appflare 0.2.25 → 0.2.26

package/cli/templates/auth/README.md

@@ -1,156 +1,156 @@
-# Auth Template Generators
-
-This directory contains source generators used by the Appflare CLI to scaffold authentication integration for a Cloudflare Worker backend.
-
-The files here **do not directly implement runtime auth logic** in this folder. Instead, they generate TypeScript source strings that are written into generated backend files (for example under `backend/_generated`).
-
----
-
-## Purpose
-
-The auth template layer provides:
-
-- A generated `createAuth()` factory based on `better-auth` + Cloudflare integrations.
-- Route-level wiring for auth endpoints (`GET`/`POST` on an auth base path).
-- Request sanitization helpers to normalize header forwarding behavior.
-- Small composition utilities so the CLI can include/exclude KV support based on config.
-
----
-
-## File-by-file breakdown
-
-## `config.ts`
-
-### `generateAuthConfigSource(configPathImport: string): string`
-
-Builds the full source code for an auth configuration module.
-
-Generated module characteristics:
-
-- Imports:
-  - `better-auth`
-  - `withCloudflare` from `better-auth-cloudflare`
-  - `drizzleAdapter` from `better-auth/adapters/drizzle`
-  - `drizzle` from `drizzle-orm/d1`
-  - Cloudflare worker types (`D1Database`, `KVNamespace`, `IncomingRequestCfProperties`)
-  - Local `auth.schema`
-  - User config module from `configPathImport`
-- Defines `CloudflareBindings` with:
-  - required `DATABASE: D1Database`
-  - optional `KV?: KVNamespace`
-- Exposes:
-  - `createAuth(env?, cf?)`
-  - `auth = createAuth()`
-
-Behavior details:
-
-- If `env` is provided:
-  - Creates a Drizzle D1 database instance.
-  - Configures `withCloudflare` with D1 and optional KV.
-- If `env` is missing:
-  - Falls back to a placeholder `drizzleAdapter` setup to keep type-level/runtime shape valid in non-worker contexts.
-- Merges Cloudflare options with `config.auth.options` so user config can extend behavior.
-
----
-
-## `route.config.ts`
-
-### `generateKvField(kvBinding?: string): string`
-
-Returns a generated object field snippet for KV binding when configured.
-
-- If `kvBinding` is missing: returns empty string.
-- If present: returns `KV: c.env["<binding>"] as KVNamespace` (prefixed with comma/newline for embedding).
-
-### `generateAuthConfig(databaseBinding: string, kvBinding?: string): string`
-
-Generates the `env` argument payload passed into `createAuth()` in route handlers:
-
-- Always includes `DATABASE: c.env["<databaseBinding>"] as D1Database`.
-- Optionally includes `KV` using `generateKvField()`.
-
-This keeps route generation dynamic for projects that may or may not enable KV.
-
----
-
-## `route.handler.ts`
-
-### `generateAuthHandler(authBasePath: string, databaseBinding: string, kvBinding?: string): string`
-
-Generates the auth route registration snippet:
-
-- Registers `app.on(["GET", "POST"], "<authBasePath>/*", async (c) => { ... })`.
-- Creates an auth instance per request:
-  - injects generated env bindings from `generateAuthConfig(...)`
-  - injects `c.req.raw.cf` as Cloudflare request metadata
-- Returns `auth.handler(getSanitizedRequest(c.req.raw))`.
-
-This is the bridge between framework routing and Better Auth request handling.
-
----
-
-## `route.request-utils.ts`
-
-Contains generated helper functions to sanitize incoming request headers.
-
-### `generateGetHeadersFunction(): string`
-
-Generates `getHeaders(headers: Headers)`:
-
-- Converts headers into a plain object.
-- Detects whether a `cookie` header exists.
-- Keeps `authorization` only when it contains a `Bearer` token.
-- If cookies are present, suppresses `authorization` to avoid conflicting auth sources.
-- Returns a rebuilt header object cast back to `Headers`.
-
-### `generateSanitizedRequestFunction(): string`
-
-Generates `getSanitizedRequest(req: Request)`:
-
-- Creates a cloned `Request` with filtered headers from `getHeaders()`.
-
-### `generateRequestUtilities(): string`
-
-Concatenates both helper function source blocks into one string for route output.
-
----
-
-## `route.ts`
-
-### `generateAuthRoute(authBasePath: string, databaseBinding: string, kvBinding?: string): string`
-
-Top-level composition entry for route generation.
-
-- Combines:
-  - `generateAuthHandler(...)`
-  - `generateRequestUtilities()`
-- Returns one complete source block ready to be written to generated route files.
-
----
-
-## Generation flow in this directory
-
-1. CLI calls `generateAuthRoute(...)` when producing backend route code.
-2. Route snippet includes handler + request sanitizers.
-3. Handler calls `createAuth(...)` with bindings generated by `generateAuthConfig(...)`.
-4. Separately, CLI can emit full auth configuration module using `generateAuthConfigSource(...)`.
-5. Resulting generated backend code is ready for Cloudflare Worker runtime with D1 (and optional KV).
-
----
-
-## Design notes
-
-- **String-template based generation**: keeps template logic small and explicit.
-- **Conditional KV support**: avoids forcing KV binding when not configured.
-- **Request normalization**: helps prevent ambiguous auth precedence between cookies and authorization headers.
-- **Cloudflare-first integration**: targets Worker runtime (`cf`, D1, KV) while preserving local compatibility shape.
-
----
-
-## Expected consumers
-
-These generators are intended to be used by internal CLI code under:
-
-- `packages/appflare/cli/...`
-
-They are implementation details of scaffolding and are not meant as public runtime APIs.
