create-forgeon 0.3.2 → 0.3.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-forgeon",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "description": "Forgeon project generator CLI",
   "license": "MIT",
   "author": "Forgeon",

package/src/modules/executor.test.mjs

@@ -70,10 +70,13 @@ function assertRateLimitWiring(projectRoot) {
     path.join(projectRoot, 'apps', 'api', 'src', 'health', 'health.controller.ts'),
     'utf8',
   );
+  assert.match(healthController, /import \{ Header \} from '@nestjs\/common';/);
+  assert.match(healthController, /@Header\('Cache-Control', 'no-store, no-cache, must-revalidate'\)/);
   assert.match(healthController, /@Get\('rate-limit'\)/);
   assert.match(healthController, /TOO_MANY_REQUESTS/);
 
   const appTsx = fs.readFileSync(path.join(projectRoot, 'apps', 'web', 'src', 'App.tsx'), 'utf8');
+  assert.match(appTsx, /cache: 'no-store'/);
   assert.match(appTsx, /Check rate limit \(click repeatedly\)/);
   assert.match(appTsx, /Rate limit probe response/);
 
@@ -1261,6 +1264,48 @@ describe('addModule', () => {
     }
   });
 
+  it('scans auth persistence as db-adapter participant while remaining triggerable from db-prisma install order', () => {
+    const targetRoot = mkTmp('forgeon-module-jwt-db-scan-');
+    const projectRoot = path.join(targetRoot, 'demo-jwt-db-scan');
+    const templateRoot = path.join(packageRoot, 'templates', 'base');
+
+    try {
+      scaffoldProject({
+        templateRoot,
+        packageRoot,
+        targetRoot: projectRoot,
+        projectName: 'demo-jwt-db-scan',
+        frontend: 'react',
+        db: 'prisma',
+        dbPrismaEnabled: false,
+        i18nEnabled: false,
+        proxy: 'caddy',
+      });
+
+      addModule({
+        moduleId: 'jwt-auth',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+      addModule({
+        moduleId: 'db-prisma',
+        targetRoot: projectRoot,
+        packageRoot,
+      });
+
+      const scan = scanIntegrations({
+        targetRoot: projectRoot,
+        relatedModuleId: 'db-prisma',
+      });
+      const persistenceGroup = scan.groups.find((group) => group.id === 'auth-persistence');
+
+      assert.ok(persistenceGroup);
+      assert.deepEqual(persistenceGroup.modules, ['jwt-auth', 'db-adapter']);
+    } finally {
+      fs.rmSync(targetRoot, { recursive: true, force: true });
+    }
+  });
+
   it('applies logger then jwt-auth on db/i18n-disabled scaffold without breaking health controller syntax', () => {
     const targetRoot = mkTmp('forgeon-module-jwt-nodb-noi18n-');
     const projectRoot = path.join(targetRoot, 'demo-jwt-nodb-noi18n');

package/src/modules/rate-limit.mjs

@@ -120,8 +120,10 @@ function patchHealthController(targetRoot) {
   }
 
   let content = fs.readFileSync(filePath, 'utf8').replace(/\r\n/g, '\n');
+  content = ensureImportLine(content, "import { Header } from '@nestjs/common';");
   if (!content.includes("@Get('rate-limit')")) {
     const method = `
+  @Header('Cache-Control', 'no-store, no-cache, must-revalidate')
   @Get('rate-limit')
   getRateLimitProbe() {
     return {

package/src/modules/sync-integrations.mjs

@@ -24,6 +24,25 @@ const PRISMA_AUTH_MIGRATION_TEMPLATE = path.join(
   '0002_auth_refresh_token_hash',
 );
 
+const AUTH_PERSISTENCE_STRATEGIES = [
+  {
+    id: 'db-prisma',
+    capability: 'db-adapter',
+    providerLabel: 'db-prisma',
+    participants: ['jwt-auth', 'db-adapter'],
+    relatedModules: ['jwt-auth', 'db-prisma'],
+    description: [
+      'Patch AppModule to wire AUTH_REFRESH_TOKEN_STORE to the current db-adapter implementation (today: PrismaAuthRefreshTokenStore)',
+      'Add apps/api/src/auth/prisma-auth-refresh-token.store.ts',
+      'Extend Prisma User model with refreshTokenHash and add migration 0002_auth_refresh_token_hash',
+      'Update JWT auth README note to reflect db-adapter-backed refresh-token persistence',
+    ],
+    isDetected: (detected) => detected.dbPrisma,
+    isPending: isAuthPersistencePending,
+    apply: syncJwtDbPrisma,
+  },
+];
+
 function ensureLineAfter(content, anchorLine, lineToInsert) {
   if (content.includes(lineToInsert)) {
     return content;
@@ -95,21 +114,18 @@ const INTEGRATION_GROUPS = [
   {
     id: 'auth-persistence',
     title: 'Auth Persistence Integration',
-    modules: ['jwt-auth', 'db-prisma'],
-    description: [
-      'Patch AppModule to wire AUTH_REFRESH_TOKEN_STORE to the current db-adapter implementation (today: PrismaAuthRefreshTokenStore)',
-      'Add apps/api/src/auth/prisma-auth-refresh-token.store.ts',
-      'Extend Prisma User model with refreshTokenHash and add migration 0002_auth_refresh_token_hash',
-      'Update JWT auth README note to reflect db-adapter-backed refresh-token persistence',
-    ],
-    isAvailable: (detected) => detected.jwtAuth && detected.dbPrisma,
-    isPending: (rootDir) => isAuthPersistencePending(rootDir),
-    apply: syncJwtDbPrisma,
+    participants: ['jwt-auth', 'db-adapter'],
+    relatedModules: ['jwt-auth', 'db-prisma'],
+    description: (detected) => getAuthPersistenceDescription(detected),
+    isAvailable: (detected) => detected.jwtAuth && hasSingleAuthPersistenceStrategy(detected),
+    isPending: (rootDir, detected) => isAuthPersistencePendingForDetected(rootDir, detected),
+    apply: applyAuthPersistenceSync,
   },
   {
     id: 'auth-rbac-claims',
     title: 'Auth Claims Integration',
-    modules: ['jwt-auth', 'rbac'],
+    participants: ['jwt-auth', 'rbac'],
+    relatedModules: ['jwt-auth', 'rbac'],
     description: [
       'Extend AuthUser with optional permissions in @forgeon/auth-contracts',
       'Add demo RBAC claims to jwt-auth login and token payloads',
@@ -139,6 +155,73 @@ function detectModules(rootDir) {
   };
 }
 
