create-prisma-php-app 4.2.2-beta → 4.2.2

package/dist/settings/bs-config.ts

@@ -3,7 +3,7 @@ import { writeFileSync, existsSync, mkdirSync } from "fs";
 import browserSync, { BrowserSyncInstance } from "browser-sync";
 import prismaPhpConfigJson from "../prisma-php.json";
 import { generateFileListJson } from "./files-list.js";
-import { join, dirname } from "path";
+import { join, dirname, relative } from "path";
 import { getFileMeta, PUBLIC_DIR, SRC_DIR } from "./utils.js";
 import { updateAllClassLogs } from "./class-log.js";
 import {
@@ -15,9 +15,10 @@ import { checkComponentImports } from "./component-import-checker";
 import { DebouncedWorker, createSrcWatcher, DEFAULT_AWF } from "./utils.js";
 
 const { __dirname } = getFileMeta();
-
 const bs: BrowserSyncInstance = browserSync.create();
 
+const PUBLIC_IGNORE_DIRS = [''];
+
 const pipeline = new DebouncedWorker(
   async () => {
     await generateFileListJson();
@@ -68,7 +69,19 @@ createSrcWatcher(join(SRC_DIR, "**", "*"), {
 });
 
 createSrcWatcher(join(PUBLIC_DIR, "**", "*"), {
-  onEvent: (_ev, _abs, rel) => publicPipeline.schedule(rel),
+  onEvent: (_ev, abs, _) => {
+    const relFromPublic = relative(PUBLIC_DIR, abs);
+    const normalized = relFromPublic.replace(/\\/g, "/");
+
+    const segments = normalized.split("/").filter(Boolean);
+    const firstSegment = segments[0] || "";
+
+    if (PUBLIC_IGNORE_DIRS.includes(firstSegment)) {
+      return;
+    }
+
+    publicPipeline.schedule(relFromPublic);
+  },
   awaitWriteFinish: DEFAULT_AWF,
   logPrefix: "watch-public",
   usePolling: true,

