@mars-stack/cli 0.2.0 → 1.0.2

package/template/src/app/api/protected/user/password/route.ts

@@ -0,0 +1,63 @@
+import { withAuthNoParams, handleApiError } from '@/lib/mars';
+import { prisma } from '@/lib/prisma';
+import type { AuthenticatedRequest } from '@mars-stack/core/auth/middleware';
+import { verifyPassword, hashPassword, passwordSchema } from '@mars-stack/core/auth/password';
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+
+const changePasswordSchema = z.object({
+  currentPassword: z.string().min(1, 'Current password is required'),
+  newPassword: passwordSchema,
+});
+
+export const POST = withAuthNoParams(async (request: AuthenticatedRequest) => {
+  try {
+    const body = await request.json();
+    const result = changePasswordSchema.safeParse(body);
+
+    if (!result.success) {
+      return NextResponse.json(
+        { error: result.error.issues[0]?.message || 'Invalid input' },
+        { status: 400 },
+      );
+    }
+
+    const { currentPassword, newPassword } = result.data;
+
+    const user = await prisma.user.findUnique({
+      where: { id: request.session.userId },
+      select: { password: true },
+    });
+
+    if (!user?.password) {
+      return NextResponse.json(
+        { error: 'Unable to verify current password' },
+        { status: 400 },
+      );
+    }
+
+    const isValid = await verifyPassword(currentPassword, user.password);
+    if (!isValid) {
+      return NextResponse.json(
+        { error: 'Current password is incorrect' },
+        { status: 401 },
+      );
+    }
+
+    const hashedPassword = await hashPassword(newPassword);
+
+    await prisma.user.update({
+      where: { id: request.session.userId },
+      data: {
+        password: hashedPassword,
+        failedLoginAttempts: 0,
+        lastFailedLogin: null,
+        lockedUntil: null,
+      },
+    });
+
+    return NextResponse.json({ message: 'Password updated successfully' });
+  } catch (error) {
+    return handleApiError(error, { endpoint: '/api/protected/user/password' });
+  }
+});

package/template/src/app/api/protected/user/profile/route.ts

@@ -0,0 +1,35 @@
+import { withAuthNoParams, handleApiError } from '@/lib/mars';
+import { prisma } from '@/lib/prisma';
+import type { AuthenticatedRequest } from '@mars-stack/core/auth/middleware';
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+
+const updateProfileSchema = z.object({
+  name: z.string().min(1, 'Name is required').max(100, 'Name is too long').trim(),
+});
+
+export const PATCH = withAuthNoParams(async (request: AuthenticatedRequest) => {
+  try {
+    const body = await request.json();
+    const result = updateProfileSchema.safeParse(body);
+
+    if (!result.success) {
+      return NextResponse.json(
+        { error: result.error.issues[0]?.message || 'Invalid input' },
+        { status: 400 },
+      );
+    }
+
+    const { name } = result.data;
+
+    const user = await prisma.user.update({
+      where: { id: request.session.userId },
+      data: { name },
+      select: { id: true, name: true, email: true, role: true },
+    });
+
+    return NextResponse.json({ user });
+  } catch (error) {
+    return handleApiError(error, { endpoint: '/api/protected/user/profile' });
+  }
+});

package/template/src/app/api/protected/user/sessions/[sessionId]/route.ts

@@ -0,0 +1,33 @@
+import { withAuth, handleApiError } from '@/lib/mars';
+import { findSessionById, revokeSession } from '@/features/auth/server/sessions';
+import type { AuthenticatedRequest } from '@mars-stack/core/auth/middleware';
+import { NextResponse } from 'next/server';
+
+export const DELETE = withAuth(
+  async (
+    request: AuthenticatedRequest,
+    context: { params: Promise<{ [key: string]: string }> },
+  ) => {
+    try {
+      const { sessionId } = await context.params;
+
+      const session = await findSessionById(sessionId);
+
+      if (!session) {
+        return NextResponse.json({ error: 'Session not found' }, { status: 404 });
+      }
+
+      if (session.userId !== request.session.userId) {
+        return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+      }
+
+      await revokeSession(sessionId);
+
+      return NextResponse.json({ message: 'Session revoked' });
+    } catch (error) {
+      return handleApiError(error, {
+        endpoint: '/api/protected/user/sessions/[sessionId]',
+      });
+    }
+  },
+);

