create-backlist 5.0.7 → 6.0.2

package/src/scanner/index.js

@@ -0,0 +1,99 @@
+const path = require('path');
+const fg = require('fast-glob');
+const { Project, SyntaxKind } = require('ts-morph');
+const fs = require('fs-extra');
+
+function normalizeMethod(name) {
+  const m = String(name).toUpperCase();
+  return ['GET','POST','PUT','PATCH','DELETE'].includes(m) ? m : null;
+}
+
+// Very first-pass extractor: axios.<method>('url') OR fetch('url', { method: 'POST' })
+async function scanFrontend({ frontendSrcDir }) {
+  const patterns = [
+    '**/*.ts', '**/*.tsx', '**/*.js', '**/*.jsx'
+  ];
+
+  const files = await fg(patterns, {
+    cwd: frontendSrcDir,
+    absolute: true,
+    ignore: ['**/node_modules/**', '**/dist/**', '**/.next/**', '**/build/**']
+  });
+
+  const project = new Project({
+    tsConfigFilePath: fs.existsSync(path.join(frontendSrcDir, '../tsconfig.json'))
+      ? path.join(frontendSrcDir, '../tsconfig.json')
+      : undefined,
+    skipAddingFilesFromTsConfig: true
+  });
+
+  files.forEach(f => project.addSourceFileAtPathIfExists(f));
+
+  const endpoints = [];
+
+  for (const sf of project.getSourceFiles()) {
+    // axios.get('/x') | axios.post('/x')
+    const callExprs = sf.getDescendantsOfKind(SyntaxKind.CallExpression);
+
+    for (const call of callExprs) {
+      const expr = call.getExpression();
+
+      // axios.<method>(...)
+      if (expr.getKind() === SyntaxKind.PropertyAccessExpression) {
+        const pae = expr;
+        const method = normalizeMethod(pae.getName());
+        const target = pae.getExpression().getText(); // axios / api / client etc (basic)
+        const args = call.getArguments();
+        if (method && args.length >= 1 && args[0].getKind() === SyntaxKind.StringLiteral) {
+          const url = args[0].getText().slice(1, -1);
+          endpoints.push({
+            source: sf.getFilePath(),
+            kind: 'axios',
+            client: target,
+            method,
+            url
+          });
+        }
+      }
+
+      // fetch('/x', { method: 'POST' })
+      if (expr.getText() === 'fetch') {
+        const args = call.getArguments();
+        if (args.length >= 1 && args[0].getKind() === SyntaxKind.StringLiteral) {
+          const url = args[0].getText().slice(1, -1);
+          let method = 'GET';
+          if (args[1] && args[1].getKind() === SyntaxKind.ObjectLiteralExpression) {
+            const obj = args[1];
+            const methodProp = obj.getProperty('method');
+            if (methodProp && methodProp.getKind() === SyntaxKind.PropertyAssignment) {
+              const init = methodProp.getInitializer();
+              if (init && init.getKind() === SyntaxKind.StringLiteral) {
+                method = init.getText().slice(1, -1).toUpperCase();
+              }
+            }
+          }
+          endpoints.push({
+            source: sf.getFilePath(),
+            kind: 'fetch',
+            method,
+            url
+          });
+        }
+      }
+    }
+  }
+
+  return {
+    version: 1,
+    generatedAt: new Date().toISOString(),
+    frontendSrcDir,
+    endpoints
+  };
+}
+
+async function writeContracts(outFile, contracts) {
+  await fs.ensureDir(path.dirname(outFile));
+  await fs.writeJson(outFile, contracts, { spaces: 2 });
+}
+
+module.exports = { scanFrontend, writeContracts };

package/src/templates/dotnet/partials/Controller.cs.ejs

@@ -3,22 +3,15 @@ using Microsoft.AspNetCore.Mvc;
 namespace <%= projectName %>.Controllers;
 
