@shipindays/shipindays 0.1.2

package/index.js

@@ -0,0 +1,457 @@
+#!/usr/bin/env node
+
+// FILE: index.js
+// ROLE: CLI entry point
+// RUNS: npx create-shipindays@latest <project-name>
+//   
+
+import * as p from "@clack/prompts";
+import chalk from "chalk";
+import fs from "fs-extra";
+import path from "path";
+import { execSync } from "child_process";
+import { fileURLToPath } from "url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+// Shorthand paths — everything is relative to where this file lives
+const TEMPLATES_DIR = path.join(__dirname, "templates");
+const BASE_DIR = path.join(TEMPLATES_DIR, "base");    // always copied first
+const BLOCKS_DIR = path.join(TEMPLATES_DIR, "blocks");  // provider blocks live here
+
+function printBanner() {
+  console.log("\n");
+  console.log(chalk.green("  ⚡ create-shipindays"));
+  console.log(chalk.dim("  Ship your SaaS in days, not months."));
+  console.log(chalk.dim("  https://shipindays.nikhilsai.com\n"));
+}
+
+//   
+// BLOCK REGISTRY
+//
+// Each "feature" (email, auth, payments) has a set of provider options.
+// Each option maps to a folder inside templates/blocks/<feature>/<provider>/
+//
+// HOW TO ADD A NEW PROVIDER (e.g. Postmark for email):
+//   1. Create folder:  templates/blocks/email/postmark/
+//   2. Add index.ts inside it with the same exported functions as other providers
+//   3. Add "postmark" entry to EMAIL_PROVIDERS below
+//   4. Add its env vars to ENV_VARS below
+//   Done. CLI will show it as an option automatically.
+//
+// HOW TO ADD A NEW FEATURE (e.g. payments):
+//   1. Create folders:  templates/blocks/payments/stripe/
+//                       templates/blocks/payments/lemonsqueezy/
+//   2. Add a PAYMENT_PROVIDERS object below (same shape as EMAIL_PROVIDERS)
+//   3. Add a new p.select() prompt in main() for payments
+//   4. Add injectBlock("payments", paymentProvider, targetPath) call
+//   5. Add env vars to ENV_VARS below
+//   Done.
+//   
+
+const EMAIL_PROVIDERS = {
+  // key = folder name inside templates/blocks/email/
+  resend: {
+    label: "Resend",
+    hint: "resend.com — best DX, generous free tier",
+  },
+  nodemailer: {
+    label: "Nodemailer",
+    hint: "SMTP — works with Gmail, Outlook, any mail server",
+  },
+  // ADD MORE HERE ↓
+  // postmark: {
+  //   label: "Postmark",
+  //   hint:  "postmarkapp.com — great deliverability",
+  // },
+};
+
+//   
+// AUTH PROVIDERS
+// Add new auth providers here — same shape as EMAIL_PROVIDERS
+//   
+const AUTH_PROVIDERS = {
+  // key = folder name inside templates/blocks/auth/
+  supabase: {
+    label: "Supabase Auth",
+    hint: "Magic link + OAuth — no extra API route needed",
+  },
+  nextauth: {
+    label: "NextAuth v5",
+    hint: "Credentials + Google + GitHub — self-hostable",
+  },
+  // ADD MORE HERE ↓
+  // clerk: {
+  //   label: "Clerk",
+  //   hint:  "Drop-in auth UI — easiest setup",
+  // },
+};
+
+//   
+// ENV VARS
+//
+// Defines what goes into .env.example based on the user's choices.
+// Each provider key maps to an array of env var lines.
+//
+// TO ADD NEW ENV VARS for a new provider:
+//   Just add a new key matching the provider name.
+//   
+const ENV_VARS = {
+  // Base env vars — always included regardless of choices
+  base: {
+    "# App": [
+      "NEXT_PUBLIC_APP_URL=http://localhost:3000",
+    ],
+  },
+
+  // Email provider env vars — only the chosen one gets added
+  email: {
+    resend: {
+      "# Resend (Email)": [
+        "RESEND_API_KEY=",              // from resend.com → API Keys
+      ],