package/dist/settings/vite-plugins/generate-global-types.ts

@@ -0,0 +1,246 @@
+import { Plugin } from "vite";
+import path from "path";
+import { writeFileSync, mkdirSync, existsSync, readFileSync } from "fs";
+import ts from "typescript";
+
+export function generateGlobalTypes(): Plugin {
+  const dtsPath = path.resolve(process.cwd(), ".pp", "global-functions.d.ts");
+
+  return {
+    name: "generate-global-types",
+
+    buildStart() {
+      const mainPath = path.resolve(process.cwd(), "ts", "main.ts");
+
+      if (!existsSync(mainPath)) {
+        console.warn("⚠️  ts/main.ts not found, skipping type generation");
+        return;
+      }
+
+      const content = readFileSync(mainPath, "utf-8");
+      const globals = parseGlobalSingletons(content, mainPath);
+
+      if (globals.length === 0) {
+        console.warn("⚠️  No createGlobalSingleton calls found");
+        return;
+      }
+
+      generateDtsWithTypeChecker(globals, dtsPath, mainPath);
+    },
+  };
+}
+interface GlobalDeclaration {
+  name: string;
+  importPath: string;
+  exportName: string;
+}
+
+function parseGlobalSingletons(
+  content: string,
+  filePath: string
+): GlobalDeclaration[] {
+  const sf = ts.createSourceFile(
+    filePath,
+    content,
+    ts.ScriptTarget.Latest,
+    true
+  );
+
+  const globals: GlobalDeclaration[] = [];
+  const importMap = new Map<string, { path: string; originalName: string }>();
+
+  sf.statements.forEach((stmt) => {
+    if (ts.isImportDeclaration(stmt) && stmt.importClause) {
+      const moduleSpecifier = (stmt.moduleSpecifier as ts.StringLiteral).text;
+
+      if (stmt.importClause.namedBindings) {
+        if (ts.isNamedImports(stmt.importClause.namedBindings)) {
+          stmt.importClause.namedBindings.elements.forEach((element) => {
+            const localName = element.name.text;
+            const importedName = element.propertyName
+              ? element.propertyName.text
+              : localName;
+
+            importMap.set(localName, {
+              path: moduleSpecifier,
+              originalName: importedName,
+            });
+          });
+        }
+      }
+    }
+  });
+
+  function visit(node: ts.Node) {
+    if (
+      ts.isCallExpression(node) &&
+      ts.isIdentifier(node.expression) &&
+      node.expression.text === "createGlobalSingleton"
+    ) {
+      if (node.arguments.length >= 2) {
+        const nameArg = node.arguments[0];
+        const valueArg = node.arguments[1];
+
+        if (ts.isStringLiteral(nameArg) && ts.isIdentifier(valueArg)) {
+          const name = nameArg.text;
+          const variable = valueArg.text;
+          const importInfo = importMap.get(variable);
+
+          if (importInfo) {
+            globals.push({
+              name,
+              importPath: importInfo.path,
+              exportName: importInfo.originalName,
+            });
+          }
+        }
+      }
+    }
+
+    ts.forEachChild(node, visit);
+  }
+
+  visit(sf);
+  return globals;
+}
+
+function generateDtsWithTypeChecker(
+  globals: GlobalDeclaration[],
+  dtsPath: string,
+  mainPath: string
+) {
+  const configPath = ts.findConfigFile(
+    process.cwd(),
+    ts.sys.fileExists,
+    "tsconfig.json"
+  );
+
+  const { config } = configPath
+    ? ts.readConfigFile(configPath, ts.sys.readFile)
+    : { config: {} };
+
+  const { options } = ts.parseJsonConfigFileContent(
+    config,
+    ts.sys,
+    process.cwd()
+  );
+
+  const program = ts.createProgram([mainPath], options);
+  const checker = program.getTypeChecker();
+  const sourceFile = program.getSourceFile(mainPath);
+
+  if (!sourceFile) {
+    console.warn("⚠️  Could not load main.ts for type checking");
+    generateFallbackDts(globals, dtsPath);
+    return;
+  }
+
+  const signatures = new Map<string, string>();
+
+  const importMap = new Map<string, ts.ImportDeclaration>();
+  sourceFile.statements.forEach((stmt) => {
+    if (ts.isImportDeclaration(stmt) && stmt.importClause?.namedBindings) {
+      if (ts.isNamedImports(stmt.importClause.namedBindings)) {
+        stmt.importClause.namedBindings.elements.forEach((element) => {
+          importMap.set(element.name.text, stmt);
+        });
+      }
+    }
+  });
+
+  globals.forEach(({ name, exportName }) => {
+    try {
+      const importDecl = importMap.get(exportName);
+      if (!importDecl || !importDecl.importClause?.namedBindings) {
+        signatures.set(name, "(...args: any[]) => any");
+        return;
+      }
+
+      if (ts.isNamedImports(importDecl.importClause.namedBindings)) {
+        const importSpec = importDecl.importClause.namedBindings.elements.find(
+          (el) => el.name.text === exportName
+        );
+
+        if (importSpec) {
+          const symbol = checker.getSymbolAtLocation(importSpec.name);
+          if (symbol) {
+            const type = checker.getTypeOfSymbolAtLocation(
+              symbol,
+              importSpec.name
+            );
+            const signature = checker.typeToString(
+              type,
+              undefined,
+              ts.TypeFormatFlags.NoTruncation
+            );
+            signatures.set(name, signature);
+            return;
+          }
+        }
+      }
+
+      signatures.set(name, "(...args: any[]) => any");
+    } catch (error) {
+      console.warn(`⚠️  Failed to extract type for ${name}:`, error);
+      signatures.set(name, "(...args: any[]) => any");
+    }
+  });
+
+  const declarations = globals
+    .map(({ name }) => {
+      const sig = signatures.get(name) || "(...args: any[]) => any";
+      return `  const ${name}: ${sig};`;
+    })
+    .join("\n");
+
+  const windowDeclarations = globals
+    .map(({ name }) => `    ${name}: typeof globalThis.${name};`)
+    .join("\n");
+
+  const content = `// Auto-generated by Vite plugin
+// Do not edit manually - regenerate with: npm run dev or npm run build
+// Source: ts/main.ts
+
+declare global {
+${declarations}
+
+  interface Window {
+${windowDeclarations}
+  }
+}
+
+export {};
+`;
+
+  const dir = path.dirname(dtsPath);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+
+  writeFileSync(dtsPath, content, "utf-8");
+  console.log(`✅ Generated ${path.relative(process.cwd(), dtsPath)}`);
+}
+
+function generateFallbackDts(globals: GlobalDeclaration[], dtsPath: string) {
+  const declarations = globals
+    .map(({ name }) => `  const ${name}: (...args: any[]) => any;`)
+    .join("\n");
+
+  const windowDeclarations = globals
+    .map(({ name }) => `    ${name}: typeof globalThis.${name};`)
+    .join("\n");
+
+  const content = `// Auto-generated by Vite plugin
+declare global {
+${declarations}
+
+  interface Window {
+${windowDeclarations}
+  }
+}
+
+export {};
+`;
+
+  writeFileSync(dtsPath, content, "utf-8");
+}

