create-nara 1.0.35 → 1.0.36

package/dist/template.js

@@ -102,6 +102,9 @@ function createPackageJson(name, mode, features) {
         pkg.devDependencies['vite'] = '^6.0.0';
         pkg.devDependencies['@vitejs/plugin-vue'] = '^5.0.0';
         pkg.devDependencies['concurrently'] = '^9.0.0';
+        pkg.devDependencies['tailwindcss'] = '^4.0.0';
+        pkg.devDependencies['@tailwindcss/postcss'] = '^4.0.0';
+        pkg.devDependencies['autoprefixer'] = '^10.4.20';
     }
     if (features.includes('db')) {
         pkg.dependencies['knex'] = '^3.1.0';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-nara",
-  "version": "1.0.35",
+  "version": "1.0.36",
   "description": "CLI to scaffold NARA projects",
   "type": "module",
   "bin": {

package/templates/features/auth/app/controllers/AuthController.ts

@@ -1,4 +1,4 @@
-import { BaseController, jsonSuccess, jsonError, ValidationError } from '@nara-web/core';
+import { BaseController, jsonSuccess, jsonError } from '@nara-web/core';
 import type { NaraRequest, NaraResponse } from '@nara-web/core';
 import { UserModel } from '../models/User.js';
 import bcrypt from 'bcrypt';
@@ -20,13 +20,16 @@ export class AuthController extends BaseController {
     const { email, password } = await req.json();
 
     if (!email || !password) {
-      throw new ValidationError({ email: ['Email and password are required'] });
+      // Set error cookie and redirect back (Inertia pattern)
+      res.cookie('error', 'Email and password are required', 5000);
+      return res.redirect('/login');
     }
 
     // Find user by email
     const user = await UserModel.findByEmail(email);
     if (!user || !await bcrypt.compare(password, user.password)) {
-      throw new ValidationError({ email: ['Invalid credentials'] });
+      res.cookie('error', 'Invalid credentials', 5000);
+      return res.redirect('/login');
     }
 
     // Generate JWT token with user info
@@ -39,27 +42,23 @@ export class AuthController extends BaseController {
     // Set auth cookie for web routes (maxAge in ms)
     res.cookie('auth_token', token, JWT_EXPIRES_SECONDS * 1000, COOKIE_OPTIONS);
 
-    return jsonSuccess(res, {
-      user: { id: user.id, email: user.email, name: user.name },
-      redirect: '/dashboard'
-    }, 'Login successful');
+    // Redirect to dashboard (Inertia will handle it)
+    return res.redirect('/dashboard');
   }
 
   async register(req: NaraRequest, res: NaraResponse) {
     const { name, email, password } = await req.json();
 
     if (!name || !email || !password) {
-      throw new ValidationError({
-        name: !name ? ['Name is required'] : [],
-        email: !email ? ['Email is required'] : [],
-        password: !password ? ['Password is required'] : [],
-      });
+      res.cookie('error', 'Name, email and password are required', 5000);
+      return res.redirect('/register');
     }
 
     // Check if email already exists
     const existing = await UserModel.findByEmail(email);
     if (existing) {
-      throw new ValidationError({ email: ['Email already registered'] });
+      res.cookie('error', 'Email already registered', 5000);
+      return res.redirect('/register');
     }
 
     // Hash password
@@ -78,10 +77,8 @@ export class AuthController extends BaseController {
     // Set auth cookie for web routes (maxAge in ms)
     res.cookie('auth_token', token, JWT_EXPIRES_SECONDS * 1000, COOKIE_OPTIONS);
 
-    return jsonSuccess(res, {
-      user: { id: userId, email, name },
-      redirect: '/dashboard'
-    }, 'Registration successful');
+    // Redirect to dashboard
+    return res.redirect('/dashboard');
   }
 
   async me(req: NaraRequest, res: NaraResponse) {
@@ -98,46 +95,36 @@ export class AuthController extends BaseController {
     // Clear auth cookie (set maxAge to 0)
     res.cookie('auth_token', '', 0, COOKIE_OPTIONS);
 
-    return jsonSuccess(res, { redirect: '/login' }, 'Logged out successfully');
+    // Redirect to login
+    return res.redirect('/login');
   }
 
   async forgotPassword(req: NaraRequest, res: NaraResponse) {
     const { email } = await req.json();
 
     if (!email) {
-      throw new ValidationError({ email: ['Email is required'] });
+      res.cookie('error', 'Email is required', 5000);
+      return res.redirect('/forgot-password');
     }
 