+    },
+    nodemailer: {
+      "# SMTP (Email via Nodemailer)": [
+        "SMTP_HOST=smtp.gmail.com",     // your SMTP server
+        "SMTP_PORT=587",
+        "SMTP_SECURE=false",
+        "SMTP_USER=",                   // your email address
+        "SMTP_PASS=",                   // your email password or app password
+        "SMTP_FROM=you@yourdomain.com",
+      ],
+    },
+    // postmark: {
+    //   "# Postmark (Email) ": [
+    //     "POSTMARK_API_TOKEN=",
+    //   ],
+    // },
+  },
+
+  // auth provider env vars — only the chosen one gets added
+  auth: {
+    supabase: {
+      "# Supabase Auth": [
+        "NEXT_PUBLIC_SUPABASE_URL=",           // supabase.com → project → settings → API
+        "NEXT_PUBLIC_SUPABASE_ANON_KEY=",      // supabase.com → project → settings → API
+        "SUPABASE_SERVICE_ROLE_KEY=",          // supabase.com → project → settings → API
+      ],
+    },
+    nextauth: {
+      "# ── NextAuth  ": [
+        "AUTH_SECRET=",                        // run: openssl rand -base64 32
+      ],
+      "# ── OAuth — Google  ": [
+        "AUTH_GOOGLE_ID=",                     // console.cloud.google.com
+        "AUTH_GOOGLE_SECRET=",
+      ],
+      "# ── OAuth — GitHub  ": [
+        "AUTH_GITHUB_ID=",                     // github.com → settings → developer settings
+        "AUTH_GITHUB_SECRET=",
+      ],
+    },
+    // clerk: {
+    //   "# ── Clerk  ──": [
+    //     "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=",
+    //     "CLERK_SECRET_KEY=",
+    //   ],
+    // },
+  },
+
+  // FUTURE: payments
+  // payments: {
+  //   stripe: { ... },
+  //   lemonsqueezy: { ... },
+  // },
+};
+
+//   
+// BLOCK INJECTOR
+//
+// This is the core of the whole system.
+// It copies a provider block folder ON TOP of the already-copied base template.
+// Because the paths match (e.g. both have src/lib/email/index.ts),
+// the provider file OVERWRITES the placeholder file from base.
+//
+// Example:
+//   base has:   src/lib/email/index.ts  ← placeholder (throws error if called)
+//   block has:  src/lib/email/index.ts  ← real Resend implementation
+//   Result:     Resend file wins, placeholder is gone
+//
+// This is why your app code never changes — it always imports "@/lib/email",
+// and that file just happens to contain whichever provider the user chose.
+//   
+async function injectBlock(feature, provider, targetPath) {
+  // e.g. templates/blocks/email/resend/
+  const blockSrc = path.join(BLOCKS_DIR, feature, provider);
+
+  if (!await fs.pathExists(blockSrc)) {
+    throw new Error(`Block not found: ${blockSrc}\nMake sure templates/blocks/${feature}/${provider}/ exists.`);
+  }
+
+  // Auth blocks carry multiple files (lib/auth/index.ts, middleware.ts, sometimes api routes)
+  // so we copy the entire src/ folder directly into the target src/ folder.
+  // Email blocks only have one file so they go into src/lib/<feature>/
+  if (feature === "auth") {
+    // Copy everything inside the block's src/ folder into target's src/ folder
+    // This handles: lib/auth/index.ts, middleware.ts, AND api/auth/[...nextauth]/route.ts
+    const blockSrcDir = path.join(blockSrc, "src");
+    if (await fs.pathExists(blockSrcDir)) {
+      await fs.copy(blockSrcDir, path.join(targetPath, "src"), { overwrite: true });
+    }
+  } else {
+    // For email, payments etc — copy directly into src/lib/<feature>/
+    await fs.copy(blockSrc, path.join(targetPath, "src", "lib", feature), {
+      overwrite: true,
+    });
+  }
+}
+
+// ENV FILE BUILDER
