@techstream/quark-create-app 1.3.0 → 1.5.0

package/package.json

@@ -1,35 +1,35 @@
 {
-	"name": "@techstream/quark-create-app",
-	"version": "1.3.0",
-	"type": "module",
-	"bin": {
-		"quark-create-app": "src/index.js",
-		"create-quark-app": "src/index.js"
-	},
-	"files": [
-		"src",
-		"templates",
-		"README.md"
-	],
-	"scripts": {
-		"test": "node test-cli.js",
-		"test:e2e": "node test-e2e.js",
-		"test:integration": "node test-integration.js",
-		"test:all": "node test-all.js"
-	},
-	"dependencies": {
-		"chalk": "^5.6.2",
-		"commander": "^12.1.0",
-		"execa": "^9.6.1",
-		"fs-extra": "^11.3.3",
-		"prompts": "^2.4.2"
-	},
-	"publishConfig": {
-		"registry": "https://registry.npmjs.org",
-		"access": "public"
-	},
-	"engines": {
-		"node": ">=22"
-	},
-	"license": "ISC"
-}
+  "name": "@techstream/quark-create-app",
+  "version": "1.5.0",
+  "type": "module",
+  "bin": {
+    "quark-create-app": "src/index.js",
+    "create-quark-app": "src/index.js"
+  },
+  "files": [
+    "src",
+    "templates",
+    "README.md"
+  ],
+  "dependencies": {
+    "chalk": "^5.6.2",
+    "commander": "^12.1.0",
+    "execa": "^9.6.1",
+    "fs-extra": "^11.3.3",
+    "prompts": "^2.4.2"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=22"
+  },
+  "license": "ISC",
+  "scripts": {
+    "test": "node test-cli.js",
+    "test:e2e": "node test-e2e.js",
+    "test:integration": "node test-integration.js",
+    "test:all": "node test-all.js"
+  }
+}

package/src/index.js

@@ -110,7 +110,10 @@ async function copyTemplate(templateName, targetDir, variables = {}) {
 			let content = await fs.readFile(packageJsonPath, "utf-8");
 
 			for (const [key, value] of Object.entries(variables)) {
-				const pattern = new RegExp(key.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"), "g");
+				const pattern = new RegExp(
+					key.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"),
+					"g",
+				);
 				content = content.replace(pattern, value);
 			}
 
@@ -175,7 +178,11 @@ function replaceDepsScope(deps, scope, selectedPackages) {
 			const packageName = key.replace("@techstream/quark-", "");
 			delete deps[key];
 			// Only keep the dep if the package was selected (or is always required)
-			if (packageName === "db" || packageName === "config" || selectedPackages.includes(packageName)) {
+			if (
+				packageName === "db" ||
+				packageName === "config" ||
+				selectedPackages.includes(packageName)
+			) {
 				deps[`@${scope}/${packageName}`] = value;
 			}
 		}
@@ -194,7 +201,11 @@ async function replaceImportsInSourceFiles(dir, scope) {
 	for (const entry of entries) {
 		const fullPath = path.join(dir, entry.name);
 
-		if (entry.isDirectory() && entry.name !== "node_modules" && entry.name !== ".next") {
+		if (
+			entry.isDirectory() &&
+			entry.name !== "node_modules" &&
+			entry.name !== ".next"
+		) {
 			await replaceImportsInSourceFiles(fullPath, scope);
 		} else if (entry.isFile() && /\.(js|ts|jsx|tsx|mjs)$/.test(entry.name)) {
 			let content = await fs.readFile(fullPath, "utf-8");
@@ -245,7 +256,9 @@ program
 	.argument("<project-name>", "Name of the project to create")
 	.action(async (projectName) => {
 		console.log(
-			chalk.blue.bold(`\n\uD83D\uDE80 Creating your new Quark project: ${projectName}\n`),
+			chalk.blue.bold(
+				`\n\uD83D\uDE80 Creating your new Quark project: ${projectName}\n`,
+			),
 		);
 
 		const targetDir = validateProjectName(projectName);
@@ -383,16 +396,13 @@ program
 				if (await fs.pathExists(pkgPath)) {
 					const pkg = await fs.readJSON(pkgPath);
 					// Rename package name if it uses @quark/ prefix
-					if (pkg.name && pkg.name.startsWith("@quark/")) {
+					if (pkg.name?.startsWith("@quark/")) {
 						const shortName = pkg.name.replace("@quark/", "");
 						pkg.name = `@${scope}/${shortName}`;
 					}
 					replaceDepsScope(pkg.dependencies, scope, features);
 					replaceDepsScope(pkg.devDependencies, scope, features);
-					await fs.writeFile(
-						pkgPath,
-						`${JSON.stringify(pkg, null, 2)}\n`,
-					);
+					await fs.writeFile(pkgPath, `${JSON.stringify(pkg, null, 2)}\n`);
 				}
 			}
 