+# Auth Template Generators
+
+This directory contains source generators used by the Appflare CLI to scaffold authentication integration for a Cloudflare Worker backend.
+
+The files here **do not directly implement runtime auth logic** in this folder. Instead, they generate TypeScript source strings that are written into generated backend files (for example under `backend/_generated`).
+
+---
+
+## Purpose
+
+The auth template layer provides:
+
+- A generated `createAuth()` factory based on `better-auth` + Cloudflare integrations.
+- Route-level wiring for auth endpoints (`GET`/`POST` on an auth base path).
+- Request sanitization helpers to normalize header forwarding behavior.
+- Small composition utilities so the CLI can include/exclude KV support based on config.
+
+---
+
+## File-by-file breakdown
+
+## `config.ts`
+
+### `generateAuthConfigSource(configPathImport: string): string`
+
+Builds the full source code for an auth configuration module.
+
+Generated module characteristics:
+
+- Imports:
+  - `better-auth`
+  - `withCloudflare` from `better-auth-cloudflare`
+  - `drizzleAdapter` from `better-auth/adapters/drizzle`
+  - `drizzle` from `drizzle-orm/d1`
+  - Cloudflare worker types (`D1Database`, `KVNamespace`, `IncomingRequestCfProperties`)
+  - Local `auth.schema`
+  - User config module from `configPathImport`
+- Defines `CloudflareBindings` with:
+  - required `DATABASE: D1Database`
+  - optional `KV?: KVNamespace`
+- Exposes:
+  - `createAuth(env?, cf?)`
+  - `auth = createAuth()`
+
+Behavior details:
+
+- If `env` is provided:
+  - Creates a Drizzle D1 database instance.
+  - Configures `withCloudflare` with D1 and optional KV.
+- If `env` is missing:
+  - Falls back to a placeholder `drizzleAdapter` setup to keep type-level/runtime shape valid in non-worker contexts.
+- Merges Cloudflare options with `config.auth.options` so user config can extend behavior.
+
+---
+
+## `route.config.ts`
+
+### `generateKvField(kvBinding?: string): string`
+
+Returns a generated object field snippet for KV binding when configured.
+
+- If `kvBinding` is missing: returns empty string.
+- If present: returns `KV: c.env["<binding>"] as KVNamespace` (prefixed with comma/newline for embedding).
+
+### `generateAuthConfig(databaseBinding: string, kvBinding?: string): string`
+
+Generates the `env` argument payload passed into `createAuth()` in route handlers:
+
+- Always includes `DATABASE: c.env["<databaseBinding>"] as D1Database`.
+- Optionally includes `KV` using `generateKvField()`.
+
+This keeps route generation dynamic for projects that may or may not enable KV.
+
+---
+
+## `route.handler.ts`
+
+### `generateAuthHandler(authBasePath: string, databaseBinding: string, kvBinding?: string): string`
+
+Generates the auth route registration snippet:
+
+- Registers `app.on(["GET", "POST"], "<authBasePath>/*", async (c) => { ... })`.
+- Creates an auth instance per request:
+  - injects generated env bindings from `generateAuthConfig(...)`
+  - injects `c.req.raw.cf` as Cloudflare request metadata
+- Returns `auth.handler(getSanitizedRequest(c.req.raw))`.
+
+This is the bridge between framework routing and Better Auth request handling.
+
+---
+
+## `route.request-utils.ts`
+
+Contains generated helper functions to sanitize incoming request headers.
+
+### `generateGetHeadersFunction(): string`
+
+Generates `getHeaders(headers: Headers)`:
+
+- Converts headers into a plain object.
+- Detects whether a `cookie` header exists.
+- Keeps `authorization` only when it contains a `Bearer` token.
+- If cookies are present, suppresses `authorization` to avoid conflicting auth sources.
+- Returns a rebuilt header object cast back to `Headers`.
+
+### `generateSanitizedRequestFunction(): string`
+
+Generates `getSanitizedRequest(req: Request)`:
+
+- Creates a cloned `Request` with filtered headers from `getHeaders()`.
+
+### `generateRequestUtilities(): string`
+
+Concatenates both helper function source blocks into one string for route output.
+
+---
+
+## `route.ts`
+
+### `generateAuthRoute(authBasePath: string, databaseBinding: string, kvBinding?: string): string`
+
+Top-level composition entry for route generation.
+
+- Combines:
+  - `generateAuthHandler(...)`
+  - `generateRequestUtilities()`
+- Returns one complete source block ready to be written to generated route files.
+
+---
+
+## Generation flow in this directory
+
+1. CLI calls `generateAuthRoute(...)` when producing backend route code.
+2. Route snippet includes handler + request sanitizers.
+3. Handler calls `createAuth(...)` with bindings generated by `generateAuthConfig(...)`.
+4. Separately, CLI can emit full auth configuration module using `generateAuthConfigSource(...)`.
+5. Resulting generated backend code is ready for Cloudflare Worker runtime with D1 (and optional KV).
+
+---
+
+## Design notes
+
+- **String-template based generation**: keeps template logic small and explicit.
+- **Conditional KV support**: avoids forcing KV binding when not configured.
+- **Request normalization**: helps prevent ambiguous auth precedence between cookies and authorization headers.
+- **Cloudflare-first integration**: targets Worker runtime (`cf`, D1, KV) while preserving local compatibility shape.
+
+---
+
+## Expected consumers
+
+These generators are intended to be used by internal CLI code under:
+
+- `packages/appflare/cli/...`
+
+They are implementation details of scaffolding and are not meant as public runtime APIs.