 [ApiController]
-[Route("api/[controller]")]
+[Route("[controller]")]
 public class <%= controllerName %>Controller : ControllerBase
 {
-    // Endpoints for <%= controllerName %> auto-generated by Backlist
-
-<% endpoints.forEach(endpoint => { %>
-    <%# Convert /api/users/{id} to just {id} for the route attribute %>
-    <% const routePath = endpoint.path.replace(`/api/${controllerName.toLowerCase()}`, '').substring(1); %>
-    /**
-     * <%= endpoint.method.toUpperCase() %> <%= endpoint.path %>
-     */
-    [Http<%= endpoint.method.charAt(0) + endpoint.method.slice(1).toLowerCase() %>("<%- routePath %>")]
-    public IActionResult AutoGenerated_<%= endpoint.method %>_<%= routePath.replace(/{|}/g, 'By_').replace(/[^a-zA-Z0-9_]/g, '') || 'Index' %>()
+<% endpoints.forEach(ep => { -%>
+    [Http<%= ep.method.charAt(0) + ep.method.slice(1).toLowerCase() %>("<%= ep.route.replace(`/${controllerName.toLowerCase()}`, "") %>")]
+    public IActionResult <%= ep.actionName || (ep.method.toLowerCase() + controllerName) %>()
     {
-        // TODO: Implement logic here. You can access route parameters like: public IActionResult Get(int id)
-        return Ok(new { message = "Auto-generated response for <%= endpoint.method.toUpperCase() %> <%= endpoint.path %>" });
+        return Ok(new { message = "TODO: Implement <%= ep.method %> <%= ep.route %>" });
     }
-<% }); %>
+
+<% }) -%>
 }

package/src/templates/dotnet/partials/Dto.cs.ejs

@@ -0,0 +1,8 @@
+namespace <%= projectName %>.Models.DTOs;
+
+public class <%= model.name %>
+{
+<% for (const [name, type] of Object.entries(model.fields || {})) { -%>
+    public <%= mapCSharpType(type) %> <%= pascal(name) %> { get; set; }
+<% } -%>
+}

package/src/templates/java-spring/partials/ApplicationSeeder.java.ejs

@@ -0,0 +1,30 @@
+// Auto-generated by create-backlist
+package <%= group %>.<%= projectName %>;
+
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import <%= group %>.<%= projectName %>.model.User;
+import <%= group %>.<%= projectName %>.repository.UserRepository;
+
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class ApplicationSeeder {
+
+  @Bean
+  CommandLineRunner seed(UserRepository userRepository, PasswordEncoder encoder) {
+    return args -> {
+      userRepository.findByEmail("admin@example.com").ifPresentOrElse(u -> {
+        // already exists
+      }, () -> {
+        User admin = new User();
+        admin.setName("Admin");
+        admin.setEmail("admin@example.com");
+        admin.setPassword(encoder.encode("admin123"));
+        userRepository.save(admin);
+      });
+    };
+  }
+}

package/src/templates/java-spring/partials/AuthController.java.ejs

@@ -0,0 +1,62 @@
+// Auto-generated by create-backlist
+package <%= group %>.<%= projectName %>.controller;
+
+import <%= group %>.<%= projectName %>.model.User;
+import <%= group %>.<%= projectName %>.repository.UserRepository;
+import <%= group %>.<%= projectName %>.security.JwtService;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.Optional;
+
+@RestController
+@RequestMapping("/api/auth")
+@CrossOrigin(origins = "*")
+public class AuthController {
+
+  private final UserRepository repo;
+  private final PasswordEncoder encoder;
+  private final JwtService jwt;
+
+  public AuthController(UserRepository repo, PasswordEncoder encoder, JwtService jwt) {
+    this.repo = repo;
+    this.encoder = encoder;
+    this.jwt = jwt;
+  }
+
+  @PostMapping("/register")
+  public ResponseEntity<?> register(@RequestBody AuthRequest req) {
+    if (repo.findByEmail(req.email()).isPresent()) {
+      return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("User already exists");
+    }
+
+    User user = new User();
+    user.setName(req.name());
+    user.setEmail(req.email());
+    user.setPassword(encoder.encode(req.password()));
+    repo.save(user);
+
+    String token = jwt.generateToken(user.getEmail());
+    return ResponseEntity.status(HttpStatus.CREATED).body(new TokenResponse(token));
+  }
+
+  @PostMapping("/login")
+  public ResponseEntity<?> login(@RequestBody LoginRequest req) {
+    Optional<User> current = repo.findByEmail(req.email());
+    if (current.isEmpty()) return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid credentials");
+
+    if (!encoder.matches(req.password(), current.get().getPassword())) {
+      return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid credentials");
+    }
+
+    String token = jwt.generateToken(current.get().getEmail());
+    return ResponseEntity.ok(new TokenResponse(token));
+  }
+
+  public record AuthRequest(String name, String email, String password) {}
+  public record LoginRequest(String email, String password) {}
+  public record TokenResponse(String token) {}
+}

package/src/templates/java-spring/partials/Controller.java.ejs

@@ -1,61 +1,51 @@
 // Auto-generated by create-backlist
 package <%= group %>.<%= projectName %>.controller;
 
