blacksmith-cli 0.1.1

package/src/templates/backend/config/urls.py.hbs

@@ -0,0 +1,26 @@
+"""
+URL configuration for {{projectName}}.
+"""
+
+from django.contrib import admin
+from django.urls import path, include
+from drf_spectacular.views import (
+    SpectacularAPIView,
+    SpectacularSwaggerView,
+    SpectacularRedocView,
+)
+
+urlpatterns = [
+    path('admin/', admin.site.urls),
+
+    # OpenAPI schema & documentation
+    path('api/schema/', SpectacularAPIView.as_view(), name='schema'),
+    path('api/docs/', SpectacularSwaggerView.as_view(url_name='schema'), name='swagger-ui'),
+    path('api/redoc/', SpectacularRedocView.as_view(url_name='schema'), name='redoc'),
+
+    # Auth endpoints
+    path('api/auth/', include('apps.users.urls')),
+
+    # Resource endpoints (auto-registered by blacksmith make:resource)
+    # blacksmith:urls
+]

package/src/templates/backend/config/wsgi.py.hbs

@@ -0,0 +1,9 @@
+"""
+WSGI config for {{projectName}}.
+"""
+
+import os
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
+application = get_wsgi_application()

package/src/templates/backend/manage.py.hbs

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+"""Django's command-line utility for administrative tasks."""
+import os
+import sys
+
+
+def main():
+    """Run administrative tasks."""
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
+
+
+if __name__ == '__main__':
+    main()

package/src/templates/backend/requirements.txt.hbs

@@ -0,0 +1,7 @@
+django>=4.2,<6.0
+djangorestframework>=3.15,<4.0
+drf-spectacular>=0.28,<1.0
+drf-spectacular-sidecar>=2024
+djangorestframework-simplejwt>=5.4,<6.0
+django-cors-headers>=4.6,<5.0
+python-dotenv>=1.0,<2.0

package/src/templates/frontend/.env.hbs

@@ -0,0 +1 @@
+VITE_API_URL=http://localhost:{{backendPort}}

package/src/templates/frontend/index.html.hbs

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>{{projectName}}</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>

package/src/templates/frontend/openapi-ts.config.ts.hbs

@@ -0,0 +1,29 @@
+import { defineConfig } from '@hey-api/openapi-ts'
+
+export default defineConfig({
+  input: {
+    path: 'http://localhost:{{backendPort}}/api/schema/',
+  },
+  output: {
+    path: './src/api/generated',
+  },
+  plugins: [
+    {
+      name: '@hey-api/typescript',
+      enums: 'javascript',
+    },
+    {
+      name: '@hey-api/client-fetch',
+    },
+    {
+      name: '@hey-api/sdk',
+    },
+    {
+      name: '@tanstack/react-query',
+      queryOptions: true,
+      infiniteQueryOptions: true,
+      mutationOptions: true,
+    },
+    'zod',
+  ],
+})

package/src/templates/frontend/package.json.hbs

@@ -0,0 +1,44 @@
+{
+  "name": "{{projectName}}-frontend",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc -b && vite build",
+    "lint": "eslint .",
+    "preview": "vite preview",
+    "openapi-ts": "openapi-ts"
+  },
+  "dependencies": {
+    "@blacksmith-ui/auth": "^0.1.0",
+    "@blacksmith-ui/forms": "^0.1.0",
+    "@blacksmith-ui/hooks": "^0.1.0",
+    "@blacksmith-ui/react": "^0.1.2",
+    "@hey-api/client-fetch": "^0.9.0",
+    "@hookform/resolvers": "^5.0.0",
+    "@tanstack/react-query": "^5.90.0",
+    "@tanstack/react-query-devtools": "^5.90.0",
+    "clsx": "^2.1.1",
+    "lucide-react": "^0.400.0",
+    "react": "^19.1.0",
+    "react-dom": "^19.1.0",
+    "react-error-boundary": "^5.0.0",
+    "react-hook-form": "^7.55.0",
+    "react-router-dom": "^7.6.0",
+    "tailwind-merge": "^3.0.0",
+    "tailwindcss": "^3.4.0",
+    "zod": "^3.24.0"
+  },
+  "devDependencies": {
+    "@hey-api/openapi-ts": "^0.93.0",
+    "@types/react": "^19.1.0",
+    "@types/react-dom": "^19.1.0",
+    "@vitejs/plugin-react": "^5.0.0",
+    "autoprefixer": "^10.4.0",
+    "postcss": "^8.4.0",
+    "tailwindcss-animate": "^1.0.7",
+    "typescript": "~5.8.0",
+    "vite": "^6.3.0"
+  }
+}

