npm - create-nightwing - Versions diffs - 1.0.0 - Mend

create-nightwing 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,5 @@
+MIT License
+Copyright (c) 2026 House of Logic Ltd
+Permission is hereby granted, free of charge, to any person obtaining a copy...

package/README.md ADDED Viewed

@@ -0,0 +1,51 @@
+# create-nightwing
+A clean enterprise starter generator for student exams, internal tools, and real admin systems.
+It generates one focused fullstack template:
+- Admin login
+- Employee management
+- Employee-owned user accounts
+- User login
+- Session authentication
+- Password hashing
+- Protected routes
+- Airbnb-inspired UI system
+- Forms, tables, modal CRUD, drawer, stats cards, filters, badges, empty states
+- MySQL schema and beginner-friendly docs
+## Usage
+```bash
+npx create-nightwing my-app
+cd my-app
+mysql -u root -p < schema.sql
+cd server && npm install && npm run dev
+cd ../client && npm install && npm run dev
+```
+## Default admin
+```txt
+username: admin
+password: admin123
+```
+## Generated structure
+```txt
+my-app/
+  server/     Express + MySQL + sessions
+  client/     React + Vite + Tailwind
+  docs/       SQL, Tailwind, API, testing docs
+  schema.sql  Database setup and seed
+```
+## Publish this package
+```bash
+npm login
+npm publish
+```

package/bin/index.js ADDED Viewed

@@ -0,0 +1,71 @@
+#!/usr/bin/env node
+import fs from "fs-extra";
+import path from "path";
+import { input, confirm } from "@inquirer/prompts";
+import kleur from "kleur";
+import { spawnSync } from "child_process";
+import { fileURLToPath } from "url";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const slugify = (value) => value.trim().toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-_]/g, "");
+const dbSafe = (value) => value.trim().replace(/-/g, "_").replace(/[^a-zA-Z0-9_]/g, "_");
+const validPort = (value) => { const n=Number(value); return Number.isInteger(n) && n>0 && n<=65535; };
+const flags = new Set(process.argv.slice(2).filter(a => a.startsWith("--")));
+const yes = flags.has("--yes") || flags.has("-y");
+function argValue(name, fallback){ const raw=process.argv.find(a=>a.startsWith(`--${name}=`)); return raw ? raw.split("=").slice(1).join("=") : fallback; }
+let projectName = process.argv.slice(2).find(a => !a.startsWith("--"));
+if (!projectName) {
+  projectName = await input({ message: "Project name:", validate: v => slugify(v).length ? true : "Project name is required.", transformer: slugify });
+}
+projectName = slugify(projectName);
+if (!projectName) { console.log(kleur.red("Project name is required.")); process.exit(1); }
+const dbName = dbSafe(yes ? argValue("db", `${projectName.replace(/-/g,"_")}_db`) : await input({ message: "Database name:", default: `${projectName.replace(/-/g,"_")}_db`, validate: v => dbSafe(v).length ? true : "Database name is required." }));
+const serverPort = yes ? argValue("server-port", "5000") : await input({ message: "Backend port:", default: "5000", validate: v => validPort(v) ? true : "Enter a valid port." });
+const clientPort = yes ? argValue("client-port", "5173") : await input({ message: "Frontend port:", default: "5173", validate: v => validPort(v) ? true : "Enter a valid port." });
+const installDeps = yes ? false : await confirm({ message: "Install dependencies now?", default: false });
+const templateDir = path.join(__dirname, "..", "templates", "employee-rbac");
+const targetDir = path.join(process.cwd(), projectName);
+if (!fs.existsSync(templateDir)) { console.log(kleur.red("Template folder not found.")); process.exit(1); }
+if (fs.existsSync(targetDir)) { console.log(kleur.red("Folder already exists. Choose another name.")); process.exit(1); }
+await fs.copy(templateDir, targetDir);
+const replacements = { __PROJECT_NAME__: projectName, __DB_NAME__: dbName, __SERVER_PORT__: String(serverPort), __CLIENT_PORT__: String(clientPort) };
+async function replaceInFile(file){ let content=await fs.readFile(file,"utf8"); for(const [k,v] of Object.entries(replacements)) content=content.replaceAll(k,v); await fs.writeFile(file,content); }
+async function walk(dir){ for(const item of await fs.readdir(dir)){ const full=path.join(dir,item); const stat=await fs.stat(full); if(stat.isDirectory()) await walk(full); else if(/\.(js|jsx|json|css|html|md|sql|env)$/.test(full)) await replaceInFile(full); } }
+await walk(targetDir);
+await fs.writeFile(path.join(targetDir,"server",".env"), `PORT=${serverPort}
+DB_HOST=localhost
+DB_USER=root
+DB_PASSWORD=
+DB_NAME=${dbName}
+CLIENT_URL=http://localhost:${clientPort}
+SESSION_SECRET=change_this_${projectName}_secret
+NODE_ENV=development
+`);
+await fs.writeFile(path.join(targetDir,"client",".env"), `VITE_API_URL=http://localhost:${serverPort}
+`);
+if(installDeps){
+  console.log(kleur.cyan("Installing server dependencies..."));
+  spawnSync("npm",["install"],{cwd:path.join(targetDir,"server"),stdio:"inherit",shell:true});
+  console.log(kleur.cyan("Installing client dependencies..."));
+  spawnSync("npm",["install"],{cwd:path.join(targetDir,"client"),stdio:"inherit",shell:true});
+}
+console.log(kleur.green(`
+Created ${projectName} successfully.`));
+console.log(`
+Next steps:
+  cd ${projectName}
+  mysql -u root -p < schema.sql
+  cd server && npm install && npm run dev
+  cd ../client && npm install && npm run dev
+Default admin: admin / admin123
+`);

package/package.json ADDED Viewed

@@ -0,0 +1,37 @@
+{
+  "name": "create-nightwing",
+  "version": "1.0.0",
+  "description": "Enterprise-ready React + Express + MySQL employee RBAC starter generator.",
+  "type": "module",
+  "bin": {
+    "create-nightwing": "./bin/index.js"
+  },
+  "files": [
+    "bin",
+    "templates",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "cli",
+    "react",
+    "express",
+    "mysql",
+    "session",
+    "rbac",
+    "employee",
+    "dashboard",
+    "tailwind",
+    "starter"
+  ],
+  "author": "House of Logic Ltd",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@inquirer/prompts": "^7.3.3",
+    "fs-extra": "^11.3.0",
+    "kleur": "^4.1.5"
+  }
+}

