create-fluxstack 1.12.1 → 1.14.0

package/core/utils/logger/startup-banner.ts

@@ -1,82 +1,82 @@
-/**
- * FluxStack Logger - Startup Banner
- * Clean and beautiful startup display
- *
- * Developers can customize the banner by:
- * 1. Setting showBanner: false in server config
- * 2. Using displayStartupBanner() in app.listen() callback
- * 3. Creating completely custom banners with chalk
- */
-
-import chalk from 'chalk'
-import { LOG } from './index'
-import { FLUXSTACK_VERSION } from '../version'
-
-export interface StartupInfo {
-  port: number
-  host?: string
-  apiPrefix?: string
-  environment: string
-  pluginCount?: number
-  vitePort?: number
-  viteEmbedded?: boolean // true when Vite runs programmatically with backend
-  swaggerPath?: string
-  liveComponents?: string[]
-}
-
-/**
- * Display clean startup banner
- */
-export function displayStartupBanner(info: StartupInfo): void {
-  const {
-    port,
-    host = 'localhost',
-    apiPrefix = '/api',
-    environment,
-    pluginCount = 0,
-    vitePort,
-    viteEmbedded = false,
-    liveComponents = [],
-  } = info
-
-  // Build server URL
-  const displayHost = host === '0.0.0.0' ? 'localhost' : host
-  const serverUrl = `http://${displayHost}:${port}`
-
-  // Simple ready message with URL
-  console.log(chalk.green('\nServer ready!') + chalk.gray(` Environment: ${environment}${viteEmbedded ? ' | Vite: embedded' : ''}`))
-  console.log(chalk.cyan(`  → ${serverUrl}`))
-
-  // Display Live Components
-  if (liveComponents.length > 0) {
-    console.log(chalk.gray(`  Live Components (${liveComponents.length}): `) + chalk.yellow(liveComponents.join(', ')))
-  }
-
-  // Display plugins in compact format
-  const plugins = (global as any).__fluxstackPlugins || []
-  if (plugins.length > 0) {
-    const pluginList = plugins.map((p: any) => p.name).join(', ')
-    console.log(chalk.gray(`  Plugins (${plugins.length}): `) + chalk.magenta(pluginList))
-  }
-
-  console.log('') // Empty line at the end
-}
-
-/**
- * Display simple plugin loaded message
- */
-export function logPluginLoaded(name: string, version?: string): void {
-  const versionStr = version ? chalk.gray(`v${version}`) : ''
-  LOG(`${chalk.green('✓')} Plugin loaded: ${chalk.cyan(name)} ${versionStr}`)
-}
-
-/**
- * Display plugin count summary
- */
-export function logPluginsSummary(count: number): void {
-  if (count === 0) {
-    LOG(chalk.yellow('⚠  No plugins loaded'))
-  } else {
-    LOG(chalk.green(`✓ ${count} plugin${count > 1 ? 's' : ''} loaded successfully`))
-  }
-}
+/**
+ * FluxStack Logger - Startup Banner
+ * Clean and beautiful startup display
+ *
+ * Developers can customize the banner by:
+ * 1. Setting showBanner: false in server config
+ * 2. Using displayStartupBanner() in app.listen() callback
+ * 3. Creating completely custom banners with chalk
+ */
+
+import chalk from 'chalk'
+import { LOG } from './index'
+import { FLUXSTACK_VERSION } from '../version'
+
+export interface StartupInfo {
+  port: number
+  host?: string
+  apiPrefix?: string
+  environment: string
+  pluginCount?: number
+  vitePort?: number
+  viteEmbedded?: boolean // true when Vite runs programmatically with backend
+  swaggerPath?: string
+  liveComponents?: string[]
+}
+
+/**
+ * Display clean startup banner
+ */
+export function displayStartupBanner(info: StartupInfo): void {
+  const {
+    port,
+    host = 'localhost',
+    apiPrefix = '/api',
+    environment,
+    pluginCount = 0,
+    vitePort,
+    viteEmbedded = false,
+    liveComponents = [],
+  } = info
+
+  // Build server URL
+  const displayHost = host === '0.0.0.0' ? 'localhost' : host
+  const serverUrl = `http://${displayHost}:${port}`
+
+  // Simple ready message with URL
+  console.log(chalk.green('\nServer ready!') + chalk.gray(` Environment: ${environment}${viteEmbedded ? ' | Vite: embedded' : ''}`))
+  console.log(chalk.cyan(`  → ${serverUrl}`))
+
+  // Display Live Components
+  if (liveComponents.length > 0) {
+    console.log(chalk.gray(`  Live Components (${liveComponents.length}): `) + chalk.yellow(liveComponents.join(', ')))
+  }
+
+  // Display plugins in compact format
+  const plugins = (global as any).__fluxstackPlugins || []
+  if (plugins.length > 0) {
+    const pluginList = plugins.map((p: any) => p.name).join(', ')
+    console.log(chalk.gray(`  Plugins (${plugins.length}): `) + chalk.magenta(pluginList))
+  }
+
+  console.log('') // Empty line at the end
+}
+
+/**
+ * Display simple plugin loaded message
+ */
+export function logPluginLoaded(name: string, version?: string): void {
+  const versionStr = version ? chalk.gray(`v${version}`) : ''
+  LOG(`${chalk.green('✓')} Plugin loaded: ${chalk.cyan(name)} ${versionStr}`)
+}
+
+/**
+ * Display plugin count summary
+ */
+export function logPluginsSummary(count: number): void {
+  if (count === 0) {
+    LOG(chalk.yellow('⚠  No plugins loaded'))
+  } else {
+    LOG(chalk.green(`✓ ${count} plugin${count > 1 ? 's' : ''} loaded successfully`))
+  }
+}

