@batijs/cli 0.0.243 → 0.0.244

package/dist/boilerplates/@batijs/lucia-auth/files/lib/lucia-auth.ts

@@ -0,0 +1,96 @@
+import "dotenv/config";
+import { Lucia } from "lucia";
+import { BetterSqlite3Adapter } from "@lucia-auth/adapter-sqlite";
+import { GitHub } from "arctic";
+import { sqliteDb } from "../database/sqliteDb";
+import { DrizzleSQLiteAdapter } from "@lucia-auth/adapter-drizzle";
+import { drizzleDb } from "@batijs/drizzle/database/drizzleDb";
+import { sessionTable, userTable } from "../database/schema/auth";
+
+/**
+ * Polyfill needed if you're using Node.js 18 or below
+ *
+ * @link {@see https://lucia-auth.com/getting-started/#polyfill}
+ */
+if (!globalThis.crypto) {
+  Object.defineProperty(globalThis, "crypto", {
+    value: await import("node:crypto").then((crypto) => crypto.webcrypto as Crypto),
+    writable: false,
+    configurable: true,
+  });
+}
+
+/**
+ * Database setup
+ *
+ * @link {@see https://lucia-auth.com/database/#database-setup}
+ **/
+const adapter = BATI.has("drizzle")
+  ? new DrizzleSQLiteAdapter(drizzleDb, sessionTable, userTable)
+  : new BetterSqlite3Adapter(sqliteDb, {
+      user: "users",
+      session: "sessions",
+    });
+
+/**
+ * Initialize Lucia
+ *
+ * @link {@see https://lucia-auth.com/getting-started/#initialize-lucia}
+ */
+export const lucia = new Lucia(adapter, {
+  /**
+   * Lucia Configuration
+   *
+   * @link {@see https://lucia-auth.com/basics/configuration}
+   */
+  sessionCookie: {
+    attributes: {
+      secure: process.env.NODE_ENV === "production",
+    },
+  },
+  getUserAttributes: (attributes) => {
+    return {
+      username: attributes.username,
+    };
+  },
+});
+
+/**
+ * Initialize OAuth provider
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#initialize-oauth-provider}
+ */
+export const github = new GitHub(process.env.GITHUB_CLIENT_ID as string, process.env.GITHUB_CLIENT_SECRET as string);
+
+/**
+ * Define user attributes
+ *
+ * @link {@see https://lucia-auth.com/basics/users#define-user-attributes}
+ */
+declare module "lucia" {
+  interface Register {
+    Lucia: typeof lucia;
+    DatabaseUserAttributes: Omit<DatabaseUser, "id">;
+  }
+}
+
+export interface DatabaseUser {
+  id: string;
+  username: string;
+  password?: string;
+}
+
+export interface DatabaseOAuthAccount {
+  provider_id: string;
+  provider_user_id: string;
+  /*{ @if (it.BATI.has("drizzle")) }*/
+  userId: string;
+  /*{ #else }*/
+  user_id: string;
+  /*{ /if }*/
+}
+
+export interface GitHubUser {
+  id: number;
+  login: string; // username
+}

package/dist/boilerplates/@batijs/lucia-auth/files/pages/login/+guard.ts

@@ -0,0 +1,11 @@
+// https://vike.dev/guard
+import { redirect } from "vike/abort";
+import type { GuardAsync } from "vike/types";
+
+const guard: GuardAsync = async (pageContext): ReturnType<GuardAsync> => {
+  if (pageContext.user) {
+    throw redirect("/");
+  }
+};
+
+export { guard };

