@restforgejs/platform 5.2.13 → 5.2.16

package/generators/cli/project/auth.js

@@ -0,0 +1,209 @@
+'use strict';
+
+/**
+ * Contract: project auth
+ *
+ * Memasang "auth extension" (SDF, tabel, component, processor) ke project
+ * RESTForge yang sudah ada. Setelah validasi prasyarat (phase 00), handler
+ * menulis dua file SDF auth ber-prefix `rfx` ke `--schema-path` (Fungsi 1),
+ * lalu membuat tabelnya di DB via primitif dbschema-kit langsung (Fungsi 2),
+ * lalu menulis component middleware + router auth tanpa google (Fungsi 3a),
+ * lalu menulis keenam processor auth tanpa google (Fungsi 3b), lalu
+ * menginjeksi variabel env auth ke `--config` dan memverifikasi/mencatat
+ * dependency runtime `bcrypt`+`jsonwebtoken` (Fungsi tambahan, phase 05),
+ * lalu mencetak ringkasan akhir.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+const { validateSafeName } = require('../../lib/utils/path-validator');
+const projectRegistry = require('../../lib/utils/project-registry');
+const { PREFIX } = require('../../lib/auth/prefix');
+const { generateAuthSdf } = require('../../lib/auth/sdf-generator');
+const { runAuthMigrate } = require('../../lib/auth/migrate-runner');
+const { generateAuthComponents } = require('../../lib/auth/component-generator');
+const { generateAuthProcessors } = require('../../lib/auth/processor-generator');
+const { injectAuthEnv } = require('../../lib/auth/env-injector');
+const { ensureAuthDependencies } = require('../../lib/auth/dependency-checker');
+
+function projectExists(workingDir, projectName) {
+    const modulePath = path.join(workingDir, 'src', 'modules', `${projectName}.js`);
+    if (fs.existsSync(modulePath)) {
+        return true;
+    }
+
+    const registry = projectRegistry.loadProjectRegistry();
+    return Boolean(registry.projects && registry.projects[projectName]);
+}
+
+module.exports = {
+    resource: 'project',
+    verb: 'auth',
+    description: 'Install auth extension (SDF, tabel, component, processor) ke project existing',
+    category: 'generation',
+    flags: {
+        create: {
+            type: 'boolean',
+            required: false,
+            default: false,
+            description: 'Trigger eksekusi instalasi auth extension (wajib disertakan)'
+        },
+        project: {
+            type: 'string',
+            required: false,
+            default: null,
+            description: 'Nama project target (kanonik; alias: --name)'
+        },
+        name: {
+            type: 'string',
+            required: false,
+            default: null,
+            description: 'Alias dari --project'
+        },
+        'schema-path': {
+            type: 'string',
+            required: false,
+            default: './schema',
+            description: 'Folder output file SDF auth'
+        },
+        config: {
+            type: 'string',
+            required: false,
+            default: 'config/db-connection.env',
+            description: 'File konfigurasi koneksi DB untuk langkah migrate'
+        },
+        force: {
+            type: 'boolean',
+            required: false,
+            default: false,
+            description: 'Timpa file yang sudah ada (backup tetap dibuat)'
+        }
+    },
+    examples: [
+        'npx restforge project auth --create --project=myapp',
+        'npx restforge project auth --create --name=myapp --schema-path=./schema'
+    ],
+    async handler(args) {
+        if (args.create !== true) {
+            throw new Error(
+                'Flag --create wajib disertakan untuk memicu instalasi auth extension. ' +
+                'Contoh: npx restforge project auth --create --project=<nama-project>'
+            );
+        }
+
+        const rawName = args.project || args.name;
+        if (!rawName) {
+            throw new Error('Salah satu dari --project atau --name wajib diisi dengan nama project target');
+        }
+
+        const projectName = validateSafeName(rawName, 'project');
+        const workingDir = process.cwd();
+
+        if (!projectExists(workingDir, projectName)) {
+            throw new Error(
+                `Project "${projectName}" tidak ditemukan (src/modules/${projectName}.js tidak ada). ` +
+                'Buat project lebih dulu (mis. "npx restforge endpoint create") sebelum menjalankan project auth.'
+            );
+        }
+
+        const schemaPath = path.resolve(workingDir, args['schema-path'] || './schema');
+        const { written, skipped } = generateAuthSdf({ schemaPath, force: args.force === true });
+
+        console.log('');
+        console.log(`Prasyarat OK untuk project "${projectName}" (prefix artefak: ${PREFIX}).`);