package/templates/employee-rbac/client/index.html ADDED Viewed

	@@ -0,0 +1 @@
1	+ <!doctype html><html><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><title>__PROJECT_NAME__</title></head><body><div id="root"></div><script type="module" src="/src/main.jsx"></script></body></html>

package/templates/employee-rbac/client/package.json ADDED Viewed

@@ -0,0 +1,22 @@
+{
+  "name": "__PROJECT_NAME__-client",
+  "version": "1.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite --host 0.0.0.0 --port __CLIENT_PORT__",
+    "build": "vite build",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "@vitejs/plugin-react": "latest",
+    "vite": "latest",
+    "react": "latest",
+    "react-dom": "latest",
+    "lucide-react": "^0.468.0"
+  },
+  "devDependencies": {
+    "tailwindcss": "3.4.17",
+    "postcss": "8.4.49",
+    "autoprefixer": "10.4.20"
+  }
+}

package/templates/employee-rbac/client/postcss.config.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export default { plugins: { tailwindcss: {}, autoprefixer: {} } };

package/templates/employee-rbac/client/src/api/http.js ADDED Viewed

@@ -0,0 +1,8 @@
+const API_URL = import.meta.env.VITE_API_URL || "http://localhost:__SERVER_PORT__";
+export async function request(path,{method="GET",body}={}){
+  const res=await fetch(`${API_URL}/api${path}`,{method,credentials:"include",headers:{"Content-Type":"application/json"},body:body?JSON.stringify(body):undefined});
+  const data=await res.json().catch(()=>({}));
+  if(!res.ok) throw new Error(data.message || "Request failed");
+  return data;
+}

package/templates/employee-rbac/client/src/components/ui.jsx ADDED Viewed

@@ -0,0 +1,7 @@
+export function Card({children,className=""}){ return <div className={`rounded-[2rem] border border-slate-200 bg-white p-5 shadow-sm ${className}`}>{children}</div>; }
+export function Button({children,className="",variant="primary",...props}){ const styles=variant==="primary"?"bg-[#FF385C] text-white hover:bg-[#E31C5F]":"border border-slate-200 bg-white text-slate-900 hover:bg-slate-50"; return <button className={`rounded-full px-5 py-3 text-sm font-black transition disabled:opacity-50 ${styles} ${className}`} {...props}>{children}</button>; }
+export function Input(props){ return <input className="w-full rounded-2xl border border-slate-200 bg-white px-4 py-3 text-sm outline-none transition focus:border-[#FF385C]" {...props}/>; }
+export function Select(props){ return <select className="w-full rounded-2xl border border-slate-200 bg-white px-4 py-3 text-sm outline-none transition focus:border-[#FF385C]" {...props}/>; }
+export function Badge({children,tone="slate"}){ const map={green:"bg-emerald-50 text-emerald-700",red:"bg-rose-50 text-rose-700",amber:"bg-amber-50 text-amber-700",slate:"bg-slate-100 text-slate-700"}; return <span className={`rounded-full px-3 py-1 text-xs font-black ${map[tone]||map.slate}`}>{children}</span>; }
+export function EmptyState({title,note}){ return <div className="rounded-[2rem] border border-dashed border-slate-200 bg-slate-50 p-8 text-center"><h3 className="font-black text-slate-900">{title}</h3><p className="mt-2 text-sm text-slate-500">{note}</p></div>; }

package/templates/employee-rbac/client/src/index.css ADDED Viewed

@@ -0,0 +1,5 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+body{background:#F7F7F7;color:#0F172A;}
+*{box-sizing:border-box;}

package/templates/employee-rbac/client/src/layouts/AppLayout.jsx ADDED Viewed

@@ -0,0 +1,18 @@
+import { LogOut, Menu, Users, LayoutDashboard, FileText, UserRoundCog } from "lucide-react";
+import { useState } from "react";
+import { request } from "../api/http";
+const adminNav=[['/admin','Dashboard',LayoutDashboard],['/employees','Employees',Users],['/accounts','Accounts',UserRoundCog],['/templates','Templates',FileText]];
+const userNav=[['/user','My Dashboard',LayoutDashboard]];
+export default function AppLayout({user,children}){
+  const [open,setOpen]=useState(false); const nav=user?.role==='admin'?adminNav:userNav;
+  async function logout(){ await request('/auth/logout',{method:'POST'}); location.href='/'; }
+  return <div className="min-h-screen bg-[#F7F7F7]">
+    <aside className={`fixed inset-y-0 left-0 z-40 w-72 border-r border-slate-200 bg-white p-5 transition md:translate-x-0 ${open?'translate-x-0':'-translate-x-full'}`}>
+      <div className="rounded-[2rem] bg-slate-950 p-5 text-white"><p className="text-xs font-black uppercase tracking-[0.2em] text-white/50">Nightwing</p><h1 className="mt-2 text-2xl font-black">__PROJECT_NAME__</h1></div>
+      <nav className="mt-6 grid gap-2">{nav.map(([href,label,Icon])=><a key={href} href={href} className="flex items-center gap-3 rounded-2xl px-4 py-3 text-sm font-bold text-slate-600 hover:bg-slate-100 hover:text-slate-950"><Icon size={18}/>{label}</a>)}</nav>
+      <button onClick={logout} className="absolute bottom-5 left-5 right-5 flex items-center justify-center gap-2 rounded-full border border-slate-200 px-4 py-3 text-sm font-black"><LogOut size={18}/> Logout</button>
+    </aside>
+    <main className="md:pl-72"><header className="sticky top-0 z-30 border-b border-slate-200 bg-white/80 px-4 py-3 backdrop-blur md:px-8"><div className="flex items-center justify-between"><button onClick={()=>setOpen(!open)} className="rounded-full border p-3 md:hidden"><Menu size={18}/></button><div><p className="text-xs font-black uppercase tracking-[0.2em] text-slate-400">Logged in as</p><p className="font-black">{user?.username} <span className="text-slate-400">/{user?.role}</span></p></div></div></header><section className="p-4 md:p-8">{children}</section></main>
+  </div>;
+}

package/templates/employee-rbac/client/src/main.jsx ADDED Viewed

@@ -0,0 +1,5 @@
+import React from "react";
+import { createRoot } from "react-dom/client";
+import "./index.css";
+import AppRouter from "./router";
+createRoot(document.getElementById("root")).render(<AppRouter/>);

