@idevconn/create-icore 0.6.3 → 0.7.0

package/templates/apps/templates/client-shadcn/src/routes/login.tsx

@@ -1,14 +1,15 @@
 import { createFileRoute, useNavigate } from '@tanstack/react-router';
-import { SyntheticEvent, useState } from 'react';
+import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useAuthStore, useNotify } from '@icore/template-shared';
-import { api } from '../main';
-import { Button } from '../components/ui/button';
-import { Input } from '../components/ui/input';
-import { Label } from '../components/ui/label';
-import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '../components/ui/card';
+import { AuthBrandPanel } from '../components/auth/AuthBrandPanel';
+import { LoginForm } from '../components/auth/LoginForm';
+import { RegisterForm } from '../components/auth/RegisterForm';
+import { MagicLinkForm } from '../components/auth/MagicLinkForm';
+import { CheckEmailScreen } from '../components/auth/CheckEmailScreen';
+import { api } from '@/main';
 
-type Mode = 'password' | 'magicLinkRequest' | 'magicLinkSent';
+type Mode = 'login' | 'register' | 'magicLink' | 'checkEmail';
 
 function LoginPage() {
   const { t } = useTranslation();
@@ -16,174 +17,63 @@ function LoginPage() {
   const notify = useNotify();
   const setAuth = useAuthStore((s) => s.setAuth);
 
-  const [mode, setMode] = useState<Mode>('password');
-  const [email, setEmail] = useState('');
-  const [password, setPassword] = useState('');
-  const [submitting, setSubmitting] = useState(false);
+  const [mode, setMode] = useState<Mode>('login');
+  const [confirmedEmail, setConfirmedEmail] = useState('');
 
-  async function handlePasswordSubmit(e: SyntheticEvent<HTMLFormElement>) {
-    e.preventDefault();
-    setSubmitting(true);
-    try {
-      const session = await api<{
-        accessToken: string;
-        refreshToken: string;
-        user: { id: string; email: string; role?: string };
-      }>('/auth/login', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ email, password }),
-      });
-      setAuth(session);
-      notify.success(t('auth.login'));
-      await navigate({ to: '/dashboard' });
-    } catch (err) {
-      notify.error(err instanceof Error ? err.message : t('error.unknown'));
-    } finally {
-      setSubmitting(false);
-    }
+  function handleLoginSuccess(session: {
+    accessToken: string;
+    refreshToken: string;
+    user: { id: string; email: string; role?: string };
+  }) {
+    setAuth(session);
+    notify.success(t('auth.login'));
+    void navigate({ to: '/dashboard' });
   }
 
-  async function handleMagicLinkSubmit(e: SyntheticEvent<HTMLFormElement>) {
-    e.preventDefault();
-    setSubmitting(true);
-    try {
-      await api('/auth/magic-link', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ email }),
-      });
-      setMode('magicLinkSent');
-    } catch (err) {
-      notify.error(err instanceof Error ? err.message : t('error.unknown'));
-    } finally {
-      setSubmitting(false);
-    }
+  function handleRegisterSuccess(email: string) {
+    setConfirmedEmail(email);
+    setMode('checkEmail');
+  }
+
+  function handleError(msg: string) {
+    notify.error(msg);
   }
 
   return (
-    <main className="bg-background flex min-h-screen items-center justify-center p-6">
-      <Card className="w-full max-w-sm">
-        <CardHeader>
-          <CardTitle>{t('auth.login')}</CardTitle>
-          <CardDescription>
-            {t('auth.email')} &amp; {t('auth.password')}
-          </CardDescription>
-        </CardHeader>
-        <CardContent className="space-y-4">
-          {mode !== 'magicLinkSent' && (
-            <>
-              <div className="flex gap-2">
-                <Button
-                  type="button"
-                  variant={mode === 'password' ? 'default' : 'outline'}
-                  size="sm"
-                  className="flex-1"
-                  onClick={() => setMode('password')}
-                >
-                  {t('auth.withPassword')}
-                </Button>
-                <Button
-                  type="button"
-                  variant={mode === 'magicLinkRequest' ? 'default' : 'outline'}
-                  size="sm"
-                  className="flex-1"
-                  onClick={() => setMode('magicLinkRequest')}
-                >
-                  {t('auth.withMagicLink')}
-                </Button>
-              </div>
-              <div className="space-y-2">
-                <Button
-                  type="button"
-                  variant="outline"
-                  className="w-full"
-                  onClick={() => window.location.assign('/api/auth/oauth/google')}
-                >
-                  {t('auth.continueWithGoogle')}
-                </Button>
-                <Button
-                  type="button"
-                  variant="outline"
-                  className="w-full"
-                  onClick={() => window.location.assign('/api/auth/oauth/github')}
-                >
-                  {t('auth.continueWithGithub')}
-                </Button>
-              </div>
-            </>
-          )}
+    <main className="flex min-h-screen bg-[--color-background]">
+      <AuthBrandPanel />
 