package/template/src/app/api/protected/user/sessions/route.ts

@@ -0,0 +1,22 @@
+import { withAuthNoParams, handleApiError } from '@/lib/mars';
+import { listSessionsForUser, revokeAllSessionsForUser } from '@/features/auth/server/sessions';
+import type { AuthenticatedRequest } from '@mars-stack/core/auth/middleware';
+import { NextResponse } from 'next/server';
+
+export const GET = withAuthNoParams(async (request: AuthenticatedRequest) => {
+  try {
+    const sessions = await listSessionsForUser(request.session.userId);
+    return NextResponse.json({ sessions });
+  } catch (error) {
+    return handleApiError(error, { endpoint: '/api/protected/user/sessions' });
+  }
+});
+
+export const DELETE = withAuthNoParams(async (request: AuthenticatedRequest) => {
+  try {
+    await revokeAllSessionsForUser(request.session.userId);
+    return NextResponse.json({ message: 'All sessions revoked' });
+  } catch (error) {
+    return handleApiError(error, { endpoint: '/api/protected/user/sessions' });
+  }
+});

package/template/src/app/api/readiness/route.ts

@@ -0,0 +1,15 @@
+import { prisma } from '@/lib/prisma';
+import { NextResponse } from 'next/server';
+
+export async function GET() {
+  try {
+    await prisma.$queryRaw`SELECT 1`;
+
+    return NextResponse.json({ status: 'ready', db: 'connected' });
+  } catch {
+    return NextResponse.json(
+      { status: 'not_ready', db: 'error' },
+      { status: 503 },
+    );
+  }
+}

