create-forgeon 0.2.5 → 0.2.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-forgeon",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "Forgeon project generator CLI",
   "license": "MIT",
   "author": "Forgeon",

package/src/modules/executor.mjs

@@ -6,6 +6,8 @@ import { applyDbPrismaModule } from './db-prisma.mjs';
 import { applyI18nModule } from './i18n.mjs';
 import { applyJwtAuthModule } from './jwt-auth.mjs';
 import { applyLoggerModule } from './logger.mjs';
+import { applyRateLimitModule } from './rate-limit.mjs';
+import { applyRbacModule } from './rbac.mjs';
 import { applySwaggerModule } from './swagger.mjs';
 
 function ensureForgeonLikeProject(targetRoot) {
@@ -29,6 +31,8 @@ const MODULE_APPLIERS = {
   i18n: applyI18nModule,
   'jwt-auth': applyJwtAuthModule,
   logger: applyLoggerModule,
+  'rate-limit': applyRateLimitModule,
+  rbac: applyRbacModule,
   swagger: applySwaggerModule,
 };
 

package/src/modules/executor.test.mjs

@@ -42,6 +42,76 @@ function assertDbPrismaWiring(projectRoot) {
   assert.match(healthController, /PrismaService/);
 }
 
+function assertRateLimitWiring(projectRoot) {
+  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
+  assert.match(appModule, /rateLimitConfig/);
+  assert.match(appModule, /rateLimitEnvSchema/);
+  assert.match(appModule, /ForgeonRateLimitModule/);
+
+  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
+  assert.match(apiPackage, /@forgeon\/rate-limit/);
+  assert.match(apiPackage, /pnpm --filter @forgeon\/rate-limit build/);
+
+  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
+  assert.match(apiDockerfile, /COPY packages\/rate-limit\/package\.json packages\/rate-limit\/package\.json/);
+  assert.match(apiDockerfile, /COPY packages\/rate-limit packages\/rate-limit/);
+  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/rate-limit build/);
+
+  const compose = fs.readFileSync(path.join(projectRoot, 'infra', 'docker', 'compose.yml'), 'utf8');
+  assert.match(compose, /THROTTLE_ENABLED: \$\{THROTTLE_ENABLED\}/);
+  assert.match(compose, /THROTTLE_LIMIT: \$\{THROTTLE_LIMIT\}/);
+
+  const apiEnv = fs.readFileSync(path.join(projectRoot, 'apps', 'api', '.env.example'), 'utf8');
+  assert.match(apiEnv, /THROTTLE_ENABLED=true/);
+  assert.match(apiEnv, /THROTTLE_TTL=10/);
+  assert.match(apiEnv, /THROTTLE_LIMIT=3/);
+
+  const healthController = fs.readFileSync(
+    path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
+    'utf8',
+  );
+  assert.match(healthController, /@Get\('rate-limit'\)/);
+  assert.match(healthController, /TOO_MANY_REQUESTS/);
+
+  const appTsx = fs.readFileSync(path.join(projectRoot, 'apps', 'web', 'src', 'App.tsx'), 'utf8');
+  assert.match(appTsx, /Check rate limit \(click repeatedly\)/);
+  assert.match(appTsx, /Rate limit probe response/);
+
+  const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
+  assert.match(readme, /## Rate Limit Module/);
+}
+
+function assertRbacWiring(projectRoot) {
+  const appModule = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'src', 'app.module.ts'), 'utf8');
+  assert.match(appModule, /ForgeonRbacModule/);
+
+  const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
+  assert.match(apiPackage, /@forgeon\/rbac/);
+  assert.match(apiPackage, /pnpm --filter @forgeon\/rbac build/);
+
+  const apiDockerfile = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'Dockerfile'), 'utf8');
+  assert.match(apiDockerfile, /COPY packages\/rbac\/package\.json packages\/rbac\/package\.json/);
+  assert.match(apiDockerfile, /COPY packages\/rbac packages\/rbac/);
+  assert.match(apiDockerfile, /RUN pnpm --filter @forgeon\/rbac build/);
+
+  const healthController = fs.readFileSync(
+    path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
+    'utf8',
+  );
+  assert.match(healthController, /UseGuards/);
+  assert.match(healthController, /ForgeonRbacGuard/);
+  assert.match(healthController, /@Get\('rbac'\)/);
+  assert.match(healthController, /@Permissions\('health\.rbac'\)/);
+
+  const appTsx = fs.readFileSync(path.join(projectRoot, 'apps', 'web', 'src', 'App.tsx'), 'utf8');
+  assert.match(appTsx, /Check RBAC access/);
+  assert.match(appTsx, /RBAC probe response/);
+  assert.match(appTsx, /x-forgeon-permissions/);
+
+  const readme = fs.readFileSync(path.join(projectRoot, 'README.md'), 'utf8');
+  assert.match(readme, /## RBAC \/ Permissions Module/);
+}
+
 function assertJwtAuthWiring(projectRoot, withPrismaStore) {
   const apiPackage = fs.readFileSync(path.join(projectRoot, 'apps', 'api', 'package.json'), 'utf8');
   assert.match(apiPackage, /@forgeon\/auth-api/);
@@ -529,6 +599,76 @@ describe('addModule', () => {
     }
   });
 
