@shipindays/shipindays 0.1.2 → 0.1.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shipindays/shipindays",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Scaffold a production ready Next.js SaaS in seconds. Pick your stack, get auth + payments + email wired up.",
   "type": "module",
   "bin": {
@@ -27,23 +27,6 @@
     "type": "git",
     "url": "https://github.com/nikhilsaiankilla/shipindays"
   },
-  "lint-staged": {
-    "*.js": [
-      "eslint --fix",
-      "prettier --write"
-    ],
-    "*.ts": [
-      "eslint --fix",
-      "prettier --write"
-    ],
-    "*.tsx": [
-      "eslint --fix",
-      "prettier --write"
-    ],
-    "*.json": [
-      "prettier --write"
-    ]
-  },
   "dependencies": {
     "@clack/prompts": "^0.9.1",
     "chalk": "^5.3.0",
@@ -51,14 +34,5 @@
   },
   "engines": {
     "node": ">=18.0.0"
-  },
-  "devDependencies": {
-    "@commitlint/cli": "^20.5.0",
-    "@commitlint/config-conventional": "^20.5.0",
-    "husky": "^9.1.7",
-    "lint-staged": "^16.4.0"
-  },
-  "scripts": {
-    "prepare": "husky || true"
   }
 }

package/templates/blocks/auth/nextauth/package.json

@@ -1,9 +1,9 @@
 {
-    "dependencies": {
-      "next-auth": "^5.0.0-beta.22",
-      "bcryptjs": "^2.4.3"
-    },
-    "devDependencies": {
-      "@types/bcryptjs": "^2.4.6"
-    }
-  }
+  "dependencies": {
+    "next-auth": "^5.0.0-beta.22",
+    "bcryptjs": "^2.4.3"
+  },
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.6"
+  }
+}

package/templates/blocks/auth/nextauth/src/app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,19 @@
+// FILE: src/app/api/auth/[...nextauth]/route.ts
+// ROUTE: /api/auth/* (GET + POST)
+// ROLE: NextAuth v5 route handler
+//
+// INJECTED BY CLI — ONLY the nextauth block has this file.
+// Supabase block does NOT have this file — it never gets created for Supabase users.
+//
+// Handles all NextAuth endpoints automatically:
+//   GET  /api/auth/session       ← reads current session
+//   GET  /api/auth/csrf          ← CSRF token
+//   GET  /api/auth/providers     ← lists configured providers
+//   POST /api/auth/signin        ← sign in
+//   POST /api/auth/signout       ← sign out
+//   GET  /api/auth/callback/:p   ← OAuth redirect lands here
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { handlers } from "@/src/lib/auth";
+
+export const { GET, POST } = handlers;

package/templates/blocks/auth/nextauth/src/app/api/auth/login/route.ts

@@ -0,0 +1,40 @@
+// FILE: src/app/api/auth/login/route.ts
+// ROUTE: POST /api/auth/login
+// ROLE: handles login form submission — called by /login page
+//
+// Uses NextAuth signIn() server-side to authenticate with credentials.
+// OAuth (Google, GitHub) is handled automatically by NextAuth at /api/auth/signin.
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { NextRequest, NextResponse } from "next/server";
+import { nextAuthSignIn } from "@/src/lib/auth";
+import { AuthError } from "next-auth";
+
+export async function POST(req: NextRequest) {
+  const { email, password } = await req.json();
+
+  if (!email || !password) {
+    return NextResponse.json(
+      { error: "Email and password are required." },
+      { status: 400 },
+    );
+  }
+
+  try {
+    await nextAuthSignIn("credentials", {
+      email,
+      password,
+      redirect: false,
+    });
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    if (error instanceof AuthError) {
+      return NextResponse.json(
+        { error: "Invalid email or password." },
+        { status: 401 },
+      );
+    }
+    throw error;
+  }
+}

package/templates/blocks/auth/nextauth/src/app/api/auth/logout/route.ts

@@ -0,0 +1,12 @@
+// FILE: src/app/api/auth/logout/route.ts
+// ROUTE: POST /api/auth/logout
+// ROLE: signs the user out — called by LogoutButton component
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { NextResponse } from "next/server";
+import { nextAuthSignOut } from "@/src/lib/auth";
+
+export async function POST() {
+  await nextAuthSignOut({ redirect: false });
+  return NextResponse.json({ success: true });
+}

