@alfredmouelle/create-stack 0.1.0

package/_stack/apps/next-base/src/features/auth/google-button.tsx

@@ -0,0 +1,66 @@
+'use client'
+
+import { useState } from 'react'
+import { Button } from '~/components/ui/button'
+import { Spinner } from '~/components/ui/spinner'
+import { authClient } from '~/server/better-auth/client'
+
+function GoogleIcon() {
+  return (
+    <svg aria-hidden="true" className="size-4" viewBox="0 0 24 24">
+      <path
+        d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
+        fill="#4285F4"
+      />
+      <path
+        d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
+        fill="#34A853"
+      />
+      <path
+        d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
+        fill="#FBBC05"
+      />
+      <path
+        d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
+        fill="#EA4335"
+      />
+    </svg>
+  )
+}
+
+export function GoogleButton({
+  label,
+  callbackURL = '/',
+}: {
+  label: string
+  callbackURL?: string
+}) {
+  const [loading, setLoading] = useState(false)
+
+  return (
+    <Button
+      className="w-full cursor-pointer"
+      disabled={loading}
+      onClick={async () => {
+        setLoading(true)
+        await authClient.signIn.social({ provider: 'google', callbackURL })
+        setLoading(false)
+      }}
+      type="button"
+      variant="outline"
+    >
+      {loading ? <Spinner /> : <GoogleIcon />}
+      {label}
+    </Button>
+  )
+}
+
+export function AuthDivider() {
+  return (
+    <div className="flex items-center gap-3 text-muted-foreground text-xs">
+      <span className="h-px flex-1 bg-border" />
+      or
+      <span className="h-px flex-1 bg-border" />
+    </div>
+  )
+}

package/_stack/apps/next-base/src/features/auth/schemas.ts

@@ -0,0 +1,35 @@
+import * as v from 'valibot'
+
+export const SignInSchema = v.object({
+  email: v.pipe(v.string(), v.nonEmpty('Email is required'), v.email('Invalid email address')),
+  password: v.pipe(v.string(), v.nonEmpty('Password is required')),
+})
+
+export const SignUpSchema = v.object({
+  name: v.pipe(v.string(), v.nonEmpty('Name is required')),
+  email: v.pipe(v.string(), v.nonEmpty('Email is required'), v.email('Invalid email address')),
+  password: v.pipe(v.string(), v.minLength(8, 'At least 8 characters')),
+})
+
+export const ForgotPasswordSchema = v.object({
+  email: v.pipe(v.string(), v.nonEmpty('Email is required'), v.email('Invalid email address')),
+})
+
+export const ResetPasswordSchema = v.pipe(
+  v.object({
+    password: v.pipe(v.string(), v.minLength(8, 'At least 8 characters')),
+    confirmPassword: v.pipe(v.string(), v.nonEmpty('Confirmation is required')),
+  }),
+  v.forward(
+    v.check(
+      ({ password, confirmPassword }) => password === confirmPassword,
+      'Passwords do not match',
+    ),
+    ['confirmPassword'],
+  ),
+)
+
+export type SignInInput = v.InferInput<typeof SignInSchema>
+export type SignUpInput = v.InferInput<typeof SignUpSchema>
+export type ForgotPasswordInput = v.InferInput<typeof ForgotPasswordSchema>
+export type ResetPasswordInput = v.InferInput<typeof ResetPasswordSchema>

package/_stack/apps/next-base/src/lib/date.ts

@@ -0,0 +1,4 @@
+import { format } from 'date-fns'
+
+/** Format a Date as an ISO date string (yyyy-MM-dd). */
+export const toISODate = (date: Date): string => format(date, 'yyyy-MM-dd')

package/_stack/apps/next-base/src/lib/utils.ts

@@ -0,0 +1,6 @@
+import { type ClassValue, clsx } from 'clsx'
+import { twMerge } from 'tailwind-merge'
+
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs))
+}

package/_stack/apps/next-base/src/server/api/root.ts

@@ -0,0 +1,10 @@
+import { createCallerFactory, createTRPCRouter } from '~/server/api/trpc'
+import { healthRouter } from './routers/health.router'
+
+export const appRouter = createTRPCRouter({
+  health: healthRouter,
+})
+
+export type AppRouter = typeof appRouter
+
+export const createCaller = createCallerFactory(appRouter)

