init: scaffold from k-template with postgres + worker

2026-05-31 03:08:38 +02:00
commit f9cb142c3b
70 changed files with 5269 additions and 0 deletions
--- a/crates/domain/Cargo.toml
+++ b/crates/domain/Cargo.toml
@@ -0,0 +1,13 @@
+[package]
+name = "domain"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+uuid        = { workspace = true }
+chrono      = { workspace = true }
+serde       = { workspace = true }
+thiserror   = { workspace = true }
+async-trait = { workspace = true }
+bytes       = { workspace = true }
+futures     = { workspace = true }
--- a/crates/domain/src/entities/mod.rs
+++ b/crates/domain/src/entities/mod.rs
@@ -0,0 +1,2 @@
+mod user;
+pub use user::User;
--- a/crates/domain/src/entities/user.rs
+++ b/crates/domain/src/entities/user.rs
@@ -0,0 +1,17 @@
+use chrono::{DateTime, Utc};
+use crate::value_objects::{Email, PasswordHash, Role, UserId};
+
+#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
+pub struct User {
+    pub id: UserId,
+    pub email: Email,
+    pub password_hash: PasswordHash,
+    pub role: Role,
+    pub created_at: DateTime<Utc>,
+}
+
+impl User {
+    pub fn new(id: UserId, email: Email, password_hash: PasswordHash) -> Self {
+        Self { id, email, password_hash, role: Role::User, created_at: Utc::now() }
+    }
+}
--- a/crates/domain/src/errors.rs
+++ b/crates/domain/src/errors.rs
@@ -0,0 +1,13 @@
+#[derive(Debug, thiserror::Error)]
+pub enum DomainError {
+    #[error("Not found: {0}")]
+    NotFound(String),
+    #[error("Conflict: {0}")]
+    Conflict(String),
+    #[error("Unauthorized: {0}")]
+    Unauthorized(String),
+    #[error("Validation error: {0}")]
+    Validation(String),
+    #[error("Internal error: {0}")]
+    Internal(String),
+}
--- a/crates/domain/src/events.rs
+++ b/crates/domain/src/events.rs
@@ -0,0 +1,7 @@
+use uuid::Uuid;
+
+#[derive(Debug, Clone)]
+pub enum DomainEvent {
+    UserRegistered { user_id: Uuid },
+    UserLoggedIn { user_id: Uuid },
+}
--- a/crates/domain/src/lib.rs
+++ b/crates/domain/src/lib.rs
@@ -0,0 +1,5 @@
+pub mod entities;
+pub mod errors;
+pub mod events;
+pub mod ports;
+pub mod value_objects;
--- a/crates/domain/src/ports/auth.rs
+++ b/crates/domain/src/ports/auth.rs
@@ -0,0 +1,14 @@
+use async_trait::async_trait;
+use crate::{errors::DomainError, value_objects::{PasswordHash, Role, UserId}};
+
+#[async_trait]
+pub trait PasswordHasher: Send + Sync {
+    async fn hash(&self, password: &str) -> Result<PasswordHash, DomainError>;
+    async fn verify(&self, password: &str, hash: &PasswordHash) -> Result<bool, DomainError>;
+}
+
+#[async_trait]
+pub trait TokenIssuer: Send + Sync {
+    async fn issue(&self, user_id: &UserId, role: &Role) -> Result<String, DomainError>;
+    async fn verify(&self, token: &str) -> Result<(UserId, Role), DomainError>;
+}
--- a/crates/domain/src/ports/mod.rs
+++ b/crates/domain/src/ports/mod.rs
@@ -0,0 +1,7 @@
+mod auth;
+mod storage;
+mod user_repo;
+
+pub use auth::{PasswordHasher, TokenIssuer};
+pub use storage::{DataStream, StoragePort, StorageReader, StorageWriter};
+pub use user_repo::UserRepository;
--- a/crates/domain/src/ports/storage.rs
+++ b/crates/domain/src/ports/storage.rs
@@ -0,0 +1,52 @@
+use async_trait::async_trait;
+use bytes::Bytes;
+use futures::stream::{self, BoxStream, StreamExt};
+use crate::errors::DomainError;
+
+pub type DataStream = BoxStream<'static, Result<Bytes, DomainError>>;
+
+/// Read operations on object storage. Keys are full paths relative to the adapter root.
+#[async_trait]
+pub trait StorageReader: Send + Sync {
+    /// Returns the content of `key` as a stream. Returns `DomainError::NotFound` if absent.
+    async fn get(&self, key: &str) -> Result<DataStream, DomainError>;
+
+    /// Lists all keys whose path begins with `prefix`, or all keys when `prefix` is `None`.
+    /// Returned keys are **full paths from the adapter root**, not relative to `prefix`.
+    /// Example: `list(Some("docs"))` returns `["docs/readme.txt"]`, not `["readme.txt"]`.
+    async fn list(&self, prefix: Option<&str>) -> Result<Vec<String>, DomainError>;
+
+    /// Convenience: reads the entire content of `key` into memory. Wraps `get`.
+    async fn get_bytes(&self, key: &str) -> Result<Bytes, DomainError> {
+        let mut stream = self.get(key).await?;
+        let mut buf: Vec<u8> = Vec::new();
+        while let Some(chunk) = stream.next().await {
+            buf.extend_from_slice(&chunk?);
+        }
+        Ok(Bytes::from(buf))
+    }
+}
+
+/// Write operations on object storage.
+#[async_trait]
+pub trait StorageWriter: Send + Sync {
+    /// Stores `data` at `key`. Overwrites any existing content at that key silently.
