npm - @techstream/quark-create-app - Versions diffs - 1.5.2 → 1.6.0 - Mend

@techstream/quark-create-app 1.5.2 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/templates/base-project/apps/web/next.config.js CHANGED Viewed

@@ -1,6 +1,91 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
-	// No TypeScript configuration needed for JS-only projects
+	// Support workspace package resolution (including @techstream/quark-db which uses
+	// the Prisma driver-adapter pattern — pure JS, no native engine binary)
+	transpilePackages: [
+		"@techstream/quark-core",
+		"@techstream/quark-db",
+		"@techstream/quark-ui",
+		"@techstream/quark-jobs",
+	],
+	// Security headers
+	// NOTE: These are also applied by proxy.js for proxy-matched routes.
+	// Keeping them here as a fallback for routes the proxy doesn't match.
+	async headers() {
+		return [
+			{
+				source: "/:path*",
+				headers: [
+					{
+						key: "X-DNS-Prefetch-Control",
+						value: "on",
+					},
+					{
+						key: "X-Frame-Options",
+						value: "SAMEORIGIN",
+					},
+					{
+						key: "X-Content-Type-Options",
+						value: "nosniff",
+					},
+					{
+						key: "Referrer-Policy",
+						value: "strict-origin-when-cross-origin",
+					},
+					{
+						key: "Permissions-Policy",
+						value: "camera=(), microphone=(), geolocation=()",
+					},
+					{
+						key: "Content-Security-Policy",
+						value:
+							"default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self';",
+					},
+				],
+			},
+		];
+	},
+	// Environment variables validation
+	env: {
+		APP_URL: process.env.APP_URL,
+		NEXTAUTH_URL: process.env.NEXTAUTH_URL || process.env.APP_URL,
+		NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
+	},
+	// Request body size limits (security)
+	experimental: {
+		// Limit request body size to prevent DoS attacks
+		// Default is 4MB, we're being explicit here
+		// Adjust based on your needs (e.g., larger for file uploads)
+		serverActions: {
+			bodySizeLimit: "2mb", // For Server Actions
+		},
+	},
+	// API route configuration
+	async rewrites() {
+		return [];
+	},
+	// Compiler options for production optimization
+	compiler: {
+		removeConsole:
+			process.env.NODE_ENV === "production"
+				? { exclude: ["error", "warn"] }
+				: false,
+	},
+	// Image optimization configuration
+	images: {
+		domains: [],
+		formats: ["image/avif", "image/webp"],
+	},
+	// Production-only settings
+	poweredByHeader: false,
+	compress: true,
 };
 export default nextConfig;

package/templates/base-project/apps/web/package.json CHANGED Viewed

@@ -25,9 +25,9 @@
 		"zod": "^4.3.6"
 	},
 	"devDependencies": {
-		"@techstream/quark-config": "workspace:*",
-		"@tailwindcss/postcss": "^4",
-		"@types/node": "^20",
-		"tailwindcss": "^4"
+		"@tailwindcss/postcss": "^4.1.18",
+		"@types/node": "^20.19.33",
+		"tailwindcss": "^4.1.18",
+		"@techstream/quark-config": "workspace:*"
 	}
 }

package/templates/base-project/apps/web/src/app/api/auth/register/route.js CHANGED Viewed

@@ -2,13 +2,14 @@ import {
 	createQueue,
 	hashPassword,
 	validateBody,
+	withCsrfProtection,
 } from "@techstream/quark-core";
 import { user, userRegisterSchema } from "@techstream/quark-db";
 import { JOB_NAMES, JOB_QUEUES } from "@techstream/quark-jobs";
 import { NextResponse } from "next/server";
 import { handleError } from "../../error-handler";
-export async function POST(request) {
+export const POST = withCsrfProtection(async (request) => {
 	try {
 		const data = await validateBody(request, userRegisterSchema);
@@ -34,22 +35,21 @@ export async function POST(request) {
 			password: hashedPassword,
 		});
-		// Enqueue welcome email (fire-and-forget)
+		// Don't return the password
+		const { password: _, ...safeUser } = newUser;
+		// Enqueue welcome email (fire-and-forget — don't block the response)
 		try {
 			const emailQueue = createQueue(JOB_QUEUES.EMAIL);
 			await emailQueue.add(JOB_NAMES.SEND_WELCOME_EMAIL, {
 				userId: newUser.id,
 			});
-		} catch (emailError) {
-			// Don't fail registration if email enqueue fails
-			console.error("Failed to enqueue welcome email:", emailError);
+		} catch {
+			// Non-critical — user is created even if email fails to enqueue
 		}
-		// Don't return the password
-		const { password: _, ...safeUser } = newUser;
 		return NextResponse.json(safeUser, { status: 201 });
 	} catch (error) {
 		return handleError(error);
 	}
-}
+});

package/templates/base-project/apps/web/src/app/api/files/route.js CHANGED Viewed

