create-backlist 6.0.0 → 6.0.2

package/src/templates/java-spring/partials/ApplicationSeeder.java.ejs

@@ -4,22 +4,27 @@ package <%= group %>.<%= projectName %>;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+
 import <%= group %>.<%= projectName %>.model.User;
 import <%= group %>.<%= projectName %>.repository.UserRepository;
+
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 @Configuration
 public class ApplicationSeeder {
+
   @Bean
   CommandLineRunner seed(UserRepository userRepository, PasswordEncoder encoder) {
     return args -> {
-      if (userRepository.findByEmail("admin@example.com").isEmpty()) {
+      userRepository.findByEmail("admin@example.com").ifPresentOrElse(u -> {
+        // already exists
+      }, () -> {
         User admin = new User();
         admin.setName("Admin");
         admin.setEmail("admin@example.com");
         admin.setPassword(encoder.encode("admin123"));
         userRepository.save(admin);
-      }
+      });
     };
   }
 }

package/src/templates/java-spring/partials/AuthController.java.ejs

@@ -4,6 +4,7 @@ package <%= group %>.<%= projectName %>.controller;
 import <%= group %>.<%= projectName %>.model.User;
 import <%= group %>.<%= projectName %>.repository.UserRepository;
 import <%= group %>.<%= projectName %>.security.JwtService;
+
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -21,29 +22,41 @@ public class AuthController {
   private final JwtService jwt;
 
   public AuthController(UserRepository repo, PasswordEncoder encoder, JwtService jwt) {
-    this.repo = repo; this.encoder = encoder; this.jwt = jwt;
+    this.repo = repo;
+    this.encoder = encoder;
+    this.jwt = jwt;
   }
 
   @PostMapping("/register")
-  public ResponseEntity<?> register(@RequestBody User req) {
-    if (repo.findByEmail(req.getEmail()).isPresent()) {
+  public ResponseEntity<?> register(@RequestBody AuthRequest req) {
+    if (repo.findByEmail(req.email()).isPresent()) {
       return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("User already exists");
     }
-    req.setPassword(encoder.encode(req.getPassword()));
-    repo.save(req);
-    String token = jwt.generateToken(req.getEmail());
+
+    User user = new User();
+    user.setName(req.name());
+    user.setEmail(req.email());
+    user.setPassword(encoder.encode(req.password()));
+    repo.save(user);
+
+    String token = jwt.generateToken(user.getEmail());
     return ResponseEntity.status(HttpStatus.CREATED).body(new TokenResponse(token));
   }
 
   @PostMapping("/login")
-  public ResponseEntity<?> login(@RequestBody User req) {
-    Optional<User> current = repo.findByEmail(req.getEmail());
+  public ResponseEntity<?> login(@RequestBody LoginRequest req) {
+    Optional<User> current = repo.findByEmail(req.email());
     if (current.isEmpty()) return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid credentials");
-    if (!encoder.matches(req.getPassword(), current.get().getPassword()))
+
+    if (!encoder.matches(req.password(), current.get().getPassword())) {
       return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid credentials");
-    String token = jwt.generateToken(req.getEmail());
+    }
+
+    String token = jwt.generateToken(current.get().getEmail());
     return ResponseEntity.ok(new TokenResponse(token));
   }
 
+  public record AuthRequest(String name, String email, String password) {}
+  public record LoginRequest(String email, String password) {}
   public record TokenResponse(String token) {}
 }

package/src/templates/java-spring/partials/Controller.java.ejs

@@ -4,23 +4,32 @@ package <%= group %>.<%= projectName %>.controller;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
+
 import java.util.List;
-import java.util.Optional;
+
 import <%= group %>.<%= projectName %>.service.<%= controllerName %>Service;
 import <%= group %>.<%= projectName %>.model.<%= controllerName %>;
 
 @RestController
-@RequestMapping("/api/<%= controllerName.toLowerCase() %>s")
+@RequestMapping("<%= basePath %>")
 @CrossOrigin(origins = "*")
 public class <%= controllerName %>Controller {
   private final <%= controllerName %>Service service;
-  public <%= controllerName %>Controller(<%= controllerName %>Service service) { this.service = service; }
 
-  @GetMapping public List<<%= controllerName %>> all() { return service.findAll(); }
+  public <%= controllerName %>Controller(<%= controllerName %>Service service) {
+    this.service = service;
+  }
+
+  @GetMapping
+  public List<<%= controllerName %>> all() {
+    return service.findAll();
+  }
 