package/core/utils/version.ts

@@ -1,6 +1,6 @@
-/**
- * FluxStack Framework Version
- * Single source of truth for version number
- * Auto-synced with package.json
- */
-export const FLUXSTACK_VERSION = '1.11.0'
+/**
+ * FluxStack Framework Version
+ * Single source of truth for version number
+ * Auto-synced with package.json
+ */
+export const FLUXSTACK_VERSION = '1.14.0'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-fluxstack",
-  "version": "1.12.1",
+  "version": "1.14.0",
   "description": "⚡ Revolutionary full-stack TypeScript framework with Declarative Config System, Elysia + React + Bun",
   "keywords": [
     "framework",
@@ -55,7 +55,6 @@
     "@types/react-dom": "^19.1.6",
     "@vitest/coverage-v8": "^3.2.4",
     "@vitest/ui": "^3.2.4",
-    "concurrently": "^9.2.0",
     "cross-env": "^10.1.0",
     "eslint": "^9.30.1",
     "eslint-plugin-react-hooks": "^5.2.0",
@@ -73,16 +72,11 @@
   "dependencies": {
     "@elysiajs/eden": "^1.3.2",
     "@elysiajs/swagger": "^1.3.1",
-    "@types/http-proxy-middleware": "^1.0.0",
-    "@types/ws": "^8.18.1",
     "@vitejs/plugin-react": "^4.6.0",
     "chalk": "^5.3.0",
-    "chokidar": "^4.0.3",
     "commander": "^12.1.0",
     "elysia": "^1.4.6",
-    "http-proxy-middleware": "^3.0.5",
     "lightningcss": "^1.30.1",
-    "lucide-react": "^0.544.0",
     "ora": "^8.1.0",
     "react": "^19.1.0",
     "react-dom": "^19.1.0",
@@ -92,7 +86,6 @@
     "vite": "^7.1.7",
     "winston": "^3.18.3",
     "winston-daily-rotate-file": "^5.0.0",
-    "ws": "^8.18.3",
     "zustand": "^5.0.8"
   },
   "engines": {

package/plugins/crypto-auth/index.ts

@@ -8,6 +8,8 @@ import type { FluxStack, PluginContext, RequestContext, ResponseContext } from "
 type Plugin = FluxStack.Plugin
 import { Elysia, t } from "elysia"
 import { CryptoAuthService, AuthMiddleware } from "./server"
+import { CryptoAuthLiveProvider } from "./server/CryptoAuthLiveProvider"
+import { liveAuthManager } from "@core/server/live/auth"
 import { makeProtectedRouteCommand } from "./cli/make-protected-route.command"
 
