npm - create-nara - Versions diffs - 1.0.7 → 1.0.8 - Mend

create-nara 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of create-nara might be problematic. Click here for more details.

Files changed (4) hide show

package/package.json +1 -1
package/templates/features/auth/app/controllers/AuthController.ts +45 -13
package/templates/features/auth/app/middlewares/auth.ts +62 -0
package/templates/svelte/routes/web.ts +16 -8

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-nara",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "CLI to scaffold NARA projects",
   "type": "module",
   "bin": {

package/templates/features/auth/app/controllers/AuthController.ts CHANGED Viewed

@@ -4,6 +4,16 @@ import bcrypt from 'bcrypt';
 import jwt from 'jsonwebtoken';
 const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7d';
+// Cookie options for auth token
+const COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env.NODE_ENV === 'production',
+  sameSite: 'lax' as const,
+  maxAge: 7 * 24 * 60 * 60 * 1000, // 7 days in milliseconds
+  path: '/',
+};
 export class AuthController extends BaseController {
   async login(req: NaraRequest, res: NaraResponse) {
@@ -14,15 +24,25 @@ export class AuthController extends BaseController {
     }
     // TODO: Replace with your actual user lookup
-    // const user = await User.findByEmail(email);
+    // const user = await UserModel.findByEmail(email);
     // if (!user || !await bcrypt.compare(password, user.password)) {
-    //   return jsonError(res, 'Invalid credentials', 401);
+    //   throw new ValidationError({ email: ['Invalid credentials'] });
     // }
-    // Example: Generate JWT token
-    const token = jwt.sign({ userId: 1, email }, JWT_SECRET, { expiresIn: '7d' });
+    // Example: Generate JWT token with user info
+    const token = jwt.sign(
+      { userId: 1, email, name: 'Demo User' },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN }
+    );
+    // Set auth cookie for web routes
+    res.cookie('auth_token', token, COOKIE_OPTIONS);
-    return jsonSuccess(res, { token, message: 'Login successful' });
+    return jsonSuccess(res, {
+      user: { id: 1, email, name: 'Demo User' },
+      redirect: '/dashboard'
+    }, 'Login successful');
   }
   async register(req: NaraRequest, res: NaraResponse) {
@@ -40,15 +60,25 @@ export class AuthController extends BaseController {
     const hashedPassword = await bcrypt.hash(password, 10);
     // TODO: Replace with your actual user creation
-    // const user = await User.create({ name, email, password: hashedPassword });
-    const token = jwt.sign({ userId: 1, email }, JWT_SECRET, { expiresIn: '7d' });
-    return jsonSuccess(res, { token }, 'Registration successful');
+    // const user = await UserModel.create({ name, email, password: hashedPassword });
+    // Generate JWT token
+    const token = jwt.sign(
+      { userId: 1, email, name },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN }
+    );
+    // Set auth cookie for web routes
+    res.cookie('auth_token', token, COOKIE_OPTIONS);
+    return jsonSuccess(res, {
+      user: { id: 1, email, name },
+      redirect: '/dashboard'
+    }, 'Registration successful');
   }
   async me(req: NaraRequest, res: NaraResponse) {
-    // TODO: Get user from JWT token in auth middleware
     const user = req.user;
     if (!user) {
@@ -59,7 +89,9 @@ export class AuthController extends BaseController {
   }
   async logout(req: NaraRequest, res: NaraResponse) {
-    // For JWT, logout is typically handled client-side by removing the token
-    return jsonSuccess(res, { message: 'Logged out successfully' });
+    // Clear auth cookie
+    res.cookie('auth_token', '', { ...COOKIE_OPTIONS, maxAge: 0 });
+    return jsonSuccess(res, { redirect: '/login' }, 'Logged out successfully');
   }
 }

package/templates/features/auth/app/middlewares/auth.ts CHANGED Viewed

@@ -3,6 +3,9 @@ import jwt from 'jsonwebtoken';
 const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
+/**
+ * Auth middleware for API routes (Bearer token)
+ */
 export function authMiddleware(req: NaraRequest, res: NaraResponse, next: () => void) {
   const authHeader = req.headers.authorization;
@@ -21,3 +24,62 @@ export function authMiddleware(req: NaraRequest, res: NaraResponse, next: () =>
     res.status(401).json({ error: 'Invalid token' });
   }
 }
+/**
+ * Auth middleware for web/Inertia routes (cookie-based)
+ * Redirects to login if not authenticated
+ */
+export function webAuthMiddleware(req: NaraRequest, res: NaraResponse, next: () => void) {
+  // Check for auth token in cookie
+  const token = req.cookies?.auth_token;
+  if (!token) {
+    // For Inertia requests, redirect to login
+    if (req.headers['x-inertia']) {
+      res.status(409).setHeader('X-Inertia-Location', '/login').send('');
+    } else {
+      res.redirect('/login');
+    }
+    return;
+  }
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET) as { userId: number; email: string; name: string };
+    req.user = { id: decoded.userId, email: decoded.email, name: decoded.name };
+    next();
+  } catch (error) {
+    // Clear invalid token
+    res.cookie('auth_token', '', { maxAge: 0 });
+    if (req.headers['x-inertia']) {
+      res.status(409).setHeader('X-Inertia-Location', '/login').send('');
+    } else {
+      res.redirect('/login');
+    }
+  }
+}
+/**
+ * Guest middleware - only allow unauthenticated users
+ * Redirects to dashboard if already logged in
+ */
+export function guestMiddleware(req: NaraRequest, res: NaraResponse, next: () => void) {
+  const token = req.cookies?.auth_token;
+  if (token) {
+    try {
+      jwt.verify(token, JWT_SECRET);
+      // User is authenticated, redirect to dashboard
+      if (req.headers['x-inertia']) {
+        res.status(409).setHeader('X-Inertia-Location', '/dashboard').send('');
+      } else {
+        res.redirect('/dashboard');
+      }
+      return;
+    } catch {
+      // Invalid token, clear it and continue
+      res.cookie('auth_token', '', { maxAge: 0 });
+    }
+  }
+  next();
+}

package/templates/svelte/routes/web.ts CHANGED Viewed

@@ -1,29 +1,37 @@
 import type { NaraApp } from '@nara-web/core';
+import { webAuthMiddleware, guestMiddleware } from '../app/middlewares/auth.js';
 export function registerRoutes(app: NaraApp) {
+  // Public routes
   app.get('/', (req, res) => {
     res.inertia?.('landing', {
       title: 'Welcome to NARA'
     });
   });
-  app.get('/dashboard', (req, res) => {
-    res.inertia?.('dashboard');
-  });
-  app.get('/login', (req, res) => {
+  // Guest only routes (redirect to dashboard if logged in)
+  app.get('/login', guestMiddleware as any, (req, res) => {
     res.inertia?.('auth/login');
   });
-  app.get('/register', (req, res) => {
+  app.get('/register', guestMiddleware as any, (req, res) => {
     res.inertia?.('auth/register');
   });
-  app.get('/users', (req, res) => {
+  app.get('/forgot-password', guestMiddleware as any, (req, res) => {
+    res.inertia?.('auth/forgot-password');
+  });
+  // Protected routes (redirect to login if not authenticated)
+  app.get('/dashboard', webAuthMiddleware as any, (req, res) => {
+    res.inertia?.('dashboard');
+  });
+  app.get('/users', webAuthMiddleware as any, (req, res) => {
     res.inertia?.('users');
   });
-  app.get('/profile', (req, res) => {
+  app.get('/profile', webAuthMiddleware as any, (req, res) => {
     res.inertia?.('profile');
   });
 }