@nubase/create 0.1.3 → 0.1.5

package/dist/index.js

@@ -26,7 +26,7 @@ function replaceInContent(content, options) {
   const kebabName = toKebabCase(options.name);
   const pascalName = toPascalCase(options.name);
   const camelName = toCamelCase(options.name);
-  return content.replace(/__PROJECT_NAME__/g, kebabName).replace(/__PROJECT_NAME_PASCAL__/g, pascalName).replace(/__PROJECT_NAME_CAMEL__/g, camelName).replace(/__DB_NAME__/g, options.dbName).replace(/__DB_USER__/g, options.dbUser).replace(/__DB_PASSWORD__/g, options.dbPassword).replace(/__DEV_PORT__/g, String(options.devPort)).replace(/__TEST_PORT__/g, String(options.testPort)).replace(/__BACKEND_PORT__/g, String(options.backendPort)).replace(/__FRONTEND_PORT__/g, String(options.frontendPort));
+  return content.replace(/__PROJECT_NAME__/g, kebabName).replace(/__PROJECT_NAME_PASCAL__/g, pascalName).replace(/__PROJECT_NAME_CAMEL__/g, camelName).replace(/__DB_NAME__/g, options.dbName).replace(/__DB_USER__/g, options.dbUser).replace(/__DB_PASSWORD__/g, options.dbPassword).replace(/__DEV_PORT__/g, String(options.devPort)).replace(/__TEST_PORT__/g, String(options.testPort)).replace(/__BACKEND_PORT__/g, String(options.backendPort)).replace(/__FRONTEND_PORT__/g, String(options.frontendPort)).replace(/__TEST_BACKEND_PORT__/g, String(options.testBackendPort)).replace(/__TEST_FRONTEND_PORT__/g, String(options.testFrontendPort));
 }
 function copyTemplateDir(src, dest, options) {
   fse.ensureDirSync(dest);
@@ -48,7 +48,7 @@ function copyTemplateDir(src, dest, options) {
   }
 }
 async function main() {
-  program.name("@nubase/create").description("Create a new Nubase application").argument("[project-name]", "Name of the project").option("--db-name <name>", "Database name").option("--db-user <user>", "Database user").option("--db-password <password>", "Database password").option("--dev-port <port>", "Development database port", "5434").option("--test-port <port>", "Test database port", "5435").option("--backend-port <port>", "Backend server port", "3001").option("--frontend-port <port>", "Frontend dev server port", "3002").option("--skip-install", "Skip npm install").parse();
+  program.name("@nubase/create").description("Create a new Nubase application").argument("[project-name]", "Name of the project").option("--db-name <name>", "Database name").option("--db-user <user>", "Database user").option("--db-password <password>", "Database password").option("--dev-port <port>", "Development database port", "5434").option("--test-port <port>", "Test database port", "5435").option("--backend-port <port>", "Backend server port", "3001").option("--frontend-port <port>", "Frontend dev server port", "3002").option("--test-backend-port <port>", "Test backend server port", "4001").option("--test-frontend-port <port>", "Test frontend dev server port", "4002").option("--skip-install", "Skip npm install").parse();
   const args = program.args;
   const opts = program.opts();
   console.log(chalk.bold.cyan("\n  Welcome to Nubase!\n"));
@@ -78,7 +78,9 @@ async function main() {
     devPort: Number.parseInt(opts.devPort, 10),
     testPort: Number.parseInt(opts.testPort, 10),
     backendPort: Number.parseInt(opts.backendPort, 10),
-    frontendPort: Number.parseInt(opts.frontendPort, 10)
+    frontendPort: Number.parseInt(opts.frontendPort, 10),
+    testBackendPort: Number.parseInt(opts.testBackendPort, 10),
+    testFrontendPort: Number.parseInt(opts.testFrontendPort, 10)
   };
   const targetDir = path.join(process.cwd(), projectName);
   if (fs.existsSync(targetDir)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nubase/create",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "Create a new Nubase application",
   "type": "module",