 // ✅ Plugin carrega sua própria configuração (da pasta config/ do plugin)
@@ -88,6 +90,10 @@ export const cryptoAuthPlugin: Plugin = {
     ;(global as any).cryptoAuthService = authService
     ;(global as any).cryptoAuthMiddleware = authMiddleware
 
+    // 🔒 Register as LiveAuthProvider for Live Components WebSocket auth
+    liveAuthManager.register(new CryptoAuthLiveProvider(authService))
+    context.logger.info('🔒 Crypto Auth registered as Live Components auth provider')
+
     // Store plugin info for table display
     if (!(global as any).__fluxstackPlugins) {
       (global as any).__fluxstackPlugins = []

package/plugins/crypto-auth/server/CryptoAuthLiveProvider.ts

@@ -0,0 +1,58 @@
+// 🔒 CryptoAuth → LiveAuthProvider Adapter
+//
+// Integra o plugin crypto-auth com o sistema de autenticação de Live Components.
+// Permite usar autenticação Ed25519 em componentes real-time.
+//
+// Uso:
+//   import { CryptoAuthLiveProvider } from '@plugins/crypto-auth/server/CryptoAuthLiveProvider'
+//   import { liveAuthManager } from '@core/server/live/auth'
+//
+//   liveAuthManager.register(new CryptoAuthLiveProvider(cryptoAuthService))
+
+import type { CryptoAuthService } from './CryptoAuthService'
+import type {
+  LiveAuthProvider,
+  LiveAuthCredentials,
+  LiveAuthContext,
+} from '@core/server/live/auth/types'
+import { AuthenticatedContext, ANONYMOUS_CONTEXT } from '@core/server/live/auth/LiveAuthContext'
+
+export class CryptoAuthLiveProvider implements LiveAuthProvider {
+  readonly name = 'crypto-auth'
+  private authService: CryptoAuthService
+
+  constructor(authService: CryptoAuthService) {
+    this.authService = authService
+  }
+
+  async authenticate(credentials: LiveAuthCredentials): Promise<LiveAuthContext | null> {
+    const { publicKey, signature, timestamp, nonce } = credentials
+
+    // Sem credenciais crypto = não autenticado
+    if (!publicKey || !signature) {
+      return null
+    }
+
+    const result = await this.authService.validateRequest({
+      publicKey: publicKey as string,
+      timestamp: (timestamp as number) || Date.now(),
+      nonce: (nonce as string) || '',
+      signature: signature as string,
+    })
+
+    if (!result.success || !result.user) {
+      return null
+    }
+
+    return new AuthenticatedContext(
+      {
+        id: result.user.publicKey,
+        roles: result.user.isAdmin ? ['admin'] : ['user'],
+        permissions: result.user.permissions,
+        publicKey: result.user.publicKey,
+        isAdmin: result.user.isAdmin,
+      },
+      publicKey as string // token = publicKey
+    )
+  }
+}

