create-backlist 6.1.6 → 6.1.7

package/src/templates/node-ts-express/base/server.ts

@@ -1,22 +1,76 @@
-import express, { Express, Request, Response } from 'express';
+import express, { Express, Request, Response, NextFunction } from 'express';
 import cors from 'cors';
 import dotenv from 'dotenv';
+import helmet from 'helmet';
+import morgan from 'morgan';
 
 dotenv.config();
 
-const app: Express = express(); // Added :Express type
+const app: Express = express();
 
-app.use(cors());
-app.use(express.json());
+/**
+ * Core middleware
+ */
+app.use(helmet());
+app.use(morgan(process.env.NODE_ENV === 'production' ? 'combined' : 'dev'));
 
-app.get('/', (req: Request, res: Response) => { // Added :Request and :Response types
+app.use(cors({
+  origin: process.env.CORS_ORIGIN
+    ? process.env.CORS_ORIGIN.split(',').map(s => s.trim())
+    : true,
+  credentials: true,
+}));
+
+app.use(express.json({ limit: '1mb' }));
+
+/**
+ * Health + root
+ */
+app.get('/api/health', (req: Request, res: Response) => {
+  res.status(200).json({ status: 'ok' });
+});
+
+app.get('/', (req: Request, res: Response) => {
   res.send('Node.js Backend says Hello! Generated by Backlist.');
 });
 
 // INJECT:ROUTES
 
-const PORT: number | string = process.env.PORT || 8000; // Added type for PORT
+/**
+ * 404 handler (must be after routes)
+ */
+app.use((req: Request, res: Response) => {
+  res.status(404).json({ message: 'Route not found' });
+});
+
+/**
+ * Global error handler (must be last)
+ */
+app.use((err: any, req: Request, res: Response, _next: NextFunction) => {
+  // Log full error on server
+  console.error(err);
+
+  res.status(err?.statusCode || 500).json({
+    message: err?.message || 'Internal Server Error',
+  });
+});
+
+const PORT: number | string = process.env.PORT || 8000;
+
+const server = app.listen(PORT, () => {
+  console.log(`Server running on http://localhost:${PORT}`);
+});
+
+/**
+ * Graceful shutdown (Docker / Ctrl+C)
+ */
+function shutdown(signal: string) {
+  console.log(`Received ${signal}. Shutting down...`);
+  server.close(() => {
+    console.log('HTTP server closed.');
+    process.exit(0);
+  });
+}
 
-app.listen(PORT, () => {
-  console.log(`⚡️ Server running on http://localhost:${PORT}`);
-});
+process.on('SIGINT', () => shutdown('SIGINT'));
+process.on('SIGTERM', () => shutdown('SIGTERM'));

package/src/templates/node-ts-express/base/tsconfig.json

@@ -1,10 +1,25 @@
 {
   "compilerOptions": {
-    "target": "es6",
-    "module": "commonjs",
+    "target": "ES2020",
+    "lib": ["ES2020"],
+    "module": "CommonJS",
+    "moduleResolution": "Node",
     "rootDir": "./src",
     "outDir": "./dist",
+
+    "strict": true,
     "esModuleInterop": true,
-    "strict": true
-  }
+    "forceConsistentCasingInFileNames": true,
+    "skipLibCheck": true,
+
+    "resolveJsonModule": true,
+    "sourceMap": true,
+
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+
+    "types": ["node"]
+  },
+  "include": ["src/**/*.ts"],
+  "exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"]
 }

package/src/templates/node-ts-express/partials/ApiDocs.ts.ejs

@@ -1,8 +1,20 @@
-// Auto-generated by create-backlist v5.0
+// Auto-generated by Backlist
 import swaggerUi from 'swagger-ui-express';
 import swaggerJsdoc from 'swagger-jsdoc';
 import { Express } from 'express';
 