+// Combines base env vars + all chosen provider env vars into one .env.example   
+function buildEnvExample(choices) {
+  // choices = { email: "resend" }  (will grow as more features are added)
+
+  let out = [
+    "#  ────────────────",
+    "# shipindays — environment variables",
+    "# 1. cp .env.example .env.local",
+    "# 2. Fill in every blank value before running npm run dev",
+    "#  ────────────────",
+    "",
+  ].join("\n");
+
+  // Always add base vars first
+  for (const [comment, vars] of Object.entries(ENV_VARS.base)) {
+    out += `${comment}\n${vars.join("\n")}\n\n`;
+  }
+
+  // Add vars for each chosen provider
+  for (const [feature, provider] of Object.entries(choices)) {
+    const providerVars = ENV_VARS[feature]?.[provider];
+    if (providerVars) {
+      for (const [comment, vars] of Object.entries(providerVars)) {
+        out += `${comment}\n${vars.join("\n")}\n\n`;
+      }
+    }
+  }
+
+  return out.trimEnd() + "\n";
+}
+
+// PACKAGE.JSON MERGER
+// The base template has its own dependencies.
+// Each provider block has its own package.json with extra dependencies.
+// This merges them together so the final package.json has everything needed.
+
+// Example:
+//   base package.json:   { "dependencies": { "next": "15.0.3" } }
+//   resend package.json: { "dependencies": { "resend": "^4.0.0" } }
+//   merged result:       { "dependencies": { "next": "15.0.3", "resend": "^4.0.0" } }
+//   
+async function mergePackageJson(targetPath, feature, provider) {
+  const blockPkgPath = path.join(BLOCKS_DIR, feature, provider, "package.json");
+
+  // Not every block needs extra deps skip if no package.json
+  if (!await fs.pathExists(blockPkgPath)) return;
+
+  const targetPkgPath = path.join(targetPath, "package.json");
+  const targetPkg = await fs.readJson(targetPkgPath);
+  const blockPkg = await fs.readJson(blockPkgPath);
+
+  // Deep merge dependencies and devDependencies
+  targetPkg.dependencies = { ...targetPkg.dependencies, ...blockPkg.dependencies };
+  targetPkg.devDependencies = { ...targetPkg.devDependencies, ...blockPkg.devDependencies };
+
+  await fs.writeJson(targetPkgPath, targetPkg, { spaces: 2 });
+}
+
+// HELPERS (same as before)
+function isValidName(n) { return /^[a-zA-Z0-9-_]+$/.test(n); }
+function toSlug(s) { return s.trim().toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-_]/g, ""); }
+function detectPM() {
+  const a = process.env.npm_config_user_agent ?? "";
+  return a.includes("pnpm") ? "pnpm" : a.includes("yarn") ? "yarn" : "npm";
+}
+function run(cmd, cwd) { execSync(cmd, { cwd, stdio: "inherit" }); }
+
+function buildGitignore() {
+  return ["node_modules/", ".next/", "out/", ".env", ".env.local", ".env.*.local", ".DS_Store", ".vercel", "drizzle/"].join("\n");
+}
+
+function printNextSteps(projectDir, pm, choices) {
+  const isHere = projectDir === "." || projectDir === "./";
+  const runCmd = pm === "npm" ? "npm run" : pm;
+  let n = 1;
+  const step = (s) => console.log(chalk.dim(`  ${n++}. ${s}`));
+
+  console.log("\n");
+  console.log(chalk.green("  ✓ Your SaaS is scaffolded.\n"));
+  console.log(chalk.dim(`  Stack: auth → ${choices.auth} · email → ${choices.email}`));
+  console.log("");
+  if (!isHere) step(`cd ${projectDir.replace(/^\.\//, "")}`);
+  step("cp .env.example .env.local");
+  step("  → Fill in your keys");
+  step(`${runCmd} db:push`);
+  step(`${runCmd} dev`);
+  console.log("");
+  console.log(chalk.dim("  GitHub  → https://github.com/nikhilsaiankilla/shipindays"));
+  console.log(chalk.dim("  Twitter → https://x.com/itzznikhilsai"));
