create-rebe 1.0.0 → 3.0.0

package/template/scripts/cli.js

@@ -1,258 +1,99 @@
-#!/usr/bin/env node
-
 'use strict'
 
-require('dotenv').config()
-
-const fs = require('fs')
-const path = require('path')
-const crypto = require('crypto')
-const { execSync } = require('child_process')
-
-// Display name is driven by APP_NAME (no hardcoded brand). Falls back to 'rebe'
-// when .env is not present yet (e.g. before `setup`).
-const APP_NAME = (process.env.APP_NAME || 'rebe').toUpperCase()
-
-class Log {
-	static colors = {
-		reset: '\x1b[0m',
-		red: '\x1b[31m',
-		green: '\x1b[32m',
-		yellow: '\x1b[33m',
-		blue: '\x1b[34m',
-		cyan: '\x1b[36m',
-		white: '\x1b[37m',
-		gray: '\x1b[90m',
-	}
-
-	static color(color, message) {
-		return `${this.colors[color]}${message}${this.colors.reset}`
-	}
-
-	static info(message) {
-		console.log(this.color('blue', `[INFO] ${message}`))
-	}
-
-	static success(message) {
-		console.log(this.color('green', `[ OK ] ${message}`))
-	}
+// Project CLI dispatcher. Thin by design: it parses the command name and routes to a
+// handler in scripts/cli/. Three classes of command:
+//   • meta/keys  — env + key generation (scripts/cli/keys.js, help.js)
+//   • make:*     — file scaffolding, no runtime needed (scripts/cli/make.js)
+//   • db:*       — touch the cores; the runtime (module-alias + .env) is prepared
+//                  lazily and the DB connection is always closed afterwards.
 
-	static warn(message) {
-		console.log(this.color('yellow', `[WARN] ${message}`))
-	}
-
-	static error(message) {
-		console.log(this.color('red', `[FAIL] ${message}`))
-	}
-
-	static line() {
-		console.log(this.color('gray', '────────────────────────────────────────'))
-	}
-
-	static banner() {
-		const width = 38
-		const title = `${APP_NAME} CLI`
-		const padTotal = Math.max(0, width - title.length)
-		const left = Math.floor(padTotal / 2)
-		const centered = ' '.repeat(left) + title + ' '.repeat(padTotal - left)
+require('dotenv').config()
 
-		console.log()
-		console.log(this.color('cyan', `╔${'═'.repeat(width)}╗`))
-		console.log(this.color('cyan', `║${centered}║`))
-		console.log(this.color('cyan', `╚${'═'.repeat(width)}╝`))
-		console.log()
-	}
-}
+const Log = require('./cli/log')
+const { help } = require('./cli/help')
+const keys = require('./cli/keys')
+const make = require('./cli/make')
+const db = require('./cli/db')
+const { prepareRuntime } = require('./cli/bootstrap')
 
 const command = process.argv[2]
 const args = process.argv.slice(3)
 
-function generateKey(bytes = 32) {
-	return crypto.randomBytes(bytes).toString('hex')
+// Commands that talk to the database. Each entry maps an alias to a db handler.
+const DB_ROUTES = {
+	'db:migrate': db.migrate,
+	migrate: db.migrate,
+	'db:rollback': db.rollback,
+	rollback: db.rollback,
+	'db:reset': db.reset,
+	reset: db.reset,
+	'db:refresh': db.refresh,
+	refresh: db.refresh,
+	'db:fresh': db.fresh,
+	fresh: db.fresh,
+	'db:status': db.status,
+	status: db.status,
+	'db:wipe': db.wipe,
+	wipe: db.wipe,
+	'db:seed': db.seed,
+	seed: db.seed,
+	'db:seed-all': db.seedAll,
+	'seed-all': db.seedAll,
 }
 
-function getEnvPath() {
-	return path.join(process.cwd(), '.env')
+// Synchronous (no DB) commands.
+const META_ROUTES = {
+	undefined: help,
+	help,
+	setup: () => keys.setup(args),
+	'key:generate': () => keys.generateAppKey(),
+	'key:jwt': () => keys.keyJwt(args),
+	'make:model': () => make.makeModel(args),
+	'make:migration': () => make.makeMigration(args),
+	'make:seed': () => make.makeSeed(args),
+	'make:controller': () => make.makeController(args),
+	'make:middleware': () => make.makeMiddleware(args),
+	'make:validator': () => make.makeValidator(args),
+	'make:route': () => make.makeRoute(args),
+	'make:job': () => make.makeJob(args),
+	'make:queue': () => make.makeQueue(args),
+	'make:socket': () => make.makeSocket(args),
+	'make:hook': () => make.makeHook(args),
+	'make:resource': () => make.makeResource(args),
+	'make:module': () => make.makeModule(args),
 }
 