package/template/src/app/api/webhooks/stripe/route.ts

@@ -0,0 +1,166 @@
+import { createPaymentService } from '@mars-stack/core/payments';
+import { appConfig } from '@/config/app.config';
+import { prisma } from '@/lib/prisma';
+import { NextResponse } from 'next/server';
+import type {
+  UpsertSubscriptionData,
+  UpdateSubscriptionStatusData,
+} from '@/features/billing/types';
+
+const payments = createPaymentService({
+  provider: appConfig.services.payments.provider,
+});
+
+interface StripeSubscription {
+  id: string;
+  customer: string;
+  status: string;
+  items: { data: Array<{ price: { id: string } }> };
+  current_period_end: number;
+  cancel_at_period_end: boolean;
+}
+
+interface StripeCheckoutSession {
+  customer: string;
+  subscription: string;
+  metadata: Record<string, string> | null;
+}
+
+interface StripeEvent {
+  type: string;
+  data: {
+    object: StripeSubscription | StripeCheckoutSession;
+  };
+}
+
+async function handleCheckoutCompleted(session: StripeCheckoutSession): Promise<void> {
+  const userId = session.metadata?.userId;
+  if (!userId) {
+    console.error('[Stripe Webhook] checkout.session.completed missing userId in metadata');
+    return;
+  }
+
+  const Stripe = (await import('stripe')).default;
+  const secretKey = process.env.STRIPE_SECRET_KEY;
+  if (!secretKey) throw new Error('STRIPE_SECRET_KEY is not set');
+
+  const stripe = new Stripe(secretKey);
+  const subscription = await stripe.subscriptions.retrieve(session.subscription);
+
+  const data: UpsertSubscriptionData = {
+    userId,
+    stripeCustomerId: session.customer,
+    stripeSubscriptionId: subscription.id,
+    stripePriceId: subscription.items.data[0]?.price.id,
+    status: subscription.status,
+    currentPeriodEnd: new Date(subscription.current_period_end * 1000),
+    cancelAtPeriodEnd: subscription.cancel_at_period_end,
+  };
+
+  await prisma.subscription.upsert({
+    where: { userId },
+    create: {
+      userId: data.userId,
+      stripeCustomerId: data.stripeCustomerId,
+      stripeSubscriptionId: data.stripeSubscriptionId ?? null,
+      stripePriceId: data.stripePriceId ?? null,
+      status: data.status,
+      currentPeriodEnd: data.currentPeriodEnd ?? null,
+      cancelAtPeriodEnd: data.cancelAtPeriodEnd ?? false,
+    },
+    update: {
+      stripeCustomerId: data.stripeCustomerId,
+      stripeSubscriptionId: data.stripeSubscriptionId,
+      stripePriceId: data.stripePriceId,
+      status: data.status,
+      currentPeriodEnd: data.currentPeriodEnd,
+      cancelAtPeriodEnd: data.cancelAtPeriodEnd,
+    },
+  });
+}
+
+async function handleSubscriptionUpdated(subscription: StripeSubscription): Promise<void> {
+  const existing = await prisma.subscription.findUnique({
+    where: { stripeSubscriptionId: subscription.id },
+  });
+
+  if (!existing) {
+    console.warn(
+      `[Stripe Webhook] subscription.updated for unknown subscription: ${subscription.id}`,
+    );
+    return;
+  }
+
+  const data: UpdateSubscriptionStatusData = {
+    status: subscription.status,
+    stripePriceId: subscription.items.data[0]?.price.id,
+    currentPeriodEnd: new Date(subscription.current_period_end * 1000),
+    cancelAtPeriodEnd: subscription.cancel_at_period_end,
+  };
+
+  await prisma.subscription.update({
+    where: { stripeSubscriptionId: subscription.id },
+    data: {
+      status: data.status,
+      stripePriceId: data.stripePriceId,
+      currentPeriodEnd: data.currentPeriodEnd,
+      cancelAtPeriodEnd: data.cancelAtPeriodEnd,
+    },
+  });
+}
+
+async function handleSubscriptionDeleted(subscription: StripeSubscription): Promise<void> {
+  const existing = await prisma.subscription.findUnique({
+    where: { stripeSubscriptionId: subscription.id },
+  });
+
+  if (!existing) {
+    console.warn(
+      `[Stripe Webhook] subscription.deleted for unknown subscription: ${subscription.id}`,
+    );
+    return;
+  }
+
+  await prisma.subscription.update({
+    where: { stripeSubscriptionId: subscription.id },
+    data: {
+      status: 'canceled',
+      cancelAtPeriodEnd: false,
+    },
+  });
+}
+
+export async function POST(request: Request): Promise<NextResponse> {
+  try {
+    const body = await request.text();
+    const signature = request.headers.get('stripe-signature');
+
+    if (!signature) {
+      return NextResponse.json({ error: 'Missing stripe-signature header' }, { status: 400 });
+    }
+
+    const event = (await payments.constructWebhookEvent(body, signature)) as StripeEvent;
+
+    switch (event.type) {
+      case 'checkout.session.completed':
+        await handleCheckoutCompleted(event.data.object as StripeCheckoutSession);
+        break;
+      case 'customer.subscription.updated':
+        await handleSubscriptionUpdated(event.data.object as StripeSubscription);
+        break;
+      case 'customer.subscription.deleted':
+        await handleSubscriptionDeleted(event.data.object as StripeSubscription);
+        break;
+      default:
+        break;
+    }
+
+    return NextResponse.json({ received: true });
+  } catch (error) {
+    console.error('[Stripe Webhook] Error processing event:', error);
+    return NextResponse.json(
+      { error: 'Webhook processing failed' },
+      { status: 400 },
+    );
+  }
+}

package/template/src/app/error.tsx

@@ -0,0 +1,33 @@
+'use client';
+
+import { appConfig } from '@/config/app.config';
+
+interface ErrorPageProps {
+  error: Error & { digest?: string };
+  reset: () => void;
+}
+
+export default function ErrorPage({ error, reset }: ErrorPageProps) {
+  return (
+    <main className="flex min-h-screen flex-col items-center justify-center gap-4 px-4">
+      <p className="text-6xl font-bold text-text-muted">500</p>
+      <h1 className="text-2xl font-semibold text-text-primary">Something went wrong</h1>
+      <p className="max-w-md text-center text-text-secondary">
+        An unexpected error occurred. Please try again, or contact{' '}
+        <a href={`mailto:${appConfig.support.email}`} className="text-text-link hover:underline">
+          support
+        </a>{' '}
+        if the problem persists.
+      </p>
+      {error.digest && (
+        <p className="text-xs text-text-muted">Error reference: {error.digest}</p>
+      )}
+      <button
+        onClick={reset}
+        className="mt-2 rounded-lg bg-brand-primary px-6 py-3 text-sm font-medium text-text-inverse transition-colors hover:bg-brand-primary-hover"
+      >
+        Try again
+      </button>
+    </main>
+  );
+}