package/templates/employee-rbac/client/src/pages/Accounts.jsx ADDED Viewed

@@ -0,0 +1,14 @@
+import { useEffect, useState } from "react";
+import { request } from "../api/http";
+import { Button, Card, Input, Select, Badge } from "../components/ui";
+export default function Accounts(){
+ const [employees,setEmployees]=useState([]),[users,setUsers]=useState([]),[form,setForm]=useState({employeeId:'',username:'',password:'admin123',status:'Active'}),[msg,setMsg]=useState(''),[reset,setReset]=useState({id:'',password:''});
+ const load=()=>{request('/employees').then(d=>setEmployees(d.employees));request('/users').then(d=>setUsers(d.users));}; useEffect(()=>{load()},[]);
+ async function create(e){e.preventDefault();setMsg('');try{await request('/users',{method:'POST',body:form});setForm({employeeId:'',username:'',password:'admin123',status:'Active'});setMsg('Account created');load();}catch(err){setMsg(err.message)}}
+ async function update(u,status){await request(`/users/${u.id}`,{method:'PUT',body:{username:u.username,status}});load();}
+ async function del(id){if(confirm('Delete this account?')){await request(`/users/${id}`,{method:'DELETE'});load();}}
+ async function resetPass(e){e.preventDefault();await request(`/users/${reset.id}/password`,{method:'PATCH',body:{password:reset.password}});setReset({id:'',password:''});setMsg('Password reset');}
+ const free=employees.filter(e=>!users.some(u=>u.employee_id===e.id));
+ return <div className="grid gap-6 xl:grid-cols-[420px_1fr]"><div className="grid gap-6"><Card><h1 className="text-2xl font-black">Create Account</h1><p className="mt-2 text-sm text-slate-500">Only employees without an account appear here.</p><form onSubmit={create} className="mt-5 grid gap-3"><Select value={form.employeeId} onChange={e=>setForm({...form,employeeId:e.target.value})}><option value="">Choose employee</option>{free.map(e=><option key={e.id} value={e.id}>{e.full_name}</option>)}</Select><Input placeholder="Username" value={form.username} onChange={e=>setForm({...form,username:e.target.value})}/><Input placeholder="Temporary password" value={form.password} onChange={e=>setForm({...form,password:e.target.value})}/><Select value={form.status} onChange={e=>setForm({...form,status:e.target.value})}><option>Active</option><option>Suspended</option></Select>{msg&&<p className="text-sm font-bold text-slate-500">{msg}</p>}<Button>Create login account</Button></form></Card>{reset.id&&<Card><h2 className="text-xl font-black">Reset Password</h2><form onSubmit={resetPass} className="mt-4 grid gap-3"><Input placeholder="New password" value={reset.password} onChange={e=>setReset({...reset,password:e.target.value})}/><Button>Save password</Button></form></Card>}</div><Card><h2 className="text-2xl font-black">User Accounts</h2><div className="mt-5 overflow-x-auto"><table className="w-full text-left text-sm"><thead><tr className="border-b text-slate-400"><th className="py-3">Account</th><th>Employee</th><th>Status</th><th>Actions</th></tr></thead><tbody>{users.map(u=><tr className="border-b" key={u.id}><td className="py-4 font-black">{u.username}<p className="font-normal text-slate-500">{u.email}</p></td><td>{u.employeeName}<p className="text-slate-500">{u.position}</p></td><td><Badge tone={u.status==='Active'?'green':'red'}>{u.status}</Badge></td><td className="space-x-2"><button className="font-black text-[#FF385C]" onClick={()=>update(u,u.status==='Active'?'Suspended':'Active')}>{u.status==='Active'?'Suspend':'Activate'}</button><button className="font-black" onClick={()=>setReset({id:u.id,password:'newpass123'})}>Reset</button><button className="font-black text-rose-700" onClick={()=>del(u.id)}>Delete</button></td></tr>)}</tbody></table></div></Card></div>
+}

package/templates/employee-rbac/client/src/pages/AdminDashboard.jsx ADDED Viewed

@@ -0,0 +1,11 @@
+import { useEffect, useState } from "react";
+import { Users, UserRoundCog, ShieldCheck, Sparkles } from "lucide-react";
+import { request } from "../api/http";
+import { Card, Badge } from "../components/ui";
+export default function AdminDashboard(){
+ const [employees,setEmployees]=useState([]),[users,setUsers]=useState([]);
+ useEffect(()=>{request('/employees').then(d=>setEmployees(d.employees));request('/users').then(d=>setUsers(d.users));},[]);
+ const stats=[['Employees',employees.length,Users],['Accounts',users.length,UserRoundCog],['Active Employees',employees.filter(e=>e.status==='Active').length,ShieldCheck],['Template Blocks',12,Sparkles]];
+ return <div className="grid gap-6"><section className="rounded-[2.5rem] bg-slate-950 p-8 text-white"><p className="text-xs font-black uppercase tracking-[0.2em] text-white/50">Admin Command Center</p><h1 className="mt-3 text-4xl font-black md:text-6xl">Manage people, access, and workflows.</h1></section><div className="grid gap-4 md:grid-cols-2 xl:grid-cols-4">{stats.map(([t,v,Icon])=><Card key={t}><Icon className="text-[#FF385C]"/><p className="mt-5 text-sm font-bold text-slate-500">{t}</p><p className="text-4xl font-black">{v}</p></Card>)}</div><Card><div className="flex items-center justify-between"><h2 className="text-xl font-black">Recent Employees</h2><a className="text-sm font-black text-[#FF385C]" href="/employees">Manage</a></div><div className="mt-4 overflow-x-auto"><table className="w-full text-left text-sm"><tbody>{employees.slice(0,5).map(e=><tr className="border-t" key={e.id}><td className="py-4 font-black">{e.full_name}</td><td>{e.position}</td><td><Badge tone={e.status==='Active'?'green':e.status==='On Leave'?'amber':'red'}>{e.status}</Badge></td></tr>)}</tbody></table></div></Card></div>
+}

