && (!accessToken || !TokenModule.verifyAccessToken(accessToken))) {
+// 					return originalMethod.apply(this, [req, res, next]);
+// 				}
+// 				if (!accessToken) {
+// 					res.status(401).json({ message: "access token missing" });
+// 					return;
+// 				}
+// 				const payload = TokenModule.verifyAccessToken(accessToken);
+
+// 				if (!payload) {
+// 					res.status(401).json({ message: "invalid access token" });
+// 					return;
+// 				}
+// 				req.user = {
+// 					id: payload.userID,
+// 					email: payload.email
+// 				};
+// 				return originalMethod.apply(this, [req, res, next]);
+// 			} catch (error) {
+// 				next(error);
+// 			}
+// 		};
+// 	};
+// }
+
+export function mediaBodyValidator<T extends SchemaTypes>(schema: T, optional = false) {
+	return function <F extends ExpressHandler<unknown, unknown, Infer<T>, unknown>>(
+		_target: unknown,
+		_propertyKey: string,
+		descriptor: TypedPropertyDescriptor<F>
+	) {
+		const originalMethod = descriptor.value!;
+
+		descriptor.value = async function (
+			this: unknown,
+			req: Request<unknown, unknown, Infer<T>>,
+			res: Response,
+			next: NextFunction
+		) {
+			const files = req.files;
+
+			if (!files && !optional) {
+				logger.error("Add at least one file", { logType: "validationErrors" });
+				return res.status(422).json({ message: "Add at least one file" });
+			}
+
+			const isJSON = (str: unknown): unknown => {
+				if (typeof str !== "string") return str;
+
+				try {
+					return JSON.parse(str);
+				} catch {
+					return str;
+				}
+			};
+
+			const parsedData = Object.fromEntries(
+				Object.entries(req.body).map(([k, v]) => [k, isJSON(v)])
+			);
+
+			const { error, data } = await validateBody(schema, parsedData);
+
+			if (!data || error.length) {
+				logger.error(error.join("\n"), { logType: "validationErrors" });
+				return res.status(422).json({ message: error.join("\n") });
+			}
+
+			req.body = data;
+			req.files = files;
+
+			return originalMethod.call(this, req, res, next);
+		} as F;
+
+		return descriptor;
+	};
+}
+export const validateId = vine.object({
+	id: vine.string().uuid(),
+});
+
+export const paginationValidator = vine.object({
+	page: vine
+		.number()
+		.positive()
+		.parse(e => (!e ? 1 : e))
+		.optional(),
+	limit: vine
+		.number()
+		.positive()
+		.parse(e => (!e ? 10 : e))
+		.optional(),
+	query: vine
+		.string()
+		.parse(e => (!e ? "" : e))
+		.optional(),
+});
+export async function validate<T extends SchemaTypes>(
+	schema: T,
+	payload: Infer<T>
+): Promise<Infer<T>> {
+	const result = await validateBody(schema, payload);
+
+	if (result.error.length) {
+		throw new ErrorResponse(result.error.join("\n"), 422);
+	}
+
+	if (result.data === undefined) {
+		throw new ErrorResponse("Validation failed", 422);
+	}
+
+	return result.data;
+}

package/packages/@repo/logger/eslint.config.ts

@@ -0,0 +1,4 @@
+import { baseConfig } from "eslint-config/base";
+import { extend } from "eslint-config/extend";
+
+export default extend(baseConfig);

package/packages/@repo/logger/package.json

@@ -0,0 +1,40 @@
+{
+	"name": "@repo/logger",
+	"version": "0.0.0",
+	"type": "module",
+	"private": true,
+	"scripts": {
+		"clean": "rimraf dist .turbo",
+		"watch:dev": "pnpm watch",
+		"typecheck": "tsc --noEmit",
+		"format": "biome format --write .",
+		"format:check": "biome ci .",
+		"lint": "eslint .",
+		"lint:fix": "eslint . --fix",
+		"watch": "tsc -p tsconfig.build.json --watch"
+	},
+	"exports": "./src/index.ts",
+	"types": "./src/index.ts",
+
+	"devDependencies": {
+		"eslint-config": "workspace:*",
+		"typescript-config": "workspace:*",
+		"vitest-config": "workspace:*"
+	},
+	"dependencies": {
+		"winston": "catalog:",
+		"dotenv": "catalog:",
+		"@repo/env": "workspace:*"
+	},
+	"startx": {
+		"tags": [
+			"node"
+		],
+		"requiredDeps": [
+			"@repo/env"
+		],
+		"requiredDevDeps": [
+			"typescript-config"
+		]
+	}
+}

package/packages/@repo/logger/src/index.ts

@@ -0,0 +1,2 @@
+export * from "./logger.js";
+export * from "./memory-profiler.js";

package/packages/@repo/logger/src/logger.ts

@@ -0,0 +1,72 @@
+import { ENV } from "@repo/env";
+import path from "path";
+import util from "util";
+import { createLogger, format, transports, addColors, type Logform } from "winston";
+const customColors = {
+	error: "red",
+	warn: "yellow",
+	info: "green",
+	http: "magenta",
+	debug: "blue",
+};
+const upperCaseLevel = format(info => {
+	info.level = info.level.toUpperCase();
+	return info;
+});
+
+addColors(customColors);
+
+const LOG_DIR = path.join(process.cwd(), "logs");
+
+const customPrintFormat = format.printf((info: Logform.TransformableInfo) => {
+	const { level, message, timestamp, stack, ...metadata } = info;
+
+	const levelStr = String(level);
+	let messageStr = String(stack || message);
+
+	if (Object.keys(metadata).length > 0) {
+		const metaString = util.inspect(metadata, { depth: null, colors: false });
+		messageStr += `\nExtra Details:\n${metaString}`;
+	}
+
+	const dateStr = timestamp
+		? new Date(String(timestamp as Date)).toLocaleString("tr-TR", {
+				year: "numeric",
+				month: "2-digit",
+				day: "2-digit",
+				hour: "2-digit",
+				minute: "2-digit",
+			})
+		: new Date().toISOString();
+
+	return `${dateStr} :${levelStr}: ${messageStr}`;
+});
+
+interface LoggerInput {
+	logName: string;
+}
+
+const createWLogger = ({ logName }: LoggerInput) => {
+	return createLogger({
+		level: ENV.LOG_LEVEL,
+		format: format.combine(format.timestamp(), format.errors({ stack: true })),
+		transports: [
+			new transports.Console({
+				format: format.combine(upperCaseLevel(), format.colorize({ all: true }), customPrintFormat),
+			}),
+			new transports.File({
+				level: "error",
+				filename: path.join(LOG_DIR, logName, `${logName}-Error.log`),
+				format: customPrintFormat,
+			}),
+			new transports.File({
+				filename: path.join(LOG_DIR, logName, `${logName}-Combined.log`),
+				format: customPrintFormat,
+			}),
+		],
+	});
+};
+
+export const logger = createWLogger({
+	logName: "globalLog",
+});