npm - create-mantiq - Versions diffs - 0.5.23 → 0.6.1 - Mend

create-mantiq 0.5.23 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-mantiq",
-  "version": "0.5.23",
+  "version": "0.6.1",
   "description": "Scaffold a new MantiqJS application",
   "type": "module",
   "license": "MIT",

package/src/index.ts CHANGED Viewed

@@ -2,15 +2,17 @@
 import { existsSync, mkdirSync, readdirSync, statSync, readFileSync } from 'node:fs'
 import { dirname, resolve, join, relative } from 'node:path'
 import { randomBytes } from 'node:crypto'
-import { getTemplates } from './templates.ts'
+import { getTemplates, type Theme } from './templates.ts'
 import { Terminal } from './terminal.ts'
 /**
  * Recursively copy a directory, preserving structure.
  * Skips node_modules, .git, bun.lock, *.sqlite files.
+ * `skipRelPaths` contains relative paths (from root src) to skip.
  */
-async function copyDirectory(src: string, dest: string): Promise<number> {
+async function copyDirectory(src: string, dest: string, skipRelPaths?: Set<string>, rootSrc?: string): Promise<number> {
   let count = 0
+  const root = rootSrc ?? src
   const entries = readdirSync(src, { withFileTypes: true })
   for (const entry of entries) {
     const srcPath = join(src, entry.name)
@@ -20,9 +22,15 @@ async function copyDirectory(src: string, dest: string): Promise<number> {
     if (['node_modules', '.git', 'bun.lock', 'README.md'].includes(entry.name)) continue
     if (entry.name.endsWith('.sqlite') || entry.name.endsWith('.sqlite-wal') || entry.name.endsWith('.sqlite-shm')) continue
+    // Skip paths in the conditional skip set
+    if (skipRelPaths) {
+      const rel = relative(root, srcPath)
+      if (skipRelPaths.has(rel)) continue
+    }
     if (entry.isDirectory()) {
       mkdirSync(destPath, { recursive: true })
-      count += await copyDirectory(srcPath, destPath)
+      count += await copyDirectory(srcPath, destPath, skipRelPaths, root)
     } else {
       mkdirSync(dirname(destPath), { recursive: true })
       await Bun.write(destPath, Bun.file(srcPath))
@@ -74,7 +82,11 @@ if (!projectName) {
   ${bold('Options:')}
     --kit=${emerald('react|vue|svelte')}    Frontend framework
-    --ui=${emerald('shadcn')}               UI component library (React only)
+    --ui=${emerald('shadcn|tailwind')}      UI component library
+    --theme=${emerald('default|minimal|workspace|corporate|starter')}
+                               Dashboard theme (shadcn only)
+    --auth=${emerald('builtin|none')}       Authentication setup
+    --with=${emerald('ai')}                 Optional packages (comma-separated)
     --no-git                   Skip git initialization
     --yes                      Accept defaults (non-interactive)
@@ -82,6 +94,8 @@ if (!projectName) {
     bun create mantiq my-app
     bun create mantiq my-app --kit=react
     bun create mantiq my-app --kit=react --ui=shadcn
+    bun create mantiq my-app --kit=react --auth=none
+    bun create mantiq my-app --kit=react --with=ai
 `)
   process.exit(1)
 }
@@ -97,7 +111,15 @@ if (existsSync(projectDir)) {
 const term = new Terminal()
 let kit: Kit | undefined = flags['kit'] as Kit | undefined
-let ui: 'shadcn' | 'none' = (flags['ui'] as string) === 'shadcn' ? 'shadcn' : 'none'
+let ui: 'shadcn' | 'tailwind' = (flags['ui'] as string) === 'tailwind' ? 'tailwind' : 'shadcn'
+const validThemes = ['default', 'minimal', 'workspace', 'corporate', 'starter'] as const
+let theme: Theme = (validThemes as readonly string[]).includes(flags['theme'] as string)
+  ? (flags['theme'] as Theme)
+  : 'default'
+let auth: 'builtin' | 'none' = (flags['auth'] as string) === 'none' ? 'none' : 'builtin'