   "bin": {

package/templates/backend/package.json

@@ -4,17 +4,18 @@
   "type": "module",
   "scripts": {
     "dev": "NODE_ENV=development tsx watch src/index.ts",
-    "dev:test": "PORT=__BACKEND_PORT__ DB_PORT=__TEST_PORT__ NODE_ENV=test tsx watch src/index.ts",
+    "dev:test": "PORT=__TEST_BACKEND_PORT__ DB_PORT=__TEST_PORT__ NODE_ENV=test tsx watch src/index.ts",
     "build": "tsc",
     "start": "node dist/index.js",
     "db:dev:up": "docker compose -f docker/dev/docker-compose.yml up -d",
     "db:dev:down": "docker compose -f docker/dev/docker-compose.yml down",
-    "db:dev:kill": "docker compose -f docker/dev/docker-compose.yml down -v",
+    "db:dev:kill": "docker compose -f docker/dev/docker-compose.yml down -v && rm -rf docker/dev/postgresql-data",
     "db:dev:seed": "NODE_ENV=development tsx src/db/seed.ts",
+    "db:dev:reset": "npm run db:dev:kill && npm run db:schema-sync && npm run db:dev:up && sleep 5 && npm run db:dev:seed",
     "db:test:up": "docker compose -f docker/test/docker-compose.yml up -d",
     "db:test:down": "docker compose -f docker/test/docker-compose.yml down",
-    "db:test:kill": "docker compose -f docker/test/docker-compose.yml down -v",
-    "db:seed": "tsx src/db/seed.ts",
+    "db:test:kill": "docker compose -f docker/test/docker-compose.yml down -v && rm -rf docker/test/postgresql-data",
+    "db:test:reset": "npm run db:test:kill && npm run db:schema-sync && npm run db:test:up",
     "db:schema-sync": "cp db/schema.sql docker/dev/postgresql-init/dump.sql && cp db/schema.sql docker/test/postgresql-init/dump.sql",
     "typecheck": "tsc --noEmit",
     "lint": "biome check .",

package/templates/backend/src/api/routes/auth.ts

@@ -1,209 +1,384 @@
+import {
+	createHttpHandler,
+	getAuthController,
+	HttpError,
+} from "@nubase/backend";
 import bcrypt from "bcrypt";
-import { eq } from "drizzle-orm";
-import type { Context } from "hono";
-import { __PROJECT_NAME_PASCAL__AuthController } from "../../auth";
-import { adminDb, db } from "../../db/helpers/drizzle";
-import { userWorkspaces, users, workspaces } from "../../db/schema";
-
-const authController = new __PROJECT_NAME_PASCAL__AuthController();
+import { and, eq, inArray } from "drizzle-orm";
+import { apiEndpoints } from "schema";
+import jwt from "jsonwebtoken";
+import type { __PROJECT_NAME_PASCAL__User } from "../../auth";
+import { getAdminDb } from "../../db/helpers/drizzle";
+import { users, userWorkspaces, workspaces } from "../../db/schema";
+
+// Short-lived secret for login tokens (in production, use a proper secret)
+const LOGIN_TOKEN_SECRET =
+	process.env.LOGIN_TOKEN_SECRET ||
+	"nubase-login-token-secret-change-in-production";
+const LOGIN_TOKEN_EXPIRY = "5m"; // 5 minutes to complete workspace selection
+
+interface LoginTokenPayload {
+	userId: number;
+	username: string;
+}
 
 export const authHandlers = {
-	async loginStart(c: Context) {
-		const { email, password } = await c.req.json();
-
-		const [user] = await db.select().from(users).where(eq(users.email, email));
-
-		if (!user) {
-			return c.json({ error: "Invalid credentials" }, 401);
-		}
-
-		const isValid = await bcrypt.compare(password, user.passwordHash);
-		if (!isValid) {
-			return c.json({ error: "Invalid credentials" }, 401);
-		}
-
-		// Get user's workspaces
-		const userWs = await db
-			.select({
-				id: workspaces.id,
-				slug: workspaces.slug,
-				name: workspaces.name,
-			})
-			.from(userWorkspaces)
-			.innerJoin(workspaces, eq(userWorkspaces.workspaceId, workspaces.id))
-			.where(eq(userWorkspaces.userId, user.id));
-
-		return c.json({ workspaces: userWs });
-	},
-
-	async loginComplete(c: Context) {
-		const { email, password, workspaceId } = await c.req.json();
-
