create-authenik8-app 2.0.1 → 2.0.2

package/templates/express-auth/src/.env

@@ -0,0 +1,9 @@
+JWT_SECRET=your_secret
+REFRESH_SECRET=your_secret
+
+
+# OAuth (if used)
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=

package/templates/express-auth/src/app.ts

@@ -0,0 +1,14 @@
+import express from "express";
+import { createAuthRoutes } from "./routes/auth.routes";
+import { createProtectedRoutes } from "./routes/protected.routes";
+
+export const createApp = (auth: any) => {
+  const app = express();
+
+  app.use(express.json());
+
+  app.use("/auth", createAuthRoutes(auth));
+  app.use("/", createProtectedRoutes(auth));
+
+  return app;
+};

package/templates/express-auth/src/controllers/auth.controller.ts

@@ -0,0 +1,43 @@
+import { Request, Response } from "express";
+import { AuthService } from "../services/auth.services";
+
+export const createAuthController = (auth: any) => ({
+  async register(req: Request, res: Response) {
+    try {
+      const { email, password } = req.body;
+
+      const user = await AuthService.register(email, password);
+
+      res.json({ message: "User created", userId: user.id });
+    } catch (err) {
+      res.status(400).json({ error: (err as Error).message });
+    }
+  },
+
+  async login(req: Request, res: Response) {
+    try {
+      const { email, password } = req.body;
+
+      const user = await AuthService.login(email, password);
+
+      const accessToken = auth.signToken({
+        userId: user.id,
+        email: user.email,
+      });
+
+      const refreshToken = await auth.generateRefreshToken({
+        userId: user.id,
+        email: user.email,
+      });
+
+      res.json({ accessToken, refreshToken });
+    } catch (err) {
+      res.status(401).json({ error: (err as Error).message });
+    }
+  },
+
+  async refresh(req: Request, res: Response) {
+    const tokens = await auth.refreshToken(req.body.refreshToken);
+    res.json(tokens);
+  },
+});

package/templates/express-auth/src/routes/auth.routes.ts

@@ -0,0 +1,13 @@
+import { Router } from "express";
+import { createAuthController } from "../controllers/auth.controller";
+
+export const createAuthRoutes = (auth: any) => {
+  const router = Router();
+  const controller = createAuthController(auth);
+
+  router.post("/register", controller.register);
+  router.post("/login", controller.login);
+  router.post("/refresh", controller.refresh);
+
+  return router;
+};

package/templates/express-auth/src/routes/protected.routes.ts

@@ -0,0 +1,11 @@
+import { Router } from "express";
+
+export const createProtectedRoutes = (auth: any) => {
+  const router = Router();
+
+  router.get("/protected", auth.requireAdmin, (req, res) => {
+    res.json({ message: "Protected route" });
+  });
+
+  return router;
+};

package/templates/express-auth/src/server.ts

@@ -1,10 +1,8 @@
-import express from "express";
+import dotenv from "dotenv";
 import { createAuthenik8 } from "authenik8-core";
-import { hashPassword, comparePassword } from "./utils/hash";
-import {prisma} from "./prisma/client"
+import { createApp } from "./app";
 
-const app = express();
-app.use(express.json());
+dotenv.config();
 
 async function start() {
   const auth = await createAuthenik8({
@@ -12,67 +10,28 @@ async function start() {
     refreshSecret: process.env.REFRESH_SECRET!,
   });
 
-  
-  app.post("/register", async (req, res) => {
-    const { email, password } = req.body;
-
-    const hashedPassword = await hashPassword(password);
-
-    const user = await prisma.user.create({
-      data: {
-        email,
-        password: hashedPassword,
-      },
-    });
-
-    res.json({ message: "User created", userId: user.id });
-  });
-
-
-  app.post("/login", async (req, res) => {
-    const { email, password } = req.body;
-
-    const user = await prisma.user.findUnique({
-      where: { email },
-    });
-
-    if (!user) {
-      return res.status(401).json({ error: "Invalid credentials" });
-    }
-
-    const isValid = await comparePassword(password, user.password);
-
-    if (!isValid) {
-      return res.status(401).json({ error: "Invalid credentials" });
-    }
-
-    const accessToken = auth.signToken({
-      id: user.id,
-      email: user.email,
-    });
-
-    const refreshToken = await auth.generateRefreshToken({
-      id: user.id,
-      email: user.email,
-    });
-
-    res.json({ accessToken, refreshToken });
-  });
-
-  
-  app.post("/refresh", async (req, res) => {
-    const tokens = await auth.refreshToken(req.body.refreshToken);
-    res.json(tokens);
-  });
-
-  // ✅ PROTECTED
-  app.get("/protected", auth.requireAdmin, (req, res) => {
-    res.json({ message: "Protected route" });
-  });
+  const app = createApp(auth);
 
