npm - @thinhnguyencth1204/nextcli - Versions diffs - 0.7.0 → 0.9.0 - Mend

@thinhnguyencth1204/nextcli 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

package/templates/next-base/src/features/users/services.ts ADDED Viewed

@@ -0,0 +1,132 @@
+import type { Role, User } from "@prisma/client";
+import { INTERNAL_EMAIL_DOMAIN, SUPER_ADMIN_USERNAME } from "@/lib/constants";
+import { auth } from "@/lib/auth";
+import prisma from "@/lib/db/prisma";
+import type { CreateUserInput, UpdateUserInput } from "@/features/users/validations";
+export type UserWithRole = User & { role: Role | null };
+function toPublicUser(user: UserWithRole) {
+  return {
+    id: user.id,
+    username: user.username,
+    displayUsername: user.displayUsername,
+    name: user.name,
+    email: user.email,
+    requirePasswordChange: user.requirePasswordChange,
+    role: user.role
+      ? { id: user.role.id, name: user.role.name, level: user.role.level }
+      : null,
+    createdAt: user.createdAt,
+    updatedAt: user.updatedAt,
+  };
+}
+export async function listUsersForActor(actorLevel: number) {
+  const users = await prisma.user.findMany({
+    where: {
+      username: { not: SUPER_ADMIN_USERNAME },
+      role: {
+        level: { lt: actorLevel },
+      },
+    },
+    include: { role: true },
+    orderBy: { createdAt: "desc" },
+  });
+  return users.map(toPublicUser);
+}
+export async function getUserByIdForActor(
+  id: string,
+  actorLevel: number,
+): Promise<ReturnType<typeof toPublicUser> | null> {
+  const user = await prisma.user.findFirst({
+    where: {
+      id,
+      username: { not: SUPER_ADMIN_USERNAME },
+      role: {
+        level: { lt: actorLevel },
+      },
+    },
+    include: { role: true },
+  });
+  return user ? toPublicUser(user) : null;
+}
+export async function createUserRecord(
+  input: CreateUserInput,
+  options?: { requirePasswordChange?: boolean },
+) {
+  const placeholderEmail =
+    input.email ?? `${input.username}@${INTERNAL_EMAIL_DOMAIN}`;
+  await auth.api.signUpEmail({
+    body: {
+      email: placeholderEmail,
+      password: input.password,
+      name: input.name ?? input.username,
+      username: input.username,
+      displayUsername: input.username,
+    },
+  });
+  const created = await prisma.user.findUnique({
+    where: { username: input.username },
+    include: { role: true },
+  });
+  if (!created) {
+    throw new Error("USER_CREATE_FAILED");
+  }
+  const updated = await prisma.user.update({
+    where: { id: created.id },
+    data: {
+      roleId: input.roleId,
+      email: input.email ?? placeholderEmail,
+      requirePasswordChange: options?.requirePasswordChange ?? input.requirePasswordChange ?? false,
+    },
+    include: { role: true },
+  });
+  return toPublicUser(updated);
+}
+export async function updateUserRecord(id: string, input: UpdateUserInput) {
+  const existing = await prisma.user.findUnique({
+    where: { id },
+    include: { role: true },
+  });
+  if (!existing) {
+    return null;
+  }
+  if (input.password) {
+    const { hashPassword } = await import("better-auth/crypto");
+    const hashed = await hashPassword(input.password);
+    await prisma.account.updateMany({
+      where: { userId: id, providerId: "credential" },
+      data: { password: hashed },
+    });
+  }
+  const updated = await prisma.user.update({
+    where: { id },
+    data: {
+      name: input.name,
+      email: input.email,
+      roleId: input.roleId,
+      requirePasswordChange: input.requirePasswordChange,
+    },
+    include: { role: true },
+  });
+  return toPublicUser(updated);
+}
+export async function deleteUserRecord(id: string) {
+  await prisma.user.delete({ where: { id } });
+}

