@alfredmouelle/create-stack 0.1.0

package/_stack/apps/tanstack-base/src/routes/auth/verify-email.tsx

@@ -0,0 +1,72 @@
+import { createFileRoute, Link } from '@tanstack/react-router'
+import { useState } from 'react'
+import { Button } from '~/components/ui/button'
+import { Spinner } from '~/components/ui/spinner'
+import { AuthCard } from '~/features/auth/auth-card'
+import { FormAlert } from '~/features/auth/form-alert'
+import { authClient } from '~/server/better-auth/client'
+
+interface VerifyEmailSearch {
+  email?: string
+}
+
+export const Route = createFileRoute('/auth/verify-email')({
+  validateSearch: (search: Record<string, unknown>): VerifyEmailSearch => ({
+    email: typeof search.email === 'string' ? search.email : undefined,
+  }),
+  component: VerifyEmail,
+})
+
+function VerifyEmail() {
+  const { email } = Route.useSearch()
+  const [status, setStatus] = useState<'idle' | 'sending' | 'sent' | 'error'>('idle')
+
+  const resend = async () => {
+    if (!email) return
+    setStatus('sending')
+    const { error } = await authClient.sendVerificationEmail({ email, callbackURL: '/' })
+    setStatus(error ? 'error' : 'sent')
+  }
+
+  return (
+    <AuthCard
+      description={
+        <>
+          A confirmation link was sent{email ? ` to ${email}` : ''}. Click it to activate your
+          account.
+        </>
+      }
+      footer={
+        <Link className="text-foreground hover:underline" to="/auth/sign-in">
+          Back to sign in
+        </Link>
+      }
+      title="Confirm your email"
+    >
+      <div className="grid gap-4">
+        {status === 'sent' ? (
+          <FormAlert variant="success">
+            Request sent. If your address isn't confirmed yet, you'll get an email — check your spam
+            folder.
+          </FormAlert>
+        ) : null}
+        {status === 'error' ? <FormAlert>Could not send. Try again shortly.</FormAlert> : null}
+
+        <p className="text-muted-foreground text-sm">
+          Didn't get anything? Check your spam folder or resend the link.
+        </p>
+
+        <Button
+          className="w-full cursor-pointer"
+          disabled={!email || status === 'sending'}
+          onClick={resend}
+          type="button"
+          variant="outline"
+        >
+          {status === 'sending' ? <Spinner /> : null}
+          {status === 'sending' ? 'Sending…' : 'Resend link'}
+        </Button>
+      </div>
+    </AuthCard>
+  )
+}

package/_stack/apps/tanstack-base/src/routes/auth.tsx

@@ -0,0 +1,22 @@
+import { createFileRoute, Outlet, redirect } from '@tanstack/react-router'
+import { getServerSession } from '~/server/better-auth/session'
+
+export const Route = createFileRoute('/auth')({
+  beforeLoad: async () => {
+    const session = await getServerSession()
+    if (session) {
+      throw redirect({ to: '/' })
+    }
+  },
+  component: AuthLayout,
+})
+
+function AuthLayout() {
+  return (
+    <div className="flex min-h-svh flex-col items-center justify-center gap-8 bg-gradient-to-b from-background to-muted/50 px-4 py-10">
+      <div className="w-full max-w-sm">
+        <Outlet />
+      </div>
+    </div>
+  )
+}

package/_stack/apps/tanstack-base/src/routes/index.tsx

@@ -0,0 +1,18 @@
+import { createFileRoute } from '@tanstack/react-router'
+import { ThemeToggle } from '~/components/theme-toggle'
+
+export const Route = createFileRoute('/')({ component: Home })
+
+function Home() {
+  return (
+    <div className="p-8">
+      <div className="flex items-center justify-between">
+        <h1 className="font-bold text-4xl">Base</h1>
+        <ThemeToggle />
+      </div>
+      <p className="mt-4 text-lg">
+        TanStack Start base. Add tools with <code>add-capability</code>.
+      </p>
+    </div>
+  )
+}

package/_stack/apps/tanstack-base/src/server/api/root.ts

@@ -0,0 +1,10 @@
+import { healthRouter } from './routers/health.router'
+import { createCallerFactory, createTRPCRouter } from './trpc'
+
+export const appRouter = createTRPCRouter({
+  health: healthRouter,
+})
+
+export type AppRouter = typeof appRouter
+
+export const createCaller = createCallerFactory(appRouter)