     // TODO: Implement actual password reset email sending
-    // const user = await UserModel.findByEmail(email);
-    // if (user) {
-    //   const token = generateResetToken();
-    //   await sendResetEmail(user.email, token);
-    // }
-
-    // Always return success to prevent email enumeration
-    return jsonSuccess(res, {}, 'If an account exists with this email, a reset link has been sent.');
+
+    // Set success message and redirect
+    res.cookie('success', 'If an account exists with this email, a reset link has been sent.', 5000);
+    return res.redirect('/login');
   }
 
   async resetPassword(req: NaraRequest, res: NaraResponse) {
     const { token, password } = await req.json();
 
     if (!token || !password) {
-      throw new ValidationError({
-        token: !token ? ['Reset token is required'] : [],
-        password: !password ? ['Password is required'] : [],
-      });
+      res.cookie('error', 'Reset token and password are required', 5000);
+      return res.redirect('/forgot-password');
     }
 
     // TODO: Implement actual password reset
-    // const resetRecord = await PasswordReset.findByToken(token);
-    // if (!resetRecord || resetRecord.expired) {
-    //   throw new ValidationError({ token: ['Invalid or expired reset token'] });
-    // }
-    // const hashedPassword = await bcrypt.hash(password, 10);
-    // await UserModel.updatePassword(resetRecord.userId, hashedPassword);
-    // await PasswordReset.delete(token);
-
-    return jsonSuccess(res, { redirect: '/login' }, 'Password has been reset successfully.');
+
+    res.cookie('success', 'Password has been reset successfully.', 5000);
+    return res.redirect('/login');
   }
 }

package/templates/features/auth/app/controllers/ProfileController.ts

@@ -1,4 +1,4 @@
-import { BaseController, jsonSuccess, jsonError, ValidationError } from '@nara-web/core';
+import { BaseController, jsonSuccess, jsonError } from '@nara-web/core';
 import type { NaraRequest, NaraResponse } from '@nara-web/core';
 import { UserModel } from '../models/User.js';
 import bcrypt from 'bcrypt';
@@ -21,62 +21,58 @@ export class ProfileController extends BaseController {
   async update(req: NaraRequest, res: NaraResponse) {
     const user = req.user;
     if (!user) {
-      return res.status(401).json({ success: false, message: 'Unauthorized' });
+      return res.redirect('/login');
     }
 
     const { name, email, phone } = await req.json();
 
     if (!name || !email) {
-      throw new ValidationError({
-        name: !name ? ['Name is required'] : [],
-        email: !email ? ['Email is required'] : [],
-      });
+      res.cookie('error', 'Name and email are required', 5000);
+      return res.redirect('/profile');
     }
 
     // Update user in database
     await UserModel.update(user.id, { name, email, phone });
 
-    return jsonSuccess(res, {
-      user: { ...user, name, email, phone }
-    }, 'Profile updated successfully');
+    res.cookie('success', 'Profile updated successfully', 5000);
+    return res.redirect('/profile');
   }
 
   async changePassword(req: NaraRequest, res: NaraResponse) {
     const user = req.user;
     if (!user) {
-      return res.status(401).json({ success: false, message: 'Unauthorized' });
+      return res.redirect('/login');
     }
 
     const { current_password, new_password } = await req.json();
 
     if (!current_password || !new_password) {
-      throw new ValidationError({
-        current_password: !current_password ? ['Current password is required'] : [],
-        new_password: !new_password ? ['New password is required'] : [],
-      });
+      res.cookie('error', 'Current password and new password are required', 5000);
+      return res.redirect('/profile');
     }
 
     if (new_password.length < 6) {
-      throw new ValidationError({
-        new_password: ['Password must be at least 6 characters'],
-      });
+      res.cookie('error', 'Password must be at least 6 characters', 5000);
+      return res.redirect('/profile');
     }
 
     // Verify current password and update
     const dbUser = await UserModel.findById(user.id);
     if (!dbUser || !await bcrypt.compare(current_password, dbUser.password)) {
-      throw new ValidationError({ current_password: ['Current password is incorrect'] });
+      res.cookie('error', 'Current password is incorrect', 5000);
+      return res.redirect('/profile');
     }
     const hashedPassword = await bcrypt.hash(new_password, 10);
     await UserModel.update(user.id, { password: hashedPassword });
 
