@thinhnguyencth1204/nextcli 0.8.0 → 0.9.0

package/templates/next-base/SETUP.md

@@ -2,16 +2,18 @@
 
 Quick reference for env vars and branding after `nextcli create`.
 
-## Minimal base project
+## Default stack
 
-The default template ships a lightweight Next.js shell with branding, theme, and UI primitives only. No database, auth, or dashboard code is included until you select modules at create time or run `nextcli add module`.
+The base template ships with database (Prisma + Postgres), Supabase client + Storage, Better Auth + RBAC, API client (Axios + React Query), i18n (next-intl), dashboard shell, and an example CRUD demo. Optional modules (`chat`, `supabase-realtime`, `seo`, `email`) can be added at create time or via `nextcli add module`.
 
 ## First run
 
-1. `bun run dev` (or your package manager equivalent)
-2. Open `http://localhost:3000`
+1. Fill env keys in `.env` (see tables below).
+2. `bun run db:migrate` (or your package manager equivalent)
+3. `bun run dev`
+4. Open `http://localhost:3000` (redirects to `/dashboard`)
 
-When you add the `database` module, run `bun run db:migrate` before relying on Prisma models.
+Bootstrap seeds `admin` / `admin1234` on first dev start.
 
 ## Branding (edit in repo, not env)
 
@@ -29,21 +31,71 @@ Set in `.env` / `.env.development`.
 | --------------------- | ---------------------- | ------------------------------------- |
 | `NEXT_PUBLIC_APP_URL` | Client-visible app URL | Your public site URL (e.g. localhost) |
 
-## Optional module environment
-
-Reference for all optional modules. Matching keys are merged into `.env` when selected at `nextcli create` or via `nextcli add module`.
+## Base module environment
 
 <!-- nextcli:enabled-modules:start -->
 
-**Enabled modules:** none
+**Enabled modules:** `database`, `supabase`, `auth`, `api`, `i18n`, `dashboard`, `example`
 
 <!-- nextcli:enabled-modules:end -->
 
 <!-- nextcli:module-env:start -->
 
+### Module: Database (Prisma + Postgres) (`database`)
+
+| Variable       | Where to get                                                                           |
+| -------------- | -------------------------------------------------------------------------------------- |
+| `DATABASE_URL` | Supabase Dashboard → Connect → ORMs → Prisma → pooled URL (`:6543`, `?pgbouncer=true`) |
+| `DIRECT_URL`   | Supabase Dashboard → Connect → direct/session URL (`:5432`)                            |
+
+Run `bun run db:migrate` after setting `DATABASE_URL`.
+
+### Module: Supabase client + Storage (`supabase`)
+
+| Variable                              | Where to get                                              |
+| ------------------------------------- | --------------------------------------------------------- |
+| `NEXT_PUBLIC_SUPABASE_URL`            | Supabase Dashboard → Project Settings → API → Project URL |
+| `NEXT_PUBLIC_SUPABASE_ANON_KEY`       | Same page → `anon` `public` key                           |
+| `NEXT_PUBLIC_SUPABASE_STORAGE_BUCKET` | Storage bucket name (default scaffold: `public`)          |
+
+Create the bucket and RLS policies in Supabase Dashboard before uploads.
+
+### Module: Auth (Better Auth + RBAC) (`auth`)
+
+| Variable             | Where to get                                   |
+| -------------------- | ---------------------------------------------- |
+| `BETTER_AUTH_SECRET` | Auto-generated on create; rotate in production |
+| `BETTER_AUTH_URL`    | Your app URL (e.g. `http://localhost:3000`)    |
+
+Requires `database` (included in base). Bootstrap seeds `admin` / `admin1234` on first dev start.
+
+### Module: API client (Axios + React Query) (`api`)
+
+No extra env keys. Use `publicApi` / `protectedApi` from `src/lib/api/axios.ts` and `ok` / `fail` from `src/lib/api/response.ts`.
+
+### Module: Internationalization (next-intl) (`i18n`)
+
+| Variable                     | Where to get                         |
+| ---------------------------- | ------------------------------------ |
+| `NEXT_PUBLIC_DEFAULT_LOCALE` | Default locale code (scaffold: `vi`) |
+
+Add more locales with `nextcli add language`.
+
+### Module: Dashboard shell (`dashboard`)
+
+Requires `auth`, `api`, and `i18n` (included in base). Protected routes redirect unauthenticated users to `/sign-in`.
+
+### Module: Example CRUD demo (`example`)
+
+Requires `dashboard` and `database` (included in base). Includes demo `Example` model in `prisma/schema.prisma` — run `db:migrate` after create.
+
 <!-- nextcli:module-env:end -->
 