-          {mode === 'password' && (
-            <form onSubmit={handlePasswordSubmit} className="space-y-4">
-              <div className="space-y-2">
-                <Label htmlFor="email">{t('auth.email')}</Label>
-                <Input
-                  id="email"
-                  type="email"
-                  value={email}
-                  onChange={(e) => setEmail(e.target.value)}
-                  required
-                  autoComplete="email"
-                />
-              </div>
-              <div className="space-y-2">
-                <Label htmlFor="password">{t('auth.password')}</Label>
-                <Input
-                  id="password"
-                  type="password"
-                  value={password}
-                  onChange={(e) => setPassword(e.target.value)}
-                  required
-                  autoComplete="current-password"
-                />
-              </div>
-              <Button type="submit" className="w-full" disabled={submitting}>
-                {submitting ? t('common.loading') : t('auth.login')}
-              </Button>
-            </form>
+      <div className="flex flex-1 items-center justify-center p-6 lg:p-12">
+        <div className="w-full max-w-sm">
+          {mode === 'login' && (
+            <LoginForm
+              api={api}
+              onSuccess={handleLoginSuccess}
+              onError={handleError}
+              onSwitchToRegister={() => setMode('register')}
+              onSwitchToMagicLink={() => setMode('magicLink')}
+            />
           )}
-
-          {mode === 'magicLinkRequest' && (
-            <form onSubmit={handleMagicLinkSubmit} className="space-y-4">
-              <div className="space-y-2">
-                <Label htmlFor="email-ml">{t('auth.email')}</Label>
-                <Input
-                  id="email-ml"
-                  type="email"
-                  value={email}
-                  onChange={(e) => setEmail(e.target.value)}
-                  required
-                  autoComplete="email"
-                />
-              </div>
-              <Button type="submit" className="w-full" disabled={submitting}>
-                {submitting ? t('common.loading') : t('auth.sendMagicLink')}
-              </Button>
-            </form>
+          {mode === 'register' && (
+            <RegisterForm
+              api={api}
+              onSuccess={handleRegisterSuccess}
+              onError={handleError}
+              onSwitchToLogin={() => setMode('login')}
+            />
           )}
-
-          {mode === 'magicLinkSent' && (
-            <div className="space-y-3 text-center">
-              <h3 className="text-lg font-semibold">{t('auth.magicLinkSent')}</h3>
-              <p className="text-muted-foreground text-sm">
-                {t('auth.magicLinkSentDescription', { email })}
-              </p>
-              <Button
-                type="button"
-                variant="outline"
-                className="w-full"
-                onClick={() => {
-                  setEmail('');
-                  setMode('magicLinkRequest');
-                }}
-              >
-                {t('auth.magicLinkUseDifferentEmail')}
-              </Button>
-            </div>
+          {mode === 'magicLink' && (
+            <MagicLinkForm
+              api={api}
+              onError={handleError}
+              onSwitchToLogin={() => setMode('login')}
+            />
+          )}
+          {mode === 'checkEmail' && (
+            <CheckEmailScreen email={confirmedEmail} onBack={() => setMode('login')} />
           )}
-        </CardContent>
-      </Card>
+        </div>
+      </div>
     </main>
   );
 }

package/templates/libs/auth-strategies/mongodb/CHANGELOG.md

@@ -0,0 +1,8 @@
+# @icore/auth-mongodb
+
+## 0.0.2
+
+### Patch Changes
+
+- 2c29eac: Fix ESLint issues, update dependencies, and add MongoDB configuration examples to .env templates.
+- af27cae: Fix MongoDB review bugs and wire GridFS download: guard model re-registration, fix expiresIn calculation, escape regex in list(), replace `as never` cast, drop non-existent uuid v14 dep. Add downloadBuffer to StorageStrategy interface + MongoDbStorageStrategy impl + upload MS handler + UploadClientService method + GET /api/storage/file gateway endpoint so MongoDB storage downloads actually work.

