feat: implement core modules (Auth, User), S3 integration, and CI/CD infra

* feat: add users module and standardized API error responses

* feat: core domain entity type / add service and repository

* chore: add auth module arch

* feat(shared): add ApiBaseController decorator for global swagger responses

* feat(swagger): add reusable swagger error decorators

* docs(users): describe user api endpoints in swagger

* feat(auth): scaffold auth controller with route stubs

* feat(auth): scaffold auth service with dependencies

* feat(auth): add zod-based dtos for authentication and 2fa

* refactor(swagger): rename ApiRequireAuth to ApiUnauthorized for better reuse

* docs(auth): describe auth api endpoints in swagger

* chore: feat libs per auth flow / rename endpoints

* chore: feat per auth module libs and redis

* feat(auth): intergrate with jwt module and update config module

* feat(redis):chore(infra): integrate redis and setup correct infra

* feat(auth):chore(ua-parser): integrate logic per register flow #1

* feat(auth): integrate logic per sign flow #2

* feat(mail): add mail module and Handlebars templates

* feat(user): implement user controller with facade integration

* feat(auth): integrate logic per reset password flow #3 / bug with otplib always code apply

* fix(auth): fix OTP verification bypass in AuthService

* fix(auth): correct session expiration time in signIn and verify

* fix(email): fix verification code copy formatting

* fix(infra): specify postgres user and db for healthcheck

* fix(cors): normalize origins to hostname to resolve local blocks

* fix(compose): resolve error with depends and correct output per users

* feat(s3):chore(aws): add s3 module at libs and env file

* refactor(auth): fix type inconsistencies in user models

* feat(infra): setup migrations, optimize pg pool, and add ghcr workflow

* chore(auth): add password reset and sign-up confirmation Swagger documentation

* feat(user): implement avatar upload functionality with S3 integration

* chore(auth): add password reset and sign-up confirmation Swagger documentation

---------

Co-authored-by: Maksym Berehovyi <108676512+maksberegovoi@users.noreply.github.com>
Co-authored-by: Maxim <darlinggbm@gmail.com>

Author: soorq

.env.example

@@ -1,7 +1,7 @@
 # --- APP ---
 PORT=3000
 NODE_ENV=development
-CORS_ALLOWED_ORIGINS=http://localhost:3000
+CORS_ALLOWED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000
 
 # --- POSTGRES ---
 DB_USERNAME=admin
@@ -18,6 +18,30 @@ DB_SCHEMA=base
 DATABASE_URL=postgres://${DB_USERNAME}:${DB_PASSWORD}@localhost:${DB_PORT}/${DB_DATABASE}
 
 # --- REDIS ---
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_EXTERNAL_PORT=6380
+# in the docker network will be, not show port redis, at prod env
+# REDIS_HOST=redis
+# at development mode
+REDIS_HOST=127.0.0.1
+REDIS_PORT=7000
+
+JWT_ACCESS_SECRET=same-same-same-same-same
+JWT_ACCESS_EXPIRES_IN=15m
+
+JWT_REFRESH_SECRET=same-same-same-same-same
+JWT_REFRESH_EXPIRES_IN=15m
+
+# --- MAIL SETTINGS ---
+MAIL_HOST=smtp.gmail.com
+MAIL_PORT=465
+MAIL_USER=example@gmail.com
+
+# 16x password
+MAIL_PASSWORD=xxxxxxxxyyyyyyyy
+MAIL_FROM_NAME="Task Tracker"
+MAIL_FROM_EMAIL=example@gmail.com
+
+S3_BUCKET_NAME=''
+S3_ENDPOINT=''
+S3_REGION=''
+S3_ACCESS_KEY=''
+S3_SECRET_KEY=''

.github/workflows/build.yml

@@ -2,7 +2,7 @@ name: Build and Push
 
 on:
     push:
-        branches: [dev, main]
+        branches: [dev, main, feat/**]
 
 env:
     REGISTRY: ghcr.io
@@ -13,20 +13,20 @@ jobs:
         runs-on: ubuntu-latest
         permissions:
             contents: read
-            # packages: write
+            packages: write
 
         steps:
             - uses: actions/checkout@v4
 
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3
 
-            # - name: Log in to the Container registry
-            #   uses: docker/login-action@v3
-            #   with:
-            #       registry: ${{ env.REGISTRY }}
-            #       username: ${{ github.actor }}
-            #       password: ${{ secrets.GITHUB_TOKEN }}
+            - name: Log in to the Container registry
+              uses: docker/login-action@v3
+              with:
+                  registry: ${{ env.REGISTRY }}
+                  username: ${{ github.actor }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
 
             - name: Extract metadata (tags, labels)
               id: meta
@@ -36,13 +36,14 @@ jobs:
                   tags: |
                       type=ref,event=branch
                       type=sha,format=short
+                      type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
 
             - name: Build and push Docker image
               uses: docker/build-push-action@v5
               with:
                   context: .
                   file: ./Dockerfile.prod
-                  push: false # add true, if your setup variables
+                  push: true
                   tags: ${{ steps.meta.outputs.tags }}
                   labels: ${{ steps.meta.outputs.labels }}
                   cache-from: type=gha

.github/workflows/ci.yml

@@ -1,37 +1,37 @@
 name: CI
 
 on:
-    pull_request:
-        branches: [dev, main]
-    push:
-        branches: [dev, main]
+  pull_request:
+    branches: [dev, main, "feat/**"]
+  push:
+    branches: [dev, main, "feat/**"]
 
 jobs:
-    quality-check:
-        name: Lint & Test
-        runs-on: ubuntu-latest
+  quality-check:
+    name: Lint & Test
+    runs-on: ubuntu-latest
 
