yantr-js 0.1.0-beta.2

package/registry/templates/auth/auth.service.ts

@@ -0,0 +1,140 @@
+import bcrypt from 'bcryptjs';
+import { 
+  generateAccessToken, 
+  generateRefreshToken, 
+  verifyToken,
+  type TokenPayload 
+} from './auth.middleware';
+
+// Types
+export interface RegisterInput {
+  email: string;
+  password: string;
+  name?: string;
+}
+
+export interface LoginInput {
+  email: string;
+  password: string;
+}
+
+export interface AuthTokens {
+  accessToken: string;
+  refreshToken: string;
+}
+
+export interface UserData {
+  id: string;
+  email: string;
+  name?: string;
+  role?: string;
+}
+
+// Constants
+const SALT_ROUNDS = 12;
+
+/**
+ * Hash a password
+ */
+export async function hashPassword(password: string): Promise<string> {
+  return bcrypt.hash(password, SALT_ROUNDS);
+}
+
+/**
+ * Compare password with hash
+ */
+export async function comparePassword(
+  password: string,
+  hash: string
+): Promise<boolean> {
+  return bcrypt.compare(password, hash);
+}
+
+/**
+ * Generate auth tokens for a user
+ */
+export function generateAuthTokens(user: UserData): AuthTokens {
+  const payload: TokenPayload = {
+    userId: user.id,
+    email: user.email,
+    role: user.role,
+  };
+
+  return {
+    accessToken: generateAccessToken(payload),
+    refreshToken: generateRefreshToken(payload),
+  };
+}
+
+/**
+ * Refresh access token using refresh token
+ */
+export function refreshAccessToken(refreshToken: string): AuthTokens {
+  const payload = verifyToken(refreshToken);
+  
+  return {
+    accessToken: generateAccessToken(payload),
+    refreshToken: generateRefreshToken(payload),
+  };
+}
+
+/**
+ * Example: Register a new user
+ * 
+ * NOTE: This is a template. You need to implement your own user storage logic.
+ * Replace the TODO comments with your database operations.
+ */
+export async function registerUser(input: RegisterInput): Promise<UserData> {
+  const { email, password, name } = input;
+
+  // TODO: Check if user already exists in your database
+  // const existingUser = await prisma.user.findUnique({ where: { email } });
+  // if (existingUser) throw new ConflictError('Email already registered');
+
+  // Hash password
+  const hashedPassword = await hashPassword(password);
+
+  // TODO: Create user in your database
+  // const user = await prisma.user.create({
+  //   data: { email, password: hashedPassword, name }
+  // });
+
+  // Placeholder - replace with actual user creation
+  const user: UserData = {
+    id: 'user_' + Date.now(), // Replace with actual ID
+    email,
+    name,
+  };
+
+  return user;
+}
+
+/**
+ * Example: Login user
+ * 
+ * NOTE: This is a template. Implement your own user lookup logic.
+ */
+export async function loginUser(
+  input: LoginInput
+): Promise<{ user: UserData; tokens: AuthTokens }> {
+  const { email, password } = input;
+
+  // TODO: Find user by email in your database
+  // const user = await prisma.user.findUnique({ where: { email } });
+  // if (!user) throw new UnauthorizedError('Invalid credentials');
+
+  // TODO: Verify password
+  // const isValid = await comparePassword(password, user.password);
+  // if (!isValid) throw new UnauthorizedError('Invalid credentials');
+
+  // Placeholder - replace with actual user lookup
+  const user: UserData = {
+    id: 'user_1',
+    email,
+    name: 'User',
+  };
+
+  const tokens = generateAuthTokens(user);
+
+  return { user, tokens };
+}

