@percepta/create 3.0.0

package/templates/webapp/src/drizzle/migrations/meta/0000_snapshot.json

@@ -0,0 +1,376 @@
+{
+  "id": "33e835dd-70ef-42a5-8790-b8ea2038db7a",
+  "prevId": "00000000-0000-0000-0000-000000000000",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.account": {
+      "name": "account",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "access_token": {
+          "name": "access_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token": {
+          "name": "refresh_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "access_token_expires_at": {
+          "name": "access_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token_expires_at": {
+          "name": "refresh_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "id_token": {
+          "name": "id_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "account_user_id_users_id_fk": {
+          "name": "account_user_id_users_id_fk",
+          "tableFrom": "account",
+          "tableTo": "users",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.session": {
+      "name": "session",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "impersonated_by": {
+          "name": "impersonated_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "session_user_id_users_id_fk": {
+          "name": "session_user_id_users_id_fk",
+          "tableFrom": "session",
+          "tableTo": "users",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "session_token_unique": {
+          "name": "session_token_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "token"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.users": {
+      "name": "users",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email_verified": {
+          "name": "email_verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'user'"
+        },
+        "banned": {
+          "name": "banned",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false,
+          "default": false
+        },
+        "ban_reason": {
+          "name": "ban_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "ban_expires": {
+          "name": "ban_expires",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "lower_email_index": {
+          "name": "lower_email_index",
+          "columns": [
+            {
+              "expression": "lower(\"email\")",
+              "asc": true,
+              "isExpression": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "users_email_unique": {
+          "name": "users_email_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "email"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.verification": {
+      "name": "verification",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {},
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}

package/templates/webapp/src/drizzle/migrations/meta/_journal.json

@@ -0,0 +1,13 @@
+{
+  "version": "7",
+  "dialect": "postgresql",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "7",
+      "when": 1776438047648,
+      "tag": "0000_eager_grandmaster",
+      "breakpoints": true
+    }
+  ]
+}

package/templates/webapp/src/drizzle/schema/auth/accounts.ts

@@ -0,0 +1,33 @@
+import { integer, pgTable, text, timestamp, uuid } from "drizzle-orm/pg-core";
+import { users } from "./users";
+
+/**
+ * Better Auth account table.
+ * Stores OAuth provider links and credential password hashes.
+ * @see https://better-auth.com/docs/concepts/database
+ */
+export const accounts = pgTable("account", {
+  id: text("id")
+    .$defaultFn(() => crypto.randomUUID())
+    .primaryKey(),
+  userId: uuid("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  accountId: text("account_id").notNull(),
+  providerId: text("provider_id").notNull(),
+  accessToken: text("access_token"),
+  refreshToken: text("refresh_token"),
+  expiresAt: integer("expires_at"),
+  accessTokenExpiresAt: timestamp("access_token_expires_at", { mode: "date" }),
+  refreshTokenExpiresAt: timestamp("refresh_token_expires_at", {
+    mode: "date",
+  }),
+  scope: text("scope"),
+  idToken: text("id_token"),
+  password: text("password"),
+  createdAt: timestamp("created_at", { mode: "date" }).notNull(),
+  updatedAt: timestamp("updated_at", { mode: "date" }).notNull(),
+});
+
+export type Account = typeof accounts.$inferSelect;
+export type NewAccount = typeof accounts.$inferInsert;

package/templates/webapp/src/drizzle/schema/auth/sessions.ts

@@ -0,0 +1,25 @@
+import { pgTable, text, timestamp, uuid } from "drizzle-orm/pg-core";
+import { users } from "./users";
+
+/**
+ * Better Auth session table.
+ * @see https://better-auth.com/docs/concepts/database
+ */
+export const sessions = pgTable("session", {
+  id: text("id")
+    .$defaultFn(() => crypto.randomUUID())
+    .primaryKey(),
+  userId: uuid("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  token: text("token").notNull().unique(),
+  expiresAt: timestamp("expires_at", { mode: "date" }).notNull(),
+  ipAddress: text("ip_address"),
+  userAgent: text("user_agent"),
+  impersonatedBy: text("impersonated_by"),
+  createdAt: timestamp("created_at", { mode: "date" }).notNull(),
+  updatedAt: timestamp("updated_at", { mode: "date" }).notNull(),
+});
+
+export type Session = typeof sessions.$inferSelect;
+export type NewSession = typeof sessions.$inferInsert;