package/templates/blocks/auth/nextauth/src/app/api/auth/signup/route.ts

@@ -0,0 +1,61 @@
+// FILE: src/app/api/auth/signup/route.ts
+// ROUTE: POST /api/auth/signup
+// ROLE: creates a new user account — called by /signup page
+//
+// Hashes the password with bcrypt and saves to your database.
+// TODO: replace the DB save section with your actual DB (Mongoose or Drizzle).
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { NextRequest, NextResponse } from "next/server";
+import bcrypt from "bcryptjs";
+import { nextAuthSignIn } from "@/src/lib/auth";
+
+export async function POST(req: NextRequest) {
+  const { name, email, password } = await req.json();
+
+  if (!email || !password) {
+    return NextResponse.json(
+      { error: "Email and password are required." },
+      { status: 400 },
+    );
+  }
+
+  if (password.length < 8) {
+    return NextResponse.json(
+      { error: "Password must be at least 8 characters." },
+      { status: 400 },
+    );
+  }
+
+  // Hash password — never store plain text passwords
+  const hashedPassword = await bcrypt.hash(password, 12);
+
+  // ── TODO: Save user to your database ─────────────────────────────────────
+  // Replace this section with your actual DB call.
+  //
+  // Example with Mongoose:
+  //   import User from "@/lib/db/models/User";
+  //   import { connectDB } from "@/lib/db";
+  //   await connectDB();
+  //   const existing = await User.findOne({ email });
+  //   if (existing) return NextResponse.json({ error: "Email already in use." }, { status: 409 });
+  //   await User.create({ name, email, password: hashedPassword });
+  //
+  // Example with Drizzle:
+  //   import { db } from "@/lib/db";
+  //   import { users } from "@/lib/db/schema";
+  //   import { eq } from "drizzle-orm";
+  //   const [existing] = await db.select().from(users).where(eq(users.email, email));
+  //   if (existing) return NextResponse.json({ error: "Email already in use." }, { status: 409 });
+  //   await db.insert(users).values({ email, name, password: hashedPassword });
+  // ─────────────────────────────────────────────────────────────────────────
+
+  // Auto sign-in after signup
+  await nextAuthSignIn("credentials", {
+    email,
+    password, // use plain password here — authorize() will hash-compare
+    redirect: false,
+  });
+
+  return NextResponse.json({ success: true }, { status: 201 });
+}

package/templates/blocks/auth/nextauth/src/app/layout.tsx

@@ -0,0 +1,35 @@
+// FILE: src/app/layout.tsx
+// ROUTE: wraps every single page in the app
+// ROLE: root layout with SessionProvider for NextAuth
+//
+// INJECTED BY CLI — overwrites base layout.tsx
+// NextAuth requires SessionProvider to make useSession() work in client components.
+// Supabase does NOT need this — base layout.tsx is used as-is for Supabase.
+// ─────────────────────────────────────────────────────────────────────────────
+
+import type { Metadata } from "next";
+import { Inter } from "next/font/google";
+import { SessionProvider } from "next-auth/react";
+import "../globals.css";
+
+const inter = Inter({ subsets: ["latin"] });
+
+export const metadata: Metadata = {
+  title: "My SaaS",
+  description: "Built with shipindays",
+};
+
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return (
+    <html lang="en" suppressHydrationWarning>
+      <body className={inter.className}>
+        {/* SessionProvider makes useSession() available in all client components */}
+        <SessionProvider>{children}</SessionProvider>
+      </body>
+    </html>
+  );
+}

package/templates/blocks/auth/nextauth/src/app/types/next-auth.d.ts

@@ -0,0 +1,18 @@
+// FILE: src/types/next-auth.d.ts
+// ROUTE: not a route — picked up automatically by TypeScript
+// ROLE: augments NextAuth Session type to include user.id
+//       without this, session.user.id gives a TypeScript error
+// ─────────────────────────────────────────────────────────────────────────────
+
+import "next-auth";
+
+declare module "next-auth" {
+  interface Session {
+    user: {
+      id: string;
+      email: string;
+      name?: string | null;
+      image?: string | null;
+    };
+  }
+}