+  it('applies rate-limit module on top of scaffold without i18n', () => {
+    const targetRoot = mkTmp('forgeon-module-rate-limit-');
+    const projectRoot = path.join(targetRoot, 'demo-rate-limit');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-rate-limit',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: false,
+        i18nEnabled: false,
+        proxy: 'caddy',
+      });
+
+      const result = addModule({
+        moduleId: 'rate-limit',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+
+      assert.equal(result.applied, true);
+      assertRateLimitWiring(projectRoot);
+
+      const moduleDoc = fs.readFileSync(result.docsPath, 'utf8');
+      assert.match(moduleDoc, /## Idea \/ Why/);
+      assert.match(moduleDoc, /## Configuration/);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+
+  it('applies rbac module on top of scaffold without i18n', () => {
+    const targetRoot = mkTmp('forgeon-module-rbac-');
+    const projectRoot = path.join(targetRoot, 'demo-rbac');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-rbac',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: false,
+        i18nEnabled: false,
+        proxy: 'caddy',
+      });
+
+      const result = addModule({
+        moduleId: 'rbac',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+
+      assert.equal(result.applied, true);
+      assertRbacWiring(projectRoot);
+
+      const moduleDoc = fs.readFileSync(result.docsPath, 'utf8');
+      assert.match(moduleDoc, /## Idea \/ Why/);
+      assert.match(moduleDoc, /## How It Works/);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+
   it('applies swagger module on top of scaffold without i18n', () => {
     const targetRoot = mkTmp('forgeon-module-swagger-');
     const projectRoot = path.join(targetRoot, 'demo-swagger');
@@ -1144,6 +1284,80 @@ describe('addModule', () => {
     }
   });
 