package/templates/webapp/src/drizzle/schema/auth/users.ts

@@ -0,0 +1,38 @@
+import { sql } from "drizzle-orm";
+import {
+  boolean,
+  pgTable,
+  text,
+  timestamp,
+  uniqueIndex,
+  uuid,
+} from "drizzle-orm/pg-core";
+
+/**
+ * Users table for Better Auth.
+ * @see https://better-auth.com/docs/concepts/database
+ */
+export const users = pgTable(
+  "users",
+  {
+    id: uuid("id")
+      .$defaultFn(() => crypto.randomUUID())
+      .primaryKey(),
+    name: text("name").notNull(),
+    email: text("email").notNull().unique(),
+    emailVerified: boolean("email_verified").notNull().default(false),
+    image: text("image"),
+    role: text("role").notNull().default("user"),
+    banned: boolean("banned").default(false),
+    banReason: text("ban_reason"),
+    banExpires: timestamp("ban_expires", { mode: "date" }),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+    updatedAt: timestamp("updated_at").defaultNow().notNull(),
+  },
+  (table) => ({
+    emailIndex: uniqueIndex("lower_email_index").on(sql`lower(${table.email})`),
+  }),
+);
+
+export type User = typeof users.$inferSelect;
+export type NewUser = typeof users.$inferInsert;

package/templates/webapp/src/drizzle/schema/auth/verifications.ts

@@ -0,0 +1,19 @@
+import { pgTable, text, timestamp } from "drizzle-orm/pg-core";
+
+/**
+ * Better Auth verification table.
+ * @see https://better-auth.com/docs/concepts/database
+ */
+export const verifications = pgTable("verification", {
+  id: text("id")
+    .$defaultFn(() => crypto.randomUUID())
+    .primaryKey(),
+  identifier: text("identifier").notNull(),
+  value: text("value").notNull(),
+  expiresAt: timestamp("expires_at", { mode: "date" }).notNull(),
+  createdAt: timestamp("created_at", { mode: "date" }),
+  updatedAt: timestamp("updated_at", { mode: "date" }),
+});
+
+export type Verification = typeof verifications.$inferSelect;
+export type NewVerification = typeof verifications.$inferInsert;

package/templates/webapp/src/drizzle/schema/index.ts

@@ -0,0 +1,4 @@
+export { accounts } from "./auth/accounts";
+export { sessions } from "./auth/sessions";
+export { users } from "./auth/users";
+export { verifications } from "./auth/verifications";

package/templates/webapp/src/drizzle/schema/utils/jsonbFromZod.ts

@@ -0,0 +1,25 @@
+import { customType } from "drizzle-orm/pg-core";
+import { type z } from "zod";
+
+export function jsonbFromZod<TValue>(schema: z.Schema<TValue>): ReturnType<
+  typeof customType<{
+    data: TValue;
+    driverData: string;
+  }>
+> {
+  return customType<{
+    data: TValue;
+    driverData: string;
+  }>({
+    dataType() {
+      return "jsonb";
+    },
+    toDriver(value) {
+      return JSON.stringify(schema.parse(value));
+    },
+    fromDriver(raw) {
+      const parsed = schema.parse(raw);
+      return parsed;
+    },
+  });
+}

package/templates/webapp/src/instrumentation.ts

@@ -0,0 +1,35 @@
+import { LangfuseSpanProcessor } from "@langfuse/otel";
+import { getNodeAutoInstrumentations } from "@opentelemetry/auto-instrumentations-node";
+import { NodeSDK } from "@opentelemetry/sdk-node";
+import { compact } from "lodash-es";
+import { getEnvConfig } from "./config/getEnvConfig";
+import { getLogger } from "./services/logger/AppLogger";
+
+function getSpanProcessor(): LangfuseSpanProcessor | undefined {
+  const {
+    LANGFUSE_BASE_URL: baseUrl,
+    LANGFUSE_PUBLIC_KEY: publicKey,
+    LANGFUSE_SECRET_KEY: secretKey,
+  } = getEnvConfig();
+  if (baseUrl == null) {
+    getLogger().debug(
+      undefined,
+      "No Langfuse base URL found. Skipping Langfuse OpenTelemetry.",
+    );
+    return undefined;
+  }
+
+  getLogger().debug(undefined, "Registering Langfuse OpenTelemetry.");
+  return new LangfuseSpanProcessor({
+    baseUrl,
+    publicKey,
+    secretKey,
+  });
+}
+
+const sdk = new NodeSDK({
+  spanProcessors: compact([getSpanProcessor()]),
+  instrumentations: [getNodeAutoInstrumentations()],
+});
+
+sdk.start();

