create-backlist 7.0.1 → 7.3.1

package/src/generators/python.js

@@ -1,104 +1,86 @@
-const chalk = require('chalk');
-const { execa } = require('execa');
-const fs = require('fs-extra');
-const path = require('path');
-const { analyzeFrontend } = require('../analyzer');
-const { renderAndWrite, getTemplatePath } = require('./template');
-
-async function generatePythonProject(options) {
-  const { projectDir, projectName, frontendSrcDir } = options;
-
-  try {
-    // --- Step 1: Analysis & Model Identification ---
-    console.log(chalk.blue('  -> Analyzing frontend for Python (FastAPI) backend...'));
-    const endpoints = await analyzeFrontend(frontendSrcDir);
-    const modelsToGenerate = new Map();
-    endpoints.forEach(ep => {
-      if (ep.schemaFields && ep.controllerName !== 'Default' && !modelsToGenerate.has(ep.controllerName)) {
-        modelsToGenerate.set(ep.controllerName, { name: ep.controllerName, fields: Object.entries(ep.schemaFields).map(([key, type]) => ({ name: key, type })) });
-      }
-    });
-
-    // Add a default User model if none was detected but auth might be added later
-    if (!modelsToGenerate.has('User')) {
-        modelsToGenerate.set('User', { name: 'User', fields: [{ name: 'name', type: 'String' }, { name: 'email', type: 'String'}] });
-    }
-
-    // --- Step 2: Scaffold Base Python Project Directories ---
-    console.log(chalk.blue('  -> Scaffolding Python (FastAPI) project structure...'));
-    const appDir = path.join(projectDir, 'app');
-    const coreDir = path.join(appDir, 'core');
-    const dbDir = path.join(appDir, 'db'); // For DB connection
-    const modelsDir = path.join(appDir, 'models');
-    const schemasDir = path.join(appDir, 'schemas');
-    const routesDir = path.join(appDir, 'routers');
-    
-    await fs.ensureDir(appDir);
-    await fs.ensureDir(coreDir);
-    await fs.ensureDir(dbDir);
-    await fs.ensureDir(modelsDir);
-    await fs.ensureDir(schemasDir);
-    await fs.ensureDir(routesDir);
-
-    // --- Step 3: Generate All Python Files from Templates ---
-    const controllers = Array.from(modelsToGenerate.keys());
-
-    // Generate main application file
-    await renderAndWrite(getTemplatePath('python-fastapi/main.py.ejs'), path.join(projectDir, 'app', 'main.py'), { projectName, controllers });
-    // Generate dependency file
-    await renderAndWrite(getTemplatePath('python-fastapi/requirements.txt.ejs'), path.join(projectDir, 'requirements.txt'), {});
-    
-    // Generate core files (config, security)
-    await renderAndWrite(getTemplatePath('python-fastapi/app/core/config.py.ejs'), path.join(coreDir, 'config.py'), { projectName });
-    await renderAndWrite(getTemplatePath('python-fastapi/app/core/security.py.ejs'), path.join(coreDir, 'security.py'), {});
-
-    // Generate DB connection and base model
-    await renderAndWrite(getTemplatePath('python-fastapi/app/db.py.ejs'), path.join(appDir, 'db.py'), {});
-
-    // Generate model and schema files for User (for auth)
-    await renderAndWrite(getTemplatePath('python-fastapi/app/models/user.py.ejs'), path.join(modelsDir, 'user.py'), {});
-    await renderAndWrite(getTemplatePath('python-fastapi/app/schemas/user.py.ejs'), path.join(schemasDir, 'user.py'), {});
-
-    // Generate router for auth
-    await renderAndWrite(getTemplatePath('python-fastapi/app/routers/auth.py.ejs'), path.join(routesDir, 'auth.py'), {});
-
-    // Generate router for each detected model
-    for (const [modelName, modelData] of modelsToGenerate.entries()) {
-        if(modelName.toLowerCase() !== 'user') { // User model is handled separately
-            // In a full implementation, you'd have generic model/schema templates too
-        }
-        await renderAndWrite(getTemplatePath('python-fastapi/app/routers/model_routes.py.ejs'), path.join(routesDir, `${modelName.toLowerCase()}_routes.py`), { modelName, schema: modelData });
-    }
-    
-    // --- Step 4: Setup Virtual Environment and Install Dependencies ---
-    console.log(chalk.magenta('  -> Setting up virtual environment and installing dependencies...'));
-    await execa('python', ['-m', 'venv', 'venv'], { cwd: projectDir });
-    
-    const pipPath = process.platform === 'win32' ? path.join('venv', 'Scripts', 'pip') : path.join('venv', 'bin', 'pip');
-    await execa(path.join(projectDir, pipPath), ['install', '-r', 'requirements.txt'], { cwd: projectDir });
-    
-    // --- Step 5: Generate Docker and .env files ---
-    await renderAndWrite(getTemplatePath('python-fastapi/Dockerfile.ejs'), path.join(projectDir, 'Dockerfile'), {});
-    await renderAndWrite(getTemplatePath('python-fastapi/docker-compose.yml.ejs'), path.join(projectDir, 'docker-compose.yml'), { projectName });
-    
-    const envContent = `DATABASE_URL="postgresql://postgres:password@db:5432/${projectName}"\nJWT_SECRET="a_very_secret_key_change_this"`;
-    await fs.writeFile(path.join(projectDir, '.env'), envContent);
-    await fs.writeFile(path.join(projectDir, '.env.example'), envContent);
-
-
-    console.log(chalk.green('  -> Python (FastAPI) backend generation is complete!'));
-    console.log(chalk.yellow('\nTo run your new Python backend with Docker:'));