+<% if (addAuth) { -%>
+const securitySchemes = {
+  bearerAuth: {
+    type: 'http',
+    scheme: 'bearer',
+    bearerFormat: 'JWT',
+  },
+};
+<% } else { -%>
+const securitySchemes = {};
+<% } -%>
+
 const options: swaggerJsdoc.Options = {
   definition: {
     openapi: '3.0.0',
@@ -13,21 +25,24 @@ const options: swaggerJsdoc.Options = {
     },
     servers: [
       {
-        url: 'http://localhost:<%= port %>',
-        description: 'Development server',
+        url: process.env.API_BASE_URL || 'http://localhost:<%= port %>',
+        description: 'Server',
       },
     ],
-    // TODO: Add components (e.g., securitySchemes for JWT)
+    components: {
+      securitySchemes: securitySchemes as any,
+    },
+    // Auto-generated paths (no JSDoc required)
+    paths: <%- JSON.stringify(paths || {}, null, 2) %>,
   },
-  // Path to the API docs
-  apis: ['./src/routes/*.ts', './src/routes.ts'], // Looks for JSDoc comments in routes
+
+  // Keep this too (optional) - if you later add JSDoc annotations
+  apis: ['./src/routes/*.ts', './src/routes.ts'],
 };
 
 const swaggerSpec = swaggerJsdoc(options);
 
 export function setupSwagger(app: Express) {
   app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec));
-  console.log(
-    `📄 API documentation is available at http://localhost:<%= port %>/api-docs`
-  );
+  console.log(`API docs: http://localhost:<%= port %>/api-docs`);
 }

package/src/templates/node-ts-express/partials/App.test.ts.ejs

@@ -1,38 +1,58 @@
-// Auto-generated by create-backlist v5.0
+// Auto-generated by create-backlist v5.1
 import request from 'supertest';
 import express from 'express';
-// Import your main app configuration. This might need path adjustment.
-// For simplicity, we create a test server here.
-import apiRoutes from '../routes'; // Assuming main routes
-import authRoutes from '../routes/Auth.routes'; // Assuming auth routes
+
+import apiRoutes from '../routes';
+
+<% if (addAuth) { -%>
+import authRoutes from '../routes/Auth.routes';
+<% } -%>
 
 const app = express();
 app.use(express.json());
-app.use('/api', apiRoutes);
-app.use('/api/auth', authRoutes);
-
 
-describe('API Endpoints', () => {
+// Mount auth first to avoid conflicts
+<% if (addAuth) { -%>
+app.use('/api/auth', authRoutes);
+<% } -%>
+app.use('/api', apiRoutes);
 
-  it('should respond to the root GET endpoint', async () => {
-    // This test assumes a GET /api/ endpoint exists or a similar public one.
-    // You might need to adjust this to a real endpoint from your app.
-    // Example for GET /api/users
-    // const res = await request(app).get('/api/users');
-    // expect(res.statusCode).toEqual(200);
-    
-    // For now, a placeholder test:
+describe('API Endpoints (Generated)', () => {
+  it('sanity check', () => {
     expect(1 + 1).toBe(2);
   });
 
-  // TODO: Add more specific tests for your generated endpoints
-  // describe('POST /api/users', () => {
-  //   it('should create a new user', async () => {
-  //     const res = await request(app)
-  //       .post('/api/users')
-  //       .send({ name: 'Test User', email: 'test@example.com', password: 'password123' });
-  //     expect(res.statusCode).toEqual(201);
-  //     expect(res.body).toHaveProperty('name', 'Test User');
-  //   });
-  // });
+  <% endpoints
+    .filter(ep => ep && ep.route && ep.method)
+    .forEach(ep => {
+      const method = String(ep.method).toLowerCase();
+
+      // make url relative to /api mount
+      const url = (String(ep.route).startsWith('/api/')
+        ? String(ep.route).replace(/^\/api/, '')
+        : String(ep.route)
+      )
+      // replace path params ":id" with dummy
+      .replace(/:\w+/g, '1');
+  -%>
+  it('<%= ep.method %> <%= url %> should respond', async () => {
+    const req = request(app).<%= method %>('<%= '/api' + url %>');
+
+    <% if (['post','put','patch'].includes(method) && ep.schemaFields) { -%>
+    req.send(
+      <%- JSON.stringify(
+        Object.fromEntries(
+          Object.entries(ep.schemaFields).map(([k, t]) => [
+            k,
+            t === 'Number' ? 1 : (t === 'Boolean' ? true : 'test')
+          ])
+        )
+      ) %>
+    );
+    <% } -%>
+
+    const res = await req;
+    expect(res.statusCode).not.toBe(404);
+  });
+  <% }) -%>
 });

package/src/templates/node-ts-express/partials/Auth.controller.ts.ejs

@@ -3,87 +3,110 @@ import { Request, Response } from 'express';
 import bcrypt from 'bcryptjs';
 import jwt from 'jsonwebtoken';
 
