create-mantiq 0.5.18 → 0.5.20

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-mantiq",
-  "version": "0.5.18",
+  "version": "0.5.20",
   "description": "Scaffold a new MantiqJS application",
   "type": "module",
   "license": "MIT",

package/skeleton/config/vite.ts

@@ -0,0 +1,33 @@
+export default {
+
+  /*
+  |--------------------------------------------------------------------------
+  | React Fast Refresh
+  |--------------------------------------------------------------------------
+  |
+  | Injects the React Refresh preamble into dev mode HTML so that HMR
+  | works correctly. Required for React — without it, components throw
+  | "can't detect preamble" and the page renders blank.
+  |
+  | Set to false for Vue/Svelte (they don't need this preamble).
+  |
+  */
+  reactRefresh: false,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Server-Side Rendering
+  |--------------------------------------------------------------------------
+  |
+  | SSR renders pages on the server so users see content immediately
+  | instead of a blank shell. The entry file exports a render() function.
+  |
+  | In dev: Vite's ssrLoadModule() loads the entry with HMR.
+  | In prod: the pre-built bundle at bootstrap/ssr/ is used.
+  |
+  */
+  // ssr: {
+  //   entry: 'src/ssr.tsx',
+  //   bundle: 'bootstrap/ssr/ssr.js',
+  // },
+}

package/skeleton/tests/feature/api.test.ts

@@ -0,0 +1,14 @@
+import { describe, test } from 'bun:test'
+import { TestCase } from '@mantiq/testing'
+
+const t = new TestCase()
+t.setup()
+
+describe('API', () => {
+  test('GET /api/ping returns ok', async () => {
+    const res = await t.client.get('/api/ping')
+    res.assertOk()
+    await res.assertJson({ status: 'ok' })
+    await res.assertJsonHasKey('timestamp')
+  })
+})

package/skeleton/tests/feature/home.test.ts

@@ -0,0 +1,17 @@
+import { describe, test } from 'bun:test'
+import { TestCase } from '@mantiq/testing'
+
+const t = new TestCase()
+t.setup()
+
+describe('Home', () => {
+  test('GET / returns 200', async () => {
+    const res = await t.client.get('/')
+    res.assertOk()
+  })
+
+  test('GET / returns HTML', async () => {
+    const res = await t.client.get('/')
+    res.assertHeader('content-type')
+  })
+})

package/skeleton/tests/unit/example.test.ts

@@ -0,0 +1,11 @@
+import { describe, test, expect } from 'bun:test'
+
+describe('Example', () => {
+  test('true is truthy', () => {
+    expect(true).toBe(true)
+  })
+
+  test('math works', () => {
+    expect(1 + 1).toBe(2)
+  })
+})

package/src/index.ts

@@ -167,15 +167,24 @@ if (kit) {
       }
     }
 
-    // Shared stubs (routes, controllers, seeder — overwrites skeleton routes)
+    // Shared stubs (routes, controllers, config — overwrites skeleton versions)
     if (sharedManifest?.files) {
-      const mainEntry = kitManifest?.mainEntry ?? 'src/main.ts'
+      // Build placeholder map from manifest
+      const placeholders: Record<string, string> = {}
+      if (sharedManifest.placeholders) {
+        for (const [key, values] of Object.entries(sharedManifest.placeholders)) {
+          placeholders[key] = (values as Record<string, string>)[kit!] ?? ''
+        }
+      }
+
       for (const { stub, target } of sharedManifest.files) {
         const src = resolve(stubsDir, 'shared', stub)
         const dest = resolve(projectDir, target)
         mkdirSync(dirname(dest), { recursive: true })
         let content = await Bun.file(src).text()
-        content = content.replace(/\{\{MAIN_ENTRY\}\}/g, mainEntry)
+        for (const [key, value] of Object.entries(placeholders)) {
+          content = content.replaceAll(key, value)
+        }
         await Bun.write(dest, content)
         fileCount++
       }
@@ -194,6 +203,7 @@ if (kit) {
     { stub: 'shared/app/Http/Requests/UpdateUserRequest.ts.stub', target: 'app/Http/Requests/UpdateUserRequest.ts' },
     { stub: 'shared/database/seeders/DatabaseSeeder.ts.stub', target: 'database/seeders/DatabaseSeeder.ts' },
     { stub: 'shared/database/factories/UserFactory.ts.stub', target: 'database/factories/UserFactory.ts' },
+    { stub: 'api-only/tests/feature/token-auth.test.ts.stub', target: 'tests/feature/token-auth.test.ts' },
   ]
   for (const { stub, target } of apiOnlyFiles) {
     const src = resolve(stubsDir, stub)

