@girardmedia/bootspring 1.2.0 → 2.0.3

package/skills/patterns/auth/oauth.md

@@ -1,237 +0,0 @@
-# OAuth Integration Patterns
-
-Patterns for OAuth authentication providers.
-
-## Multi-Provider Setup
-
-```typescript
-// auth.ts
-import NextAuth from 'next-auth'
-import Google from 'next-auth/providers/google'
-import GitHub from 'next-auth/providers/github'
-import Apple from 'next-auth/providers/apple'
-import { PrismaAdapter } from '@auth/prisma-adapter'
-import { prisma } from '@/lib/db'
-
-export const { handlers, auth, signIn, signOut } = NextAuth({
-  adapter: PrismaAdapter(prisma),
-  providers: [
-    Google({
-      clientId: process.env.GOOGLE_CLIENT_ID!,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET!
-    }),
-    GitHub({
-      clientId: process.env.GITHUB_CLIENT_ID!,
-      clientSecret: process.env.GITHUB_CLIENT_SECRET!
-    }),
-    Apple({
-      clientId: process.env.APPLE_CLIENT_ID!,
-      clientSecret: process.env.APPLE_CLIENT_SECRET!
-    })
-  ],
-  callbacks: {
-    async signIn({ user, account, profile }) {
-      // Custom validation
-      if (account?.provider === 'google') {
-        return profile?.email_verified === true
-      }
-      return true
-    },
-    async session({ session, user }) {
-      session.user.id = user.id
-      return session
-    }
-  },
-  pages: {
-    signIn: '/login',
-    error: '/auth/error'
-  }
-})
-```
-
-## Social Login Buttons
-
-```tsx
-// components/auth/SocialButtons.tsx
-'use client'
-
-import { signIn } from 'next-auth/react'
-import { Github, Mail } from 'lucide-react'
-
-export function SocialButtons() {
-  return (
-    <div className="space-y-3">
-      <button
-        onClick={() => signIn('google', { callbackUrl: '/dashboard' })}
-        className="flex w-full items-center justify-center gap-2 rounded-lg border py-2 hover:bg-gray-50"
-      >
-        <GoogleIcon className="h-5 w-5" />
-        Continue with Google
-      </button>
-
-      <button
-        onClick={() => signIn('github', { callbackUrl: '/dashboard' })}
-        className="flex w-full items-center justify-center gap-2 rounded-lg border py-2 hover:bg-gray-50"
-      >
-        <Github className="h-5 w-5" />
-        Continue with GitHub
-      </button>
-
-      <button
-        onClick={() => signIn('apple', { callbackUrl: '/dashboard' })}
-        className="flex w-full items-center justify-center gap-2 rounded-lg bg-black py-2 text-white"
-      >
-        <AppleIcon className="h-5 w-5" />
-        Continue with Apple
-      </button>
-    </div>
-  )
-}
-
-function GoogleIcon({ className }: { className?: string }) {
-  return (
-    <svg className={className} viewBox="0 0 24 24">
-      <path
-        fill="currentColor"
-        d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
-      />
-      <path
-        fill="currentColor"
-        d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
-      />
-      <path
-        fill="currentColor"
-        d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
-      />
-      <path
-        fill="currentColor"
-        d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
-      />
-    </svg>
-  )
-}
-```
-
-## Account Linking
-
-```typescript
-// auth.ts
-export const { handlers, auth } = NextAuth({
-  callbacks: {
-    async signIn({ user, account }) {
-      // Check if user exists with different provider
-      const existingUser = await prisma.user.findUnique({
-        where: { email: user.email! },
-        include: { accounts: true }
-      })
-
-      if (existingUser) {
-        // Check if this provider is already linked
-        const hasProvider = existingUser.accounts.some(
-          a => a.provider === account?.provider
-        )
-
-        if (!hasProvider && account) {
-          // Link new provider to existing account
-          await prisma.account.create({
-            data: {
-              userId: existingUser.id,
-              type: account.type,
-              provider: account.provider,
-              providerAccountId: account.providerAccountId,
-              access_token: account.access_token,
-              refresh_token: account.refresh_token,
-              expires_at: account.expires_at
-            }
-          })
-        }
-      }
-
-      return true
-    }
-  }
-})
-```
-
-## Custom Provider
-
-```typescript
-// lib/custom-provider.ts
-import type { OAuthConfig } from 'next-auth/providers'
-
-interface CustomProfile {
-  id: string
-  email: string
-  name: string
-  avatar_url: string
-}
-
-export function CustomProvider(): OAuthConfig<CustomProfile> {
-  return {
-    id: 'custom',
-    name: 'Custom Provider',
-    type: 'oauth',
-    authorization: {
-      url: 'https://custom.com/oauth/authorize',
-      params: { scope: 'user:email' }
-    },
-    token: 'https://custom.com/oauth/token',
-    userinfo: 'https://custom.com/api/user',
-    profile(profile) {
-      return {
-        id: profile.id,
-        email: profile.email,
-        name: profile.name,
-        image: profile.avatar_url
-      }
-    },
-    clientId: process.env.CUSTOM_CLIENT_ID,
-    clientSecret: process.env.CUSTOM_CLIENT_SECRET
-  }
-}
-```
-
-## OAuth Error Handling
-
-```tsx
-// app/auth/error/page.tsx
-import Link from 'next/link'
-
-export default function AuthError({
-  searchParams
-}: {
-  searchParams: { error?: string }
-}) {
-  const errorMessages: Record<string, string> = {
-    OAuthSignin: 'Error starting OAuth flow',
-    OAuthCallback: 'Error in OAuth callback',
-    OAuthCreateAccount: 'Could not create account',
-    EmailCreateAccount: 'Could not create account',
-    Callback: 'Error in callback',
-    OAuthAccountNotLinked: 'Email already registered with different provider',
-    EmailSignin: 'Error sending email',
-    CredentialsSignin: 'Invalid credentials',
-    SessionRequired: 'Please sign in to continue',
-    default: 'An error occurred'
-  }
-
-  const message = errorMessages[searchParams.error ?? 'default']
-
-  return (
-    <div className="mx-auto max-w-md py-12 text-center">
-      <h1 className="mb-4 text-2xl font-bold">Authentication Error</h1>
-      <p className="mb-6 text-gray-600">{message}</p>
-      <Link href="/login" className="text-blue-600 hover:underline">
-        Try again
-      </Link>
-    </div>
-  )
-}
-```
-
-## When to Use
-
-- Social login
-- SSO integration
-- Enterprise auth
-- Third-party apps

