npm - create-fluxstack - Versions diffs - 1.12.0 → 1.13.0 - Mend

create-fluxstack 1.12.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/LLMD/INDEX.md +8 -1
package/LLMD/agent.md +867 -0
package/LLMD/config/environment-vars.md +30 -0
package/LLMD/resources/live-auth.md +447 -0
package/LLMD/resources/live-components.md +79 -21
package/LLMD/resources/live-logging.md +158 -0
package/LLMD/resources/live-upload.md +1 -1
package/LLMD/resources/rest-auth.md +290 -0
package/README.md +520 -340
package/app/client/src/App.tsx +11 -0
package/app/client/src/components/AppLayout.tsx +1 -0
package/app/client/src/live/AuthDemo.tsx +332 -0
package/app/client/src/live/RoomChatDemo.tsx +24 -105
package/app/server/auth/AuthManager.ts +213 -0
package/app/server/auth/DevAuthProvider.ts +66 -0
package/app/server/auth/HashManager.ts +123 -0
package/app/server/auth/JWTAuthProvider.example.ts +101 -0
package/app/server/auth/RateLimiter.ts +106 -0
package/app/server/auth/contracts.ts +192 -0
package/app/server/auth/guards/SessionGuard.ts +167 -0
package/app/server/auth/guards/TokenGuard.ts +202 -0
package/app/server/auth/index.ts +174 -0
package/app/server/auth/middleware.ts +163 -0
package/app/server/auth/providers/InMemoryProvider.ts +162 -0
package/app/server/auth/sessions/SessionManager.ts +164 -0
package/app/server/cache/CacheManager.ts +81 -0
package/app/server/cache/MemoryDriver.ts +112 -0
package/app/server/cache/contracts.ts +49 -0
package/app/server/cache/index.ts +42 -0
package/app/server/index.ts +14 -0
package/app/server/live/LiveAdminPanel.ts +173 -0
package/app/server/live/LiveCounter.ts +1 -0
package/app/server/live/LiveLocalCounter.ts +13 -8
package/app/server/live/LiveProtectedChat.ts +150 -0
package/app/server/live/LiveRoomChat.ts +45 -203
package/app/server/routes/auth.routes.ts +278 -0
package/app/server/routes/index.ts +2 -0
package/config/index.ts +8 -0
package/config/system/auth.config.ts +49 -0
package/config/system/session.config.ts +33 -0
package/core/client/LiveComponentsProvider.tsx +76 -5
package/core/client/components/Live.tsx +2 -1
package/core/client/hooks/useLiveComponent.ts +47 -4
package/core/client/index.ts +2 -1
package/core/framework/server.ts +36 -4
package/core/plugins/built-in/live-components/commands/create-live-component.ts +15 -8
package/core/plugins/built-in/monitoring/index.ts +10 -3
package/core/plugins/built-in/vite/index.ts +95 -18
package/core/plugins/config.ts +5 -4
package/core/plugins/discovery.ts +11 -2
package/core/plugins/manager.ts +11 -5
package/core/plugins/module-resolver.ts +1 -1
package/core/plugins/registry.ts +53 -25
package/core/server/live/ComponentRegistry.ts +79 -24
package/core/server/live/LiveComponentPerformanceMonitor.ts +9 -8
package/core/server/live/LiveLogger.ts +111 -0
package/core/server/live/LiveRoomManager.ts +5 -4
package/core/server/live/StateSignature.ts +644 -643
package/core/server/live/auth/LiveAuthContext.ts +71 -0
package/core/server/live/auth/LiveAuthManager.ts +304 -0
package/core/server/live/auth/index.ts +19 -0
package/core/server/live/auth/types.ts +179 -0
package/core/server/live/auto-generated-components.ts +8 -2
package/core/server/live/index.ts +16 -0
package/core/server/live/websocket-plugin.ts +92 -16
package/core/templates/create-project.ts +0 -3
package/core/types/types.ts +133 -13
package/core/utils/index.ts +17 -17
package/core/utils/logger/index.ts +5 -2
package/core/utils/version.ts +1 -1
package/package.json +1 -8
package/plugins/crypto-auth/index.ts +6 -0
package/plugins/crypto-auth/server/CryptoAuthLiveProvider.ts +58 -0
package/plugins/crypto-auth/server/index.ts +24 -21
package/rest-tests/README.md +57 -0
package/rest-tests/auth-token.http +113 -0
package/rest-tests/auth.http +112 -0
package/rest-tests/rooms-token.http +69 -0
package/rest-tests/users-token.http +62 -0
package/.dockerignore +0 -81
package/Dockerfile +0 -70
package/LIVE_COMPONENTS_REVIEW.md +0 -781

package/app/server/auth/index.ts ADDED Viewed

@@ -0,0 +1,174 @@
+/**
+ * FluxStack Auth System
+ *
+ * Sistema de autenticação modular inspirado no Laravel.