+  console.log("");
+  console.log(chalk.green("  ⚡ Now go build what only you can build.\n"));
+}
+
+// MAIN
+async function main() {
+  printBanner();
+  p.intro(chalk.bgGreen(chalk.black(" create-shipindays ")));
+
+  // 1. Project directory
+  let projectDir = process.argv[2];
+
+  if (!projectDir) {
+    const answer = await p.text({
+      message: "Where should we create your project?",
+      placeholder: "./my-saas",
+      defaultValue: "./my-saas",
+      validate(val) {
+        const clean = val.replace(/^\.\//, "");
+        if (clean !== "." && !isValidName(clean)) return "Letters, numbers, hyphens, underscores only.";
+      },
+    });
+    if (p.isCancel(answer)) { p.cancel("Cancelled."); process.exit(0); }
+    projectDir = answer;
+  }
+
+  const isCurrentDir = projectDir === "." || projectDir === "./";
+  const targetPath = isCurrentDir ? process.cwd() : path.resolve(process.cwd(), projectDir.replace(/^\.\//, ""));
+  const projectName = isCurrentDir ? path.basename(process.cwd()) : toSlug(path.basename(projectDir.replace(/^\.\//, "")));
+
+  if (!isCurrentDir && await fs.pathExists(targetPath)) {
+    const files = (await fs.readdir(targetPath)).filter(f => f !== ".git");
+    if (files.length > 0) {
+      const ok = await p.confirm({ message: `${projectDir} is not empty. Overwrite?`, initialValue: false });
+      if (p.isCancel(ok) || !ok) { p.cancel("Cancelled."); process.exit(0); }
+    }
+  }
+
+  // 2. Pick auth provider  
+  const authProvider = await p.select({
+    message: "Auth provider",
+    options: Object.entries(AUTH_PROVIDERS).map(([value, { label, hint }]) => ({
+      value, label, hint,
+    })),
+  });
+  if (p.isCancel(authProvider)) { p.cancel("Cancelled."); process.exit(0); }
+
+  // 3. Pick email provider  
+  const emailProvider = await p.select({
+    message: "Email provider",
+    options: Object.entries(EMAIL_PROVIDERS).map(([value, { label, hint }]) => ({
+      value, label, hint,
+    })),
+  });
+  if (p.isCancel(emailProvider)) { p.cancel("Cancelled."); process.exit(0); }
+
+  // All user choices in one object passed to injectBlock + buildEnvExample
+  // Adding payments later = just add: payments: paymentsProvider
+  const choices = {
+    auth: authProvider,
+    email: emailProvider,
+  };
+
+  // 4. Git + install
+  const initGit = await p.confirm({ message: "Initialize a git repository?", initialValue: true });
+  if (p.isCancel(initGit)) { p.cancel("Cancelled."); process.exit(0); }
+
+  const pm = detectPM();
+  const install = await p.confirm({ message: `Install dependencies with ${pm}?`, initialValue: true });
+  if (p.isCancel(install)) { p.cancel("Cancelled."); process.exit(0); }
+
+  const spin = p.spinner();
+
+  // 4. Copy BASE template  
+  // Base = Next.js + Tailwind + shadcn — always the same, no matter what
+  spin.start("Copying base template...");
+  if (!await fs.pathExists(BASE_DIR)) {
+    spin.stop(chalk.red(`Base template not found at: ${BASE_DIR}`));
+    process.exit(1);
+  }
+  await fs.copy(BASE_DIR, targetPath, {
+    overwrite: true,
+    filter: (src) => !src.includes("node_modules") && !src.includes(".next"),
+  });
+  spin.stop("Base template copied.");
+
+  // 5. Inject provider blocks
+  // For each choice, copy the provider block on top of the base.
+  // The block's files overwrite the base placeholders at the same paths.
+
+  // Inject auth block
+  spin.start(`Injecting auth: ${choices.auth}...`);
+  await injectBlock("auth", choices.auth, targetPath);