+function resolveAuthPersistenceStrategy(detected) {
+  const matched = AUTH_PERSISTENCE_STRATEGIES.filter((strategy) => strategy.isDetected(detected));
+  if (matched.length === 0) {
+    return { kind: 'none' };
+  }
+  if (matched.length > 1) {
+    return { kind: 'conflict', strategies: matched };
+  }
+  return { kind: 'single', strategy: matched[0] };
+}
+
+function hasSingleAuthPersistenceStrategy(detected) {
+  return resolveAuthPersistenceStrategy(detected).kind === 'single';
+}
+
+function getAuthPersistenceDescription(detected) {
+  const resolved = resolveAuthPersistenceStrategy(detected);
+  if (resolved.kind === 'single') {
+    return [...resolved.strategy.description];
+  }
+  return [
+    'Use the current db-adapter provider strategy to wire refresh-token persistence.',
+    'A supported db-adapter provider must be installed before this integration can apply.',
+  ];
+}
+
+function isAuthPersistencePendingForDetected(rootDir, detected) {
+  const resolved = resolveAuthPersistenceStrategy(detected);
+  if (resolved.kind !== 'single') {
+    return false;
+  }
+  return resolved.strategy.isPending(rootDir);
+}
+
+function applyAuthPersistenceSync({ rootDir, packageRoot, changedFiles }) {
+  const detected = detectModules(rootDir);
+  const resolved = resolveAuthPersistenceStrategy(detected);
+  if (resolved.kind === 'none') {
+    return { applied: false, reason: 'no supported db-adapter provider detected' };
+  }
+  if (resolved.kind === 'conflict') {
+    return { applied: false, reason: 'multiple db-adapter providers detected' };
+  }
+  return resolved.strategy.apply({ rootDir, packageRoot, changedFiles });
+}
+
+function getGroupParticipants(group) {
+  return Array.isArray(group.participants) && group.participants.length > 0
+    ? group.participants
+    : Array.isArray(group.modules)
+      ? group.modules
+      : [];
+}
+
+function getGroupRelatedModules(group) {
+  return Array.isArray(group.relatedModules) && group.relatedModules.length > 0
+    ? group.relatedModules
+    : getGroupParticipants(group);
+}
+
+function getGroupDescription(group, detected) {
+  if (typeof group.description === 'function') {
+    return group.description(detected);
+  }
+  return Array.isArray(group.description) ? group.description : [];
+}
+
 function syncJwtDbPrisma({ rootDir, packageRoot, changedFiles }) {
   const appModulePath = path.join(rootDir, 'apps', 'api', 'src', 'app.module.ts');
   const schemaPath = path.join(rootDir, 'apps', 'api', 'prisma', 'schema.prisma');
@@ -365,7 +448,7 @@ export function syncIntegrations({ targetRoot, packageRoot, groupIds = null }) {
   const detected = detectModules(rootDir);
   const summary = [];
   const available = INTEGRATION_GROUPS.filter(
-    (group) => group.isAvailable(detected) && group.isPending(rootDir),
+    (group) => group.isAvailable(detected) && group.isPending(rootDir, detected),
   );
   const selected = Array.isArray(groupIds)
     ? available.filter((group) => groupIds.includes(group.id))
@@ -375,7 +458,7 @@ export function syncIntegrations({ targetRoot, packageRoot, groupIds = null }) {
     summary.push({
       id: group.id,
       title: group.title,
-      modules: group.modules,
+      modules: getGroupParticipants(group),
       result: group.apply({ rootDir, packageRoot, changedFiles }),
     });
   }
@@ -385,8 +468,8 @@ export function syncIntegrations({ targetRoot, packageRoot, groupIds = null }) {
     availableGroups: available.map((group) => ({
       id: group.id,
       title: group.title,
-      modules: [...group.modules],
-      description: [...group.description],
+      modules: [...getGroupParticipants(group)],
+      description: [...getGroupDescription(group, detected)],
     })),
     changedFiles: [...changedFiles].sort().map((filePath) => path.relative(rootDir, filePath)),
   };
@@ -398,15 +481,15 @@ export function scanIntegrations({ targetRoot, relatedModuleId = null }) {
   const available = INTEGRATION_GROUPS.filter(
     (group) =>
       group.isAvailable(detected) &&
-      group.isPending(rootDir) &&
-      (!relatedModuleId || group.modules.includes(relatedModuleId)),
+      group.isPending(rootDir, detected) &&
+      (!relatedModuleId || getGroupRelatedModules(group).includes(relatedModuleId)),
   );
   return {
     groups: available.map((group) => ({
       id: group.id,
       title: group.title,
-      modules: [...group.modules],
-      description: [...group.description],
+      modules: [...getGroupParticipants(group)],
+      description: [...getGroupDescription(group, detected)],
     })),
   };
 }