@@ -465,6 +475,24 @@ PORT=3000
 
 # --- Worker Configuration ---
 WORKER_CONCURRENCY=5
+
+# --- File Storage Configuration ---
+# Storage provider: "local" (default) or "s3" (S3-compatible, e.g. Cloudflare R2)
+STORAGE_PROVIDER=local
+# Local storage directory (only used when STORAGE_PROVIDER=local)
+# STORAGE_LOCAL_DIR=./uploads
+
+# S3 / Cloudflare R2 Configuration (only used when STORAGE_PROVIDER=s3)
+# S3_BUCKET=your-bucket-name
+# S3_REGION=auto
+# S3_ENDPOINT=https://<account-id>.r2.cloudflarestorage.com
+# S3_ACCESS_KEY_ID=your-access-key
+# S3_SECRET_ACCESS_KEY=your-secret-key
+# S3_PUBLIC_URL=https://your-public-bucket-domain.com
+
+# --- Upload Limits ---
+# UPLOAD_MAX_SIZE=10485760
+# UPLOAD_ALLOWED_TYPES=image/jpeg,image/png,image/gif,image/webp,image/avif,image/svg+xml,application/pdf
 `;
 			await fs.writeFile(
 				path.join(targetDir, ".env.example"),
@@ -481,7 +509,8 @@ WORKER_CONCURRENCY=5
 			const webPort = await findAvailablePort(3000);
 
 			const portChanges = [];
-			if (postgresPort !== 5432) portChanges.push(`PostgreSQL: ${postgresPort}`);
+			if (postgresPort !== 5432)
+				portChanges.push(`PostgreSQL: ${postgresPort}`);
 			if (redisPort !== 6379) portChanges.push(`Redis: ${redisPort}`);
 			if (mailSmtpPort !== 1025) portChanges.push(`Mail SMTP: ${mailSmtpPort}`);
 			if (mailUiPort !== 8025) portChanges.push(`Mail UI: ${mailUiPort}`);
@@ -529,6 +558,9 @@ PORT=${webPort}
 
 # --- Worker Configuration ---
 WORKER_CONCURRENCY=5
+
+# --- File Storage ---
+STORAGE_PROVIDER=local
 `;
 			await fs.writeFile(path.join(targetDir, ".env"), envContent);
 			console.log(
@@ -566,9 +598,7 @@ WORKER_CONCURRENCY=5
 				console.log(chalk.green(`\n    ✓ Dependencies installed`));
 			} catch (installError) {
 				console.warn(
-					chalk.yellow(
-						`\n    ⚠️  pnpm install failed: ${installError.message}`,
-					),
+					chalk.yellow(`\n    ⚠️  pnpm install failed: ${installError.message}`),
 				);
 				console.warn(
 					chalk.yellow(
@@ -592,9 +622,7 @@ WORKER_CONCURRENCY=5
 					),
 				);
 				console.warn(
-					chalk.yellow(
-						`    Run 'pnpm --filter db db:generate' manually.`,
-					),
+					chalk.yellow(`    Run 'pnpm --filter db db:generate' manually.`),
 				);
 			}
 

package/templates/base-project/apps/web/src/app/api/auth/register/route.js

@@ -1,5 +1,10 @@
-import { hashPassword, validateBody } from "@techstream/quark-core";
+import {
+	createQueue,
+	hashPassword,
+	validateBody,
+} from "@techstream/quark-core";
 import { user, userRegisterSchema } from "@techstream/quark-db";
+import { JOB_NAMES, JOB_QUEUES } from "@techstream/quark-jobs";
 import { NextResponse } from "next/server";
 import { handleError } from "../../error-handler";
 
@@ -29,6 +34,17 @@ export async function POST(request) {
 			password: hashedPassword,
 		});
 