package/_stack/apps/tanstack-base/src/server/api/routers/health.router.ts

@@ -0,0 +1,8 @@
+import { createTRPCRouter, publicProcedure } from '../trpc'
+
+export const healthRouter = createTRPCRouter({
+  ping: publicProcedure.query(() => ({
+    ok: true,
+    time: new Date().toISOString(),
+  })),
+})

package/_stack/apps/tanstack-base/src/server/api/trpc.ts

@@ -0,0 +1,61 @@
+import { initTRPC, TRPCError } from '@trpc/server'
+import superjson from 'superjson'
+import { flatten, ValiError } from 'valibot'
+import { auth } from '~/server/better-auth'
+import { db } from '~/server/db'
+
+export const createTRPCContext = async (opts: { headers: Headers }) => {
+  const session = await auth.api.getSession({ headers: opts.headers })
+  return { db, session, ...opts }
+}
+
+const t = initTRPC.context<typeof createTRPCContext>().create({
+  transformer: superjson,
+  errorFormatter({ shape, error }) {
+    return {
+      ...shape,
+      data: {
+        ...shape.data,
+        validationError: error.cause instanceof ValiError ? flatten(error.cause.issues) : null,
+      },
+    }
+  },
+})
+
+export const createCallerFactory = t.createCallerFactory
+
+export const createTRPCRouter = t.router
+
+const isTest = process.env.VITEST === 'true'
+
+const timingMiddleware = t.middleware(async ({ next, path }) => {
+  const start = Date.now()
+
+  if (t._config.isDev && !isTest) {
+    const waitMs = Math.floor(Math.random() * 400) + 100
+    await new Promise((resolve) => setTimeout(resolve, waitMs))
+  }
+
+  const result = await next()
+
+  if (!isTest) {
+    // biome-ignore lint/suspicious/noConsole: dev timing instrumentation
+    console.log(`[TRPC] ${path} took ${Date.now() - start}ms to execute`)
+  }
+
+  return result
+})
+
+export const publicProcedure = t.procedure.use(timingMiddleware)
+
+export const protectedProcedure = t.procedure.use(timingMiddleware).use(({ ctx, next }) => {
+  if (!ctx.session?.user) {
+    throw new TRPCError({ code: 'UNAUTHORIZED' })
+  }
+
+  return next({
+    ctx: {
+      session: { ...ctx.session, user: ctx.session.user },
+    },
+  })
+})

package/_stack/apps/tanstack-base/src/server/better-auth/client.ts

@@ -0,0 +1,9 @@
+import { inferAdditionalFields } from 'better-auth/client/plugins'
+import { createAuthClient } from 'better-auth/react'
+import type { auth } from './config'
+
+export const authClient = createAuthClient({
+  plugins: [inferAdditionalFields<typeof auth>()],
+})
+
+export type Session = typeof authClient.$Infer.Session

package/_stack/apps/tanstack-base/src/server/better-auth/config.ts

@@ -0,0 +1,68 @@
+import { betterAuth } from 'better-auth'
+import { drizzleAdapter } from 'better-auth/adapters/drizzle'
+import { tanstackStartCookies } from 'better-auth/tanstack-start'
+import { env } from '~/env'
+import { db } from '~/server/db'
+import { sendPasswordResetEmail, sendVerificationEmail } from './emails'
+
+const socialProviders =
+  env.BETTER_AUTH_GOOGLE_CLIENT_ID && env.BETTER_AUTH_GOOGLE_CLIENT_SECRET
+    ? {
+        google: {
+          clientId: env.BETTER_AUTH_GOOGLE_CLIENT_ID,
+          clientSecret: env.BETTER_AUTH_GOOGLE_CLIENT_SECRET,
+        },
+      }
+    : undefined
+
+export const auth = betterAuth({
+  database: drizzleAdapter(db, {
+    provider: 'pg',
+  }),
+  emailAndPassword: {
+    enabled: true,
+    minPasswordLength: 8,
+    requireEmailVerification: true,
+    sendResetPassword: async ({ user, url }) => {
+      await sendPasswordResetEmail({
+        to: { email: user.email, name: user.name },
+        url,
+      })
+    },
+  },
+  emailVerification: {
+    sendOnSignUp: true,
+    autoSignInAfterVerification: true,
+    expiresIn: 60 * 60,
+    sendVerificationEmail: async ({ user, url }) => {
+      await sendVerificationEmail({
+        to: { email: user.email, name: user.name },
+        url,
+      })
+    },
+  },
+  socialProviders,
+  user: {
+    // Extend the user with extra columns here (mirror them in auth.schema.ts):
+    // additionalFields: {
+    //   role: { type: 'string', defaultValue: 'user', input: false },
+    // },
+    additionalFields: {},
+  },
+  trustedOrigins: [env.BETTER_AUTH_URL],
+  rateLimit: {
+    enabled: env.NODE_ENV === 'production',
+    window: 60,
+    max: 100,
+    customRules: {
+      '/sign-up/email': { window: 60, max: 5 },
+      '/sign-in/email': { window: 60, max: 10 },
+      '/forget-password': { window: 60, max: 3 },
+      '/request-password-reset': { window: 60, max: 3 },
+      '/send-verification-email': { window: 60, max: 3 },
+    },
+  },
+  plugins: [tanstackStartCookies()],
+})
+
+export type Session = typeof auth.$Infer.Session