-## After adding modules
+## Optional module environment
+
+Additional keys are merged when optional modules are selected at `nextcli create` or via `nextcli add module`.
+
+## After adding optional modules
 
 1. Fill new env keys in `.env` and `.env.example`.
 2. Run `bun run db:migrate` when a module adds Prisma models.

package/templates/next-base/messages/vi/auth.json

@@ -0,0 +1,42 @@
+{
+  "signInPage": {
+    "title": "Đăng nhập",
+    "description": "Dùng tên đăng nhập và mật khẩu để truy cập hệ thống."
+  },
+  "signInForm": {
+    "username": "Tên đăng nhập",
+    "password": "Mật khẩu",
+    "usernamePlaceholder": "admin",
+    "passwordPlaceholder": "********",
+    "submit": "Đăng nhập",
+    "submitting": "Đang đăng nhập...",
+    "invalidInput": "Vui lòng nhập tên đăng nhập và mật khẩu hợp lệ.",
+    "missingAccessToken": "Không tìm thấy access token.",
+    "success": "Đăng nhập thành công.",
+    "failed": "Đăng nhập thất bại."
+  },
+  "changePasswordPage": {
+    "title": "Đổi mật khẩu",
+    "description": "Bạn cần đổi mật khẩu trước khi tiếp tục sử dụng hệ thống."
+  },
+  "changePasswordForm": {
+    "currentPassword": "Mật khẩu hiện tại",
+    "newPassword": "Mật khẩu mới",
+    "submit": "Cập nhật mật khẩu",
+    "submitting": "Đang cập nhật...",
+    "invalidInput": "Vui lòng nhập mật khẩu hợp lệ (tối thiểu 8 ký tự).",
+    "success": "Đổi mật khẩu thành công.",
+    "failed": "Không thể đổi mật khẩu."
+  },
+  "account": {
+    "title": "Tài khoản",
+    "loading": "Đang tải thông tin tài khoản...",
+    "noSession": "Chưa có phiên đăng nhập hoạt động.",
+    "userId": "Mã người dùng",
+    "username": "Tên đăng nhập",
+    "email": "Email",
+    "name": "Tên",
+    "na": "N/A",
+    "goToSignIn": "Đi tới trang đăng nhập"
+  }
+}

package/templates/next-base/messages/vi/common.json

@@ -0,0 +1,34 @@
+{
+  "appName": "__PROJECT_NAME__",
+  "sidebar": {
+    "groupGeneral": "Tổng quan",
+    "dashboard": "Bảng điều khiển",
+    "example": "Ví dụ",
+    "account": "Tài khoản"
+  },
+  "header": {
+    "themeLight": "Sáng",
+    "themeDark": "Tối",
+    "themeSystem": "Theo hệ thống",
+    "toggleTheme": "Chuyển giao diện"
+  },
+  "userMenu": {
+    "title": "Tài khoản",
+    "anonymousName": "Người dùng",
+    "anonymousEmail": "user@example.com",
+    "appearance": "Giao diện",
+    "logout": "Đăng xuất"
+  },
+  "locale": {
+    "label": "Ngôn ngữ",
+    "vi": "Tiếng Việt",
+    "en": "English",
+    "ja": "日本語",
+    "ko": "한국어"
+  },
+  "table": {
+    "noResults": "Không có dữ liệu.",
+    "previous": "Trước",
+    "next": "Sau"
+  }
+}

package/templates/next-base/messages/vi/example.json

@@ -0,0 +1,10 @@
+{
+  "page": {
+    "title": "Ví dụ"
+  },
+  "table": {
+    "name": "Tên",
+    "description": "Mô tả",
+    "loading": "Đang tải dữ liệu ví dụ..."
+  }
+}

package/templates/next-base/next.config.ts

@@ -1,4 +1,5 @@
 import type { NextConfig } from "next";
+import createNextIntlPlugin from "next-intl/plugin";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 
@@ -11,4 +12,6 @@ const nextConfig: NextConfig = {
   },
 };
 