+  it('keeps rate-limit wiring valid after mixed module installation order', () => {
+    const targetRoot = mkTmp('forgeon-module-rate-limit-order-');
+    const projectRoot = path.join(targetRoot, 'demo-rate-limit-order');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-rate-limit-order',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: false,
+        i18nEnabled: false,
+        proxy: 'caddy',
+      });
+
+      for (const moduleId of ['jwt-auth', 'logger', 'swagger', 'rate-limit', 'i18n', 'db-prisma']) {
+        addModule({ moduleId, targetRoot: projectRoot, packageRoot });
+      }
+
+      assertRateLimitWiring(projectRoot);
+
+      const healthController = fs.readFileSync(
+        path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
+        'utf8',
+      );
+      const classStart = healthController.indexOf('export class HealthController {');
+      const classEnd = healthController.lastIndexOf('\n}');
+      const rateLimitProbe = healthController.indexOf("@Get('rate-limit')");
+      assert.equal(rateLimitProbe > classStart && rateLimitProbe < classEnd, true);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+
+  it('keeps rbac wiring valid after mixed module installation order', () => {
+    const targetRoot = mkTmp('forgeon-module-rbac-order-');
+    const projectRoot = path.join(targetRoot, 'demo-rbac-order');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-rbac-order',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: false,
+        i18nEnabled: false,
+        proxy: 'caddy',
+      });
+
+      for (const moduleId of ['jwt-auth', 'logger', 'rate-limit', 'rbac', 'swagger', 'i18n', 'db-prisma']) {
+        addModule({ moduleId, targetRoot: projectRoot, packageRoot });
+      }
+
+      assertRbacWiring(projectRoot);
+
+      const healthController = fs.readFileSync(
+        path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
+        'utf8',
+      );
+      const classStart = healthController.indexOf('export class HealthController {');
+      const classEnd = healthController.lastIndexOf('\n}');
+      const rbacProbe = healthController.indexOf("@Get('rbac')");
+      assert.equal(rbacProbe > classStart && rbacProbe < classEnd, true);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+
   it('keeps db-prisma wiring across module installation orders', () => {
     const sequences = [
       ['logger', 'swagger', 'i18n'],

package/src/modules/i18n.mjs

@@ -405,7 +405,119 @@ function patchRootPackage(targetRoot) {
   writeJson(packagePath, packageJson);
 }
 