package/skills/patterns/auth/rbac.md

@@ -1,152 +0,0 @@
-# Role-Based Access Control (RBAC) Patterns
-
-Patterns for implementing role-based permissions.
-
-## Role Definition
-
-```typescript
-// lib/rbac.ts
-export const ROLES = {
-  USER: 'USER',
-  ADMIN: 'ADMIN',
-  SUPER_ADMIN: 'SUPER_ADMIN'
-} as const
-
-export type Role = keyof typeof ROLES
-
-export const PERMISSIONS = {
-  // User permissions
-  'user:read': [ROLES.USER, ROLES.ADMIN, ROLES.SUPER_ADMIN],
-  'user:update': [ROLES.USER, ROLES.ADMIN, ROLES.SUPER_ADMIN],
-
-  // Admin permissions
-  'user:delete': [ROLES.ADMIN, ROLES.SUPER_ADMIN],
-  'user:create': [ROLES.ADMIN, ROLES.SUPER_ADMIN],
-
-  // Super admin permissions
-  'admin:manage': [ROLES.SUPER_ADMIN],
-  'system:configure': [ROLES.SUPER_ADMIN]
-} as const
-
-export type Permission = keyof typeof PERMISSIONS
-```
-
-## Permission Check
-
-```typescript
-// lib/rbac.ts
-import { auth } from '@/auth'
-import { prisma } from '@/lib/db'
-
-export async function getUserRole(userId: string): Promise<Role> {
-  const user = await prisma.user.findUnique({
-    where: { id: userId },
-    select: { role: true }
-  })
-
-  return (user?.role as Role) ?? 'USER'
-}
-
-export async function hasPermission(permission: Permission): Promise<boolean> {
-  const session = await auth()
-  if (!session?.user) return false
-
-  const role = await getUserRole(session.user.id)
-  return PERMISSIONS[permission].includes(role)
-}
-
-export async function requirePermission(permission: Permission) {
-  const allowed = await hasPermission(permission)
-
-  if (!allowed) {
-    throw new Error('Forbidden')
-  }
-}
-```
-
-## Role Guard Wrapper
-
-```typescript
-// lib/rbac.ts
-export function withRole(allowedRoles: Role[]) {
-  return async function guard() {
-    const session = await auth()
-
-    if (!session?.user) {
-      throw new Error('Unauthorized')
-    }
-
-    const role = await getUserRole(session.user.id)
-
-    if (!allowedRoles.includes(role)) {
-      throw new Error('Forbidden')
-    }
-
-    return { session, role }
-  }
-}
-
-// Usage in Server Action
-export async function deleteUser(userId: string) {
-  await withRole(['ADMIN', 'SUPER_ADMIN'])()
-
-  await prisma.user.delete({ where: { id: userId } })
-}
-```
-
-## Component-Level Protection
-
-```tsx
-// components/admin-only.tsx
-import { auth } from '@/auth'
-import { getUserRole } from '@/lib/rbac'
-
-export async function AdminOnly({
-  children
-}: {
-  children: React.ReactNode
-}) {
-  const session = await auth()
-
-  if (!session?.user) return null
-
-  const role = await getUserRole(session.user.id)
-
-  if (!['ADMIN', 'SUPER_ADMIN'].includes(role)) {
-    return null
-  }
-
-  return <>{children}</>
-}
-```
-
-## API Route Protection
-
-```typescript
-// app/api/admin/users/route.ts
-import { NextResponse } from 'next/server'
-import { requirePermission } from '@/lib/rbac'
-
-export async function DELETE(req: Request) {
-  try {
-    await requirePermission('user:delete')
-
-    const { userId } = await req.json()
-    await prisma.user.delete({ where: { id: userId } })
-
-    return NextResponse.json({ success: true })
-  } catch (error) {
-    if (error.message === 'Forbidden') {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
-    }
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  }
-}
-```
-
-## When to Use
-
-- Multi-tier user systems
-- Admin dashboards
-- Feature access control
-- API endpoint protection