npm - @cogito.ai/cli - Versions diffs - 0.4.2 → 0.4.4 - Mend

@cogito.ai/cli 0.4.2 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

package/dist/templates/web-nextjs/apps/web/src/features/subscription/types.ts ADDED Viewed

@@ -0,0 +1,73 @@
+export type PlanCode = 'free' | 'pro' | 'enterprise'
+export type BillingCycle = 'monthly' | 'yearly'
+export type PaymentMethod = 'alipay' | 'wechat' | 'stripe'
+export type PaymentStatus = 'pending' | 'paid' | 'failed' | 'refunded' | 'cancelled'
+export type SubscriptionStatus = 'trial' | 'active' | 'expired' | 'cancelled' | 'pending'
+export type PaymentChannel = 'alipay_page' | 'alipay_wap' | 'wechat_native' | 'wechat_h5'
+export interface SubscriptionPlan {
+  id: number
+  plan_code: PlanCode
+  plan_name: string
+  description: string | null
+  price_monthly: number
+  price_yearly: number
+  features: Record<string, unknown>
+  display_order: number
+  is_active: boolean
+  is_featured: boolean
+  created_at: string
+  updated_at: string
+}
+export interface UserSubscription {
+  id: number
+  user_id: string
+  plan_id: number
+  status: SubscriptionStatus
+  billing_cycle: BillingCycle
+  current_period_start: string | null
+  current_period_end: string | null
+  cancelled_at: string | null
+  cancel_at_period_end: boolean
+  last_payment_id: number | null
+  next_billing_date: string | null
+  metadata: Record<string, unknown> | null
+  created_at: string
+  updated_at: string
+}
+export interface Payment {
+  id: number
+  user_id: string
+  subscription_id: number | null
+  order_no: string
+  amount: number
+  currency: string
+  payment_method: PaymentMethod
+  payment_channel: PaymentChannel | null
+  status: PaymentStatus
+  provider_trade_no: string | null
+  provider_response: Record<string, unknown> | null
+  paid_at: string | null
+  refunded_at: string | null
+  metadata: Record<string, unknown> | null
+  created_at: string
+  updated_at: string
+}
+export interface CreatePaymentParams {
+  user_id: string
+  subscription_id?: number
+  order_no: string
+  amount: number
+  currency?: string
+  payment_method: PaymentMethod
+  payment_channel?: PaymentChannel
+  metadata?: Record<string, unknown>
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/wechat/client.ts ADDED Viewed

@@ -0,0 +1,33 @@
+'use client'
+interface WechatPayResult {
+  type: 'qrcode' | 'redirect'
+  codeUrl?: string
+  h5Url?: string
+}
+export async function initiateWechatPayment(
+  paymentId: number,
+  userId: string,
+): Promise<WechatPayResult> {
+  const res = await fetch('/api/payments/wechat/create', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ paymentId, userId }),
+  })
+  if (!res.ok) {
+    throw new Error('Failed to initiate WeChat payment')
+  }
+  const data = (await res.json()) as WechatPayResult
+  if (data.type === 'qrcode' && data.codeUrl) {
+    return { type: 'qrcode', codeUrl: data.codeUrl }
+  } else if (data.type === 'redirect' && data.h5Url) {
+    window.location.href = data.h5Url
+    return { type: 'redirect', h5Url: data.h5Url }
+  }
+  throw new Error('Unexpected WeChat payment response')
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/wechat/server.ts ADDED Viewed