   @GetMapping("/{id}")
   public ResponseEntity<<%= controllerName %>> one(@PathVariable Long id) {
-    return service.findById(id).map(ResponseEntity::ok).orElse(ResponseEntity.notFound().build());
+    return service.findById(id)
+      .map(ResponseEntity::ok)
+      .orElse(ResponseEntity.notFound().build());
   }
 
   @PostMapping
@@ -30,7 +39,9 @@ public class <%= controllerName %>Controller {
 
   @PutMapping("/{id}")
   public ResponseEntity<<%= controllerName %>> update(@PathVariable Long id, @RequestBody <%= controllerName %> m) {
-    return service.update(id, m).map(ResponseEntity::ok).orElse(ResponseEntity.notFound().build());
+    return service.update(id, m)
+      .map(ResponseEntity::ok)
+      .orElse(ResponseEntity.notFound().build());
   }
 
   @DeleteMapping("/{id}")

package/src/templates/java-spring/partials/Dockerfile.ejs

@@ -1,7 +1,12 @@
 # Auto-generated by create-backlist
 FROM eclipse-temurin:21-jdk AS build
 WORKDIR /app
-COPY . .
+
+COPY .mvn/ .mvn/
+COPY mvnw pom.xml ./
+RUN chmod +x mvnw && ./mvnw -q -DskipTests dependency:go-offline
+
+COPY src ./src
 RUN ./mvnw -q -DskipTests package
 
 FROM eclipse-temurin:21-jre

package/src/templates/java-spring/partials/Entity.java.ejs

@@ -2,14 +2,24 @@
 package <%= group %>.<%= projectName %>.model;
 
 import jakarta.persistence.*;
-import lombok.Data;
+import lombok.*;
 
 @Data
+@NoArgsConstructor
+@AllArgsConstructor
 @Entity
+@Table(name = "<%= modelName.toLowerCase() %>")
 public class <%= modelName %> {
-  @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
+
+  @Id
+  @GeneratedValue(strategy = GenerationType.IDENTITY)
   private Long id;
-  <% model.fields.forEach(f => { %>
-  private <%= f.type === 'Number' ? 'Integer' : (f.type === 'Boolean' ? 'Boolean' : 'String') %> <%= f.name %>;
-  <% }) %>
+
+<% model.fields.forEach(f => { -%>
+  private <%- (f.type === 'number' || f.type === 'Number') ? 'Double'
+        : (f.type === 'int' || f.type === 'Integer') ? 'Integer'
+        : (f.type === 'boolean' || f.type === 'Boolean') ? 'Boolean'
+        : (f.type === 'date' || f.type === 'Date') ? 'java.time.Instant'
+        : 'String' %> <%= f.name %>;
+<% }) -%>
 }

package/src/templates/java-spring/partials/JwtAuthFilter.java.ejs

@@ -5,6 +5,9 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+
+import io.jsonwebtoken.JwtException;
+
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -25,19 +28,39 @@ public class JwtAuthFilter extends OncePerRequestFilter {
     this.uds = uds;
   }
 
+  @Override
+  protected boolean shouldNotFilter(HttpServletRequest request) {
+    String path = request.getRequestURI();
+    return path != null && path.startsWith("/api/auth");
+  }
+
   @Override
   protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
       throws ServletException, IOException {
+
+    // If already authenticated, skip
+    if (SecurityContextHolder.getContext().getAuthentication() != null) {
+      chain.doFilter(request, response);
+      return;
+    }
+
     String header = request.getHeader("Authorization");
+
     if (header != null && header.startsWith("Bearer ")) {
-      String token = header.substring(7);
-      try {
-        String subject = jwtService.validateAndGetSubject(token);
-        UserDetails ud = uds.loadUserByUsername(subject);
-        var auth = new UsernamePasswordAuthenticationToken(ud, null, ud.getAuthorities());
-        SecurityContextHolder.getContext().setAuthentication(auth);
-      } catch (Exception ignored) {}
+      String token = header.substring(7).trim();
+      if (!token.isEmpty()) {
+        try {
+          String subject = jwtService.validateAndGetSubject(token);
+          UserDetails ud = uds.loadUserByUsername(subject);
+
+          var auth = new UsernamePasswordAuthenticationToken(ud, null, ud.getAuthorities());
+          SecurityContextHolder.getContext().setAuthentication(auth);
+        } catch (JwtException ex) {
+          // Invalid/expired token: continue without authentication
+        }
+      }
     }
+
     chain.doFilter(request, response);
   }
 }

package/src/templates/java-spring/partials/JwtService.java.ejs

@@ -5,26 +5,54 @@ import io.jsonwebtoken.*;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.stereotype.Service;
 
