@batijs/cli 0.0.243 → 0.0.245

package/dist/boilerplates/@batijs/lucia-auth/files/server/lucia-auth-handlers.ts

@@ -0,0 +1,340 @@
+import type { Session, User } from "lucia";
+import { generateId, Scrypt, verifyRequestOrigin } from "lucia";
+import type { DatabaseOAuthAccount, DatabaseUser, GitHubUser } from "../lib/lucia-auth";
+import { github, lucia } from "../lib/lucia-auth";
+import { SqliteError } from "better-sqlite3";
+import { sqliteDb } from "../database/sqliteDb";
+import { generateState, OAuth2RequestError } from "arctic";
+import { parse, serialize } from "cookie";
+import { drizzleDb } from "@batijs/drizzle/database/drizzleDb";
+import { oauthAccountTable, userTable } from "../database/schema/auth";
+import { getExistingAccount, getExistingUser, validateInput } from "../database/auth-actions";
+import type { Get, UniversalHandler, UniversalMiddleware } from "@universal-middleware/core";
+
+/**
+ * CSRF protection middleware
+ *
+ * @link {@see https://lucia-auth.com/guides/validate-session-cookies/}
+ */
+export const luciaCsrfMiddleware = (() => async (request) => {
+  if (request.method === "GET") {
+    return;
+  }
+  if (!BATI_TEST) {
+    const originHeader = request.headers.get("Origin") ?? null;
+    const hostHeader = request.headers.get("Host") ?? null;
+
+    if (!originHeader || !hostHeader || !verifyRequestOrigin(originHeader, [hostHeader])) {
+      return new Response("Forbidden Request", {
+        status: 403,
+      });
+    }
+  }
+}) satisfies Get<[], UniversalMiddleware>;
+
+/**
+ * Validate session cookies middleware and set context
+ *
+ * @link {@see https://lucia-auth.com/guides/validate-session-cookies/}
+ */
+export const luciaAuthContextMiddleware = (() => async (request, context) => {
+  const sessionId = lucia.readSessionCookie(request.headers.get("cookie") ?? "");
+
+  if (!sessionId) {
+    return {
+      ...context,
+      session: null,
+      user: null,
+    };
+  } else {
+    const { session, user } = await lucia.validateSession(sessionId);
+
+    return {
+      ...context,
+      sessionId,
+      session,
+      user,
+    };
+  }
+}) satisfies Get<[], UniversalMiddleware>;
+
+/**
+ * Set Set-Cookie headers if in context
+ */
+export const luciaAuthCookieMiddleware = (() => (_request, context) => {
+  return (response: Response) => {
+    if (context.session?.fresh) {
+      response.headers.append("Set-Cookie", lucia.createSessionCookie(context.session.id).serialize());
+    }
+    if (context.sessionId && !context.session) {
+      response.headers.append("Set-Cookie", lucia.createBlankSessionCookie().serialize());
+    }
+
+    return response;
+  };
+}) satisfies Get<[], UniversalMiddleware<{ session?: Session | null; user?: User | null; sessionId?: string | null }>>;
+
+/**
+ * Register user handler
+ *
+ * @link {@see https://lucia-auth.com/guides/email-and-password/basics#register-user}
+ */
+export const luciaAuthSignupHandler = (() => async (request) => {
+  const body = (await request.json()) as { username: string; password: string };
+  const username = body.username ?? "";
+  const password = body.password ?? "";
+
+  const validated = validateInput(username, password);
+
+  if (!validated.success) {
+    return new Response(JSON.stringify({ error: validated.error }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  /**
+   * A pure JS implementation of Scrypt.
+   * It's portable but slower than implementations based on native code.
+   *
+   * @link {@see https://lucia-auth.com/reference/main/Scrypt}
+   * @link {@see https://lucia-auth.com/guides/email-and-password/basics#hashing-passwords}
+   */
+  const scrypt = new Scrypt();
+  const passwordHash = await scrypt.hash(password);
+
+  const userId = generateId(15);
+
+  try {
+    if (BATI.has("drizzle")) {
+      drizzleDb.insert(userTable).values({ id: userId, username, password: passwordHash }).run();
+    } else {
+      sqliteDb
+        .prepare("INSERT INTO users (id, username, password) VALUES(?, ?, ?)")
+        .run(userId, username, passwordHash);
+    }
+
+    const session = await lucia.createSession(userId, {});
+
+    return new Response(JSON.stringify({ status: "success" }), {
+      status: 200,
+      headers: {
+        "content-type": "application/json",
+        "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+      },
+    });
+  } catch (error) {
+    if (error instanceof SqliteError && error.code === "SQLITE_CONSTRAINT_UNIQUE") {
+      return new Response(JSON.stringify({ error: { username: "Username already in use" } }), {
+        status: 422,
+        headers: {
+          "content-type": "application/json",
+        },
+      });
+    }
+
+    return new Response(JSON.stringify({ error: { invalid: "An unknown error has occurred" } }), {
+      status: 500,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+}) satisfies Get<[], UniversalMiddleware>;
+
+/**
+ * Sign in user handler
+ *
+ * @link {@see https://lucia-auth.com/guides/email-and-password/basics#sign-in-user}
+ */
+export const luciaAuthLoginHandler = (() => async (request) => {
+  const body = (await request.json()) as { username: string; password: string };
+  const username = body.username ?? "";
+  const password = body.password ?? "";
+
+  const validated = validateInput(username, password);
+
+  if (!validated.success) {