-<% if (dbType === 'mongoose') { %>
+<% if (dbType === 'mongoose') { -%>
 import User from '../models/User.model';
-<% } else if (dbType === 'prisma') { %>
+<% } else if (dbType === 'prisma') { -%>
 import { prisma } from '../server';
-<% } %>
+<% } -%>
+
+function signJwt(payload: any) {
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    throw new Error('JWT_SECRET is not set');
+  }
+  const expiresIn = process.env.JWT_EXPIRES_IN || '5h';
+  return jwt.sign(payload, secret, { expiresIn });
+}
 
 // @desc    Register a new user
 export const registerUser = async (req: Request, res: Response) => {
-  const { name, email, password } = req.body;
+  const { name, email, password } = req.body as { name: string; email: string; password: string };
+
+  if (!name || !email || !password) {
+    return res.status(400).json({ message: 'name, email, password are required' });
+  }
 
   try {
-    <% if (dbType === 'mongoose') { %>
-    // Mongoose Logic
-    let user = await User.findOne({ email });
-    if (user) {
-      return res.status(400).json({ message: 'User already exists' });
+    <% if (dbType === 'mongoose') { -%>
+    const existing = await User.findOne({ email });
+    if (existing) {
+      return res.status(409).json({ message: 'User already exists' });
     }
-    user = new User({ name, email, password });
-    await user.save();
-    <% } else if (dbType === 'prisma') { %>
-    // Prisma Logic
+
+    const hashedPassword = await bcrypt.hash(password, 10);
+
+    const user = await User.create({ name, email, password: hashedPassword });
+
+    const payload = { user: { id: user._id.toString() } };
+    const token = signJwt(payload);
+
+    return res.status(201).json({
+      token,
+      user: { id: user._id.toString(), name: user.name, email: user.email }
+    });
+    <% } else if (dbType === 'prisma') { -%>
     const existingUser = await prisma.user.findUnique({ where: { email } });
     if (existingUser) {
-        return res.status(400).json({ message: 'User already exists' });
+      return res.status(409).json({ message: 'User already exists' });
     }
+
     const hashedPassword = await bcrypt.hash(password, 10);
+
     const user = await prisma.user.create({
-        data: { name, email, password: hashedPassword },
+      data: { name, email, password: hashedPassword },
+      select: { id: true, name: true, email: true } // never return password
     });
-    <% } %>
 
     const payload = { user: { id: user.id } };
-    jwt.sign(
-      payload,
-      process.env.JWT_SECRET as string,
-      { expiresIn: '5h' },
-      (err, token) => {
-        if (err) throw err;
-        res.status(201).json({ token });
-      }
-    );
+    const token = signJwt(payload);
+
+    return res.status(201).json({ token, user });
+    <% } -%>
   } catch (error) {
     console.error(error);
-    res.status(500).send('Server Error');
+    return res.status(500).json({ message: 'Server Error' });
   }
 };
 
 // @desc    Authenticate user & get token (Login)
 export const loginUser = async (req: Request, res: Response) => {
-  const { email, password } = req.body;
+  const { email, password } = req.body as { email: string; password: string };
+
+  if (!email || !password) {
+    return res.status(400).json({ message: 'email and password are required' });
+  }
 
   try {
-    <% if (dbType === 'mongoose') { %>
-    // Mongoose Logic
+    <% if (dbType === 'mongoose') { -%>
     const user = await User.findOne({ email });
-    <% } else if (dbType === 'prisma') { %>
-    // Prisma Logic
+    <% } else if (dbType === 'prisma') { -%>
+    // Need password for compare
     const user = await prisma.user.findUnique({ where: { email } });
-    <% } %>
+    <% } -%>
 
     if (!user) {
-      return res.status(400).json({ message: 'Invalid Credentials' });
+      return res.status(401).json({ message: 'Invalid Credentials' });
     }
 
     const isMatch = await bcrypt.compare(password, user.password);
     if (!isMatch) {
-      return res.status(400).json({ message: 'Invalid Credentials' });
+      return res.status(401).json({ message: 'Invalid Credentials' });
     }
 