+  await mergePackageJson(targetPath, "auth", choices.auth);
+  spin.stop(`Auth: ${choices.auth} injected.`);
+
+  // Inject email block
+  spin.start(`Injecting email: ${choices.email}...`);
+  await injectBlock("email", choices.email, targetPath);
+  await mergePackageJson(targetPath, "email", choices.email);
+  spin.stop(`Email: ${choices.email} injected.`);
+
+  // FUTURE: add more inject calls here as you add features
+  // spin.start(`Injecting payments: ${choices.payments}...`);
+  // await injectBlock("payments", choices.payments, targetPath);
+  // await mergePackageJson(targetPath, "payments", choices.payments);
+  // spin.stop(`Payments: ${choices.payments} injected.`);
+
+  // 6. Write .env.example  
+  spin.start("Writing .env.example...");
+  await fs.outputFile(path.join(targetPath, ".env.example"), buildEnvExample(choices));
+  spin.stop(".env.example written.");
+
+  // 7. Write .gitignore
+  await fs.outputFile(path.join(targetPath, ".gitignore"), buildGitignore());
+
+  // 8. Update package.json name
+  spin.start("Configuring package.json...");
+  const pkgPath = path.join(targetPath, "package.json");
+  if (await fs.pathExists(pkgPath)) {
+    const pkg = await fs.readJson(pkgPath);
+    pkg.name = projectName;
+    await fs.writeJson(pkgPath, pkg, { spaces: 2 });
+  }
+  spin.stop("package.json configured.");
+
+  // 9. Git init
+  if (initGit) {
+    spin.start("Initialising git...");
+    try {
+      run("git init", targetPath);
+      run("git add -A", targetPath);
+      run(`git commit -m "chore: scaffold from create-shipindays"`, targetPath);
+      spin.stop("Git initialised.");
+    } catch {
+      spin.stop(chalk.yellow("Git skipped."));
+    }
+  }
+
+  // 10. Install
+  if (install) {
+    spin.start(`Installing with ${pm}...`);
+    try {
+      run(pm === "yarn" ? "yarn" : pm === "pnpm" ? "pnpm install" : "npm install", targetPath);
+      spin.stop("Dependencies installed.");
+    } catch {
+      spin.stop(chalk.yellow(`Run '${pm} install' manually.`));
+    }
+  }
+
+  p.outro(chalk.green("Done!"));
+  printNextSteps(projectDir, pm, choices);
+}
+
+main().catch((err) => {
+  console.error(chalk.red("\n  Fatal: " + err.message));
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "@shipindays/shipindays",
+  "version": "0.1.2",
+  "description": "Scaffold a production ready Next.js SaaS in seconds. Pick your stack, get auth + payments + email wired up.",
+  "type": "module",
+  "bin": {
+    "create-shipindays": "./index.js"
+  },
+  "files": [
+    "index.js",
+    "templates"
+  ],
+  "keywords": [
+    "nextjs",
+    "saas",
+    "starter",
+    "boilerplate",
+    "supabase",
+    "drizzle",
+    "stripe",
+    "resend"
+  ],
+  "author": "Nikhil Sai <nikhilsaiankilla@gmail.com>",
+  "license": "MIT",
+  "homepage": "https://shipindays.nikhilsai.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/nikhilsaiankilla/shipindays"
+  },
+  "lint-staged": {
+    "*.js": [
+      "eslint --fix",
+      "prettier --write"
+    ],
+    "*.ts": [
+      "eslint --fix",
+      "prettier --write"
+    ],
+    "*.tsx": [
+      "eslint --fix",
+      "prettier --write"
+    ],
+    "*.json": [
+      "prettier --write"
+    ]
+  },
+  "dependencies": {
+    "@clack/prompts": "^0.9.1",
+    "chalk": "^5.3.0",
+    "fs-extra": "^11.2.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@commitlint/cli": "^20.5.0",
+    "@commitlint/config-conventional": "^20.5.0",
+    "husky": "^9.1.7",
+    "lint-staged": "^16.4.0"
+  },
+  "scripts": {
+    "prepare": "husky || true"
+  }
+}