-export default nextConfig;
+const withNextIntl = createNextIntlPlugin("./src/i18n/request.ts");
+
+export default withNextIntl(nextConfig);

package/templates/next-base/nextcli.json

@@ -1,8 +1,16 @@
 {
   "cli": "__NEXTCLI_VERSION__",
   "defaultLocale": "vi",
-  "locales": [],
-  "namespaces": [],
-  "modules": [],
-  "features": []
+  "locales": ["vi"],
+  "namespaces": ["common", "auth", "example"],
+  "modules": [
+    "database",
+    "supabase",
+    "auth",
+    "api",
+    "i18n",
+    "dashboard",
+    "example"
+  ],
+  "features": ["example"]
 }

package/templates/next-base/package.json

@@ -7,9 +7,20 @@
     "dev": "next dev",
     "build": "next build",
     "start": "next start",
-    "lint": "eslint ."
+    "lint": "eslint .",
+    "postinstall": "prisma generate",
+    "db:generate": "prisma generate",
+    "db:migrate": "prisma migrate dev",
+    "db:studio": "prisma studio"
   },
   "dependencies": {
+    "@dnd-kit/core": "^6.3.1",
+    "@lexical/history": "^0.45.0",
+    "@lexical/react": "^0.45.0",
+    "@lexical/rich-text": "^0.45.0",
+    "@lexical/utils": "^0.45.0",
+    "@prisma/adapter-pg": "^7.8.0",
+    "@prisma/client": "^7.8.0",
     "@radix-ui/react-avatar": "^1.1.10",
     "@radix-ui/react-dialog": "^1.1.15",
     "@radix-ui/react-dropdown-menu": "^2.1.16",
@@ -21,16 +32,22 @@
     "@radix-ui/react-slot": "^1.2.3",
     "@radix-ui/react-tabs": "^1.1.13",
     "@radix-ui/react-tooltip": "^1.2.8",
+    "@supabase/supabase-js": "^2.44.2",
+    "@tanstack/react-query": "^5.56.2",
+    "@tanstack/react-query-devtools": "^5.56.2",
+    "@tanstack/react-table": "^8.20.5",
+    "axios": "^1.7.7",
+    "better-auth": "^1.6.11",
     "class-variance-authority": "^0.7.0",
     "clsx": "^2.1.1",
-    "@lexical/history": "^0.45.0",
-    "@lexical/react": "^0.45.0",
-    "@lexical/rich-text": "^0.45.0",
-    "@lexical/utils": "^0.45.0",
+    "date-fns": "^3.6.0",
     "lexical": "^0.45.0",
     "lucide-react": "^0.525.0",
     "next": "^16.1.6",
+    "next-intl": "^4.13.0",
     "next-themes": "^0.4.6",
+    "nuqs": "^2.8.1",
+    "pg": "^8.16.3",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sonner": "^1.7.1",
@@ -43,8 +60,10 @@
     "@types/node": "^22.7.4",
     "@types/react": "^19.0.0",
     "@types/react-dom": "^19.0.0",
+    "dotenv": "^17.4.2",
     "eslint": "^9.11.1",
     "eslint-config-next": "^16.1.6",
+    "prisma": "^7.8.0",
     "tailwindcss": "^4.1.11",
     "typescript": "^5.6.2"
   }

package/templates/next-base/prisma/schema.prisma

@@ -0,0 +1,84 @@
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+}
+
+model Role {
+  id        String   @id @default(cuid())
+  name      String   @unique
+  level     Int
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  users     User[]
+}
+
+model User {
+  id                    String    @id @default(cuid())
+  email                 String?
+  username              String    @unique
+  displayUsername       String?
+  name                  String?
+  image                 String?
+  emailVerified         Boolean   @default(false)
+  requirePasswordChange Boolean   @default(false)
+  roleId                String?
+  role                  Role?     @relation(fields: [roleId], references: [id], onDelete: SetNull)
+  createdAt             DateTime  @default(now())
+  updatedAt             DateTime  @updatedAt
+  sessions              Session[]
+  accounts              Account[]
+}
+model Session {
+  id        String   @id @default(cuid())
+  token     String   @unique
+  expiresAt DateTime
+  ipAddress String?
+  userAgent String?
+  userId    String
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+}
+
+model Account {
+  id                    String    @id @default(cuid())
+  accountId             String
+  providerId            String
+  userId                String
+  user                  User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+  accessToken           String?
+  refreshToken          String?
+  idToken               String?
+  accessTokenExpiresAt  DateTime?
+  refreshTokenExpiresAt DateTime?
+  scope                 String?
+  password              String?
+  createdAt             DateTime  @default(now())
+  updatedAt             DateTime  @updatedAt
+
+  @@unique([providerId, accountId])
+}
+
+model Verification {
+  id         String    @id @default(cuid())
+  identifier String
+  value      String
+  expiresAt  DateTime
+  createdAt  DateTime? @default(now())
+  updatedAt  DateTime? @updatedAt
+}
+// Optional Chatbox models are appended by NexTCLI only when adding the chat feature.
+// Review generated schema changes before running migrations on production databases.
+
+// Starter demo table for template onboarding only.
+// Rename/remove this `Example` model before production migration.
+model Example {
+  id          String   @id @default(cuid())
+  name        String
+  description String?
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+}