-		const [user] = await db.select().from(users).where(eq(users.email, email));
-
-		if (!user) {
-			return c.json({ error: "Invalid credentials" }, 401);
-		}
-
-		const isValid = await bcrypt.compare(password, user.passwordHash);
-		if (!isValid) {
-			return c.json({ error: "Invalid credentials" }, 401);
-		}
-
-		const [workspace] = await db
-			.select()
-			.from(workspaces)
-			.where(eq(workspaces.id, workspaceId));
-
-		if (!workspace) {
-			return c.json({ error: "Workspace not found" }, 404);
-		}
-
-		const token = authController.generateToken({
-			userId: user.id,
-			workspaceId: workspace.id,
-			username: user.username,
-		});
-
-		return c.json({
-			token,
-			user: { id: user.id, email: user.email, username: user.username },
-			workspace: { id: workspace.id, slug: workspace.slug, name: workspace.name },
-		});
-	},
-
-	async login(c: Context) {
-		const { email, password } = await c.req.json();
-
-		const [user] = await db.select().from(users).where(eq(users.email, email));
-
-		if (!user) {
-			return c.json({ error: "Invalid credentials" }, 401);
-		}
-
-		const isValid = await bcrypt.compare(password, user.passwordHash);
-		if (!isValid) {
-			return c.json({ error: "Invalid credentials" }, 401);
-		}
-
-		// Get first workspace for simple login
-		const [userWs] = await db
-			.select({
-				id: workspaces.id,
-				slug: workspaces.slug,
-				name: workspaces.name,
-			})
-			.from(userWorkspaces)
-			.innerJoin(workspaces, eq(userWorkspaces.workspaceId, workspaces.id))
-			.where(eq(userWorkspaces.userId, user.id));
-
-		if (!userWs) {
-			return c.json({ error: "No workspace found" }, 404);
-		}
-
-		const token = authController.generateToken({
-			userId: user.id,
-			workspaceId: userWs.id,
-			username: user.username,
-		});
-
-		return c.json({
-			token,
-			user: { id: user.id, email: user.email, username: user.username },
-			workspace: userWs,
-		});
-	},
-
-	async logout(c: Context) {
-		// Client-side token removal
-		return c.json({ success: true });
-	},
-
-	async getMe(c: Context) {
-		const authHeader = c.req.header("Authorization");
-		if (!authHeader?.startsWith("Bearer ")) {
-			return c.json({ error: "Unauthorized" }, 401);
-		}
-
-		const token = authHeader.slice(7);
-		const payload = authController.verifyToken(token);
-
-		if (!payload) {
-			return c.json({ error: "Invalid token" }, 401);
-		}
-
-		const [user] = await db
-			.select()
-			.from(users)
-			.where(eq(users.id, payload.userId));
-
-		if (!user) {
-			return c.json({ error: "User not found" }, 404);
-		}
-
-		const [workspace] = await db
-			.select()
-			.from(workspaces)
-			.where(eq(workspaces.id, payload.workspaceId));
-
-		return c.json({
-			user: { id: user.id, email: user.email, username: user.username },
-			workspace: workspace
-				? { id: workspace.id, slug: workspace.slug, name: workspace.name }
-				: null,
-		});
-	},
-
-	async signup(c: Context) {
-		const { email, username, password, workspaceName } = await c.req.json();
-
-		// Check if user exists
-		const [existingUser] = await db
-			.select()
-			.from(users)
-			.where(eq(users.email, email));
-
-		if (existingUser) {
-			return c.json({ error: "Email already registered" }, 400);
-		}
-
-		// Create user
-		const passwordHash = await bcrypt.hash(password, 10);
-		const [user] = await adminDb
-			.insert(users)
-			.values({ email, username, passwordHash })
-			.returning();
-
-		// Create or get workspace
-		const wsSlug = workspaceName?.toLowerCase().replace(/\s+/g, "-") || "default";
-		let [workspace] = await db
-			.select()
-			.from(workspaces)
-			.where(eq(workspaces.slug, wsSlug));
-
-		if (!workspace) {
-			[workspace] = await adminDb
+	/**
+	 * Login Start handler - Step 1 of two-step auth.