-    console.log(chalk.cyan('  1. Make sure Docker Desktop is running.'));
-    console.log(chalk.cyan('  2. Run: `docker-compose up --build`'));
-    console.log(chalk.cyan('  3. API will be available at http://localhost:8000 and docs at http://localhost:8000/docs'));
-
-
-  } catch (error) {
-    if (error.code === 'ENOENT') {
-        throw new Error(`'${error.command}' command not found. Please ensure Python and venv are installed and in your system's PATH.`);
-    }
-    throw error;
-  }
-}
-
-module.exports = { generatePythonProject };
+import chalk from 'chalk';
+import { execa } from 'execa';
+import fs from 'fs-extra';
+import path from 'node:path';
+import { analyzeFrontend } from '../analyzer.js';
+import { renderAndWrite, getTemplatePath } from './template.js';
+
+export async function generatePythonProject(options) {
+  const { projectDir, projectName, frontendSrcDir } = options;
+
+  try {
+    console.log(chalk.blue('  -> Analyzing frontend for Python (FastAPI) backend...'));
+    const endpoints = await analyzeFrontend(frontendSrcDir);
+    const modelsToGenerate = new Map();
+    endpoints.forEach(ep => {
+      if (ep.schemaFields && ep.controllerName !== 'Default' && !modelsToGenerate.has(ep.controllerName)) {
+        modelsToGenerate.set(ep.controllerName, { name: ep.controllerName, fields: Object.entries(ep.schemaFields).map(([key, type]) => ({ name: key, type })) });
+      }
+    });
+
+    if (!modelsToGenerate.has('User')) {
+      modelsToGenerate.set('User', { name: 'User', fields: [{ name: 'name', type: 'String' }, { name: 'email', type: 'String' }] });
+    }
+
+    console.log(chalk.blue('  -> Scaffolding Python (FastAPI) project structure...'));
+    const appDir = path.join(projectDir, 'app');
+    const coreDir = path.join(appDir, 'core');
+    const dbDir = path.join(appDir, 'db');
+    const modelsDir = path.join(appDir, 'models');
+    const schemasDir = path.join(appDir, 'schemas');
+    const routesDir = path.join(appDir, 'routers');
+
+    await fs.ensureDir(appDir);
+    await fs.ensureDir(coreDir);
+    await fs.ensureDir(dbDir);
+    await fs.ensureDir(modelsDir);
+    await fs.ensureDir(schemasDir);
+    await fs.ensureDir(routesDir);
+
+    const controllers = Array.from(modelsToGenerate.keys());
+
+    await renderAndWrite(getTemplatePath('python-fastapi/main.py.ejs'), path.join(projectDir, 'app', 'main.py'), { projectName, controllers });
+    await renderAndWrite(getTemplatePath('python-fastapi/requirements.txt.ejs'), path.join(projectDir, 'requirements.txt'), {});
+
+    await renderAndWrite(getTemplatePath('python-fastapi/app/core/config.py.ejs'), path.join(coreDir, 'config.py'), { projectName });
+    await renderAndWrite(getTemplatePath('python-fastapi/app/core/security.py.ejs'), path.join(coreDir, 'security.py'), {});
+
+    await renderAndWrite(getTemplatePath('python-fastapi/app/db.py.ejs'), path.join(appDir, 'db.py'), {});
+
+    await renderAndWrite(getTemplatePath('python-fastapi/app/models/user.py.ejs'), path.join(modelsDir, 'user.py'), {});
+    await renderAndWrite(getTemplatePath('python-fastapi/app/schemas/user.py.ejs'), path.join(schemasDir, 'user.py'), {});
+
+    await renderAndWrite(getTemplatePath('python-fastapi/app/routers/auth.py.ejs'), path.join(routesDir, 'auth.py'), {});
+
+    for (const [modelName, modelData] of modelsToGenerate.entries()) {
+      if (modelName.toLowerCase() !== 'user') {
+        await renderAndWrite(getTemplatePath('python-fastapi/app/routers/model_routes.py.ejs'), path.join(routesDir, `${modelName.toLowerCase()}_routes.py`), { modelName, schema: modelData });
+      }
+    }
+
+    console.log(chalk.magenta('  -> Setting up virtual environment and installing dependencies...'));
+    await execa('python', ['-m', 'venv', 'venv'], { cwd: projectDir });
+
+    const pipPath = process.platform === 'win32' ? path.join('venv', 'Scripts', 'pip') : path.join('venv', 'bin', 'pip');
+    await execa(path.join(projectDir, pipPath), ['install', '-r', 'requirements.txt'], { cwd: projectDir });
+
+    await renderAndWrite(getTemplatePath('python-fastapi/Dockerfile.ejs'), path.join(projectDir, 'Dockerfile'), {});
+    await renderAndWrite(getTemplatePath('python-fastapi/docker-compose.yml.ejs'), path.join(projectDir, 'docker-compose.yml'), { projectName });
+
+    const envContent = `DATABASE_URL="postgresql://postgres:password@db:5432/${projectName}"\nJWT_SECRET="a_very_secret_key_change_this"`;
+    await fs.writeFile(path.join(projectDir, '.env'), envContent);
+    await fs.writeFile(path.join(projectDir, '.env.example'), envContent);
+
+    console.log(chalk.green('  -> Python (FastAPI) backend generation is complete!'));
+    console.log(chalk.yellow('\nTo run your new Python backend with Docker:'));
+    console.log(chalk.cyan('  1. Make sure Docker Desktop is running.'));
+    console.log(chalk.cyan('  2. Run: `docker-compose up --build`'));
+    console.log(chalk.cyan('  3. API will be available at http://localhost:8000 and docs at http://localhost:8000/docs'));
+
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      throw new Error(`'${error.command}' command not found. Please ensure Python and venv are installed and in your system's PATH.`);
+    }
+    throw error;
+  }
+}