package/dist/src/Lib/Auth/Auth.php

@@ -29,21 +29,12 @@ class Auth
     private string $secretKey;
     private string $defaultTokenValidity = '1h'; // Default to 1 hour
 
-    /**
-     * Private constructor to prevent direct instantiation.
-     * Use Auth::getInstance() to get the singleton instance.
-     */
     private function __construct()
     {
         $this->secretKey = $_ENV['AUTH_SECRET'] ?? 'CD24eEv4qbsC5LOzqeaWbcr58mBMSvA4Mkii8GjRiHkt';
         self::$cookieName = self::getCookieName();
     }
 
-    /**
-     * Returns the singleton instance of the Auth class.
-     * 
-     * @return Auth The singleton instance.
-     */
     public static function getInstance(): Auth
     {
         if (self::$instance === null) {
@@ -53,33 +44,20 @@ class Auth
     }
 
     /**
-     * Authenticates a user and generates a JWT (JSON Web Token) based on the specified user data
-     * and token validity duration. The method first checks if the secret key is set, calculates
-     * the token's expiration time, sets the necessary payload, and encodes it into a JWT.
-     * If possible (HTTP headers not yet sent), it also sets cookies with the JWT for client-side storage.
+     * Authenticates a user and generates a JWT.
+     * Optionally redirects the user to a default or custom URL.
      *
-     * @param mixed $data User data which can be a simple string or an instance of AuthRole.
-     *                    If an instance of AuthRole is provided, its `value` property will be used as the role in the token.
-     * @param string|null $tokenValidity Optional parameter specifying the duration the token is valid for (e.g., '10m', '1h').
-     *                                   If null, the default validity period set in the class property is used, which is 1 hour.
-     *                                   The format should be a number followed by a time unit ('s' for seconds, 'm' for minutes,
-     *                                   'h' for hours, 'd' for days), and this is parsed to calculate the exact expiration time.
+     * @param mixed $data User data (string or AuthRole).
+     * @param string|null $tokenValidity Duration token is valid for (e.g., '1h'). Default is '1h'.
+     * @param bool|string $redirect 
+     * - If `false` (default): No redirect occurs; returns the JWT.
+     * - If `true`: Redirects to `AuthConfig::DEFAULT_SIGNIN_REDIRECT`.
+     * - If `string`: Redirects to the specified URL (e.g., '/dashboard').
      *
      * @return string Returns the encoded JWT as a string.
-     *
-     * @throws InvalidArgumentException Thrown if the secret key is not set or if the duration format is invalid.
-     *
-     * Example:
-     *   $auth = Auth::getInstance();
-     *   $auth->setSecretKey('your_secret_key');
-     *   try {
-     *       $jwt = $auth->signIn('Admin', '1h');
-     *       echo "JWT: " . $jwt;
-     *   } catch (InvalidArgumentException $e) {
-     *       echo "Error: " . $e->getMessage();
-     *   }
+     * @throws InvalidArgumentException
      */
-    public function signIn($data, ?string $tokenValidity = null): string
+    public function signIn($data, ?string $tokenValidity = null, bool|string $redirect = false): string
     {
         if (!$this->secretKey) {
             throw new InvalidArgumentException("Secret key is required for authentication.");
@@ -96,14 +74,20 @@ class Auth
             'exp' => $expirationTime,
         ];
 
-        // Set the payload in the session
         $_SESSION[self::PAYLOAD_SESSION_KEY] = $payload;
 