package/_stack/apps/next-base/src/server/api/routers/health.router.ts

@@ -0,0 +1,8 @@
+import { createTRPCRouter, publicProcedure } from '~/server/api/trpc'
+
+export const healthRouter = createTRPCRouter({
+  ping: publicProcedure.query(() => ({
+    ok: true,
+    time: new Date().toISOString(),
+  })),
+})

package/_stack/apps/next-base/src/server/api/trpc.ts

@@ -0,0 +1,56 @@
+import { initTRPC, TRPCError } from '@trpc/server'
+import superjson from 'superjson'
+import { flatten, ValiError } from 'valibot'
+import { auth } from '~/server/better-auth'
+import { db } from '~/server/db'
+
+export const createTRPCContext = async (opts: { headers: Headers }) => {
+  const session = await auth.api.getSession({ headers: opts.headers })
+  return { db, session, ...opts }
+}
+
+const t = initTRPC.context<typeof createTRPCContext>().create({
+  transformer: superjson,
+  errorFormatter({ shape, error }) {
+    return {
+      ...shape,
+      data: {
+        ...shape.data,
+        validationError: error.cause instanceof ValiError ? flatten(error.cause.issues) : null,
+      },
+    }
+  },
+})
+
+export const createCallerFactory = t.createCallerFactory
+
+export const createTRPCRouter = t.router
+
+const timingMiddleware = t.middleware(async ({ next, path }) => {
+  const start = Date.now()
+
+  if (t._config.isDev) {
+    const waitMs = Math.floor(Math.random() * 400) + 100
+    await new Promise((resolve) => setTimeout(resolve, waitMs))
+  }
+
+  const result = await next()
+
+  // biome-ignore lint/suspicious/noConsole: dev timing instrumentation
+  console.log(`[TRPC] ${path} took ${Date.now() - start}ms to execute`)
+
+  return result
+})
+
+export const publicProcedure = t.procedure.use(timingMiddleware)
+
+export const protectedProcedure = t.procedure.use(timingMiddleware).use(({ ctx, next }) => {
+  if (!ctx.session?.user) {
+    throw new TRPCError({ code: 'UNAUTHORIZED' })
+  }
+  return next({
+    ctx: {
+      session: { ...ctx.session, user: ctx.session.user },
+    },
+  })
+})

package/_stack/apps/next-base/src/server/auth/guards.ts

@@ -0,0 +1,10 @@
+import 'server-only'
+import { redirect } from 'next/navigation'
+import { getSession } from '~/server/better-auth/server'
+
+/** Require a signed-in user in a Server Component / page; redirect otherwise. */
+export async function requireAuth() {
+  const session = await getSession()
+  if (!session) redirect('/auth/sign-in')
+  return session
+}

package/_stack/apps/next-base/src/server/better-auth/client.ts

@@ -0,0 +1,9 @@
+import { inferAdditionalFields } from 'better-auth/client/plugins'
+import { createAuthClient } from 'better-auth/react'
+import type { auth } from './config'
+
+export const authClient = createAuthClient({
+  plugins: [inferAdditionalFields<typeof auth>()],
+})
+
+export type Session = typeof authClient.$Infer.Session

package/_stack/apps/next-base/src/server/better-auth/config.ts

@@ -0,0 +1,60 @@
+import { betterAuth } from 'better-auth'
+import { drizzleAdapter } from 'better-auth/adapters/drizzle'
+import { env } from '~/env'
+import { db } from '~/server/db'
+import { sendPasswordResetEmail, sendVerificationEmail } from './emails'
+
+const socialProviders =
+  env.BETTER_AUTH_GOOGLE_CLIENT_ID && env.BETTER_AUTH_GOOGLE_CLIENT_SECRET
+    ? {
+        google: {
+          clientId: env.BETTER_AUTH_GOOGLE_CLIENT_ID,
+          clientSecret: env.BETTER_AUTH_GOOGLE_CLIENT_SECRET,
+        },
+      }
+    : undefined
+
+export const auth = betterAuth({
+  database: drizzleAdapter(db, {
+    provider: 'pg',
+  }),
+  emailAndPassword: {
+    enabled: true,
+    minPasswordLength: 8,
+    requireEmailVerification: true,
+    sendResetPassword: async ({ user, url }) => {
+      await sendPasswordResetEmail({ to: { email: user.email, name: user.name }, url })
+    },
+  },
+  emailVerification: {
+    sendOnSignUp: true,
+    autoSignInAfterVerification: true,
+    expiresIn: 60 * 60,
+    sendVerificationEmail: async ({ user, url }) => {
+      await sendVerificationEmail({ to: { email: user.email, name: user.name }, url })
+    },
+  },
+  socialProviders,
+  user: {
+    // Extend the user with extra columns here (mirror them in auth.schema.ts):
+    // additionalFields: {
+    //   role: { type: 'string', defaultValue: 'user', input: false },
+    // },
+    additionalFields: {},
+  },
+  trustedOrigins: [env.BETTER_AUTH_URL],
+  rateLimit: {
+    enabled: env.NODE_ENV === 'production',
+    window: 60,
+    max: 100,
+    customRules: {
+      '/sign-up/email': { window: 60, max: 5 },
+      '/sign-in/email': { window: 60, max: 10 },
+      '/forget-password': { window: 60, max: 3 },
+      '/request-password-reset': { window: 60, max: 3 },
+      '/send-verification-email': { window: 60, max: 3 },
+    },
+  },
+})
+
+export type Session = typeof auth.$Infer.Session