package/src/generators/template.js

@@ -1,23 +1,23 @@
-import fs from 'fs-extra';
-import ejs from 'ejs';
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-
-export async function renderAndWrite(templatePath, outPath, data) {
-  try {
-    const tpl = await fs.readFile(templatePath, 'utf-8');
-    const code = ejs.render(tpl, data || {}, { filename: templatePath }); // filename helps with EJS errors
-    await fs.outputFile(outPath, code);
-  } catch (err) {
-    console.error('EJS render failed for:', templatePath);
-    console.error('Data keys:', Object.keys(data || {}));
-    throw err;
-  }
-}
-
-export function getTemplatePath(subpath) {
-  return path.join(__dirname, '..', 'templates', subpath);
+import fs from 'fs-extra';
+import ejs from 'ejs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+export async function renderAndWrite(templatePath, outPath, data) {
+  try {
+    const tpl = await fs.readFile(templatePath, 'utf-8');
+    const code = ejs.render(tpl, data || {}, { filename: templatePath }); // filename helps with EJS errors
+    await fs.outputFile(outPath, code);
+  } catch (err) {
+    console.error('EJS render failed for:', templatePath);
+    console.error('Data keys:', Object.keys(data || {}));
+    throw err;
+  }
+}
+
+export function getTemplatePath(subpath) {
+  return path.join(__dirname, '..', 'templates', subpath);
 }