package/templates/next-base/src/features/users/validations.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { z } from "zod";
+export const createUserSchema = z.object({
+  username: z.string().min(3).max(30),
+  password: z.string().min(8),
+  name: z.string().min(1).max(120).optional(),
+  email: z.string().email().optional(),
+  roleId: z.string().min(1),
+  requirePasswordChange: z.boolean().optional(),
+});
+export const updateUserSchema = z.object({
+  name: z.string().min(1).max(120).optional(),
+  email: z.string().email().nullable().optional(),
+  roleId: z.string().min(1).optional(),
+  password: z.string().min(8).optional(),
+  requirePasswordChange: z.boolean().optional(),
+});
+export type CreateUserInput = z.infer<typeof createUserSchema>;
+export type UpdateUserInput = z.infer<typeof updateUserSchema>;

package/templates/next-base/src/hooks/index.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export * from ~~"@/hooks/use-mobile";~~
1	+ /** Re-export hooks from optional modules here when needed. */

package/templates/next-base/src/hooks/table/use-data-table.ts ADDED Viewed

@@ -0,0 +1,33 @@
+"use client";
+import * as React from "react";
+import {
+  getCoreRowModel,
+  getPaginationRowModel,
+  type ColumnDef,
+  useReactTable,
+} from "@tanstack/react-table";
+import type { DataTablePaginationState } from "@/types/data-table";
+export function useDataTable<TData>({
+  data,
+  columns,
+  initialState,
+}: {
+  data: TData[];
+  columns: ColumnDef<TData, unknown>[];
+  initialState?: DataTablePaginationState;
+}) {
+  const [pagination, setPagination] = React.useState<DataTablePaginationState>(
+    initialState ?? { pageIndex: 0, pageSize: 10 },
+  );
+  return useReactTable({
+    data,
+    columns,
+    state: { pagination },
+    onPaginationChange: setPagination,
+    getCoreRowModel: getCoreRowModel(),
+    getPaginationRowModel: getPaginationRowModel(),
+  });
+}

package/templates/next-base/src/hooks/use-mobile.ts ADDED Viewed

@@ -0,0 +1,25 @@
+"use client";
+import * as React from "react";
+const MOBILE_BREAKPOINT = 768;
+export function useIsMobile() {
+  const [isMobile, setIsMobile] = React.useState<boolean | undefined>(
+    undefined,
+  );
+  React.useEffect(() => {
+    const mql = window.matchMedia(`(max-width: ${MOBILE_BREAKPOINT - 1}px)`);
+    const onChange = () => {
+      setIsMobile(window.innerWidth < MOBILE_BREAKPOINT);
+    };
+    mql.addEventListener("change", onChange);
+    setIsMobile(window.innerWidth < MOBILE_BREAKPOINT);
+    return () => mql.removeEventListener("change", onChange);
+  }, []);
+  return !!isMobile;
+}

package/templates/next-base/src/i18n/config.ts ADDED Viewed

@@ -0,0 +1,7 @@
+// nextcli:locales:start
+export const locales = ["vi"] as const;
+// nextcli:locales:end
+export const defaultLocale = "vi";
+export type AppLocale = (typeof locales)[number];

package/templates/next-base/src/i18n/namespaces.ts ADDED Viewed

@@ -0,0 +1,5 @@
+// nextcli:namespaces:start
+export const namespaces = ["common", "auth", "example"] as const;
+// nextcli:namespaces:end
+export type MessageNamespace = (typeof namespaces)[number];

package/templates/next-base/src/i18n/request.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { getRequestConfig } from "next-intl/server";
+import { cookies } from "next/headers";
+import { defaultLocale, locales, type AppLocale } from "@/i18n/config";
+import { namespaces } from "@/i18n/namespaces";
+export default getRequestConfig(async () => {
+  const cookieStore = await cookies();
+  const cookieLocale = cookieStore.get("NEXT_LOCALE")?.value;
+  const locale = (
+    locales.includes(cookieLocale as AppLocale) ? cookieLocale : defaultLocale
+  ) as AppLocale;
+  const namespaceMessages = await Promise.all(
+    namespaces.map(async (namespace) => {
+      const file = (await import(`../../messages/${locale}/${namespace}.json`))
+        .default;
+      return [namespace, file] as const;
+    }),
+  );
+  return {
+    locale,
+    messages: Object.fromEntries(namespaceMessages),
+  };
+});