-    const payload = { user: { id: user.id } };
-    jwt.sign(
-      payload,
-      process.env.JWT_SECRET as string,
-      { expiresIn: '5h' },
-      (err, token) => {
-        if (err) throw err;
-        res.json({ token });
-      }
-    );
+    <% if (dbType === 'mongoose') { -%>
+    const userId = user._id.toString();
+    const safeUser = { id: userId, name: user.name, email: user.email };
+    <% } else if (dbType === 'prisma') { -%>
+    const userId = user.id;
+    const safeUser = { id: user.id, name: user.name, email: user.email };
+    <% } -%>
+
+    const payload = { user: { id: userId } };
+    const token = signJwt(payload);
+
+    return res.json({ token, user: safeUser });
   } catch (error) {
     console.error(error);
-    res.status(500).send('Server Error');
+    return res.status(500).json({ message: 'Server Error' });
   }
 };

package/src/templates/node-ts-express/partials/Auth.middleware.ts.ejs

@@ -1,27 +1,58 @@
-// Auto-generated by create-backlist v3.0 on <%= new Date().toISOString() %>
+// Auto-generated by create-backlist on <%= new Date().toISOString() %>
 import { Request, Response, NextFunction } from 'express';
-import jwt from 'jsonwebtoken';
+import jwt, { JwtPayload } from 'jsonwebtoken';
+
+type AuthUser = {
+  id: string;
+  email?: string;
+  role?: string;
+};
 
-// Extend the default Request interface to include our 'user' property
 interface AuthRequest extends Request {
-  user?: any;
+  user?: AuthUser;
+}
+
+function getTokenFromRequest(req: Request): string | null {
+  // 1) Standard: Authorization: Bearer <token>
+  const authHeader = req.headers.authorization;
+  if (authHeader && typeof authHeader === 'string') {
+    const [type, token] = authHeader.split(' ');
+    if (type?.toLowerCase() === 'bearer' && token) return token.trim();
+  }
+
+  // 2) Fallback: x-auth-token (your old way)
+  const xToken = req.header('x-auth-token');
+  if (xToken) return xToken.trim();
+
+  return null;
 }
 
 export const protect = (req: AuthRequest, res: Response, next: NextFunction) => {
-  // Get token from header
-  const token = req.header('x-auth-token');
+  const token = getTokenFromRequest(req);
 
-  // Check if not token
   if (!token) {
-    return res.status(401).json({ message: 'No token, authorization denied' });
+    return res.status(401).json({ message: 'Authorization token missing' });
+  }
+
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    // server misconfiguration
+    return res.status(500).json({ message: 'JWT_SECRET is not configured' });
   }
 
-  // Verify token
   try {
-    const decoded = jwt.verify(token, process.env.JWT_SECRET as string);
-    req.user = decoded.user;
-    next();
-  } catch (err) {
-    res.status(401).json({ message: 'Token is not valid' });
+    const decoded = jwt.verify(token, secret) as JwtPayload;
+
+    // Expect payload shape: { user: { id: "..." } }
+    const user = (decoded as any).user;
+
+    if (!user?.id) {
+      return res.status(401).json({ message: 'Token payload is invalid' });
+    }
+
+    req.user = { id: String(user.id), email: user.email, role: user.role };
+    return next();
+  } catch {
+    return res.status(401).json({ message: 'Token is not valid' });
   }
 };

package/src/templates/node-ts-express/partials/Auth.routes.ts.ejs

@@ -1,15 +1,54 @@
-// Auto-generated by create-backlist v3.0 on <%= new Date().toISOString() %>
+// Auto-generated by create-backlist on <%= new Date().toISOString() %>
 import { Router } from 'express';
 import { registerUser, loginUser } from '../controllers/Auth.controller';
 
 const router = Router();
 