+	 * Validates credentials and returns list of workspaces.
+	 */
+	loginStart: createHttpHandler({
+		endpoint: apiEndpoints.loginStart,
+		handler: async ({ body }) => {
+			// Find user by username
+			const [user] = await getAdminDb()
+				.select()
+				.from(users)
+				.where(eq(users.username, body.username));
+
+			if (!user) {
+				throw new HttpError(401, "Invalid username or password");
+			}
+
+			// Verify password
+			const isValidPassword = await bcrypt.compare(
+				body.password,
+				user.passwordHash,
+			);
+			if (!isValidPassword) {
+				throw new HttpError(401, "Invalid username or password");
+			}
+
+			// Get all workspaces this user belongs to
+			const userWorkspaceRows = await getAdminDb()
+				.select()
+				.from(userWorkspaces)
+				.where(eq(userWorkspaces.userId, user.id));
+
+			if (userWorkspaceRows.length === 0) {
+				throw new HttpError(401, "User has no workspace access");
+			}
+
+			// Fetch workspace details
+			const workspaceIds = userWorkspaceRows.map((uw) => uw.workspaceId);
+			const workspaceList = await getAdminDb()
+				.select()
+				.from(workspaces)
+				.where(inArray(workspaces.id, workspaceIds));
+
+			// Create a short-lived login token
+			const loginToken = jwt.sign(
+				{
+					userId: user.id,
+					username: body.username,
+				} satisfies LoginTokenPayload,
+				LOGIN_TOKEN_SECRET,
+				{ expiresIn: LOGIN_TOKEN_EXPIRY },
+			);
+
+			return {
+				loginToken,
+				username: body.username,
+				workspaces: workspaceList.map((w) => ({
+					id: w.id,
+					slug: w.slug,
+					name: w.name,
+				})),
+			};
+		},
+	}),
+
+	/**
+	 * Login Complete handler - Step 2 of two-step auth.
+	 * Validates the login token and selected workspace.