package/templates/blocks/auth/nextauth/src/lib/auth/index.ts

@@ -0,0 +1,141 @@
+// FILE: src/lib/auth/index.ts
+// ROUTE: not a route — imported everywhere auth is needed
+// ROLE: NextAuth v5 implementation of the auth contract
+//
+// INJECTED BY CLI when user picks "NextAuth v5"
+// Overwrites base placeholder at src/lib/auth/index.ts
+//
+// Exports the 3 contract functions every auth block must have:
+//   getCurrentUser() — returns user or null
+//   requireUser()    — returns user or redirects to /login
+//   signOut()        — signs out and redirects to /
+// ─────────────────────────────────────────────────────────────────────────────
+
+import NextAuth from "next-auth";
+import GitHub from "next-auth/providers/github";
+import Google from "next-auth/providers/google";
+import Credentials from "next-auth/providers/credentials";
+import bcrypt from "bcryptjs";
+import { redirect } from "next/navigation";
+
+// ─── NextAuth config ──────────────────────────────────────────────────────────
+// handlers → used by /api/auth/[...nextauth]/route.ts
+// auth     → used by middleware + server components to read session
+// signIn   → used by login API route
+// signOut  → used by logout API route
+export const {
+  handlers,
+  auth,
+  signIn: nextAuthSignIn,
+  signOut: nextAuthSignOut,
+} = NextAuth({
+  providers: [
+    // ── Google OAuth ──────────────────────────────────────────────────────────
+    // Needs: AUTH_GOOGLE_ID and AUTH_GOOGLE_SECRET in .env.local
+    // Setup: console.cloud.google.com → APIs → Credentials → OAuth 2.0
+    Google({
+      clientId: process.env.AUTH_GOOGLE_ID!,
+      clientSecret: process.env.AUTH_GOOGLE_SECRET!,
+    }),
+
+    // ── GitHub OAuth ──────────────────────────────────────────────────────────
+    // Needs: AUTH_GITHUB_ID and AUTH_GITHUB_SECRET in .env.local
+    // Setup: github.com → Settings → Developer settings → OAuth Apps
+    GitHub({
+      clientId: process.env.AUTH_GITHUB_ID!,
+      clientSecret: process.env.AUTH_GITHUB_SECRET!,
+    }),
+
+    // ── Email + Password ──────────────────────────────────────────────────────
+    // Validates credentials against hashed password in DB
+    // TODO: swap the User.findOne() call with your actual DB query
+    Credentials({
+      name: "credentials",
+      credentials: {
+        email: { label: "Email", type: "email" },
+        password: { label: "Password", type: "password" },
+      },
+      async authorize(credentials) {
+        if (!credentials?.email || !credentials?.password) return null;
+
+        // TODO: replace this with your actual DB lookup
+        // Example with Mongoose:
+        //   import User from "@/lib/db/models/User";
+        //   const user = await User.findOne({ email: credentials.email }).select("+password");
+        //   if (!user || !user.password) return null;
+        //   const valid = await bcrypt.compare(credentials.password as string, user.password);
+        //   if (!valid) return null;
+        //   return { id: user._id.toString(), email: user.email, name: user.name };
+
+        // Example with Drizzle:
+        //   import { db } from "@/lib/db";
+        //   import { users } from "@/lib/db/schema";
+        //   import { eq } from "drizzle-orm";
+        //   const [user] = await db.select().from(users).where(eq(users.email, credentials.email as string));
+        //   if (!user || !user.password) return null;
+        //   const valid = await bcrypt.compare(credentials.password as string, user.password);
+        //   if (!valid) return null;
+        //   return { id: user.id, email: user.email, name: user.name };
+
+        return null; // replace this line with the above
+      },
+    }),
+  ],
+
+  callbacks: {
+    // ── JWT callback ──────────────────────────────────────────────────────────
+    // Runs when JWT is created or updated.
+    // Attach extra fields here to make them available in session.
+    async jwt({ token, user }) {
+      if (user) {
+        token.id = user.id;
+        token.name = user.name;
+      }
+      return token;
+    },
+
+    // ── Session callback ──────────────────────────────────────────────────────
+    // Runs whenever session is accessed.
+    // Pulls fields from JWT token into session.user.
+    async session({ session, token }) {
+      if (token && session.user) {
+        session.user.id = token.id as string;
+        session.user.name = token.name as string;
+      }
+      return session;
+    },
+  },
+
+  pages: {
+    signIn: "/login", // redirect here when auth is required
+    error: "/login", // redirect here on auth errors
+  },
+
+  session: { strategy: "jwt" },
+  secret: process.env.AUTH_SECRET,
+});
+
+// ─── getCurrentUser ───────────────────────────────────────────────────────────
+// Returns the logged-in user or null.
+// Use when you want to show different UI for logged-in vs logged-out users.
+export async function getCurrentUser() {
+  const session = await auth();
+  if (!session?.user) return null;
+  return session.user;
+}
+
+// ─── requireUser ─────────────────────────────────────────────────────────────
+// Returns the logged-in user OR redirects to /login.
+// Use on any protected page — user is guaranteed after this call.
+export async function requireUser() {
+  const user = await getCurrentUser();
+  if (!user) redirect("/login");
+  return user;
+}
+
+// ─── signOut ──────────────────────────────────────────────────────────────────
+// Signs the user out and redirects to /.
+// Called from /api/auth/logout route.
+export async function signOut() {
+  await nextAuthSignOut({ redirectTo: "/" });
+}