+		// Enqueue welcome email (fire-and-forget)
+		try {
+			const emailQueue = createQueue(JOB_QUEUES.EMAIL);
+			await emailQueue.add(JOB_NAMES.SEND_WELCOME_EMAIL, {
+				userId: newUser.id,
+			});
+		} catch (emailError) {
+			// Don't fail registration if email enqueue fails
+			console.error("Failed to enqueue welcome email:", emailError);
+		}
+
 		// Don't return the password
 		const { password: _, ...safeUser } = newUser;
 

package/templates/base-project/apps/web/src/app/api/files/[id]/route.js

@@ -0,0 +1,89 @@
+/**
+ * Single File API
+ * GET    /api/files/[id] - Download / serve a file
+ * DELETE /api/files/[id] - Delete a file (owner or admin only)
+ */
+
+import {
+	createStorage,
+	ForbiddenError,
+	NotFoundError,
+	withCsrfProtection,
+} from "@techstream/quark-core";
+import { file } from "@techstream/quark-db";
+import { NextResponse } from "next/server";
+import { requireAuth } from "@/lib/auth-middleware";
+import { handleError } from "../../error-handler";
+
+/**
+ * GET /api/files/[id]
+ * Serve / download a file by its database ID.
+ * Public endpoint (no auth required) — access control is by knowledge of ID.
+ */
+export async function GET(_request, { params }) {
+	try {
+		const { id } = await params;
+
+		const record = await file.findById(id);
+		if (!record) {
+			throw new NotFoundError("File not found");
+		}
+
+		const storage = createStorage();
+		const { body, contentType } = await storage.get(record.storageKey);
+
+		const headers = new Headers();
+		headers.set("Content-Type", contentType || record.mimeType);
+		headers.set("Content-Length", String(body.length));
+		headers.set("Cache-Control", "public, max-age=31536000, immutable");
+
+		// Inline display for images; attachment download for everything else
+		const isImage = record.mimeType.startsWith("image/");
+		const safeName = record.originalName.replace(/[\\"\r\n]/g, "_");
+		const encodedName = encodeURIComponent(record.originalName);
+		headers.set(
+			"Content-Disposition",
+			isImage
+				? `inline; filename="${safeName}"; filename*=UTF-8''${encodedName}`
+				: `attachment; filename="${safeName}"; filename*=UTF-8''${encodedName}`,
+		);
+
+		return new Response(body, { status: 200, headers });
+	} catch (error) {
+		return handleError(error);
+	}
+}
+
+/**
+ * DELETE /api/files/[id]
+ * Delete a file. Only the uploader or an admin can delete.
+ */
+export const DELETE = withCsrfProtection(async (_request, { params }) => {
+	try {
+		const session = await requireAuth();
+		const { id } = await params;
+
+		const record = await file.findById(id);
+		if (!record) {
+			throw new NotFoundError("File not found");
+		}
+
+		// Authorization: uploader or admin
+		const isOwner = record.uploadedById === session.user.id;
+		const isAdmin = session.user.role === "admin";
+		if (!isOwner && !isAdmin) {
+			throw new ForbiddenError("You can only delete your own files");
+		}
+
+		// Remove from storage
+		const storage = createStorage();
+		await storage.delete(record.storageKey);
+
+		// Remove database record
+		await file.delete(record.id);
+
+		return NextResponse.json({ message: "File deleted" });
+	} catch (error) {
+		return handleError(error);
+	}
+});