package/templates/webapp/src/lib/auth/index.ts

@@ -0,0 +1,85 @@
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { admin } from "better-auth/plugins";
+import { db } from "../../drizzle/db";
+import { accounts } from "../../drizzle/schema/auth/accounts";
+import { sessions } from "../../drizzle/schema/auth/sessions";
+import { users } from "../../drizzle/schema/auth/users";
+import { verifications } from "../../drizzle/schema/auth/verifications";
+import { getEnvConfig } from "../../config/getEnvConfig";
+import { getLogger } from "../../services/logger/AppLogger";
+
+// eslint-disable-next-line n/no-process-env -- detecting Next.js build phase
+const isBuildPhase = process.env.NEXT_PHASE === "phase-production-build";
+
+function getSecret(): string {
+  if (isBuildPhase) {
+    return "build-placeholder-not-used-at-runtime";
+  }
+
+  const secret = getEnvConfig().BETTER_AUTH_SECRET;
+  if (secret == null) {
+    throw new Error(
+      "BETTER_AUTH_SECRET is required. Set it in your environment variables.",
+    );
+  }
+  return secret;
+}
+
+function createAuth() {
+  const config = getEnvConfig();
+
+  return betterAuth({
+    baseURL: config.BETTER_AUTH_URL,
+    secret: getSecret(),
+    database: drizzleAdapter(db, {
+      provider: "pg",
+      schema: {
+        user: users,
+        session: sessions,
+        account: accounts,
+        verification: verifications,
+      },
+    }),
+    emailAndPassword: {
+      enabled: true,
+    },
+    plugins: [admin()],
+    advanced: {
+      database: {
+        generateId: false,
+      },
+    },
+    logger: {
+      disabled: false,
+    },
+  });
+}
+
+type Auth = ReturnType<typeof createAuth>;
+
+let _auth: Auth | undefined;
+
+function getAuth(): Auth {
+  if (_auth == null) {
+    _auth = createAuth();
+    getLogger().info(undefined, "Better Auth initialized");
+  }
+  return _auth;
+}
+
+/**
+ * Lazy proxy that defers auth initialization to first access (runtime),
+ * avoiding build-time evaluation of environment variables.
+ */
+export const auth = new Proxy({} as Auth, {
+  get(_target, prop, receiver) {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-return
+    return Reflect.get(getAuth(), prop, receiver);
+  },
+  has(_target, prop) {
+    return Reflect.has(getAuth(), prop);
+  },
+});
+
+export type BetterAuthSession = typeof auth.$Infer.Session;

package/templates/webapp/src/lib/auth-client.ts

@@ -0,0 +1,6 @@
+import { createAuthClient } from "better-auth/react";
+import { adminClient } from "better-auth/client/plugins";
+
+export const authClient = createAuthClient({
+  plugins: [adminClient()],
+});

package/templates/webapp/src/lib/trpc.ts

@@ -0,0 +1,15 @@
+import { createTRPCClient, httpBatchLink } from "@trpc/client";
+import { createTRPCContext } from "@trpc/tanstack-react-query";
+import superjson from "superjson";
+import { type AppRouter } from "../server/api/root";
+
+export const trpcClient = createTRPCClient<AppRouter>({
+  links: [
+    httpBatchLink({
+      url: "/api/trpc",
+      transformer: superjson,
+    }),
+  ],
+});
+
+export const { TRPCProvider, useTRPC } = createTRPCContext<AppRouter>();

package/templates/webapp/src/server/api/root.ts

@@ -0,0 +1,5 @@
+import { router } from "../trpc";
+
+export const appRouter = router({});
+
+export type AppRouter = typeof appRouter;