+ * Guard + Provider pattern com session e token support.
+ *
+ * ```ts
+ * import { auth, guest, initAuth, getAuthManager } from '@server/auth'
+ *
+ * // Inicializar (no boot da app)
+ * initAuth()
+ *
+ * // Proteger rotas
+ * app.use(auth()).get('/me', ({ user }) => user.toJSON())
+ * app.use(guest()).post('/login', loginHandler)
+ *
+ * // Usar auth manager diretamente
+ * const manager = getAuthManager()
+ * const guard = manager.guard('session')
+ * const user = await guard.attempt({ email, password })
+ * ```
+ */
+// Contracts
+export type {
+  Authenticatable,
+  Guard,
+  UserProvider,
+  RequestContext,
+  CookieOptions,
+  GuardConfig,
+  GuardFactory,
+} from './contracts'
+// Auth Manager
+export { AuthManager } from './AuthManager'
+export type { AuthManagerConfig, ProviderConfig } from './AuthManager'
+// Hash
+export { HashManager, Hash, getHashManager, setHashManager } from './HashManager'
+export type { HashAlgorithm, HashOptions } from './HashManager'
+// Rate Limiter
+export { RateLimiter } from './RateLimiter'
+// Guards
+export { SessionGuard } from './guards/SessionGuard'
+export { TokenGuard } from './guards/TokenGuard'
+// Providers
+export { InMemoryUserProvider, InMemoryUser } from './providers/InMemoryProvider'
+// Sessions
+export { SessionManager } from './sessions/SessionManager'
+export type { SessionData, SessionConfig } from './sessions/SessionManager'
+// Middleware
+export { auth, guest, authOptional } from './middleware'
+// ===== Boot =====
+import { AuthManager } from './AuthManager'
+import { HashManager, setHashManager } from './HashManager'
+import { RateLimiter } from './RateLimiter'
+import { SessionManager } from './sessions/SessionManager'
+import { InMemoryUserProvider } from './providers/InMemoryProvider'
+import { setAuthManagerForMiddleware, buildRequestContext } from './middleware'
+import { cacheManager } from '@server/cache'
+import { authConfig } from '@config/system/auth.config'
+import { sessionConfig } from '@config/system/session.config'
+let authManagerInstance: AuthManager | null = null
+let rateLimiterInstance: RateLimiter | null = null
+let sessionManagerInstance: SessionManager | null = null
+/**
+ * Inicializa o sistema de auth.
+ * Deve ser chamado uma vez no boot da aplicação.
