create-express-kickstart 1.2.7 → 1.2.8

package/.env.example

@@ -1,3 +1,4 @@
+# Basic Environment Variables
 PORT=8000
 MONGODB_URI=mongodb://localhost:27017/
 CORS_ORIGIN=*
@@ -6,3 +7,10 @@ NODE_ENV=development
 # Rate Limiting
 RATE_LIMIT_WINDOW_MS=900000 # 15 minutes in milliseconds
 RATE_LIMIT_MAX=100 # Maximum requests per windowMs
+
+# Bcrypt Configuration
+BCRYPT_SALT=10 
+
+# JWT Configuration
+JWT_SECRET=your_jwt_secret_key
+JWT_EXPIRES_IN=1d

package/README.md

@@ -115,10 +115,11 @@ const restrictedRoute = asyncHandler(async (req, res) => {
 ### `asyncHandler`
 A wrapper for your async route handlers that eliminates the need for repetitive `try-catch` blocks.
 
-### `hash.util.js`
-If you choose to install the basic JWT Auth boilerplate, we automatically generate a generic hashing utility utilizing `bcryptjs` to help you securely hash and compare data (like passwords) natively.
+### `jwt.util.js` & `hash.util.js`
+If you choose to install the basic JWT Auth boilerplate, we automatically generate symmetric cryptography utilities wrapping `jsonwebtoken` and `bcryptjs`. This helps you map, hash, and assign JWT secrets synchronously against `.env`.
 ```javascript
 import { hashData, compareData } from "#utils/hash.util.js";
+import { generateToken, verifyToken } from "#utils/jwt.util.js";
 
 const registerUser = asyncHandler(async (req, res) => {
     const hashedPassword = await hashData("supersecret123");
@@ -127,7 +128,10 @@ const registerUser = asyncHandler(async (req, res) => {
 
 const loginUser = asyncHandler(async (req, res) => {
     const isMatch = await compareData("supersecret123", user.hashedPassword);
-    // ...
+    
+    // Generate JWT natively hooked up to process.env.JWT_SECRET
+    const token = generateToken({ id: user._id, role: "user" });
+    return res.json({ token });
 });
 ```
 

package/bin/cli.js

@@ -148,8 +148,16 @@ async function init() {
     );
     
     // Append JWT secret and Salt Rounds to env example
-    fs.appendFileSync(path.join(projectPath, '.env.example'), '\nJWT_SECRET=supersecretjwtkey123\nBCRYPT_SALT=10\n');
-    fs.appendFileSync(path.join(projectPath, '.env'), '\nJWT_SECRET=supersecretjwtkey123\nBCRYPT_SALT=10\n');
+    const authEnvConfig = `
+# Bcrypt Configuration
+BCRYPT_SALT=10
+
+# JWT Configuration
+JWT_SECRET=supersecretjwtkey123
+JWT_EXPIRES_IN=1d
+`;
+    fs.appendFileSync(path.join(projectPath, '.env.example'), authEnvConfig);
+    fs.appendFileSync(path.join(projectPath, '.env'), authEnvConfig);
 
     const utilsPath = path.join(projectPath, 'src', 'utils');
     if (!fs.existsSync(utilsPath)) {
@@ -167,6 +175,20 @@ export const hashData = async (data, saltRounds = process.env.BCRYPT_SALT) => {
 export const compareData = async (data, hashedData) => {
     return await bcrypt.compare(data, hashedData);
 };
+`
+    );
+
+    fs.writeFileSync(
+      path.join(utilsPath, 'jwt.util.js'),
+`import jwt from "jsonwebtoken";
+
+export const generateToken = (payload, expiresIn = process.env.JWT_EXPIRES_IN || "1d") => {
+    return jwt.sign(payload, process.env.JWT_SECRET, { expiresIn });
+};
+
+export const verifyToken = (token) => {
+    return jwt.verify(token, process.env.JWT_SECRET);
+};
 `
     );
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-express-kickstart",
-  "version": "1.2.7",
+  "version": "1.2.8",
   "description": "Production-ready CLI starter for Express APIs",
   "main": "bin/cli.js",
   "bin": {

package/templates/auth/auth.controller.js

@@ -1,5 +1,31 @@
+import { asyncHandler } from "#utils/asyncHandler.js";
+import { ApiResponse } from "#utils/ApiResponse.js";
+import { generateToken } from "#utils/jwt.util.js";
+import { hashData, compareData } from "#utils/hash.util.js";
+
 export const authController = {
-  login: (req, res) => res.json({ message: "Login logic goes here." }),
-  register: (req, res) => res.json({ message: "Register logic goes here." }),
-  profile: (req, res) => res.json({ message: "Protected profile data." })
-};
+  login: asyncHandler(async (req, res) => {
+    // In a real app, you would fetch user from database and compare passwords here
+    // Example: const isMatch = await compareData(req.body.password, user.password);
+    
+    // For now, let's just generate a mock token
+    const token = generateToken({ id: 1, role: "user" });
+    
+    return res.status(200).json(
+      new ApiResponse(200, { token }, "Login successful")
+    );
+  }),
+  
+  register: asyncHandler(async (req, res) => {
+    // Example: const hashedPassword = await hashData(req.body.password);
+    return res.status(201).json(
+      new ApiResponse(201, {}, "Register logic goes here")
+    );
+  }),
+  
+  profile: asyncHandler(async (req, res) => {
+    return res.status(200).json(
+      new ApiResponse(200, { user: req.user }, "Protected profile data retrieved successfully.")
+    );
+  })
+};

package/templates/auth/auth.middleware.js

@@ -1,5 +1,22 @@
+import { verifyToken } from "#utils/jwt.util.js";
+import { ApiError } from "#utils/ApiError.js";
+
 export const authMiddleware = (req, res, next) => {
-  // Add JWT verification logic here
-  console.log('Verifying token...');
-  next();
-};
+  const authHeader = req.headers['authorization'];
+  if (!authHeader) {
+    return next(new ApiError(401, "Authorization header missing."));
+  }
+  
+  const token = authHeader.split(' ')[1]; // Assuming "Bearer <token>"
+  if (!token) {
+    return next(new ApiError(401, "Token missing."));
+  }
+
+  try {
+    const decoded = verifyToken(token);
+    req.user = decoded;
+    next();
+  } catch (error) {
+    return next(new ApiError(403, "Invalid or expired token."));
+  }
+};