package/templates/blocks/auth/nextauth/src/middleware.ts

@@ -0,0 +1,40 @@
+// FILE: src/middleware.ts
+// ROUTE: runs on every request before page renders
+// ROLE: NextAuth v5 middleware
+//
+// INJECTED BY CLI when user picks "NextAuth v5"
+// Overwrites base placeholder at src/middleware.ts
+//
+// Does two things:
+//   1. Reads the NextAuth JWT on every request
+//   2. Redirects unauthenticated users away from /dashboard to /login
+//   3. Redirects logged-in users away from /login and /signup to /dashboard
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { auth } from "@/src/lib/auth";
+import { NextResponse } from "next/server";
+
+export default auth((req) => {
+  const isLoggedIn = !!req.auth?.user;
+  const { pathname } = req.nextUrl;
+
+  // Protect /dashboard and all nested routes
+  const isProtected = pathname.startsWith("/dashboard");
+  if (isProtected && !isLoggedIn) {
+    const loginUrl = new URL("/login", req.url);
+    loginUrl.searchParams.set("callbackUrl", pathname);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  // Redirect logged-in users away from /login and /signup
+  const isAuthPage = pathname === "/login" || pathname === "/signup";
+  if (isAuthPage && isLoggedIn) {
+    return NextResponse.redirect(new URL("/dashboard", req.url));
+  }
+
+  return NextResponse.next();
+});
+
+export const config = {
+  matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
+};

package/templates/blocks/auth/supabase/package.json

@@ -1,6 +1,6 @@
 {
-    "dependencies": {
-      "@supabase/ssr": "^0.5.1",
-      "@supabase/supabase-js": "^2.45.4"
-    }
-  }
+  "dependencies": {
+    "@supabase/ssr": "^0.5.1",
+    "@supabase/supabase-js": "^2.45.4"
+  }
+}

package/templates/blocks/auth/supabase/src/app/api/auth/login/route.ts

@@ -0,0 +1,28 @@
+// FILE: src/app/api/auth/login/route.ts
+// ROUTE: POST /api/auth/login
+// ROLE: handles login form submission — called by /login page
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { NextRequest, NextResponse } from "next/server";
+import { createSupabaseServerClient } from "@/src/lib/supabase/server";
+
+export async function POST(req: NextRequest) {
+  const { email, password } = await req.json();
+
+  if (!email || !password) {
+    return NextResponse.json(
+      { error: "Email and password are required." },
+      { status: 400 },
+    );
+  }
+
+  const supabase = await createSupabaseServerClient();
+
+  const { error } = await supabase.auth.signInWithPassword({ email, password });
+
+  if (error) {
+    return NextResponse.json({ error: error.message }, { status: 401 });
+  }
+
+  return NextResponse.json({ success: true });
+}

package/templates/blocks/auth/supabase/src/app/api/auth/logout/route.ts

@@ -0,0 +1,13 @@
+// FILE: src/app/api/auth/logout/route.ts
+// ROUTE: POST /api/auth/logout
+// ROLE: signs the user out — called by LogoutButton component
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { NextResponse } from "next/server";
+import { createSupabaseServerClient } from "@/src/lib/supabase/server";
+
+export async function POST() {
+  const supabase = await createSupabaseServerClient();
+  await supabase.auth.signOut();
+  return NextResponse.json({ success: true });
+}

package/templates/blocks/auth/supabase/src/app/api/auth/signup/route.ts

@@ -0,0 +1,42 @@
+// FILE: src/app/api/auth/signup/route.ts
+// ROUTE: POST /api/auth/signup
+// ROLE: handles signup form submission — called by /signup page
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { NextRequest, NextResponse } from "next/server";
+import { createSupabaseServerClient } from "@/src/lib/supabase/server";
+
+export async function POST(req: NextRequest) {
+  const { name, email, password } = await req.json();
+
+  if (!email || !password) {
+    return NextResponse.json(
+      { error: "Email and password are required." },
+      { status: 400 },
+    );
+  }
+
+  if (password.length < 8) {
+    return NextResponse.json(
+      { error: "Password must be at least 8 characters." },
+      { status: 400 },
+    );
+  }
+
+  const supabase = await createSupabaseServerClient();
+
+  const { error } = await supabase.auth.signUp({
+    email,
+    password,
+    options: {
+      data: { name }, // stored in user_metadata
+      emailRedirectTo: `${process.env.NEXT_PUBLIC_APP_URL}/dashboard`,
+    },
+  });
+
+  if (error) {
+    return NextResponse.json({ error: error.message }, { status: 400 });
+  }
+
+  return NextResponse.json({ success: true }, { status: 201 });
+}