package/src/templates/frontend/postcss.config.js.hbs

@@ -0,0 +1,6 @@
+export default {
+  plugins: {
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+}

package/src/templates/frontend/src/api/client.ts.hbs

@@ -0,0 +1,110 @@
+/**
+ * API Client Configuration
+ *
+ * Configures the @hey-api/client-fetch client with:
+ * - Base URL from environment
+ * - JWT auth interceptor
+ * - CSRF token interceptor (for Django)
+ * - 401 token refresh interceptor
+ *
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import { createClient } from '@hey-api/client-fetch'
+
+// Create the client directly (no dependency on generated files)
+export const client = createClient({
+  baseUrl: import.meta.env.VITE_API_URL || 'http://localhost:{{backendPort}}',
+})
+
+// In-memory token storage (more secure than localStorage)
+let accessToken: string | null = null
+let refreshToken: string | null = null
+
+export function setTokens(access: string | null, refresh?: string | null) {
+  accessToken = access
+  if (refresh !== undefined) {
+    refreshToken = refresh
+  }
+}
+
+export function getAccessToken(): string | null {
+  return accessToken
+}
+
+export function getRefreshToken(): string | null {
+  return refreshToken
+}
+
+export function clearTokens() {
+  accessToken = null
+  refreshToken = null
+}
+
+// Auth interceptor — attach JWT to every request
+client.interceptors.request.use((request) => {
+  if (accessToken) {
+    request.headers.set('Authorization', `Bearer ${accessToken}`)
+  }
+  return request
+})
+
+// CSRF interceptor — Django requires this for non-GET requests
+client.interceptors.request.use((request) => {
+  const csrfToken = document.cookie
+    .split('; ')
+    .find((row) => row.startsWith('csrftoken='))
+    ?.split('=')[1]
+
+  if (csrfToken) {
+    request.headers.set('X-CSRFToken', csrfToken)
+  }
+  return request
+})
+
+// 401 interceptor — attempt token refresh, then retry
+let isRefreshing = false
+let refreshPromise: Promise<boolean> | null = null
+
+async function attemptTokenRefresh(): Promise<boolean> {
+  if (!refreshToken) return false
+
+  try {
+    const response = await fetch(
+      `${import.meta.env.VITE_API_URL || 'http://localhost:{{backendPort}}'}/api/auth/refresh/`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ refresh: refreshToken }),
+      }
+    )
+
+    if (!response.ok) return false
+
+    const data = await response.json()
+    setTokens(data.access, data.refresh)
+    return true
+  } catch {
+    return false
+  }
+}
+
+client.interceptors.response.use(async (response) => {
+  if (response.status === 401 && !response.url.includes('/api/auth/refresh/')) {
+    if (!isRefreshing) {
+      isRefreshing = true
+      refreshPromise = attemptTokenRefresh().finally(() => {
+        isRefreshing = false
+        refreshPromise = null
+      })
+    }
+
+    const refreshed = await refreshPromise
+    if (!refreshed) {
+      clearTokens()
+      window.dispatchEvent(new CustomEvent('auth:logout'))
+    }
+  }
+  return response
+})
+

package/src/templates/frontend/src/api/generated/client.gen.ts

@@ -0,0 +1,13 @@
+/**
+ * Auto-generated API Client
+ *
+ * This is a stub file that allows the app to boot before
+ * the first OpenAPI sync. Run `blacksmith sync` or `blacksmith dev`
+ * to generate the real client from your Django API schema.
+ *
+ * Generated by Blacksmith. This file will be overwritten by openapi-ts.
+ */
+
+import { createClient } from '@hey-api/client-fetch'
+
+export const client = createClient()