-        steps:
-            - name: Checkout repository
-              uses: actions/checkout@v4
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-            - name: Install pnpm
-              uses: pnpm/action-setup@v4
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
 
-            - name: Setup Node.js
-              uses: actions/setup-node@v4
-              with:
-                  node-version: 20
-                  cache: 'pnpm'
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: "pnpm"
 
-            - name: Install dependencies
-              run: pnpm install --frozen-lockfile
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
 
-            - name: Run Lint
-              run: pnpm run lint
+      - name: Run Lint
+        run: pnpm run lint
 
-            - name: Type Check
-              run: pnpm exec tsc --noEmit
+      - name: Type Check
+        run: pnpm exec tsc --noEmit
 
-            - name: Run Tests
-              run: pnpm run test
+      - name: Run Tests
+        run: pnpm run test

Dockerfile.prod

@@ -28,7 +28,9 @@ ENV PORT=3000
 
 COPY --from=build /app/dist ./dist
 COPY --from=build /app/node_modules ./node_modules
+COPY --from=build /app/migrations ./migrations
 COPY --from=build /app/package.json ./
+COPY --from=build /app/drizzle.config.ts ./drizzle.config.ts
 
 EXPOSE 3000
 

infra/README.md

@@ -0,0 +1,7 @@
+# Command to run infra at dev mode
+
+Run it by pwd at root! Not include at this dir
+
+```sh
+docker compose -f ./infra/dev/compose.dev.yaml --env-file .env --profile infra up --build -d -V
+```

infra/compose.dev.yaml

@@ -0,0 +1,41 @@
+# Файл для фронт разрабов
+
+## Описание
+
+Данный конфиг разворачивает полный инстанс бэкенда (API + DB + Redis)
+для локальной разработки фронтенда.
+
+## ТРЕБОВАНИЯ:
+
+1. Положить актуальный файл .env в директорию с этим файлом
+   (путь: ./infra/dev/.env).
+2. Наличие Docker Desktop / Docker Engine.
+
+## ЗАПУСК:
+
+Выполните команду из корня проекта:
+
+```sh
+docker compose -f ./infra/dev/compose.dev.yaml --profile infra up --pull always --build -d -V
+```
+
+## ЧТО ВНУТРИ:
+
+- API: http://localhost:3000
+- Postgres: localhost:6000 (пароли и база берутся из .env)
+- Redis: localhost:7000
+
+## ОСОБЕННОСТИ:
+
+- Авто-миграции: Приложение само накатит SQL-схему при старте.
+- Healthchecks: Контейнер API не поднимется, пока DB и Redis
+  не станут доступны (status: healthy).
+- Изоляция: Используется выделенная сеть 'task-tracker-gateway'.
+
+## RESET:
+
+Если нужно полностью очистить базу и начать с нуля:
+
+```sh
+docker compose -f ./infra/dev/compose.dev.yaml --profile infra down -v
+```

infra/dev/README.md

@@ -0,0 +1,121 @@
+version: "3.9"
+
+name: task-tracker-api
+
+services:
+  api:
+    hostname: api
+    container_name: api
+    image: ghcr.io/task-tracker-lab/task-tracker-backend:feat-user
+    env_file:
+      - .env
+    ports:
+      - "3000:3000"
+    depends_on:
+      database:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    networks:
+      - backend
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 1024M
+        reservations:
+          cpus: "0.5"
+          memory: 256M
+
+  database:
+    hostname: database
+    container_name: database
+    image: postgres:16-alpine
+    restart: always
+    env_file:
+      - .env
+    environment:
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_DB: ${DB_DATABASE}
+    ports:
+      - "6000:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    networks:
+      - backend
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          'pg_isready -U "$$POSTGRES_USER" -d "$$POSTGRES_DB" -q || exit 1',
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    profiles: ["infra"]
+
+  redis:
+    hostname: redis
+    container_name: redis
+    image: redis:7-alpine
+    restart: always
+    ports:
+      - "7000:6379"
+    command: redis-server --save 60 1 --loglevel notice
+    volumes:
+      - redis_data:/data
+    networks:
+      - backend
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 5s
+      timeout: 3s
+      retries: 5
+    profiles: ["infra"]
+
+  minio:
+    hostname: minio
+    container_name: minio
+    image: minio/minio:latest
+    restart: always
+    environment:
+      MINIO_ROOT_USER: ${S3_ACCESS_KEY}
+      MINIO_ROOT_PASSWORD: ${S3_SECRET_KEY}
+    ports:
+      - "9000:9000" # API
+      - "9001:9001" # Console (UI)
+    command: server /data --console-address ":9001"
+    volumes:
+      - minio_data:/data
+    networks:
+      - backend
+    profiles: [ "infra" ]
+
+  minio-init:
+    image: minio/mc:latest
+    depends_on:
+      - minio
+    environment:
+      MINIO_ROOT_USER: ${S3_ACCESS_KEY}
+      MINIO_ROOT_PASSWORD: ${S3_SECRET_KEY}
+    networks:
+      - backend
+    profiles: [ "infra" ]
+    entrypoint: >
+      /bin/sh -c "
+      sleep 5;
+      mc alias set myminio http://minio:9000 ${S3_ACCESS_KEY} ${S3_SECRET_KEY};
+      mc mb myminio/${S3_BUCKET_NAME} --ignore-existing;
+      mc anonymous set download myminio/${S3_BUCKET_NAME};
+      exit 0;
+      "
+
+volumes:
+  postgres_data:
+  redis_data:
+  minio_data:
+
+networks:
+  backend:
+    name: task-tracker-gateway