package/templates/blocks/auth/supabase/src/lib/auth/index.ts

@@ -1,75 +1,52 @@
 // FILE: src/lib/auth/index.ts
-// ROUTE: not a route — imported by middleware, dashboard, any protected page
-// ROLE: Supabase Auth implementation
+// ROUTE: not a route — imported everywhere auth is needed
+// ROLE: Supabase Auth implementation of the auth contract
 //
 // INJECTED BY CLI when user picks "Supabase Auth"
-// Replaces base placeholder at src/lib/auth/index.ts
+// Overwrites base placeholder at src/lib/auth/index.ts
 //
-// NO API route needed — Supabase handles sessions via cookies automatically.
+// Exports the 3 contract functions every auth block must have:
+//   getCurrentUser() — returns user or null
+//   requireUser()    — returns user or redirects to /login
+//   signOut()        — signs out and redirects to /
 // ─────────────────────────────────────────────────────────────────────────────
 
-import { createServerClient } from "@supabase/ssr";
-import { cookies } from "next/headers";
+import { createSupabaseServerClient } from "@/src/lib/supabase/server";
 import { redirect } from "next/navigation";
 
-// ─── Supabase server client ───────────────────────────────────────────────────
-// Creates a Supabase client that reads/writes session cookies server-side.
-// Called fresh on every request — cookies() gives us the current request's cookies.
-export async function createClient() {
-    const cookieStore = await cookies();
-
-    return createServerClient(
-        process.env.NEXT_PUBLIC_SUPABASE_URL!,
-        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
-        {
-            cookies: {
-                getAll() { return cookieStore.getAll(); },
-                setAll(toSet) {
-                    try {
-                        toSet.forEach(({ name, value, options }) =>
-                            cookieStore.set(name, value, options)
-                        );
-                    } catch {
-                        // called from Server Component — safe to ignore
-                    }
-                },
-            },
-        }
-    );
-}
-
 // ─── getCurrentUser ───────────────────────────────────────────────────────────
-// Returns the logged-in user or null.
-// Use this when you want to show different UI for logged-in vs logged-out users.
+// Returns the currently logged-in user, or null if not logged in.
 //
-// Usage in a server component:
+// Use this when you want to show different UI for logged-in vs logged-out:
 //   const user = await getCurrentUser();
-//   if (user) { ... }
+//   if (user) { show dashboard link } else { show login link }
 export async function getCurrentUser() {
-    const supabase = await createClient();
-    const { data: { user }, error } = await supabase.auth.getUser();
-    if (error || !user) return null;
-    return user;
+  const supabase = await createSupabaseServerClient();
+  const {
+    data: { user },
+    error,
+  } = await supabase.auth.getUser();
+  if (error || !user) return null;
+  return user;
 }
 
 // ─── requireUser ─────────────────────────────────────────────────────────────
-// Returns the logged-in user OR redirects to /login.
-// Use this on any protected page/route.
+// Returns the logged-in user OR redirects to /login if not authenticated.
 //
-// Usage in a server component:
-//   const user = await requireUser(); // redirects if not logged in
-//   // user is guaranteed to exist here
+// Use this on any protected page:
+//   const user = await requireUser(); // if not logged in, redirects automatically
+//   // user is guaranteed here — safe to use
 export async function requireUser() {
-    const user = await getCurrentUser();
-    if (!user) redirect("/login");
-    return user;
+  const user = await getCurrentUser();
+  if (!user) redirect("/login");
+  return user;
 }
 
 // ─── signOut ──────────────────────────────────────────────────────────────────
-// Signs the user out and redirects to home.
-// Call this from a server action or API route.
+// Signs the user out and redirects to /.
+// Called from /api/auth/logout route.
 export async function signOut() {
-    const supabase = await createClient();
-    await supabase.auth.signOut();
-    redirect("/");
-}
+  const supabase = await createSupabaseServerClient();
+  await supabase.auth.signOut();
+  redirect("/");
+}