+        if (written.length > 0) {
+            console.log(`SDF auth ditulis: ${written.map((p) => path.basename(p)).join(', ')}`);
+        }
+        if (skipped.length > 0) {
+            console.log(
+                `SDF auth sudah ada, dilewati (gunakan --force untuk overwrite): ${skipped.map((p) => path.basename(p)).join(', ')}`
+            );
+        }
+
+        const configPath = args.config || 'config/db-connection.env';
+        const migrateResult = await runAuthMigrate({ schemaPath, configPath });
+        console.log(
+            `Tabel auth siap: ${migrateResult.tables.join(', ')} ` +
+            `(dialect: ${migrateResult.dialect}, ${migrateResult.statementsApplied} statement diterapkan).`
+        );
+
+        const middlewareDir = path.join(workingDir, 'src', 'components', 'handlers');
+        const routerDir = path.join(workingDir, 'src', 'modules', projectName);
+        const { written: componentsWritten, skipped: componentsSkipped } = generateAuthComponents({
+            middlewareDir,
+            routerDir,
+            projectName,
+            force: args.force === true
+        });
+
+        if (componentsWritten.length > 0) {
+            console.log(
+                `Component/router auth ditulis: ${componentsWritten.map((p) => path.relative(workingDir, p)).join(', ')}`
+            );
+        }
+        if (componentsSkipped.length > 0) {
+            console.log(
+                `Component/router auth sudah ada, dilewati (gunakan --force untuk overwrite): ` +
+                `${componentsSkipped.map((p) => path.relative(workingDir, p)).join(', ')}`
+            );
+        }
+
+        const processorDir = path.join(workingDir, 'src', 'modules', projectName, 'processor', 'auth');
+        const { written: processorsWritten, skipped: processorsSkipped } = generateAuthProcessors({
+            processorDir,
+            force: args.force === true
+        });
+
+        if (processorsWritten.length > 0) {
+            console.log(
+                `Processor auth ditulis: ${processorsWritten.map((p) => path.relative(workingDir, p)).join(', ')}`
+            );
+        }
+        if (processorsSkipped.length > 0) {
+            console.log(
+                `Processor auth sudah ada, dilewati (gunakan --force untuk overwrite): ` +
+                `${processorsSkipped.map((p) => path.relative(workingDir, p)).join(', ')}`
+            );
+        }
+        const envResult = injectAuthEnv({ configPath });
+        const dependencyResult = ensureAuthDependencies({ workingDir });
+
+        console.log('');
+        console.log(`Environment auth (${path.relative(workingDir, envResult.filePath) || envResult.filePath}):`);
+        if (envResult.added.length > 0) {
+            console.log(`  ditambahkan: ${envResult.added.join(', ')}`);
+        }
+        if (envResult.skipped.length > 0) {
+            console.log(`  sudah ada, dilewati (nilai existing dipertahankan): ${envResult.skipped.join(', ')}`);
+        }
+
+        console.log('Dependency runtime (bcrypt, jsonwebtoken):');
+        for (const [depName, info] of Object.entries(dependencyResult.resolution)) {
+            console.log(`  ${depName}: ${info.resolvable ? `resolvable (${info.resolvedPath})` : 'TIDAK resolvable dari project target'}`);
+        }
+        if (dependencyResult.packageJson.hasPackageJson) {
+            if (dependencyResult.packageJson.added.length > 0) {
+                console.log(`  package.json diperbarui, dependencies ditambahkan: ${dependencyResult.packageJson.added.join(', ')}`);
+            } else {
+                console.log('  package.json project sudah mencantumkan bcrypt & jsonwebtoken (tidak diubah)');
+            }
+        } else {
+            console.log('  package.json tidak ditemukan di project target, tidak dicatat otomatis');
+        }
+        if (dependencyResult.needsInstallInstruction) {
+            console.log('  Jalankan "npm install bcrypt jsonwebtoken" di project target sebelum start server.');
+        }
+
+        console.log('');
+        console.log('Auth extension terpasang.');
+        console.log('Langkah lanjutan:');
+        if (envResult.jwtSecretGenerated) {
+            console.log('  - JWT_SECRET baru di-generate acak; rotate berkala sesuai kebijakan keamanan bila perlu.');
+        }
+        if (dependencyResult.needsInstallInstruction) {
+            console.log('  - Jalankan npm install agar bcrypt/jsonwebtoken terpasang sebelum start server.');
+        }
+        console.log('  - Restart server agar perubahan environment dan route auth termuat.');
+        console.log('');
+    }
+};

