create-nara 1.0.36 → 1.0.38

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-nara",
-  "version": "1.0.36",
+  "version": "1.0.38",
   "description": "CLI to scaffold NARA projects",
   "type": "module",
   "bin": {

package/templates/features/auth/app/controllers/OAuthController.ts

@@ -0,0 +1,148 @@
+/**
+ * OAuthController
+ *
+ * Handles OAuth authentication flows:
+ * - Google OAuth redirect
+ * - Google OAuth callback
+ */
+import { BaseController } from '@nara-web/core';
+import type { NaraRequest, NaraResponse } from '@nara-web/core';
+import { UserModel } from '../models/User.js';
+import { redirectParamsURL } from '../services/GoogleAuth.js';
+import bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+import { randomUUID } from 'crypto';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
+const JWT_EXPIRES_SECONDS = 7 * 24 * 60 * 60; // 7 days in seconds
+
+// Cookie options for auth token
+const COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env.NODE_ENV === 'production',
+  sameSite: 'lax' as const,
+  path: '/',
+};
+
+interface GoogleTokenResponse {
+  access_token: string;
+  expires_in: number;
+  token_type: string;
+  scope: string;
+  refresh_token?: string;
+}
+
+interface GoogleUserInfo {
+  id: string;
+  email: string;
+  verified_email: boolean;
+  name: string;
+  given_name?: string;
+  family_name?: string;
+  picture?: string;
+}
+
+export class OAuthController extends BaseController {
+  /**
+   * Redirect to Google OAuth
+   */
+  async googleRedirect(req: NaraRequest, res: NaraResponse) {
+    const params = redirectParamsURL();
+    const googleLoginUrl = `https://accounts.google.com/o/oauth2/v2/auth?${params}`;
+    return res.redirect(googleLoginUrl);
+  }
+
+  /**
+   * Handle Google OAuth callback
+   */
+  async googleCallback(req: NaraRequest, res: NaraResponse) {
+    const { code } = req.query;
+
+    if (!code) {
+      res.cookie('error', 'Authorization code not provided', 5000);
+      return res.redirect('/login');
+    }
+
+    try {
+      // Exchange authorization code for access token
+      const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+          client_id: process.env.GOOGLE_CLIENT_ID || '',
+          client_secret: process.env.GOOGLE_CLIENT_SECRET || '',
+          redirect_uri: process.env.GOOGLE_REDIRECT_URI || '',
+          grant_type: 'authorization_code',
+          code: code as string,
+        }),
+      });
+
+      if (!tokenResponse.ok) {
+        res.cookie('error', 'Failed to exchange authorization code', 5000);
+        return res.redirect('/login');
+      }
+
+      const tokenData: GoogleTokenResponse = await tokenResponse.json();
+
+      // Get user info from Google
+      const userResponse = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
+        headers: {
+          Authorization: `Bearer ${tokenData.access_token}`,
+        },
+      });
+
+      if (!userResponse.ok) {
+        res.cookie('error', 'Failed to get user info from Google', 5000);
+        return res.redirect('/login');
+      }
+
+      const userData: GoogleUserInfo = await userResponse.json();
+      const email = userData.email.toLowerCase();
+      const name = userData.name;
+
+      // Check if user exists
+      let user = await UserModel.findByEmail(email);
+
+      if (!user) {
+        // Create new user
+        const userId = randomUUID();
+        const hashedPassword = await bcrypt.hash(email + Date.now(), 10);
+
+        await UserModel.create({
+          id: userId,
+          email,
+          password: hashedPassword,
+          name,
+          role: 'user',
+          email_verified_at: userData.verified_email ? new Date().toISOString() : null,
+        });
+
+        user = await UserModel.findById(userId);
+      }
+
+      if (!user) {
+        res.cookie('error', 'Failed to create or find user', 5000);
+        return res.redirect('/login');
+      }
+
+      // Generate JWT token
+      const token = jwt.sign(
+        { userId: user.id, email: user.email, name: user.name },
+        JWT_SECRET,
+        { expiresIn: JWT_EXPIRES_SECONDS }
+      );
+
+      // Set auth cookie
+      res.cookie('auth_token', token, JWT_EXPIRES_SECONDS * 1000, COOKIE_OPTIONS);
+
+      // Redirect to dashboard
+      return res.redirect('/dashboard');
+    } catch (error) {
+      console.error('Google OAuth error:', error);
+      res.cookie('error', 'Authentication failed', 5000);
+      return res.redirect('/login');
+    }
+  }
+}