package/templates/libs/auth-strategies/mongodb/README.md

@@ -0,0 +1,11 @@
+# auth-mongodb
+
+This library was generated with [Nx](https://nx.dev).
+
+## Building
+
+Run `nx build auth-mongodb` to build the library.
+
+## Running unit tests
+
+Run `nx test auth-mongodb` to execute the unit tests via [Jest](https://jestjs.io).

package/templates/libs/auth-strategies/mongodb/eslint.config.mjs

@@ -0,0 +1,19 @@
+import baseConfig from '../../../eslint.config.mjs';
+
+export default [
+  ...baseConfig,
+  {
+    files: ['**/*.json'],
+    rules: {
+      '@nx/dependency-checks': [
+        'error',
+        {
+          ignoredFiles: ['{projectRoot}/eslint.config.{js,cjs,mjs,ts,cts,mts}'],
+        },
+      ],
+    },
+    languageOptions: {
+      parser: await import('jsonc-eslint-parser'),
+    },
+  },
+];

package/templates/libs/auth-strategies/mongodb/jest.config.cts

@@ -0,0 +1,10 @@
+module.exports = {
+  displayName: 'auth-mongodb',
+  preset: '../../../jest.preset.js',
+  testEnvironment: 'node',
+  transform: {
+    '^.+\\.[tj]s$': ['ts-jest', { tsconfig: '<rootDir>/tsconfig.spec.json' }],
+  },
+  moduleFileExtensions: ['ts', 'js', 'html'],
+  coverageDirectory: '../../../coverage/libs/auth-strategies/mongodb',
+};

package/templates/libs/auth-strategies/mongodb/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "@icore/auth-mongodb",
+  "version": "0.0.2",
+  "private": true,
+  "type": "commonjs",
+  "main": "./src/index.js",
+  "types": "./src/index.d.ts",
+  "dependencies": {
+    "@icore/shared": "workspace:*",
+    "bcrypt": "^6.0.0",
+    "jsonwebtoken": "^9.0.2",
+    "mongodb-memory-server": "^11.2.0",
+    "mongoose": "^9.6.3",
+    "tslib": "^2.3.0"
+  }
+}

package/templates/libs/auth-strategies/mongodb/project.json

@@ -0,0 +1,19 @@
+{
+  "name": "auth-mongodb",
+  "$schema": "../../../node_modules/nx/schemas/project-schema.json",
+  "sourceRoot": "libs/auth-strategies/mongodb/src",
+  "projectType": "library",
+  "tags": [],
+  "targets": {
+    "build": {
+      "executor": "@nx/js:tsc",
+      "outputs": ["{options.outputPath}"],
+      "options": {
+        "outputPath": "dist/libs/auth-strategies/mongodb",
+        "main": "libs/auth-strategies/mongodb/src/index.ts",
+        "tsConfig": "libs/auth-strategies/mongodb/tsconfig.lib.json",
+        "assets": ["libs/auth-strategies/mongodb/*.md"]
+      }
+    }
+  }
+}

package/templates/libs/auth-strategies/mongodb/src/index.ts

@@ -0,0 +1 @@
+export * from './lib/mongodb-auth.strategy';

package/templates/libs/auth-strategies/mongodb/src/lib/__tests__/mongodb-auth.strategy.unit.test.ts

@@ -0,0 +1,42 @@
+import { MongoMemoryServer } from 'mongodb-memory-server';
+import { connect, Connection } from 'mongoose';
+import { MongoDbAuthStrategy } from '../mongodb-auth.strategy';
+import { runAuthContract } from '@icore/shared/testing';
+
+describe('MongoDbAuthStrategy', () => {
+  let mongod: MongoMemoryServer;
+  let connection: Connection;
+  let strategy: MongoDbAuthStrategy;
+
+  beforeAll(async () => {
+    mongod = await MongoMemoryServer.create();
+    const uri = mongod.getUri();
+    const conn = await connect(uri);
+    connection = conn.connection;
+  }, 30000);
+
+  afterAll(async () => {
+    if (connection) await connection.close();
+    if (mongod) await mongod.stop();
+  });
+
+  beforeEach(async () => {
+    if (connection.db) {
+      const collections = await connection.db.collections();
+      for (const collection of collections) {
+        await collection.deleteMany({});
+      }
+    }
+  });
+
+  runAuthContract('mongodb', () => {
+    if (!strategy) {
+      strategy = new MongoDbAuthStrategy({
+        connection,
+        jwtSecret: 'test-secret',
+        jwtExpiresIn: '1h',
+      });
+    }
+    return strategy;
+  });
+});