package/generators/lib/auth/component-generator.js

@@ -0,0 +1,58 @@
+'use strict';
+
+/**
+ * Generator component middleware + router auth (Fungsi 3a). Merender aset
+ * template di `templates/` via template-renderer, lalu menulis ke lokasi
+ * target memakai writeFileWithBackup — perilaku force/skip identik Fungsi 1
+ * (sdf-generator.js): tanpa --force file existing di-skip, dengan --force
+ * di-overwrite + backup.
+ *
+ * Processor (Fungsi 3b, Phase 04) TIDAK ditulis di sini.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const { renderTemplate } = require('./template-renderer');
+const FileUtils = require('../utils/file-utils');
+const { AUTH_MIDDLEWARE_NAME, AUTH_ROUTER_NAME } = require('./prefix');
+
+const TEMPLATES_DIR = path.join(__dirname, 'templates');
+
+/**
+ * @param {{ middlewareDir: string, routerDir: string, projectName: string, force?: boolean }} options
+ * @returns {{ written: string[], skipped: string[] }}
+ */
+function generateAuthComponents({ middlewareDir, routerDir, projectName, force = false }) {
+    const targets = [
+        {
+            templateFile: 'rfx_auth-middleware.js.tmpl',
+            targetPath: path.join(middlewareDir, `${AUTH_MIDDLEWARE_NAME}.js`),
+            params: {}
+        },
+        {
+            templateFile: 'rfx_auth.js.tmpl',
+            targetPath: path.join(routerDir, `${AUTH_ROUTER_NAME}.js`),
+            params: { PROJECT_NAME: projectName }
+        }
+    ];
+
+    const written = [];
+    const skipped = [];
+
+    for (const target of targets) {
+        if (fs.existsSync(target.targetPath) && !force) {
+            skipped.push(target.targetPath);
+            continue;
+        }
+
+        const templatePath = path.join(TEMPLATES_DIR, target.templateFile);
+        const content = renderTemplate(templatePath, target.params);
+        FileUtils.writeFileWithBackup(target.targetPath, content, true);
+        written.push(target.targetPath);
+    }
+
+    return { written, skipped };
+}
+
+module.exports = { generateAuthComponents };

package/generators/lib/auth/dependency-checker.js

@@ -0,0 +1,102 @@
+'use strict';
+
+/**
+ * Verifikasi + pencatatan dependency runtime auth extension (Fungsi tambahan,
+ * Phase 05, menutup keputusan #6 campaign): middleware butuh `jsonwebtoken`,
+ * processor butuh `bcrypt`.
+ *
+ * Verifikasi resolvability memakai `require.resolve(pkg, { paths: [...] })`
+ * persis algoritma resolusi Node — bukan sekadar cek folder `node_modules/`,
+ * agar hasilnya benar walau dependency ter-hoist ke level lain.
+ *
+ * Pencatatan ke `package.json` project bersifat idempoten (tidak menimpa
+ * versi yang sudah ada) dan TIDAK pernah menjalankan `npm install`.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const PLATFORM_PACKAGE_JSON = require('../../../package.json');
+
+const REQUIRED_DEPENDENCIES = {
+    bcrypt: PLATFORM_PACKAGE_JSON.dependencies.bcrypt,
+    jsonwebtoken: PLATFORM_PACKAGE_JSON.dependencies.jsonwebtoken
+};
+
+/**
+ * @param {string} pkgName
+ * @param {string} fromDir
+ * @returns {string|null} Resolved entry path, atau null bila tidak resolvable.
+ */
+function resolvePackage(pkgName, fromDir) {
+    try {
+        return require.resolve(pkgName, { paths: [fromDir] });
+    } catch (err) {
+        return null;
+    }
+}
+
+/**
+ * Tambahkan `bcrypt`/`jsonwebtoken` ke `dependencies` package.json project
+ * bila belum ada. Tidak pernah menurunkan/menimpa versi yang sudah di-set.
+ *
+ * @param {string} workingDir
+ * @returns {{ hasPackageJson: boolean, pkgPath: string, updated: boolean, added: string[] }}
+ */
+function ensurePackageJsonDependencies(workingDir) {
+    const pkgPath = path.join(workingDir, 'package.json');
+
+    if (!fs.existsSync(pkgPath)) {
+        return { hasPackageJson: false, pkgPath, updated: false, added: [] };
+    }
+
+    const raw = fs.readFileSync(pkgPath, 'utf8');
+    let pkg;
+    try {
+        pkg = JSON.parse(raw);
+    } catch (err) {
+        throw new Error(`Gagal parse ${pkgPath}: ${err.message}`);
+    }
+
+    pkg.dependencies = pkg.dependencies || {};
+    const added = [];
+
+    for (const [name, version] of Object.entries(REQUIRED_DEPENDENCIES)) {
+        if (!Object.prototype.hasOwnProperty.call(pkg.dependencies, name)) {
+            pkg.dependencies[name] = version;
+            added.push(name);
+        }
+    }
+
+    if (added.length > 0) {
+        fs.writeFileSync(pkgPath, `${JSON.stringify(pkg, null, 2)}\n`, 'utf8');
+    }
+
+    return { hasPackageJson: true, pkgPath, updated: added.length > 0, added };
+}
+
+/**
+ * @param {{ workingDir?: string }} options
+ * @returns {{
+ *   resolution: Record<string, { resolvable: boolean, resolvedPath: string|null }>,
+ *   allResolvable: boolean,
+ *   packageJson: { hasPackageJson: boolean, pkgPath: string, updated: boolean, added: string[] },
+ *   needsInstallInstruction: boolean
+ * }}
+ */
+function ensureAuthDependencies({ workingDir = process.cwd() } = {}) {
+    const resolution = {};
+    for (const name of Object.keys(REQUIRED_DEPENDENCIES)) {
+        const resolvedPath = resolvePackage(name, workingDir);
+        resolution[name] = { resolvable: Boolean(resolvedPath), resolvedPath };
+    }
+    const allResolvable = Object.values(resolution).every((r) => r.resolvable);
+
+    const packageJson = ensurePackageJsonDependencies(workingDir);
+
+    const needsInstallInstruction = !allResolvable || !packageJson.hasPackageJson;
+
+    return { resolution, allResolvable, packageJson, needsInstallInstruction };
+}
+
+module.exports = { ensureAuthDependencies, REQUIRED_DEPENDENCIES, resolvePackage };