-// @route   POST /api/auth/register
-// @desc    Register a new user
+/**
+ * @openapi
+ * /api/auth/register:
+ *   post:
+ *     tags: [Auth]
+ *     summary: Register a new user
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             required: [name, email, password]
+ *             properties:
+ *               name: { type: string }
+ *               email: { type: string }
+ *               password: { type: string }
+ *     responses:
+ *       201: { description: Created }
+ *       400: { description: Bad Request }
+ *       409: { description: Conflict (User exists) }
+ */
 router.post('/register', registerUser);
 
-// @route   POST /api/auth/login
-// @desc    Authenticate user and get token
+/**
+ * @openapi
+ * /api/auth/login:
+ *   post:
+ *     tags: [Auth]
+ *     summary: Login and get JWT token
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             required: [email, password]
+ *             properties:
+ *               email: { type: string }
+ *               password: { type: string }
+ *     responses:
+ *       200: { description: OK }
+ *       400: { description: Bad Request }
+ *       401: { description: Unauthorized }
+ */
 router.post('/login', loginUser);
 
 export default router;

package/src/templates/node-ts-express/partials/Controller.ts.ejs

@@ -1,50 +1,64 @@
 // Auto-generated by create-backlist on <%= new Date().toISOString() %>
 import { Request, Response } from 'express';
 
+const modelLabel = '<%= modelName %>';
+
+function serverError(res: Response, action: string, error: unknown) {
+  const message = error instanceof Error ? error.message : String(error);
+  return res.status(500).json({ success: false, message: `Error ${action} ${modelLabel}`, error: message });
+}
+
 export const create<%= modelName %> = async (req: Request, res: Response) => {
   try {
-    // TODO: implement create logic
-    res.status(201).json({ message: '<%= modelName %> created', data: req.body });
+    // TODO: implement create logic (DB)
+    return res.status(201).json({ success: true, message: `${modelLabel} created`, data: req.body });
   } catch (error) {
-    res.status(500).json({ message: 'Error creating <%= modelName %>', error });
+    return serverError(res, 'creating', error);
   }
 };
 
-export const getAll<%= modelName %>s = async (_req: Request, res: Response) => {
+export const getAll<%= modelName %>s = async (req: Request, res: Response) => {
   try {
-    // TODO: implement list logic
-    res.status(200).json([]);
+    // Optional scaffold for pagination
+    const page = Number(req.query.page || 1);
+    const limit = Number(req.query.limit || 20);
+
+    // TODO: implement list logic (DB)
+    return res.status(200).json({ success: true, page, limit, data: [] });
   } catch (error) {
-    res.status(500).json({ message: 'Error fetching <%= modelName %>s', error });
+    return serverError(res, 'fetching', error);
   }
 };
 
 export const get<%= modelName %>ById = async (req: Request, res: Response) => {
   try {
     const { id } = req.params;
-    // TODO: implement get by id logic
-    res.status(200).json({ id });
+    // TODO: implement get by id logic (DB)
+    // If not found: return res.status(404).json({ success:false, message:`${modelLabel} not found` })
+    return res.status(200).json({ success: true, data: { id } });
   } catch (error) {
-    res.status(500).json({ message: 'Error fetching <%= modelName %>', error });
+    return serverError(res, 'fetching', error);
   }
 };
 
 export const update<%= modelName %>ById = async (req: Request, res: Response) => {
   try {
     const { id } = req.params;
-    // TODO: implement update logic
-    res.status(200).json({ id, ...req.body });
+    // TODO: implement update logic (DB)
+    // If not found: return 404
+    return res.status(200).json({ success: true, message: `${modelLabel} updated`, data: { id, ...req.body } });
   } catch (error) {
-    res.status(500).json({ message: 'Error updating <%= modelName %>', error });
+    return serverError(res, 'updating', error);
   }
 };
 
 export const delete<%= modelName %>ById = async (req: Request, res: Response) => {
   try {
     const { id } = req.params;
-    // TODO: implement delete logic
-    res.status(204).send();
+    // TODO: implement delete logic (DB)
+    // If not found: return 404
+    return res.status(204).send();
   } catch (error) {
-    res.status(500).json({ message: 'Error deleting <%= modelName %>', error });
+    return serverError(res, 'deleting', error);
   }
 };