package/plugins/crypto-auth/server/index.ts

@@ -1,22 +1,25 @@
-/**
- * Exportações do servidor de autenticação
- */
-
-export { CryptoAuthService } from './CryptoAuthService'
-export type { AuthResult, CryptoAuthConfig } from './CryptoAuthService'
-
-export { AuthMiddleware } from './AuthMiddleware'
-export type { AuthMiddlewareConfig, AuthMiddlewareResult } from './AuthMiddleware'
-
-// Middlewares Elysia
-export {
-  cryptoAuthRequired,
-  cryptoAuthAdmin,
-  cryptoAuthPermissions,
-  cryptoAuthOptional,
-  getCryptoAuthUser,
-  isCryptoAuthAuthenticated,
-  isCryptoAuthAdmin,
-  hasCryptoAuthPermission
-} from './middlewares'
+/**
+ * Exportações do servidor de autenticação
+ */
+
+export { CryptoAuthService } from './CryptoAuthService'
+export type { AuthResult, CryptoAuthConfig } from './CryptoAuthService'
+
+export { AuthMiddleware } from './AuthMiddleware'
+export type { AuthMiddlewareConfig, AuthMiddlewareResult } from './AuthMiddleware'
+
+// LiveAuthProvider adapter for Live Components
+export { CryptoAuthLiveProvider } from './CryptoAuthLiveProvider'
+
+// Middlewares Elysia
+export {
+  cryptoAuthRequired,
+  cryptoAuthAdmin,
+  cryptoAuthPermissions,
+  cryptoAuthOptional,
+  getCryptoAuthUser,
+  isCryptoAuthAuthenticated,
+  isCryptoAuthAdmin,
+  hasCryptoAuthPermission
+} from './middlewares'
 export type { CryptoAuthUser, CryptoAuthMiddlewareOptions } from './middlewares'

package/rest-tests/README.md

@@ -0,0 +1,57 @@
+# REST Tests
+
+Arquivos `.http` para teste manual das APIs usando a extensão [REST Client](https://marketplace.visualstudio.com/items?itemName=humao.rest-client) do VSCode.
+
+## Requisitos
+
+- **VSCode** com extensão **REST Client** (`humao.rest-client`)
+- **Servidor rodando**: `bun run dev`
+
+## Arquivos
+
+| Arquivo | Guard | Descrição |
+|---------|-------|-----------|
+| `auth.http` | Session (cookie) | Register, Login, Me, Logout |
+| `auth-token.http` | Token (Bearer) | Register, Login, Me, Logout |
+| `users-token.http` | Token (Bearer) | CRUD de usuários |
+| `rooms-token.http` | Token (Bearer) | Mensagens e eventos de salas |
+
+## Configuração do Guard
+
+Os arquivos `*-token.http` requerem o guard de token. Configure no `.env`:
+
+```bash
+AUTH_DEFAULT_GUARD=token
+```
+
+Os arquivos sem sufixo usam o guard de sessão (padrão).
+
+## Como usar
+
+1. Abra qualquer arquivo `.http` no VSCode
+2. Clique em **"Send Request"** acima de cada bloco `###`
+3. O response aparece numa aba lateral
+
+## Fluxo de teste (Token)
+
+```
+1. GET  /api/health          → Verificar servidor
+2. POST /api/auth/register   → Criar usuário (retorna token)
+3. POST /api/auth/login      → Login (retorna token)
+4. GET  /api/auth/me          → Bearer token no header
+5. POST /api/auth/logout      → Revogar token
+```
+
+> **Dica**: Nos arquivos `*-token.http`, o token do login é capturado automaticamente via `@name login` e injetado nos requests seguintes com `{{login.response.body.token}}`.
+
+## Fluxo de teste (Session)
+
+```
+1. GET  /api/health          → Verificar servidor
+2. POST /api/auth/register   → Criar usuário
+3. POST /api/auth/login      → Obter cookie de sessão
+4. GET  /api/auth/me          → Usar cookie para ver perfil
+5. POST /api/auth/logout      → Encerrar sessão
+```
+
+> **Dica**: Após o login, copie o valor do cookie `fluxstack_session` do response e cole nos requests que precisam de autenticação.