+ */
+export function initAuth(): {
+  authManager: AuthManager
+  rateLimiter: RateLimiter
+  sessionManager: SessionManager
+} {
+  // 1. Configurar Hash
+  const hashManager = new HashManager({
+    algorithm: authConfig.passwords.hashAlgorithm as 'bcrypt' | 'argon2id',
+    bcryptRounds: authConfig.passwords.bcryptRounds,
+  })
+  setHashManager(hashManager)
+  // 2. Criar Session Manager
+  const cache = cacheManager.driver()
+  sessionManagerInstance = new SessionManager(cache, {
+    lifetime: sessionConfig.lifetime,
+    cookieName: sessionConfig.cookieName,
+    httpOnly: sessionConfig.httpOnly,
+    secure: sessionConfig.secure,
+    sameSite: sessionConfig.sameSite as 'strict' | 'lax' | 'none',
+    path: sessionConfig.path,
+    domain: sessionConfig.domain || undefined,
+  })
+  // 3. Criar Rate Limiter
+  rateLimiterInstance = new RateLimiter(cache)
+  // 4. Criar Auth Manager
+  authManagerInstance = new AuthManager(
+    {
+      defaults: {
+        guard: authConfig.defaults.guard ?? 'session',
+        provider: authConfig.defaults.provider ?? 'memory',
+      },
+      guards: {
+        session: {
+          driver: 'session',
+          provider: 'memory',
+        },
+        token: {
+          driver: 'token',
+          provider: 'memory',
+          tokenTtl: authConfig.token.ttl,
+        },
+      },
+      providers: {
+        memory: {
+          driver: 'memory',
+        },
+      },
+    },
+    sessionManagerInstance
+  )
+  // 5. Registrar InMemoryProvider como default
+  const inMemoryProvider = new InMemoryUserProvider()
+  authManagerInstance.registerProvider('memory', inMemoryProvider)
+  // 6. Conectar middleware
+  setAuthManagerForMiddleware(authManagerInstance)
+  console.log(`🔐 Auth system initialized (guard: ${authConfig.defaults.guard}, hash: ${authConfig.passwords.hashAlgorithm})`)
+  return {
+    authManager: authManagerInstance,
+    rateLimiter: rateLimiterInstance,
+    sessionManager: sessionManagerInstance,
+  }
+}
+/** Retorna o AuthManager (deve ser chamado após initAuth) */
+export function getAuthManager(): AuthManager {
+  if (!authManagerInstance) {
+    throw new Error('Auth not initialized. Call initAuth() first.')
+  }
+  return authManagerInstance
+}
+/** Retorna o RateLimiter (deve ser chamado após initAuth) */
+export function getRateLimiter(): RateLimiter {
+  if (!rateLimiterInstance) {
+    throw new Error('Auth not initialized. Call initAuth() first.')
+  }
+  return rateLimiterInstance
+}
+/** Retorna o SessionManager (deve ser chamado após initAuth) */
+export function getSessionManager(): SessionManager {
+  if (!sessionManagerInstance) {
+    throw new Error('Auth not initialized. Call initAuth() first.')
+  }
+  return sessionManagerInstance
+}
+export { buildRequestContext }

package/app/server/auth/middleware.ts ADDED Viewed

@@ -0,0 +1,163 @@
+/**
+ * FluxStack Auth - Elysia Middleware
+ *
+ * Middlewares prontos para proteger rotas:
+ *
+ * ```ts
+ * // Rota protegida (requer login)
+ * app.use(auth()).get('/me', ({ user }) => user.toJSON())
+ *
+ * // Rota de guest (requer NÃO estar logado)
+ * app.use(guest()).post('/login', loginHandler)
+ *
+ * // Guard específico
+ * app.use(auth('api')).get('/api/data', handler)
+ * ```
+ */
+import { Elysia } from 'elysia'
+import type { AuthManager } from './AuthManager'
+import type { Authenticatable, RequestContext } from './contracts'
+/** Referência ao AuthManager (setado no boot) */
+let authManagerRef: AuthManager | null = null
+export function setAuthManagerForMiddleware(manager: AuthManager): void {
+  authManagerRef = manager
+}
+/**
+ * Extrai RequestContext do context do Elysia.
+ */
+function buildRequestContext(ctx: any): RequestContext {
+  const headers: Record<string, string | undefined> = {}
+  if (ctx.headers) {
+    for (const [key, value] of Object.entries(ctx.headers)) {
+      headers[key] = value as string | undefined
+    }
+  }
+  return {
+    headers,
+    cookie: ctx.cookie ?? {},
+    setCookie: (name: string, value: string, options?: any) => {
+      if (ctx.cookie) {
+        ctx.cookie[name].set({
+          value,
+          ...options,
+        })
+      }
+    },
+    removeCookie: (name: string) => {
+      if (ctx.cookie) {
+        ctx.cookie[name].set({
+          value: '',
+          maxAge: 0,
+          path: '/',
+        })
+      }
+    },
+    ip: ctx.request?.headers?.get('x-forwarded-for')
+      ?? ctx.request?.headers?.get('x-real-ip')
+      ?? ctx.server?.requestIP?.(ctx.request)?.address
+      ?? '127.0.0.1',
+  }
+}
+/**
+ * Middleware que requer autenticação.