package/templates/employee-rbac/client/src/pages/Employees.jsx ADDED Viewed

@@ -0,0 +1,14 @@
+import { useEffect, useState } from "react";
+import { request } from "../api/http";
+import { Button, Card, Input, Select, Badge } from "../components/ui";
+const empty={fullName:'',email:'',phone:'',department:'',position:'',status:'Active',hiredAt:new Date().toISOString().slice(0,10)};
+export default function Employees(){
+ const [items,setItems]=useState([]),[form,setForm]=useState(empty),[editing,setEditing]=useState(null),[q,setQ]=useState(''),[msg,setMsg]=useState('');
+ const load=()=>request('/employees').then(d=>setItems(d.employees)); useEffect(()=>{load()},[]);
+ async function save(e){e.preventDefault(); setMsg(''); const body=form; try{ if(editing) await request(`/employees/${editing}`,{method:'PUT',body}); else await request('/employees',{method:'POST',body}); setForm(empty); setEditing(null); setMsg('Saved successfully'); load(); }catch(err){setMsg(err.message)} }
+ function edit(x){setEditing(x.id);setForm({fullName:x.full_name,email:x.email,phone:x.phone,department:x.department,position:x.position,status:x.status,hiredAt:String(x.hired_at).slice(0,10)})}
+ async function del(id){ if(confirm('Delete employee and linked account?')){await request(`/employees/${id}`,{method:'DELETE'});load();}}
+ const filtered=items.filter(x=>(x.full_name+x.email+x.position).toLowerCase().includes(q.toLowerCase()));
+ return <div className="grid gap-6 xl:grid-cols-[420px_1fr]"><Card><h1 className="text-2xl font-black">{editing?'Edit':'Create'} Employee</h1><form onSubmit={save} className="mt-5 grid gap-3"><Input placeholder="Full name" value={form.fullName} onChange={e=>setForm({...form,fullName:e.target.value})}/><Input placeholder="Email" value={form.email} onChange={e=>setForm({...form,email:e.target.value})}/><Input placeholder="Phone" value={form.phone} onChange={e=>setForm({...form,phone:e.target.value})}/><Input placeholder="Department" value={form.department} onChange={e=>setForm({...form,department:e.target.value})}/><Input placeholder="Position" value={form.position} onChange={e=>setForm({...form,position:e.target.value})}/><Select value={form.status} onChange={e=>setForm({...form,status:e.target.value})}><option>Active</option><option>On Leave</option><option>Inactive</option></Select><Input type="date" value={form.hiredAt} onChange={e=>setForm({...form,hiredAt:e.target.value})}/>{msg && <p className="text-sm font-bold text-slate-500">{msg}</p>}<Button>{editing?'Update':'Create'} employee</Button></form></Card><Card><div className="flex flex-col gap-3 md:flex-row md:items-center md:justify-between"><h2 className="text-2xl font-black">Employees</h2><Input placeholder="Search people..." value={q} onChange={e=>setQ(e.target.value)} /></div><div className="mt-5 overflow-x-auto"><table className="w-full text-left text-sm"><thead><tr className="border-b text-slate-400"><th className="py-3">Name</th><th>Department</th><th>Position</th><th>Status</th><th>Actions</th></tr></thead><tbody>{filtered.map(x=><tr className="border-b" key={x.id}><td className="py-4 font-black">{x.full_name}<p className="font-normal text-slate-500">{x.email}</p></td><td>{x.department}</td><td>{x.position}</td><td><Badge tone={x.status==='Active'?'green':x.status==='On Leave'?'amber':'red'}>{x.status}</Badge></td><td className="space-x-2"><button onClick={()=>edit(x)} className="font-black text-[#FF385C]">Edit</button><button onClick={()=>del(x.id)} className="font-black text-rose-700">Delete</button></td></tr>)}</tbody></table></div></Card></div>
+}

package/templates/employee-rbac/client/src/pages/Login.jsx ADDED Viewed

@@ -0,0 +1,9 @@
+import { useState } from "react";
+import { request } from "../api/http";
+import { Button, Card, Input } from "../components/ui";
+export default function Login(){
+ const [portal,setPortal]=useState('admin'); const [form,setForm]=useState({username:'admin',password:'admin123'}); const [error,setError]=useState('');
+ async function submit(e){e.preventDefault(); setError(''); try{await request(`/auth/${portal}/login`,{method:'POST',body:form}); location.href=portal==='admin'?'/admin':'/user';}catch(err){setError(err.message)}}
+ return <main className="min-h-screen bg-[#F7F7F7] p-4 md:p-8"><div className="mx-auto grid min-h-[calc(100vh-4rem)] max-w-6xl items-center gap-8 md:grid-cols-2"><section><div className="inline-flex rounded-full bg-white p-1 shadow-sm"><button onClick={()=>{setPortal('admin');setForm({username:'admin',password:'admin123'})}} className={`rounded-full px-5 py-3 text-sm font-black ${portal==='admin'?'bg-[#FF385C] text-white':'text-slate-500'}`}>Admin</button><button onClick={()=>{setPortal('user');setForm({username:'aline',password:'admin123'})}} className={`rounded-full px-5 py-3 text-sm font-black ${portal==='user'?'bg-[#FF385C] text-white':'text-slate-500'}`}>User</button></div><h1 className="mt-8 text-5xl font-black tracking-tight text-slate-950 md:text-7xl">A cleaner way to start serious systems.</h1><p className="mt-5 max-w-xl text-lg leading-8 text-slate-500">Employee records, account ownership, session auth, and polished admin UX in one focused template.</p></section><Card className="p-8"><p className="text-xs font-black uppercase tracking-[0.2em] text-[#FF385C]">{portal} portal</p><h2 className="mt-3 text-3xl font-black">Welcome back</h2><form onSubmit={submit} className="mt-6 grid gap-4"><Input placeholder="username" value={form.username} onChange={e=>setForm({...form,username:e.target.value})}/><Input type="password" placeholder="password" value={form.password} onChange={e=>setForm({...form,password:e.target.value})}/>{error && <p className="rounded-2xl bg-rose-50 p-3 text-sm font-bold text-rose-700">{error}</p>}<Button>Sign in</Button></form><p className="mt-4 text-sm text-slate-500">Default password: <b>admin123</b></p></Card></div></main>
+}