-        // Encode the JWT
         $jwt = JWT::encode($payload, $this->secretKey, 'HS256');
 
         if (!headers_sent()) {
             $this->setCookies($jwt, $expirationTime);
+
+            $this->rotateCsrfToken();
+        }
+
+        if ($redirect === true) {
+            Request::redirect(AuthConfig::DEFAULT_SIGNIN_REDIRECT);
+        } elseif (is_string($redirect) && !empty($redirect)) {
+            Request::redirect($redirect);
         }
 
         return $jwt;
@@ -184,19 +168,12 @@ class Auth
     public function verifyToken(?string $jwt): ?object
     {
         try {
-            if (!$jwt) {
-                return null;
-            }
+            if (!$jwt) return null;
 
             $token = JWT::decode($jwt, new Key($this->secretKey, 'HS256'));
 
-            if (empty($token->{Auth::PAYLOAD_NAME})) {
-                return null;
-            }
-
-            if (isset($token->exp) && time() >= $token->exp) {
-                return null;
-            }
+            if (empty($token->{Auth::PAYLOAD_NAME})) return null;
+            if (isset($token->exp) && time() >= $token->exp) return null;
 
             return $token;
         } catch (Exception) {
@@ -228,7 +205,6 @@ class Auth
         }
 
         $expirationTime = $this->calculateExpirationTime($tokenValidity ?? $this->defaultTokenValidity);
-
         $decodedToken->exp = $expirationTime;
         $newJwt = JWT::encode((array)$decodedToken, $this->secretKey, 'HS256');
 
@@ -244,13 +220,38 @@ class Auth
         if (!headers_sent()) {
             setcookie(self::$cookieName, $jwt, [
                 'expires' => $expirationTime,
-                'path' => '/', // Set the path to '/' to make the cookie available site-wide
-                'domain' => '', // Specify your domain
-                'secure' => true, // Set to true if using HTTPS
-                'httponly' => true, // Prevent JavaScript access to the cookie
-                'samesite' => 'Lax', // or 'Strict' depending on your requirements
+                'path' => '/',
+                'domain' => '',
+                'secure' => true,
+                'httponly' => true,
+                'samesite' => 'Lax',
+            ]);
+        }
+    }
+
+    public function rotateCsrfToken(): void
+    {
+        $secret = $_ENV['FUNCTION_CALL_SECRET'] ?? '';
+
+        if (empty($secret)) {
+            return;
+        }
+
+        $nonce = bin2hex(random_bytes(16));
+        $signature = hash_hmac('sha256', $nonce, $secret);
+        $token = $nonce . '.' . $signature;
+
+        if (!headers_sent()) {
+            setcookie('prisma_php_csrf', $token, [
+                'expires'  => time() + 3600, // 1 hour validity
+                'path'     => '/',
+                'secure'   => true,
+                'httponly' => false, // Must be FALSE so client JS can read it
+                'samesite' => 'Lax',
             ]);
         }
+
+        $_COOKIE['prisma_php_csrf'] = $token;
     }
 
     /**
@@ -276,6 +277,8 @@ class Auth
             unset($_SESSION[self::PAYLOAD_SESSION_KEY]);
         }
 
+        $this->rotateCsrfToken();
+
         if ($redirect) {
             Request::redirect($redirect);
         }

package/dist/src/app/index.php

@@ -8,7 +8,7 @@
         <ol class="list-inside list-decimal text-sm/6 text-center sm:text-left">
             <li class="mb-2 tracking-[-.01em]">
                 Get started by editing
-                <code class="bg-text-foreground/[.05] dark:bg-white/[.06] px-1 py-0.5 rounded font-semibold">
+                <code class="bg-text-foreground/[.05] dark:bg-white/6 px-1 py-0.5 rounded font-semibold">
                     src/app/index.php
                 </code>
                 .
@@ -46,7 +46,7 @@
         </div>
     </main>
 
-    <footer class="row-start-3 flex gap-[24px] flex-wrap items-center justify-center">
+    <footer class="row-start-3 flex gap-6 flex-wrap items-center justify-center">
         <a
             class="flex items-center gap-2 hover:underline hover:underline-offset-4"
             href="https://prismaphp.tsnc.tech/docs?doc=learning-path"

package/dist/src/app/layout.php

@@ -1,7 +1,6 @@
 <?php
 
 use PP\MainLayout;
-use PP\Request;
 
 MainLayout::$title = !empty(MainLayout::$title) ? MainLayout::$title : 'Create Prisma PHP App';
 MainLayout::$description = !empty(MainLayout::$description) ? MainLayout::$description : 'Generated by create Prisma PHP App';
@@ -16,7 +15,7 @@ MainLayout::$description = !empty(MainLayout::$description) ? MainLayout::$descr
     <!-- Dynamic Header Scripts -->
 </head>
 
