feat: changed copilot instructions

Author: sethii

.github/copilot-instructions.md

@@ -35,15 +35,11 @@ This repository is a boilerplate for building Node.js applications using TypeScr
 │   ├── shared/            # Shared utilities and helpers
 │   ├── tests/             # Integration tests files
 │   │   └── bootstrap.ts   # Test bootstrap file
-│   └── migrations/        # TypeORM migrations
-├── src/
-│   ├── index.ts           # Application entry point
-│   ├── server.ts          # Server setup and configuration
-│   ├── container.ts       # Dependency injection container setup
-│   ├── config.ts          # Application configuration
-│   ├── logger.ts          # Logging setup
-│   ├── database.ts        # Database connection setup
-│   └── shared/            # Shared utilities and helpers
+│   ├── migrations/      # TypeORM migrations
+│   ├── router.ts        # Registering all feature routes
+│   └── app.ts           # Express app setup and initialization, application routing setup
+├── index.ts           # Application entry point
+└── container.ts       # Dependency injection container setup
 ```
 
 ### Key Libraries and Functionalities
@@ -74,6 +70,8 @@ This repository is a boilerplate for building Node.js applications using TypeScr
 - Always use TypeScript for type safety and modern JavaScript features.
 - Follow the project's coding conventions and architecture patterns.
 - Use dependency injection for managing dependencies, avoiding direct instantiation of classes.
+- All environment variables has to be extracted and validated using `dotenv` and `joi` packages. Store them in config files like `.env` or `.env.test` and process them in your application startup in `src/config/app.ts`.
+- Never use `npm run plop` to generate code, use the provided boilerplate structure and manually create files as needed.
 - Never run any commands with `docker-compose` command, use npm scripts instead (e.g., `npm run lint`, `npm run lint-fix`, `npm run forma`).
 
 #### Naming Guidelines
@@ -100,13 +98,5 @@ This repository is a boilerplate for building Node.js applications using TypeScr
 - Every utility function must have a corresponding unit test.
 
 #### Security Guidelines
-- Use `helmet` for security headers in Express.
-- Use `celebrate` for input validation in REST endpoints.
-- Use global error handling middleware for catching and formatting errors.
-- Add logging for important events and errors using injected logger in handlers and actions.
 - Never expose sensitive information in error messages or responses.
-- Use environment variables for sensitive configuration (e.g., database credentials, API keys) and load them using `dotenv`.
 - Use HTTPS for secure communication, especially in production environments.
-- Implement proper authentication and authorization mechanisms for protected routes.
-- Regularly update dependencies to patch security vulnerabilities.
-- Use `cors` middleware to control cross-origin requests, allowing only trusted origins.

.github/instructions/actions.instructions.md

@@ -10,17 +10,9 @@ applyTo: "**/actions/*.action.ts"
   - `delete-user.action.ts` for deleting a user
   - `get-users.action.ts` for retrieving users
 - Use appropriate HTTP status codes for different actions (e.g., 200 for success, 201 for created, 204 for no content).
-- For errors use appropriate HTTP status codes (e.g., 400 for bad request, 404 for not found, 500 for internal server error).:
-- All errors must return a structured JSON response with an error message and code:
-```json
-{
-  "error": {
-    "message": "Error message",
-    "code": "ERROR_CODE"
-  }
-}
-```
+- For errors use appropriate HTTP status codes (e.g., 400 for bad request, 404 for not found, 500 for internal server error).
 - Validation errors are handled by `celebrate` in `src/middleware/error-handler.ts` don't change that
+- Add logging for important events and errors using injected logger in handlers and actions.
 
 - Use `GET` method for list endpoints.
 - Use `src/shared/pagination-utils.ts` for creating TypeORM options for list endpoints.

.github/instructions/handlers.instructions.md

@@ -40,4 +40,12 @@ export class UserHandler {
 }
 ```
 - Never create tests for handlers.
-- Don't use `@CacheQuery` decorator in any handlers unless explicitly stated otherwise.
+- Don't use `@CacheQuery` decorator in any handlers unless explicitly stated otherwise.
+- Erorrs should be thrown as exceptions, not returned as responses. They will be handled by the global error handler.
+- There are built-in error classes in `src/shared/errors` that you can use to throw errors with appropriate HTTP status codes and messages.
+- Use HttpError classes from `src/shared/errors` for throwing HTTP errors.
+- The AppError shouldn't be used in handlers, as it is a generic error class for internal errors.
+- The NotFoundError should be used for 404 errors.
+- The Validation Errors are handled by `celebrate` in `src/middleware/error-handler.ts`, so you don't need to handle them in handlers.
+- In case you need to handle specific errors, you can create custom error classes in `src/shared/errors` and throw them in handlers, but remember for them to extend the `AppError` class.
+- Add logging for important events and errors using injected logger in handlers and actions.