package/templates/next-base/src/instrumentation.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export async function register() {
+  if (process.env.NEXT_RUNTIME !== "nodejs") {
+    return;
+  }
+  try {
+    const { runBootstrap } = await import("@/lib/auth/bootstrap");
+    await runBootstrap();
+  } catch (error) {
+    const message =
+      error instanceof Error ? error.message : "Unknown instrumentation error";
+    console.warn(`[instrumentation] Bootstrap failed: ${message}`);
+  }
+}

package/templates/next-base/src/lib/api/axios.ts ADDED Viewed

@@ -0,0 +1,145 @@
+import axios from "axios";
+import {
+  clearAccessToken,
+  getAccessToken,
+  setAccessToken,
+} from "@/lib/api/token-store";
+import type { ApiErrorResponse, ApiSuccess } from "@/types";
+const baseURL = process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000";
+type RetryableRequestConfig = {
+  _retry?: boolean;
+};
+export const publicApi = axios.create({
+  baseURL,
+  withCredentials: true,
+  headers: {
+    "Content-Type": "application/json",
+  },
+});
+export const protectedApi = axios.create({
+  baseURL,
+  withCredentials: true,
+  headers: {
+    "Content-Type": "application/json",
+  },
+});
+protectedApi.interceptors.request.use((config) => {
+  const token = getAccessToken();
+  if (token) {
+    config.headers = config.headers ?? {};
+    config.headers.Authorization = `Bearer ${token}`;
+  }
+  return config;
+});
+let isRefreshing = false;
+let waitingQueue: Array<(token: string | null) => void> = [];
+function flushQueue(token: string | null): void {
+  for (const resolve of waitingQueue) {
+    resolve(token);
+  }
+  waitingQueue = [];
+}
+async function refreshAccessToken(): Promise<string | null> {
+  try {
+    const response = await publicApi.post("/api/v1/auth/refresh", null, {
+      withCredentials: true,
+    });
+    const token = (response.data as ApiSuccess<{ accessToken: string }>).data
+      ?.accessToken;
+    if (!token) {
+      clearAccessToken();
+      return null;
+    }
+    setAccessToken(token);
+    return token;
+  } catch {
+    clearAccessToken();
+    return null;
+  }
+}
+protectedApi.interceptors.response.use(
+  (response) => response,
+  async (error) => {
+    const config = error.config as typeof error.config & RetryableRequestConfig;
+    if (!config || config._retry || error.response?.status !== 401) {
+      return Promise.reject(error);
+    }
+    if (isRefreshing) {
+      return new Promise((resolve, reject) => {
+        waitingQueue.push((token) => {
+          if (!token) {
+            reject(error);
+            return;
+          }
+          config.headers = config.headers ?? {};
+          config.headers.Authorization = `Bearer ${token}`;
+          resolve(protectedApi(config));
+        });
+      });
+    }
+    config._retry = true;
+    isRefreshing = true;
+    try {
+      const token = await refreshAccessToken();
+      flushQueue(token);
+      if (!token) {
+        return Promise.reject(error);
+      }
+      config.headers = config.headers ?? {};
+      config.headers.Authorization = `Bearer ${token}`;
+      return protectedApi(config);
+    } finally {
+      isRefreshing = false;
+    }
+  },
+);
+function extractApiErrorMessage(error: unknown): string {
+  if (!axios.isAxiosError(error)) {
+    return "Unexpected error occurred.";
+  }
+  const payload = error.response?.data as ApiErrorResponse | undefined;
+  if (payload && payload.success === false) {
+    return payload.error.message;
+  }
+  return error.message || "Request failed.";
+}
+publicApi.interceptors.response.use(
+  (response) => response,
+  async (error) => {
+    if (axios.isAxiosError(error)) {
+      error.message = extractApiErrorMessage(error);
+    }
+    return Promise.reject(error);
+  },
+);
+protectedApi.interceptors.response.use(
+  (response) => response,
+  async (error) => {
+    if (axios.isAxiosError(error)) {
+      error.message = extractApiErrorMessage(error);
+    }
+    return Promise.reject(error);
+  },
+);
+export const api = publicApi;
+export { extractApiErrorMessage };