@@ -0,0 +1,147 @@
+import { wxpayRequest } from '@/lib/wechat-pay/client'
+import type { WechatPayConfig } from '@/lib/wechat-pay/types'
+import { decryptResource, verifySignature } from '@/lib/wechat-pay/crypto'
+export function getWechatPayConfig(): WechatPayConfig {
+  const appId = process.env.WECHAT_PAY_APP_ID
+  const mchId = process.env.WECHAT_PAY_MCH_ID
+  const privateKey = process.env.WECHAT_PAY_PRIVATE_KEY
+  const serialNo = process.env.WECHAT_PAY_SERIAL_NO
+  const apiV3Key = process.env.WECHAT_PAY_API_V3_KEY
+  const platformPublicKey = process.env.WECHAT_PAY_PLATFORM_PUBLIC_KEY
+  const baseUrl = process.env.WECHAT_PAY_BASE_URL || 'https://api.mch.weixin.qq.com'
+  const notifyUrl = process.env.WECHAT_PAY_NOTIFY_URL
+  if (
+    !appId ||
+    !mchId ||
+    !privateKey ||
+    !serialNo ||
+    !apiV3Key ||
+    !platformPublicKey ||
+    !notifyUrl
+  ) {
+    throw new Error(
+      'Missing WeChat Pay credentials. Ensure all WECHAT_PAY_* environment variables are set.',
+    )
+  }
+  return {
+    appId,
+    mchId,
+    privateKey,
+    serialNo,
+    apiV3Key,
+    platformPublicKey,
+    baseUrl,
+    notifyUrl,
+  }
+}
+interface CreateWechatPayParams {
+  description: string
+  outTradeNo: string
+  notifyUrl: string
+  amount: { total: number; currency?: string }
+  sceneInfo?: object
+}
+export async function createWechatNativePay(params: CreateWechatPayParams) {
+  const config = getWechatPayConfig()
+  const body = {
+    appid: config.appId,
+    mchid: config.mchId,
+    description: params.description,
+    out_trade_no: params.outTradeNo,
+    notify_url: params.notifyUrl,
+    amount: params.amount,
+  }
+  return wxpayRequest<{ code_url: string }>({
+    config,
+    method: 'post',
+    url: '/v3/pay/transactions/native',
+    body,
+  })
+}
+export async function createWechatH5Pay(params: CreateWechatPayParams) {
+  const config = getWechatPayConfig()
+  const body = {
+    appid: config.appId,
+    mchid: config.mchId,
+    description: params.description,
+    out_trade_no: params.outTradeNo,
+    notify_url: params.notifyUrl,
+    amount: params.amount,
+    scene_info: params.sceneInfo,
+  }
+  return wxpayRequest<{ h5_url: string }>({
+    config,
+    method: 'post',
+    url: '/v3/pay/transactions/h5',
+    body,
+  })
+}
+export async function queryWechatOrder(outTradeNo: string) {
+  const config = getWechatPayConfig()
+  return wxpayRequest<{ trade_state: string }>({
+    config,
+    method: 'get',
+    url: `/v3/pay/transactions/out-trade-no/${outTradeNo}`,
+  })
+}
+export interface VerifyAndDecryptNotifyResult {
+  outTradeNo: string
+  tradeState: string
+  transactionId: string
+  amount: number
+  currency: string
+  appId: string
+  mchId: string
+}
+export async function verifyAndDecryptNotify(
+  headers: Record<string, string | undefined>,
+  rawBody: string,
+): Promise<VerifyAndDecryptNotifyResult> {
+  const config = getWechatPayConfig()
+  const timestamp = headers['wechatpay-timestamp'] || headers['Wechatpay-Timestamp'] || ''
+  const nonce = headers['wechatpay-nonce'] || headers['Wechatpay-Nonce'] || ''
+  const signature = headers['wechatpay-signature'] || headers['Wechatpay-Signature'] || ''
+  const isValid = verifySignature({
+    timestamp,
+    nonce,
+    body: rawBody,
+    signature,
+    platformPublicKey: config.platformPublicKey,
+  })
+  if (!isValid) {
+    throw new Error('Invalid WeChat Pay signature')
+  }
+  const bodyData = JSON.parse(rawBody)
+  const resource = bodyData.resource
+  const decrypted = decryptResource({
+    ciphertext: resource.ciphertext,
+    associatedData: resource.associated_data,
+    nonce: resource.nonce,
+    apiV3Key: config.apiV3Key,
+  })
+  const transaction = JSON.parse(decrypted)
+  return {
+    outTradeNo: transaction.out_trade_no,
+    tradeState: transaction.trade_state,
+    transactionId: transaction.transaction_id,
+    amount: transaction.amount?.total,
+    currency: transaction.amount?.currency,
+    appId: transaction.appid,
+    mchId: transaction.mchid,
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/hooks/use-mobile.ts CHANGED Viewed