-import <%= group %>.<%= projectName %>.model.<%= controllerName %>;
-import <%= group %>.<%= projectName %>.repository.<%= controllerName %>Repository;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
-import java.util.Optional;
+
+import <%= group %>.<%= projectName %>.service.<%= controllerName %>Service;
+import <%= group %>.<%= projectName %>.model.<%= controllerName %>;
 
 @RestController
-@CrossOrigin(origins = "*") // Allow all origins for development
-@RequestMapping("/api/<%= controllerName.toLowerCase() %>s")
+@RequestMapping("<%= basePath %>")
+@CrossOrigin(origins = "*")
 public class <%= controllerName %>Controller {
-
-    @Autowired
-    private <%= controllerName %>Repository repository;
-
-    @GetMapping
-    public List<<%= controllerName %>> getAll<%= controllerName %>s() {
-        return repository.findAll();
-    }
-
-    @GetMapping("/{id}")
-    public ResponseEntity<<%= controllerName %>> get<%= controllerName %>ById(@PathVariable Long id) {
-        Optional<<%= controllerName %>> item = repository.findById(id);
-        return item.map(ResponseEntity::ok).orElseGet(() -> ResponseEntity.notFound().build());
-    }
-
-    @PostMapping
-    public ResponseEntity<<%= controllerName %>> create<%= controllerName %>(@RequestBody <%= controllerName %> newItem) {
-        <%= controllerName %> savedItem = repository.save(newItem);
-        return new ResponseEntity<>(savedItem, HttpStatus.CREATED);
-    }
-
-    @PutMapping("/{id}")
-    public ResponseEntity<<%= controllerName %>> update<%= controllerName %>(@PathVariable Long id, @RequestBody <%= controllerName %> updatedItem) {
-        return repository.findById(id)
-                .map(item -> {
-                    // Manually map fields to update. For simplicity, we assume all fields are updatable.
-                    <% model.fields.forEach(field => { %>
-                    item.set<%= field.name.charAt(0).toUpperCase() + field.name.slice(1) %>(updatedItem.get<%= field.name.charAt(0).toUpperCase() + field.name.slice(1) %>());
-                    <% }); %>
-                    <%= controllerName %> savedItem = repository.save(item);
-                    return ResponseEntity.ok(savedItem);
-                })
-                .orElseGet(() -> ResponseEntity.notFound().build());
-    }
-
-    @DeleteMapping("/{id}")
-    public ResponseEntity<Void> delete<%= controllerName %>(@PathVariable Long id) {
-        if (!repository.existsById(id)) {
-            return ResponseEntity.notFound().build();
-        }
-        repository.deleteById(id);
-        return ResponseEntity.noContent().build();
-    }
+  private final <%= controllerName %>Service service;
+
+  public <%= controllerName %>Controller(<%= controllerName %>Service service) {
+    this.service = service;
+  }
+
+  @GetMapping
+  public List<<%= controllerName %>> all() {
+    return service.findAll();
+  }
+
+  @GetMapping("/{id}")
+  public ResponseEntity<<%= controllerName %>> one(@PathVariable Long id) {
+    return service.findById(id)
+      .map(ResponseEntity::ok)
+      .orElse(ResponseEntity.notFound().build());
+  }
+
+  @PostMapping
+  public ResponseEntity<<%= controllerName %>> create(@RequestBody <%= controllerName %> m) {
+    return new ResponseEntity<>(service.create(m), HttpStatus.CREATED);
+  }
+
+  @PutMapping("/{id}")
+  public ResponseEntity<<%= controllerName %>> update(@PathVariable Long id, @RequestBody <%= controllerName %> m) {
+    return service.update(id, m)
+      .map(ResponseEntity::ok)
+      .orElse(ResponseEntity.notFound().build());
+  }
+
+  @DeleteMapping("/{id}")
+  public ResponseEntity<Void> delete(@PathVariable Long id) {
+    return service.delete(id) ? ResponseEntity.noContent().build() : ResponseEntity.notFound().build();
+  }
 }

package/src/templates/java-spring/partials/Dockerfile.ejs

@@ -0,0 +1,16 @@
+# Auto-generated by create-backlist
+FROM eclipse-temurin:21-jdk AS build
+WORKDIR /app
+
+COPY .mvn/ .mvn/
+COPY mvnw pom.xml ./
+RUN chmod +x mvnw && ./mvnw -q -DskipTests dependency:go-offline
+
+COPY src ./src
+RUN ./mvnw -q -DskipTests package
+
+FROM eclipse-temurin:21-jre
+WORKDIR /app
+COPY --from=build /app/target/*.jar app.jar
+EXPOSE 8080
+ENTRYPOINT ["java", "-jar", "app.jar"]

package/src/templates/java-spring/partials/Entity.java.ejs

@@ -1,24 +1,25 @@
-// Auto-generated by create-backlist v6.0
+// Auto-generated by create-backlist
 package <%= group %>.<%= projectName %>.model;
 
