/** * @copyright 2026 NHCarrigan * @license Naomi's Public License * @author Naomi Carrigan */ import { Book, BookStatus, CreateBookDto, UpdateBookDto } from "@library/shared-types"; import { prisma } from "../lib/prisma"; import { validateUrl, validateRating, validateStringLength, validateDataUrl, MAX_LENGTHS, } from "../utils/validation"; export class BookService { private prisma = prisma; constructor() {} /** * Validate book data for security. */ private validateBookData(data: CreateBookDto | UpdateBookDto): void { // Validate string lengths if (!validateStringLength(data.title, MAX_LENGTHS.TITLE)) { throw new Error(`Title must be ${MAX_LENGTHS.TITLE} characters or less.`); } if (!validateStringLength(data.author, MAX_LENGTHS.AUTHOR)) { throw new Error(`Author must be ${MAX_LENGTHS.AUTHOR} characters or less.`); } if (!validateStringLength(data.isbn, MAX_LENGTHS.ISBN)) { throw new Error(`ISBN must be ${MAX_LENGTHS.ISBN} characters or less.`); } if (!validateStringLength(data.notes, MAX_LENGTHS.NOTES)) { throw new Error(`Notes must be ${MAX_LENGTHS.NOTES} characters or less.`); } if (!validateStringLength(data.coverImage, MAX_LENGTHS.URL)) { throw new Error(`Cover image URL must be ${MAX_LENGTHS.URL} characters or less.`); } // Validate rating if (!validateRating(data.rating)) { throw new Error("Rating must be an integer between 0 and 10."); } if (data.coverImage) { if (data.coverImage.startsWith("data:")) { const sizeInBytes = data.coverImage.length * 0.75; if (sizeInBytes > MAX_LENGTHS.DATA_URL) { throw new Error("Cover image must be under 5MB."); } if (!validateDataUrl(data.coverImage)) { throw new Error("Invalid image data URL."); } } else { if (!validateStringLength(data.coverImage, MAX_LENGTHS.URL)) { throw new Error(`Cover image URL must be ${MAX_LENGTHS.URL} characters or less.`); } if (!validateUrl(data.coverImage)) { throw new Error("Invalid cover image URL. Only http and https URLs are allowed."); } } } // Validate tags if (data.tags) { for (const tag of data.tags) { if (!validateStringLength(tag, MAX_LENGTHS.TAGS)) { throw new Error(`Each tag must be ${MAX_LENGTHS.TAGS} characters or less.`); } } } // Validate link URLs if (data.links) { for (const link of data.links) { if (!validateUrl(link.url)) { throw new Error(`Invalid link URL: ${link.title}. Only http and https URLs are allowed.`); } if (!validateStringLength(link.title, MAX_LENGTHS.TITLE)) { throw new Error(`Link title must be ${MAX_LENGTHS.TITLE} characters or less.`); } if (!validateStringLength(link.url, MAX_LENGTHS.URL)) { throw new Error(`Link URL must be ${MAX_LENGTHS.URL} characters or less.`); } } } } /** * Get all books. */ async getAllBooks(): Promise { const books = await this.prisma.book.findMany({ orderBy: { updatedAt: "desc" }, }); return books.map((book) => ({ ...book, status: book.status as unknown as BookStatus, dateAdded: book.dateAdded, dateStarted: book.dateStarted || undefined, dateFinished: book.dateFinished || undefined, tags: book.tags ?? [], links: book.links ?? [], createdAt: book.createdAt, updatedAt: book.updatedAt, })); } /** * Get book by ID. */ async getBookById(id: string): Promise { const book = await this.prisma.book.findUnique({ where: { id }, }); if (!book) return null; return { ...book, status: book.status as unknown as BookStatus, dateAdded: book.dateAdded, dateStarted: book.dateStarted || undefined, dateFinished: book.dateFinished || undefined, tags: book.tags ?? [], links: book.links ?? [], createdAt: book.createdAt, updatedAt: book.updatedAt, }; } /** * Get all books in a series, ordered by seriesOrder. */ async getBooksBySeries(seriesName: string): Promise { const books = await this.prisma.book.findMany({ where: { series: seriesName }, orderBy: { seriesOrder: "asc" }, }); return books.map((book) => ({ ...book, status: book.status as unknown as BookStatus, dateAdded: book.dateAdded, dateStarted: book.dateStarted || undefined, dateFinished: book.dateFinished || undefined, tags: book.tags ?? [], links: book.links ?? [], createdAt: book.createdAt, updatedAt: book.updatedAt, })); } /** * Create new book. */ async createBook(data: CreateBookDto): Promise { // Validate input this.validateBookData(data); const book = await this.prisma.book.create({ data: { ...data, status: data.status.toUpperCase() as any, }, }); return { ...book, status: book.status as unknown as BookStatus, dateAdded: book.dateAdded, dateStarted: book.dateStarted || undefined, dateFinished: book.dateFinished || undefined, tags: book.tags ?? [], links: book.links ?? [], createdAt: book.createdAt, updatedAt: book.updatedAt, }; } /** * Update book by ID. */ async updateBook(id: string, data: UpdateBookDto): Promise { // Validate input this.validateBookData(data); const updateData = { ...data }; if (updateData.status) { updateData.status = updateData.status.toUpperCase() as any; } const book = await this.prisma.book.update({ where: { id }, data: updateData, }); return { ...book, status: book.status as unknown as BookStatus, dateAdded: book.dateAdded, dateStarted: book.dateStarted || undefined, dateFinished: book.dateFinished || undefined, tags: book.tags ?? [], links: book.links ?? [], createdAt: book.createdAt, updatedAt: book.updatedAt, }; } /** * Delete book by ID. */ async deleteBook(id: string): Promise { await this.prisma.book.delete({ where: { id }, }); } }