   app.listen(3000, () => {
-    console.log("🚀 Server running on http://localhost:3000");
+    console.log(" Server running on http://localhost:3000");
   });
 }
-
+process.on("uncaughtException", (err) => {
+  console.error(" Uncaught Exception:", err);
+  process.exit(1); 
+});
+
+process.on("unhandledRejection", (err) => {
+  console.error(" Unhandled Rejection:", err);
+  process.exit(1);
+
+});
+setInterval(() => {
+  const used = process.memoryUsage().heapUsed / 1024 / 1024;
+
+  if (used > 300) {
+    console.error(`Memory exceeded: ${used.toFixed(2)} MB`);
+    process.exit(1);
+  }
+}, 10000);
 start();

package/templates/express-auth/src/services/auth.services.ts

@@ -0,0 +1,28 @@
+import { prisma } from "../prisma/client";
+import { hashPassword, comparePassword } from "../utils/hash";
+
+export const AuthService = {
+  async register(email: string, password: string) {
+    const hashedPassword = await hashPassword(password);
+
+    const user = await prisma.user.create({
+      data: { email, password: hashedPassword },
+    });
+
+    return user;
+  },
+
+  async login(email: string, password: string) {
+    const user = await prisma.user.findUnique({
+      where: { email },
+    });
+
+    if (!user) throw new Error("Invalid credentials");
+
+    const isValid = await comparePassword(password, user.password);
+
+    if (!isValid) throw new Error("Invalid credentials");
+
+    return user;
+  },
+};

package/templates/express-auth+/ecosystem.config.ts

@@ -0,0 +1,15 @@
+module.exports = {
+  apps: [
+    {
+      name: "authenik8-app",
+      script: "src/server.ts",
+      instances: "max",
+      exec_mode: "cluster",
+      watch: false,
+      max_memory_restart: "300M",
+      env: {
+        NODE_ENV: "production",
+      },
+    },
+  ],
+};

package/templates/express-auth+/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "authenik8-app",
+  "version": "1.0.6",
+  "description": "Authenik8 generated Express auth app",
+  "main": "dist/server.js",
+  "type": "commonjs",
+  "scripts": {
+    "dev": "ts-node-dev --respawn --transpile-only src/server.ts",
+    "build": "tsc",
+     "pm2:start": "pm2 start ecosystem.config.js",
+     "pm2:stop": "pm2 stop authenik8-app",
+     "pm2:logs": "pm2 logs",
+    "start": "node dist/server.js",
+    "prisma:generate": "prisma generate",
+    "prisma:migrate": "prisma migrate dev"
+  },
+  "dependencies": {
+    "authenik8-core": "^1.0.3",
+    "express": "^4.19.2"
+  },
+  "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/node": "^20.0.0",
+    "ts-node-dev": "^2.0.0",
+    "typescript": "^5.0.0"
+  }
+}

package/templates/express-auth+/src/.env

@@ -0,0 +1,9 @@
+JWT_SECRET=your_secret
+REFRESH_SECRET=your_secret
+
+
+# OAuth (if used)
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=

package/templates/express-auth+/src/auth/auth.ts

@@ -0,0 +1,37 @@
+import { createAuthenik8 } from "authenik8-core";
+import dotenv from "dotenv";
+
+dotenv.config();
+
+let authInstance: any;
+
+
+
+export async function initAuth() {
+  authInstance= await createAuthenik8({
+    jwtSecret: process.env.JWT_SECRET!,
+    refreshSecret: process.env.REFRESH_SECRET!,
+
+    oauth: {
+      google: {
+        clientId: process.env.GOOGLE_CLIENT_ID!,
+        clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+        redirectUri: "http://localhost:3000/auth/google/callback",
+      },
+      github: {
+        clientId: process.env.GITHUB_CLIENT_ID!,
+        clientSecret: process.env.GITHUB_CLIENT_SECRET!,
+        redirectUri: "http://localhost:3000/auth/github/callback",
+      },
+    },
+  });
+
+}
+export function getAuth() {
+  if (!authInstance) {
+    throw new Error("Auth not initialized. Call initAuth() first.");
+  }
+
+  return authInstance;
+}
+

package/templates/express-auth+/src/auth/oauth.routes.ts

@@ -0,0 +1,43 @@
+import express from "express";
+import { auth } from "./auth";
+
+const router = express.Router();
+
+// GOOGLE
+router.get("/google", (req, res) => {
+  auth.oauth?.google?.redirect(req, res);
+});
+
+router.get("/google/callback", async (req, res) => {
+  const result = await auth.oauth?.google?.handleCallback(req);
+
+  res.json({
+    provider: "google",
+    ...result,
+  });
+});
+
+// GITHUB
+router.get("/github", (req, res) => {
+  auth.oauth?.github?.redirect(req, res);
+});
+
+router.get("/github/callback", async (req, res) => {
+  const result = await auth.oauth?.github?.handleCallback(req);
+
+  res.json({
+    provider: "github",
+    ...result,
+  });
+});
+
+
+router.get("/google/link", (req, res) => {
+  auth.oauth?.google?.redirect(req, res, "link");
+});
+
+router.get("/github/link", (req, res) => {
+  auth.oauth?.github?.redirect(req, res, "link");
+});
+
+export default router;

