@insureco/cli 0.1.10 → 0.1.11

package/dist/templates/nextjs-oauth/helm/{{name}}/templates/deployment.yaml

@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app: {{ .Release.Name }}
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}
+        app.kubernetes.io/name: {{ .Release.Name }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: {{ .Release.Name }}-config
+                optional: true
+            - secretRef:
+                name: {{ .Release.Name }}-secrets
+                optional: true
+          {{- with .Values.env }}
+          env:
+            {{- range $key, $value := . }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

package/dist/templates/nextjs-oauth/helm/{{name}}/templates/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app: {{ .Release.Name }}
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ .Release.Name }}

package/dist/templates/nextjs-oauth/helm/{{name}}/values.yaml

@@ -0,0 +1,51 @@
+replicaCount: 1
+
+image:
+  repository: registry.digitalocean.com/insureco/{{name}}
+  tag: latest
+  pullPolicy: IfNotPresent
+
+imagePullSecrets:
+  - name: do-registry
+
+service:
+  type: ClusterIP
+  port: 3000
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 5
+  targetCPUUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+env: {}
+
+secrets: {}
+
+livenessProbe:
+  httpGet:
+    path: /api/health
+    port: 3000
+  initialDelaySeconds: 15
+  periodSeconds: 10
+
+readinessProbe:
+  httpGet:
+    path: /api/health
+    port: 3000
+  initialDelaySeconds: 5
+  periodSeconds: 5

package/dist/templates/nextjs-oauth/next.config.js

@@ -0,0 +1,23 @@
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+  output: 'standalone',
+  reactStrictMode: true,
+  poweredByHeader: false,
+
+  // Enable experimental features as needed
+  // experimental: {
+  //   serverActions: true,
+  // },
+
+  // Configure allowed image domains
+  // images: {
+  //   remotePatterns: [
+  //     {
+  //       protocol: 'https',
+  //       hostname: '*.insureco.io',
+  //     },
+  //   ],
+  // },
+}
+
+module.exports = nextConfig

package/dist/templates/nextjs-oauth/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "{{name}}",
+  "version": "0.1.0",
+  "description": "{{description}}",
+  "private": true,
+  "scripts": {
+    "dev": "next dev",
+    "build": "next build",
+    "start": "next start",
+    "lint": "next lint",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "next": "^14.2.0",
+    "react": "^18.3.0",
+    "react-dom": "^18.3.0",
+    "jose": "^5.9.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "@types/react": "^18.3.0",
+    "@types/react-dom": "^18.3.0",
+    "eslint": "^9.0.0",
+    "eslint-config-next": "^14.2.0",
+    "typescript": "^5.7.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}

package/dist/templates/nextjs-oauth/src/app/api/auth/callback/route.ts

@@ -0,0 +1,64 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { cookies } from 'next/headers'
+import { exchangeCodeForTokens, setAuthCookies, sanitizeReturnTo } from '@/lib/auth'
+
+const APP_URL = process.env.APP_URL || 'http://localhost:3000'
+
+export async function GET(request: NextRequest) {
+  const searchParams = request.nextUrl.searchParams
+  const code = searchParams.get('code')
+  const state = searchParams.get('state')
+  const error = searchParams.get('error')
+  const errorDescription = searchParams.get('error_description')
+
+  const cookieStore = await cookies()
+  const storedState = cookieStore.get('oauth_state')?.value
+  const codeVerifier = cookieStore.get('oauth_code_verifier')?.value
+  const returnTo = cookieStore.get('oauth_return_to')?.value || '/dashboard'
+
+  // Clear OAuth flow cookies
+  cookieStore.delete('oauth_state')
+  cookieStore.delete('oauth_code_verifier')
+  cookieStore.delete('oauth_return_to')
+
+  // Handle error from authorization server
+  if (error) {
+    const errorUrl = new URL('/', APP_URL)
+    errorUrl.searchParams.set('error', error)
+    if (errorDescription) {
+      errorUrl.searchParams.set('error_description', errorDescription)
+    }
+    return NextResponse.redirect(errorUrl)
+  }
+
+  // Validate state to prevent CSRF
+  if (!state || state !== storedState) {
+    const errorUrl = new URL('/', APP_URL)
+    errorUrl.searchParams.set('error', 'invalid_state')
+    errorUrl.searchParams.set('error_description', 'State parameter mismatch')
+    return NextResponse.redirect(errorUrl)
+  }
+
+  // Validate required params
+  if (!code || !codeVerifier) {
+    const errorUrl = new URL('/', APP_URL)
+    errorUrl.searchParams.set('error', 'invalid_request')
+    errorUrl.searchParams.set('error_description', 'Missing authorization code')
+    return NextResponse.redirect(errorUrl)
+  }
+
+  try {
+    const tokens = await exchangeCodeForTokens(code, codeVerifier)
+    await setAuthCookies(tokens.access_token, tokens.refresh_token, tokens.expires_in)
+    const safeReturnTo = sanitizeReturnTo(returnTo)
+    return NextResponse.redirect(new URL(safeReturnTo, APP_URL))
+  } catch (err) {
+    const errorUrl = new URL('/', APP_URL)
+    errorUrl.searchParams.set('error', 'token_exchange_failed')
+    errorUrl.searchParams.set(
+      'error_description',
+      err instanceof Error ? err.message : 'Failed to exchange authorization code'
+    )
+    return NextResponse.redirect(errorUrl)
+  }
+}