package/src/templates/frontend/src/api/query-client.ts.hbs

@@ -0,0 +1,22 @@
+/**
+ * React Query Client Configuration
+ *
+ * Centralized QueryClient with sensible defaults.
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import { QueryClient } from '@tanstack/react-query'
+
+export const queryClient = new QueryClient({
+  defaultOptions: {
+    queries: {
+      staleTime: 5 * 60 * 1000, // 5 minutes before data is considered stale
+      gcTime: 30 * 60 * 1000, // 30 minutes in garbage collection cache
+      retry: 2, // Retry failed queries twice
+      refetchOnWindowFocus: true,
+    },
+    mutations: {
+      retry: 0, // Never retry mutations
+    },
+  },
+})

package/src/templates/frontend/src/app.tsx.hbs

@@ -0,0 +1,30 @@
+/**
+ * Root Application Component
+ *
+ * Composes all providers and the router.
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import { QueryClientProvider } from '@tanstack/react-query'
+import { ReactQueryDevtools } from '@tanstack/react-query-devtools'
+import { RouterProvider } from 'react-router-dom'
+import { ThemeProvider } from '@blacksmith-ui/react'
+import { queryClient } from '@/api/query-client'
+import { AuthProvider } from '@/features/auth/components/auth-provider'
+import { router } from '@/router'
+
+// Initialize API client (registers interceptors)
+import '@/api/client'
+
+export function App() {
+  return (
+    <ThemeProvider defaultMode="system" storageKey="{{projectName}}-theme">
+      <QueryClientProvider client={queryClient}>
+        <AuthProvider>
+          <RouterProvider router={router} />
+        </AuthProvider>
+        {import.meta.env.DEV && <ReactQueryDevtools initialIsOpen={false} />}
+      </QueryClientProvider>
+    </ThemeProvider>
+  )
+}