-<body>
+<body pp-spa="true" style="opacity:0;pointer-events:none;user-select:none;transition:opacity .18s ease-out;">
     <?= MainLayout::$children; ?>
     <!-- Dynamic Footer Scripts -->
 </body>

package/dist/src/app/not-found.php

@@ -1,7 +1,7 @@
-<div class="flex flex-col min-h-[100vh] items-center justify-center space-y-4 text-center">
+<div class="flex flex-col min-h-screen items-center justify-center space-y-4 text-center">
     <div class="space-y-2">
         <h1 class="text-4xl font-bold tracking-tighter sm:text-5xl md:text-6xl">404 Not Found</h1>
-        <p class="max-w-[600px] text-gray-500 md:text-xl/relaxed lg:text-base/relaxed xl:text-xl/relaxed dark:text-gray-400">
+        <p class="max-w-150 text-gray-500 md:text-xl/relaxed lg:text-base/relaxed xl:text-xl/relaxed dark:text-gray-400">
             Sorry, we couldn't find the page you're looking for.
         </p>
     </div>

package/dist/tsconfig.json

@@ -106,6 +106,6 @@
     // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
     "skipLibCheck": true /* Skip type checking all .d.ts files. */
   },
-  "include": ["**/*.ts"],
+    "include": ["**/*.ts", ".pp/**/*.d.ts"],
   "exclude": ["node_modules", "vendor"]
 }

package/dist/vite.config.ts

@@ -2,6 +2,7 @@ import { defineConfig, Plugin } from "vite";
 import path from "path";
 import fg from "fast-glob";
 import { writeFileSync } from "fs";
+import { generateGlobalTypes } from "./settings/vite-plugins/generate-global-types.js";
 
 const entries = Object.fromEntries(
   fg.sync("ts/**/*.ts", { ignore: ["**/*.test.ts"] }).map((f) => {
@@ -10,6 +11,13 @@ const entries = Object.fromEntries(
   })
 );
 
+const VITE_WATCH_EXCLUDE = [
+  "public/js/**",
+  "node_modules/**",
+  "vendor/**",
+  ".pp/**",
+];
+
 function browserSyncNotify(): Plugin {
   const flagFile = path.resolve(__dirname, ".pp", ".vite-build-complete");
 
@@ -21,16 +29,17 @@ function browserSyncNotify(): Plugin {
   };
 }
 
-export default defineConfig({
+export default defineConfig(({ command, mode }) => ({
   publicDir: false,
   build: {
     outDir: "public/js",
     emptyOutDir: false,
     minify: "esbuild",
     sourcemap: false,
-    watch: {
-      exclude: ["public/**", "node_modules/**"],
-    },
+    watch:
+      command === "build" && mode === "development"
+        ? { exclude: VITE_WATCH_EXCLUDE }
+        : undefined,
     rollupOptions: {
       input: entries,
       external: [/^\/js\/.*/],
@@ -41,7 +50,12 @@ export default defineConfig({
       },
     },
   },
-  plugins: [browserSyncNotify()],
+  plugins: [
+    generateGlobalTypes(),
+    ...(command === "build" && mode === "development"
+      ? [browserSyncNotify()]
+      : []),
+  ],
   esbuild: { legalComments: "none" },
   define: { "process.env.NODE_ENV": '"production"' },
-});
+}));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-prisma-php-app",
-  "version": "4.2.2-beta",
+  "version": "4.2.2",
   "description": "Prisma-PHP: A Revolutionary Library Bridging PHP with Prisma ORM",
   "main": "dist/index.js",
   "type": "module",
@@ -32,15 +32,15 @@
   "author": "Jefferson Abraham Omier <thesteelninjacode@gmail.com>",
   "license": "MIT",
   "dependencies": {
-    "chalk": "^5.3.0",
+    "chalk": "^5.6.2",
     "crypto-js": "^4.2.0",
     "prompts": "^2.4.2"
   },
   "devDependencies": {
     "@types/crypto-js": "^4.2.2",
-    "@types/node": "^20.11.7",
+    "@types/node": "^25.0.3",
     "@types/prompts": "^2.4.9",
     "ts-node": "^10.9.2",
-    "typescript": "^5.3.3"
+    "typescript": "^5.9.3"
   }
 }