package/_stack/apps/tanstack-base/src/server/better-auth/emails.tsx

@@ -0,0 +1,25 @@
+import { ResetPasswordEmail } from '~/emails/reset-password'
+import { VerifyEmail } from '~/emails/verify-email'
+import { type EmailRecipient, sendEmail } from '~/server/email'
+
+export const sendVerificationEmail = async (params: {
+  to: EmailRecipient
+  url: string
+}): Promise<void> => {
+  await sendEmail({
+    to: params.to,
+    subject: 'Confirm your email address',
+    template: <VerifyEmail name={params.to.name} url={params.url} />,
+  })
+}
+
+export const sendPasswordResetEmail = async (params: {
+  to: EmailRecipient
+  url: string
+}): Promise<void> => {
+  await sendEmail({
+    to: params.to,
+    subject: 'Reset your password',
+    template: <ResetPasswordEmail name={params.to.name} url={params.url} />,
+  })
+}

package/_stack/apps/tanstack-base/src/server/better-auth/index.ts

@@ -0,0 +1 @@
+export { auth } from './config'

package/_stack/apps/tanstack-base/src/server/better-auth/session.ts

@@ -0,0 +1,9 @@
+import { createServerFn } from '@tanstack/react-start'
+import { getRequest } from '@tanstack/react-start/server'
+import { auth } from '.'
+
+/** Raw session lookup from the current request headers (server-side). */
+export const getSession = async () => auth.api.getSession({ headers: getRequest().headers })
+
+/** Server-function wrapper for route loaders / `beforeLoad`. */
+export const getServerSession = createServerFn({ method: 'GET' }).handler(() => getSession())

package/_stack/apps/tanstack-base/src/server/db/index.ts

@@ -0,0 +1,6 @@
+import { drizzle } from 'drizzle-orm/node-postgres'
+
+import { env } from '~/env'
+import * as schema from '~/server/db/schemas'
+
+export const db = drizzle(env.DATABASE_URL, { schema })

package/_stack/apps/tanstack-base/src/server/db/keyset.ts

@@ -0,0 +1,63 @@
+import { and, type Column, eq, gt, lt, or, type SQL } from 'drizzle-orm'
+
+export type SortDirection = 'asc' | 'desc'
+
+export const escapeLike = (value: string): string => value.replace(/[\\%_]/g, (char) => `\\${char}`)
+
+export const encodeCursor = (value: string, id: string): string =>
+  Buffer.from(JSON.stringify([value, id])).toString('base64url')
+
+export const decodeCursor = (cursor: string): { value: string; id: string } | null => {
+  try {
+    const [value, id] = JSON.parse(Buffer.from(cursor, 'base64url').toString())
+    if (typeof value !== 'string' || typeof id !== 'string') return null
+    return { value, id }
+  } catch {
+    return null
+  }
+}
+
+export const keysetCondition = ({
+  sortColumn,
+  idColumn,
+  direction,
+  cursor,
+  toComparable,
+}: {
+  sortColumn: Column
+  idColumn: Column
+  direction: SortDirection
+  cursor: string
+  toComparable: (value: string) => unknown
+}): SQL | undefined => {
+  const decoded = decodeCursor(cursor)
+  if (!decoded) return undefined
+
+  const comparable = toComparable(decoded.value)
+  const compare = direction === 'asc' ? gt : lt
+
+  return or(
+    compare(sortColumn, comparable),
+    and(eq(sortColumn, comparable), compare(idColumn, decoded.id)),
+  )
+}
+
+export const takePage = <T>({
+  rows,
+  limit,
+  getSortValue,
+  getId,
+}: {
+  rows: T[]
+  limit: number
+  getSortValue: (row: T) => string
+  getId: (row: T) => string
+}): { items: T[]; nextCursor: string | null } => {
+  if (rows.length <= limit) {
+    return { items: rows, nextCursor: null }
+  }
+
+  const items = rows.slice(0, limit)
+  const last = items[items.length - 1]
+  return { items, nextCursor: encodeCursor(getSortValue(last), getId(last)) }
+}