+let optionalPackages: string[] = typeof flags['with'] === 'string'
+  ? flags['with'].split(',').map(s => s.trim()).filter(Boolean)
+  : []
 if (!isCI && !kit) {
   // Show branded header
@@ -108,11 +130,48 @@ if (!isCI && !kit) {
     { value: 'react', label: 'React' },
     { value: 'vue', label: 'Vue' },
     { value: 'svelte', label: 'Svelte' },
-    { value: 'none', label: 'None', hint: 'API only' },
+    { value: 'none', label: 'Vanilla', hint: 'API only' },
   ])
   kit = framework === 'none' ? undefined : framework as Kit
+  // UI kit selection (only if a frontend framework was chosen)
+  if (kit && !flags['ui']) {
+    const uiChoice = await term.select('Choose a UI kit', [
+      { value: 'shadcn', label: 'shadcn + Tailwind' },
+      { value: 'tailwind', label: 'Tailwind only' },
+    ])
+    ui = uiChoice as 'shadcn' | 'tailwind'
+  }
+  // Theme selection (only for shadcn)
+  if (kit && ui === 'shadcn' && !flags['theme']) {
+    const themeChoice = await term.select('Choose a theme', [
+      { value: 'default', label: 'Default', hint: 'emerald, classic admin' },
+      { value: 'minimal', label: 'Minimal', hint: 'clean & focused' },
+      { value: 'workspace', label: 'Workspace', hint: 'warm & approachable' },
+      { value: 'corporate', label: 'Corporate', hint: 'professional & data-rich' },
+      { value: 'starter', label: 'Starter', hint: 'bold & marketing-ready' },
+    ])
+    theme = themeChoice as Theme
+  }
+  // Authentication selection
+  if (!flags['auth']) {
+    const authChoice = await term.select('Authentication', [
+      { value: 'builtin', label: 'Built-in', hint: 'session + token auth' },
+      { value: 'none', label: 'None' },
+    ])
+    auth = authChoice as 'builtin' | 'none'
+  }
+  // Optional packages selection
+  if (!flags['with']) {
+    optionalPackages = await term.multiSelect('Optional packages', [
+      { value: 'ai', label: 'AI', hint: '@mantiq/ai' },
+    ])
+  }
 } else {
   // Validate flags
   if (kit && !validKits.includes(kit as Kit)) {
@@ -130,7 +189,16 @@ let fileCount = 0
 // Step 1: Copy the skeleton directory as the base
 const skeletonDir = resolve(import.meta.dir, '..', 'skeleton')
 if (existsSync(skeletonDir)) {
-  fileCount += await copyDirectory(skeletonDir, projectDir)
+  // Build conditional skip set for skeleton files
+  const skeletonSkips = new Set<string>()
+  if (auth === 'none') {
+    skeletonSkips.add('config/auth.ts')
+    skeletonSkips.add('database/migrations/002_create_personal_access_tokens_table.ts')
+  }
+  if (!optionalPackages.includes('ai')) {
+    skeletonSkips.add('config/ai.ts')
+  }
+  fileCount += await copyDirectory(skeletonDir, projectDir, skeletonSkips)
 } else {
   // Fallback: skeleton not bundled (shouldn't happen in published package)
   console.error('  Skeleton directory not found')
@@ -138,7 +206,7 @@ if (existsSync(skeletonDir)) {
 // Step 2: Generate dynamic files (package.json, .env — overwrites skeleton versions)
 const appKey = `base64:${randomBytes(32).toString('base64')}`
-const templates = getTemplates({ name: projectName, appKey, kit, ui })
+const templates = getTemplates({ name: projectName, appKey, kit, ui, theme, auth, optionalPackages })
 for (const [relativePath, content] of Object.entries(templates)) {
   const fullPath = `${projectDir}/${relativePath}`
   mkdirSync(dirname(fullPath), { recursive: true })
@@ -156,9 +224,32 @@ if (kit) {
     const kitManifest = manifest[kit]
     const sharedManifest = manifest.shared
+    // Auth-related shared stubs to skip when auth === 'none'
+    const authSharedTargets = new Set([
+      'app/Http/Controllers/AuthController.ts',