+ * Injeta `user` (Authenticatable) no context do Elysia.
+ *
+ * Retorna 401 se não autenticado.
+ */
+export function auth(guardName?: string) {
+  return new Elysia({ name: `auth-guard${guardName ? `-${guardName}` : ''}` })
+    .derive(async (ctx) => {
+      if (!authManagerRef) {
+        throw new Error('Auth system not initialized. Did you forget to call initAuth()?')
+      }
+      const requestContext = buildRequestContext(ctx)
+      const guard = authManagerRef.freshGuard(guardName, requestContext)
+      const user = await guard.user()
+      return {
+        user: user as Authenticatable | null,
+        auth: guard,
+      }
+    })
+    .onBeforeHandle(async (ctx) => {
+      if (!(ctx as any).user) {
+        (ctx as any).set.status = 401
+        return {
+          success: false,
+          error: 'Unauthenticated',
+          message: 'You must be logged in to access this resource.',
+        }
+      }
+    })
+    .as('scoped')
+}
+/**
+ * Middleware que requer NÃO estar autenticado.
+ * Útil para rotas de login/register.
+ *
+ * Retorna 409 se já autenticado.
+ */
+export function guest(guardName?: string) {
+  return new Elysia({ name: `guest-guard${guardName ? `-${guardName}` : ''}` })
+    .derive(async (ctx) => {
+      if (!authManagerRef) {
+        throw new Error('Auth system not initialized. Did you forget to call initAuth()?')
+      }
+      const requestContext = buildRequestContext(ctx)
+      const guard = authManagerRef.freshGuard(guardName, requestContext)
+      const user = await guard.user()
+      return {
+        user: user as Authenticatable | null,
+        auth: guard,
+      }
+    })
+    .onBeforeHandle(async (ctx) => {
+      if ((ctx as any).user) {
+        (ctx as any).set.status = 409
+        return {
+          success: false,
+          error: 'AlreadyAuthenticated',
+          message: 'You are already logged in.',
+        }
+      }
+    })
+    .as('scoped')
+}
+/**
+ * Middleware que resolve auth opcionalmente (não bloqueia).
+ * Útil para rotas que funcionam com ou sem login.
+ */
+export function authOptional(guardName?: string) {
+  return new Elysia({ name: `auth-optional${guardName ? `-${guardName}` : ''}` })
+    .derive(async (ctx) => {
+      if (!authManagerRef) {
+        return { user: null, auth: null }
+      }
+      const requestContext = buildRequestContext(ctx)
+      const guard = authManagerRef.freshGuard(guardName, requestContext)
+      const user = await guard.user()
+      return {
+        user: user as Authenticatable | null,
+        auth: guard,
+      }
+    })
+    .as('scoped')
+}
+export { buildRequestContext }

package/app/server/auth/providers/InMemoryProvider.ts ADDED Viewed

@@ -0,0 +1,162 @@
+/**
+ * FluxStack Auth - In-Memory User Provider
+ *
+ * Provider que armazena usuários em memória.
+ * Ideal para desenvolvimento, demos e testes.
+ *
+ * Para produção, implemente UserProvider com seu ORM:
+ * ```ts
+ * class DrizzleUserProvider implements UserProvider {
+ *   async retrieveById(id) {
+ *     return db.select().from(users).where(eq(users.id, id)).get()
+ *   }
+ *   // ...