-import jakarta.persistence.Entity;
-import jakarta.persistence.Id;
-import jakarta.persistence.GeneratedValue;
-import jakarta.persistence.GenerationType;
-import lombok.Data;
+import jakarta.persistence.*;
+import lombok.*;
 
 @Data
+@NoArgsConstructor
+@AllArgsConstructor
 @Entity
+@Table(name = "<%= modelName.toLowerCase() %>")
 public class <%= modelName %> {
 
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private Long id;
+  @Id
+  @GeneratedValue(strategy = GenerationType.IDENTITY)
+  private Long id;
 
-    <% model.fields.forEach(field => { %>
-    <% let javaType = 'String'; %>
-    <% if (field.type === 'Number') javaType = 'Integer'; %>
-    <% if (field.type === 'Boolean') javaType = 'boolean'; %>
-    private <%= javaType %> <%= field.name %>;
-    <% }); %>
+<% model.fields.forEach(f => { -%>
+  private <%- (f.type === 'number' || f.type === 'Number') ? 'Double'
+        : (f.type === 'int' || f.type === 'Integer') ? 'Integer'
+        : (f.type === 'boolean' || f.type === 'Boolean') ? 'Boolean'
+        : (f.type === 'date' || f.type === 'Date') ? 'java.time.Instant'
+        : 'String' %> <%= f.name %>;
+<% }) -%>
 }

package/src/templates/java-spring/partials/JwtAuthFilter.java.ejs

@@ -0,0 +1,66 @@
+// Auto-generated by create-backlist
+package <%= group %>.<%= projectName %>.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import io.jsonwebtoken.JwtException;
+
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+public class JwtAuthFilter extends OncePerRequestFilter {
+
+  private final JwtService jwtService;
+  private final UserDetailsService uds;
+
+  public JwtAuthFilter(JwtService jwtService, UserDetailsService uds) {
+    this.jwtService = jwtService;
+    this.uds = uds;
+  }
+
+  @Override
+  protected boolean shouldNotFilter(HttpServletRequest request) {
+    String path = request.getRequestURI();
+    return path != null && path.startsWith("/api/auth");
+  }
+
+  @Override
+  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+      throws ServletException, IOException {
+
+    // If already authenticated, skip
+    if (SecurityContextHolder.getContext().getAuthentication() != null) {
+      chain.doFilter(request, response);
+      return;
+    }
+
+    String header = request.getHeader("Authorization");
+
+    if (header != null && header.startsWith("Bearer ")) {
+      String token = header.substring(7).trim();
+      if (!token.isEmpty()) {
+        try {
+          String subject = jwtService.validateAndGetSubject(token);
+          UserDetails ud = uds.loadUserByUsername(subject);
+
+          var auth = new UsernamePasswordAuthenticationToken(ud, null, ud.getAuthorities());
+          SecurityContextHolder.getContext().setAuthentication(auth);
+        } catch (JwtException ex) {
+          // Invalid/expired token: continue without authentication
+        }
+      }
+    }
+
+    chain.doFilter(request, response);
+  }
+}

package/src/templates/java-spring/partials/JwtService.java.ejs

@@ -0,0 +1,58 @@
+// Auto-generated by create-backlist
+package <%= group %>.<%= projectName %>.security;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.stereotype.Service;
+
+import java.nio.charset.StandardCharsets;
+import java.security.Key;
+import java.util.Date;
+
+@Service
+public class JwtService {
+
+  private final Key key;
+  private final long expirationMs;
+
+  public JwtService() {
+    String secret = System.getenv("JWT_SECRET");
+    if (secret == null || secret.trim().length() < 32) {
+      // Must be >= 32 chars for HS256 keys (jjwt enforces minimum)
+      secret = "change_this_dev_secret_change_this_dev_secret";
+    }
+    this.key = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
+
+    String exp = System.getenv("JWT_EXPIRES_MS");
+    long fallback = 1000L * 60 * 60 * 5; // 5 hours
+    this.expirationMs = (exp != null) ? parseLongSafe(exp, fallback) : fallback;
+  }
+
+  public String generateToken(String subject) {
+    Date now = new Date();
+    Date exp = new Date(now.getTime() + expirationMs);
+
+    return Jwts.builder()
+      .setSubject(subject)
+      .setIssuedAt(now)
+      .setExpiration(exp)
+      .signWith(key, SignatureAlgorithm.HS256)
+      .compact();
+  }
+
+  /**
+   * @throws JwtException if token invalid/expired
+   */
+  public String validateAndGetSubject(String token) throws JwtException {
+    return Jwts.parserBuilder()
+      .setSigningKey(key)
+      .build()
+      .parseClaimsJws(token)
+      .getBody()
+      .getSubject();
+  }
+
+  private long parseLongSafe(String v, long fallback) {
+    try { return Long.parseLong(v); } catch (Exception e) { return fallback; }
+  }
+}

package/src/templates/java-spring/partials/Repository.java.ejs

@@ -1,12 +1,18 @@
 // Auto-generated by create-backlist
 package <%= group %>.<%= projectName %>.repository;
 