package/template/src/app/layout.tsx

@@ -0,0 +1,29 @@
+import type { Metadata } from 'next';
+import { Inter } from 'next/font/google';
+import '@/styles/globals.css';
+import { appConfig } from '@/config/app.config';
+import { Providers } from './providers';
+
+const inter = Inter({
+  subsets: ['latin'],
+  variable: '--font-sans',
+});
+
+export const metadata: Metadata = {
+  title: {
+    default: appConfig.name,
+    template: `%s | ${appConfig.name}`,
+  },
+  description: appConfig.description,
+  metadataBase: new URL(appConfig.url),
+};
+
+export default function RootLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <html lang="en" className={inter.variable} suppressHydrationWarning>
+      <body className="bg-surface-background text-text-primary antialiased">
+        <Providers>{children}</Providers>
+      </body>
+    </html>
+  );
+}

package/template/src/app/not-found.tsx

@@ -0,0 +1,20 @@
+import Link from 'next/link';
+import { appConfig } from '@/config/app.config';
+
+export default function NotFound() {
+  return (
+    <main className="flex min-h-screen flex-col items-center justify-center gap-4 px-4">
+      <p className="text-6xl font-bold text-text-muted">404</p>
+      <h1 className="text-2xl font-semibold text-text-primary">Page not found</h1>
+      <p className="max-w-md text-center text-text-secondary">
+        The page you&apos;re looking for doesn&apos;t exist or has been moved.
+      </p>
+      <Link
+        href="/"
+        className="mt-2 rounded-lg bg-brand-primary px-6 py-3 text-sm font-medium text-text-inverse transition-colors hover:bg-brand-primary-hover"
+      >
+        Go back to {appConfig.name}
+      </Link>
+    </main>
+  );
+}