package/registry/templates/base/error-handler.ts

@@ -0,0 +1,127 @@
+import type { Request, Response, NextFunction } from 'express';
+
+/**
+ * Custom error class for application errors
+ */
+export class AppError extends Error {
+  public readonly statusCode: number;
+  public readonly isOperational: boolean;
+  public readonly code?: string;
+
+  constructor(
+    message: string,
+    statusCode: number = 500,
+    isOperational: boolean = true,
+    code?: string
+  ) {
+    super(message);
+    this.statusCode = statusCode;
+    this.isOperational = isOperational;
+    this.code = code;
+
+    Object.setPrototypeOf(this, AppError.prototype);
+    Error.captureStackTrace(this, this.constructor);
+  }
+}
+
+/**
+ * Common HTTP error classes
+ */
+export class NotFoundError extends AppError {
+  constructor(message: string = 'Resource not found') {
+    super(message, 404, true, 'NOT_FOUND');
+  }
+}
+
+export class BadRequestError extends AppError {
+  constructor(message: string = 'Bad request') {
+    super(message, 400, true, 'BAD_REQUEST');
+  }
+}
+
+export class UnauthorizedError extends AppError {
+  constructor(message: string = 'Unauthorized') {
+    super(message, 401, true, 'UNAUTHORIZED');
+  }
+}
+
+export class ForbiddenError extends AppError {
+  constructor(message: string = 'Forbidden') {
+    super(message, 403, true, 'FORBIDDEN');
+  }
+}
+
+export class ConflictError extends AppError {
+  constructor(message: string = 'Conflict') {
+    super(message, 409, true, 'CONFLICT');
+  }
+}
+
+export class ValidationError extends AppError {
+  public readonly errors: Record<string, string[]>;
+
+  constructor(errors: Record<string, string[]>) {
+    super('Validation failed', 422, true, 'VALIDATION_ERROR');
+    this.errors = errors;
+  }
+}
+
+/**
+ * Global error handler middleware
+ */
+export function errorHandler(
+  err: Error,
+  _req: Request,
+  res: Response,
+  _next: NextFunction
+): void {
+  // Log error for debugging
+  console.error('[Error]', err);
+
+  // Handle AppError instances
+  if (err instanceof AppError) {
+    const response: Record<string, unknown> = {
+      success: false,
+      error: {
+        message: err.message,
+        code: err.code,
+      },
+    };
+
+    // Include validation errors if present
+    if (err instanceof ValidationError) {
+      response.error = {
+        ...response.error as object,
+        details: err.errors,
+      };
+    }
+
+    res.status(err.statusCode).json(response);
+    return;
+  }
+
+  // Handle unexpected errors
+  const statusCode = 500;
+  const message = process.env.NODE_ENV === 'production'
+    ? 'Internal server error'
+    : err.message;
+
+  res.status(statusCode).json({
+    success: false,
+    error: {
+      message,
+      code: 'INTERNAL_ERROR',
+    },
+  });
+}
+
+/**
+ * Async handler wrapper to catch errors in async route handlers
+ */
+export function asyncHandler(
+  fn: (req: Request, res: Response, next: NextFunction) => Promise<void>
+) {
+  return (req: Request, res: Response, next: NextFunction) => {
+    Promise.resolve(fn(req, res, next)).catch(next);
+  };
+}