package/templates/next-base/prisma.config.ts

@@ -0,0 +1,16 @@
+import "dotenv/config";
+import { defineConfig, env } from "prisma/config";
+
+type Env = {
+  DIRECT_URL: string;
+};
+
+export default defineConfig({
+  schema: "prisma/schema.prisma",
+  migrations: {
+    path: "prisma/migrations",
+  },
+  datasource: {
+    url: env<Env>("DIRECT_URL"),
+  },
+});

package/templates/next-base/src/app/(auth)/.gitkeep

@@ -0,0 +1 @@
+

package/templates/next-base/src/app/(auth)/change-password/layout.tsx

@@ -0,0 +1,21 @@
+import type { ReactNode } from "react";
+import { redirect } from "next/navigation";
+import { getSessionUser } from "@/lib/auth/rbac";
+
+export default async function ChangePasswordLayout({
+  children,
+}: {
+  children: ReactNode;
+}) {
+  const user = await getSessionUser();
+
+  if (!user) {
+    redirect("/sign-in");
+  }
+
+  if (!user.requirePasswordChange) {
+    redirect("/dashboard");
+  }
+
+  return <>{children}</>;
+}

package/templates/next-base/src/app/(auth)/change-password/page.tsx

@@ -0,0 +1,14 @@
+import { useTranslations } from "next-intl";
+import { ChangePasswordForm } from "@/features/auth/components/change-password-form";
+
+export default function ChangePasswordPage() {
+  const t = useTranslations("auth.changePasswordPage");
+
+  return (
+    <main className="space-y-3">
+      <h1 className="text-2xl font-semibold">{t("title")}</h1>
+      <p className="text-sm text-muted-foreground">{t("description")}</p>
+      <ChangePasswordForm />
+    </main>
+  );
+}

package/templates/next-base/src/app/(auth)/layout.tsx

@@ -0,0 +1,9 @@
+import type { ReactNode } from "react";
+
+export default function AuthRouteLayout({ children }: { children: ReactNode }) {
+  return (
+    <div className="flex min-h-screen items-center justify-center p-4">
+      <div className="w-full max-w-md">{children}</div>
+    </div>
+  );
+}

package/templates/next-base/src/app/(auth)/sign-in/layout.tsx

@@ -0,0 +1,17 @@
+import type { ReactNode } from "react";
+import { redirect } from "next/navigation";
+import { getSessionUser } from "@/lib/auth/rbac";
+
+export default async function SignInLayout({ children }: { children: ReactNode }) {
+  const user = await getSessionUser();
+
+  if (user?.requirePasswordChange) {
+    redirect("/change-password");
+  }
+
+  if (user) {
+    redirect("/dashboard");
+  }
+
+  return children;
+}

package/templates/next-base/src/app/(auth)/sign-in/page.tsx

@@ -0,0 +1,14 @@
+import { useTranslations } from "next-intl";
+import { SignInForm } from "@/features/auth/components/sign-in-form";
+
+export default function SignInPage() {
+  const t = useTranslations("auth.signInPage");
+
+  return (
+    <main className="space-y-3">
+      <h1 className="text-2xl font-semibold">{t("title")}</h1>
+      <p className="text-sm text-muted-foreground">{t("description")}</p>
+      <SignInForm />
+    </main>
+  );
+}

