@buildpad/cli 0.1.4

package/dist/templates/api/files-route.ts

@@ -0,0 +1,83 @@
+/**
+ * Files API Route
+ * 
+ * Proxies file operations to the DaaS backend.
+ * Required for file upload components.
+ * 
+ * @buildpad/origin: api-routes/files
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+/**
+ * GET /api/files
+ * List files with optional filtering
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    // Forward query parameters
+    const searchParams = request.nextUrl.searchParams.toString();
+    const url = `${daasUrl}/api/files${searchParams ? `?${searchParams}` : ''}`;
+    
+    const response = await fetch(url, {
+      headers,
+      cache: 'no-store',
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Files GET error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * POST /api/files
+ * Upload a file
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    // Get the form data from the request
+    const formData = await request.formData();
+    
+    // Remove Content-Type header to let fetch set it with boundary for multipart
+    const { 'Content-Type': _, ...restHeaders } = headers as Record<string, string>;
+    
+    const response = await fetch(`${daasUrl}/api/files`, {
+      method: 'POST',
+      headers: restHeaders,
+      body: formData,
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Upload failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Files POST error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/items-id-route.ts

@@ -0,0 +1,120 @@
+/**
+ * Items Single Item API Route
+ * 
+ * Proxies single item CRUD operations to the DaaS backend.
+ * 
+ * @buildpad/origin: api-routes/items-id
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+type RouteParams = { params: Promise<{ collection: string; id: string }> };
+
+/**
+ * GET /api/items/[collection]/[id]
+ * Get a single item by ID
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { collection, id } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    // Forward query parameters (e.g., fields)
+    const searchParams = request.nextUrl.searchParams.toString();
+    const url = `${daasUrl}/api/items/${collection}/${id}${searchParams ? `?${searchParams}` : ''}`;
+    
+    const response = await fetch(url, {
+      headers,
+      cache: 'no-store',
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Items GET by ID error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * PATCH /api/items/[collection]/[id]
+ * Update an existing item
+ */
+export async function PATCH(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { collection, id } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    const body = await request.json();
+    
+    const response = await fetch(`${daasUrl}/api/items/${collection}/${id}`, {
+      method: 'PATCH',
+      headers,
+      body: JSON.stringify(body),
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Items PATCH error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * DELETE /api/items/[collection]/[id]
+ * Delete an item
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { collection, id } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    const response = await fetch(`${daasUrl}/api/items/${collection}/${id}`, {
+      method: 'DELETE',
+      headers,
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    return NextResponse.json({ data: null });
+  } catch (error) {
+    console.error('Items DELETE error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/items-route.ts

@@ -0,0 +1,88 @@
+/**
+ * Items Collection API Route
+ * 
+ * Proxies CRUD operations for collection items to the DaaS backend.
+ * Supports DaaS-compatible query parameters.
+ * 
+ * @buildpad/origin: api-routes/items
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+type RouteParams = { params: Promise<{ collection: string }> };
+
+/**
+ * GET /api/items/[collection]
+ * List items with optional filtering, sorting, and pagination
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { collection } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    // Forward all query parameters
+    const searchParams = request.nextUrl.searchParams.toString();
+    const url = `${daasUrl}/api/items/${collection}${searchParams ? `?${searchParams}` : ''}`;
+    
+    const response = await fetch(url, {
+      headers,
+      cache: 'no-store',
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Items GET error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * POST /api/items/[collection]
+ * Create a new item
+ */
+export async function POST(
+  request: NextRequest,
+  { params }: RouteParams
+) {
+  try {
+    const { collection } = await params;
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    const body = await request.json();
+    
+    const response = await fetch(`${daasUrl}/api/items/${collection}`, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify(body),
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Items POST error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/api/login-page.tsx