@@ -9,6 +9,7 @@ import {
 	generateStorageKey,
 	parseMultipart,
 	validateFile,
+	withCsrfProtection,
 } from "@techstream/quark-core";
 import { file } from "@techstream/quark-db";
 import { NextResponse } from "next/server";
@@ -26,7 +27,7 @@ const paginationSchema = z.object({
  * Upload one or more files via multipart/form-data.
  * Requires authentication.
  */
-export async function POST(request) {
+export const POST = withCsrfProtection(async (request) => {
 	try {
 		const session = await requireAuth();
@@ -94,7 +95,7 @@ export async function POST(request) {
 	} catch (error) {
 		return handleError(error);
 	}
-}
+});
 /**
  * GET /api/files

package/templates/base-project/apps/web/src/app/layout.js CHANGED Viewed

@@ -1,7 +1,6 @@
-export const metadata = {
-	title: "Quark",
-	description: "A modern monorepo with Next.js, React, and Prisma",
-};
+import { getSiteMetadata } from "../lib/seo/site-metadata.js";
+export const metadata = getSiteMetadata();
 export default function RootLayout({ children }) {
 	return (

package/templates/base-project/apps/web/src/app/manifest.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { config, getAppUrl } from "@techstream/quark-config";
+export default function manifest() {
+	return {
+		name: config.appName,
+		short_name: config.appName,
+		description: config.appDescription,
+		start_url: "/",
+		display: "standalone",
+		id: getAppUrl(),
+	};
+}

package/templates/base-project/apps/web/src/app/robots.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { getAppUrl } from "@techstream/quark-config";
+import { isWebsiteIndexable } from "../lib/seo/indexing.js";
+export default function robots() {
+	const appUrl = getAppUrl();
+	const indexable = isWebsiteIndexable();
+	return {
+		rules: indexable
+			? {
+					userAgent: "*",
+					allow: "/",
+					disallow: ["/api/"],
+				}
+			: {
+					userAgent: "*",
+					disallow: "/",
+				},
+		sitemap: indexable ? `${appUrl}/sitemap.xml` : undefined,
+	};
+}

package/templates/base-project/apps/web/src/app/sitemap.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { getAppUrl } from "@techstream/quark-config";
+import { isWebsiteIndexable } from "../lib/seo/indexing.js";
+const STATIC_ROUTES = [{ path: "/", changeFrequency: "daily", priority: 1 }];
+export default function sitemap() {
+	if (!isWebsiteIndexable()) {
+		return [];
+	}
+	const appUrl = getAppUrl();
+	const lastModified = new Date();
+	return STATIC_ROUTES.map((route) => ({
+		url: `${appUrl}${route.path}`,
+		lastModified,
+		changeFrequency: route.changeFrequency,
+		priority: route.priority,
+	}));
+}

package/templates/base-project/apps/web/src/lib/seo/indexing.js ADDED Viewed

@@ -0,0 +1,23 @@
+export function isWebsiteIndexable(env = process.env) {
+	return (env.NODE_ENV || "").toLowerCase() === "production";
+}
+export function getMetadataRobots(env = process.env) {
+	if (isWebsiteIndexable(env)) {
+		return {
+			index: true,
+			follow: true,
+		};
+	}
+	return {
+		index: false,
+		follow: false,
+		nocache: true,
+		googleBot: {
+			index: false,
+			follow: false,
+			noimageindex: true,
+		},
+	};
+}

package/templates/base-project/apps/web/src/lib/seo/site-metadata.js ADDED Viewed