package/templates/base-project/apps/web/src/app/api/files/route.js

@@ -0,0 +1,132 @@
+/**
+ * File Upload API
+ * POST /api/files - Upload a file (multipart/form-data)
+ * GET  /api/files - List current user's files
+ */
+
+import {
+	createStorage,
+	generateStorageKey,
+	parseMultipart,
+	validateFile,
+} from "@techstream/quark-core";
+import { file } from "@techstream/quark-db";
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { requireAuth } from "@/lib/auth-middleware";
+import { handleError } from "../error-handler";
+
+const paginationSchema = z.object({
+	page: z.coerce.number().int().min(1).default(1),
+	limit: z.coerce.number().int().min(1).max(100).default(50),
+});
+
+/**
+ * POST /api/files
+ * Upload one or more files via multipart/form-data.
+ * Requires authentication.
+ */
+export async function POST(request) {
+	try {
+		const session = await requireAuth();
+
+		// Parse multipart body
+		const { files: parsedFiles } = await parseMultipart(request);
+
+		if (parsedFiles.length === 0) {
+			return NextResponse.json(
+				{ message: "No files provided" },
+				{ status: 400 },
+			);
+		}
+
+		const storage = createStorage();
+		const results = [];
+
+		for (const parsed of parsedFiles) {
+			// Validate each file
+			const validation = validateFile({
+				filename: parsed.filename,
+				mimeType: parsed.mimeType,
+				size: parsed.size,
+				buffer: parsed.buffer,
+			});
+
+			if (!validation.valid) {
+				return NextResponse.json(
+					{ message: validation.error, filename: parsed.filename },
+					{ status: 422 },
+				);
+			}
+
+			// Generate storage key and upload
+			const storageKey = generateStorageKey(parsed.filename);
+
+			await storage.put(storageKey, parsed.buffer, {
+				contentType: parsed.mimeType,
+			});
+
+			// Save metadata to database
+			const record = await file.create({
+				filename: storageKey.split("/").pop(),
+				originalName: parsed.filename,
+				mimeType: parsed.mimeType,
+				size: parsed.size,
+				storageKey,
+				storageProvider: storage.provider,
+				uploadedById: session.user.id,
+			});
+
+			results.push({
+				id: record.id,
+				originalName: record.originalName,
+				mimeType: record.mimeType,
+				size: record.size,
+				url: `/api/files/${record.id}`,
+				createdAt: record.createdAt,
+			});
+		}
+
+		const status = results.length === 1 ? 201 : 200;
+		const body = results.length === 1 ? results[0] : { files: results };
+
+		return NextResponse.json(body, { status });
+	} catch (error) {
+		return handleError(error);
+	}
+}
+
+/**
+ * GET /api/files
+ * List files uploaded by the current user.
+ */
+export async function GET(request) {
+	try {
+		const session = await requireAuth();
+
+		const { searchParams } = new URL(request.url);
+		const { page, limit } = paginationSchema.parse({
+			page: searchParams.get("page") ?? undefined,
+			limit: searchParams.get("limit") ?? undefined,
+		});
+
+		const skip = (page - 1) * limit;
+		const files = await file.findByUploader(session.user.id, {
+			skip,
+			take: limit,
+		});
+
+		const mapped = files.map((f) => ({
+			id: f.id,
+			originalName: f.originalName,
+			mimeType: f.mimeType,
+			size: f.size,
+			url: `/api/files/${f.id}`,
+			createdAt: f.createdAt,
+		}));
+
+		return NextResponse.json(mapped);
+	} catch (error) {
+		return handleError(error);
+	}
+}

package/templates/base-project/apps/web/src/app/api/health/route.js

@@ -29,7 +29,10 @@ export async function GET() {
 			status: result.status === "ok" ? 200 : 503,
 		});
 	} catch (error) {
-		logger.error("Health check failed", { error: error.message, stack: error.stack });
+		logger.error("Health check failed", {
+			error: error.message,
+			stack: error.stack,
+		});
 		return NextResponse.json(
 			{
 				status: "error",

package/templates/base-project/apps/web/src/app/api/posts/[id]/route.js

@@ -1,4 +1,8 @@
-import { UnauthorizedError, validateBody, withCsrfProtection } from "@techstream/quark-core";
+import {
+	UnauthorizedError,
+	validateBody,
+	withCsrfProtection,
+} from "@techstream/quark-core";
 import { post, postUpdateSchema } from "@techstream/quark-db";
 import { NextResponse } from "next/server";
 import { requireAuth } from "@/lib/auth-middleware";