package/cli/templates/auth/config.ts

@@ -1,61 +1,61 @@
-export function generateAuthConfigSource(configPathImport: string): string {
-	return `import { betterAuth } from "better-auth";
-import { withCloudflare } from "better-auth-cloudflare";
-import { drizzleAdapter } from "better-auth/adapters/drizzle";
-import { drizzle } from "drizzle-orm/d1";
-import type {
-	D1Database,
-	IncomingRequestCfProperties,
-	KVNamespace,
-} from "@cloudflare/workers-types";
-import * as Schema from "./auth.schema";
-import config from "${configPathImport}";
-
-type CloudflareBindings = {
-	DATABASE: D1Database;
-	KV?: KVNamespace;
-};
-
-export const createAuth = (
-	env?: CloudflareBindings,
-	cf?: IncomingRequestCfProperties,
-) => {
-	const db = env
-		? drizzle(env.DATABASE, {
-			schema: Schema,
-		})
-		: ({} as any);
-
-	const cloudflareOptions = withCloudflare(
-		{
-			autoDetectIpAddress: true,
-			geolocationTracking: true,
-			cf: cf ?? {},
-			d1: env
-				? {
-						db,
-						options: {
-							usePlural: true,
-						},
-				  }
-				: undefined,
-			kv: env?.KV,
-		},
-		config.auth.options as any,
-	);
-
-	return betterAuth({
-		...(cloudflareOptions as any),
-		...(env
-			? {}
-			: {
-					database: drizzleAdapter({} as D1Database, {
-						provider: "sqlite",
-						usePlural: true,
-					}),
-			  }),
-	});
-};
-export const auth = createAuth();
-`;
-}
+export function generateAuthConfigSource(configPathImport: string): string {
+	return `import { betterAuth } from "better-auth";
+import { withCloudflare } from "better-auth-cloudflare";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { drizzle } from "drizzle-orm/d1";
+import type {
+	D1Database,
+	IncomingRequestCfProperties,
+	KVNamespace,
+} from "@cloudflare/workers-types";
+import * as Schema from "./auth.schema";
+import config from "${configPathImport}";
+
+type CloudflareBindings = {
+	DATABASE: D1Database;
+	KV?: KVNamespace;
+};
+
+export const createAuth = (
+	env?: CloudflareBindings,
+	cf?: IncomingRequestCfProperties,
+) => {
+	const db = env
+		? drizzle(env.DATABASE, {
+			schema: Schema,
+		})
+		: ({} as any);
+
+	const cloudflareOptions = withCloudflare(
+		{
+			autoDetectIpAddress: true,
+			geolocationTracking: true,
+			cf: cf ?? {},
+			d1: env
+				? {
+						db,
+						options: {
+							usePlural: true,
+						},
+				  }
+				: undefined,
+			kv: env?.KV,
+		},
+		config.auth.options as any,
+	);
+
+	return betterAuth({
+		...(cloudflareOptions as any),
+		...(env
+			? {}
+			: {
+					database: drizzleAdapter({} as D1Database, {
+						provider: "sqlite",
+						usePlural: true,
+					}),
+			  }),
+	});
+};
+export const auth = createAuth();
+`;
+}