package/templates/base/apps/web/src/App.tsx

@@ -13,7 +13,10 @@ export default function App() {
   const [networkError, setNetworkError] = useState<string | null>(null);
 
   const requestProbe = async (url: string, init?: RequestInit): Promise<ProbeResult> => {
-    const response = await fetch(url, init);
+    const response = await fetch(url, {
+      ...(init ?? {}),
+      cache: 'no-store',
+    });
     let body: unknown = null;
 
     try {

package/templates/base/scripts/forgeon-sync-integrations.mjs

@@ -45,6 +45,15 @@ ALTER TABLE "User"
 ADD COLUMN "refreshTokenHash" TEXT;
 `;
 
+const AUTH_PERSISTENCE_STRATEGIES = [
+  {
+    id: 'db-prisma',
+    providerLabel: 'db-prisma',
+    isDetected: (detected) => detected.dbPrisma,
+    apply: syncJwtDbPrisma,
+  },
+];
+
 function detectModules(rootDir) {
   const appModulePath = path.join(rootDir, 'apps', 'api', 'src', 'app.module.ts');
   const appModuleText = fs.existsSync(appModulePath) ? fs.readFileSync(appModulePath, 'utf8') : '';
@@ -74,6 +83,17 @@ function ensureLineAfter(content, anchorLine, lineToInsert) {
   return `${content.slice(0, insertAt)}\n${lineToInsert}${content.slice(insertAt)}`;
 }
 
+function resolveAuthPersistenceStrategy(detected) {
+  const matched = AUTH_PERSISTENCE_STRATEGIES.filter((strategy) => strategy.isDetected(detected));
+  if (matched.length === 0) {
+    return { kind: 'none' };
+  }
+  if (matched.length > 1) {
+    return { kind: 'conflict', strategies: matched };
+  }
+  return { kind: 'single', strategy: matched[0] };
+}
+
 function syncJwtDbPrisma({ rootDir, changedFiles }) {
   const appModulePath = path.join(rootDir, 'apps', 'api', 'src', 'app.module.ts');
   const schemaPath = path.join(rootDir, 'apps', 'api', 'prisma', 'schema.prisma');
@@ -290,16 +310,21 @@ function run() {
   const changedFiles = new Set();
   const detected = detectModules(rootDir);
   const summary = [];
+  const authPersistence = resolveAuthPersistenceStrategy(detected);
 
-  if (detected.jwtAuth && detected.dbPrisma) {
+  if (detected.jwtAuth && authPersistence.kind === 'single') {
     summary.push({
-      feature: 'jwt-auth + db-adapter (current provider: db-prisma)',
-      result: syncJwtDbPrisma({ rootDir, changedFiles }),
+      feature: `jwt-auth + db-adapter (current provider: ${authPersistence.strategy.providerLabel})`,
+      result: authPersistence.strategy.apply({ rootDir, changedFiles }),
     });
   } else {
+    const reason =
+      authPersistence.kind === 'conflict'
+        ? 'multiple db-adapter providers detected'
+        : 'required components are not both available';
     summary.push({
       feature: 'jwt-auth + db-adapter (current provider: db-prisma)',
-      result: { applied: false, reason: 'required modules are not both installed' },
+      result: { applied: false, reason },
     });
   }
 
@@ -311,7 +336,7 @@ function run() {
   } else {
     summary.push({
       feature: 'jwt-auth + rbac',
-      result: { applied: false, reason: 'required modules are not both installed' },
+      result: { applied: false, reason: 'required components are not both available' },
     });
   }
 

package/templates/module-presets/i18n/apps/web/src/App.tsx

@@ -27,7 +27,8 @@ export default function App() {
 
   const requestProbe = async (path: string, init?: RequestInit): Promise<ProbeResult> => {
     const response = await fetch(`/api${path}${toLangQuery(locale)}`, {
-      ...init,
+      ...(init ?? {}),
+      cache: 'no-store',
       headers: {
         ...(init?.headers ?? {}),
         'Accept-Language': locale,