+      'app/Http/Controllers/PageController.ts',
+      'app/Http/Requests/LoginRequest.ts',
+      'app/Http/Requests/RegisterRequest.ts',
+      'routes/web.ts',
+      'tests/feature/auth.test.ts',
+    ])
+    // Targets that tailwind-only stubs will override — skip from shadcn kit
+    const tailwindOnlyManifest = manifest['tailwind-only']?.[kit]
+    const tailwindOverrideTargets = new Set<string>()
+    if (ui === 'tailwind' && tailwindOnlyManifest?.files) {
+      for (const { target } of tailwindOnlyManifest.files) {
+        tailwindOverrideTargets.add(target)
+      }
+    }
     // Kit-specific stubs (src/, vite.config.ts, etc.)
     if (kitManifest?.files) {
       for (const { stub, target } of kitManifest.files) {
+        // Skip components.json when ui === 'tailwind'
+        if (ui === 'tailwind' && stub === 'components.json.stub') continue
+        // Skip files that will be overridden by tailwind-only stubs
+        if (ui === 'tailwind' && tailwindOverrideTargets.has(target)) continue
         const src = resolve(stubsDir, kit, stub)
         const dest = resolve(projectDir, target)
         mkdirSync(dirname(dest), { recursive: true })
@@ -167,6 +258,31 @@ if (kit) {
       }
     }
+    // Tailwind-only overlay: replace shadcn-dependent components with plain Tailwind versions
+    if (ui === 'tailwind' && tailwindOnlyManifest?.files) {
+      for (const { stub, target } of tailwindOnlyManifest.files) {
+        const src = resolve(stubsDir, 'tailwind-only', kit, stub)
+        const dest = resolve(projectDir, target)
+        mkdirSync(dirname(dest), { recursive: true })
+        await Bun.write(dest, Bun.file(src))
+        fileCount++
+      }
+    }
+    // Theme overlay: replace pages/layouts/styles with theme-specific variants
+    if (ui === 'shadcn' && theme !== 'default' && kit) {
+      const themeManifest = manifest.themes?.[theme]?.[kit]
+      if (themeManifest?.files) {
+        for (const { stub, target } of themeManifest.files) {
+          const src = resolve(stubsDir, 'themes', theme, kit, stub)
+          const dest = resolve(projectDir, target)
+          mkdirSync(dirname(dest), { recursive: true })
+          await Bun.write(dest, Bun.file(src))
+          fileCount++
+        }
+      }
+    }
     // Shared stubs (routes, controllers, config — overwrites skeleton versions)
     if (sharedManifest?.files) {
       // Build placeholder map from manifest
@@ -178,6 +294,8 @@ if (kit) {
       }
       for (const { stub, target } of sharedManifest.files) {
+        // Skip auth-related stubs when auth === 'none'
+        if (auth === 'none' && authSharedTargets.has(target)) continue
         const src = resolve(stubsDir, 'shared', stub)
         const dest = resolve(projectDir, target)
         mkdirSync(dirname(dest), { recursive: true })
@@ -189,10 +307,43 @@ if (kit) {
         fileCount++
       }
     }
+    // Noauth overlay: replace auth-aware routes/controllers/models when auth === 'none'
+    if (auth === 'none') {
+      const noauthManifest = manifest.noauth
+      if (noauthManifest?.files) {
+        for (const { stub, target } of noauthManifest.files) {
+          const src = resolve(stubsDir, 'noauth', stub)
+          if (existsSync(src)) {
+            const dest = resolve(projectDir, target)
+            mkdirSync(dirname(dest), { recursive: true })
+            let content = await Bun.file(src).text()
+            // Apply shared placeholders
+            if (sharedManifest?.placeholders) {
+              for (const [key, values] of Object.entries(sharedManifest.placeholders)) {
+                const value = (values as Record<string, string>)[kit!] ?? ''