-    return jsonSuccess(res, {}, 'Password changed successfully');
+    res.cookie('success', 'Password changed successfully', 5000);
+    return res.redirect('/profile');
   }
 
   async uploadAvatar(req: NaraRequest, res: NaraResponse) {
     const user = req.user;
     if (!user) {
-      return res.status(401).json({ success: false, message: 'Unauthorized' });
+      return res.redirect('/login');
     }
 
     try {
@@ -84,13 +80,15 @@ export class ProfileController extends BaseController {
       const buffer = await req.buffer();
 
       if (!buffer || buffer.length === 0) {
-        return jsonError(res, 'No file uploaded', 400);
+        res.cookie('error', 'No file uploaded', 5000);
+        return res.redirect('/profile');
       }
 
       // Extract image from multipart form data
       const boundary = req.headers['content-type']?.split('boundary=')[1];
       if (!boundary) {
-        return jsonError(res, 'Invalid multipart form data', 400);
+        res.cookie('error', 'Invalid multipart form data', 5000);
+        return res.redirect('/profile');
       }
 
       // Find image data in multipart
@@ -109,7 +107,8 @@ export class ProfileController extends BaseController {
       }
 
       if (!imageBuffer) {
-        return jsonError(res, 'No image found in upload', 400);
+        res.cookie('error', 'No image found in upload', 5000);
+        return res.redirect('/profile');
       }
 
       // Generate unique filename
@@ -127,6 +126,7 @@ export class ProfileController extends BaseController {
       // Update user avatar in database
       await UserModel.update(user.id, { avatar: avatarUrl });
 
+      // Return JSON for AJAX upload (not redirect)
       return jsonSuccess(res, { url: avatarUrl }, 'Avatar uploaded successfully');
     } catch (error) {
       console.error('Avatar upload error:', error);

package/templates/vue/app/services/View.ts

@@ -0,0 +1,71 @@
+import { readFileSync } from "fs";
+import path from "path";
+
+const templateCache: { [key: string]: string } = {};
+
+function getViewsDirectory() {
+   return process.env.NODE_ENV === 'development' ? "resources/views" : "dist/views";
+}
+
+function loadTemplate(filename: string): string {
+   const directory = getViewsDirectory();
+   const key = path.join(directory, filename);
+   if (!templateCache[key]) {
+      templateCache[key] = readFileSync(key, "utf8");
+   }
+   return templateCache[key];
+}
+
+function escapeHtml(value: string): string {
+   return value
+      .replace(/&/g, "&")
+      .replace(/</g, "&lt;")
+      .replace(/>/g, "&gt;")
+      .replace(/\"/g, "&quot;")
+      .replace(/'/g, "&#039;");
+}
+
+function getViteScripts(): string {
+   const isDev = process.env.NODE_ENV !== 'production';
+   if (isDev) {
+      return `
+         <script type="module" src="http://localhost:5173/@vite/client"></script>
+         <script type="module" src="http://localhost:5173/resources/js/app.ts"></script>
+      `;
+   }
+   // For production, read manifest and generate script tags
+   try {
+      const manifest = JSON.parse(readFileSync('public/build/.vite/manifest.json', 'utf8'));
+      const entry = manifest['resources/js/app.ts'];
+      if (entry) {
+         return `<script type="module" src="/build/${entry.file}"></script>`;
+      }
+   } catch {
+      // Fallback
+   }
+   return '';
+}
+
+export function view(filename: string, view_data?: any) {
+   const baseTemplate = loadTemplate(filename);
+   let html = baseTemplate;
+
+   // Replace @vite placeholder with Vite scripts
+   html = html.replace('@vite', getViteScripts());
+
+   // Replace @inertia placeholder with inertia root div
+   if (view_data?.page) {
+      html = html.replace('@inertia', `<div id="app" data-page='${view_data.page}'></div>`);
+   } else {
+      html = html.replace('@inertia', '<div id="app"></div>');
+   }
+
+   // Handle other template variables
+   if (view_data) {
+      if (typeof view_data.title === "string") {
+         html = html.replace("{{it.title}}", escapeHtml(view_data.title));
+      }
+   }
+
+   return html;
+}

package/templates/vue/postcss.config.js

@@ -0,0 +1,5 @@
+export default {
+  plugins: {
+    '@tailwindcss/postcss': {},
+  },
+}

package/templates/vue/resources/js/components/NaraIcon.vue

@@ -1,5 +1,5 @@
 <template>
   <span class="flex gap-2 items-center">
-    <img class="h-12 w-12 rounded-2xl" src="/public/nara.png" alt="Nara logo" />
+    <img class="h-12 w-12 rounded-2xl" src="/nara.png" alt="Nara logo" />
   </span>
 </template>

package/templates/vue/routes/web.ts

@@ -25,7 +25,7 @@ export function registerRoutes(app: NaraApp) {
     (res as InertiaResponse).inertia('landing', { title: 'Welcome to NARA' });
   });
 