+import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.util.Date;
 
 @Service
 public class JwtService {
-  private final Key key = Keys.hmacShaKeyFor(System.getenv("JWT_SECRET") != null
-          ? System.getenv("JWT_SECRET").getBytes()
-          : "change_this_dev_secret_change_this_dev_secret".getBytes());
 
-  public String generateToken(String userId) {
+  private final Key key;
+  private final long expirationMs;
+
+  public JwtService() {
+    String secret = System.getenv("JWT_SECRET");
+    if (secret == null || secret.trim().length() < 32) {
+      // Must be >= 32 chars for HS256 keys (jjwt enforces minimum)
+      secret = "change_this_dev_secret_change_this_dev_secret";
+    }
+    this.key = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
+
+    String exp = System.getenv("JWT_EXPIRES_MS");
+    long fallback = 1000L * 60 * 60 * 5; // 5 hours
+    this.expirationMs = (exp != null) ? parseLongSafe(exp, fallback) : fallback;
+  }
+
+  public String generateToken(String subject) {
+    Date now = new Date();
+    Date exp = new Date(now.getTime() + expirationMs);
+
     return Jwts.builder()
-      .setSubject(userId)
-      .setIssuedAt(new Date())
-      .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 5))
+      .setSubject(subject)
+      .setIssuedAt(now)
+      .setExpiration(exp)
       .signWith(key, SignatureAlgorithm.HS256)
       .compact();
   }
 
-  public String validateAndGetSubject(String token) {
-    return Jwts.parserBuilder().setSigningKey(key).build()
-      .parseClaimsJws(token).getBody().getSubject();
+  /**
+   * @throws JwtException if token invalid/expired
+   */
+  public String validateAndGetSubject(String token) throws JwtException {
+    return Jwts.parserBuilder()
+      .setSigningKey(key)
+      .build()
+      .parseClaimsJws(token)
+      .getBody()
+      .getSubject();
+  }
+
+  private long parseLongSafe(String v, long fallback) {
+    try { return Long.parseLong(v); } catch (Exception e) { return fallback; }
   }
 }

package/src/templates/java-spring/partials/Repository.java.ejs

@@ -3,7 +3,16 @@ package <%= group %>.<%= projectName %>.repository;
 
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
+
 import <%= group %>.<%= projectName %>.model.<%= modelName %>;
 
 @Repository
-public interface <%= modelName %>Repository extends JpaRepository<<%= modelName %>, Long> {}
+public interface <%= modelName %>Repository extends JpaRepository<<%= modelName %>, Long> {
+
+<%
+// If generator passes `extraFinders: [{name:'Email', type:'String'}]`
+(extraFinders || []).forEach(f => {
+-%>
+  java.util.Optional<<%= modelName %>> findBy<%= f.name %>(<%= f.type %> <%= f.name.charAt(0).toLowerCase() + f.name.slice(1) %>);
+<% }) -%>
+}

package/src/templates/java-spring/partials/Service.java.ejs

@@ -2,27 +2,65 @@
 package <%= group %>.<%= projectName %>.service;
 
 import org.springframework.stereotype.Service;
+
 import java.util.List;
 import java.util.Optional;
+
 import <%= group %>.<%= projectName %>.repository.<%= modelName %>Repository;
 import <%= group %>.<%= projectName %>.model.<%= modelName %>;
 
 @Service
 public class <%= modelName %>Service {
+
   private final <%= modelName %>Repository repo;
-  public <%= modelName %>Service(<%= modelName %>Repository repo) { this.repo = repo; }
 