+    return new Response(JSON.stringify({ error: validated.error }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  const existingUser = getExistingUser(username) as DatabaseUser | undefined;
+  if (!existingUser) {
+    return new Response(JSON.stringify({ error: { invalid: "Incorrect username or password" } }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  const scrypt = new Scrypt();
+  const validPassword = existingUser.password && (await scrypt.verify(existingUser.password, password));
+
+  if (!validPassword) {
+    return new Response(JSON.stringify({ error: { invalid: "Incorrect username or password" } }), {
+      status: 422,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+
+  const session = await lucia.createSession(existingUser.id, {});
+
+  return new Response(JSON.stringify({ status: "success" }), {
+    status: 200,
+    headers: {
+      "content-type": "application/json",
+      "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+    },
+  });
+}) satisfies Get<[], UniversalMiddleware>;
+
+/**
+ * Log out user handler
+ */
+export const luciaAuthLogoutHandler = (() => async (_request, context) => {
+  const session = context.session ?? null;
+
+  if (!session) {
+    return new Response("Unauthorized Request", {
+      status: 401,
+    });
+  }
+  /**
+   * Invalidate sessions
+   *
+   * @link {@see https://lucia-auth.com/basics/sessions#invalidate-sessions}
+   */
+  await lucia.invalidateSession(session.id);
+
+  /**
+   * Delete session cookie
+   *
+   * @link {@see https://lucia-auth.com/basics/sessions#delete-session-cookie}
+   */
+  return new Response(JSON.stringify({ status: "success" }), {
+    status: 200,
+    headers: {
+      "set-cookie": lucia.createBlankSessionCookie().serialize(),
+    },
+  });
+}) satisfies Get<[], UniversalMiddleware<{ session?: Session | null }>>;
+
+/**
+ * Github OAuth authorization handler
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#creating-authorization-url}
+ */
+export const luciaGithubLoginHandler = (() => async () => {
+  const state = generateState();
+  const url = await github.createAuthorizationURL(state);
+
+  return new Response(null, {
+    status: 302,
+    headers: {
+      Location: url.toString(),
+      "set-cookie": serialize("github_oauth_state", state, {
+        path: "/",
+        secure: process.env.NODE_ENV === "production",
+        httpOnly: true,
+        maxAge: 60 * 10,
+        sameSite: "lax",
+      }),
+    },
+  });
+}) satisfies Get<[], UniversalHandler>;
+
+/**
+ * Github OAuth validate callback handler
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#validate-callback}
+ */
+export const luciaGithubCallbackHandler = (() => async (request) => {
+  const cookies = parse(request.headers.get("cookie") ?? "");
+  const params = new URL(request.url).searchParams;
+  const code = params.get("code");
+  const state = params.get("state");
+  const storedState = cookies.github_oauth_state ?? null;
+
+  if (!code || !state || !storedState || state !== storedState) {
+    return new Response("Unauthorized Request", {
+      status: 401,
+    });
+  }
+
+  try {
+    const tokens = await github.validateAuthorizationCode(code);
+    const githubUserResponse = await fetch("https://api.github.com/user", {
+      headers: {
+        Authorization: `Bearer ${tokens.accessToken}`,
+      },
+    });
+    const githubUser = (await githubUserResponse.json()) as GitHubUser;
+
+    const existingAccount = getExistingAccount("github", githubUser.id) as DatabaseOAuthAccount | undefined;
+
+    if (existingAccount) {
+      const session = await lucia.createSession(
+        BATI.has("drizzle") ? existingAccount.userId : existingAccount.user_id,
+        {},
+      );
+      return new Response(null, {
+        status: 302,
+        headers: {
+          Location: "/",
+          "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+        },
+      });
+    }
+
+    const userId = generateId(15);
+
+    if (BATI.has("drizzle")) {
+      await drizzleDb.transaction(async (tx) => {
+        await tx.insert(userTable).values({ id: userId, username: githubUser.login });
+        await tx.insert(oauthAccountTable).values({ providerId: "github", providerUserId: githubUser.id, userId });
+      });
+    } else {
+      sqliteDb.transaction(() => {
+        sqliteDb.prepare("INSERT INTO users (id, username) VALUES (?, ?)").run(userId, githubUser.login);
+        sqliteDb
+          .prepare("INSERT INTO oauth_accounts (provider_id, provider_user_id, user_id) VALUES (?, ?, ?)")
+          .run("github", githubUser.id, userId);
+      });
+    }
+
+    const session = await lucia.createSession(userId, {});
+
+    return new Response(null, {
+      status: 302,
+      headers: {
+        Location: "/",
+        "set-cookie": lucia.createSessionCookie(session.id).serialize(),
+      },
+    });
+  } catch (error) {
+    if (error instanceof OAuth2RequestError && error.message === "bad_verification_code") {
+      return new Response(JSON.stringify({ error: error.message }), {
+        status: 400,
+        headers: {
+          "content-type": "application/json",
+        },
+      });
+    }
+    return new Response(JSON.stringify({ error: error }), {
+      status: 500,
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  }
+}) satisfies Get<[], UniversalHandler>;