package/src/project-detector.js

@@ -0,0 +1,131 @@
+import fs from "fs-extra";
+import path from "node:path";
+
+const NEXTJS_SCAN_DIRS = [
+  "app",
+  "pages",
+  "src",
+  "components",
+  "lib",
+  "hooks",
+  "services",
+  "utils",
+  "features",
+  "modules",
+];
+
+const REACT_SCAN_DIRS = ["src"];
+
+export async function detectProjectType(projectRoot) {
+  const result = {
+    type: "unknown",
+    scanDirs: [],
+    apiRouteDirs: [],
+    framework: "unknown",
+  };
+
+  const pkgPath = path.join(projectRoot, "package.json");
+  let pkg = null;
+  if (await fs.pathExists(pkgPath)) {
+    try {
+      pkg = await fs.readJson(pkgPath);
+    } catch {}
+  }
+
+  const deps = pkg
+    ? { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) }
+    : {};
+
+  const hasNext = !!deps.next || (await hasNextConfig(projectRoot));
+  const hasReact = !!deps.react;
+  const hasVite = !!deps.vite;
+
+  const hasAppDir = await fs.pathExists(path.join(projectRoot, "app"));
+  const hasPagesDir = await fs.pathExists(path.join(projectRoot, "pages"));
+  const hasSrcApp = await fs.pathExists(path.join(projectRoot, "src", "app"));
+  const hasSrcPages = await fs.pathExists(
+    path.join(projectRoot, "src", "pages")
+  );
+
+  if (hasNext) {
+    result.framework = "next";
+
+    if ((hasAppDir || hasSrcApp) && (hasPagesDir || hasSrcPages)) {
+      result.type = "nextjs-hybrid";
+    } else if (hasAppDir || hasSrcApp) {
+      result.type = "nextjs-app";
+    } else if (hasPagesDir || hasSrcPages) {
+      result.type = "nextjs-pages";
+    } else {
+      result.type = "nextjs-app";
+    }
+
+    const candidateDirs = [...NEXTJS_SCAN_DIRS];
+    for (const dir of candidateDirs) {
+      const abs = path.join(projectRoot, dir);
+      if (await fs.pathExists(abs)) {
+        result.scanDirs.push(abs);
+      }
+      const srcNested = path.join(projectRoot, "src", dir);
+      if (dir !== "src" && (await fs.pathExists(srcNested))) {
+        result.scanDirs.push(srcNested);
+      }
+    }
+
+    if (hasAppDir) {
+      const appApiDir = path.join(projectRoot, "app", "api");
+      if (await fs.pathExists(appApiDir)) result.apiRouteDirs.push(appApiDir);
+      result.apiRouteDirs.push(path.join(projectRoot, "app"));
+    }
+    if (hasSrcApp) {
+      const srcAppApiDir = path.join(projectRoot, "src", "app", "api");
+      if (await fs.pathExists(srcAppApiDir))
+        result.apiRouteDirs.push(srcAppApiDir);
+      result.apiRouteDirs.push(path.join(projectRoot, "src", "app"));
+    }
+    if (hasPagesDir) {
+      const pagesApiDir = path.join(projectRoot, "pages", "api");
+      if (await fs.pathExists(pagesApiDir))
+        result.apiRouteDirs.push(pagesApiDir);
+    }
+    if (hasSrcPages) {
+      const srcPagesApiDir = path.join(projectRoot, "src", "pages", "api");
+      if (await fs.pathExists(srcPagesApiDir))
+        result.apiRouteDirs.push(srcPagesApiDir);
+    }
+  } else if (hasReact) {
+    result.framework = hasVite ? "vite" : "react";
+    result.type = hasVite ? "vite-react" : "react";
+
+    for (const dir of REACT_SCAN_DIRS) {
+      const abs = path.join(projectRoot, dir);
+      if (await fs.pathExists(abs)) {
+        result.scanDirs.push(abs);
+      }
+    }
+  }
+
+  if (result.scanDirs.length === 0) {
+    const fallback = path.join(projectRoot, "src");
+    if (await fs.pathExists(fallback)) {
+      result.scanDirs.push(fallback);
+    }
+  }
+
+  result.scanDirs = [...new Set(result.scanDirs)];
+  result.apiRouteDirs = [...new Set(result.apiRouteDirs)];
+
+  return result;
+}
+
+async function hasNextConfig(projectRoot) {
+  const configs = [
+    "next.config.js",
+    "next.config.mjs",
+    "next.config.ts",
+  ];
+  for (const cfg of configs) {
+    if (await fs.pathExists(path.join(projectRoot, cfg))) return true;
+  }
+  return false;
+}