package/cli/templates/auth/route-config.ts

@@ -1 +1 @@
-export { generateAuthConfig, generateKvField } from "./route.config";
+export { generateAuthConfig, generateKvField } from "./route.config";

package/cli/templates/auth/route-handler.ts

@@ -1 +1 @@
-export { generateAuthHandler } from "./route.handler";
+export { generateAuthHandler } from "./route.handler";

package/cli/templates/auth/route-request-utils.ts

@@ -1,5 +1,5 @@
-export {
-	generateGetHeadersFunction,
-	generateRequestUtilities,
-	generateSanitizedRequestFunction,
-} from "./route.request-utils";
+export {
+	generateGetHeadersFunction,
+	generateRequestUtilities,
+	generateSanitizedRequestFunction,
+} from "./route.request-utils";

package/cli/templates/auth/route.config.ts

@@ -1,18 +1,18 @@
-function generateKvField(kvBinding?: string): string {
-	if (!kvBinding) {
-		return "";
-	}
-
-	return `,\n\t\t\tKV: c.env["${kvBinding}"] as KVNamespace`;
-}
-
-function generateAuthConfig(
-	databaseBinding: string,
-	kvBinding?: string,
-): string {
-	return `{
-			DATABASE: c.env["${databaseBinding}"] as D1Database${generateKvField(kvBinding)}
-		}`;
-}
-
-export { generateKvField, generateAuthConfig };
+function generateKvField(kvBinding?: string): string {
+	if (!kvBinding) {
+		return "";
+	}
+
+	return `,\n\t\t\tKV: c.env["${kvBinding}"] as KVNamespace`;
+}
+
+function generateAuthConfig(
+	databaseBinding: string,
+	kvBinding?: string,
+): string {
+	return `{
+			DATABASE: c.env["${databaseBinding}"] as D1Database${generateKvField(kvBinding)}
+		}`;
+}
+
+export { generateKvField, generateAuthConfig };

package/cli/templates/auth/route.handler.ts

@@ -1,18 +1,18 @@
-import { generateAuthConfig } from "./route.config";
-
-function generateAuthHandler(
-	authBasePath: string,
-	databaseBinding: string,
-	kvBinding?: string,
-): string {
-	return `app.on(["GET", "POST"], "${authBasePath}/*", async (c) => {
-	const auth = createAuth(
-		${generateAuthConfig(databaseBinding, kvBinding)},
-		c.req.raw.cf as IncomingRequestCfProperties | undefined,
-	);
-	return auth.handler(getSanitizedRequest(c.req.raw));
-});
-`;
-}
-
-export { generateAuthHandler };
+import { generateAuthConfig } from "./route.config";
+
+function generateAuthHandler(
+	authBasePath: string,
+	databaseBinding: string,
+	kvBinding?: string,
+): string {
+	return `app.on(["GET", "POST"], "${authBasePath}/*", async (c) => {
+	const auth = createAuth(
+		${generateAuthConfig(databaseBinding, kvBinding)},
+		c.req.raw.cf as IncomingRequestCfProperties | undefined,
+	);
+	return auth.handler(getSanitizedRequest(c.req.raw));
+});
+`;
+}
+
+export { generateAuthHandler };