package/dist/boilerplates/@batijs/lucia-auth/files/pages/login/style.css

@@ -0,0 +1,94 @@
+header {
+  font-size: 28px;
+  font-weight: 600;
+  text-align: center;
+}
+.form {
+  position: absolute;
+  max-width: 430px;
+  width: 100%;
+}
+.form .field {
+  position: relative;
+  height: 50px;
+  width: 100%;
+  margin-top: 20px;
+  border-radius: 6px;
+}
+.field input,
+.button-field {
+  height: 100%;
+  width: 100%;
+  border: none;
+  font-size: 16px;
+  font-weight: 400;
+  border-radius: 6px;
+}
+.button-group {
+  display: flex;
+}
+.login-button {
+  background-color: #0171d3e8;
+}
+.login-button:hover {
+  background-color: #016dcb;
+}
+.signup-button {
+  background-color: #d30101f6;
+}
+.signup-button:hover {
+  background-color: #cb010b;
+}
+.field input {
+  outline: none;
+  padding: 0 15px;
+  border: 1px solid#CACACA;
+}
+.field input:focus {
+  border-bottom-width: 2px;
+}
+.field button {
+  color: #fff;
+  margin: 0 2px;
+  transition: all 0.3s ease;
+  cursor: pointer;
+}
+.field-error {
+  display: block;
+  width: 100%;
+  margin-top: 0.25rem;
+  font-size: 85%;
+  color: #dc3545;
+}
+.media-options a {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+a.github {
+  color: #fff;
+  background-color: #000;
+}
+a.github .github-icon {
+  height: 28px;
+  width: 28px;
+  color: #000;
+  font-size: 20px;
+  border-radius: 50%;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  background-color: #fff;
+}
+.github-icon {
+  position: absolute;
+  top: 50%;
+  left: 15px;
+  transform: translateY(-50%);
+}
+
+@media screen and (max-width: 400px) {
+  .form {
+    padding: 20px 10px;
+  }
+}