@@ -1,6 +1,6 @@
-"use client"
+'use client'
-import * as React from "react"
+import * as React from 'react'
 const MOBILE_BREAKPOINT = 768
@@ -12,9 +12,9 @@ export function useIsMobile() {
     const onChange = () => {
       setIsMobile(window.innerWidth < MOBILE_BREAKPOINT)
     }
-    mql.addEventListener("change", onChange)
+    mql.addEventListener('change', onChange)
     setIsMobile(window.innerWidth < MOBILE_BREAKPOINT)
-    return () => mql.removeEventListener("change", onChange)
+    return () => mql.removeEventListener('change', onChange)
   }, [])
   return !!isMobile

package/dist/templates/web-nextjs/apps/web/src/i18n/config.ts CHANGED Viewed

@@ -9,4 +9,4 @@ export const defaultLocale: AppLocale =
 export function isLocale(value: string): value is AppLocale {
   return locales.includes(value as AppLocale)
-}
+}

package/dist/templates/web-nextjs/apps/web/src/infra/db/SupabaseAuthRepository.ts CHANGED Viewed

@@ -20,9 +20,7 @@ export class SupabaseAuthRepository implements IAuthRepository {
     const supabase = await getServerClient()
     const { data, error } = await supabase.auth.signUp({ email, password })
     if (error) {
-      const msg = error.message.toLowerCase().includes('already')
-        ? '该邮箱已被注册'
-        : error.message
+      const msg = error.message.toLowerCase().includes('already') ? '该邮箱已被注册' : error.message
       return { user: null, error: msg }
     }
     const u = data.user
@@ -39,7 +37,9 @@ export class SupabaseAuthRepository implements IAuthRepository {
   async getSession(): Promise<AuthUser | null> {
     const supabase = await getServerClient()
-    const { data: { user } } = await supabase.auth.getUser()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
     if (!user) return null
     return { id: user.id, email: user.email ?? '', createdAt: user.created_at }
   }
@@ -85,4 +85,48 @@ export class SupabaseAuthRepository implements IAuthRepository {
     }
     return { user: null, error: null }
   }
+  async sendPasswordResetOTP(email: string): Promise<AuthResult> {
+    const supabase = await getServerClient()
+    const { error } = await supabase.auth.signInWithOtp({
+      email,
+      options: {
+        shouldCreateUser: false, // Don't create user if not exists
+      },
+    })
+    if (error) {
+      return { user: null, error: error.message }
+    }
+    return { user: null, error: null }
+  }
+  async verifyPasswordResetOTP(
+    email: string,
+    token: string,
+    newPassword: string,
+  ): Promise<AuthResult> {
+    const supabase = await getServerClient()
+    const { data, error } = await supabase.auth.verifyOtp({
+      email,
+      token,
+      type: 'email',
+    })
+    if (error) {
+      return { user: null, error: error.message }
+    }
+    // After verifying OTP, update the password
+    const { error: updateError } = await supabase.auth.updateUser({
+      password: newPassword,
+    })
+    if (updateError) {
+      return { user: null, error: updateError.message }
+    }
+    const u = data.user
+    return {
+      user: u ? { id: u.id, email: u.email ?? '', createdAt: u.created_at } : null,
+      error: null,
+    }
+  }
 }