-  public List<<%= modelName %>> findAll() { return repo.findAll(); }
-  public Optional<<%= modelName %>> findById(Long id) { return repo.findById(id); }
-  public <%= modelName %> create(<%= modelName %> m) { return repo.save(m); }
+  public <%= modelName %>Service(<%= modelName %>Repository repo) {
+    this.repo = repo;
+  }
+
+  public List<<%= modelName %>> findAll() {
+    return repo.findAll();
+  }
+
+  public Optional<<%= modelName %>> findById(Long id) {
+    return repo.findById(id);
+  }
+
+  public <%= modelName %> create(<%= modelName %> m) {
+    // Ensure id is not forced by client
+    m.setId(null);
+    return repo.save(m);
+  }
+
   public Optional<<%= modelName %>> update(Long id, <%= modelName %> m) {
     return repo.findById(id).map(existing -> {
-      <% model.fields.forEach(f => { %>
-      existing.set<%= f.name.charAt(0).toUpperCase() + f.name.slice(1) %>(m.get<%= f.name.charAt(0).toUpperCase() + f.name.slice(1) %>());
-      <% }) %>
+<% model.fields.forEach(f => { 
+  const cap = f.name.charAt(0).toUpperCase() + f.name.slice(1);
+-%>
+      // Update <%= f.name %>
+      existing.set<%= cap %>(m.get<%= cap %>());
+<% }) -%>
+      return repo.save(existing);
+    });
+  }
+
+  /**
+   * Partial update: only set non-null values.
+   * Useful if your frontend sends partial payloads.
+   */
+  public Optional<<%= modelName %>> patch(Long id, <%= modelName %> m) {
+    return repo.findById(id).map(existing -> {
+<% model.fields.forEach(f => { 
+  const cap = f.name.charAt(0).toUpperCase() + f.name.slice(1);
+-%>
+      if (m.get<%= cap %>() != null) {
+        existing.set<%= cap %>(m.get<%= cap %>());
+      }
+<% }) -%>
       return repo.save(existing);
     });
   }
+
   public boolean delete(Long id) {
     if (!repo.existsById(id)) return false;
     repo.deleteById(id);

package/src/templates/java-spring/partials/User.java.ejs

@@ -1,20 +1,33 @@
 // Auto-generated by create-backlist
 package <%= group %>.<%= projectName %>.model;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import jakarta.persistence.*;
-import lombok.Data;
+import lombok.*;
 
 @Data
+@NoArgsConstructor
+@AllArgsConstructor
 @Entity
-@Table(name="users")
+@Table(
+  name = "users",
+  indexes = {
+    @Index(name = "idx_users_email", columnList = "email", unique = true)
+  }
+)
 public class User {
-  @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
+
+  @Id
+  @GeneratedValue(strategy = GenerationType.IDENTITY)
   private Long id;
 
+  @Column(nullable = false)
   private String name;
 
-  @Column(unique = true)
+  @Column(nullable = false, unique = true)
   private String email;
 
+  @JsonIgnore
+  @Column(nullable = false)
   private String password;
 }

package/src/templates/java-spring/partials/UserDetailsServiceImpl.java.ejs

@@ -3,12 +3,12 @@ package <%= group %>.<%= projectName %>.security;
 
 import <%= group %>.<%= projectName %>.model.User;
 import <%= group %>.<%= projectName %>.repository.UserRepository;
+
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
 import org.springframework.stereotype.Service;
-import org.springframework.security.core.userdetails.User.UserBuilder;
-import org.springframework.security.core.userdetails.User.*;
 
 @Service
 public class UserDetailsServiceImpl implements UserDetailsService {
@@ -21,7 +21,13 @@ public class UserDetailsServiceImpl implements UserDetailsService {
 
   @Override
   public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
-    User u = repo.findByEmail(email).orElseThrow(() -> new UsernameNotFoundException("Not found"));
-    return withUsername(u.getEmail()).password(u.getPassword()).authorities("USER").build();
+    User u = repo.findByEmail(email)
+      .orElseThrow(() -> new UsernameNotFoundException("User not found: " + email));
+
+    return org.springframework.security.core.userdetails.User
+      .withUsername(u.getEmail())
+      .password(u.getPassword())
+      .authorities("ROLE_USER")
+      .build();
   }
 }

package/src/templates/java-spring/partials/UserRepository.java.ejs

@@ -2,11 +2,19 @@
 package <%= group %>.<%= projectName %>.repository;
 
 import java.util.Optional;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
+
 import <%= group %>.<%= projectName %>.model.User;
 
 @Repository
 public interface UserRepository extends JpaRepository<User, Long> {
+
   Optional<User> findByEmail(String email);
+
+  boolean existsByEmail(String email);
+
+  // Optional: helpful if emails are stored normalized but requests vary
+  Optional<User> findByEmailIgnoreCase(String email);
 }

package/src/templates/java-spring/partials/docker-compose.yml.ejs

@@ -1,4 +1,5 @@
-version: '3.8'
+version: "3.8"
+
 services:
   db:
     image: postgres:16-alpine
@@ -7,21 +8,28 @@ services:
       POSTGRES_PASSWORD: ${DB_PASSWORD:-password}
       POSTGRES_DB: ${DB_NAME:-<%= projectName %>}
     ports:
-      - "5432:5432"
+      - "${DB_PORT:-5432}:5432"
     volumes:
       - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-postgres} -d ${DB_NAME:-<%= projectName %>}"]
+      interval: 5s
+      timeout: 5s
+      retries: 20
 