package/src/templates/frontend/src/features/auth/adapter.ts.hbs

@@ -0,0 +1,198 @@
+/**
+ * Blacksmith Auth Adapter
+ *
+ * Connects @blacksmith-ui/auth to the Django JWT backend.
+ * Implements the AuthAdapter interface using the generated API client.
+ *
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import type { AuthAdapter, AuthUser, AuthResult, AuthError, SocialProvider } from '@blacksmith-ui/auth'
+import { setTokens, getAccessToken, clearTokens } from '@/api/client'
+import { parseApiError } from '@/shared/hooks/api-error'
+
+const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:{{backendPort}}'
+
+// Internal state
+let currentUser: AuthUser | null = null
+let authListeners: Array<(user: AuthUser | null) => void> = []
+
+function notifyListeners(user: AuthUser | null) {
+  currentUser = user
+  authListeners.forEach((cb) => cb(user))
+}
+
+function mapDjangoUser(data: any): AuthUser {
+  return {
+    id: String(data.id),
+    email: data.email,
+    displayName: data.first_name
+      ? `${data.first_name}${data.last_name ? ' ' + data.last_name : ''}`
+      : null,
+    photoURL: null,
+    emailVerified: true,
+    providerId: 'password',
+  }
+}
+
+function toAuthError(error: unknown): AuthError {
+  const parsed = parseApiError(error)
+
+  // If there are field-level errors, include them in the message
+  const fieldMessages = Object.entries(parsed.fieldErrors)
+    .map(([field, msgs]) => `${field}: ${msgs.join(', ')}`)
+    .join('. ')
+
+  const message = fieldMessages
+    ? `${parsed.message} ${fieldMessages}`
+    : parsed.message
+
+  return { code: `auth/${parsed.status || 'error'}`, message }
+}
+
+async function apiFetch(path: string, options: RequestInit = {}): Promise<any> {
+  const response = await fetch(`${API_URL}${path}`, {
+    headers: {
+      'Content-Type': 'application/json',
+      ...(getAccessToken() ? { Authorization: `Bearer ${getAccessToken()}` } : {}),
+    },
+    ...options,
+  })
+
+  const data = await response.json().catch(() => null)
+
+  if (!response.ok) {
+    throw { status: response.status, error: data || { detail: response.statusText } }
+  }
+
+  return data
+}
+
+async function fetchCurrentUser(): Promise<AuthUser> {
+  const data = await apiFetch('/api/auth/me/')
+  return mapDjangoUser(data)
+}
+
+export function createBlacksmithAuthAdapter(): AuthAdapter {
+  // Try to restore session on init
+  ;(async () => {
+    try {
+      if (getAccessToken()) {
+        const user = await fetchCurrentUser()
+        notifyListeners(user)
+      }
+    } catch {
+      clearTokens()
+      notifyListeners(null)
+    }
+  })()
+
+  return {
+    async signInWithEmail(email: string, password: string): Promise<AuthResult> {
+      try {
+        const data = await apiFetch('/api/auth/login/', {
+          method: 'POST',
+          body: JSON.stringify({ email, password }),
+        })
+
+        setTokens(data.access, data.refresh)
+        const user = await fetchCurrentUser()
+        notifyListeners(user)
+
+        return { success: true, user }
+      } catch (error: unknown) {
+        return { success: false, error: toAuthError(error) }
+      }
+    },
+
+    async signUpWithEmail(
+      email: string,
+      password: string,
+      displayName?: string
+    ): Promise<AuthResult> {
+      try {
+        const data = await apiFetch('/api/auth/register/', {
+          method: 'POST',
+          body: JSON.stringify({
+            email,
+            password,
+            password_confirm: password,
+            first_name: displayName || '',
+          }),
+        })
+
+        setTokens(data.access, data.refresh)
+        const user = await fetchCurrentUser()
+        notifyListeners(user)
+
+        return { success: true, user }
+      } catch (error: unknown) {
+        return { success: false, error: toAuthError(error) }
+      }
+    },
+
+    async signInWithSocial(_provider: SocialProvider): Promise<AuthResult> {
+      return {
+        success: false,
+        error: {
+          code: 'auth/unsupported',
+          message: 'Social login is not yet configured. Implement OAuth on the Django backend.',
+        },
+      }
+    },
+
+    async sendPasswordResetEmail(email: string) {
+      try {
+        await apiFetch('/api/auth/forgot-password/', {
+          method: 'POST',
+          body: JSON.stringify({ email }),
+        })
+        return { success: true as const }
+      } catch (error: unknown) {
+        return { success: false as const, error: toAuthError(error) }
+      }
+    },
+
+    async confirmPasswordReset(code: string, newPassword: string) {
+      try {
+        await apiFetch('/api/auth/reset-password/', {
+          method: 'POST',
+          body: JSON.stringify({
+            token: code,
+            password: newPassword,
+            password_confirm: newPassword,
+          }),
+        })
+        return { success: true as const }
+      } catch (error: unknown) {
+        return { success: false as const, error: toAuthError(error) }
+      }
+    },
+
+    async signOut(): Promise<void> {
+      try {
+        await apiFetch('/api/auth/logout/', {
+          method: 'POST',
+        })
+      } catch {
+        // Ignore errors on logout
+      }
+      clearTokens()
+      notifyListeners(null)
+    },
+
+    getCurrentUser(): AuthUser | null {
+      return currentUser
+    },
+
+    onAuthStateChanged(callback: (user: AuthUser | null) => void): () => void {
+      authListeners.push(callback)
+      // Fire immediately with current state
+      callback(currentUser)
+
+      return () => {
+        authListeners = authListeners.filter((cb) => cb !== callback)
+      }
+    },
+  }
+}

package/src/templates/frontend/src/features/auth/components/auth-provider.tsx.hbs