@@ -0,0 +1,142 @@
+/**
+ * Login Page Template
+ * 
+ * Server-side proxy login page that uses the /api/auth/login proxy route
+ * instead of calling Supabase directly from the browser.
+ * This avoids CORS issues in the two-tier architecture.
+ * 
+ * Pattern: Browser → /api/auth/login (same origin) → Supabase Auth (server-side)
+ * 
+ * @buildpad/origin: pages/login
+ * @buildpad/version: 1.0.0
+ */
+
+'use client';
+
+import { useState } from 'react';
+import {
+  Paper,
+  TextInput,
+  PasswordInput,
+  Button,
+  Title,
+  Text,
+  Container,
+  Stack,
+  Box,
+  Group,
+  Anchor,
+} from '@mantine/core';
+import { useForm } from '@mantine/form';
+import { notifications } from '@mantine/notifications';
+import { useRouter } from 'next/navigation';
+
+export default function LoginPage() {
+  const router = useRouter();
+  const [loading, setLoading] = useState(false);
+
+  const form = useForm({
+    initialValues: {
+      email: '',
+      password: '',
+    },
+    validate: {
+      email: (value) => (!value ? 'Email is required' : /^\S+@\S+$/.test(value) ? null : 'Invalid email'),
+      password: (value) => (!value ? 'Password is required' : null),
+    },
+  });
+
+  const handleLogin = async (values: { email: string; password: string }) => {
+    setLoading(true);
+
+    try {
+      // Use the proxy route — NOT the Supabase client directly
+      // This avoids CORS issues because the request stays same-origin
+      const response = await fetch('/api/auth/login', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(values),
+        credentials: 'include', // Include cookies
+      });
+
+      const data = await response.json();
+
+      if (!response.ok) {
+        throw new Error(data.errors?.[0]?.message || 'Login failed');
+      }
+
+      notifications.show({
+        title: 'Success',
+        message: 'Logged in successfully',
+        color: 'green',
+      });
+
+      router.push('/');
+      router.refresh();
+    } catch (error) {
+      console.error('Login error:', error);
+      notifications.show({
+        title: 'Error',
+        message: error instanceof Error ? error.message : 'Failed to login',
+        color: 'red',
+      });
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <Box
+      style={{
+        position: 'fixed',
+        top: 0,
+        left: 0,
+        right: 0,
+        bottom: 0,
+        display: 'flex',
+        alignItems: 'center',
+        justifyContent: 'center',
+        background: 'linear-gradient(180deg, #f8f9fa 0%, #e9ecef 100%)',
+      }}
+    >
+      <Container size={420}>
+        <Title ta="center" mb="md">
+          Welcome back
+        </Title>
+        <Text c="dimmed" size="sm" ta="center" mb="xl">
+          Sign in to your account
+        </Text>
+
+        <Paper withBorder shadow="md" p={30} radius="md">
+          <form onSubmit={form.onSubmit(handleLogin)}>
+            <Stack>
+              <TextInput
+                label="Email"
+                placeholder="you@example.com"
+                required
+                {...form.getInputProps('email')}
+              />
+
+              <PasswordInput
+                label="Password"
+                placeholder="Your password"
+                required
+                {...form.getInputProps('password')}
+              />
+
+              <Group justify="flex-end">
+                <Anchor component="button" type="button" c="dimmed" size="xs">
+                  Forgot password?
+                </Anchor>
+              </Group>
+
+              <Button type="submit" fullWidth loading={loading}>
+                Sign in
+              </Button>
+            </Stack>
+          </form>
+        </Paper>
+      </Container>
+    </Box>
+  );
+}

package/dist/templates/api/permissions-me-route.ts

@@ -0,0 +1,72 @@
+/**
+ * Permissions (Me) API Route
+ *
+ * Proxies the current user's permission requests to the DaaS backend.
+ * Required for CollectionList permission-aware column filtering via
+ * PermissionsService.getReadableFields().
+ *
+ * @buildpad/origin: api-routes/permissions-me
+ * @buildpad/version: 1.0.0
+ */
+
+import { getAuthHeaders, getDaasUrl } from "@/lib/api/auth-headers";
+import { NextRequest, NextResponse } from "next/server";
+
+/**
+ * GET /api/permissions/me
+ * Returns the current user's field-level permissions for all collections.
+ *
+ * Query Parameters:
+ * - collection=name  Filter to specific collection(s), can be repeated
+ *
+ * Response format (DaaS / DaaS):
+ * {
+ *   "data": {
+ *     "<collection>": {
+ *       "read":   { "fields": ["id","title",...], "permissions": null, "validation": null, "presets": null },
+ *       "create": { ... },
+ *       "update": { ... },
+ *       "delete": { ... }
+ *     }
+ *   }
+ * }
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+
+    const searchParams = request.nextUrl.searchParams.toString();
+    const url = `${daasUrl}/api/permissions/me${
+      searchParams ? `?${searchParams}` : ""
+    }`;
+
+    const response = await fetch(url, {
+      headers,
+      cache: "no-store",
+    });
+
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({
+        errors: [{ message: "Request failed" }],
+      }));
+      return NextResponse.json(error, { status: response.status });
+    }
+
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error("Permissions API error:", error);
+    return NextResponse.json(
+      {
+        errors: [
+          {
+            message:
+              error instanceof Error ? error.message : "Internal server error",
+          },
+        ],
+      },
+      { status: 500 },
+    );
+  }
+}