   app:
     build: .
     depends_on:
-      - db
+      db:
+        condition: service_healthy
     environment:
-      - JWT_SECRET=${JWT_SECRET:-change_me_long_secret}
-      - SPRING_DATASOURCE_URL=jdbc:postgresql://db:5432/${DB_NAME:-<%= projectName %>}
-      - SPRING_DATASOURCE_USERNAME=${DB_USER:-postgres}
-      - SPRING_DATASOURCE_PASSWORD=${DB_PASSWORD:-password}
+      JWT_SECRET: ${JWT_SECRET:-change_me_long_secret_change_me_long_secret}
+      SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/${DB_NAME:-<%= projectName %>}
+      SPRING_DATASOURCE_USERNAME: ${DB_USER:-postgres}
+      SPRING_DATASOURCE_PASSWORD: ${DB_PASSWORD:-password}
+      SPRING_JPA_HIBERNATE_DDL_AUTO: ${JPA_DDL_AUTO:-update}
     ports:
-      - "8080:8080"
+      - "${APP_PORT:-8080}:8080"
 
 volumes:
   pgdata:

package/src/templates/node-ts-express/base/server.ts

@@ -4,19 +4,26 @@ import dotenv from 'dotenv';
 
 dotenv.config();
 
-const app: Express = express(); // Added :Express type
+const app: Express = express();
 
 app.use(cors());
 app.use(express.json());
 
-app.get('/', (req: Request, res: Response) => { // Added :Request and :Response types
+app.get('/', (req: Request, res: Response) => {
   res.send('Node.js Backend says Hello! Generated by Backlist.');
 });
 
-// INJECT:ROUTES
+// <backlist:imports>
+// </backlist:imports>
 
-const PORT: number | string = process.env.PORT || 8000; // Added type for PORT
+// <backlist:setup>
+// </backlist:setup>
+
+// <backlist:routes>
+// </backlist:routes>
+
+const PORT: number | string = process.env.PORT || 8000;
 
 app.listen(PORT, () => {
-  console.log(`⚡️ Server running on http://localhost:${PORT}`);
+  console.log(`Server running on http://localhost:${PORT}`);
 });

package/src/templates/node-ts-express/base/tsconfig.json

@@ -1,10 +1,20 @@
 {
   "compilerOptions": {
-    "target": "es6",
+    "target": "ES2021",
     "module": "commonjs",
+    "moduleResolution": "node",
     "rootDir": "./src",
     "outDir": "./dist",
+
     "esModuleInterop": true,
-    "strict": true
-  }
+    "strict": true,
+
+    "types": ["node"],
+    "resolveJsonModule": true,
+    "forceConsistentCasingInFileNames": true,
+    "skipLibCheck": true,
+
+    "sourceMap": true
+  },
+  "include": ["src/**/*"]
 }

package/src/templates/node-ts-express/partials/ApiDocs.ts.ejs

@@ -1,4 +1,4 @@
-// Auto-generated by create-backlist v5.0
+// Auto-generated by create-backlist v5.1
 import swaggerUi from 'swagger-ui-express';
 import swaggerJsdoc from 'swagger-jsdoc';
 import { Express } from 'express';
@@ -17,17 +17,27 @@ const options: swaggerJsdoc.Options = {
         description: 'Development server',
       },
     ],
-    // TODO: Add components (e.g., securitySchemes for JWT)
+<% if (addAuth) { -%>
+    components: {
+      securitySchemes: {
+        bearerAuth: {
+          type: 'http',
+          scheme: 'bearer',
+          bearerFormat: 'JWT',
+        },
+      },
+    },
+    security: [{ bearerAuth: [] }],
+<% } -%>
   },
-  // Path to the API docs
-  apis: ['./src/routes/*.ts', './src/routes.ts'], // Looks for JSDoc comments in routes
+
+  // Scan all TS files (routes/controllers) for JSDoc @swagger comments
+  apis: ['./src/**/*.ts'],
 };
 
 const swaggerSpec = swaggerJsdoc(options);
 
 export function setupSwagger(app: Express) {
   app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec));
-  console.log(
-    `📄 API documentation is available at http://localhost:<%= port %>/api-docs`
-  );
+  console.log(`API documentation: http://localhost:<%= port %>/api-docs`);
 }