package/templates/next-base/src/app/(dashboard)/account/page.tsx

@@ -0,0 +1,18 @@
+import Link from "next/link";
+import { useTranslations } from "next-intl";
+import { AccountPanel } from "@/features/auth/components/account-panel";
+import { Button } from "@/components/ui/button";
+
+export default function AccountPage() {
+  const t = useTranslations("auth.account");
+
+  return (
+    <main className="space-y-4">
+      <h1 className="text-2xl font-semibold">{t("title")}</h1>
+      <AccountPanel />
+      <Button asChild variant="outline">
+        <Link href="/sign-in">{t("goToSignIn")}</Link>
+      </Button>
+    </main>
+  );
+}

package/templates/next-base/src/app/(dashboard)/dashboard/page.tsx

@@ -0,0 +1,17 @@
+import { useTranslations } from "next-intl";
+import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
+
+export default function DashboardPage() {
+  const t = useTranslations("common.sidebar");
+
+  return (
+    <Card>
+      <CardHeader>
+        <CardTitle>{t("dashboard")}</CardTitle>
+      </CardHeader>
+      <CardContent className="text-sm text-muted-foreground">
+        Starter dashboard page. Add your own widgets and metrics here.
+      </CardContent>
+    </Card>
+  );
+}

package/templates/next-base/src/app/(dashboard)/example/page.tsx

@@ -0,0 +1,13 @@
+import { useTranslations } from "next-intl";
+import { ExampleTable } from "@/example/components/example-table";
+
+export default function ExamplePage() {
+  const t = useTranslations("example.page");
+
+  return (
+    <main className="space-y-4">
+      <h1 className="text-2xl font-semibold">{t("title")}</h1>
+      <ExampleTable />
+    </main>
+  );
+}

package/templates/next-base/src/app/(dashboard)/layout.tsx

@@ -0,0 +1,22 @@
+import type { ReactNode } from "react";
+import { redirect } from "next/navigation";
+import { DashboardLayout } from "@/components/layout/private/dashboard-layout";
+import { getSessionUser } from "@/lib/auth/rbac";
+
+export default async function DashboardRouteLayout({
+  children,
+}: {
+  children: ReactNode;
+}) {
+  const user = await getSessionUser();
+
+  if (!user) {
+    redirect("/sign-in");
+  }
+
+  if (user.requirePasswordChange) {
+    redirect("/change-password");
+  }
+
+  return <DashboardLayout>{children}</DashboardLayout>;
+}

package/templates/next-base/src/app/api/auth/[...all]/route.ts

@@ -0,0 +1,4 @@
+import { toNextJsHandler } from "better-auth/next-js";
+import { auth } from "@/lib/auth";
+
+export const { GET, POST } = toNextJsHandler(auth);

package/templates/next-base/src/app/api/v1/auth/change-password/route.ts

@@ -0,0 +1,55 @@
+import { changePasswordSchema } from "@/features/auth/validations";
+import { fail, ok } from "@/lib/api/response";
+import { auth } from "@/lib/auth";
+import { getSessionUser } from "@/lib/auth/rbac";
+import prisma from "@/lib/db/prisma";
+
+const authBaseUrl =
+  process.env.BETTER_AUTH_URL ??
+  process.env.NEXT_PUBLIC_APP_URL ??
+  "http://localhost:3000";
+
+export async function POST(request: Request) {
+  const actor = await getSessionUser(request.headers);
+  if (!actor) {
+    return fail("UNAUTHORIZED", "Unauthorized", { status: 401 });
+  }
+
+  const payload = await request.json().catch(() => null);
+  const parsed = changePasswordSchema.safeParse(payload);
+
+  if (!parsed.success) {
+    return fail("VALIDATION_ERROR", "Invalid password payload.", {
+      status: 400,
+      details: parsed.error.flatten(),
+    });
+  }
+
+  const verifyResponse = await fetch(`${authBaseUrl}/api/auth/sign-in/username`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      username: actor.username,
+      password: parsed.data.currentPassword,
+    }),
+  });
+
+  if (!verifyResponse.ok) {
+    return fail("UNAUTHORIZED", "Current password is incorrect.", { status: 401 });
+  }
+
+  await auth.api.changePassword({
+    body: {
+      currentPassword: parsed.data.currentPassword,
+      newPassword: parsed.data.newPassword,
+    },
+    headers: request.headers,
+  });
+
+  await prisma.user.update({
+    where: { id: actor.id },
+    data: { requirePasswordChange: false },
+  });
+
+  return ok({ updated: true });
+}