package/dist/templates/nextjs-oauth/src/app/api/auth/login/route.ts

@@ -0,0 +1,16 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getLoginUrl } from '@/lib/auth'
+
+export async function GET(request: NextRequest) {
+  const returnTo = request.nextUrl.searchParams.get('returnTo') || '/dashboard'
+
+  try {
+    const loginUrl = await getLoginUrl(returnTo)
+    return NextResponse.redirect(loginUrl)
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Login failed'
+    return NextResponse.redirect(
+      new URL(`/?error=${encodeURIComponent(message)}`, request.url)
+    )
+  }
+}

package/dist/templates/nextjs-oauth/src/app/api/auth/logout/route.ts

@@ -0,0 +1,9 @@
+import { NextResponse } from 'next/server'
+import { clearAuthCookies } from '@/lib/auth'
+
+const APP_URL = process.env.APP_URL || 'http://localhost:3000'
+
+export async function POST() {
+  await clearAuthCookies()
+  return NextResponse.redirect(new URL('/', APP_URL), { status: 303 })
+}

package/dist/templates/nextjs-oauth/src/app/api/auth/session/route.ts

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server'
+import { cookies } from 'next/headers'
+import {
+  getCurrentUser,
+  refreshAccessToken,
+  setAuthCookies,
+  fetchUserInfo,
+  COOKIE_PREFIX,
+} from '@/lib/auth'
+
+const NO_CACHE_HEADERS = { 'Cache-Control': 'no-store, no-cache, must-revalidate' }
+
+export async function GET() {
+  try {
+    const user = await getCurrentUser()
+
+    if (user) {
+      return NextResponse.json({ user }, { headers: NO_CACHE_HEADERS })
+    }
+
+    // Access token expired or missing — try refresh
+    const cookieStore = await cookies()
+    const refreshToken = cookieStore.get(`${COOKIE_PREFIX}_refresh_token`)?.value
+
+    if (refreshToken) {
+      try {
+        const tokens = await refreshAccessToken(refreshToken)
+        await setAuthCookies(tokens.access_token, tokens.refresh_token, tokens.expires_in)
+        const refreshedUser = await fetchUserInfo(tokens.access_token)
+        return NextResponse.json({ user: refreshedUser }, { headers: NO_CACHE_HEADERS })
+      } catch {
+        // Refresh token also invalid — user must re-login
+      }
+    }
+
+    return NextResponse.json({ user: null }, { headers: NO_CACHE_HEADERS })
+  } catch {
+    return NextResponse.json({ user: null }, { headers: NO_CACHE_HEADERS })
+  }
+}