package/templates/libs/auth-strategies/mongodb/src/lib/auth-mongodb.spec.ts

@@ -0,0 +1,7 @@
+import { authMongodb } from './auth-mongodb';
+
+describe('authMongodb', () => {
+  it('should work', () => {
+    expect(authMongodb()).toEqual('auth-mongodb');
+  });
+});

package/templates/libs/auth-strategies/mongodb/src/lib/auth-mongodb.ts

@@ -0,0 +1,3 @@
+export function authMongodb(): string {
+  return 'auth-mongodb';
+}

package/templates/libs/auth-strategies/mongodb/src/lib/mongodb-auth.strategy.ts

@@ -0,0 +1,188 @@
+import { Connection, Model, Schema } from 'mongoose';
+import * as bcrypt from 'bcrypt';
+import * as jwt from 'jsonwebtoken';
+import { randomUUID } from 'node:crypto';
+import {
+  AuthStrategy,
+  AuthSession,
+  VerifiedToken,
+  MagicLinkRequest,
+  OAuthProvider,
+  OAuthStartResult,
+} from '@icore/shared';
+
+export interface MongoDbAuthStrategyOptions {
+  connection: Connection;
+  jwtSecret: string;
+  jwtExpiresIn?: string;
+  refreshExpiresIn?: string;
+}
+
+interface UserDoc {
+  id: string;
+  email: string;
+  passwordHash?: string;
+  role?: string;
+}
+
+interface SessionDoc {
+  id: string;
+  userId: string;
+  refreshToken: string;
+  expiresAt: Date;
+}
+
+function parseDurationSeconds(s: string): number {
+  const m = /^(\d+)(s|m|h|d)$/.exec(s);
+  if (!m) return 900;
+  const n = parseInt(m[1]!, 10);
+  const unit = m[2]!;
+  if (unit === 's') return n;
+  if (unit === 'm') return n * 60;
+  if (unit === 'h') return n * 3600;
+  return n * 86400;
+}
+
+export class MongoDbAuthStrategy implements AuthStrategy {
+  private userModel: Model<UserDoc>;
+  private sessionModel: Model<SessionDoc>;
+
+  constructor(private readonly opts: MongoDbAuthStrategyOptions) {
+    const userSchema = new Schema<UserDoc>(
+      {
+        id: { type: String, required: true, unique: true },
+        email: { type: String, required: true, unique: true },
+        passwordHash: { type: String, required: false },
+        role: { type: String, required: false },
+      },
+      { timestamps: true },
+    );
+
+    const sessionSchema = new Schema<SessionDoc>(
+      {
+        id: { type: String, required: true, unique: true },
+        userId: { type: String, required: true },
+        refreshToken: { type: String, required: true, unique: true },
+        expiresAt: { type: Date, required: true },
+      },
+      { timestamps: true },
+    );
+
+    this.userModel =
+      (this.opts.connection.models['User'] as Model<UserDoc> | undefined) ??
+      this.opts.connection.model<UserDoc>('User', userSchema);
+    this.sessionModel =
+      (this.opts.connection.models['Session'] as Model<SessionDoc> | undefined) ??
+      this.opts.connection.model<SessionDoc>('Session', sessionSchema);
+  }
+
+  async verifyToken(token: string): Promise<VerifiedToken> {
+    try {
+      const decoded = jwt.verify(token, this.opts.jwtSecret) as jwt.JwtPayload;
+      return {
+        uid: decoded.sub as string,
+        email: decoded['email'] as string,
+        role: decoded['role'] as string,
+      };
+    } catch (err) {
+      throw new Error('invalid_token', { cause: err });
+    }
+  }
+
+  async signIn(email: string, password: string): Promise<AuthSession> {
+    const user = await this.userModel.findOne({ email }).exec();
+    if (!user || !user.passwordHash) throw new Error('invalid_credentials');
+
+    const isValid = await bcrypt.compare(password, user.passwordHash);
+    if (!isValid) throw new Error('invalid_credentials');
+
+    return this.createSession(user);
+  }
+
+  async signUp(email: string, password: string): Promise<AuthSession> {
+    const existing = await this.userModel.findOne({ email }).exec();
+    if (existing) throw new Error('user_already_exists');
+
+    const passwordHash = await bcrypt.hash(password, 10);
+    const user = await this.userModel.create({
+      id: randomUUID(),
+      email,
+      passwordHash,
+    });
+
+    return this.createSession(user);
+  }
+
+  async refresh(refreshToken: string): Promise<AuthSession> {
+    const session = await this.sessionModel.findOne({ refreshToken }).exec();
+    if (!session || session.expiresAt < new Date()) {
+      if (session) await this.sessionModel.deleteOne({ _id: session._id });
+      throw new Error('invalid_refresh_token');
+    }
+
+    const user = await this.userModel.findOne({ id: session.userId }).exec();
+    if (!user) throw new Error('user_not_found');
+
+    await this.sessionModel.deleteOne({ _id: session._id });
+    return this.createSession(user);
+  }
+
+  async setRole(uid: string, role: string): Promise<void> {
+    await this.userModel.findOneAndUpdate({ id: uid }, { role }).exec();
+  }
+
+  async getRole(uid: string): Promise<string | null> {
+    const user = await this.userModel.findOne({ id: uid }).exec();
+    return user?.role ?? null;
+  }
+
+  async sendMagicLink(_req: MagicLinkRequest): Promise<void> {
+    throw new Error('not_implemented');
+  }
+
+  async verifyMagicLink(_token: string): Promise<AuthSession> {
+    throw new Error('not_implemented');
+  }
+
+  async startOAuth(_provider: OAuthProvider, _callbackUrl: string): Promise<OAuthStartResult> {
+    throw new Error('not_implemented');
+  }
+
+  async completeOAuth(
+    _provider: OAuthProvider,
+    _code: string,
+    _state: string,
+  ): Promise<AuthSession> {
+    throw new Error('not_implemented');
+  }
+
+  private async createSession(user: {
+    id: string;
+    email: string;
+    role?: string;
+  }): Promise<AuthSession> {
+    const accessToken = jwt.sign(
+      { sub: user.id, email: user.email, role: user.role },
+      this.opts.jwtSecret,
+      { expiresIn: (this.opts.jwtExpiresIn as jwt.SignOptions['expiresIn']) || '15m' },
+    );
+
+    const refreshToken = randomUUID();
+    const expiresAt = new Date();
+    expiresAt.setDate(expiresAt.getDate() + 7); // Default 7 days
+
+    await this.sessionModel.create({
+      id: randomUUID(),
+      userId: user.id,
+      refreshToken,
+      expiresAt,
+    });
+
+    return {
+      accessToken,
+      refreshToken,
+      expiresIn: parseDurationSeconds(this.opts.jwtExpiresIn ?? '15m'),
+      user: { id: user.id, email: user.email },
+    };
+  }
+}