+ * }
+ * ```
+ */
+import type { Authenticatable, UserProvider } from '../contracts'
+import { Hash } from '../HashManager'
+// ===== In-Memory User Model =====
+export class InMemoryUser implements Authenticatable {
+  id: number
+  name: string
+  email: string
+  passwordHash: string
+  rememberToken: string | null = null
+  createdAt: Date
+  constructor(data: {
+    id: number
+    name: string
+    email: string
+    passwordHash: string
+    createdAt?: Date
+  }) {
+    this.id = data.id
+    this.name = data.name
+    this.email = data.email
+    this.passwordHash = data.passwordHash
+    this.createdAt = data.createdAt ?? new Date()
+  }
+  getAuthId(): number {
+    return this.id
+  }
+  getAuthIdField(): string {
+    return 'id'
+  }
+  getAuthPassword(): string {
+    return this.passwordHash
+  }
+  getRememberToken(): string | null {
+    return this.rememberToken
+  }
+  setRememberToken(token: string | null): void {
+    this.rememberToken = token
+  }
+  toJSON(): Record<string, unknown> {
+    return {
+      id: this.id,
+      name: this.name,
+      email: this.email,
+      createdAt: this.createdAt.toISOString(),
+    }
+  }
+}
+// ===== Provider =====
+export class InMemoryUserProvider implements UserProvider {
+  private users: InMemoryUser[] = []
+  private nextId = 1
+  async retrieveById(id: string | number): Promise<Authenticatable | null> {
+    return this.users.find(u => u.id === Number(id)) ?? null
+  }
+  async retrieveByCredentials(credentials: Record<string, unknown>): Promise<Authenticatable | null> {
+    // Buscar por qualquer campo EXCETO password
+    const { password: _, ...searchFields } = credentials
+    return this.users.find(user => {
+      return Object.entries(searchFields).every(([key, value]) => {
+        return (user as any)[key] === value
+      })
+    }) ?? null
+  }
+  async validateCredentials(user: Authenticatable, credentials: Record<string, unknown>): Promise<boolean> {
+    const password = credentials.password as string | undefined
+    if (!password) return false
+    const valid = await Hash.check(password, user.getAuthPassword())
+    // Rehash transparente se necessário
+    if (valid && Hash.needsRehash(user.getAuthPassword())) {
+      const newHash = await Hash.make(password)
+      // Atualizar hash in-memory
+      const memUser = user as InMemoryUser
+      memUser.passwordHash = newHash
+    }
+    return valid
+  }
+  async retrieveByToken(id: string | number, token: string): Promise<Authenticatable | null> {
+    const user = this.users.find(u => u.id === Number(id))
+    if (!user) return null
+    if (user.getRememberToken() !== token) return null
+    return user
+  }
+  async updateRememberToken(user: Authenticatable, token: string | null): Promise<void> {
+    user.setRememberToken(token)
+  }
+  async createUser(data: Record<string, unknown>): Promise<Authenticatable> {
+    const name = data.name as string
+    const email = data.email as string
+    const password = data.password as string
+    if (!name || !email || !password) {
+      throw new Error('Name, email and password are required')
+    }
+    // Verificar email duplicado
+    const existing = this.users.find(u => u.email === email)
+    if (existing) {
+      throw new Error('Email already in use')
+    }
+    const passwordHash = await Hash.make(password)
+    const user = new InMemoryUser({
+      id: this.nextId++,
+      name,
+      email,
+      passwordHash,
+    })
+    this.users.push(user)
+    return user
+  }
+  /** Para testes: reset completo */
+  reset(): void {
+    this.users = []
+    this.nextId = 1
+  }
+  /** Para testes: retorna todos os usuários */
+  getAll(): InMemoryUser[] {
+    return [...this.users]
+  }
+}

package/app/server/auth/sessions/SessionManager.ts ADDED Viewed

@@ -0,0 +1,164 @@
+/**
+ * FluxStack Auth - Session Manager
+ *
+ * Gerencia sessões de usuários usando o cache system modular.
+ * Cada sessão é um registro no cache com TTL automático.