package/templates/express-auth+/src/auth/password.route.ts

@@ -0,0 +1,43 @@
+import { auth } from "./auth";
+import { prisma } from "../prisma/client";
+import { hashPassword, comparePassword } from "../utils/hash";
+import express from "express";
+
+const router = express.Router();
+
+router.post("/register", async (req, res) => {
+  const { email, password } = req.body;
+
+  const user = await prisma.user.create({
+    data: {
+      email,
+      password: await hashPassword(password),
+    },
+  });
+
+  res.json({ message: "User created", userId: user.id });
+});
+
+router.post("/login", async (req, res) => {
+  const { email, password } = req.body;
+
+  const user = await prisma.user.findUnique({ where: { email } });
+
+  if (!user || !(await comparePassword(password, user.password))) {
+    return res.status(401).json({ error: "Invalid credentials" });
+  }
+
+  const accessToken = auth.signToken({
+    userId: user.id,
+    email: user.email,
+  });
+
+  const refreshToken = await auth.generateRefreshToken({
+    userId: user.id,
+    email: user.email,
+  });
+
+  res.json({ accessToken, refreshToken });
+});
+
+export default router;

package/templates/express-auth+/src/auth/protected.routes.ts

@@ -0,0 +1,11 @@
+import express from "express";
+import { getAuth } from "./auth";
+
+const router = express.Router();
+const auth = getAuth();
+
+router.get("/protected", auth.requireAdmin, (req, res) => {
+  res.json({ message: "Protected route" });
+});
+
+export default router;

package/templates/express-auth+/src/prisma/client.ts

@@ -0,0 +1,15 @@
+import { PrismaClient } from "@prisma/client";
+
+const globalForPrisma = globalThis as unknown as {
+  prisma: PrismaClient | undefined;
+};
+
+export const prisma =
+  globalForPrisma.prisma ??
+  new PrismaClient({
+    log: ["error", "warn"],
+  });
+
+if (process.env.NODE_ENV !== "production") {
+  globalForPrisma.prisma = prisma;
+}

package/templates/express-auth+/src/server.ts

@@ -0,0 +1,38 @@
+import express from "express";
+import passwordRoutes from "./auth/password.route";
+import oauthRoutes from "./auth/oauth.routes";
+import protectedRoutes from "./auth/protected.routes";
+import { initAuth } from "./auth";
+const app = express();
+app.use(express.json());
+
+app.use("/auth", passwordRoutes);
+app.use("/auth", oauthRoutes);
+app.use("/", protectedRoutes);
+
+async function start(){
+	await initAuth();
+
+  app.listen(3000, () => {
+    console.log("Auth system running on http://localhost:3000");
+  });
+}
+
+start();
+process.on("uncaughtException", (err) => {
+  console.error(" Uncaught Exception:", err);
+  process.exit(1); 
+});
+
+process.on("unhandledRejection", (err) => {
+  console.error(" Unhandled Rejection:", err);
+  process.exit(1);
+});
+setInterval(() => {
+  const used = process.memoryUsage().heapUsed / 1024 / 1024;
+
+  if (used > 300) {
+    console.error(` Memory exceeded: ${used.toFixed(2)} MB`);
+    process.exit(1);
+  }
+}, 10000);

package/templates/express-auth+/src/utils/hash.ts

@@ -0,0 +1,12 @@
+import argon2 from "argon2";
+
+export const hashPassword = async (password: string): Promise<string> => {
+  return argon2.hash(password);
+};
+
+export const comparePassword = async (
+  password: string,
+  hash: string
+): Promise<boolean> => {
+  return argon2.verify(hash, password);
+};

package/templates/express-auth+/tsconfig.json

@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "rootDir": "./src",
+    "outDir": "./dist",
+
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+
+    "forceConsistentCasingInFileNames": true
+  },
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}

package/templates/express-base/app.ts

@@ -0,0 +1,15 @@
+import express from "express";
+import { createBaseRoutes } from "./routes/base.routes";
+
+export const createApp = (auth: any) => {
+  const app = express();
+
+  app.use(express.json());
+
+  app.use(auth.helmet);
+  app.use(auth.rateLimit);
+
+  app.use("/", createBaseRoutes(auth));
+
+  return app;
+};