-  // Guest only
+  // Guest only - Pages
   app.get('/login', guestMiddleware as any, (req, res: any) => {
     (res as InertiaResponse).inertia('auth/login');
   });
@@ -39,7 +39,14 @@ export function registerRoutes(app: NaraApp) {
     (res as InertiaResponse).inertia('auth/reset-password', { token: req.params.token });
   });
 
-  // Protected
+  // Auth Form Actions (same path as pages - for Inertia form handling)
+  app.post('/login', wrapHandler((req, res) => auth.login(req, res)));
+  app.post('/register', wrapHandler((req, res) => auth.register(req, res)));
+  app.post('/logout', wrapHandler((req, res) => auth.logout(req, res)));
+  app.post('/forgot-password', wrapHandler((req, res) => auth.forgotPassword(req, res)));
+  app.post('/reset-password', wrapHandler((req, res) => auth.resetPassword(req, res)));
+
+  // Protected - Pages
   app.get('/dashboard', webAuthMiddleware as any, (req, res: any) => {
     (res as InertiaResponse).inertia('dashboard');
   });
@@ -82,13 +89,13 @@ export function registerRoutes(app: NaraApp) {
     const total = Number(totalCount);
 
     // Apply pagination and ordering
-    const users = await query
+    const usersData = await query
       .orderBy('created_at', 'desc')
       .limit(limit)
       .offset(offset);
 
     // Transform users to include is_admin and is_verified flags
-    const transformedUsers = users.map((user: any) => ({
+    const transformedUsers = usersData.map((user: any) => ({
       ...user,
       is_admin: user.role === 'admin',
       is_verified: !!user.email_verified_at
@@ -112,8 +119,16 @@ export function registerRoutes(app: NaraApp) {
     (res as InertiaResponse).inertia('profile');
   });
 
+  // Protected Form Actions (same path pattern - for Inertia form handling)
+  app.post('/change-profile', webAuthMiddleware as any, wrapHandler((req, res) => profile.update(req, res)));
+  app.post('/change-password', webAuthMiddleware as any, wrapHandler((req, res) => profile.changePassword(req, res)));
+  app.post('/users', webAuthMiddleware as any, wrapHandler((req, res) => users.store(req, res)));
+  app.put('/users/:id', webAuthMiddleware as any, wrapHandler((req, res) => users.update(req, res)));
+  app.delete('/users', webAuthMiddleware as any, wrapHandler((req, res) => users.destroy(req, res)));
+  app.post('/assets/avatar', webAuthMiddleware as any, wrapHandler((req, res) => profile.uploadAvatar(req, res)));
+
 
-  // --- API Routes ---
+  // --- API Routes (for programmatic access) ---
 
   // Auth
   app.post('/api/auth/login', wrapHandler((req, res) => auth.login(req, res)));
@@ -143,4 +158,12 @@ export function registerRoutes(app: NaraApp) {
     const filePath = req.path.replace('/uploads/', '');
     res.sendFile(`uploads/${filePath}`);
   });
+  app.get('/public/*', (req, res) => {
+    const filePath = req.path.replace('/public/', '');
+    res.sendFile(`public/${filePath}`);
+  });
+  app.get('/storage/*', (req, res) => {
+    const filePath = req.path.replace('/storage/', '');
+    res.sendFile(`storage/${filePath}`);
+  });
 }

package/templates/vue/server.ts

@@ -2,10 +2,11 @@ import 'dotenv/config';
 import { createApp, jsonError } from '@nara-web/core';
 import { vueAdapter } from '@nara-web/inertia-vue';
 import { registerRoutes } from './routes/web.js';
+import { view } from './app/services/View.js';
 
 const app = createApp({
   port: Number(process.env.PORT) || 3000,
-  adapter: vueAdapter()
+  adapter: vueAdapter({ viewFn: view } as any)
 });
 
 // Global error handler