package/_stack/apps/tanstack-base/src/server/db/schemas/auth.schema.ts

@@ -0,0 +1,71 @@
+import { relations } from 'drizzle-orm'
+import { boolean, pgTable, text, timestamp } from 'drizzle-orm/pg-core'
+
+export const user = pgTable('user', {
+  id: text('id').primaryKey(),
+  name: text('name').notNull(),
+  email: text('email').notNull().unique(),
+  emailVerified: boolean('email_verified')
+    .$defaultFn(() => false)
+    .notNull(),
+  image: text('image'),
+  createdAt: timestamp('created_at')
+    .$defaultFn(() => new Date())
+    .notNull(),
+  updatedAt: timestamp('updated_at')
+    .$defaultFn(() => new Date())
+    .notNull(),
+})
+
+export const session = pgTable('session', {
+  id: text('id').primaryKey(),
+  expiresAt: timestamp('expires_at').notNull(),
+  token: text('token').notNull().unique(),
+  createdAt: timestamp('created_at').notNull(),
+  updatedAt: timestamp('updated_at').notNull(),
+  ipAddress: text('ip_address'),
+  userAgent: text('user_agent'),
+  userId: text('user_id')
+    .notNull()
+    .references(() => user.id, { onDelete: 'cascade' }),
+})
+
+export const account = pgTable('account', {
+  id: text('id').primaryKey(),
+  accountId: text('account_id').notNull(),
+  providerId: text('provider_id').notNull(),
+  userId: text('user_id')
+    .notNull()
+    .references(() => user.id, { onDelete: 'cascade' }),
+  accessToken: text('access_token'),
+  refreshToken: text('refresh_token'),
+  idToken: text('id_token'),
+  accessTokenExpiresAt: timestamp('access_token_expires_at'),
+  refreshTokenExpiresAt: timestamp('refresh_token_expires_at'),
+  scope: text('scope'),
+  password: text('password'),
+  createdAt: timestamp('created_at').notNull(),
+  updatedAt: timestamp('updated_at').notNull(),
+})
+
+export const verification = pgTable('verification', {
+  id: text('id').primaryKey(),
+  identifier: text('identifier').notNull(),
+  value: text('value').notNull(),
+  expiresAt: timestamp('expires_at').notNull(),
+  createdAt: timestamp('created_at').$defaultFn(() => new Date()),
+  updatedAt: timestamp('updated_at').$defaultFn(() => new Date()),
+})
+
+export const userRelations = relations(user, ({ many }) => ({
+  account: many(account),
+  session: many(session),
+}))
+
+export const accountRelations = relations(account, ({ one }) => ({
+  user: one(user, { fields: [account.userId], references: [user.id] }),
+}))
+
+export const sessionRelations = relations(session, ({ one }) => ({
+  user: one(user, { fields: [session.userId], references: [user.id] }),
+}))

package/_stack/apps/tanstack-base/src/server/db/schemas/index.ts

@@ -0,0 +1,2 @@
+// Barrel of every Drizzle schema. Add one `export *` line per `*.schema.ts`.
+export * from './auth.schema'

package/_stack/apps/tanstack-base/src/server/db/seed.ts

@@ -0,0 +1,27 @@
+import { faker } from '@faker-js/faker'
+import { config } from 'dotenv'
+
+config({ path: ['.env.local', '.env'] })
+
+// Deterministic data across runs.
+faker.seed(42)
+
+async function main() {
+  // Import the db client and seed your tables here (idempotent), using faker:
+  //   const { db } = await import('~/server/db')
+  //   await db.insert(user).values({
+  //     id: faker.string.uuid(),
+  //     name: faker.person.fullName(),
+  //     email: faker.internet.email().toLowerCase(),
+  //   }).onConflictDoNothing()
+
+  // biome-ignore lint/suspicious/noConsole: seed reporting
+  console.log('✓ Seed terminé')
+}
+
+main()
+  .then(() => process.exit(0))
+  .catch((error) => {
+    console.error(error)
+    process.exit(1)
+  })