package/src/templates.ts

@@ -40,6 +40,7 @@ export function getTemplates(ctx: TemplateContext): Record<string, string> {
   }
 
   const baseDevDeps: Record<string, string> = {
+    '@mantiq/testing': '^0.5.0',
     'bun-types': 'latest',
     'typescript': '^5.7.0',
   }
@@ -48,6 +49,7 @@ export function getTemplates(ctx: TemplateContext): Record<string, string> {
     dev: 'bun run --watch index.ts',
     start: 'bun run index.ts',
     mantiq: 'bun run mantiq.ts',
+    test: 'bun test tests/',
   }
 
   if (ctx.kit) {

package/stubs/api-only/tests/feature/token-auth.test.ts.stub

@@ -0,0 +1,69 @@
+import { describe, test, expect } from 'bun:test'
+import { TestCase } from '@mantiq/testing'
+
+const t = new TestCase()
+t.refreshDatabase = true
+t.setup()
+
+const user = {
+  name: 'API User',
+  email: 'api@example.com',
+  password: 'password123',
+}
+
+describe('Token Authentication', () => {
+  test('can register and receive a token', async () => {
+    const res = await t.client.post('/api/register', user)
+    res.assertCreated()
+    await res.assertJsonHasKey('token')
+    const data = await res.json()
+    expect(data.token).toContain('|')
+  })
+
+  test('can login and receive a token', async () => {
+    await t.client.post('/api/register', user)
+    const res = await t.client.post('/api/login', {
+      email: user.email,
+      password: user.password,
+    })
+    res.assertOk()
+    await res.assertJsonHasKey('token')
+  })
+
+  test('cannot login with wrong credentials', async () => {
+    await t.client.post('/api/register', user)
+    const res = await t.client.post('/api/login', {
+      email: user.email,
+      password: 'wrong',
+    })
+    res.assertUnauthorized()
+  })
+
+  test('can access protected route with bearer token', async () => {
+    const regRes = await t.client.post('/api/register', user)
+    const { token } = await regRes.json()
+
+    t.client.withToken(token)
+    const res = await t.client.get('/api/user')
+    res.assertOk()
+    await res.assertJsonPath('user.email', user.email)
+  })
+
+  test('cannot access protected route without token', async () => {
+    const res = await t.client.get('/api/user')
+    res.assertUnauthorized()
+  })
+
+  test('can logout (revoke token)', async () => {
+    const regRes = await t.client.post('/api/register', user)
+    const { token } = await regRes.json()
+
+    t.client.withToken(token)
+    const logoutRes = await t.client.post('/api/logout')
+    logoutRes.assertOk()
+
+    // Token should be revoked
+    const userRes = await t.client.get('/api/user')
+    userRes.assertUnauthorized()
+  })
+})

package/stubs/manifest.json

@@ -1426,9 +1426,31 @@
       {
         "stub": "config/app.ts.stub",
         "target": "config/app.ts"
+      },
+      {
+        "stub": "config/vite.ts.stub",
+        "target": "config/vite.ts"
+      },
+      {
+        "stub": "tests/feature/auth.test.ts.stub",
+        "target": "tests/feature/auth.test.ts"
+      },
+      {
+        "stub": "tests/feature/users.test.ts.stub",
+        "target": "tests/feature/users.test.ts"
       }
     ],
     "placeholders": {
+      "{{REACT_REFRESH}}": {
+        "react": "true",
+        "vue": "false",
+        "svelte": "false"
+      },
+      "{{SSR_ENTRY}}": {
+        "react": "src/ssr.tsx",
+        "vue": "src/ssr.ts",
+        "svelte": "src/ssr.ts"
+      },
       "{{MAIN_ENTRY}}": {
         "react": "src/main.tsx",
         "vue": "src/main.ts",

package/stubs/shared/config/vite.ts.stub

@@ -0,0 +1,8 @@
+export default {
+  reactRefresh: {{REACT_REFRESH}},
+
+  ssr: {
+    entry: '{{SSR_ENTRY}}',
+    bundle: 'bootstrap/ssr/ssr.js',
+  },
+}