package/_stack/apps/next-base/src/server/better-auth/emails.tsx

@@ -0,0 +1,25 @@
+import { ResetPasswordEmail } from '~/emails/reset-password'
+import { VerifyEmail } from '~/emails/verify-email'
+import { type EmailRecipient, sendEmail } from '~/server/email'
+
+export const sendVerificationEmail = async (params: {
+  to: EmailRecipient
+  url: string
+}): Promise<void> => {
+  await sendEmail({
+    to: params.to,
+    subject: 'Confirm your email address',
+    template: <VerifyEmail name={params.to.name} url={params.url} />,
+  })
+}
+
+export const sendPasswordResetEmail = async (params: {
+  to: EmailRecipient
+  url: string
+}): Promise<void> => {
+  await sendEmail({
+    to: params.to,
+    subject: 'Reset your password',
+    template: <ResetPasswordEmail name={params.to.name} url={params.url} />,
+  })
+}

package/_stack/apps/next-base/src/server/better-auth/index.ts

@@ -0,0 +1 @@
+export { auth } from './config'

package/_stack/apps/next-base/src/server/better-auth/server.ts

@@ -0,0 +1,14 @@
+import { headers } from 'next/headers'
+import { cache } from 'react'
+import { auth } from '.'
+
+/** Per-request cached session lookup (uses the cookie cache). */
+export const getSession = cache(async () => auth.api.getSession({ headers: await headers() }))
+
+/** Bypasses the cookie cache — use for sensitive checks. */
+export const getFreshSession = cache(async () =>
+  auth.api.getSession({
+    headers: await headers(),
+    query: { disableCookieCache: true },
+  }),
+)

package/_stack/apps/next-base/src/server/db/index.ts

@@ -0,0 +1,6 @@
+import { drizzle } from 'drizzle-orm/node-postgres'
+
+import { env } from '~/env'
+import * as schema from '~/server/db/schemas'
+
+export const db = drizzle(env.DATABASE_URL, { schema })

package/_stack/apps/next-base/src/server/db/keyset.ts

@@ -0,0 +1,63 @@
+import { and, type Column, eq, gt, lt, or, type SQL } from 'drizzle-orm'
+
+export type SortDirection = 'asc' | 'desc'
+
+export const escapeLike = (value: string): string => value.replace(/[\\%_]/g, (char) => `\\${char}`)
+
+export const encodeCursor = (value: string, id: string): string =>
+  Buffer.from(JSON.stringify([value, id])).toString('base64url')
+
+export const decodeCursor = (cursor: string): { value: string; id: string } | null => {
+  try {
+    const [value, id] = JSON.parse(Buffer.from(cursor, 'base64url').toString())
+    if (typeof value !== 'string' || typeof id !== 'string') return null
+    return { value, id }
+  } catch {
+    return null
+  }
+}
+
+export const keysetCondition = ({
+  sortColumn,
+  idColumn,
+  direction,
+  cursor,
+  toComparable,
+}: {
+  sortColumn: Column
+  idColumn: Column
+  direction: SortDirection
+  cursor: string
+  toComparable: (value: string) => unknown
+}): SQL | undefined => {
+  const decoded = decodeCursor(cursor)
+  if (!decoded) return undefined
+
+  const comparable = toComparable(decoded.value)
+  const compare = direction === 'asc' ? gt : lt
+
+  return or(
+    compare(sortColumn, comparable),
+    and(eq(sortColumn, comparable), compare(idColumn, decoded.id)),
+  )
+}
+
+export const takePage = <T>({
+  rows,
+  limit,
+  getSortValue,
+  getId,
+}: {
+  rows: T[]
+  limit: number
+  getSortValue: (row: T) => string
+  getId: (row: T) => string
+}): { items: T[]; nextCursor: string | null } => {
+  if (rows.length <= limit) {
+    return { items: rows, nextCursor: null }
+  }
+
+  const items = rows.slice(0, limit)
+  const last = items[items.length - 1]
+  return { items, nextCursor: encodeCursor(getSortValue(last), getId(last)) }
+}