+    async fn put(&self, key: &str, data: DataStream) -> Result<(), DomainError>;
+
+    /// Deletes `key`. Returns `Ok(())` even if the key does not exist (idempotent).
+    async fn delete(&self, key: &str) -> Result<(), DomainError>;
+
+    /// Convenience: stores an in-memory buffer at `key`. Wraps `put`.
+    async fn put_bytes(&self, key: &str, data: Bytes) -> Result<(), DomainError> {
+        self.put(key, Box::pin(stream::once(async move { Ok(data) }))).await
+    }
+}
+
+/// Combined read + write storage interface.
+///
+/// **Usage note:** `Arc<dyn StoragePort>` is the intended DI type everywhere.
+/// `StorageReader` and `StorageWriter` exist for implementation clarity, but Rust does not
+/// support narrowing `Arc<dyn StoragePort>` to `Arc<dyn StorageReader>` at runtime.
+/// Inject `Arc<dyn StoragePort>` into constructors and pass `.clone()` from the factory.
+pub trait StoragePort: StorageReader + StorageWriter {}
+impl<T: StorageReader + StorageWriter> StoragePort for T {}
--- a/crates/domain/src/ports/user_repo.rs
+++ b/crates/domain/src/ports/user_repo.rs
@@ -0,0 +1,10 @@
+use async_trait::async_trait;
+use crate::{entities::User, errors::DomainError, value_objects::{Email, UserId}};
+
+#[async_trait]
+pub trait UserRepository: Send + Sync {
+    async fn find_by_id(&self, id: &UserId) -> Result<Option<User>, DomainError>;
+    async fn find_by_email(&self, email: &Email) -> Result<Option<User>, DomainError>;
+    async fn save(&self, user: &User) -> Result<(), DomainError>;
+    async fn delete(&self, id: &UserId) -> Result<(), DomainError>;
+}
--- a/crates/domain/src/value_objects/email.rs
+++ b/crates/domain/src/value_objects/email.rs
@@ -0,0 +1,42 @@
+use crate::errors::DomainError;
+
+#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
+pub struct Email(String);
+
+impl Email {
+    pub fn new(value: impl Into<String>) -> Result<Self, DomainError> {
+        let value = value.into().trim().to_lowercase();
+        if value.is_empty() || !value.contains('@') {
+            return Err(DomainError::Validation("Invalid email address".to_string()));
+        }
+        Ok(Self(value))
+    }
+
+    pub fn as_str(&self) -> &str { &self.0 }
+}
+
+impl std::fmt::Display for Email {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.0)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn rejects_empty() { assert!(Email::new("").is_err()); }
+
+    #[test]
+    fn rejects_no_at() { assert!(Email::new("notanemail").is_err()); }
+
+    #[test]
+    fn accepts_valid() { assert!(Email::new("user@example.com").is_ok()); }
+
+    #[test]
+    fn lowercases_and_trims() {
+        let email = Email::new("  User@Example.Com  ").unwrap();
+        assert_eq!(email.as_str(), "user@example.com");
+    }
+}
--- a/crates/domain/src/value_objects/mod.rs
+++ b/crates/domain/src/value_objects/mod.rs
@@ -0,0 +1,9 @@
+mod email;
+mod password;
+mod role;
+mod user_id;
+
+pub use email::Email;
+pub use password::PasswordHash;
+pub use role::Role;
+pub use user_id::UserId;
--- a/crates/domain/src/value_objects/password.rs
+++ b/crates/domain/src/value_objects/password.rs
@@ -0,0 +1,14 @@
+// Manual Debug — redacts hash to prevent it appearing in logs
+#[derive(Clone, serde::Serialize, serde::Deserialize)]
+pub struct PasswordHash(String);
+
+impl std::fmt::Debug for PasswordHash {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_tuple("PasswordHash").field(&"[redacted]").finish()
+    }
+}
+
+impl PasswordHash {
+    pub fn from_hash(hash: String) -> Self { Self(hash) }
+    pub fn as_str(&self) -> &str { &self.0 }
+}
--- a/crates/domain/src/value_objects/role.rs
+++ b/crates/domain/src/value_objects/role.rs
@@ -0,0 +1,23 @@
+#[derive(Debug, Clone, Copy, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
+#[serde(rename_all = "lowercase")]
+pub enum Role { User, Admin }
+
+impl std::fmt::Display for Role {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Role::User => write!(f, "user"),
+            Role::Admin => write!(f, "admin"),
+        }
+    }
+}
+
+impl std::str::FromStr for Role {
+    type Err = String;
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        match s {
+            "user" => Ok(Role::User),
+            "admin" => Ok(Role::Admin),
+            other => Err(format!("Unknown role: {other}")),
+        }
+    }
+}
--- a/crates/domain/src/value_objects/user_id.rs
+++ b/crates/domain/src/value_objects/user_id.rs
@@ -0,0 +1,22 @@
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, serde::Serialize, serde::Deserialize)]
+pub struct UserId(uuid::Uuid);
+
+impl UserId {
+    pub fn new() -> Self { Self(uuid::Uuid::new_v4()) }
+    pub fn from_uuid(id: uuid::Uuid) -> Self { Self(id) }
+    pub fn as_uuid(&self) -> &uuid::Uuid { &self.0 }
+}
+
+impl Default for UserId {
+    fn default() -> Self { Self::new() }
+}
+
+impl std::fmt::Display for UserId {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.0)
+    }
+}
+
+impl From<uuid::Uuid> for UserId {
+    fn from(id: uuid::Uuid) -> Self { Self(id) }
+}