+function restoreKnownWebProbes(targetRoot, previousAppContent) {
+  if (!previousAppContent) {
+    return;
+  }
+
+  const filePath = path.join(targetRoot, 'apps', 'web', 'src', 'App.tsx');
+  if (!fs.existsSync(filePath)) {
+    return;
+  }
+
+  let content = fs.readFileSync(filePath, 'utf8').replace(/\r\n/g, '\n');
+
+  const ensureProbeState = (stateLine) => {
+    if (content.includes(stateLine)) {
+      return;
+    }
+    const anchors = [
+      '  const [rbacProbeResult, setRbacProbeResult] = useState<ProbeResult | null>(null);',
+      '  const [rateLimitProbeResult, setRateLimitProbeResult] = useState<ProbeResult | null>(null);',
+      '  const [authProbeResult, setAuthProbeResult] = useState<ProbeResult | null>(null);',
+      '  const [dbProbeResult, setDbProbeResult] = useState<ProbeResult | null>(null);',
+      '  const [validationProbeResult, setValidationProbeResult] = useState<ProbeResult | null>(null);',
+    ];
+    const anchor = anchors.find((line) => content.includes(line));
+    if (anchor) {
+      content = ensureLineAfter(content, anchor, stateLine);
+    }
+  };
+
+  const ensureProbeButton = (buttonText, buttonCode) => {
+    if (content.includes(buttonText)) {
+      return;
+    }
+    const actionsStart = content.indexOf('<div className="actions">');
+    if (actionsStart < 0) {
+      return;
+    }
+    const actionsEnd = content.indexOf('\n      </div>', actionsStart);
+    if (actionsEnd < 0) {
+      return;
+    }
+    content = `${content.slice(0, actionsEnd)}\n${buttonCode}${content.slice(actionsEnd)}`;
+  };
+
+  const ensureProbeResult = (resultLine) => {
+    if (content.includes(resultLine)) {
+      return;
+    }
+    const networkLine = '      {networkError ? <p className="error">{networkError}</p> : null}';
+    if (content.includes(networkLine)) {
+      content = content.replace(networkLine, `${resultLine}\n${networkLine}`);
+      return;
+    }
+    const anchors = [
+      "      {renderResult('RBAC probe response', rbacProbeResult)}",
+      "      {renderResult('Rate limit probe response', rateLimitProbeResult)}",
+      "      {renderResult('Auth probe response', authProbeResult)}",
+      "      {renderResult('DB probe response', dbProbeResult)}",
+      "      {renderResult('Validation probe response', validationProbeResult)}",
+    ];
+    const anchor = anchors.find((line) => content.includes(line));
+    if (anchor) {
+      content = ensureLineAfter(content, anchor, resultLine);
+    }
+  };
+
+  if (previousAppContent.includes('Check database (create user)')) {
+    ensureProbeState('  const [dbProbeResult, setDbProbeResult] = useState<ProbeResult | null>(null);');
+    ensureProbeButton(
+      'Check database (create user)',
+      "        <button onClick={() => runProbe(setDbProbeResult, '/health/db', { method: 'POST' })}>\n          Check database (create user)\n        </button>",
+    );
+    ensureProbeResult("      {renderResult('DB probe response', dbProbeResult)}");
+  }
+
+  if (previousAppContent.includes('Check JWT auth probe')) {
+    ensureProbeState('  const [authProbeResult, setAuthProbeResult] = useState<ProbeResult | null>(null);');
+    ensureProbeButton(
+      'Check JWT auth probe',
+      "        <button onClick={() => runProbe(setAuthProbeResult, '/health/auth')}>Check JWT auth probe</button>",
+    );
+    ensureProbeResult("      {renderResult('Auth probe response', authProbeResult)}");
+  }
+
+  if (previousAppContent.includes('Check rate limit (click repeatedly)')) {
+    ensureProbeState(
+      '  const [rateLimitProbeResult, setRateLimitProbeResult] = useState<ProbeResult | null>(null);',
+    );
+    ensureProbeButton(
+      'Check rate limit (click repeatedly)',
+      "        <button onClick={() => runProbe(setRateLimitProbeResult, '/health/rate-limit')}>\n          Check rate limit (click repeatedly)\n        </button>",
+    );
+    ensureProbeResult("      {renderResult('Rate limit probe response', rateLimitProbeResult)}");
+  }
+
+  if (previousAppContent.includes('Check RBAC access')) {
+    ensureProbeState('  const [rbacProbeResult, setRbacProbeResult] = useState<ProbeResult | null>(null);');
+    ensureProbeButton(
+      'Check RBAC access',
+      "        <button\n          onClick={() =>\n            runProbe(setRbacProbeResult, '/health/rbac', {\n              headers: { 'x-forgeon-permissions': 'health.rbac' },\n            })\n          }\n        >\n          Check RBAC access\n        </button>",
+    );
+    ensureProbeResult("      {renderResult('RBAC probe response', rbacProbeResult)}");
+  }
+
+  fs.writeFileSync(filePath, `${content.trimEnd()}\n`, 'utf8');
+}
+
 export function applyI18nModule({ packageRoot, targetRoot }) {
+  const existingWebAppPath = path.join(targetRoot, 'apps', 'web', 'src', 'App.tsx');
+  const previousAppContent = fs.existsSync(existingWebAppPath)
+    ? fs.readFileSync(existingWebAppPath, 'utf8')
+    : '';
+
   copyFromBase(packageRoot, targetRoot, path.join('scripts', 'i18n-add.mjs'));
   copyFromBase(packageRoot, targetRoot, path.join('packages', 'i18n'));
   copyFromBase(packageRoot, targetRoot, path.join('resources', 'i18n'));
@@ -415,6 +527,7 @@ export function applyI18nModule({ packageRoot, targetRoot }) {
   copyFromPreset(packageRoot, targetRoot, path.join('apps', 'web', 'src', 'App.tsx'));
   copyFromPreset(packageRoot, targetRoot, path.join('apps', 'web', 'src', 'i18n.ts'));
   copyFromPreset(packageRoot, targetRoot, path.join('apps', 'web', 'src', 'main.tsx'));
+  restoreKnownWebProbes(targetRoot, previousAppContent);
 
   patchI18nPackage(targetRoot);
   patchApiPackage(targetRoot);