package/templates/libs/auth-strategies/mongodb/tsconfig.json

@@ -0,0 +1,23 @@
+{
+  "extends": "../../../tsconfig.base.json",
+  "compilerOptions": {
+    "module": "commonjs",
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "importHelpers": true,
+    "noImplicitOverride": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "noPropertyAccessFromIndexSignature": true
+  },
+  "files": [],
+  "include": [],
+  "references": [
+    {
+      "path": "./tsconfig.lib.json"
+    },
+    {
+      "path": "./tsconfig.spec.json"
+    }
+  ]
+}

package/templates/libs/auth-strategies/mongodb/tsconfig.lib.json

@@ -0,0 +1,10 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../../dist/out-tsc",
+    "declaration": true,
+    "types": ["node"]
+  },
+  "include": ["src/**/*.ts"],
+  "exclude": ["jest.config.ts", "jest.config.cts", "src/**/*.spec.ts", "src/**/*.test.ts"]
+}

package/templates/libs/auth-strategies/mongodb/tsconfig.spec.json

@@ -0,0 +1,16 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../../dist/out-tsc",
+    "module": "commonjs",
+    "moduleResolution": "node10",
+    "types": ["jest", "node"]
+  },
+  "include": [
+    "jest.config.ts",
+    "jest.config.cts",
+    "src/**/*.test.ts",
+    "src/**/*.spec.ts",
+    "src/**/*.d.ts"
+  ]
+}

package/templates/libs/db-strategies/mongodb/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @icore/db-mongodb
+
+## 0.0.2
+
+### Patch Changes
+
+- 2c29eac: Fix ESLint issues, update dependencies, and add MongoDB configuration examples to .env templates.

package/templates/libs/db-strategies/mongodb/README.md

@@ -0,0 +1,11 @@
+# mongodb
+
+This library was generated with [Nx](https://nx.dev).
+
+## Building
+
+Run `nx build mongodb` to build the library.
+
+## Running unit tests
+
+Run `nx test mongodb` to execute the unit tests via [Jest](https://jestjs.io).