package/_stack/apps/next-base/src/server/db/schemas/auth.schema.ts

@@ -0,0 +1,71 @@
+import { relations } from 'drizzle-orm'
+import { boolean, pgTable, text, timestamp } from 'drizzle-orm/pg-core'
+
+export const user = pgTable('user', {
+  id: text('id').primaryKey(),
+  name: text('name').notNull(),
+  email: text('email').notNull().unique(),
+  emailVerified: boolean('email_verified')
+    .$defaultFn(() => false)
+    .notNull(),
+  image: text('image'),
+  createdAt: timestamp('created_at')
+    .$defaultFn(() => new Date())
+    .notNull(),
+  updatedAt: timestamp('updated_at')
+    .$defaultFn(() => new Date())
+    .notNull(),
+})
+
+export const session = pgTable('session', {
+  id: text('id').primaryKey(),
+  expiresAt: timestamp('expires_at').notNull(),
+  token: text('token').notNull().unique(),
+  createdAt: timestamp('created_at').notNull(),
+  updatedAt: timestamp('updated_at').notNull(),
+  ipAddress: text('ip_address'),
+  userAgent: text('user_agent'),
+  userId: text('user_id')
+    .notNull()
+    .references(() => user.id, { onDelete: 'cascade' }),
+})
+
+export const account = pgTable('account', {
+  id: text('id').primaryKey(),
+  accountId: text('account_id').notNull(),
+  providerId: text('provider_id').notNull(),
+  userId: text('user_id')
+    .notNull()
+    .references(() => user.id, { onDelete: 'cascade' }),
+  accessToken: text('access_token'),
+  refreshToken: text('refresh_token'),
+  idToken: text('id_token'),
+  accessTokenExpiresAt: timestamp('access_token_expires_at'),
+  refreshTokenExpiresAt: timestamp('refresh_token_expires_at'),
+  scope: text('scope'),
+  password: text('password'),
+  createdAt: timestamp('created_at').notNull(),
+  updatedAt: timestamp('updated_at').notNull(),
+})
+
+export const verification = pgTable('verification', {
+  id: text('id').primaryKey(),
+  identifier: text('identifier').notNull(),
+  value: text('value').notNull(),
+  expiresAt: timestamp('expires_at').notNull(),
+  createdAt: timestamp('created_at').$defaultFn(() => new Date()),
+  updatedAt: timestamp('updated_at').$defaultFn(() => new Date()),
+})
+
+export const userRelations = relations(user, ({ many }) => ({
+  account: many(account),
+  session: many(session),
+}))
+
+export const accountRelations = relations(account, ({ one }) => ({
+  user: one(user, { fields: [account.userId], references: [user.id] }),
+}))
+
+export const sessionRelations = relations(session, ({ one }) => ({
+  user: one(user, { fields: [session.userId], references: [user.id] }),
+}))

package/_stack/apps/next-base/src/server/db/schemas/index.ts

@@ -0,0 +1,2 @@
+// Barrel of every Drizzle schema. Add one `export *` line per `*.schema.ts`.
+export * from './auth.schema'

package/_stack/apps/next-base/src/server/db/seed.ts

@@ -0,0 +1,27 @@
+import { faker } from '@faker-js/faker'
+import { config } from 'dotenv'
+
+config({ path: ['.env.local', '.env'] })
+
+// Deterministic data across runs.
+faker.seed(42)
+
+async function main() {
+  // Import the db client and seed your tables here (idempotent), using faker:
+  //   const { db } = await import('~/server/db')
+  //   await db.insert(user).values({
+  //     id: faker.string.uuid(),
+  //     name: faker.person.fullName(),
+  //     email: faker.internet.email().toLowerCase(),
+  //   }).onConflictDoNothing()
+
+  // biome-ignore lint/suspicious/noConsole: seed reporting
+  console.log('✓ Seed terminé')
+}
+
+main()
+  .then(() => process.exit(0))
+  .catch((error) => {
+    console.error(error)
+    process.exit(1)
+  })