package/registry/templates/base/zod-middleware.ts

@@ -0,0 +1,104 @@
+import type { Request, Response, NextFunction } from 'express';
+import { z, ZodError, ZodSchema } from 'zod';
+import { ValidationError } from './error-handler';
+
+type RequestLocation = 'body' | 'query' | 'params';
+
+interface ValidateOptions {
+  body?: ZodSchema;
+  query?: ZodSchema;
+  params?: ZodSchema;
+}
+
+/**
+ * Format Zod errors into a readable format
+ */
+function formatZodErrors(error: ZodError): Record<string, string[]> {
+  const errors: Record<string, string[]> = {};
+
+  for (const issue of error.issues) {
+    const path = issue.path.join('.');
+    const key = path || 'root';
+
+    if (!errors[key]) {
+      errors[key] = [];
+    }
+
+    errors[key].push(issue.message);
+  }
+
+  return errors;
+}
+
+/**
+ * Validate request data against Zod schemas
+ * 
+ * @example
+ * ```typescript
+ * import { z } from 'zod';
+ * 
+ * const createUserSchema = z.object({
+ *   email: z.string().email(),
+ *   password: z.string().min(8),
+ * });
+ * 
+ * router.post('/users', validate({ body: createUserSchema }), createUser);
+ * ```
+ */
+export function validate(schemas: ValidateOptions) {
+  return async (req: Request, _res: Response, next: NextFunction) => {
+    const allErrors: Record<string, string[]> = {};
+
+    const locations: RequestLocation[] = ['body', 'query', 'params'];
+
+    for (const location of locations) {
+      const schema = schemas[location];
+
+      if (schema) {
+        const result = await schema.safeParseAsync(req[location]);
+
+        if (!result.success) {
+          const errors = formatZodErrors(result.error);
+
+          for (const [key, messages] of Object.entries(errors)) {
+            const prefixedKey = `${location}.${key}`;
+            allErrors[prefixedKey] = messages;
+          }
+        } else {
+          // Replace request data with parsed data (for type coercion)
+          req[location] = result.data;
+        }
+      }
+    }
+
+    if (Object.keys(allErrors).length > 0) {
+      return next(new ValidationError(allErrors));
+    }
+
+    next();
+  };
+}
+
+/**
+ * Validate only request body
+ */
+export function validateBody<T extends ZodSchema>(schema: T) {
+  return validate({ body: schema });
+}
+
+/**
+ * Validate only query parameters
+ */
+export function validateQuery<T extends ZodSchema>(schema: T) {
+  return validate({ query: schema });
+}
+
+/**
+ * Validate only route parameters
+ */
+export function validateParams<T extends ZodSchema>(schema: T) {
+  return validate({ params: schema });
+}
+
+// Re-export Zod for convenience
+export { z };

package/registry/templates/database/db.ts

@@ -0,0 +1,83 @@
+import { prisma, disconnectDb, checkDbConnection } from './prisma';
+
+/**
+ * Database utilities and helpers
+ */
+
+/**
+ * Transaction wrapper for database operations
+ * 
+ * @example
+ * ```typescript
+ * const result = await withTransaction(async (tx) => {
+ *   const user = await tx.user.create({ data: { email: 'test@example.com' } });
+ *   const profile = await tx.profile.create({ data: { userId: user.id } });
+ *   return { user, profile };
+ * });
+ * ```
+ */
+export async function withTransaction<T>(
+  fn: (tx: typeof prisma) => Promise<T>
+): Promise<T> {
+  return prisma.$transaction(async (tx) => {
+    return fn(tx as typeof prisma);
+  });
+}
+
+/**
+ * Pagination helper
+ */
+export interface PaginationOptions {
+  page?: number;
+  limit?: number;
+}
+
+export interface PaginatedResult<T> {
+  data: T[];
+  meta: {
+    total: number;
+    page: number;
+    limit: number;
+    totalPages: number;
+    hasNextPage: boolean;
+    hasPrevPage: boolean;
+  };
+}
+
+/**
+ * Create pagination parameters for Prisma queries
+ */
+export function getPaginationParams(options: PaginationOptions = {}) {
+  const page = Math.max(1, options.page || 1);
+  const limit = Math.min(100, Math.max(1, options.limit || 10));
+  const skip = (page - 1) * limit;
+
+  return { skip, take: limit, page, limit };
+}
+
+/**
+ * Format paginated response
+ */
+export function formatPaginatedResponse<T>(
+  data: T[],
+  total: number,
+  page: number,
+  limit: number
+): PaginatedResult<T> {
+  const totalPages = Math.ceil(total / limit);
+
+  return {
+    data,
+    meta: {
+      total,
+      page,
+      limit,
+      totalPages,
+      hasNextPage: page < totalPages,
+      hasPrevPage: page > 1,
+    },
+  };
+}
+
+// Re-export prisma utilities
+export { prisma, disconnectDb, checkDbConnection };