package/dist/templates/web-nextjs/apps/web/src/infra/db/client.ts CHANGED Viewed

@@ -66,10 +66,7 @@ export function getBrowserClient() {
  * await supabase.auth.getUser() // refreshes session token
  * ```
  */
-export function createMiddlewareClient(
-  request: NextRequest,
-  response: NextResponse,
-) {
+export function createMiddlewareClient(request: NextRequest, response: NextResponse) {
   const supabase = createServerClient(
     process.env.NEXT_PUBLIC_SUPABASE_URL!,
     process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

package/dist/templates/web-nextjs/apps/web/src/lib/supabase/admin.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { createClient } from '@supabase/supabase-js'
+/**
+ * Creates a Supabase admin client using the service role key.
+ *
+ * ⚠️ WARNING: This client bypasses Row Level Security (RLS).
+ * Use ONLY in server-side contexts (Route Handlers, Server Actions).
+ * NEVER expose this client to the browser.
+ */
+export function createAdminClient() {
+  const url = process.env.NEXT_PUBLIC_SUPABASE_URL
+  const key = process.env.SUPABASE_SERVICE_ROLE_KEY
+  if (!url || !key) {
+    throw new Error(
+      'Missing Supabase admin credentials. Ensure NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are set.',
+    )
+  }
+  return createClient(url, key, {
+    auth: { autoRefreshToken: false, persistSession: false },
+  })
+}

package/dist/templates/web-nextjs/apps/web/src/lib/utils.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { clsx, type ClassValue } from "clsx"
-import { twMerge } from "tailwind-merge"
+import { clsx, type ClassValue } from 'clsx'
+import { twMerge } from 'tailwind-merge'
 export function cn(...inputs: ClassValue[]) {
   return twMerge(clsx(inputs))

package/dist/templates/web-nextjs/apps/web/src/lib/validations/auth.ts CHANGED Viewed

@@ -20,6 +20,18 @@ export const forgotPasswordSchema = z.object({
   email: z.string().email('请输入有效邮箱'),
 })
+export const resetPasswordWithOTPSchema = z
+  .object({
+    email: z.string().email('请输入有效邮箱'),
+    token: z.string().min(6, '验证码至少 6 位'),
+    password: z.string().min(8, '密码至少 8 位'),
+    confirmPassword: z.string(),
+  })
+  .refine((data) => data.password === data.confirmPassword, {
+    message: '两次密码不一致',
+    path: ['confirmPassword'],
+  })
 export const resetPasswordSchema = z
   .object({
     password: z.string().min(8, '密码至少 8 位'),
@@ -37,5 +49,6 @@ export const displayNameSchema = z.object({
 export type SignInInput = z.infer<typeof signInSchema>
 export type SignUpInput = z.infer<typeof signUpSchema>
 export type ForgotPasswordInput = z.infer<typeof forgotPasswordSchema>
+export type ResetPasswordWithOTPInput = z.infer<typeof resetPasswordWithOTPSchema>
 export type ResetPasswordInput = z.infer<typeof resetPasswordSchema>
 export type DisplayNameInput = z.infer<typeof displayNameSchema>

package/dist/templates/web-nextjs/apps/web/src/lib/wechat-pay/client.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import { buildAuthorizationHeader, generateNonce, signRequest } from './crypto'
+import type { WechatPayConfig } from './types'
+interface WxpayRequestParams<T = unknown> {
+  config: WechatPayConfig
+  method: string
+  url: string
+  body?: object
+}
+export async function wxpayRequest<T>(params: WxpayRequestParams): Promise<T> {
+  const { config, method, url, body } = params
+  const timestamp = Math.floor(Date.now() / 1000).toString()
+  const nonce = generateNonce()
