refactor: extract users business logic into users.service.ts

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/services/users.service.ts

@@ -0,0 +1,186 @@
+import prisma from '../config/database';
+import bcrypt from 'bcryptjs';
+import { config } from '../config/env';
+
+const ALLOWED_SORT_FIELDS = ['id', 'username', 'email', 'first_name', 'last_name', 'created_at'];
+
+const USER_SELECT = {
+  id: true, username: true, email: true, first_name: true, last_name: true,
+  role_id: true, is_active: true, last_login: true, totp_enabled: true,
+  created_at: true, updated_at: true,
+  roles: { select: { id: true, name: true, display_name: true } },
+} as const;
+
+export interface ListUsersParams {
+  page: number;
+  limit: number;
+  skip: number;
+  sort: string;
+  order: 'asc' | 'desc';
+  search: string;
+}
+
+export interface CreateUserData {
+  username: string;
+  email: string;
+  password: string;
+  first_name: string;
+  last_name: string;
+  role_id?: number | null;
+  is_active?: boolean;
+}
+
+export interface UpdateUserData {
+  username?: string;
+  email?: string;
+  password?: string;
+  first_name?: string;
+  last_name?: string;
+  role_id?: number | null;
+  is_active?: boolean | number | string;
+}
+
+export async function listUsers(params: ListUsersParams) {
+  const { page, limit, skip, sort, order, search } = params;
+  const sortField = ALLOWED_SORT_FIELDS.includes(sort) ? sort : 'id';
+
+  const where = search
+    ? {
+        OR: [
+          { username: { contains: search } },
+          { email: { contains: search } },
+          { first_name: { contains: search } },
+          { last_name: { contains: search } },
+        ],
+      }
+    : {};
+
+  const [users, total] = await Promise.all([
+    prisma.users.findMany({
+      where,
+      skip,
+      take: limit,
+      orderBy: { [sortField]: order },
+      select: USER_SELECT,
+    }),
+    prisma.users.count({ where }),
+  ]);
+
+  return { users, total, page, limit };
+}
+
+export async function getUser(id: number) {
+  return prisma.users.findUnique({
+    where: { id },
+    select: USER_SELECT,
+  });
+}
+
+export async function createUser(data: CreateUserData) {
+  const username = data.username.trim();
+  const email = data.email.trim();
+  const firstName = data.first_name.trim();
+  const lastName = data.last_name.trim();
+
+  // Email format
+  if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+    return { error: 'Neplatný formát e-mailu', status: 400 } as const;
+  }
+
+  // Username uniqueness
+  const existingUsername = await prisma.users.findFirst({ where: { username } });
+  if (existingUsername) {
+    return { error: 'Uživatelské jméno již existuje', status: 409 } as const;
+  }
+
+  // Email uniqueness
+  const existingEmail = await prisma.users.findFirst({ where: { email } });
+  if (existingEmail) {
+    return { error: 'E-mail již existuje', status: 409 } as const;
+  }
+
+  const passwordHash = await bcrypt.hash(data.password, config.security.bcryptCost);
+
+  const user = await prisma.users.create({
+    data: {
+      username,
+      email,
+      password_hash: passwordHash,
+      first_name: firstName,
+      last_name: lastName,
+      role_id: data.role_id ? Number(data.role_id) : null,
+      is_active: data.is_active !== false,
+    },
+  });
+
+  return { user } as const;
+}
+
+export async function updateUser(id: number, body: UpdateUserData) {
+  const existing = await prisma.users.findUnique({ where: { id } });
+  if (!existing) {
+    return { error: 'Uživatel nenalezen', status: 404 } as const;
+  }
+
+  const data: Record<string, unknown> = {};
+
+  // Username validation and uniqueness
+  if (body.username !== undefined) {
+    const newUsername = String(body.username).trim();
+    if (newUsername !== existing.username) {
+      const existingUsername = await prisma.users.findFirst({ where: { username: newUsername } });
+      if (existingUsername) {
+        return { error: 'Uživatelské jméno již existuje', status: 409 } as const;
+      }
+    }
+    data.username = newUsername;
+  }
+
+  // Email validation and uniqueness
+  if (body.email !== undefined) {
+    const newEmail = String(body.email).trim();
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(newEmail)) {
+      return { error: 'Neplatný formát e-mailu', status: 400 } as const;
+    }
+    const existingEmail = await prisma.users.findFirst({
+      where: { email: newEmail, id: { not: id } },
+    });
+    if (existingEmail) {
+      return { error: 'E-mail již existuje', status: 409 } as const;
+    }
+    data.email = newEmail;
+  }
+
+  if (body.first_name !== undefined) data.first_name = String(body.first_name);
+  if (body.last_name !== undefined) data.last_name = String(body.last_name);
+  if (body.role_id !== undefined) data.role_id = body.role_id ? Number(body.role_id) : null;
+  if (body.is_active !== undefined) data.is_active = body.is_active === true || body.is_active === 1 || body.is_active === '1';
+  if (body.password) {
+    const newPassword = String(body.password);
+    if (newPassword.length < 8) {
+      return { error: 'Heslo musí mít alespoň 8 znaků', status: 400 } as const;
+    }
+    data.password_hash = await bcrypt.hash(newPassword, config.security.bcryptCost);
+    data.password_changed_at = new Date();
+  }
+
+  await prisma.users.update({ where: { id }, data });
+
+  return { id, username: existing.username } as const;
+}
+
+export async function deleteUser(id: number, currentUserId?: number) {
+  if (id === currentUserId) {
+    return { error: 'Nelze smazat vlastní účet', status: 400 } as const;
+  }
+
+  const existing = await prisma.users.findUnique({ where: { id } });
+  if (!existing) {
+    return { error: 'Uživatel nenalezen', status: 404 } as const;
+  }
+
+  await prisma.refresh_tokens.deleteMany({ where: { user_id: id } });
+  await prisma.users.delete({ where: { id } });
+
+  return { id, username: existing.username } as const;
+}