package/dist/boilerplates/@batijs/lucia-auth/files/vike.d.ts

@@ -0,0 +1,11 @@
+import type { User } from "lucia";
+
+declare global {
+  namespace Vike {
+    interface PageContext {
+      user?: User;
+    }
+  }
+}
+
+export {};

package/dist/boilerplates/@batijs/lucia-auth/types/database/auth-actions.d.ts

@@ -0,0 +1,9 @@
+export declare function getExistingUser(username: string): unknown;
+export declare function getExistingAccount(providerId: string, providerUserId: number): unknown;
+export declare function validateInput(username: string | null, password: string | null): {
+    error: {
+        username: string | null;
+        password: string | null;
+    };
+    success: boolean;
+};

package/dist/boilerplates/@batijs/lucia-auth/types/database/schema/auth.d.ts

@@ -0,0 +1,167 @@
+export declare const userTable: import("drizzle-orm/sqlite-core").SQLiteTableWithColumns<{
+    name: "users";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "id";
+            tableName: "users";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+        username: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "username";
+            tableName: "users";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+        password: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "password";
+            tableName: "users";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+    };
+    dialect: "sqlite";
+}>;
+export declare const oauthAccountTable: import("drizzle-orm/sqlite-core").SQLiteTableWithColumns<{
+    name: "oauth_accounts";
+    schema: undefined;
+    columns: {
+        providerId: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "provider_id";
+            tableName: "oauth_accounts";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+        providerUserId: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "provider_user_id";
+            tableName: "oauth_accounts";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+        userId: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "user_id";
+            tableName: "oauth_accounts";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+    };
+    dialect: "sqlite";
+}>;
+export declare const sessionTable: import("drizzle-orm/sqlite-core").SQLiteTableWithColumns<{
+    name: "sessions";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "id";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+        userId: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "user_id";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+        expiresAt: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "expires_at";
+            tableName: "sessions";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            generated: undefined;
+        }, object>;
+    };
+    dialect: "sqlite";
+}>;
+export type UserItem = typeof userTable.$inferSelect;
+export type UserInsert = typeof userTable.$inferInsert;

package/dist/boilerplates/@batijs/lucia-auth/types/database/sqliteDb.d.ts

@@ -0,0 +1,2 @@
+import { type Database } from "better-sqlite3";
+export declare const sqliteDb: Database;

package/dist/boilerplates/@batijs/lucia-auth/types/lib/lucia-auth.d.ts

@@ -0,0 +1,43 @@
+import "dotenv/config";
+import { Lucia } from "lucia";
+import { GitHub } from "arctic";
+/**
+ * Initialize Lucia
+ *
+ * @link {@see https://lucia-auth.com/getting-started/#initialize-lucia}
+ */
+export declare const lucia: Lucia<Record<never, never>, {
+    username: string;
+}>;
+/**
+ * Initialize OAuth provider
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#initialize-oauth-provider}
+ */
+export declare const github: GitHub;
+/**
+ * Define user attributes
+ *
+ * @link {@see https://lucia-auth.com/basics/users#define-user-attributes}
+ */
+declare module "lucia" {
+    interface Register {
+        Lucia: typeof lucia;
+        DatabaseUserAttributes: Omit<DatabaseUser, "id">;
+    }
+}
+export interface DatabaseUser {
+    id: string;
+    username: string;
+    password?: string;
+}
+export interface DatabaseOAuthAccount {
+    provider_id: string;
+    provider_user_id: string;
+    userId: string;
+    user_id: string;
+}
+export interface GitHubUser {
+    id: number;
+    login: string;
+}