package/dist/templates/nextjs-oauth/src/app/api/example/route.ts

@@ -0,0 +1,63 @@
+import { NextRequest, NextResponse } from 'next/server'
+
+// In-memory storage for demo
+const items: Map<string, { id: string; name: string; createdAt: string }> = new Map()
+
+export async function GET() {
+  const itemList = Array.from(items.values())
+  return NextResponse.json({
+    success: true,
+    data: itemList,
+    meta: {
+      total: itemList.length,
+      timestamp: new Date().toISOString(),
+    },
+  })
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+
+    if (!body.name || typeof body.name !== 'string') {
+      return NextResponse.json(
+        {
+          success: false,
+          error: {
+            code: 'VALIDATION_ERROR',
+            message: 'Name is required',
+          },
+        },
+        { status: 400 }
+      )
+    }
+
+    const id = Date.now().toString(36) + Math.random().toString(36).substring(2)
+    const item = {
+      id,
+      name: body.name,
+      createdAt: new Date().toISOString(),
+    }
+
+    items.set(id, item)
+
+    return NextResponse.json(
+      {
+        success: true,
+        data: item,
+      },
+      { status: 201 }
+    )
+  } catch {
+    return NextResponse.json(
+      {
+        success: false,
+        error: {
+          code: 'PARSE_ERROR',
+          message: 'Invalid JSON body',
+        },
+      },
+      { status: 400 }
+    )
+  }
+}

package/dist/templates/nextjs-oauth/src/app/api/health/route.ts

@@ -0,0 +1,10 @@
+import { NextResponse } from 'next/server'
+
+export async function GET() {
+  return NextResponse.json({
+    status: 'healthy',
+    service: '{{name}}',
+    timestamp: new Date().toISOString(),
+    environment: process.env.NODE_ENV,
+  })
+}

package/dist/templates/nextjs-oauth/src/app/dashboard/page.tsx

@@ -0,0 +1,92 @@
+import { redirect } from 'next/navigation'
+import { getCurrentUser } from '@/lib/auth'
+
+export default async function DashboardPage() {
+  const user = await getCurrentUser()
+
+  if (!user) {
+    redirect('/api/auth/login?returnTo=/dashboard')
+  }
+
+  return (
+    <main style={{
+      maxWidth: '48rem',
+      margin: '0 auto',
+      padding: '2rem',
+      fontFamily: 'system-ui, -apple-system, sans-serif',
+    }}>
+      <div style={{
+        display: 'flex',
+        justifyContent: 'space-between',
+        alignItems: 'center',
+        marginBottom: '2rem',
+      }}>
+        <h1 style={{ fontSize: '2rem', margin: 0 }}>Dashboard</h1>
+        <form action="/api/auth/logout" method="post">
+          <button
+            type="submit"
+            style={{
+              padding: '0.5rem 1rem',
+              backgroundColor: '#dc2626',
+              color: 'white',
+              borderRadius: '0.375rem',
+              border: 'none',
+              cursor: 'pointer',
+              fontSize: '0.875rem',
+            }}
+          >
+            Logout
+          </button>
+        </form>
+      </div>
+
+      <div style={{
+        backgroundColor: '#f9fafb',
+        border: '1px solid #e5e7eb',
+        borderRadius: '0.5rem',
+        padding: '1.5rem',
+        marginBottom: '1.5rem',
+      }}>
+        <h2 style={{ fontSize: '1.25rem', marginTop: 0, marginBottom: '1rem' }}>
+          Welcome, {user.name}
+        </h2>
+        <dl style={{ margin: 0 }}>
+          <dt style={{ fontWeight: 600, color: '#6b7280', fontSize: '0.875rem' }}>Email</dt>
+          <dd style={{ margin: '0 0 0.75rem 0' }}>{user.email}</dd>
+
+          <dt style={{ fontWeight: 600, color: '#6b7280', fontSize: '0.875rem' }}>User ID</dt>
+          <dd style={{ margin: '0 0 0.75rem 0', fontFamily: 'monospace', fontSize: '0.875rem' }}>{user.id}</dd>
+
+          <dt style={{ fontWeight: 600, color: '#6b7280', fontSize: '0.875rem' }}>Roles</dt>
+          <dd style={{ margin: 0 }}>
+            {user.roles.length > 0 ? (
+              <div style={{ display: 'flex', gap: '0.5rem', flexWrap: 'wrap' }}>
+                {user.roles.map((role) => (
+                  <span
+                    key={role}
+                    style={{
+                      backgroundColor: '#dbeafe',
+                      color: '#1e40af',
+                      padding: '0.125rem 0.5rem',
+                      borderRadius: '9999px',
+                      fontSize: '0.75rem',
+                    }}
+                  >
+                    {role}
+                  </span>
+                ))}
+              </div>
+            ) : (
+              <span style={{ color: '#9ca3af' }}>No roles assigned</span>
+            )}
+          </dd>
+        </dl>
+      </div>
+
+      <p style={{ color: '#6b7280', fontSize: '0.875rem' }}>
+        This page is protected by middleware and server-side auth checks.
+        Edit <code>src/app/dashboard/page.tsx</code> to customize.
+      </p>
+    </main>
+  )
+}