package/generators/lib/auth/env-injector.js

@@ -0,0 +1,81 @@
+'use strict';
+
+/**
+ * Injeksi variabel env auth (Fungsi tambahan, Phase 05) ke file `--config`,
+ * meniru blok Auth/JWT pada prototype `myapp-with-auth/config/db-connection.env`.
+ * Idempoten: hanya menambahkan key yang belum ada di file; tidak pernah
+ * menimpa nilai existing (termasuk JWT_SECRET yang sudah di-set user).
+ *
+ * Resolusi path config memakai `resolveConfig()` yang sama dipakai
+ * migrate-runner.js, agar blok Auth/JWT ditambahkan ke file yang sama dengan
+ * yang dipakai langkah migrate (cascade lookup cwd -> config/ -> +.env).
+ */
+
+const crypto = require('node:crypto');
+const path = require('node:path');
+
+const { readEnvFile, writeEnvFile } = require('../utils/env-manager');
+const { resolveConfig } = require('../utils/config-resolver');
+
+const AUTH_ENV_DEFAULTS = {
+    JWT_ALGORITHM: 'HS256',
+    ACCESS_TOKEN_EXPIRY_MIN: '60',
+    REFRESH_TOKEN_EXPIRY_DAYS: '30',
+    GOOGLE_CLIENT_ID: ''
+};
+
+const AUTH_ENV_KEYS = [
+    'JWT_SECRET',
+    'JWT_ALGORITHM',
+    'ACCESS_TOKEN_EXPIRY_MIN',
+    'REFRESH_TOKEN_EXPIRY_DAYS',
+    'GOOGLE_CLIENT_ID'
+];
+
+const AUTH_ENV_HEADER_COMMENT = '# Auth / JWT Configuration (rfx_auth, generated by "project auth")';
+
+function generateJwtSecret() {
+    return crypto.randomBytes(48).toString('hex');
+}
+
+/**
+ * @param {{ configPath: string, workingDir?: string }} options
+ * @returns {{
+ *   filePath: string,
+ *   added: string[],
+ *   skipped: string[],
+ *   jwtSecretGenerated: boolean
+ * }}
+ */
+function injectAuthEnv({ configPath, workingDir = process.cwd() } = {}) {
+    const resolved = resolveConfig(configPath, workingDir);
+    const filePath = resolved ? resolved.path : path.resolve(workingDir, configPath || 'config/db-connection.env');
+
+    const { data, lines } = readEnvFile(filePath);
+    const added = [];
+    const skipped = [];
+
+    for (const key of AUTH_ENV_KEYS) {
+        if (Object.prototype.hasOwnProperty.call(data, key)) {
+            skipped.push(key);
+            continue;
+        }
+
+        data[key] = key === 'JWT_SECRET' ? generateJwtSecret() : AUTH_ENV_DEFAULTS[key];
+        added.push(key);
+    }
+
+    if (added.length > 0) {
+        const nextLines = lines.length > 0 ? [...lines, '', AUTH_ENV_HEADER_COMMENT] : [AUTH_ENV_HEADER_COMMENT];
+        writeEnvFile(filePath, data, nextLines);
+    }
+
+    return {
+        filePath,
+        added,
+        skipped,
+        jwtSecretGenerated: added.includes('JWT_SECRET')
+    };
+}
+
+module.exports = { injectAuthEnv, AUTH_ENV_KEYS };