package/templates/blocks/auth/nextauth/app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,19 @@
+// FILE: src/app/api/auth/[...nextauth]/route.ts
+// ROUTE: /api/auth/* (GET + POST)
+// ROLE: NextAuth v5 route handler
+//
+// INJECTED BY CLI — only exists when user picks NextAuth.
+// Supabase block does NOT have this file so it never gets created.
+//
+// Handles all NextAuth endpoints automatically:
+//   GET  /api/auth/session
+//   GET  /api/auth/csrf
+//   GET  /api/auth/providers
+//   POST /api/auth/signin
+//   POST /api/auth/signout
+//   GET  /api/auth/callback/:provider  ← OAuth redirect comes back here
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { handlers } from "@/lib/auth";
+
+export const { GET, POST } = handlers;

package/templates/blocks/auth/nextauth/lib/auth/index.ts

@@ -0,0 +1,98 @@
+// FILE: src/lib/auth/index.ts
+// ROUTE: not a route — imported by middleware, dashboard, API routes
+// ROLE: NextAuth v5 implementation
+//
+// INJECTED BY CLI when user picks "NextAuth v5"
+// Replaces base placeholder at src/lib/auth/index.ts
+//
+// NextAuth DOES need an API route: src/app/api/auth/[...nextauth]/route.ts
+// That file is also included in this block and gets copied automatically.
+// ─────────────────────────────────────────────────────────────────────────────
+
+import NextAuth from "next-auth";
+import GitHub from "next-auth/providers/github";
+import Google from "next-auth/providers/google";
+import Credentials from "next-auth/providers/credentials";
+import { redirect } from "next/navigation";
+
+// ─── NextAuth config ──────────────────────────────────────────────────────────
+// handlers → used by /api/auth/[...nextauth]/route.ts
+// auth     → used by middleware + server components to read the session
+// signIn   → used by login page
+// signOut  → used by logout button
+export const { handlers, auth, signIn: nextAuthSignIn, signOut: nextAuthSignOut } = NextAuth({
+  providers: [
+    Google({
+      clientId:     process.env.AUTH_GOOGLE_ID!,
+      clientSecret: process.env.AUTH_GOOGLE_SECRET!,
+    }),
+    GitHub({
+      clientId:     process.env.AUTH_GITHUB_ID!,
+      clientSecret: process.env.AUTH_GITHUB_SECRET!,
+    }),
+    Credentials({
+      name: "credentials",
+      credentials: {
+        email:    { label: "Email",    type: "email" },
+        password: { label: "Password", type: "password" },
+      },
+      async authorize(credentials) {
+        // TODO: validate credentials against your database
+        // Example with your User model:
+        //   const user = await User.findOne({ email: credentials.email })
+        //   const valid = await bcrypt.compare(credentials.password, user.password)
+        //   if (!valid) return null
+        //   return { id: user._id, email: user.email, name: user.name }
+        return null;
+      },
+    }),
+  ],
+
+  callbacks: {
+    // Attach user id to the JWT token so we can read it in session
+    async jwt({ token, user }) {
+      if (user) token.id = user.id;
+      return token;
+    },
+    // Attach user id from token to the session object
+    async session({ session, token }) {
+      if (token && session.user) session.user.id = token.id as string;
+      return session;
+    },
+  },
+
+  pages: {
+    signIn: "/login",   // redirect here when auth is required
+    error:  "/login",   // redirect here on auth errors
+  },
+
+  session: { strategy: "jwt" },
+  secret: process.env.AUTH_SECRET,
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// THE CONTRACT — same 3 functions as Supabase block
+// Rest of app calls these, never touches NextAuth directly
+// ─────────────────────────────────────────────────────────────────────────────
+
+// ─── getCurrentUser ───────────────────────────────────────────────────────────
+// Returns the logged-in user or null.
+export async function getCurrentUser() {
+  const session = await auth();
+  if (!session?.user) return null;
+  return session.user;
+}
+
+// ─── requireUser ─────────────────────────────────────────────────────────────
+// Returns the logged-in user OR redirects to /login.
+export async function requireUser() {
+  const user = await getCurrentUser();
+  if (!user) redirect("/login");
+  return user;
+}
+
+// ─── signOut ──────────────────────────────────────────────────────────────────
+// Signs the user out and redirects to home.
+export async function signOut() {
+  await nextAuthSignOut({ redirectTo: "/" });
+}

package/templates/blocks/auth/nextauth/middleware.ts

@@ -0,0 +1,30 @@
+// FILE: src/middleware.ts
+// ROUTE: runs on every request before the page renders
+// ROLE: NextAuth v5 middleware
+//
+// INJECTED BY CLI when user picks "NextAuth v5"
+// Replaces base placeholder at src/middleware.ts
+//
+// Reads the NextAuth JWT and redirects unauthenticated users
+// away from /dashboard to /login.
+// ─────────────────────────────────────────────────────────────────────────────
+
+import { auth } from "@/lib/auth";
+import { NextResponse } from "next/server";
+
+export default auth((req) => {
+  const isLoggedIn  = !!req.auth?.user;
+  const isProtected = req.nextUrl.pathname.startsWith("/dashboard");
+
+  if (isProtected && !isLoggedIn) {
+    const loginUrl = new URL("/login", req.url);
+    loginUrl.searchParams.set("callbackUrl", req.nextUrl.pathname);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  return NextResponse.next();
+});
+
+export const config = {
+  matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
+};

package/templates/blocks/auth/nextauth/package.json

@@ -0,0 +1,9 @@
+{
+    "dependencies": {
+      "next-auth": "^5.0.0-beta.22",
+      "bcryptjs": "^2.4.3"
+    },
+    "devDependencies": {
+      "@types/bcryptjs": "^2.4.6"
+    }
+  }

package/templates/blocks/auth/supabase/package.json

@@ -0,0 +1,6 @@
+{
+    "dependencies": {
+      "@supabase/ssr": "^0.5.1",
+      "@supabase/supabase-js": "^2.45.4"
+    }
+  }