package/cli/templates/auth/route.request-utils.ts

@@ -1,55 +1,55 @@
-function generateGetHeadersFunction(): string {
-	return `export const getHeaders = (headers: Headers) => {
-	const newHeaders = Object.fromEntries(headers as any);
-	const headerObject: Record<string, any> = {};
-	let hasCookie = false;
-
-	for (const key in newHeaders) {
-		if (key.toLowerCase() === "cookie") {
-			hasCookie = true;
-			break;
-		}
-	}
-
-	for (const key in newHeaders) {
-		const isAuthorization =
-			key.toLowerCase() === "authorization" &&
-			newHeaders[key]?.includes("Bearer");
-
-		if (hasCookie && key.toLowerCase() === "authorization") {
-			continue;
-		}
-
-		if (key.toLowerCase() === "authorization" && !isAuthorization) {
-			continue;
-		}
-
-		headerObject[key] = newHeaders[key];
-	}
-
-	return headerObject as any as Headers;
-};
-`;
-}
-
-function generateSanitizedRequestFunction(): string {
-	return `export const getSanitizedRequest = (req: Request) => {
-	const newRequest = new Request(req, {
-		headers: getHeaders(req.headers),
-	});
-	return newRequest;
-};
-`;
-}
-
-function generateRequestUtilities(): string {
-	return (
-		generateGetHeadersFunction() + "\n" + generateSanitizedRequestFunction()
-	);
-}
-
-export {
-	generateGetHeadersFunction,
-	generateSanitizedRequestFunction,
-	generateRequestUtilities,
-};
+function generateGetHeadersFunction(): string {
+	return `export const getHeaders = (headers: Headers) => {
+	const newHeaders = Object.fromEntries(headers as any);
+	const headerObject: Record<string, any> = {};
+	let hasCookie = false;
+
+	for (const key in newHeaders) {
+		if (key.toLowerCase() === "cookie") {
+			hasCookie = true;
+			break;
+		}
+	}
+
+	for (const key in newHeaders) {
+		const isAuthorization =
+			key.toLowerCase() === "authorization" &&
+			newHeaders[key]?.includes("Bearer");
+
+		if (hasCookie && key.toLowerCase() === "authorization") {
+			continue;
+		}
+
+		if (key.toLowerCase() === "authorization" && !isAuthorization) {
+			continue;
+		}
+
+		headerObject[key] = newHeaders[key];
+	}
+
+	return headerObject as any as Headers;
+};
+`;
+}
+
+function generateSanitizedRequestFunction(): string {
+	return `export const getSanitizedRequest = (req: Request) => {
+	const newRequest = new Request(req, {
+		headers: getHeaders(req.headers),
+	});
+	return newRequest;
+};
+`;
+}
+
+function generateRequestUtilities(): string {
+	return (
+		generateGetHeadersFunction() + "\n" + generateSanitizedRequestFunction()
+	);
+}
+
+export {
+	generateGetHeadersFunction,
+	generateSanitizedRequestFunction,
+	generateRequestUtilities,
+};

package/cli/templates/auth/route.ts

@@ -1,14 +1,14 @@
-import { generateAuthHandler } from "./route.handler";
-import { generateRequestUtilities } from "./route.request-utils";
-
-export function generateAuthRoute(
-	authBasePath: string,
-	databaseBinding: string,
-	kvBinding?: string,
-): string {
-	return (
-		generateAuthHandler(authBasePath, databaseBinding, kvBinding) +
-		"\n" +
-		generateRequestUtilities()
-	);
-}
+import { generateAuthHandler } from "./route.handler";
+import { generateRequestUtilities } from "./route.request-utils";
+
+export function generateAuthRoute(
+	authBasePath: string,
+	databaseBinding: string,
+	kvBinding?: string,
+): string {
+	return (
+		generateAuthHandler(authBasePath, databaseBinding, kvBinding) +
+		"\n" +
+		generateRequestUtilities()
+	);
+}