+ *
+ * ```ts
+ * const sessionId = await sessionManager.create({ userId: 1 })
+ * const data = await sessionManager.read(sessionId)
+ * await sessionManager.destroy(sessionId)
+ * ```
+ */
+import type { CacheDriver } from '@server/cache/contracts'
+import { cacheManager } from '@server/cache'
+export interface SessionData {
+  [key: string]: unknown
+}
+export interface SessionConfig {
+  /** Tempo de vida da sessão em segundos (default: 7200 = 2h) */
+  lifetime: number
+  /** Nome do cookie (default: 'fluxstack_session') */
+  cookieName: string
+  /** Cookie httpOnly (default: true) */
+  httpOnly: boolean
+  /** Cookie secure (default: false em dev, true em prod) */
+  secure: boolean
+  /** Cookie sameSite (default: 'lax') */
+  sameSite: 'strict' | 'lax' | 'none'
+  /** Cookie path (default: '/') */
+  path: string
+  /** Cookie domain (default: undefined = current domain) */
+  domain?: string
+}
+const DEFAULT_CONFIG: SessionConfig = {
+  lifetime: 7200,
+  cookieName: 'fluxstack_session',
+  httpOnly: true,
+  secure: false,
+  sameSite: 'lax',
+  path: '/',
+}
+export class SessionManager {
+  private cache: CacheDriver
+  private config: SessionConfig
+  constructor(cache?: CacheDriver, config?: Partial<SessionConfig>) {
+    this.cache = cache ?? cacheManager.driver()
+    this.config = { ...DEFAULT_CONFIG, ...config }
+  }
+  /**
+   * Cria uma nova sessão e retorna o ID.
+   */
+  async create(data: SessionData = {}): Promise<string> {
+    const sessionId = this.generateId()
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      { ...data, _createdAt: Date.now() },
+      this.config.lifetime
+    )
+    return sessionId
+  }
+  /**
+   * Lê os dados de uma sessão.
+   */
+  async read(sessionId: string): Promise<SessionData | null> {
+    return this.cache.get<SessionData>(this.cacheKey(sessionId))
+  }
+  /**
+   * Atualiza os dados de uma sessão (merge com dados existentes).
+   */
+  async update(sessionId: string, data: SessionData): Promise<void> {
+    const existing = await this.read(sessionId)
+    if (!existing) return
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      { ...existing, ...data },
+      this.config.lifetime
+    )
+  }
+  /**
+   * Define um valor específico na sessão.
+   */
+  async put(sessionId: string, key: string, value: unknown): Promise<void> {
+    const existing = await this.read(sessionId)
+    if (!existing) return
+    existing[key] = value
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      existing,
+      this.config.lifetime
+    )
+  }
+  /**
+   * Remove um valor específico da sessão.
+   */
+  async forget(sessionId: string, key: string): Promise<void> {
+    const existing = await this.read(sessionId)
+    if (!existing) return
+    delete existing[key]
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      existing,
+      this.config.lifetime
+    )
+  }
+  /**
+   * Destroi uma sessão.
+   */
+  async destroy(sessionId: string): Promise<void> {
+    await this.cache.delete(this.cacheKey(sessionId))
+  }
+  /**
+   * Regenera o ID da sessão (mantém os dados).
+   * Importante após login para prevenir session fixation.
+   */
+  async regenerate(oldSessionId: string): Promise<string> {
+    const data = await this.read(oldSessionId)
+    await this.destroy(oldSessionId)
+    const newSessionId = this.generateId()
+    if (data) {
+      await this.cache.set(
+        this.cacheKey(newSessionId),
+        data,
+        this.config.lifetime
+      )
+    }
+    return newSessionId
+  }
+  /** Retorna a configuração de sessão */
+  getConfig(): SessionConfig {
+    return this.config
+  }
+  /** Gera um session ID criptograficamente seguro */
+  private generateId(): string {
+    const bytes = new Uint8Array(32)
+    crypto.getRandomValues(bytes)
+    return Array.from(bytes)
+      .map(b => b.toString(16).padStart(2, '0'))
+      .join('')
+  }
+  /** Chave no cache para a sessão */
+  private cacheKey(sessionId: string): string {
+    return `session:${sessionId}`
+  }
+}