package/registry/templates/database/prisma.ts

@@ -0,0 +1,47 @@
+import { PrismaClient } from '@prisma/client';
+
+/**
+ * Prisma Client Singleton
+ * 
+ * This ensures only one instance of PrismaClient is created,
+ * even during hot reloading in development.
+ */
+
+const globalForPrisma = globalThis as unknown as {
+  prisma: PrismaClient | undefined;
+};
+
+export const prisma =
+  globalForPrisma.prisma ??
+  new PrismaClient({
+    log:
+      process.env.NODE_ENV === 'development'
+        ? ['query', 'error', 'warn']
+        : ['error'],
+  });
+
+if (process.env.NODE_ENV !== 'production') {
+  globalForPrisma.prisma = prisma;
+}
+
+/**
+ * Graceful shutdown handler
+ * Call this when your app is shutting down
+ */
+export async function disconnectDb(): Promise<void> {
+  await prisma.$disconnect();
+}
+
+/**
+ * Health check for database connection
+ */
+export async function checkDbConnection(): Promise<boolean> {
+  try {
+    await prisma.$queryRaw`SELECT 1`;
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export default prisma;

package/registry/templates/logger/http-logger.ts

@@ -0,0 +1,61 @@
+import pinoHttp from 'pino-http';
+import { logger } from './logger';
+
+/**
+ * HTTP request logging middleware
+ * 
+ * Logs all incoming requests with:
+ * - Method, URL, status code
+ * - Response time
+ * - Request ID for tracing
+ * 
+ * @example
+ * ```typescript
+ * import express from 'express';
+ * import { httpLogger } from './lib/setu/logger/http-logger';
+ * 
+ * const app = express();
+ * app.use(httpLogger);
+ * ```
+ */
+export const httpLogger = pinoHttp({
+  logger,
+  
+  // Generate unique request ID
+  genReqId: (req) => {
+    return req.headers['x-request-id'] as string || crypto.randomUUID();
+  },
+  
+  // Custom log level based on status code
+  customLogLevel: (_req, res, err) => {
+    if (res.statusCode >= 500 || err) return 'error';
+    if (res.statusCode >= 400) return 'warn';
+    return 'info';
+  },
+  
+  // Custom success message
+  customSuccessMessage: (req, res) => {
+    return `${req.method} ${req.url} ${res.statusCode}`;
+  },
+  
+  // Custom error message
+  customErrorMessage: (req, res, err) => {
+    return `${req.method} ${req.url} ${res.statusCode} - ${err.message}`;
+  },
+  
+  // Properties to include in logs
+  customProps: (req) => ({
+    userAgent: req.headers['user-agent'],
+    ip: req.headers['x-forwarded-for'] || req.socket.remoteAddress,
+  }),
+  
+  // Don't log these paths (health checks, etc.)
+  autoLogging: {
+    ignore: (req) => {
+      const ignorePaths = ['/health', '/ready', '/metrics'];
+      return ignorePaths.includes(req.url || '');
+    },
+  },
+});
+
+export default httpLogger;