package/dist/boilerplates/@batijs/lucia-auth/types/pages/login/+guard.d.ts

@@ -0,0 +1,3 @@
+import type { GuardAsync } from "vike/types";
+declare const guard: GuardAsync;
+export { guard };

package/dist/boilerplates/@batijs/lucia-auth/types/server/lucia-auth-handlers.d.ts

@@ -0,0 +1,58 @@
+import type { Session, User } from "lucia";
+/**
+ * CSRF protection middleware
+ *
+ * @link {@see https://lucia-auth.com/guides/validate-session-cookies/}
+ */
+export declare const luciaCsrfMiddleware: () => (request: Request) => Promise<Response | undefined>;
+/**
+ * Validate session cookies middleware and set context
+ *
+ * @link {@see https://lucia-auth.com/guides/validate-session-cookies/}
+ */
+export declare const luciaAuthContextMiddleware: () => (request: Request, context: Universal.Context) => Promise<{
+    session: null;
+    user: null;
+} | {
+    sessionId: string;
+    session: Session | null;
+    user: User | null;
+}>;
+/**
+ * Set Set-Cookie headers if in context
+ */
+export declare const luciaAuthCookieMiddleware: () => (_request: Request, context: {
+    session?: Session | null;
+    user?: User | null;
+    sessionId?: string | null;
+}) => (response: Response) => Response;
+/**
+ * Register user handler
+ *
+ * @link {@see https://lucia-auth.com/guides/email-and-password/basics#register-user}
+ */
+export declare const luciaAuthSignupHandler: () => (request: Request) => Promise<Response>;
+/**
+ * Sign in user handler
+ *
+ * @link {@see https://lucia-auth.com/guides/email-and-password/basics#sign-in-user}
+ */
+export declare const luciaAuthLoginHandler: () => (request: Request) => Promise<Response>;
+/**
+ * Log out user handler
+ */
+export declare const luciaAuthLogoutHandler: () => (_request: Request, context: {
+    session?: Session | null;
+}) => Promise<Response>;
+/**
+ * Github OAuth authorization handler
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#creating-authorization-url}
+ */
+export declare const luciaGithubLoginHandler: () => () => Promise<Response>;
+/**
+ * Github OAuth validate callback handler
+ *
+ * @link {@see https://lucia-auth.com/guides/oauth/basics#validate-callback}
+ */
+export declare const luciaGithubCallbackHandler: () => (request: Request) => Promise<Response>;

package/dist/boilerplates/@batijs/react/files/$package.json.js

@@ -57,11 +57,11 @@ var require_package = __commonJS({
         "cross-fetch": "^4.0.0",
         react: "^18.3.1",
         "react-dom": "^18.3.1",
-        tailwindcss: "^3.4.9",
+        tailwindcss: "^3.4.10",
         typescript: "^5.5.4",
-        vike: "^0.4.183",
-        "vike-react": "^0.5.1",
-        vite: "^5.4.0",
+        vike: "^0.4.187",
+        "vike-react": "^0.5.3",
+        vite: "^5.4.1",
         "vite-plugin-compiled-react": "^1.1.3"
       },
       dependencies: {

package/dist/boilerplates/@batijs/react/files/layouts/LayoutDefault.tsx

@@ -28,6 +28,7 @@ export default function LayoutDefault({ children }: { children: React.ReactNode
         <Link href="/">Welcome</Link>
         <Link href="/todo">Todo</Link>
         <Link href="/star-wars">Data Fetching</Link>
+        {BATI.has("firebase-auth") || BATI.has("lucia-auth") ? <Link href="/login">Login</Link> : ""}
       </Sidebar>
       <Content>{children}</Content>
     </div>

package/dist/boilerplates/@batijs/react/files/pages/+config.ts

@@ -7,7 +7,7 @@ import Layout from "../layouts/LayoutDefault.js";
 export default {
   Layout,
   Head,
-  //# BATI.has("auth0") || BATI.has("firebase-auth") || BATI.has("authjs")
+  //# BATI.has("auth0") || BATI.has("firebase-auth") || BATI.has("authjs") || BATI.has("lucia-auth")
   passToClient: ["user"],
   // <title>
   title: "My Vike App",