-import <%= group %>.<%= projectName %>.model.<%= modelName %>;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
+import <%= group %>.<%= projectName %>.model.<%= modelName %>;
+
 @Repository
 public interface <%= modelName %>Repository extends JpaRepository<<%= modelName %>, Long> {
-    // Spring Data JPA automatically provides CRUD methods like findAll(), findById(), save(), deleteById()
-    // You can add custom query methods here if needed.
+
+<%
+// If generator passes `extraFinders: [{name:'Email', type:'String'}]`
+(extraFinders || []).forEach(f => {
+-%>
+  java.util.Optional<<%= modelName %>> findBy<%= f.name %>(<%= f.type %> <%= f.name.charAt(0).toLowerCase() + f.name.slice(1) %>);
+<% }) -%>
 }

package/src/templates/java-spring/partials/SecurityConfig.java.ejs

@@ -0,0 +1,44 @@
+// Auto-generated by create-backlist
+package <%= group %>.<%= projectName %>.config;
+
+import <%= group %>.<%= projectName %>.security.JwtAuthFilter;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationManagerResolver;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+  private final JwtAuthFilter jwtAuthFilter;
+  private final UserDetailsService userDetailsService;
+
+  public SecurityConfig(JwtAuthFilter jwtAuthFilter, UserDetailsService uds) {
+    this.jwtAuthFilter = jwtAuthFilter;
+    this.userDetailsService = uds;
+  }
+
+  @Bean
+  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+    http.csrf(csrf -> csrf.disable())
+        .authorizeHttpRequests(auth -> auth
+          .requestMatchers("/api/auth/**", "/actuator/**").permitAll()
+          .anyRequest().authenticated()
+        )
+        .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
+        .httpBasic(Customizer.withDefaults());
+    return http.build();
+  }
+
+  @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); }
+}

package/src/templates/java-spring/partials/Service.java.ejs

@@ -0,0 +1,69 @@
+// Auto-generated by create-backlist
+package <%= group %>.<%= projectName %>.service;
+
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.Optional;
+
+import <%= group %>.<%= projectName %>.repository.<%= modelName %>Repository;
+import <%= group %>.<%= projectName %>.model.<%= modelName %>;
+
+@Service
+public class <%= modelName %>Service {
+
+  private final <%= modelName %>Repository repo;
+
+  public <%= modelName %>Service(<%= modelName %>Repository repo) {
+    this.repo = repo;
+  }
+
+  public List<<%= modelName %>> findAll() {
+    return repo.findAll();
+  }
+
+  public Optional<<%= modelName %>> findById(Long id) {
+    return repo.findById(id);
+  }
+
+  public <%= modelName %> create(<%= modelName %> m) {
+    // Ensure id is not forced by client
+    m.setId(null);
+    return repo.save(m);
+  }
+
+  public Optional<<%= modelName %>> update(Long id, <%= modelName %> m) {
+    return repo.findById(id).map(existing -> {
+<% model.fields.forEach(f => { 
+  const cap = f.name.charAt(0).toUpperCase() + f.name.slice(1);
+-%>
+      // Update <%= f.name %>
+      existing.set<%= cap %>(m.get<%= cap %>());
+<% }) -%>
+      return repo.save(existing);
+    });
+  }
+
+  /**
+   * Partial update: only set non-null values.
+   * Useful if your frontend sends partial payloads.
+   */
+  public Optional<<%= modelName %>> patch(Long id, <%= modelName %> m) {
+    return repo.findById(id).map(existing -> {
+<% model.fields.forEach(f => { 
+  const cap = f.name.charAt(0).toUpperCase() + f.name.slice(1);
+-%>
+      if (m.get<%= cap %>() != null) {
+        existing.set<%= cap %>(m.get<%= cap %>());
+      }
+<% }) -%>
+      return repo.save(existing);
+    });
+  }
+
+  public boolean delete(Long id) {
+    if (!repo.existsById(id)) return false;
+    repo.deleteById(id);
+    return true;
+  }
+}