.github/instructions/models.instructions.md

@@ -14,3 +14,39 @@ userRepository: asValue(dbDataSource.getRepository(UserEntity)),
 - Never add parameters to the `npm run generate-migration` command, as it will fail.
 - Never create tests for entities.
 - Always validate and sanitize user input to prevent SQL injection and other attacks.
+- Every model should have a factory method for creating instances from raw data, e.g.:
+```typescript
+import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+
+export interface UserProps {
+  id: string;
+  firstName: string;
+  lastName: string;
+  email: string;
+}
+
+@Entity({
+  name: "user",
+})
+export class UserEntity {
+  public static create(data: Partial<UserProps>): UserEntity {
+    const object = new UserEntity();
+    Object.assign(object, data);
+    return object;
+  }
+
+  @PrimaryGeneratedColumn("uuid")
+  id: string;
+
+  @Column()
+  firstName: string;
+
+  @Column()
+  lastName: string;
+
+  @Column()
+  email: string;
+}
+```
+- Use factory methods for creating instances from raw data.
+- For CRUD method you can use models props interface in commands as a type

.github/instructions/quality.instructions.md

@@ -0,0 +1,14 @@
+---
+applyTo: "**"
+---
+
+- Run `npm run lint` to check for linting errors after making changes.
+- Run `npm run format` to format the code according to the project's style guide.
+- Run `npm run integration` to execute integration tests after making changes.
+- Run `npm run units` to execute unit tests after making changes.
+- Always ensure that your code passes all tests before finishing.
+- Always ensure that code is well-documented, especially public methods and classes.
+- Always ensure that your code is formated according to the project's style guide.
+- Application supports `/health` endpoint for health checks, which returns 200 OK status if the application is running correctly.
+- All errors are handled by `src/middleware/error-handler.ts`, which returns a structured JSON response with an error message and code.
+- In case of changing errors, always update the error handler to handle new error types.

.github/instructions/routing.instructions.md

@@ -2,7 +2,15 @@
 applyTo: "**/features/**/routing.ts"
 ---
 
-- Register routing in `src/app/router.ts` 
+- Routing is divided into three main areas:
+  - Feature routing: `src/app/features/{feature}/routing.ts`
+  - Global routing: `src/app/router.ts`
+  - Application routing: `src/app/index.ts`
+- Use feature routing for individual actions registering and middlewares related to specific action only.
+- Use global routing for feature-wide actions, commands, and queries and middlewares that apply to all actions in the feature.
+- Use application routing for application-wide actions, commands, and queries and middlewares that apply to all features.
+- All application routes starts with `/api/`
+- Register feature routing in `src/app/router.ts` 
 - When registering routing in `src/app/router.ts`, always register it with specific path, for example:
 ```typescript
 router.use("/example", usersRouting);

.github/instructions/security.instructions.md

@@ -3,7 +3,7 @@ applyTo: "**"
 ---
 
 - When implmenting authentication, use JWT tokens for stateless authentication.
-- Never store sensitive information (like passwords) in plain text, always hash them using a strong hashing algorithm (e.g., bcrypt).
+- Never store sensitive information (like passwords) in plain text, always hash them using a strong hashing algorithm (e.g. SHA-256).
 - Always implement authentication with proper session management, including token expiration and refresh mechanisms.
 - The authentication middleware should validate the JWT token and extract user information from it.
 - Use role-based access control (RBAC) to manage permissions and restrict access to resources based on user roles.
@@ -16,3 +16,5 @@ applyTo: "**"
 }
 ```
 - Always implement `me` endpoint to allow users to retrieve their own profile information.
+- Use `helmet` for security headers in Express.
+- Use `cors` middleware to control cross-origin requests, allowing only trusted origins.

.github/instructions/tests.instructions.md

@@ -24,4 +24,5 @@ describe("/api/{{kebabCase name}} integration", () => {
 - Test bootstrap is in `src/tests/bootstrap.ts`, which sets up the container, database connection, and clears the database before each test.
 - Use `clearDb()` function in `src/tests/bootstrap.ts` to clear the database before each test.
 - Every repository must be added to `clearDb()` function and cleared with `.delete({})` to avoid TypeORM issues.
-- Use `global.container` and `global.dbConnection` in tests for accessing the container and database connection.
+- Use `global.container` and `global.dbConnection` in tests for accessing the container and database connection.
+- The tests use separate `.env.test` file for environment variables. All environment variables has to be added there too.