package/src/templates/dotnet/partials/Dockerfile.ejs

@@ -0,0 +1,27 @@
+# Auto-generated by create-backlist (.NET Core)
+
+# ---- Build Stage ----
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+WORKDIR /src
+
+COPY *.csproj .
+RUN dotnet restore
+
+COPY . .
+RUN dotnet publish -c Release -o /app/publish --no-restore
+
+# ---- Runtime Stage ----
+FROM mcr.microsoft.com/dotnet/aspnet:8.0
+WORKDIR /app
+
+ENV ASPNETCORE_URLS=http://+:5000
+ENV ASPNETCORE_ENVIRONMENT=Production
+
+COPY --from=build /app/publish .
+
+EXPOSE 5000
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
+  CMD curl -f http://localhost:5000/health || exit 1
+
+ENTRYPOINT ["dotnet", "<%= projectName %>.dll"]

package/src/templates/dotnet/partials/docker-compose.yml.ejs

@@ -0,0 +1,33 @@
+# Auto-generated by create-backlist (.NET Core)
+version: '3.8'
+
+services:
+  app:
+    build: .
+    ports:
+      - "5000:5000"
+    environment:
+      - ASPNETCORE_ENVIRONMENT=Development
+      - ConnectionStrings__DefaultConnection=Host=db;Port=5432;Database=<%= projectName %>;Username=postgres;Password=postgres
+    depends_on:
+      db:
+        condition: service_healthy
+
+  db:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: <%= projectName %>
+    ports:
+      - "5432:5432"
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 3s
+      retries: 5
+
+volumes:
+  pgdata:

package/src/templates/java-spring/partials/Controller.java.ejs

@@ -27,7 +27,7 @@ public class <%= controllerName %>Controller {
   }
 
   @GetMapping("/{id}")
-  public ResponseEntity<<%= controllerName %>> one(@PathVariable String id) {
+  public ResponseEntity<<%= controllerName %>> one(@PathVariable Long id) {
     return service.findById(id)
       .map(ResponseEntity::ok)
       .orElse(ResponseEntity.notFound().build());
@@ -39,14 +39,14 @@ public class <%= controllerName %>Controller {
   }
 
   @PutMapping("/{id}")
-  public ResponseEntity<<%= controllerName %>> update(@PathVariable String id, @RequestBody <%= controllerName %> m) {
+  public ResponseEntity<<%= controllerName %>> update(@PathVariable Long id, @RequestBody <%= controllerName %> m) {
     return service.update(id, m)
       .map(ResponseEntity::ok)
       .orElse(ResponseEntity.notFound().build());
   }
 
   @DeleteMapping("/{id}")
-  public ResponseEntity<Void> delete(@PathVariable String id) {
+  public ResponseEntity<Void> delete(@PathVariable Long id) {
     return service.delete(id)
       ? ResponseEntity.noContent().build()
       : ResponseEntity.notFound().build();