package/templates/employee-rbac/client/src/pages/Templates.jsx ADDED Viewed

@@ -0,0 +1,10 @@
+import { useState } from "react";
+import { Search, Download, Plus, SlidersHorizontal, X } from "lucide-react";
+import { Button, Card, Input, Select, Badge, EmptyState } from "../components/ui";
+const rows=[{id:1,name:'Aline Uwase',team:'Operations',status:'Active',score:96},{id:2,name:'Eric Nshimiyimana',team:'Engineering',status:'Active',score:88},{id:3,name:'Diane Mutoni',team:'Finance',status:'Paused',score:73}];
+export default function Templates(){
+ const [modal,setModal]=useState(false),[drawer,setDrawer]=useState(false),[q,setQ]=useState('');
+ const filtered=rows.filter(r=>r.name.toLowerCase().includes(q.toLowerCase())||r.team.toLowerCase().includes(q.toLowerCase()));
+ return <div className="grid gap-6"><section className="rounded-[2.5rem] bg-white p-8 shadow-sm"><p className="text-xs font-black uppercase tracking-[0.2em] text-[#FF385C]">Component Templates</p><h1 className="mt-3 text-4xl font-black md:text-6xl">Copy-ready building blocks.</h1><p className="mt-4 max-w-2xl text-slate-500">Forms, tables, modals, drawers, filters, badges, empty states, and action bars designed for exam speed and production polish.</p></section><div className="grid gap-6 xl:grid-cols-3"><Card><h2 className="text-xl font-black">Stacked Form</h2><div className="mt-4 grid gap-3"><Input placeholder="Full name"/><Input placeholder="Email address"/><Select><option>Active</option><option>Paused</option></Select><Button><Plus size={16}/> Create record</Button></div></Card><Card><h2 className="text-xl font-black">Filter Bar</h2><div className="mt-4 flex flex-col gap-3"><div className="relative"><Search className="absolute left-4 top-3.5 text-slate-400" size={18}/><input value={q} onChange={e=>setQ(e.target.value)} placeholder="Search..." className="w-full rounded-full border border-slate-200 py-3 pl-11 pr-4 text-sm outline-none focus:border-[#FF385C]"/></div><div className="flex gap-2"><Button variant="secondary" onClick={()=>setDrawer(true)}><SlidersHorizontal size={16}/> Filters</Button><Button variant="secondary"><Download size={16}/> Export</Button></div></div></Card><Card><h2 className="text-xl font-black">Action States</h2><div className="mt-4 flex flex-wrap gap-2"><Badge tone="green">Active</Badge><Badge tone="amber">Pending</Badge><Badge tone="red">Blocked</Badge><Badge>Draft</Badge></div><button onClick={()=>setModal(true)} className="mt-5 rounded-full bg-slate-950 px-5 py-3 text-sm font-black text-white">Open modal</button></Card></div><Card><div className="flex items-center justify-between"><h2 className="text-2xl font-black">Data Table Template</h2><Button onClick={()=>setModal(true)}>New item</Button></div><div className="mt-5 overflow-x-auto"><table className="w-full text-left text-sm"><thead><tr className="border-b text-slate-400"><th className="py-3">Name</th><th>Team</th><th>Status</th><th>Score</th><th>Actions</th></tr></thead><tbody>{filtered.map(r=><tr className="border-b" key={r.id}><td className="py-4 font-black">{r.name}</td><td>{r.team}</td><td><Badge tone={r.status==='Active'?'green':'amber'}>{r.status}</Badge></td><td>{r.score}%</td><td><button className="font-black text-[#FF385C]">Edit</button></td></tr>)}</tbody></table>{!filtered.length&&<div className="mt-5"><EmptyState title="No records found" note="Change the search query or create a new record."/></div>}</div></Card>{modal&&<div className="fixed inset-0 z-50 grid place-items-center bg-slate-950/40 p-4"><Card className="w-full max-w-lg"><div className="flex items-center justify-between"><h2 className="text-2xl font-black">Modal Form</h2><button onClick={()=>setModal(false)}><X/></button></div><div className="mt-5 grid gap-3"><Input placeholder="Record title"/><Input placeholder="Owner"/><Select><option>High priority</option><option>Normal</option></Select><Button onClick={()=>setModal(false)}>Save example</Button></div></Card></div>}{drawer&&<div className="fixed inset-0 z-50 bg-slate-950/30"><aside className="ml-auto h-full w-full max-w-md bg-white p-6 shadow-xl"><div className="flex items-center justify-between"><h2 className="text-2xl font-black">Drawer Filters</h2><button onClick={()=>setDrawer(false)}><X/></button></div><div className="mt-6 grid gap-3"><Select><option>All teams</option><option>Engineering</option></Select><Select><option>Any status</option><option>Active</option></Select><Button onClick={()=>setDrawer(false)}>Apply filters</Button></div></aside></div>}</div>
+}

package/templates/employee-rbac/client/src/pages/UserDashboard.jsx ADDED Viewed

@@ -0,0 +1,10 @@
+import { useEffect, useState } from "react";
+import { request } from "../api/http";
+import { Button, Card, Input, Badge } from "../components/ui";
+export default function UserDashboard(){
+ const [profile,setProfile]=useState(null),[form,setForm]=useState({currentPassword:'',newPassword:''}),[msg,setMsg]=useState('');
+ useEffect(()=>{request('/users/me/profile').then(d=>setProfile(d.profile))},[]);
+ async function change(e){e.preventDefault();setMsg('');try{await request('/users/me/password',{method:'PATCH',body:form});setForm({currentPassword:'',newPassword:''});setMsg('Password changed successfully');}catch(err){setMsg(err.message)}}
+ return <div className="grid gap-6"><section className="rounded-[2.5rem] bg-white p-8 shadow-sm"><p className="text-xs font-black uppercase tracking-[0.2em] text-[#FF385C]">Employee Portal</p><h1 className="mt-3 text-4xl font-black">Welcome, {profile?.full_name || 'Employee'}.</h1><p className="mt-3 text-slate-500">View your account identity and manage your password.</p></section><div className="grid gap-6 lg:grid-cols-2"><Card><h2 className="text-2xl font-black">My Info</h2>{profile&&<div className="mt-5 grid gap-3 text-sm"><p><b>Name:</b> {profile.full_name}</p><p><b>Email:</b> {profile.email}</p><p><b>Phone:</b> {profile.phone}</p><p><b>Department:</b> {profile.department}</p><p><b>Position:</b> {profile.position}</p><p><b>Status:</b> <Badge tone="green">{profile.status}</Badge></p></div>}</Card><Card><h2 className="text-2xl font-black">Change Password</h2><form onSubmit={change} className="mt-5 grid gap-3"><Input type="password" placeholder="Current password" value={form.currentPassword} onChange={e=>setForm({...form,currentPassword:e.target.value})}/><Input type="password" placeholder="New password" value={form.newPassword} onChange={e=>setForm({...form,newPassword:e.target.value})}/>{msg&&<p className="text-sm font-bold text-slate-500">{msg}</p>}<Button>Update password</Button></form></Card></div></div>
+}

package/templates/employee-rbac/client/src/router/index.jsx ADDED Viewed

@@ -0,0 +1,24 @@
+import { useEffect, useState } from "react";
+import Login from "../pages/Login";
+import AdminDashboard from "../pages/AdminDashboard";
+import Employees from "../pages/Employees";
+import Accounts from "../pages/Accounts";
+import Templates from "../pages/Templates";
+import UserDashboard from "../pages/UserDashboard";
+import AppLayout from "../layouts/AppLayout";
+import { request } from "../api/http";
+const path=()=>window.location.pathname;
+export default function AppRouter(){
+ const [user,setUser]=useState(null); const [loading,setLoading]=useState(true);
+ useEffect(()=>{request('/auth/me').then(d=>setUser(d.user)).catch(()=>setUser(null)).finally(()=>setLoading(false));},[]);
+ if(loading) return <div className="grid min-h-screen place-items-center font-black">Loading Nightwing...</div>;
+ if(!user) return <Login/>;
+ const p=path();
+ let Page=user.role==='admin'?AdminDashboard:UserDashboard;
+ if(user.role==='admin' && p==='/employees') Page=Employees;
+ if(user.role==='admin' && p==='/accounts') Page=Accounts;
+ if(user.role==='admin' && p==='/templates') Page=Templates;
+ if(user.role==='user') Page=UserDashboard;
+ return <AppLayout user={user}><Page user={user}/></AppLayout>;
+}