package/stubs/shared/tests/feature/auth.test.ts.stub

@@ -0,0 +1,69 @@
+import { describe, test, beforeAll } from 'bun:test'
+import { TestCase } from '@mantiq/testing'
+
+const t = new TestCase()
+t.refreshDatabase = true
+t.setup()
+
+const user = {
+  name: 'Test User',
+  email: 'test@example.com',
+  password: 'password123',
+}
+
+describe('Authentication', () => {
+  test('can register a new user', async () => {
+    await t.client.initSession()
+    const res = await t.client.post('/register', user)
+    res.assertCreated()
+    await res.assertJson({ message: 'Registered.' })
+    await res.assertJsonMissingKey('password')
+    await t.assertDatabaseHas('users', { email: user.email })
+  })
+
+  test('cannot register with duplicate email', async () => {
+    await t.client.initSession()
+    await t.client.post('/register', user)
+    const res = await t.client.post('/register', user)
+    res.assertUnprocessable()
+  })
+
+  test('can login with valid credentials', async () => {
+    await t.client.initSession()
+    await t.client.post('/register', user)
+    t.client.flushCookies()
+
+    await t.client.initSession()
+    const res = await t.client.post('/login', {
+      email: user.email,
+      password: user.password,
+    })
+    res.assertOk()
+    await res.assertJson({ message: 'Logged in.' })
+  })
+
+  test('cannot login with wrong password', async () => {
+    await t.client.initSession()
+    await t.client.post('/register', user)
+    t.client.flushCookies()
+
+    await t.client.initSession()
+    const res = await t.client.post('/login', {
+      email: user.email,
+      password: 'wrong',
+    })
+    res.assertUnauthorized()
+  })
+
+  test('can logout', async () => {
+    await t.client.initSession()
+    await t.client.post('/register', user)
+    const logoutRes = await t.client.post('/logout')
+    logoutRes.assertOk()
+  })
+
+  test('protected routes require authentication', async () => {
+    const res = await t.client.get('/api/users')
+    res.assertUnauthorized()
+  })
+})

package/stubs/shared/tests/feature/users.test.ts.stub

@@ -0,0 +1,90 @@
+import { describe, test } from 'bun:test'
+import { TestCase } from '@mantiq/testing'
+
+const t = new TestCase()
+t.refreshDatabase = true
+t.setup()
+
+const admin = {
+  name: 'Admin',
+  email: 'admin@example.com',
+  password: 'password123',
+}
+
+/** Register and login before CRUD tests. */
+async function login() {
+  await t.client.initSession()
+  await t.client.post('/register', admin)
+}
+
+describe('Users CRUD', () => {
+  test('can list users', async () => {
+    await login()
+    const res = await t.client.get('/api/users')
+    res.assertOk()
+    await res.assertJsonHasKey('data', 'meta')
+    await res.assertJsonPath('meta.page', 1)
+  })
+
+  test('can create a user', async () => {
+    await login()
+    const res = await t.client.post('/api/users', {
+      name: 'New User',
+      email: 'new@example.com',
+      password: 'secret123',
+    })
+    res.assertCreated()
+    await res.assertJsonPath('data.name', 'New User')
+    await res.assertJsonPath('data.email', 'new@example.com')
+    await t.assertDatabaseHas('users', { email: 'new@example.com' })
+  })
+
+  test('cannot create user with missing fields', async () => {
+    await login()
+    const res = await t.client.post('/api/users', { name: 'No Email' })
+    res.assertUnprocessable()
+  })
+
+  test('can update a user', async () => {
+    await login()
+    const createRes = await t.client.post('/api/users', {
+      name: 'Update Me',
+      email: 'update@example.com',
+      password: 'secret123',
+    })
+    const userId = (await createRes.json()).data.id
+
+    const res = await t.client.put(`/api/users/${userId}`, { name: 'Updated' })
+    res.assertOk()
+    await res.assertJsonPath('data.name', 'Updated')
+  })
+
+  test('can delete a user', async () => {
+    await login()
+    const createRes = await t.client.post('/api/users', {
+      name: 'Delete Me',
+      email: 'delete@example.com',
+      password: 'secret123',
+    })
+    const userId = (await createRes.json()).data.id
+
+    const res = await t.client.delete(`/api/users/${userId}`)
+    res.assertOk()
+    await t.assertDatabaseMissing('users', { email: 'delete@example.com' })
+  })
+
+  test('can search users', async () => {
+    await login()
+    const res = await t.client.get('/api/users?search=Admin')
+    res.assertOk()
+    const data = await res.json()
+    expect(data.data.length).toBeGreaterThan(0)
+  })
+
+  test('can paginate users', async () => {
+    await login()
+    const res = await t.client.get('/api/users?page=1&per_page=1')
+    res.assertOk()
+    await res.assertJsonPath('meta.per_page', 1)
+  })
+})