package/templates/express-base/controllers/base.controller.ts

@@ -0,0 +1,32 @@
+import { Request, Response } from "express";
+
+export const createBaseController = (auth: any) => ({
+  publicRoute(req: Request, res: Response) {
+    res.json({ message: "Public route" });
+  },
+
+  async guest(req: Request, res: Response) {
+    const token = await auth.guestToken({ role: "guest" });
+    res.json({ token });
+  },
+
+  async protected(req: Request, res: Response) {
+    const token = req.headers.authorization?.split(" ")[1];
+
+    try {
+      const decoded = await auth.verifyToken(token);
+      res.json({ message: "Protected data", user: decoded });
+    } catch {
+      res.status(401).json({ error: "Unauthorized" });
+    }
+  },
+
+  async refresh(req: Request, res: Response) {
+    const tokens = await auth.refreshToken(req.body.refreshToken);
+    res.json(tokens);
+  },
+
+  admin(req: Request, res: Response) {
+    res.json({ message: "Admin only" });
+  },
+});

package/templates/express-base/ecosystem.config.ts

@@ -0,0 +1,15 @@
+module.exports = {
+  apps: [
+    {
+      name: "authenik8-app",
+      script: "src/server.ts",
+      instances: "max",
+      exec_mode: "cluster",
+      watch: false,
+      max_memory_restart: "300M",
+      env: {
+        NODE_ENV: "production",
+      },
+    },
+  ],
+};

package/templates/express-base/package.json

@@ -3,11 +3,14 @@
   "version": "1.0.5",
   "scripts": {
     "dev": "ts-node-dev --respawn --transpile-only ./src/server.ts",
+    "pm2:start": "pm2 start ecosystem.config.js",
+    "pm2:stop": "pm2 stop authenik8-app",
+    "pm2:logs": "pm2 logs",
     "build": "tsc",
     "start": "node dist/server.js"
   },
   "dependencies": {
-    "authenik8-core": "^0.1.5",
+    "authenik8-core": "^1.0.3",
     "dotenv": "^16.0.0",
     "express": "^4.18.2"
   },

package/templates/express-base/routes/base.routes.ts

@@ -0,0 +1,16 @@
+import { Router } from "express";
+import { createBaseController } from "../controllers/base.controller";
+
+export const createBaseRoutes = (auth: any) => {
+  const router = Router();
+  const controller = createBaseController(auth);
+
+  router.get("/public", controller.publicRoute);
+  router.get("/guest", controller.guest);
+  router.get("/protected", controller.protected);
+  router.post("/refresh", controller.refresh);
+
+  router.get("/admin", auth.requireAdmin, controller.admin);
+
+  return router;
+};

package/templates/express-base/src/server.ts

@@ -1,8 +1,8 @@
-import express from "express";
+import dotenv from "dotenv";
 import { createAuthenik8 } from "authenik8-core";
+import { createApp } from "../app";
 
-const app = express();
-app.use(express.json());
+dotenv.config();
 
 async function start() {
   const auth = await createAuthenik8({
@@ -10,47 +10,27 @@ async function start() {
     refreshSecret: process.env.REFRESH_SECRET!,
   });
 
-  app.use(auth.helmet);
-  app.use(auth.rateLimit);
-
-  
-  app.get("/public", (req, res) => {
-    res.json({ message: "Public route" });
-  });
-
-  
-  app.get("/guest", async (req, res) => {
-    const token = await auth.guestToken({ role: "guest" });
-    res.json({ token });
-  });
-
-
-
-  app.get("/protected", async (req, res) => {
-    const token = req.headers.authorization?.split(" ")[1];
-
-    try {
-      const decoded = await auth.verifyToken(token);
-      res.json({ message: "Protected data", user: decoded });
-    } catch {
-      res.status(401).json({ error: "Unauthorized" });
-    }
-  });
-
-  
-  app.post("/refresh", async (req, res) => {
-    const tokens = await auth.refreshToken(req.body.refreshToken);
-    res.json(tokens);
-  });
-
-  // 🛡️ Admin route
-  app.get("/admin", auth.requireAdmin, (req, res) => {
-    res.json({ message: "Admin only" });
-  });
+  const app = createApp(auth);
 
   app.listen(3000, () => {
     console.log("🚀 Server running on http://localhost:3000");
   });
 }
-
+process.on("uncaughtException", (err) => {
+  console.error(" Uncaught Exception:", err);
+  process.exit(1);
+});
+
+process.on("unhandledRejection", (err) => {
+  console.error(" Unhandled Rejection:", err);
+  process.exit(1);
+});
+setInterval(() => {
+  const used = process.memoryUsage().heapUsed / 1024 / 1024;
+
+  if (used > 300) {
+    console.error(`Memory exceeded: ${used.toFixed(2)} MB`);
+    process.exit(1);
+  }
+}, 10000);
 start();