package/templates/employee-rbac/client/tailwind.config.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export default { content:["./index.html","./src/*/.{js,jsx}"], theme:{ extend:{ fontFamily:{ sans:["Inter","ui-sans-serif","system-ui"] }, colors:{ nightwing:"#FF385C" } } }, plugins:[] };

package/templates/employee-rbac/docs/API.md ADDED Viewed

@@ -0,0 +1,58 @@
+# API Guide
+Base URL: `http://localhost:__SERVER_PORT__/api`
+## Auth
+Admin login:
+```http
+POST /auth/admin/login
+```
+```json
+{ "username": "admin", "password": "admin123" }
+```
+User login:
+```http
+POST /auth/user/login
+```
+```json
+{ "username": "aline", "password": "admin123" }
+```
+## Employees
+All employee routes require admin session.
+```http
+GET /employees
+POST /employees
+PUT /employees/:id
+DELETE /employees/:id
+```
+## Accounts
+All account-management routes require admin session.
+```http
+GET /users
+POST /users
+PUT /users/:id
+PATCH /users/:id/password
+DELETE /users/:id
+```
+## User self-service
+Requires user session.
+```http
+GET /users/me/profile
+PATCH /users/me/password
+```

package/templates/employee-rbac/docs/SQL.md ADDED Viewed

@@ -0,0 +1,55 @@
+# SQL Cheatcode Book
+This template uses three tables: `admins`, `employees`, and `users`.
+## Why this structure exists
+Admins operate the system. Employees are real people in the organization. Users are login accounts owned by employees.
+```sql
+users.employee_id -> employees.id
+```
+That means an employee can exist without a login account, but a user account cannot exist without an employee.
+## Setup
+```bash
+mysql -u root -p < schema.sql
+```
+## Default logins
+Admin and seeded users use:
+```txt
+password: admin123
+```
+## Useful exam queries
+List accounts with employee names:
+```sql
+SELECT u.id, u.username, e.full_name, e.position
+FROM users u
+JOIN employees e ON e.id = u.employee_id;
+```
+Find employees without accounts:
+```sql
+SELECT e.*
+FROM employees e
+LEFT JOIN users u ON u.employee_id = e.id
+WHERE u.id IS NULL;
+```
+Count active employees:
+```sql
+SELECT COUNT(*) AS total_active
+FROM employees
+WHERE status = 'Active';
+```

package/templates/employee-rbac/docs/TAILWIND.md ADDED Viewed

@@ -0,0 +1,34 @@
+# Tailwind Cheatcode Book
+This UI uses an Airbnb-inspired system: white surfaces, soft borders, rounded cards, warm red accent, strong spacing, and readable typography.
+## Layout recipe
+```jsx
+<div className="rounded-[2rem] border border-slate-200 bg-white p-6 shadow-sm">
+```
+Use this for cards, panels, and forms.
+## Button recipe
+```jsx
+<button className="rounded-full bg-[#FF385C] px-5 py-3 text-sm font-black text-white shadow-sm hover:bg-[#E31C5F]">
+```
+## Inputs
+```jsx
+<input className="w-full rounded-2xl border border-slate-200 px-4 py-3 text-sm outline-none focus:border-[#FF385C]" />
+```
+## Responsive grids
+```jsx
+<div className="grid gap-4 md:grid-cols-2 xl:grid-cols-4">
+```
+## Rule
+Keep color minimal. Use the accent only for actions and focus states.

package/templates/employee-rbac/instructions.md ADDED Viewed

@@ -0,0 +1,39 @@
+# __PROJECT_NAME__ Instructions
+## Start
+```bash
+mysql -u root -p < schema.sql
+cd server
+npm install
+npm run dev
+cd ../client
+npm install
+npm run dev
+```
+## Admin Login
+```txt
+username: admin
+password: admin123
+```
+## User Login
+```txt
+username: aline
+password: admin123
+```
+## What this project gives you
+- Admin dashboard
+- Employee CRUD
+- Employee-owned user account CRUD
+- User dashboard
+- Change password
+- Component templates page
+- Session auth
+- MySQL schema

package/templates/employee-rbac/schema.sql ADDED Viewed

@@ -0,0 +1,45 @@
+DROP DATABASE IF EXISTS __DB_NAME__;
+CREATE DATABASE __DB_NAME__;
+USE __DB_NAME__;
+CREATE TABLE admins (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  username VARCHAR(100) NOT NULL UNIQUE,
+  password VARCHAR(255) NOT NULL,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+CREATE TABLE employees (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  full_name VARCHAR(150) NOT NULL,
+  email VARCHAR(150) NOT NULL UNIQUE,
+  phone VARCHAR(40) NOT NULL,
+  department VARCHAR(100) NOT NULL,
+  position VARCHAR(100) NOT NULL,
+  status ENUM('Active','On Leave','Inactive') NOT NULL DEFAULT 'Active',
+  hired_at DATE NOT NULL,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+CREATE TABLE users (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  employee_id INT NOT NULL UNIQUE,
+  username VARCHAR(100) NOT NULL UNIQUE,
+  password VARCHAR(255) NOT NULL,
+  status ENUM('Active','Suspended') NOT NULL DEFAULT 'Active',
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (employee_id) REFERENCES employees(id) ON DELETE CASCADE
+);
+INSERT INTO admins(username,password) VALUES
+('admin','$2a$10$t7KDoPGfkg/lQUbCaU0I2.OwJdz7VJHt1XmVECDwSD2S02ULkq5FK');
+INSERT INTO employees(full_name,email,phone,department,position,status,hired_at) VALUES
+('Aline Uwase','aline@nightwing.dev','0788000001','Operations','Operations Lead','Active','2025-01-10'),
+('Eric Nshimiyimana','eric@nightwing.dev','0788000002','Engineering','Frontend Developer','Active','2025-02-12'),
+('Diane Mutoni','diane@nightwing.dev','0788000003','Finance','Accountant','On Leave','2024-11-03');
+INSERT INTO users(employee_id,username,password,status) VALUES
+(1,'aline','$2a$10$t7KDoPGfkg/lQUbCaU0I2.OwJdz7VJHt1XmVECDwSD2S02ULkq5FK','Active'),
+(2,'eric','$2a$10$t7KDoPGfkg/lQUbCaU0I2.OwJdz7VJHt1XmVECDwSD2S02ULkq5FK','Active');