package/_stack/apps/next-base/src/server/email/adapters/resend/config.ts

@@ -0,0 +1,7 @@
+import * as v from 'valibot'
+
+export const ResendConfigSchema = v.object({
+  apiKey: v.pipe(v.string(), v.minLength(1, 'RESEND_API_KEY is required')),
+})
+
+export type ResendConfig = v.InferOutput<typeof ResendConfigSchema>

package/_stack/apps/next-base/src/server/email/adapters/resend/index.ts

@@ -0,0 +1,75 @@
+import { Resend } from 'resend'
+import * as v from 'valibot'
+import { formatAddress } from '../../core/address'
+import { type MailerAdapter, MailerError, type RenderedMessage } from '../../core/port'
+import { ResendConfigSchema } from './config'
+
+/** Minimal structural view of the Resend client we depend on (eases testing). */
+export interface ResendClient {
+  emails: {
+    send(payload: ResendSendPayload): Promise<{
+      data: { id: string } | null
+      error: { message: string; name?: string } | null
+    }>
+  }
+}
+
+interface ResendSendPayload {
+  from: string
+  to: string[]
+  subject: string
+  html: string
+  text: string
+  replyTo?: string
+  cc?: string[]
+  bcc?: string[]
+  headers?: Record<string, string>
+  tags?: { name: string; value: string }[]
+  attachments?: { filename: string; content: Buffer | string; contentType?: string }[]
+}
+
+export interface ResendAdapterOptions {
+  apiKey: string
+  /** Inject a custom/mock client. Defaults to a real `Resend` instance. */
+  client?: ResendClient
+}
+
+function toAttachmentContent(content: Uint8Array | string): Buffer | string {
+  return typeof content === 'string' ? content : Buffer.from(content)
+}
+
+export function resendAdapter(options: ResendAdapterOptions): MailerAdapter {
+  // Validate config early so a missing key fails at construction, not at send().
+  const config = v.parse(ResendConfigSchema, { apiKey: options.apiKey })
+  const client: ResendClient =
+    options.client ?? (new Resend(config.apiKey) as unknown as ResendClient)
+
+  return {
+    name: 'resend',
+    async send(message: RenderedMessage) {
+      const { data, error } = await client.emails.send({
+        from: formatAddress(message.from),
+        to: message.to.map(formatAddress),
+        subject: message.subject,
+        html: message.html,
+        text: message.text,
+        replyTo: message.replyTo ? formatAddress(message.replyTo) : undefined,
+        cc: message.cc?.map(formatAddress),
+        bcc: message.bcc?.map(formatAddress),
+        headers: message.headers,
+        tags: message.tags
+          ? Object.entries(message.tags).map(([name, value]) => ({ name, value }))
+          : undefined,
+        attachments: message.attachments?.map((a) => ({
+          filename: a.filename,
+          content: toAttachmentContent(a.content),
+          contentType: a.contentType,
+        })),
+      })
+
+      if (error) throw new MailerError(error.message, { adapter: 'resend', cause: error })
+      if (!data) throw new MailerError('Resend returned no data', { adapter: 'resend' })
+      return { id: data.id }
+    },
+  }
+}

package/_stack/apps/next-base/src/server/email/core/address.ts

@@ -0,0 +1,21 @@
+import type { MailAddress, MailRecipient } from './port'
+
+const ADDRESS_RE = /^\s*(.*?)\s*<([^>]+)>\s*$/
+
+/** Coerce a recipient into a structured {@link MailAddress}. */
+export function normalizeAddress(input: MailRecipient): MailAddress {
+  if (typeof input !== 'string') return input
+  const match = input.match(ADDRESS_RE)
+  if (match?.[2]) return { name: match[1] || undefined, email: match[2].trim() }
+  return { email: input.trim() }
+}
+
+/** Coerce a single recipient or list into a normalized array. */
+export function normalizeRecipients(input: MailRecipient | MailRecipient[]): MailAddress[] {
+  return (Array.isArray(input) ? input : [input]).map(normalizeAddress)
+}
+
+/** Render an address back to an RFC-style string (`Name <email>`). */
+export function formatAddress(address: MailAddress): string {
+  return address.name ? `${address.name} <${address.email}>` : address.email
+}