package/dist/templates/api/relations-route.ts

@@ -0,0 +1,46 @@
+/**
+ * Relations API Route
+ * 
+ * Proxies relation schema requests to the DaaS backend.
+ * Required for M2O, M2M, O2M, and M2A relation components.
+ * 
+ * @buildpad/origin: api-routes/relations
+ * @buildpad/version: 1.0.0
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders, getDaasUrl } from '@/lib/api/auth-headers';
+
+/**
+ * GET /api/relations
+ * Get all relation definitions
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const headers = await getAuthHeaders();
+    const daasUrl = getDaasUrl();
+    
+    // Forward query parameters (e.g., filter by collection)
+    const searchParams = request.nextUrl.searchParams.toString();
+    const url = `${daasUrl}/api/relations${searchParams ? `?${searchParams}` : ''}`;
+    
+    const response = await fetch(url, {
+      headers,
+      cache: 'no-store',
+    });
+    
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ errors: [{ message: 'Request failed' }] }));
+      return NextResponse.json(error, { status: response.status });
+    }
+    
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Relations API error:', error);
+    return NextResponse.json(
+      { errors: [{ message: error instanceof Error ? error.message : 'Internal server error' }] },
+      { status: 500 }
+    );
+  }
+}

package/dist/templates/app/content/[collection]/[id]/page.tsx

@@ -0,0 +1,35 @@
+/**
+ * Item Edit/Create Page
+ *
+ * Renders a dynamic form for creating or editing a single item in a collection.
+ * Uses CollectionForm (which wraps VForm with all 40+ field interfaces).
+ *
+ * Generated by @buildpad/cli
+ */
+
+"use client";
+
+import React, { use } from 'react';
+import { useRouter } from 'next/navigation';
+import { CollectionForm } from '@/components/ui/collection-form';
+
+export default function ItemPage({
+  params,
+}: {
+  params: Promise<{ collection: string; id: string }>;
+}) {
+  const { collection, id } = use(params);
+  const router = useRouter();
+
+  const isNew = id === '+' || id === 'new';
+
+  return (
+    <CollectionForm
+      collection={collection}
+      id={isNew ? undefined : id}
+      mode={isNew ? 'create' : 'edit'}
+      onSuccess={() => router.push(`/content/${collection}`)}
+      onCancel={() => router.back()}
+    />
+  );
+}

package/dist/templates/app/content/[collection]/page.tsx

@@ -0,0 +1,65 @@
+/**
+ * Collection List Page
+ *
+ * Displays a table of items for the given collection with search,
+ * filtering, pagination, selection, and bulk actions.
+ *
+ * Generated by @buildpad/cli
+ */
+
+"use client";
+
+import React, { use, useEffect } from 'react';
+import { useRouter } from 'next/navigation';
+import { Button, Group } from '@mantine/core';
+import { IconPlus, IconTrash } from '@tabler/icons-react';
+import { CollectionList } from '@/components/ui/collection-list';
+import { useLocalStorage } from '@/lib/buildpad/hooks';
+import type { BulkAction } from '@/components/ui/collection-list';
+
+export default function CollectionPage({
+  params,
+}: {
+  params: Promise<{ collection: string }>;
+}) {
+  const { collection } = use(params);
+  const router = useRouter();
+  const { setValue: setLastAccessed } = useLocalStorage<string>('last-accessed-collection');
+
+  // Track last accessed collection
+  useEffect(() => {
+    setLastAccessed(collection);
+  }, [collection, setLastAccessed]);
+
+  const bulkActions: BulkAction[] = [
+    {
+      label: 'Delete',
+      icon: <IconTrash size={16} />,
+      color: 'red',
+      action: async (selectedIds) => {
+        if (!confirm(`Delete ${selectedIds.length} item(s)?`)) return;
+        try {
+          await fetch(`/api/items/${collection}`, {
+            method: 'DELETE',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(selectedIds),
+          });
+          // CollectionList will auto-refresh
+          window.location.reload();
+        } catch (error) {
+          console.error('Batch delete failed:', error);
+        }
+      },
+    },
+  ];
+
+  return (
+    <CollectionList
+      collection={collection}
+      enableSearch
+      enableSelection
+      bulkActions={bulkActions}
+      onItemClick={(item) => router.push(`/content/${collection}/${item.id}`)}
+    />
+  );
+}