+	 */
+	loginComplete: createHttpHandler({
+		endpoint: apiEndpoints.loginComplete,
+		handler: async ({ body, ctx }) => {
+			const authController = getAuthController<__PROJECT_NAME_PASCAL__User>(ctx);
+
+			// Verify the login token
+			let decoded: LoginTokenPayload;
+			try {
+				decoded = jwt.verify(
+					body.loginToken,
+					LOGIN_TOKEN_SECRET,
+				) as LoginTokenPayload;
+			} catch {
+				throw new HttpError(401, "Invalid or expired login token");
+			}
+
+			// Look up the selected workspace
+			const [workspace] = await getAdminDb()
+				.select()
+				.from(workspaces)
+				.where(eq(workspaces.slug, body.workspace));
+
+			if (!workspace) {
+				throw new HttpError(404, `Workspace not found: ${body.workspace}`);
+			}
+
+			// Verify user has access to this workspace
+			const [access] = await getAdminDb()
+				.select()
+				.from(userWorkspaces)
+				.where(
+					and(
+						eq(userWorkspaces.userId, decoded.userId),
+						eq(userWorkspaces.workspaceId, workspace.id),
+					),
+				);
+
+			if (!access) {
+				throw new HttpError(403, "You do not have access to this workspace");
+			}
+
+			// Fetch the user
+			const [dbUser] = await getAdminDb()
+				.select()
+				.from(users)
+				.where(eq(users.id, decoded.userId));
+
+			if (!dbUser) {
+				throw new HttpError(401, "User not found");
+			}
+
+			// Create user object for token
+			const user: __PROJECT_NAME_PASCAL__User = {
+				id: dbUser.id,
+				email: dbUser.email,
+				username: dbUser.username,
+				workspaceId: workspace.id,
+			};
+
+			// Create and set the auth token
+			const token = await authController.createToken(user);
+			authController.setTokenInResponse(ctx, token);
+
+			return {
+				user: {
+					id: user.id,
+					email: user.email,
+					username: user.username,
+				},
+				workspace: {
+					id: workspace.id,
+					slug: workspace.slug,
+					name: workspace.name,
+				},
+			};
+		},
+	}),
+
+	/**
+	 * Legacy Login handler - validates credentials and sets HttpOnly cookie.
+	 * @deprecated Use loginStart and loginComplete for two-step flow
+	 */
+	login: createHttpHandler({
+		endpoint: apiEndpoints.login,
+		handler: async ({ body, ctx }) => {
+			const authController = getAuthController<__PROJECT_NAME_PASCAL__User>(ctx);
+
+			// Look up workspace
+			const [workspace] = await getAdminDb()
+				.select()
+				.from(workspaces)
+				.where(eq(workspaces.slug, body.workspace));
+
+			if (!workspace) {
+				throw new HttpError(404, `Workspace not found: ${body.workspace}`);
+			}
+
+			// Find user by username
+			const [dbUser] = await getAdminDb()
+				.select()
+				.from(users)
+				.where(eq(users.username, body.username));
+
+			if (!dbUser) {
+				throw new HttpError(401, "Invalid username or password");
+			}
+
+			// Verify password
+			const isValidPassword = await bcrypt.compare(
+				body.password,
+				dbUser.passwordHash,
+			);
+			if (!isValidPassword) {
+				throw new HttpError(401, "Invalid username or password");
+			}
+
+			// Verify user has access to this workspace
+			const [access] = await getAdminDb()
+				.select()
+				.from(userWorkspaces)
+				.where(
+					and(
+						eq(userWorkspaces.userId, dbUser.id),
+						eq(userWorkspaces.workspaceId, workspace.id),
+					),
+				);
+
+			if (!access) {
+				throw new HttpError(403, "You do not have access to this workspace");
+			}
+
+			// Create user object for token
+			const user: __PROJECT_NAME_PASCAL__User = {
+				id: dbUser.id,
+				email: dbUser.email,
+				username: dbUser.username,
+				workspaceId: workspace.id,
+			};
+
+			// Create and set token
+			const token = await authController.createToken(user);
+			authController.setTokenInResponse(ctx, token);
+
+			return {
+				user: {
+					id: user.id,
+					email: user.email,
+					username: user.username,
+				},
+			};
+		},
+	}),
+
+	/** Logout handler - clears the auth cookie. */
+	logout: createHttpHandler({
+		endpoint: apiEndpoints.logout,
+		handler: async ({ ctx }) => {