package/templates/employee-rbac/server/package.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "name": "__PROJECT_NAME__-server",
+  "version": "1.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "node --watch src/app.js",
+    "start": "node src/app.js",
+    "check": "node --check src/app.js"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.7",
+    "express": "^4.21.2",
+    "express-session": "^1.18.1",
+    "mysql2": "^3.12.0"
+  },
+  "devDependencies": {}
+}

package/templates/employee-rbac/server/src/app.js ADDED Viewed

@@ -0,0 +1,22 @@
+import express from "express";
+import cors from "cors";
+import session from "express-session";
+import dotenv from "dotenv";
+import authRoutes from "./routes/authRoutes.js";
+import employeeRoutes from "./routes/employeeRoutes.js";
+import userRoutes from "./routes/userRoutes.js";
+dotenv.config();
+const app=express();
+const PORT=process.env.PORT || __SERVER_PORT__;
+app.use(cors({origin:process.env.CLIENT_URL || "http://localhost:__CLIENT_PORT__",credentials:true}));
+app.use(express.json());
+app.use(session({name:"nightwing.sid",secret:process.env.SESSION_SECRET || "nightwing_dev_secret",resave:false,saveUninitialized:false,cookie:{httpOnly:true,secure:process.env.NODE_ENV==="production",sameSite:process.env.NODE_ENV==="production"?"none":"lax",maxAge:1000*60*60*24}}));
+app.get("/api/health",(req,res)=>res.json({ok:true,app:"__PROJECT_NAME__"}));
+app.use("/api/auth",authRoutes);
+app.use("/api/employees",employeeRoutes);
+app.use("/api/users",userRoutes);
+app.use((req,res)=>res.status(404).json({message:"Route not found"}));
+app.use((err,req,res,next)=>{ console.error(err); res.status(500).json({message:"Server error"}); });
+app.listen(PORT,()=>console.log(`Nightwing server running on http://localhost:${PORT}`));

package/templates/employee-rbac/server/src/config/db.js ADDED Viewed

@@ -0,0 +1,13 @@
+import mysql from "mysql2/promise";
+import dotenv from "dotenv";
+dotenv.config();
+export const db = mysql.createPool({
+  host: process.env.DB_HOST || "localhost",
+  user: process.env.DB_USER || "root",
+  password: process.env.DB_PASSWORD || "",
+  database: process.env.DB_NAME || "__DB_NAME__",
+  waitForConnections: true,
+  connectionLimit: 10,
+  queueLimit: 0
+});

package/templates/employee-rbac/server/src/controllers/authController.js ADDED Viewed

@@ -0,0 +1,48 @@
+import { db } from "../config/db.js";
+import { comparePassword, hashPassword } from "../utils/security.js";
+function clean(user){
+  return { id:user.id, username:user.username, role:user.role, employeeId:user.employee_id || null, employeeName:user.employeeName || null, status:user.status || null };
+}
+export async function adminLogin(req,res){
+  try{
+    const {username,password}=req.body;
+    const [rows]=await db.query("SELECT * FROM admins WHERE username=? LIMIT 1",[username]);
+    const admin=rows[0];
+    if(!admin || !(await comparePassword(password,admin.password))) return res.status(401).json({message:"Invalid admin credentials"});
+    req.session.user=clean({...admin,role:"admin",status:"Active"});
+    res.json({message:"Logged in",user:req.session.user});
+  }catch(error){ console.error(error); res.status(500).json({message:"Admin login failed"}); }
+}
+export async function userLogin(req,res){
+  try{
+    const {username,password}=req.body;
+    const [rows]=await db.query(`SELECT u.*, e.full_name AS employeeName FROM users u JOIN employees e ON e.id=u.employee_id WHERE u.username=? LIMIT 1`,[username]);
+    const user=rows[0];
+    if(!user || user.status!=="Active" || !(await comparePassword(password,user.password))) return res.status(401).json({message:"Invalid user credentials"});
+    req.session.user=clean({...user,role:"user"});
+    res.json({message:"Logged in",user:req.session.user});
+  }catch(error){ console.error(error); res.status(500).json({message:"User login failed"}); }
+}
+export async function registerFirstAdmin(req,res){
+  try{
+    const [countRows]=await db.query("SELECT COUNT(*) AS total FROM admins");
+    if(countRows[0].total>0) return res.status(403).json({message:"Admin registration is locked after setup"});
+    const {username,password}=req.body;
+    if(!username || !password) return res.status(400).json({message:"Username and password are required"});
+    const hashed=await hashPassword(password);
+    const [result]=await db.query("INSERT INTO admins(username,password) VALUES(?,?)",[username,hashed]);
+    req.session.user={id:result.insertId,username,role:"admin",status:"Active"};
+    res.status(201).json({message:"First admin created",user:req.session.user});
+  }catch(error){ console.error(error); res.status(500).json({message:"Registration failed"}); }
+}
+export function me(req,res){
+  if(!req.session.user) return res.status(401).json({message:"Not authenticated"});
+  res.json({user:req.session.user});
+}
+export function logout(req,res){ req.session.destroy(()=>res.clearCookie("nightwing.sid").json({message:"Logged out"})); }

package/templates/employee-rbac/server/src/controllers/employeeController.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { db } from "../config/db.js";
+export async function getEmployees(req,res){
+  const [rows]=await db.query("SELECT * FROM employees ORDER BY id DESC");
+  res.json({employees:rows});
+}
+export async function createEmployee(req,res){
+  try{
+    const {fullName,email,phone,department,position,status="Active",hiredAt}=req.body;
+    if(!fullName || !email || !phone || !department || !position || !hiredAt) return res.status(400).json({message:"All employee fields are required"});
+    const [result]=await db.query("INSERT INTO employees(full_name,email,phone,department,position,status,hired_at) VALUES(?,?,?,?,?,?,?)",[fullName,email,phone,department,position,status,hiredAt]);
+    res.status(201).json({message:"Employee created",id:result.insertId});
+  }catch(error){ console.error(error); res.status(500).json({message:error.code==="ER_DUP_ENTRY"?"Employee email already exists":"Failed to create employee"}); }
+}
+export async function updateEmployee(req,res){
+  try{
+    const {fullName,email,phone,department,position,status,hiredAt}=req.body;
+    const [result]=await db.query("UPDATE employees SET full_name=?,email=?,phone=?,department=?,position=?,status=?,hired_at=? WHERE id=?",[fullName,email,phone,department,position,status,hiredAt,req.params.id]);
+    if(!result.affectedRows) return res.status(404).json({message:"Employee not found"});
+    res.json({message:"Employee updated"});
+  }catch(error){ console.error(error); res.status(500).json({message:"Failed to update employee"}); }
+}
+export async function deleteEmployee(req,res){
+  const [result]=await db.query("DELETE FROM employees WHERE id=?",[req.params.id]);
+  if(!result.affectedRows) return res.status(404).json({message:"Employee not found"});
+  res.json({message:"Employee deleted"});
+}

package/templates/employee-rbac/server/src/controllers/userController.js ADDED Viewed