@@ -0,0 +1,33 @@
+import { config, getAppUrl } from "@techstream/quark-config";
+import { getMetadataRobots } from "./indexing.js";
+const appUrl = getAppUrl();
+const { appName, appDescription } = config;
+export function getSiteMetadata() {
+	return {
+		metadataBase: new URL(appUrl),
+		title: {
+			default: appName,
+			template: `%s | ${appName}`,
+		},
+		description: appDescription,
+		applicationName: appName,
+		alternates: {
+			canonical: "/",
+		},
+		openGraph: {
+			type: "website",
+			url: appUrl,
+			title: appName,
+			description: appDescription,
+			siteName: appName,
+		},
+		twitter: {
+			card: "summary",
+			title: appName,
+			description: appDescription,
+		},
+		robots: getMetadataRobots(),
+	};
+}

package/templates/base-project/apps/web/src/proxy.js CHANGED Viewed

@@ -151,8 +151,7 @@ export function proxy(request) {
 	// Apply rate limiting to API routes only
 	if (pathname.startsWith("/api/")) {
-		const ip =
-			request.ip || request.headers.get("x-forwarded-for") || "unknown";
+		const ip = request.ip || "unknown";
 		const rateLimitResult = checkRateLimit(ip, pathname);
 		if (rateLimitResult.limited) {

package/templates/base-project/apps/worker/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
 	"name": "@techstream/quark-worker",
 	"version": "1.0.0",
-	"type": "module",
 	"private": true,
+	"type": "module",
 	"description": "",
 	"main": "index.js",
 	"scripts": {
@@ -18,11 +18,11 @@
 		"@techstream/quark-core": "^1.0.0",
 		"@techstream/quark-db": "workspace:*",
 		"@techstream/quark-jobs": "workspace:*",
-		"bullmq": "^5.64.1"
+		"bullmq": "^5.67.3"
 	},
 	"devDependencies": {
 		"@techstream/quark-config": "workspace:*",
-		"@types/node": "^24.10.1",
-		"tsx": "^4.20.6"
+		"@types/node": "^24.10.12",
+		"tsx": "^4.21.0"
 	}
 }

package/templates/base-project/apps/worker/src/index.js CHANGED Viewed

@@ -17,6 +17,7 @@ const logger = createLogger("worker");
 // Store workers for graceful shutdown
 const workers = [];
+let isShuttingDown = false;
 /**
  * Generic queue processor — dispatches jobs to registered handlers
@@ -56,6 +57,20 @@ function createQueueWorker(queueName) {
 		);
 	});
+	queueWorker.on("stalled", (jobId) => {
+		logger.warn(`Job ${jobId} in queue "${queueName}" has stalled`, {
+			queueName,
+			jobId,
+		});
+	});
+	queueWorker.on("error", (error) => {
+		logger.error(`Worker error in queue "${queueName}"`, {
+			error: error.message,
+			queueName,
+		});
+	});
 	logger.info(
 		`Queue "${queueName}" worker started (concurrency: ${queueWorker.opts.concurrency})`,
 	);
@@ -99,15 +114,31 @@ async function startWorker() {
 /**
  * Graceful shutdown handler
  */
-async function shutdown() {
-	logger.info("Shutting down worker service");
+async function shutdown(signal = "unknown") {
+	if (isShuttingDown) {
+		logger.warn("Shutdown already in progress", { signal });
+		return;
+	}
+	isShuttingDown = true;
+	logger.info("Shutting down worker service", { signal });
 	try {
 		for (const worker of workers) {
 			await worker.close();
 		}
-		await prisma.$disconnect();
+		try {
+			await prisma.$disconnect();
+		} catch (error) {
+			if (error.message?.includes("environment variable is required")) {
+				logger.warn("Skipping Prisma disconnect due missing database env", {
+					error: error.message,
+				});
+			} else {
+				throw error;
+			}
+		}
 		logger.info("All workers closed");
 		process.exit(0);
@@ -120,14 +151,11 @@ async function shutdown() {
 	}
 }
-process.on("SIGTERM", shutdown);
-process.on("SIGINT", shutdown);
-startWorker();
-// Register shutdown handlers
-process.on("SIGTERM", shutdown);
-process.on("SIGINT", shutdown);
+process.on("SIGTERM", () => {
+	void shutdown("SIGTERM");
+});
+process.on("SIGINT", () => {
+	void shutdown("SIGINT");
+});
-// Start the worker service
 startWorker();