+                content = content.replaceAll(key, value)
+              }
+            }
+            await Bun.write(dest, content)
+            fileCount++
+          }
+        }
+      }
+    }
   }
 } else {
   // API-only: overlay token-based auth stubs
   const stubsDir = resolve(import.meta.dir, '..', 'stubs')
+  // Auth-related API-only stubs to skip when auth === 'none'
+  const authApiOnlyTargets = new Set([
+    'app/Http/Controllers/ApiAuthController.ts',
+    'app/Http/Requests/RegisterRequest.ts',
+    'app/Http/Requests/LoginRequest.ts',
+    'tests/feature/token-auth.test.ts',
+  ])
   const apiOnlyFiles = [
     { stub: 'api-only/routes/api.ts.stub', target: 'routes/api.ts' },
     { stub: 'shared/app/Http/Controllers/ApiAuthController.ts.stub', target: 'app/Http/Controllers/ApiAuthController.ts' },
@@ -206,6 +357,8 @@ if (kit) {
     { stub: 'api-only/tests/feature/token-auth.test.ts.stub', target: 'tests/feature/token-auth.test.ts' },
   ]
   for (const { stub, target } of apiOnlyFiles) {
+    // Skip auth-related stubs when auth === 'none'
+    if (auth === 'none' && authApiOnlyTargets.has(target)) continue
     const src = resolve(stubsDir, stub)
     if (existsSync(src)) {
       const dest = resolve(projectDir, target)
@@ -214,6 +367,26 @@ if (kit) {
       fileCount++
     }
   }
+  // Noauth overlay for API-only
+  if (auth === 'none') {
+    const manifestPath = resolve(stubsDir, 'manifest.json')
+    if (existsSync(manifestPath)) {
+      const manifest = JSON.parse(await Bun.file(manifestPath).text())
+      const noauthManifest = manifest.noauth
+      if (noauthManifest?.files) {
+        for (const { stub, target } of noauthManifest.files) {
+          const src = resolve(stubsDir, 'noauth', stub)
+          if (existsSync(src)) {
+            const dest = resolve(projectDir, target)
+            mkdirSync(dirname(dest), { recursive: true })
+            await Bun.write(dest, Bun.file(src))
+            fileCount++
+          }
+        }
+      }
+    }
+  }
 }
 console.log(`  ${dim(`${fileCount} files created`)}`)
@@ -228,8 +401,8 @@ const install = Bun.spawn(['bun', 'install'], {
 await install.exited
 spin.stop('Dependencies installed')
-// ── Install shadcn components (React always uses shadcn) ─────────────────────
-if (kit === 'react') {
+// ── Install shadcn components ────────────────────────────────────────────────
+if (kit === 'react' && ui === 'shadcn') {
   const shadcnSpin = term.spinner('Installing shadcn/ui components')
   const run = async (args: string[]) => {
@@ -287,8 +460,11 @@ if (!noGit) {
 // ── Done ─────────────────────────────────────────────────────────────────────
 console.log(`\n   ${emerald('✓')}  ${bold(projectName)} created\n`)
-console.log(`   ${dim('Framework')}    ${kit ? bold(kit.charAt(0).toUpperCase() + kit.slice(1)) : dim('None (API only)')}`)
-if (kit === 'react') console.log(`   ${dim('UI Kit')}       ${ui === 'shadcn' ? bold('shadcn/ui') : dim('Plain Tailwind')}`)
+console.log(`   ${dim('Framework')}    ${kit ? bold(kit.charAt(0).toUpperCase() + kit.slice(1)) : dim('Vanilla (API only)')}`)
+if (kit) console.log(`   ${dim('UI Kit')}       ${ui === 'shadcn' ? bold('shadcn/ui') : bold('Tailwind')}`)
+if (kit && ui === 'shadcn') console.log(`   ${dim('Theme')}        ${bold(theme.charAt(0).toUpperCase() + theme.slice(1))}`)
+console.log(`   ${dim('Auth')}         ${auth === 'builtin' ? bold('Built-in') : dim('None')}`)
+if (optionalPackages.length > 0) console.log(`   ${dim('Extras')}       ${bold(optionalPackages.join(', '))}`)
 console.log(`\n   ${dim('Next steps:')}\n`)
 console.log(`   cd ${projectName}`)
 console.log(`   bun mantiq migrate`)