package/templates/features/auth/app/services/GoogleAuth.ts

@@ -0,0 +1,33 @@
+/**
+ * Google OAuth Authentication Service
+ * Handles URL parameter generation for Google OAuth authentication flow.
+ */
+
+/**
+ * Generates the URL parameters required for initiating Google OAuth authentication.
+ *
+ * @returns A URL-encoded string containing all necessary OAuth parameters
+ *
+ * Parameters included:
+ * - client_id: Your application's Google Client ID
+ * - redirect_uri: The URL where Google will redirect after authentication
+ * - scope: The permissions requested from the user
+ *   - userinfo.email: Access to user's email
+ *   - userinfo.profile: Access to user's basic profile info
+ * - response_type: Set to 'code' for authorization code flow
+ * - access_type: Set to 'offline' to receive a refresh token
+ * - prompt: Set to 'consent' to always show the consent screen
+ */
+export function redirectParamsURL(): string {
+  return new URLSearchParams({
+    client_id: process.env.GOOGLE_CLIENT_ID || '',
+    redirect_uri: process.env.GOOGLE_REDIRECT_URI || '',
+    scope: [
+      'https://www.googleapis.com/auth/userinfo.email',
+      'https://www.googleapis.com/auth/userinfo.profile',
+    ].join(' '),
+    response_type: 'code',
+    access_type: 'offline',
+    prompt: 'consent',
+  }).toString();
+}

package/templates/svelte/env.example

@@ -18,3 +18,8 @@ JWT_EXPIRES_IN=7d
 # Session
 SESSION_SECRET=change-me-to-random-session-secret
 SESSION_NAME=nara_session
+
+# Google OAuth (optional)
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+GOOGLE_REDIRECT_URI=http://localhost:3000/google/callback

package/templates/svelte/routes/web.ts

@@ -3,6 +3,7 @@ import { AuthController } from '../app/controllers/AuthController.js';
 import { ProfileController } from '../app/controllers/ProfileController.js';
 import { UserController } from '../app/controllers/UserController.js';
 import { UploadController } from '../app/controllers/UploadController.js';
+import { OAuthController } from '../app/controllers/OAuthController.js';
 import { authMiddleware, webAuthMiddleware, guestMiddleware } from '../app/middlewares/auth.js';
 import { wrapHandler } from '../app/utils/route-helper.js';
 import { db } from '../app/config/database.js';
@@ -17,6 +18,7 @@ export function registerRoutes(app: NaraApp) {
   const profile = new ProfileController();
   const users = new UserController();
   const upload = new UploadController();
+  const oauth = new OAuthController();
 
   // --- Page Routes (Inertia) ---
 
@@ -112,6 +114,10 @@ export function registerRoutes(app: NaraApp) {
     (res as InertiaResponse).inertia('profile');
   });
 
+  // --- Google OAuth Routes ---
+  app.get('/google/redirect', wrapHandler((req, res) => oauth.googleRedirect(req, res)));
+  app.get('/google/callback', wrapHandler((req, res) => oauth.googleCallback(req, res)));
+
 
   // --- API Routes ---
 

package/templates/vue/env.example

@@ -18,3 +18,8 @@ JWT_EXPIRES_IN=7d
 # Session
 SESSION_SECRET=change-me-to-random-session-secret
 SESSION_NAME=nara_session
+
+# Google OAuth (optional)
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+GOOGLE_REDIRECT_URI=http://localhost:3000/google/callback

package/templates/vue/routes/web.ts

@@ -3,6 +3,7 @@ import { AuthController } from '../app/controllers/AuthController.js';
 import { ProfileController } from '../app/controllers/ProfileController.js';
 import { UserController } from '../app/controllers/UserController.js';
 import { UploadController } from '../app/controllers/UploadController.js';
+import { OAuthController } from '../app/controllers/OAuthController.js';
 import { authMiddleware, webAuthMiddleware, guestMiddleware } from '../app/middlewares/auth.js';
 import { wrapHandler } from '../app/utils/route-helper.js';
 import { db } from '../app/config/database.js';
@@ -17,6 +18,7 @@ export function registerRoutes(app: NaraApp) {
   const profile = new ProfileController();
   const users = new UserController();
   const upload = new UploadController();
+  const oauth = new OAuthController();
 
   // --- Page Routes (Inertia) ---
 
@@ -119,6 +121,10 @@ export function registerRoutes(app: NaraApp) {
     (res as InertiaResponse).inertia('profile');
   });
 
+  // --- Google OAuth Routes ---
+  app.get('/google/redirect', wrapHandler((req, res) => oauth.googleRedirect(req, res)));
+  app.get('/google/callback', wrapHandler((req, res) => oauth.googleCallback(req, res)));
+
   // Protected Form Actions (same path pattern - for Inertia form handling)
   app.post('/change-profile', webAuthMiddleware as any, wrapHandler((req, res) => profile.update(req, res)));
   app.post('/change-password', webAuthMiddleware as any, wrapHandler((req, res) => profile.changePassword(req, res)));