package/template/src/app/page.tsx

@@ -0,0 +1,136 @@
+'use client';
+
+import { LinkButton } from '@mars-stack/ui';
+import Link from 'next/link';
+import { appConfig } from '@/config/app.config';
+import { routes } from '@/config/routes';
+
+const features = [
+  {
+    title: 'Authentication Built In',
+    description:
+      'Email/password auth, email verification, password reset, and session management — ready from day one.',
+    icon: (
+      <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" strokeWidth={1.5} stroke="currentColor" className="size-6">
+        <path strokeLinecap="round" strokeLinejoin="round" d="M16.5 10.5V6.75a4.5 4.5 0 1 0-9 0v3.75m-.75 11.25h10.5a2.25 2.25 0 0 0 2.25-2.25v-6.75a2.25 2.25 0 0 0-2.25-2.25H6.75a2.25 2.25 0 0 0-2.25 2.25v6.75a2.25 2.25 0 0 0 2.25 2.25Z" />
+      </svg>
+    ),
+  },
+  {
+    title: 'Design Token System',
+    description:
+      'Semantic color tokens, typography scale, and spacing primitives that adapt to light and dark mode automatically.',
+    icon: (
+      <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" strokeWidth={1.5} stroke="currentColor" className="size-6">
+        <path strokeLinecap="round" strokeLinejoin="round" d="M4.098 19.902a3.75 3.75 0 0 0 5.304 0l6.401-6.402M6.75 21A3.75 3.75 0 0 1 3 17.25V4.125C3 3.504 3.504 3 4.125 3h5.25c.621 0 1.125.504 1.125 1.125v4.072M6.75 21a3.75 3.75 0 0 0 3.75-3.75V8.197M6.75 21h13.125c.621 0 1.125-.504 1.125-1.125v-5.25c0-.621-.504-1.125-1.125-1.125h-4.072M10.5 8.197l2.88-2.88c.438-.439 1.15-.439 1.59 0l3.712 3.713c.44.44.44 1.152 0 1.59l-2.879 2.88M6.75 17.25h.008v.008H6.75v-.008Z" />
+      </svg>
+    ),
+  },
+  {
+    title: 'Role-Based Access',
+    description:
+      'Admin panel, role verification on every API request, and ownership-gated routes to keep your data secure.',
+    icon: (
+      <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" strokeWidth={1.5} stroke="currentColor" className="size-6">
+        <path strokeLinecap="round" strokeLinejoin="round" d="M9 12.75 11.25 15 15 9.75m-3-7.036A11.959 11.959 0 0 1 3.598 6 11.99 11.99 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623 5.176-1.332 9-6.03 9-11.622 0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285Z" />
+      </svg>
+    ),
+  },
+  {
+    title: 'Production Ready',
+    description:
+      'Structured logging, rate limiting, CSRF protection, and serverless-friendly patterns out of the box.',
+    icon: (
+      <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" strokeWidth={1.5} stroke="currentColor" className="size-6">
+        <path strokeLinecap="round" strokeLinejoin="round" d="M3.75 13.5l10.5-11.25L12 10.5h8.25L9.75 21.75 12 13.5H3.75Z" />
+      </svg>
+    ),
+  },
+];
+
+export default function HomePage() {
+  return (
+    <div className="flex min-h-screen flex-col bg-surface-background">
+      {/* Hero */}
+      <main className="flex flex-1 flex-col items-center justify-center px-6 py-24 text-center">
+        <span className="mb-6 inline-block rounded-full border border-border-default bg-surface-card px-4 py-1.5 text-sm font-medium text-text-secondary">
+          {appConfig.description}
+        </span>
+
+        <h1 className="mb-6 max-w-2xl text-5xl font-bold leading-[1.1] tracking-tight text-text-primary sm:text-6xl">
+          {appConfig.name}
+        </h1>
+
+        <p className="mx-auto mb-10 max-w-lg text-lg leading-relaxed text-text-secondary">
+          {appConfig.tagline}
+        </p>
+
+        <div className="flex flex-wrap items-center justify-center gap-4">
+          <LinkButton href={routes.signUp} size="lg">
+            Get Started
+          </LinkButton>
+          <LinkButton href={routes.signIn} variant="secondary" size="lg">
+            Sign In
+          </LinkButton>
+        </div>
+      </main>
+
+      {/* Features */}
+      <section className="border-t border-border-default bg-surface-card px-6 py-24">
+        <div className="mx-auto max-w-5xl">
+          <h2 className="mb-4 text-center text-3xl font-bold text-text-primary">Everything you need to ship</h2>
+          <p className="mx-auto mb-16 max-w-xl text-center text-base leading-relaxed text-text-secondary">
+            Stop rebuilding the same infrastructure. Start with a production-grade foundation and
+            focus on what makes your product unique.
+          </p>
+
+          <div className="grid gap-8 sm:grid-cols-2">
+            {features.map((feature) => (
+              <div
+                key={feature.title}
+                className="rounded-2xl border border-border-default bg-surface-background p-8 transition-shadow hover:shadow-md"
+              >
+                <div className="mb-4 flex size-12 items-center justify-center rounded-xl bg-brand-primary-muted text-brand-primary">
+                  {feature.icon}
+                </div>
+                <h3 className="mb-2 text-lg font-semibold text-text-primary">{feature.title}</h3>
+                <p className="text-base leading-relaxed text-text-secondary">{feature.description}</p>
+              </div>
+            ))}
+          </div>
+        </div>
+      </section>
+
+      {/* Footer */}
+      <footer className="border-t border-border-default bg-surface-background px-6 py-12">
+        <div className="mx-auto flex max-w-5xl flex-col items-center gap-6 sm:flex-row sm:justify-between">
+          <p className="text-sm text-text-muted">
+            &copy; {new Date().getFullYear()}{' '}
+            {appConfig.legal.companyName || appConfig.name}. All rights reserved.
+          </p>
+
+          <nav className="flex items-center gap-6">
+            <Link
+              href={routes.terms}
+              className="text-sm text-text-secondary transition-colors hover:text-text-primary"
+            >
+              Terms
+            </Link>
+            <Link
+              href={routes.privacy}
+              className="text-sm text-text-secondary transition-colors hover:text-text-primary"
+            >
+              Privacy
+            </Link>
+            <a
+              href={`mailto:${appConfig.support.email}`}
+              className="text-sm text-text-secondary transition-colors hover:text-text-primary"
+            >
+              Contact
+            </a>
+          </nav>
+        </div>
+      </footer>
+    </div>
+  );
+}