package/generators/lib/auth/migrate-runner.js

@@ -0,0 +1,111 @@
+'use strict';
+
+/**
+ * Migrate runner auth extension (Fungsi 2). Memuat kedua SDF auth (`rfx_auth_user`
+ * & `rfx_auth_refresh_token`) dari `--schema-path`, memvalidasi cross-model (FK
+ * refresh_token -> user), men-generate DDL, lalu apply ke DB via primitif
+ * `dbschema-kit` langsung (in-process). TIDAK menyentuh `generators/cli/schema/migrate.js`
+ * (keputusan #3 campaign project-auth-command-v1) — primitif dipanggil ulang di sini.
+ *
+ * Test seam: sama seperti migrate.js, executor dimuat lewat loadApplyExecutor()
+ * yang menghormati DBSCHEMA_KIT_TEST_APPLY_STUB.
+ */
+
+const path = require('path');
+
+const { loadSchemaPath } = require('../dbschema-kit/loader');
+const { validateCrossModel } = require('../dbschema-kit/validator/cross-model-validator');
+const { generateDDL } = require('../dbschema-kit/ddl-generator');
+const { loadConfig } = require('../dbschema-kit/connection');
+const { splitStatements } = require('../dbschema-kit/statement-splitter');
+const { applyIfNotExistsModifier } = require('../dbschema-kit/statement-modifier');
+const { resolveConfig } = require('../utils/config-resolver');
+const { AUTH_USER_TABLE, AUTH_REFRESH_TOKEN_TABLE } = require('./prefix');
+
+function loadApplyExecutor() {
+    const stubPath = process.env.DBSCHEMA_KIT_TEST_APPLY_STUB;
+    if (stubPath) {
+        return require(path.resolve(stubPath));
+    }
+    return require('../dbschema-kit/apply-executor');
+}
+
+/**
+ * Muat kedua SDF auth dari `schemaPath` ke satu Map gabungan, agar
+ * validateCrossModel bisa memverifikasi FK lintas model.
+ *
+ * @param {string} schemaPath
+ * @returns {Map<string, object>}
+ */
+function loadAuthModels(schemaPath) {
+    const models = new Map();
+    for (const tableName of [AUTH_USER_TABLE, AUTH_REFRESH_TOKEN_TABLE]) {
+        const filePath = path.join(schemaPath, `${tableName}.js`);
+        const fileModels = loadSchemaPath(filePath);
+        for (const [qualified, ir] of fileModels) {
+            models.set(qualified, ir);
+        }
+    }
+    return models;
+}
+
+/**
+ * @param {{ schemaPath: string, configPath: string }} options
+ * @returns {Promise<{ tables: string[], dialect: string, statementsApplied: number, result: object }>}
+ */
+async function runAuthMigrate({ schemaPath, configPath }) {
+    const resolved = resolveConfig(configPath, process.cwd());
+    if (!resolved) {
+        throw new Error(
+            'Migrate auth gagal: --config=<file> tidak ditemukan. Set default config ' +
+            "('npx restforge config set-default --config=<file>') atau sediakan --config eksplisit."
+        );
+    }
+
+    let config;
+    try {
+        config = loadConfig(resolved.path);
+    } catch (err) {
+        throw new Error(`Migrate auth gagal memuat config DB (${resolved.path}): ${err.message}`);
+    }
+
+    let models;
+    try {
+        models = loadAuthModels(schemaPath);
+    } catch (err) {
+        throw new Error(`Migrate auth gagal memuat SDF auth dari '${schemaPath}': ${err.message}`);
+    }
+
+    const crossModelIssues = validateCrossModel(models);
+    const crossModelErrors = crossModelIssues.filter((issue) => issue.severity === 'error');
+    if (crossModelErrors.length > 0) {
+        const messages = crossModelErrors.map((issue) => issue.message).join('; ');
+        throw new Error(`Migrate auth gagal: validasi cross-model menemukan error: ${messages}`);
+    }
+
+    const ddl = generateDDL(models, { dialect: config.dialect, drop: false });
+    const statements = splitStatements(ddl, config.dialect)
+        .map((statement) => applyIfNotExistsModifier(statement, config.dialect));
+
+    const executor = loadApplyExecutor();
+
+    let result;
+    try {
+        result = await executor.applyStatements({ statements, dialect: config.dialect, config });
+    } catch (err) {
+        throw new Error(`Migrate auth gagal menerapkan tabel ke database: ${err.message}`);
+    }
+
+    if (!result || result.status !== 'SUCCESS') {
+        throw new Error(`Migrate auth tidak SUCCESS (status: ${result ? result.status : 'UNKNOWN'}).`);
+    }
+
+    return {
+        tables: [AUTH_USER_TABLE, AUTH_REFRESH_TOKEN_TABLE],
+        dialect: config.dialect,
+        statementsApplied: statements.length,
+        result
+    };
+}
+
+module.exports = { runAuthMigrate, loadAuthModels };