@@ -0,0 +1,52 @@
+import { db } from "../config/db.js";
+import { comparePassword, hashPassword } from "../utils/security.js";
+export async function getUsers(req,res){
+  const [rows]=await db.query(`SELECT u.id,u.username,u.status,u.created_at,u.employee_id,e.full_name AS employeeName,e.email,e.position FROM users u JOIN employees e ON e.id=u.employee_id ORDER BY u.id DESC`);
+  res.json({users:rows});
+}
+export async function createUser(req,res){
+  try{
+    const {employeeId,username,password,status="Active"}=req.body;
+    if(!employeeId || !username || !password) return res.status(400).json({message:"Employee, username and password are required"});
+    const hashed=await hashPassword(password);
+    const [result]=await db.query("INSERT INTO users(employee_id,username,password,status) VALUES(?,?,?,?)",[employeeId,username,hashed,status]);
+    res.status(201).json({message:"User account created",id:result.insertId});
+  }catch(error){ console.error(error); res.status(500).json({message:error.code==="ER_DUP_ENTRY"?"Employee already has an account or username exists":"Failed to create account"}); }
+}
+export async function updateUser(req,res){
+  try{
+    const {username,status}=req.body;
+    const [result]=await db.query("UPDATE users SET username=?, status=? WHERE id=?",[username,status,req.params.id]);
+    if(!result.affectedRows) return res.status(404).json({message:"User not found"});
+    res.json({message:"User updated"});
+  }catch(error){ console.error(error); res.status(500).json({message:"Failed to update user"}); }
+}
+export async function resetPassword(req,res){
+  const {password}=req.body;
+  if(!password || password.length<6) return res.status(400).json({message:"Password must be at least 6 characters"});
+  const hashed=await hashPassword(password);
+  const [result]=await db.query("UPDATE users SET password=? WHERE id=?",[hashed,req.params.id]);
+  if(!result.affectedRows) return res.status(404).json({message:"User not found"});
+  res.json({message:"Password reset"});
+}
+export async function deleteUser(req,res){
+  const [result]=await db.query("DELETE FROM users WHERE id=?",[req.params.id]);
+  if(!result.affectedRows) return res.status(404).json({message:"User not found"});
+  res.json({message:"User deleted"});
+}
+export async function myProfile(req,res){
+  const [rows]=await db.query(`SELECT u.id,u.username,u.status,u.created_at,e.full_name,e.email,e.phone,e.department,e.position,e.hired_at FROM users u JOIN employees e ON e.id=u.employee_id WHERE u.id=? LIMIT 1`,[req.session.user.id]);
+  res.json({profile:rows[0]});
+}
+export async function changeMyPassword(req,res){
+  const {currentPassword,newPassword}=req.body;
+  if(!currentPassword || !newPassword) return res.status(400).json({message:"Both passwords are required"});
+  if(newPassword.length<6) return res.status(400).json({message:"New password must be at least 6 characters"});
+  const [rows]=await db.query("SELECT password FROM users WHERE id=? LIMIT 1",[req.session.user.id]);
+  const ok=rows[0] && await comparePassword(currentPassword,rows[0].password);
+  if(!ok) return res.status(401).json({message:"Current password is incorrect"});
+  await db.query("UPDATE users SET password=? WHERE id=?",[await hashPassword(newPassword),req.session.user.id]);
+  res.json({message:"Password changed"});
+}

package/templates/employee-rbac/server/src/middleware/auth.js ADDED Viewed

@@ -0,0 +1,12 @@
+export function requireAuth(req,res,next){
+  if(!req.session.user) return res.status(401).json({message:"Not authenticated"});
+  next();
+}
+export function requireRole(role){
+  return (req,res,next)=>{
+    if(!req.session.user) return res.status(401).json({message:"Not authenticated"});
+    if(req.session.user.role!==role) return res.status(403).json({message:"Forbidden"});
+    next();
+  };
+}

package/templates/employee-rbac/server/src/routes/authRoutes.js ADDED Viewed

@@ -0,0 +1,9 @@
+import { Router } from "express";
+import { adminLogin,userLogin,registerFirstAdmin,me,logout } from "../controllers/authController.js";
+const router=Router();
+router.post("/setup/register",registerFirstAdmin);
+router.post("/admin/login",adminLogin);
+router.post("/user/login",userLogin);
+router.get("/me",me);
+router.post("/logout",logout);
+export default router;

package/templates/employee-rbac/server/src/routes/employeeRoutes.js ADDED Viewed

@@ -0,0 +1,10 @@
+import { Router } from "express";
+import { createEmployee,deleteEmployee,getEmployees,updateEmployee } from "../controllers/employeeController.js";
+import { requireRole } from "../middleware/auth.js";
+const router=Router();
+router.use(requireRole("admin"));
+router.get("/",getEmployees);
+router.post("/",createEmployee);
+router.put("/:id",updateEmployee);
+router.delete("/:id",deleteEmployee);
+export default router;

package/templates/employee-rbac/server/src/routes/userRoutes.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { Router } from "express";
+import { changeMyPassword,createUser,deleteUser,getUsers,myProfile,resetPassword,updateUser } from "../controllers/userController.js";
+import { requireRole } from "../middleware/auth.js";
+const router=Router();
+router.get("/",requireRole("admin"),getUsers);
+router.post("/",requireRole("admin"),createUser);
+router.put("/:id",requireRole("admin"),updateUser);
+router.patch("/:id/password",requireRole("admin"),resetPassword);
+router.delete("/:id",requireRole("admin"),deleteUser);
+router.get("/me/profile",requireRole("user"),myProfile);
+router.patch("/me/password",requireRole("user"),changeMyPassword);
+export default router;

package/templates/employee-rbac/server/src/utils/security.js ADDED Viewed

@@ -0,0 +1,3 @@
+import bcrypt from "bcryptjs";
+export const hashPassword=(password)=>bcrypt.hash(String(password),10);
+export const comparePassword=(password,hash)=>bcrypt.compare(String(password),hash);