package/registry/templates/logger/logger.ts

@@ -0,0 +1,60 @@
+import pino from 'pino';
+
+/**
+ * Logger configuration
+ * 
+ * In production, logs are JSON formatted for easy parsing.
+ * In development, logs are pretty-printed for readability.
+ */
+const isProduction = process.env.NODE_ENV === 'production';
+
+export const logger = pino({
+  level: process.env.LOG_LEVEL || (isProduction ? 'info' : 'debug'),
+  
+  // Base properties added to every log
+  base: {
+    pid: process.pid,
+    env: process.env.NODE_ENV || 'development',
+  },
+  
+  // Timestamp configuration
+  timestamp: pino.stdTimeFunctions.isoTime,
+  
+  // Pretty print in development
+  transport: isProduction
+    ? undefined
+    : {
+        target: 'pino-pretty',
+        options: {
+          colorize: true,
+          translateTime: 'SYS:standard',
+          ignore: 'pid,hostname',
+        },
+      },
+});
+
+/**
+ * Create a child logger with additional context
+ * 
+ * @example
+ * ```typescript
+ * const userLogger = createLogger({ module: 'user-service' });
+ * userLogger.info({ userId: '123' }, 'User logged in');
+ * ```
+ */
+export function createLogger(context: Record<string, unknown>) {
+  return logger.child(context);
+}
+
+/**
+ * Log levels available:
+ * - trace: Very detailed debugging information
+ * - debug: Debugging information
+ * - info: General information
+ * - warn: Warning messages
+ * - error: Error messages
+ * - fatal: Critical errors
+ */
+export type LogLevel = 'trace' | 'debug' | 'info' | 'warn' | 'error' | 'fatal';
+
+export default logger;

package/registry/templates/security/helmet.ts

@@ -0,0 +1,88 @@
+import helmet from 'helmet';
+
+/**
+ * Helmet security middleware configuration
+ * 
+ * Sets various HTTP headers to protect your app from common vulnerabilities.
+ * 
+ * @see https://helmetjs.github.io/
+ */
+export const helmetConfig = helmet({
+  // Content Security Policy
+  contentSecurityPolicy: {
+    directives: {
+      defaultSrc: ["'self'"],
+      styleSrc: ["'self'", "'unsafe-inline'"],
+      scriptSrc: ["'self'"],
+      imgSrc: ["'self'", 'data:', 'https:'],
+      connectSrc: ["'self'"],
+      fontSrc: ["'self'"],
+      objectSrc: ["'none'"],
+      mediaSrc: ["'self'"],
+      frameSrc: ["'none'"],
+    },
+  },
+  
+  // Cross-Origin Resource Policy
+  crossOriginResourcePolicy: { policy: 'same-origin' },
+  
+  // Cross-Origin Opener Policy
+  crossOriginOpenerPolicy: { policy: 'same-origin' },
+  
+  // Cross-Origin Embedder Policy
+  crossOriginEmbedderPolicy: false, // Enable if using SharedArrayBuffer
+  
+  // DNS Prefetch Control
+  dnsPrefetchControl: { allow: false },
+  
+  // Frameguard (X-Frame-Options)
+  frameguard: { action: 'deny' },
+  
+  // Hide X-Powered-By header
+  hidePoweredBy: true,
+  
+  // HTTP Strict Transport Security
+  hsts: {
+    maxAge: 31536000, // 1 year
+    includeSubDomains: true,
+    preload: true,
+  },
+  
+  // IE No Open
+  ieNoOpen: true,
+  
+  // Don't Sniff Mimetype
+  noSniff: true,
+  
+  // Origin Agent Cluster
+  originAgentCluster: true,
+  
+  // Permitted Cross-Domain Policies
+  permittedCrossDomainPolicies: { permittedPolicies: 'none' },
+  
+  // Referrer Policy
+  referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
+  
+  // X-XSS-Protection (deprecated but still useful for older browsers)
+  xssFilter: true,
+});
+
+/**
+ * Relaxed helmet config for development
+ * Disables CSP which can be annoying during development
+ */
+export const helmetDevConfig = helmet({
+  contentSecurityPolicy: false,
+  crossOriginEmbedderPolicy: false,
+});
+
+/**
+ * Get appropriate helmet config based on environment
+ */
+export function getHelmetConfig() {
+  return process.env.NODE_ENV === 'production' 
+    ? helmetConfig 
+    : helmetDevConfig;
+}
+
+export default helmetConfig;