@@ -0,0 +1,32 @@
+/**
+ * Auth Provider
+ *
+ * Wraps the app with @blacksmith-ui/auth's AuthProvider configured
+ * with the Django JWT adapter.
+ *
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import { AuthProvider as BlacksmithAuthProvider } from '@blacksmith-ui/auth'
+import { createBlacksmithAuthAdapter } from '../adapter'
+import type { ReactNode } from 'react'
+
+const adapter = createBlacksmithAuthAdapter()
+
+interface Props {
+  children: ReactNode
+}
+
+export function AuthProvider({ children }: Props) {
+  return (
+    <BlacksmithAuthProvider
+      config=\{{
+        adapter,
+        // Enable social providers by adding them here:
+        // socialProviders: ['google', 'github'],
+      }}
+    >
+      {children}
+    </BlacksmithAuthProvider>
+  )
+}

package/src/templates/frontend/src/features/auth/hooks/use-auth.ts.hbs

@@ -0,0 +1,27 @@
+/**
+ * Auth Hook
+ *
+ * Re-exports useAuth from @blacksmith-ui/auth for convenience.
+ * Import from here so your app has a single auth import path.
+ *
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import { useAuth as useBlacksmithAuth } from '@blacksmith-ui/auth'
+
+export function useAuth() {
+  const auth = useBlacksmithAuth()
+
+  return {
+    user: auth.user,
+    isLoading: auth.loading,
+    isAuthenticated: !!auth.user,
+    error: auth.error,
+    login: auth.signInWithEmail,
+    register: auth.signUpWithEmail,
+    logout: auth.signOut,
+    sendPasswordResetEmail: auth.sendPasswordResetEmail,
+    confirmPasswordReset: auth.confirmPasswordReset,
+    socialProviders: auth.socialProviders,
+  }
+}

package/src/templates/frontend/src/features/auth/index.ts.hbs

@@ -0,0 +1,3 @@
+export { authRoutes } from './routes'
+export { useAuth } from './hooks/use-auth'
+export { AuthProvider } from './components/auth-provider'

package/src/templates/frontend/src/features/auth/pages/forgot-password-page.tsx.hbs

@@ -0,0 +1,37 @@
+/**
+ * Forgot Password Page
+ *
+ * Uses @blacksmith-ui/auth ForgotPasswordForm connected to Django backend.
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import { ForgotPasswordForm } from '@blacksmith-ui/auth'
+import { useNavigate } from 'react-router-dom'
+import { useAuth } from '../hooks/use-auth'
+import { useState } from 'react'
+import { Path } from '@/router/paths'
+
+export default function ForgotPasswordPage() {
+  const navigate = useNavigate()
+  const { sendPasswordResetEmail, error } = useAuth()
+  const [loading, setLoading] = useState(false)
+
+  const handleSubmit = async (data: { email: string }) => {
+    setLoading(true)
+    try {
+      await sendPasswordResetEmail(data.email)
+      // Show success regardless (prevents email enumeration)
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  return (
+    <ForgotPasswordForm
+      onSubmit={handleSubmit}
+      onLoginClick={() => navigate(Path.Login)}
+      error={error}
+      loading={loading}
+    />
+  )
+}

package/src/templates/frontend/src/features/auth/pages/login-page.tsx.hbs

@@ -0,0 +1,36 @@
+/**
+ * Login Page
+ *
+ * Uses @blacksmith-ui/auth LoginForm connected to Django JWT backend.
+ * Generated by Blacksmith. You own this file — customize as needed.
+ */
+
+import { LoginForm } from '@blacksmith-ui/auth'
+import { useNavigate, useSearchParams } from 'react-router-dom'
+import { useAuth } from '../hooks/use-auth'
+import { Path } from '@/router/paths'
+
+export default function LoginPage() {
+  const navigate = useNavigate()
+  const [searchParams] = useSearchParams()
+  const { login, error, isLoading } = useAuth()
+
+  const redirectTo = searchParams.get('redirect') || Path.Home
+
+  const handleSubmit = async (data: { email: string; password: string }) => {
+    const result = await login(data.email, data.password)
+    if (result.success) {
+      navigate(redirectTo, { replace: true })
+    }
+  }
+
+  return (
+    <LoginForm
+      onSubmit={handleSubmit}
+      onRegisterClick={() => navigate(Path.Register)}
+      onForgotPasswordClick={() => navigate(Path.ForgotPassword)}
+      error={error}
+      loading={isLoading}
+    />
+  )
+}