package/dist/boilerplates/@batijs/lucia-auth/files/server/lucia-auth-handlers.ts

@@ -0,0 +1,344 @@
+import type { Session, User } from "lucia";
+import { generateId, Scrypt, verifyRequestOrigin } from "lucia";
+import type { DatabaseOAuthAccount, DatabaseUser, GitHubUser } from "../lib/lucia-auth";
+import { github, lucia } from "../lib/lucia-auth";
+import { SqliteError } from "better-sqlite3";
+import { sqliteDb } from "../database/sqliteDb";
+import { generateState, OAuth2RequestError } from "arctic";
+import { parse, serialize } from "cookie";
+import { drizzleDb } from "@batijs/drizzle/database/drizzleDb";
+import { oauthAccountTable, userTable } from "../database/schema/auth";
+import { getExistingAccount, getExistingUser, validateInput } from "../database/auth-actions";
+
+/**
+ * CSRF protection middleware
+ *
+ * @link {@see https://lucia-auth.com/guides/validate-session-cookies/}
+ */
+export function luciaCsrfMiddleware<Context extends Record<string | number | symbol, unknown>>(
+  request: Request,
+  _context?: Context,
+): Response | undefined {
+  if (request.method === "GET") {
+    return;
+  }
+  if (!BATI_TEST) {
+    const originHeader = request.headers.get("Origin") ?? null;
+    const hostHeader = request.headers.get("Host") ?? null;
+
+    if (!originHeader || !hostHeader || !verifyRequestOrigin(originHeader, [hostHeader])) {
+      return new Response("Forbidden Request", {
+        status: 403,
+      });
+    }
+  }
+}
+
+/**
+ * Validate session cookies middleware
+ *
+ * @link {@see https://lucia-auth.com/guides/validate-session-cookies/}
+ */
+export async function luciaAuthMiddleware<Context extends Record<string | number | symbol, unknown>>(
+  request: Request,
+  context: Context & { session?: Session | null; user?: User | null },
+): Promise<void> {
+  const sessionId = lucia.readSessionCookie(request.headers.get("cookie") ?? "");
+
+  if (!sessionId) {
+    context.user = null;
+    context.session = null;
+  } else {
+    const { session, user } = await lucia.validateSession(sessionId);
+
+    if (session?.fresh) {
+      request.headers.append("Set-Cookie", lucia.createSessionCookie(session.id).serialize());
+    }
+    if (!session) {
+      request.headers.append("Set-Cookie", lucia.createBlankSessionCookie().serialize());
+    }
+
+    context.session = session;
+    context.user = user;
+  }
+}
+
+/**
+ * Register user handler
+ *
+ * @link {@see https://lucia-auth.com/guides/email-and-password/basics#register-user}
+ */
+export async function luciaAuthSignupHandler<Context extends Record<string | number | symbol, unknown>>(
+  request: Request,
+  _context?: Context,
+): Promise<Response> {
+  const body = (await request.json()) as { username: string; password: string };
+  const username = body.username ?? "";
+  const password = body.password ?? "";
+
+  const validated = validateInput(username, password);
+
+  if (!validated.success) {
+    return new Response(JSON.stringify({ error: validated.error }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  /**
+   * A pure JS implementation of Scrypt.
+   * It's portable but slower than implementations based on native code.
+   *
+   * @link {@see https://lucia-auth.com/reference/main/Scrypt}
+   * @link {@see https://lucia-auth.com/guides/email-and-password/basics#hashing-passwords}
+   */
+  const scrypt = new Scrypt();
+  const passwordHash = await scrypt.hash(password);
+
+  const userId = generateId(15);
+
+  try {
+    if (BATI.has("drizzle")) {
+      drizzleDb.insert(userTable).values({ id: userId, username, password: passwordHash }).run();
+    } else {
+      sqliteDb
+        .prepare("INSERT INTO users (id, username, password) VALUES(?, ?, ?)")
+        .run(userId, username, passwordHash);
+    }
+
+    const session = await lucia.createSession(userId, {});
+
+    return new Response(JSON.stringify({ status: "success" }), {
+      status: 200,
+      headers: {
+        "content-type": "application/json",
+        "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+      },
+    });
+  } catch (error) {
+    if (error instanceof SqliteError && error.code === "SQLITE_CONSTRAINT_UNIQUE") {
+      return new Response(JSON.stringify({ error: { username: "Username already in use" } }), {
+        status: 422,
+        headers: {
+          "content-type": "application/json",
+        },
+      });
+    }
+
+    return new Response(JSON.stringify({ error: { invalid: "An unknown error has occurred" } }), {
+      status: 500,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+}
+
+/**
+ * Sign in user handler
+ *
+ * @link {@see https://lucia-auth.com/guides/email-and-password/basics#sign-in-user}
+ */
+export async function luciaAuthLoginHandler<Context extends Record<string | number | symbol, unknown>>(
+  request: Request,
+  _context?: Context,
+): Promise<Response> {
+  const body = (await request.json()) as { username: string; password: string };
+  const username = body.username ?? "";
+  const password = body.password ?? "";
+
+  const validated = validateInput(username, password);
+
+  if (!validated.success) {
+    return new Response(JSON.stringify({ error: validated.error }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  const existingUser = getExistingUser(username) as DatabaseUser | undefined;
+  if (!existingUser) {
+    return new Response(JSON.stringify({ error: { invalid: "Incorrect username or password" } }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  const scrypt = new Scrypt();
+  const validPassword = existingUser.password && (await scrypt.verify(existingUser.password, password));
+
+  if (!validPassword) {