package/templates/next-base/src/lib/api/response.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { NextResponse } from "next/server";
+import type { ApiErrorResponse, ApiMeta, ApiSuccess, ErrorCode } from "@/types";
+type SuccessInit = {
+  status?: number;
+  requestId?: string;
+  meta?: Omit<ApiMeta, "timestamp" | "requestId">;
+};
+type FailInit = {
+  status?: number;
+  requestId?: string;
+  details?: unknown;
+};
+function createTimestamp(): string {
+  return new Date().toISOString();
+}
+export function ok<T>(data: T, init: SuccessInit = {}) {
+  const payload: ApiSuccess<T> = {
+    success: true,
+    data,
+    meta: {
+      timestamp: createTimestamp(),
+      requestId: init.requestId,
+      ...init.meta,
+    },
+  };
+  return NextResponse.json(payload, { status: init.status ?? 200 });
+}
+export function fail(code: ErrorCode, message: string, init: FailInit = {}) {
+  const payload: ApiErrorResponse = {
+    success: false,
+    error: {
+      code,
+      message,
+      details: init.details,
+    },
+    timestamp: createTimestamp(),
+    requestId: init.requestId,
+  };
+  return NextResponse.json(payload, { status: init.status ?? 500 });
+}

package/templates/next-base/src/lib/api/token-store.ts ADDED Viewed

@@ -0,0 +1,13 @@
+let accessToken: string | null = null;
+export function getAccessToken(): string | null {
+  return accessToken;
+}
+export function setAccessToken(token: string | null): void {
+  accessToken = token;
+}
+export function clearAccessToken(): void {
+  accessToken = null;
+}

package/templates/next-base/src/lib/auth/bootstrap.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import type { PrismaClient } from "@prisma/client";
+import {
+  ADMIN_ROLE_LEVEL,
+  ADMIN_ROLE_NAME,
+  DEFAULT_ADMIN_PASSWORD,
+  INTERNAL_EMAIL_DOMAIN,
+  SUPER_ADMIN_USERNAME,
+} from "@/lib/constants";
+import { auth } from "@/lib/auth";
+import prisma from "@/lib/db/prisma";
+function hasRoleModel(client: PrismaClient): boolean {
+  const delegate = (
+    client as PrismaClient & { role?: { findUnique?: unknown } }
+  ).role;
+  return typeof delegate?.findUnique === "function";
+}
+function logBootstrapSkip(message: string): void {
+  console.warn(`[bootstrap] ${message}`);
+}
+export async function runBootstrap(): Promise<void> {
+  if (!hasRoleModel(prisma)) {
+    logBootstrapSkip(
+      "Prisma client is missing the Role model. Run: bun run db:generate && bun run db:migrate",
+    );
+    return;
+  }
+  try {
+    let adminRole = await prisma.role.findUnique({
+      where: { name: ADMIN_ROLE_NAME },
+    });
+    if (!adminRole) {
+      adminRole = await prisma.role.create({
+        data: {
+          name: ADMIN_ROLE_NAME,
+          level: ADMIN_ROLE_LEVEL,
+        },
+      });
+    }
+    const existingAdmin = await prisma.user.findUnique({
+      where: { username: SUPER_ADMIN_USERNAME },
+    });
+    if (existingAdmin) {
+      if (!existingAdmin.roleId) {
+        await prisma.user.update({
+          where: { id: existingAdmin.id },
+          data: { roleId: adminRole.id },
+        });
+      }
+      return;
+    }
+    try {
+      await auth.api.signUpEmail({
+        body: {
+          email: `${SUPER_ADMIN_USERNAME}@${INTERNAL_EMAIL_DOMAIN}`,
+          password: DEFAULT_ADMIN_PASSWORD,
+          name: "Administrator",
+          username: SUPER_ADMIN_USERNAME,
+          displayUsername: SUPER_ADMIN_USERNAME,
+        },
+      });
+    } catch {
+      // User may already exist from a partial bootstrap run.
+    }
+    const adminUser = await prisma.user.findUnique({
+      where: { username: SUPER_ADMIN_USERNAME },
+    });
+    if (!adminUser) {
+      return;
+    }
+    await prisma.user.update({
+      where: { id: adminUser.id },
+      data: {
+        roleId: adminRole.id,
+        requirePasswordChange: true,
+      },
+    });
+  } catch (error) {
+    const message =
+      error instanceof Error ? error.message : "Unknown bootstrap error";
+    logBootstrapSkip(
+      `Skipped admin seed (${message}). Ensure Postgres is running and run: bun run db:migrate`,
+    );
+  }
+}