+			const authController = getAuthController(ctx);
+			authController.clearTokenFromResponse(ctx);
+			return { success: true };
+		},
+	}),
+
+	/** Get current user handler. */
+	getMe: createHttpHandler<
+		typeof apiEndpoints.getMe,
+		"optional",
+		__PROJECT_NAME_PASCAL__User
+	>({
+		endpoint: apiEndpoints.getMe,
+		auth: "optional",
+		handler: async ({ user }) => {
+			if (!user) {
+				return { user: undefined };
+			}
+
+			return {
+				user: {
+					id: user.id,
+					email: user.email,
+					username: user.username,
+				},
+			};
+		},
+	}),
+
+	/** Signup handler - creates a new workspace and admin user. */
+	signup: createHttpHandler({
+		endpoint: apiEndpoints.signup,
+		handler: async ({ body, ctx }) => {
+			const authController = getAuthController<__PROJECT_NAME_PASCAL__User>(ctx);
+
+			// Validate workspace slug format
+			if (!/^[a-z0-9-]+$/.test(body.workspace)) {
+				throw new HttpError(
+					400,
+					"Workspace slug must be lowercase and contain only letters, numbers, and hyphens",
+				);
+			}
+
+			// Check if workspace slug already exists
+			const [existingWorkspace] = await getAdminDb()
+				.select()
+				.from(workspaces)
+				.where(eq(workspaces.slug, body.workspace));
+
+			if (existingWorkspace) {
+				throw new HttpError(409, "Organization slug is already taken");
+			}
+
+			// Check if username already exists
+			const [existingUser] = await getAdminDb()
+				.select()
+				.from(users)
+				.where(eq(users.username, body.username));
+
+			if (existingUser) {
+				throw new HttpError(409, "Username is already taken");
+			}
+
+			// Check if email already exists
+			const [existingEmail] = await getAdminDb()
+				.select()
+				.from(users)
+				.where(eq(users.email, body.email));
+
+			if (existingEmail) {
+				throw new HttpError(409, "Email is already registered");
+			}
+
+			// Validate password length
+			if (body.password.length < 8) {
+				throw new HttpError(400, "Password must be at least 8 characters long");
+			}
+
+			// Create the workspace
+			const [newWorkspace] = await getAdminDb()
 				.insert(workspaces)
-				.values({ slug: wsSlug, name: workspaceName || "Default Workspace" })
+				.values({
+					slug: body.workspace,
+					name: body.workspaceName,
+				})
+				.returning();
+
+			// Hash the password
+			const passwordHash = await bcrypt.hash(body.password, 10);
+
+			// Create the admin user
+			const [newUser] = await getAdminDb()
+				.insert(users)
+				.values({
+					email: body.email,
+					username: body.username,
+					passwordHash,
+				})
 				.returning();
-		}
-
-		// Link user to workspace
-		await adminDb.insert(userWorkspaces).values({
-			userId: user.id,
-			workspaceId: workspace.id,
-		});
-
-		const token = authController.generateToken({
-			userId: user.id,
-			workspaceId: workspace.id,
-			username: user.username,
-		});
-
-		return c.json({
-			token,
-			user: { id: user.id, email: user.email, username: user.username },
-			workspace: { id: workspace.id, slug: workspace.slug, name: workspace.name },
-		});
-	},
+
+			// Link user to workspace
+			await getAdminDb().insert(userWorkspaces).values({
+				userId: newUser.id,
+				workspaceId: newWorkspace.id,
+			});
+
+			// Create user object for token
+			const user: __PROJECT_NAME_PASCAL__User = {
+				id: newUser.id,
+				email: newUser.email,
+				username: newUser.username,
+				workspaceId: newWorkspace.id,
+			};
+
+			// Create and set the auth token
+			const token = await authController.createToken(user);
+			authController.setTokenInResponse(ctx, token);
+
+			return {
+				user: {
+					id: user.id,
+					email: user.email,
+					username: user.username,
+				},
+				workspace: {
+					id: newWorkspace.id,
+					slug: newWorkspace.slug,
+					name: newWorkspace.name,
+				},
+			};
+		},
+	}),
 };

package/templates/backend/src/api/routes/index.ts

@@ -1,2 +1,3 @@
 export * from "./ticket";
 export * from "./auth";
+export * from "./test-utils";