package/src/templates.ts CHANGED Viewed

@@ -1,8 +1,13 @@
+export type Theme = 'default' | 'minimal' | 'workspace' | 'corporate' | 'starter'
 export interface TemplateContext {
   name: string
   appKey: string
   kit?: 'react' | 'vue' | 'svelte' | undefined
-  ui?: 'shadcn' | 'none'
+  ui: 'shadcn' | 'tailwind'
+  theme: Theme
+  auth: 'builtin' | 'none'
+  optionalPackages: string[]
 }
 /**
@@ -21,7 +26,7 @@ export function getTemplates(ctx: TemplateContext): Record<string, string> {
   // ── package.json (always dynamic — name + deps) ────────────────────────
   const baseDeps: Record<string, string> = {
-    '@mantiq/auth': '^0.5.0',
+    ...(ctx.auth !== 'none' ? { '@mantiq/auth': '^0.5.0' } : {}),
     '@mantiq/cli': '^0.5.0',
     '@mantiq/core': '^0.5.0',
     '@mantiq/database': '^0.5.0',
@@ -37,6 +42,7 @@ export function getTemplates(ctx: TemplateContext): Record<string, string> {
     '@mantiq/notify': '^0.5.0',
     '@mantiq/search': '^0.5.0',
     '@mantiq/health': '^0.5.0',
+    ...(ctx.optionalPackages.includes('ai') ? { '@mantiq/ai': '^0.5.0' } : {}),
   }
   const baseDevDeps: Record<string, string> = {
@@ -60,11 +66,23 @@ export function getTemplates(ctx: TemplateContext): Record<string, string> {
       ? { 'vue': '^3.5.0', '@vitejs/plugin-vue': '^6.0.0' }
       : { 'svelte': '^5.0.0', '@sveltejs/vite-plugin-svelte': '^7.0.0' }
+    const shadcnOnly = ctx.ui === 'shadcn'
     const uiDeps: Record<string, string> = ctx.kit === 'react'
-      ? { 'clsx': '^2.1.0', 'tailwind-merge': '^2.6.0', 'class-variance-authority': '^0.7.1', 'lucide-react': '^0.577.0', 'radix-ui': '^1.4.0' }
+      ? {
+          'clsx': '^2.1.0', 'tailwind-merge': '^2.6.0',
+          ...(shadcnOnly ? { 'class-variance-authority': '^0.7.1', 'lucide-react': '^0.577.0', 'radix-ui': '^1.4.0' } : {}),
+        }
       : ctx.kit === 'vue'
-      ? { 'clsx': '^2.1.0', 'tailwind-merge': '^3.5.0', 'class-variance-authority': '^0.7.1', 'lucide-vue-next': '^0.577.0', 'reka-ui': '^2.9.0', 'tw-animate-css': '^1.4.0', '@tanstack/vue-table': '^8.0.0' }
-      : { 'clsx': '^2.1.0', 'tailwind-merge': '^2.6.0', 'tailwind-variants': '^3.2.0', 'lucide-svelte': '^0.577.0', '@lucide/svelte': '^0.577.0', 'bits-ui': '^2.16.0' }
+      ? {
+          'clsx': '^2.1.0', 'tailwind-merge': '^3.5.0',
+          ...(shadcnOnly ? { 'class-variance-authority': '^0.7.1', 'lucide-vue-next': '^0.577.0', 'reka-ui': '^2.9.0' } : {}),
+          'tw-animate-css': '^1.4.0', '@tanstack/vue-table': '^8.0.0',
+        }
+      : {
+          'clsx': '^2.1.0', 'tailwind-merge': '^2.6.0',
+          ...(shadcnOnly ? { 'tailwind-variants': '^3.2.0', 'lucide-svelte': '^0.577.0', '@lucide/svelte': '^0.577.0', 'bits-ui': '^2.16.0' } : {}),
+        }
     Object.assign(baseDeps, {
       '@mantiq/vite': '^0.5.0',