package/dist/templates/nextjs-oauth/src/app/layout.tsx

@@ -0,0 +1,18 @@
+import type { Metadata } from 'next'
+
+export const metadata: Metadata = {
+  title: '{{name}}',
+  description: '{{description}}',
+}
+
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode
+}) {
+  return (
+    <html lang="en">
+      <body>{children}</body>
+    </html>
+  )
+}

package/dist/templates/nextjs-oauth/src/app/page.tsx

@@ -0,0 +1,110 @@
+import { getCurrentUser } from '@/lib/auth'
+
+export default async function Home() {
+  const user = await getCurrentUser()
+
+  return (
+    <main style={{
+      display: 'flex',
+      flexDirection: 'column',
+      alignItems: 'center',
+      justifyContent: 'center',
+      minHeight: '100vh',
+      padding: '2rem',
+      fontFamily: 'system-ui, -apple-system, sans-serif',
+    }}>
+      <h1 style={{ fontSize: '3rem', marginBottom: '1rem' }}>
+        {'{{name}}'}
+      </h1>
+      <p style={{ fontSize: '1.25rem', color: '#666', marginBottom: '2rem' }}>
+        {'{{description}}'}
+      </p>
+
+      {user ? (
+        <div style={{ textAlign: 'center', marginBottom: '2rem' }}>
+          <p style={{ marginBottom: '1rem' }}>
+            Signed in as <strong>{user.name}</strong> ({user.email})
+          </p>
+          <div style={{ display: 'flex', gap: '1rem' }}>
+            <a
+              href="/dashboard"
+              style={{
+                padding: '0.75rem 1.5rem',
+                backgroundColor: '#0070f3',
+                color: 'white',
+                borderRadius: '0.5rem',
+                textDecoration: 'none',
+              }}
+            >
+              Dashboard
+            </a>
+            <form action="/api/auth/logout" method="post" style={{ display: 'inline' }}>
+              <button
+                type="submit"
+                style={{
+                  padding: '0.75rem 1.5rem',
+                  backgroundColor: '#dc2626',
+                  color: 'white',
+                  borderRadius: '0.5rem',
+                  border: 'none',
+                  cursor: 'pointer',
+                  fontSize: 'inherit',
+                }}
+              >
+                Logout
+              </button>
+            </form>
+          </div>
+        </div>
+      ) : (
+        <div style={{ display: 'flex', gap: '1rem', marginBottom: '2rem' }}>
+          <a
+            href="/api/auth/login"
+            style={{
+              padding: '0.75rem 1.5rem',
+              backgroundColor: '#0070f3',
+              color: 'white',
+              borderRadius: '0.5rem',
+              textDecoration: 'none',
+            }}
+          >
+            Sign In
+          </a>
+        </div>
+      )}
+
+      <div style={{ display: 'flex', gap: '1rem' }}>
+        <a
+          href="/api/health"
+          style={{
+            padding: '0.5rem 1rem',
+            border: '1px solid #e5e7eb',
+            borderRadius: '0.5rem',
+            textDecoration: 'none',
+            color: '#666',
+            fontSize: '0.875rem',
+          }}
+        >
+          Health Check
+        </a>
+        <a
+          href="/api/example"
+          style={{
+            padding: '0.5rem 1rem',
+            border: '1px solid #e5e7eb',
+            borderRadius: '0.5rem',
+            textDecoration: 'none',
+            color: '#666',
+            fontSize: '0.875rem',
+          }}
+        >
+          Example API
+        </a>
+      </div>
+
+      <footer style={{ marginTop: '4rem', color: '#999' }}>
+        Deployed on Tawa Platform
+      </footer>
+    </main>
+  )
+}