+  const bodyStr = body ? JSON.stringify(body) : ''
+  const signature = signRequest({
+    method,
+    url,
+    timestamp,
+    nonce,
+    body: bodyStr,
+    privateKey: config.privateKey,
+  })
+  const authorization = buildAuthorizationHeader({
+    mchId: config.mchId,
+    serialNo: config.serialNo,
+    timestamp,
+    nonce,
+    signature,
+  })
+  const headers: Record<string, string> = {
+    Accept: 'application/json',
+    Authorization: authorization,
+    'Content-Type': 'application/json',
+    'User-Agent': 'Mozilla/5.0 (compatible; WebNextjs/1.0)',
+  }
+  const res = await fetch(`${config.baseUrl}${url}`, {
+    method: method.toUpperCase(),
+    headers,
+    body: bodyStr || null,
+  })
+  const data = (await res.json()) as T
+  // Check for WeChat Pay API errors
+  if (!res.ok) {
+    const errorData = data as Record<string, unknown>
+    const errorMessage =
+      typeof errorData.message === 'string'
+        ? errorData.message
+        : `WeChat Pay API error: ${res.status}`
+    const error = new Error(errorMessage)
+    ;(error as Error & { code?: string; status?: number; raw?: unknown }).code = String(
+      errorData.code || '',
+    )
+    ;(error as Error & { code?: string; status?: number; raw?: unknown }).status = res.status
+    ;(error as Error & { code?: string; status?: number; raw?: unknown }).raw = errorData
+    throw error
+  }
+  return data
+}

package/dist/templates/web-nextjs/apps/web/src/lib/wechat-pay/crypto.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import crypto from 'crypto'
+/**
+ * Generates a random nonce string (16 hex chars, uppercase)
+ */
+export function generateNonce(): string {
+  return crypto.randomBytes(16).toString('hex').toUpperCase()
+}
+interface SignRequestParams {
+  method: string
+  url: string
+  timestamp: string
+  nonce: string
+  body: string
+  privateKey: string
+}
+/**
+ * Constructs the -line signature string and signs it with SHA256withRSA using the merchant private key.
+ * Returns Base64 encoded signature.
+ */
+export function signRequest(params: SignRequestParams): string {
+  const { method, url, timestamp, nonce, body, privateKey } = params
+  const signStr = `${method.toUpperCase()}\n${url}\n${timestamp}\n${nonce}\n${body}\n`
+  const signer = crypto.createSign('RSA-SHA256')
+  signer.update(signStr)
+  return signer.sign(privateKey, 'base64')
+}
+interface BuildAuthorizationHeaderParams {
+  mchId: string
+  serialNo: string
+  timestamp: string
+  nonce: string
+  signature: string
+}
+/**
+ * Builds the Authorization header for WeChat Pay V3 API requests.
+ */
+export function buildAuthorizationHeader(params: BuildAuthorizationHeaderParams): string {
+  const { mchId, serialNo, timestamp, nonce, signature } = params
+  return `WECHATPAY2-SHA256-RSA2048 mchid="${mchId}",nonce_str="${nonce}",timestamp="${timestamp}",serial_no="${serialNo}",signature="${signature}"`
+}
+interface VerifySignatureParams {
+  timestamp: string
+  nonce: string
+  body: string
+  signature: string
+  platformPublicKey: string
+}
+/**
+ * Verifies WeChat Pay notification signature using the platform public key.
+ */
+export function verifySignature(params: VerifySignatureParams): boolean {
+  const { timestamp, nonce, body, signature, platformPublicKey } = params
+  const verifyStr = `${timestamp}\n${nonce}\n${body}\n`
+  const verifier = crypto.createVerify('RSA-SHA256')
+  verifier.update(verifyStr)