package/_stack/apps/tanstack-base/src/server/email/adapters/resend/config.ts

@@ -0,0 +1,7 @@
+import * as v from 'valibot'
+
+export const ResendConfigSchema = v.object({
+  apiKey: v.pipe(v.string(), v.minLength(1, 'RESEND_API_KEY is required')),
+})
+
+export type ResendConfig = v.InferOutput<typeof ResendConfigSchema>

package/_stack/apps/tanstack-base/src/server/email/adapters/resend/index.ts

@@ -0,0 +1,75 @@
+import { Resend } from 'resend'
+import * as v from 'valibot'
+import { formatAddress } from '../../core/address'
+import { type MailerAdapter, MailerError, type RenderedMessage } from '../../core/port'
+import { ResendConfigSchema } from './config'
+
+/** Minimal structural view of the Resend client we depend on (eases testing). */
+export interface ResendClient {
+  emails: {
+    send(payload: ResendSendPayload): Promise<{
+      data: { id: string } | null
+      error: { message: string; name?: string } | null
+    }>
+  }
+}
+
+interface ResendSendPayload {
+  from: string
+  to: string[]
+  subject: string
+  html: string
+  text: string
+  replyTo?: string
+  cc?: string[]
+  bcc?: string[]
+  headers?: Record<string, string>
+  tags?: { name: string; value: string }[]
+  attachments?: { filename: string; content: Buffer | string; contentType?: string }[]
+}
+
+export interface ResendAdapterOptions {
+  apiKey: string
+  /** Inject a custom/mock client. Defaults to a real `Resend` instance. */
+  client?: ResendClient
+}
+
+function toAttachmentContent(content: Uint8Array | string): Buffer | string {
+  return typeof content === 'string' ? content : Buffer.from(content)
+}
+
+export function resendAdapter(options: ResendAdapterOptions): MailerAdapter {
+  // Validate config early so a missing key fails at construction, not at send().
+  const config = v.parse(ResendConfigSchema, { apiKey: options.apiKey })
+  const client: ResendClient =
+    options.client ?? (new Resend(config.apiKey) as unknown as ResendClient)
+
+  return {
+    name: 'resend',
+    async send(message: RenderedMessage) {
+      const { data, error } = await client.emails.send({
+        from: formatAddress(message.from),
+        to: message.to.map(formatAddress),
+        subject: message.subject,
+        html: message.html,
+        text: message.text,
+        replyTo: message.replyTo ? formatAddress(message.replyTo) : undefined,
+        cc: message.cc?.map(formatAddress),
+        bcc: message.bcc?.map(formatAddress),
+        headers: message.headers,
+        tags: message.tags
+          ? Object.entries(message.tags).map(([name, value]) => ({ name, value }))
+          : undefined,
+        attachments: message.attachments?.map((a) => ({
+          filename: a.filename,
+          content: toAttachmentContent(a.content),
+          contentType: a.contentType,
+        })),
+      })
+
+      if (error) throw new MailerError(error.message, { adapter: 'resend', cause: error })
+      if (!data) throw new MailerError('Resend returned no data', { adapter: 'resend' })
+      return { id: data.id }
+    },
+  }
+}

package/_stack/apps/tanstack-base/src/server/email/core/address.ts

@@ -0,0 +1,21 @@
+import type { MailAddress, MailRecipient } from './port'
+
+const ADDRESS_RE = /^\s*(.*?)\s*<([^>]+)>\s*$/
+
+/** Coerce a recipient into a structured {@link MailAddress}. */
+export function normalizeAddress(input: MailRecipient): MailAddress {
+  if (typeof input !== 'string') return input
+  const match = input.match(ADDRESS_RE)
+  if (match?.[2]) return { name: match[1] || undefined, email: match[2].trim() }
+  return { email: input.trim() }
+}
+
+/** Coerce a single recipient or list into a normalized array. */
+export function normalizeRecipients(input: MailRecipient | MailRecipient[]): MailAddress[] {
+  return (Array.isArray(input) ? input : [input]).map(normalizeAddress)
+}
+
+/** Render an address back to an RFC-style string (`Name <email>`). */
+export function formatAddress(address: MailAddress): string {
+  return address.name ? `${address.name} <${address.email}>` : address.email
+}