package/templates/next-base/src/lib/auth/client.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { createAuthClient } from "better-auth/react";
+import { jwtClient, usernameClient } from "better-auth/client/plugins";
+export const authClient = createAuthClient({
+  baseURL: process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000",
+  plugins: [jwtClient(), usernameClient()],
+});

package/templates/next-base/src/lib/auth/cookies.ts ADDED Viewed

@@ -0,0 +1,15 @@
+const refreshCookieName = "nextcli_refresh_token";
+export function refreshCookieOptions() {
+  return {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "lax",
+    path: "/",
+    maxAge: 60 * 60 * 24 * 30,
+  } as const;
+}
+export function getRefreshCookieName(): string {
+  return refreshCookieName;
+}

package/templates/next-base/src/lib/auth/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { auth } from "./server";

package/templates/next-base/src/lib/auth/rbac.ts ADDED Viewed

@@ -0,0 +1,59 @@
+import { headers } from "next/headers";
+import type { Role, User } from "@prisma/client";
+import { auth } from "@/lib/auth";
+import prisma from "@/lib/db/prisma";
+import { SUPER_ADMIN_USERNAME } from "@/lib/constants";
+export type SessionUser = User & { role: Role | null };
+export async function getSessionUser(
+  requestHeaders?: Headers,
+): Promise<SessionUser | null> {
+  const session = await auth.api.getSession({
+    headers: requestHeaders ?? (await headers()),
+  });
+  if (!session?.user?.id) {
+    return null;
+  }
+  return prisma.user.findUnique({
+    where: { id: session.user.id },
+    include: { role: true },
+  });
+}
+export function isSuperAdmin(user: Pick<User, "username">): boolean {
+  return user.username === SUPER_ADMIN_USERNAME;
+}
+export function canActOnUser(actor: SessionUser, target: SessionUser): boolean {
+  if (isSuperAdmin(target)) {
+    return false;
+  }
+  if (!actor.role || !target.role) {
+    return false;
+  }
+  return actor.role.level > target.role.level;
+}
+export function canAssignRole(
+  actor: SessionUser,
+  targetRole: Pick<Role, "level">,
+): boolean {
+  if (!actor.role) {
+    return false;
+  }
+  return actor.role.level > targetRole.level;
+}
+export function requireAuthenticated(
+  user: SessionUser | null,
+): asserts user is SessionUser {
+  if (!user) {
+    throw new Error("UNAUTHORIZED");
+  }
+}

package/templates/next-base/src/lib/auth/server.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { betterAuth } from "better-auth/minimal";
+import { prismaAdapter } from "better-auth/adapters/prisma";
+import { jwt, username } from "better-auth/plugins";
+import prisma from "@/lib/db/prisma";
+const socialProviders = {
+  // AUTO_GENERATED_AUTH_PROVIDERS_START
+  // AUTO_GENERATED_AUTH_PROVIDERS_END
+};
+export const auth = betterAuth({
+  database: prismaAdapter(prisma, {
+    provider: "postgresql",
+  }),
+  plugins: [jwt(), username()],
+  emailAndPassword: {
+    enabled: true,
+    minPasswordLength: 8,
+  },
+  socialProviders,
+});

package/templates/next-base/src/lib/constants.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/** Built-in super-admin account username — protected from RBAC mutations. */
+export const SUPER_ADMIN_USERNAME = "admin";
+/** Dev-only bootstrap password (≥8 chars for Better Auth). Change on first login. */
+export const DEFAULT_ADMIN_PASSWORD = "admin1234";
+export const ADMIN_ROLE_NAME = "admin";
+export const ADMIN_ROLE_LEVEL = 100;
+export const INTERNAL_EMAIL_DOMAIN = "internal.local";