package/rest-tests/auth-token.http

@@ -0,0 +1,113 @@
+@base = http://localhost:3000/api
+
+# =============================================
+# Auth Tests - Bearer Token Guard
+# =============================================
+# Requer: AUTH_DEFAULT_GUARD=token no .env
+# =============================================
+
+### ===== Health Check =====
+
+GET {{base}}/health
+
+### ===== Register =====
+# @name register
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "John Doe",
+  "email": "john@example.com",
+  "password": "secret123"
+}
+
+### ===== Register (duplicado - 422) =====
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "Jane Doe",
+  "email": "john@example.com",
+  "password": "other123"
+}
+
+### ===== Register (campos faltando - 422) =====
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "No Email"
+}
+
+### ===== Register (senha curta - 422) =====
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "Short Pass",
+  "email": "short@example.com",
+  "password": "12"
+}
+
+### ===== Login =====
+# @name login
+
+POST {{base}}/auth/login
+Content-Type: application/json
+
+{
+  "email": "john@example.com",
+  "password": "secret123"
+}
+
+### ===== Login (senha errada - 401) =====
+
+POST {{base}}/auth/login
+Content-Type: application/json
+
+{
+  "email": "john@example.com",
+  "password": "wrong-password"
+}
+
+### ===== Login (email desconhecido - 401) =====
+
+POST {{base}}/auth/login
+Content-Type: application/json
+
+{
+  "email": "unknown@example.com",
+  "password": "secret123"
+}
+
+### ===== Me (sem token - 401) =====
+
+GET {{base}}/auth/me
+
+### ===== Me (com Bearer token) =====
+
+GET {{base}}/auth/me
+Authorization: Bearer {{login.response.body.token}}
+
+### ===== Me (token inválido - 401) =====
+
+GET {{base}}/auth/me
+Authorization: Bearer token-invalido-123
+
+### ===== Logout (sem token - 401) =====
+
+POST {{base}}/auth/logout
+
+### ===== Logout (com Bearer token) =====
+
+POST {{base}}/auth/logout
+Authorization: Bearer {{login.response.body.token}}
+
+### ===== Me após logout (token revogado - 401) =====
+
+GET {{base}}/auth/me
+Authorization: Bearer {{login.response.body.token}}

package/rest-tests/auth.http

@@ -0,0 +1,112 @@
+@base = http://localhost:3000/api
+
+### ===== Health Check =====
+
+GET {{base}}/health
+
+### ===== Register =====
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "John Doe",
+  "email": "john@example.com",
+  "password": "secret123"
+}
+
+### ===== Register (duplicate - should return 422) =====
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "Jane Doe",
+  "email": "john@example.com",
+  "password": "other123"
+}
+
+### ===== Register (missing fields - should return 422) =====
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "No Email"
+}
+
+### ===== Register (short password - should return 422) =====
+
+POST {{base}}/auth/register
+Content-Type: application/json
+
+{
+  "name": "Short Pass",
+  "email": "short@example.com",
+  "password": "12"
+}
+
+### ===== Login =====
+
+# @name login
+POST {{base}}/auth/login
+Content-Type: application/json
+
+{
+  "email": "john@example.com",
+  "password": "secret123"
+}
+
+### ===== Login (wrong password - should return 401) =====
+
+POST {{base}}/auth/login
+Content-Type: application/json
+
+{
+  "email": "john@example.com",
+  "password": "wrong-password"
+}
+
+### ===== Login (unknown email - should return 401) =====
+
+POST {{base}}/auth/login
+Content-Type: application/json
+
+{
+  "email": "unknown@example.com",
+  "password": "secret123"
+}
+
+### ===== Me (no auth - should return 401) =====
+
+GET {{base}}/auth/me
+
+### ===== Me (with session cookie) =====
+# Copy the fluxstack_session cookie value from the login response above
+
+GET {{base}}/auth/me
+Cookie: fluxstack_session=PASTE_SESSION_COOKIE_HERE
+
+### ===== Logout (no auth - should return 401) =====
+
+POST {{base}}/auth/logout
+
+### ===== Logout (with session cookie) =====
+# Copy the fluxstack_session cookie value from the login response
+
+POST {{base}}/auth/logout
+Cookie: fluxstack_session=PASTE_SESSION_COOKIE_HERE
+
+### ===== Users CRUD =====
+
+GET {{base}}/users
+
+###
+
+POST {{base}}/users
+Content-Type: application/json
+
+{
+  "name": "Test User",
+  "email": "test@example.com"
+}