package/generators/lib/auth/prefix.js

@@ -0,0 +1,22 @@
+'use strict';
+
+/**
+ * Konstanta prefix `rfx` (RestForge eXtension) untuk seluruh artefak auth
+ * extension. Satu sumber dipakai ulang oleh Phase 01 (SDF), Phase 02
+ * (tabel hasil migrate), dan Phase 03-04 (component/router/processor).
+ */
+
+const PREFIX = 'rfx';
+
+const AUTH_USER_TABLE = `${PREFIX}_auth_user`;
+const AUTH_REFRESH_TOKEN_TABLE = `${PREFIX}_auth_refresh_token`;
+const AUTH_MIDDLEWARE_NAME = `${PREFIX}_auth-middleware`;
+const AUTH_ROUTER_NAME = `${PREFIX}_auth`;
+
+module.exports = {
+    PREFIX,
+    AUTH_USER_TABLE,
+    AUTH_REFRESH_TOKEN_TABLE,
+    AUTH_MIDDLEWARE_NAME,
+    AUTH_ROUTER_NAME
+};

package/generators/lib/auth/processor-generator.js

@@ -0,0 +1,55 @@
+'use strict';
+
+/**
+ * Generator processor auth (Fungsi 3b). Merender keenam aset template di
+ * `templates/processor/` via template-renderer (Phase 03), lalu menulis ke
+ * lokasi target memakai writeFileWithBackup — perilaku force/skip identik
+ * Fungsi 1/3a: tanpa --force file existing di-skip, dengan --force
+ * di-overwrite + backup.
+ *
+ * `google.js` TIDAK disertakan (keputusan #5 campaign).
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const { renderTemplate } = require('./template-renderer');
+const FileUtils = require('../utils/file-utils');
+const { AUTH_USER_TABLE, AUTH_REFRESH_TOKEN_TABLE, AUTH_MIDDLEWARE_NAME } = require('./prefix');
+
+const TEMPLATES_DIR = path.join(__dirname, 'templates', 'processor');
+
+const PROCESSOR_NAMES = ['register', 'login', 'refresh', 'logout', 'me', 'reset-password'];
+
+const PARAMS = {
+    AUTH_USER_TABLE,
+    AUTH_REFRESH_TOKEN_TABLE,
+    AUTH_MIDDLEWARE_NAME
+};
+
+/**
+ * @param {{ processorDir: string, force?: boolean }} options
+ * @returns {{ written: string[], skipped: string[] }}
+ */
+function generateAuthProcessors({ processorDir, force = false }) {
+    const written = [];
+    const skipped = [];
+
+    for (const name of PROCESSOR_NAMES) {
+        const targetPath = path.join(processorDir, `${name}.js`);
+
+        if (fs.existsSync(targetPath) && !force) {
+            skipped.push(targetPath);
+            continue;
+        }
+
+        const templatePath = path.join(TEMPLATES_DIR, `${name}.js.tmpl`);
+        const content = renderTemplate(templatePath, PARAMS);
+        FileUtils.writeFileWithBackup(targetPath, content, true);
+        written.push(targetPath);
+    }
+
+    return { written, skipped };
+}
+
+module.exports = { generateAuthProcessors };