+    return new Response(JSON.stringify({ error: { invalid: "Incorrect username or password" } }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  const session = await lucia.createSession(existingUser.id, {});
+
+  return new Response(JSON.stringify({ status: "success" }), {
+    status: 200,
+    headers: {
+      "content-type": "application/json",
+      "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+    },
+  });
+}
+
+/**
+ * Log out user handler
+ */
+export async function luciaAuthLogoutHandler<Context extends Record<string | number | symbol, unknown>>(
+  _request: Request,
+  context: Context & { session?: Session | null },
+): Promise<Response> {
+  const session = context.session ?? null;
+
+  if (!session) {
+    return new Response("Unauthorized Request", {
+      status: 401,
+    });
+  }
+  /**
+   * Invalidate sessions
+   *
+   * @link {@see https://lucia-auth.com/basics/sessions#invalidate-sessions}
+   */
+  await lucia.invalidateSession(session.id);
+
+  /**
+   * Delete session cookie
+   *
+   * @link {@see https://lucia-auth.com/basics/sessions#delete-session-cookie}
+   */
+  return new Response(JSON.stringify({ status: "success" }), {
+    status: 200,
+    headers: {
+      "set-cookie": lucia.createBlankSessionCookie().serialize(),
+    },
+  });
+}
+
+/**
+ * Github OAuth authorization handler
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#creating-authorization-url}
+ */
+export async function luciaGithubLoginHandler<Context extends Record<string | number | symbol, unknown>>(
+  _request: Request,
+  _context?: Context,
+): Promise<Response> {
+  const state = generateState();
+  const url = await github.createAuthorizationURL(state);
+
+  return new Response(null, {
+    status: 302,
+    headers: {
+      Location: url.toString(),
+      "set-cookie": serialize("github_oauth_state", state, {
+        path: "/",
+        secure: process.env.NODE_ENV === "production",
+        httpOnly: true,
+        maxAge: 60 * 10,
+        sameSite: "lax",
+      }),
+    },
+  });
+}
+
+/**
+ * Github OAuth validate callback handler
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#validate-callback}
+ */
+export async function luciaGithubCallbackHandler<Context extends Record<string | number | symbol, unknown>>(
+  request: Request,
+  _context?: Context,
+): Promise<Response> {
+  const cookies = parse(request.headers.get("cookie") ?? "");
+  const params = new URL(request.url).searchParams;
+  const code = params.get("code");
+  const state = params.get("state");
+  const storedState = cookies.github_oauth_state ?? null;
+
+  if (!code || !state || !storedState || state !== storedState) {
+    return new Response("Unauthorized Request", {
+      status: 401,
+    });
+  }
+
+  try {
+    const tokens = await github.validateAuthorizationCode(code);
+    const githubUserResponse = await fetch("https://api.github.com/user", {
+      headers: {
+        Authorization: `Bearer ${tokens.accessToken}`,
+      },
+    });
+    const githubUser = (await githubUserResponse.json()) as GitHubUser;
+
+    const existingAccount = getExistingAccount("github", githubUser.id) as DatabaseOAuthAccount | undefined;
+
+    if (existingAccount) {
+      const session = await lucia.createSession(
+        BATI.has("drizzle") ? existingAccount.userId : existingAccount.user_id,
+        {},
+      );
+      return new Response(null, {
+        status: 302,
+        headers: {
+          Location: "/",
+          "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+        },
+      });
+    }
+
+    const userId = generateId(15);
+
+    if (BATI.has("drizzle")) {
+      await drizzleDb.transaction(async (tx) => {
+        await tx.insert(userTable).values({ id: userId, username: githubUser.login });
+        await tx.insert(oauthAccountTable).values({ providerId: "github", providerUserId: githubUser.id, userId });
+      });
+    } else {
+      sqliteDb.transaction(() => {
+        sqliteDb.prepare("INSERT INTO users (id, username) VALUES (?, ?)").run(userId, githubUser.login);
+        sqliteDb
+          .prepare("INSERT INTO oauth_accounts (provider_id, provider_user_id, user_id) VALUES (?, ?, ?)")
+          .run("github", githubUser.id, userId);
+      });
+    }
+
+    const session = await lucia.createSession(userId, {});
+
+    return new Response(null, {
+      status: 302,
+      headers: {
+        Location: "/",
+        "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+      },
+    });
+  } catch (error) {
+    if (error instanceof OAuth2RequestError && error.message === "bad_verification_code") {
+      return new Response(JSON.stringify({ error: error.message }), {
+        status: 400,
+        headers: {
+          "content-type": "application/json",
+        },
+      });
+    }
+    return new Response(JSON.stringify({ error: error }), {
+      status: 500,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+}

package/dist/boilerplates/@batijs/lucia-auth/files/vike.d.ts

@@ -0,0 +1,11 @@
+import type { User } from "lucia";
+
+declare global {
+  namespace Vike {
+    interface PageContext {
+      user?: User;
+    }
+  }
+}
+
+export {};

package/dist/boilerplates/@batijs/lucia-auth/types/database/auth-actions.d.ts

@@ -0,0 +1,9 @@
+export declare function getExistingUser(username: string): unknown;
+export declare function getExistingAccount(providerId: string, providerUserId: number): unknown;
+export declare function validateInput(username: string | null, password: string | null): {
+    error: {
+        username: string | null;
+        password: string | null;
+    };
+    success: boolean;
+};