package/src/terminal.ts CHANGED Viewed

@@ -96,6 +96,68 @@ export class Terminal {
     })
   }
+  /** Checkbox-style multi-select prompt */
+  async multiSelect(label: string, options: SelectOption[]): Promise<string[]> {
+    let cursor = 0
+    const checked = new Set<number>()
+    const render = () => {
+      let out = `   ${EMERALD}◆${R}  ${BOLD}${label}${R}\n`
+      for (let i = 0; i < options.length; i++) {
+        const opt = options[i]!
+        const active = i === cursor
+        const isChecked = checked.has(i)
+        const box = isChecked ? `${EMERALD}\u2611${R}` : `${GRAY}\u2610${R}`
+        const text = active ? `${WHITE}${BOLD}${opt.label}${R}` : `${GRAY}${opt.label}${R}`
+        const hint = opt.hint ? `  ${DIM}${opt.hint}${R}` : ''
+        out += `      ${box}  ${text}${hint}\n`
+      }
+      out += `\n`
+      return out
+    }
+    const lines = options.length + 2
+    write(render())
+    if (process.stdin.isTTY) process.stdin.setRawMode(true)
+    write(HIDE_CURSOR)
+    return new Promise<string[]>((resolve) => {
+      const onData = (buf: Buffer) => {
+        const key = buf.toString()
+        if (key === '\x1b[A' || key === 'k') {
+          cursor = (cursor - 1 + options.length) % options.length
+        } else if (key === '\x1b[B' || key === 'j') {
+          cursor = (cursor + 1) % options.length
+        } else if (key === ' ') {
+          if (checked.has(cursor)) checked.delete(cursor)
+          else checked.add(cursor)
+        } else if (key === '\r' || key === '\n') {
+          process.stdin.removeListener('data', onData)
+          if (process.stdin.isTTY) process.stdin.setRawMode(false)
+          write(SHOW_CURSOR)
+          write(UP(lines) + CLEAR_LINE)
+          for (let i = 0; i < lines; i++) write(`${CLEAR_LINE}\n`)
+          write(UP(lines))
+          const selected = [...checked].sort().map(i => options[i]!.label)
+          const summary = selected.length > 0 ? selected.join(', ') : 'None'
+          write(`   ${EMERALD}\u25C7${R}  ${label}  ${EMERALD}${summary}${R}\n\n`)
+          resolve([...checked].sort().map(i => options[i]!.value))
+          return
+        } else if (key === '\x03') {
+          process.stdin.removeListener('data', onData)
+          if (process.stdin.isTTY) process.stdin.setRawMode(false)
+          write(SHOW_CURSOR + '\n')
+          process.exit(0)
+        }
+        write(UP(lines))
+        write(render())
+      }
+      process.stdin.on('data', onData)
+      process.stdin.resume()
+    })
+  }
   /** Yes/No confirm prompt */
   async confirm(label: string, defaultVal = false): Promise<boolean> {
     const options: SelectOption[] = [

package/stubs/auth/api/app/Http/Controllers/ApiAuthController.ts.stub ADDED Viewed

@@ -0,0 +1,57 @@
+import type { MantiqRequest } from '@mantiq/core'
+import { json, hash, hashCheck, abort } from '@mantiq/core'
+import { auth } from '@mantiq/auth'
+import { User } from '../../Models/User.ts'
+/**
+ * Sanctum-style token authentication for API-only apps.
+ * Issues bearer tokens instead of session cookies.
+ */
+export class ApiAuthController {
+  async register(request: MantiqRequest, data: Record<string, any>): Promise<Response> {
+    if (await User.where('email', data.email).first()) abort(422, 'A user with this email already exists.')
+    const user = await User.create({
+      name: data.name,
+      email: data.email,
+      password: await hash(data.password),
+    })
+    const { plainTextToken } = await user.createToken(data.device_name ?? 'api')
+    return json({ message: 'Registered.', user: user.toObject(), token: plainTextToken }, 201)
+  }
+  async login(request: MantiqRequest, data: Record<string, any>): Promise<Response> {
+    const user = await User.where('email', data.email).first()
+    if (!user || !(await hashCheck(data.password, user.getAuthPassword()))) {
+      abort(401, 'Invalid credentials.')
+    }
+    const { plainTextToken } = await user!.createToken(data.device_name ?? 'api')
+    return json({ message: 'Logged in.', user: user!.toObject(), token: plainTextToken })
+  }
+  async logout(request: MantiqRequest): Promise<Response> {
+    const manager = auth()
+    manager.setRequest(request)
+    const user = await manager.guard('api').user()
+    if (user) {
+      const token = user.currentAccessToken?.()
+      if (token) await token.delete()
+    }
+    return json({ message: 'Token revoked.' })
+  }
+  async user(request: MantiqRequest): Promise<Response> {
+    const manager = auth()
+    manager.setRequest(request)
+    const user = await manager.guard('api').user()
+    if (!user) abort(401, 'Unauthenticated.')
+    return json({ user: user!.toObject() })
+  }
+}