package/src/templates/js-express/base/server.js

@@ -0,0 +1,59 @@
+import express from 'express';
+import cors from 'cors';
+import dotenv from 'dotenv';
+import helmet from 'helmet';
+import morgan from 'morgan';
+
+dotenv.config();
+
+const app = express();
+
+app.use(helmet());
+app.use(morgan(process.env.NODE_ENV === 'production' ? 'combined' : 'dev'));
+
+app.use(cors({
+  origin: process.env.CORS_ORIGIN
+    ? process.env.CORS_ORIGIN.split(',').map(s => s.trim())
+    : ['http://localhost:3000', 'http://localhost:5173'],
+  credentials: true,
+}));
+
+app.use(express.json({ limit: '1mb' }));
+
+app.get('/api/health', (req, res) => {
+  res.status(200).json({ status: 'ok' });
+});
+
+app.get('/', (req, res) => {
+  res.send('Backend is running! Generated by create-backlist.');
+});
+
+// INJECT:ROUTES
+
+app.use((req, res) => {
+  res.status(404).json({ message: 'Route not found' });
+});
+
+app.use((err, req, res, _next) => {
+  console.error(err);
+  res.status(err?.statusCode || 500).json({
+    message: err?.message || 'Internal Server Error',
+  });
+});
+
+const PORT = process.env.PORT || 8000;
+
+const server = app.listen(PORT, () => {
+  console.log(`Server running on http://localhost:${PORT}`);
+});
+
+function shutdown(signal) {
+  console.log(`Received ${signal}. Shutting down...`);
+  server.close(() => {
+    console.log('HTTP server closed.');
+    process.exit(0);
+  });
+}
+
+process.on('SIGINT', () => shutdown('SIGINT'));
+process.on('SIGTERM', () => shutdown('SIGTERM'));

package/src/templates/js-express/partials/Dockerfile.ejs

@@ -0,0 +1,12 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci --only=production
+
+COPY . .
+
+EXPOSE <%= port %>
+
+CMD ["node", "src/server.js"]

package/src/templates/js-express/partials/auth.controller.js.ejs

@@ -0,0 +1,66 @@
+<% if (dbType === 'mongoose') { %>
+import User from '../models/User.model.js';
+<% } else { %>
+import { prisma } from '../db.js';
+<% } %>
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'changeme';
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '5h';
+
+export class AuthController {
+
+  static async register(req, res) {
+    try {
+      const { name, email, password } = req.body;
+      if (!email || !password) {
+        return res.status(400).json({ message: 'Email and password are required' });
+      }
+
+      const hashedPassword = await bcrypt.hash(password, 12);
+
+<% if (dbType === 'mongoose') { %>
+      const existing = await User.findOne({ email });
+      if (existing) return res.status(409).json({ message: 'Email already in use' });
+
+      const user = await User.create({ name, email, password: hashedPassword });
+      const token = jwt.sign({ id: user._id, email: user.email }, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
+<% } else { %>
+      const existing = await prisma.user.findUnique({ where: { email } });
+      if (existing) return res.status(409).json({ message: 'Email already in use' });
+
+      const user = await prisma.user.create({ data: { name, email, password: hashedPassword } });
+      const token = jwt.sign({ id: user.id, email: user.email }, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
+<% } %>
+
+      res.status(201).json({ token, user: { id: user.id || user._id, name: user.name, email: user.email } });
+    } catch (error) {
+      res.status(500).json({ message: error.message });
+    }
+  }
+
+  static async login(req, res) {
+    try {
+      const { email, password } = req.body;
+      if (!email || !password) {
+        return res.status(400).json({ message: 'Email and password are required' });
+      }
+
+<% if (dbType === 'mongoose') { %>
+      const user = await User.findOne({ email });
+<% } else { %>
+      const user = await prisma.user.findUnique({ where: { email } });
+<% } %>
+      if (!user) return res.status(401).json({ message: 'Invalid credentials' });
+
+      const isMatch = await bcrypt.compare(password, user.password);
+      if (!isMatch) return res.status(401).json({ message: 'Invalid credentials' });
+
+      const token = jwt.sign({ id: user.id || user._id, email: user.email }, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
+      res.status(200).json({ token, user: { id: user.id || user._id, name: user.name, email: user.email } });
+    } catch (error) {
+      res.status(500).json({ message: error.message });
+    }
+  }
+}

package/src/templates/js-express/partials/auth.middleware.js.ejs

@@ -0,0 +1,19 @@
+import jwt from 'jsonwebtoken';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'changeme';
+
+export function authMiddleware(req, res, next) {
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return res.status(401).json({ message: 'Access denied. No token provided.' });
+  }
+
+  const token = authHeader.split(' ')[1];
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    req.user = decoded;
+    next();
+  } catch (error) {
+    return res.status(401).json({ message: 'Invalid or expired token.' });
+  }
+}

package/src/templates/js-express/partials/auth.routes.js.ejs

@@ -0,0 +1,9 @@
+import { Router } from 'express';
+import { AuthController } from '../controllers/Auth.controller.js';
+
+const router = Router();
+
+router.post('/register', AuthController.register);
+router.post('/login', AuthController.login);
+
+export default router;