+  return verifier.verify(platformPublicKey, signature, 'base64')
+}
+interface DecryptResourceParams {
+  ciphertext: string
+  associatedData: string
+  nonce: string
+  apiV3Key: string
+}
+/**
+ * Decrypts AEAD_AES_256_GCM encrypted resource.
+ * The ciphertext includes the auth tag as the last 16 bytes.
+ */
+export function decryptResource(params: DecryptResourceParams): string {
+  const { ciphertext, associatedData, nonce, apiV3Key } = params
+  const buf = Buffer.from(ciphertext, 'base64')
+  // AES-256-GCM: last 16 bytes are the auth tag
+  const authTagLength = 16
+  const encrypted = buf.slice(0, -authTagLength)
+  const authTag = buf.slice(-authTagLength)
+  const decipher = crypto.createDecipheriv(
+    'aes-256-gcm',
+    Buffer.from(apiV3Key),
+    Buffer.from(nonce, 'utf8'),
+  )
+  decipher.setAuthTag(authTag)
+  decipher.setAAD(Buffer.from(associatedData))
+  let decrypted = decipher.update(encrypted, undefined, 'utf8')
+  decrypted += decipher.final('utf8')
+  return decrypted
+}

package/dist/templates/web-nextjs/apps/web/src/lib/wechat-pay/types.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export interface WechatPayConfig {
+  appId: string
+  mchId: string
+  privateKey: string // PKCS8 PEM format merchant private key
+  serialNo: string // Merchant certificate serial number
+  apiV3Key: string // 32-byte APIv3 key
+  platformPublicKey: string // WeChat platform public key PEM (downloaded from /v3/certificates)
+  baseUrl: string // Domestic: https://api.mch.weixin.qq.com; Overseas: https://apihk.mch.weixin.qq.com
+  notifyUrl: string
+}

package/dist/templates/web-nextjs/apps/web/src/styles/tokens.css ADDED Viewed

@@ -0,0 +1,58 @@
+@layer base {
+  :root {
+    /* Brand tokens — downstream projects override these three variables to change the theme color */
+    --color-brand-h: 262;
+    --color-brand-c: 0.26;
+    --color-brand-l: 0.56;
+    /* Semantic color tokens */
+    --color-primary: oklch(var(--color-brand-l) var(--color-brand-c) var(--color-brand-h));
+    --color-primary-foreground: oklch(0.98 0 0);
+    /* Neutral surface tokens (with subtle hue, not pure gray) */
+    --color-surface: oklch(0.985 0.003 262);
+    --color-surface-elevated: oklch(1 0 0);
+    --color-muted: oklch(0.94 0.004 262);
+    --color-muted-foreground: oklch(0.52 0.012 262);
+    --color-border: oklch(0.88 0.006 262);
+    /* Spacing tokens (4px baseline) */
+    --space-1: 4px;
+    --space-2: 8px;
+    --space-3: 12px;
+    --space-4: 16px;
+    --space-5: 20px;
+    --space-6: 24px;
+    --space-8: 32px;
+    --space-10: 40px;
+    --space-12: 48px;
+    --space-16: 64px;
+    --space-20: 80px;
+    --space-24: 96px;
+    --space-section: clamp(64px, 10vw, 120px);
+    /* Font tokens */
+    --font-heading: var(--font-geist, 'Geist', system-ui, sans-serif);
+    --font-body: var(--font-geist, 'Geist', system-ui, sans-serif);
+    /* Text size tokens */
+    --text-xs: 0.75rem;
+    --text-sm: 0.875rem;
+    --text-base: 1rem;
+    --text-lg: 1.125rem;
+    --text-xl: 1.25rem;
+    --text-2xl: 1.5rem;
+    --text-3xl: 1.875rem;
+    --text-4xl: 2.25rem;
+    --text-5xl: 3rem;
+  }
+  .dark {
+    /* Dark mode semantic tokens */
+    --color-surface: oklch(0.13 0.008 262);
+    --color-surface-elevated: oklch(0.18 0.007 262);
+    --color-muted: oklch(0.22 0.007 262);
+    --color-muted-foreground: oklch(0.62 0.010 262);
+    --color-border: oklch(0.28 0.008 262);
+  }
+}