package/stubs/auth/api/routes/api.ts.stub ADDED Viewed

@@ -0,0 +1,24 @@
+import type { Router } from '@mantiq/core'
+import { json } from '@mantiq/core'
+import { ApiAuthController } from '../app/Http/Controllers/ApiAuthController.ts'
+import { UserController } from '../app/Http/Controllers/UserController.ts'
+import { RegisterRequest } from '../app/Http/Requests/RegisterRequest.ts'
+import { LoginRequest } from '../app/Http/Requests/LoginRequest.ts'
+import { StoreUserRequest } from '../app/Http/Requests/StoreUserRequest.ts'
+import { UpdateUserRequest } from '../app/Http/Requests/UpdateUserRequest.ts'
+export default function (router: Router) {
+  router.get('/ping', () => json({ status: 'ok', timestamp: new Date().toISOString() }))
+  // Token auth — FormRequest auto-validates, controller receives validated data
+  router.post('/register', [ApiAuthController, 'register', RegisterRequest])
+  router.post('/login', [ApiAuthController, 'login', LoginRequest])
+  router.post('/logout', [ApiAuthController, 'logout']).middleware('auth:api')
+  router.get('/user', [ApiAuthController, 'user']).middleware('auth:api')
+  // Users CRUD (protected)
+  router.get('/users', [UserController, 'index']).middleware('auth:api')
+  router.post('/users', [UserController, 'store', StoreUserRequest]).middleware('auth:api')
+  router.put('/users/:id', [UserController, 'update', UpdateUserRequest]).middleware('auth:api')
+  router.delete('/users/:id', [UserController, 'destroy']).middleware('auth:api')
+}

package/stubs/auth/api/tests/feature/token-auth.test.ts.stub ADDED Viewed

@@ -0,0 +1,69 @@
+import { describe, test, expect } from 'bun:test'
+import { TestCase } from '@mantiq/testing'
+const t = new TestCase()
+t.refreshDatabase = true
+t.setup()
+const user = {
+  name: 'API User',
+  email: 'api@example.com',
+  password: 'password123',
+}
+describe('Token Authentication', () => {
+  test('can register and receive a token', async () => {
+    const res = await t.client.post('/api/register', user)
+    res.assertCreated()
+    await res.assertJsonHasKey('token')
+    const data = await res.json()
+    expect(data.token).toContain('|')
+  })
+  test('can login and receive a token', async () => {
+    await t.client.post('/api/register', user)
+    const res = await t.client.post('/api/login', {
+      email: user.email,
+      password: user.password,
+    })
+    res.assertOk()
+    await res.assertJsonHasKey('token')
+  })
+  test('cannot login with wrong credentials', async () => {
+    await t.client.post('/api/register', user)
+    const res = await t.client.post('/api/login', {
+      email: user.email,
+      password: 'wrong',
+    })
+    res.assertUnauthorized()
+  })
+  test('can access protected route with bearer token', async () => {
+    const regRes = await t.client.post('/api/register', user)
+    const { token } = await regRes.json()
+    t.client.withToken(token)
+    const res = await t.client.get('/api/user')
+    res.assertOk()
+    await res.assertJsonPath('user.email', user.email)
+  })
+  test('cannot access protected route without token', async () => {
+    const res = await t.client.get('/api/user')
+    res.assertUnauthorized()
+  })
+  test('can logout (revoke token)', async () => {
+    const regRes = await t.client.post('/api/register', user)
+    const { token } = await regRes.json()
+    t.client.withToken(token)
+    const logoutRes = await t.client.post('/api/logout')
+    logoutRes.assertOk()
+    // Token should be revoked
+    const userRes = await t.client.get('/api/user')
+    userRes.assertUnauthorized()
+  })
+})

package/stubs/auth/shared/app/Http/Requests/LoginRequest.ts.stub ADDED Viewed

@@ -0,0 +1,10 @@
+import { FormRequest } from '@mantiq/validation'
+export class LoginRequest extends FormRequest {
+  override rules() {
+    return {
+      email: 'required|email',
+      password: 'required|string',
+    }
+  }
+}

package/stubs/auth/shared/app/Http/Requests/RegisterRequest.ts.stub ADDED Viewed

@@ -0,0 +1,11 @@
+import { FormRequest } from '@mantiq/validation'
+export class RegisterRequest extends FormRequest {
+  override rules() {
+    return {
+      name: 'required|string|max:255',
+      email: 'required|email|max:255',
+      password: 'required|string|min:6',
+    }
+  }
+}