package/templates/base-project/apps/worker/src/handlers/email.js

@@ -0,0 +1,100 @@
+/**
+ * Email Job Handlers
+ * Processes email-related background jobs
+ */
+
+import {
+	createEmailService,
+	passwordResetEmail,
+	welcomeEmail,
+} from "@techstream/quark-core";
+import { prisma } from "@techstream/quark-db";
+import { JOB_NAMES } from "@techstream/quark-jobs";
+
+const emailService = createEmailService();
+
+/**
+ * Job handler for SEND_WELCOME_EMAIL
+ * @param {import("bullmq").Job} bullJob
+ * @param {import("@techstream/quark-core").Logger} logger
+ */
+export async function handleSendWelcomeEmail(bullJob, logger) {
+	const { userId } = bullJob.data;
+
+	if (!userId) {
+		throw new Error("userId is required for SEND_WELCOME_EMAIL job");
+	}
+
+	logger.info(`Sending welcome email for user ${userId}`, {
+		job: JOB_NAMES.SEND_WELCOME_EMAIL,
+		userId,
+	});
+
+	const userRecord = await prisma.user.findUnique({
+		where: { id: userId },
+		select: { email: true, name: true },
+	});
+
+	if (!userRecord?.email) {
+		throw new Error(`User ${userId} not found or has no email`);
+	}
+
+	const template = welcomeEmail({
+		name: userRecord.name,
+		loginUrl: process.env.APP_URL
+			? `${process.env.APP_URL}/api/auth/signin`
+			: undefined,
+	});
+
+	await emailService.sendEmail(
+		userRecord.email,
+		template.subject,
+		template.html,
+		template.text,
+	);
+
+	return { success: true, userId, email: userRecord.email };
+}
+
+/**
+ * Job handler for SEND_RESET_PASSWORD_EMAIL
+ * @param {import("bullmq").Job} bullJob
+ * @param {import("@techstream/quark-core").Logger} logger
+ */
+export async function handleSendResetPasswordEmail(bullJob, logger) {
+	const { userId, resetUrl } = bullJob.data;
+
+	if (!userId || !resetUrl) {
+		throw new Error(
+			"userId and resetUrl are required for SEND_RESET_PASSWORD_EMAIL job",
+		);
+	}
+
+	logger.info(`Sending password reset email for user ${userId}`, {
+		job: JOB_NAMES.SEND_RESET_PASSWORD_EMAIL,
+		userId,
+	});
+
+	const userRecord = await prisma.user.findUnique({
+		where: { id: userId },
+		select: { email: true, name: true },
+	});
+
+	if (!userRecord?.email) {
+		throw new Error(`User ${userId} not found or has no email`);
+	}
+
+	const template = passwordResetEmail({
+		name: userRecord.name,
+		resetUrl,
+	});
+
+	await emailService.sendEmail(
+		userRecord.email,
+		template.subject,
+		template.html,
+		template.text,
+	);
+
+	return { success: true, userId, email: userRecord.email };
+}

package/templates/base-project/apps/worker/src/handlers/files.js

@@ -0,0 +1,59 @@
+/**
+ * File Job Handlers
+ * Processes file-related background jobs (cleanup, etc.)
+ */
+
+import { createStorage } from "@techstream/quark-core";
+import { file } from "@techstream/quark-db";
+import { JOB_NAMES } from "@techstream/quark-jobs";
+
+/**
+ * Job handler for CLEANUP_ORPHANED_FILES
+ * Deletes files with no owner that are older than a retention period.
+ *
+ * @param {import("bullmq").Job} bullJob
+ * @param {import("@techstream/quark-core").Logger} logger
+ */
+export async function handleCleanupOrphanedFiles(bullJob, logger) {
+	const retentionHours = bullJob.data?.retentionHours || 24;
+	const cutoff = new Date(Date.now() - retentionHours * 60 * 60 * 1000);
+
+	logger.info("Starting orphaned file cleanup", {
+		job: JOB_NAMES.CLEANUP_ORPHANED_FILES,
+		retentionHours,
+		cutoff: cutoff.toISOString(),
+	});
+
+	const orphaned = await file.findOlderThan(cutoff);
+
+	if (orphaned.length === 0) {
+		logger.info("No orphaned files to clean up");
+		return { success: true, deleted: 0 };
+	}
+
+	const storage = createStorage();
+	let deleted = 0;
+	const errors = [];
+
+	for (const record of orphaned) {
+		try {
+			await storage.delete(record.storageKey);
+			await file.delete(record.id);
+			deleted++;
+		} catch (err) {
+			errors.push({ id: record.id, error: err.message });
+			logger.warn(`Failed to delete file ${record.id}: ${err.message}`);
+		}
+	}
+
+	logger.info(
+		`Orphaned file cleanup complete: ${deleted}/${orphaned.length} deleted`,
+		{
+			deleted,
+			total: orphaned.length,
+			errors: errors.length,
+		},
+	);
+
+	return { success: true, deleted, total: orphaned.length, errors };
+}

package/templates/base-project/apps/worker/src/handlers/index.js

@@ -0,0 +1,18 @@
+/**
+ * Job Handler Registry
+ * Maps job names to their handler functions.
+ * Each handler receives (bullJob, logger) and returns a result object.
+ */
+
+import { JOB_NAMES } from "@techstream/quark-jobs";
+import {
+	handleSendResetPasswordEmail,
+	handleSendWelcomeEmail,
+} from "./email.js";
+import { handleCleanupOrphanedFiles } from "./files.js";
+
+export const jobHandlers = {
+	[JOB_NAMES.SEND_WELCOME_EMAIL]: handleSendWelcomeEmail,
+	[JOB_NAMES.SEND_RESET_PASSWORD_EMAIL]: handleSendResetPasswordEmail,
+	[JOB_NAMES.CLEANUP_ORPHANED_FILES]: handleCleanupOrphanedFiles,
+};