-function updateEnv(key, value) {
-	const envPath = getEnvPath()
-
-	if (!fs.existsSync(envPath)) {
-		Log.error('.env file not found')
-		process.exit(1)
-	}
-
-	let content = fs.readFileSync(envPath, 'utf8')
-
-	const regex = new RegExp(`^${key}=.*$`, 'm')
-
-	if (regex.test(content)) {
-		content = content.replace(regex, `${key}=${value}`)
-	} else {
-		content += `\n${key}=${value}`
+async function runDbCommand(handler) {
+	prepareRuntime()
+	const Database = require('@core/database.core')
+	try {
+		await handler(args)
+	} catch (err) {
+		Log.error(err.message)
+		process.exitCode = 1
+	} finally {
+		await Database.disconnect().catch(() => {})
 	}
-
-	fs.writeFileSync(envPath, content)
-
-	return value
-}
-
-function help() {
-	Log.banner()
-
-	console.log(Log.color('yellow', 'Usage'))
-	Log.line()
-
-	console.log('  npm run cli -- setup')
-	console.log('  npm run cli -- help')
-	console.log('  npm run cli -- key:generate')
-	console.log('  npm run cli -- key:jwt')
-	console.log('  npm run cli -- key:jwt --refresh')
-
-	console.log()
-
-	console.log(Log.color('yellow', 'Commands'))
-	Log.line()
-
-	console.log('  setup')
-	console.log(Log.color('gray', '      Initialize project'))
-
-	console.log()
-
-	console.log('  help')
-	console.log(Log.color('gray', '      Show help information'))
-
-	console.log()
-
-	console.log('  key:generate')
-	console.log(Log.color('gray', '      Generate APP_KEY'))
-
-	console.log()
-
-	console.log('  key:jwt')
-	console.log(Log.color('gray', '      Generate JWT_SECRET'))
-
-	console.log()
-
-	console.log('  key:jwt --refresh')
-	console.log(Log.color('gray', '      Generate JWT_REFRESH_SECRET'))
-
-	console.log()
 }
 
-function setup() {
-	Log.banner()
-
-	const examplePath = path.join(process.cwd(), '.env.example')
-	const envPath = path.join(process.cwd(), '.env')
-
-	if (!fs.existsSync(examplePath)) {
-		Log.error('.env.example not found')
-		process.exit(1)
+async function main() {
+	if (command in DB_ROUTES) {
+		await runDbCommand(DB_ROUTES[command])
+		return
 	}
 
-	if (!fs.existsSync(envPath)) {
-		fs.copyFileSync(examplePath, envPath)
-		Log.success('.env created')
-	} else {
-		Log.warn('.env already exists')
+	const meta = META_ROUTES[command === undefined ? 'undefined' : command]
+	if (meta) {
+		await meta()
+		return
 	}
 
-	try {
-		Log.info('Updating package.json dependencies...')
-		execSync('npx npm-check-updates -u', {
-			stdio: 'inherit',
-		})
-
-		Log.info('Installing dependencies...')
-		execSync('npm install', {
-			stdio: 'inherit',
-		})
-
-		generateAppKey()
-		generateJwtSecret()
-		generateJwtRefreshSecret()
-
-		Log.success('Setup completed')
-	} catch (error) {
-		Log.error(error.message)
-		process.exit(1)
-	}
-}
-
-function generateAppKey() {
-	Log.banner()
-
-	const key = generateKey(32)
-
-	updateEnv('APP_KEY', key)
-
-	Log.success('APP_KEY generated')
-	console.log()
-	console.log(Log.color('cyan', key))
-	console.log()
-}
-
-function generateJwtSecret() {
-	Log.banner()
-
-	const key = generateKey(64)
-
-	updateEnv('JWT_SECRET', key)
-
-	Log.success('JWT_SECRET generated')
-	console.log()
-	console.log(Log.color('cyan', key))
-	console.log()
-}
-
-function generateJwtRefreshSecret() {
 	Log.banner()
-
-	const key = generateKey(64)
-
-	updateEnv('JWT_REFRESH_SECRET', key)
-
-	Log.success('JWT_REFRESH_SECRET generated')
+	Log.error(`Unknown command '${command}'`)
 	console.log()
-	console.log(Log.color('cyan', key))
+	Log.info('Run: npm run cli -- help')
 	console.log()
+	process.exit(1)
 }
 
-switch (command) {
-	case undefined:
-	case 'help': {
-		help()
-		break
-	}
-
-	case 'setup': {
-		setup()
-		break
-	}
-
-	case 'key:generate': {
-		generateAppKey()
-		break
-	}
-
-	case 'key:jwt': {
-		if (args.includes('--refresh')) {
-			generateJwtRefreshSecret()
-		} else {
-			generateJwtSecret()
-		}
-
-		break
-	}
-
-	default: {
-		Log.banner()
-		Log.error(`Unknown command '${command}'`)
-		console.log()
-		Log.info(`Run: npm run cli -- help`)
-		console.log()
-		process.exit(1)
-	}
-}
+main()

package/template/tests/http.test.js

@@ -0,0 +1,99 @@
+'use strict'
+
+// Set HTTP-layer env before any config/core module loads. Rate limiting is disabled
+// so repeated requests in a test run are deterministic.
+process.env.EXPRESS_RATE_LIMIT_ENABLED = 'false'
+process.env.DB_ENABLED = 'false'
+process.env.CORS_ORIGIN = '*'
+
+const request = require('supertest')
+const Routes = require('@core/routing.core')
+const Express = require('@core/express.core')
+
+// A plain-object resource controller registered before the app is built, so the
+// router mounts it alongside the app's own routes when Express.create() runs.
+const WidgetController = {
+	index: ({ res }) => res.json({ status: true, code: 200, message: 'list', data: [], meta: null }),
+	show: ({ req, res }) => res.json({ status: true, code: 200, message: 'one', data: { id: req.params.id }, meta: null }),
+}
+
+let app
+
+beforeAll(async () => {
+	Routes.apiResource('widgets', WidgetController)
+	app = (await Express.create()).app
+})
+
+afterAll(async () => {
+	await Express.close()
+})
+
+describe('HTTP — security & envelope', () => {
+	test('GET /api/status returns the standard envelope', async () => {
+		const res = await request(app).get('/api/status')
+		expect(res.status).toBe(200)
+		expect(res.body).toEqual({ status: true, code: 200, message: 'OK', data: null, meta: null })
+	})
+
+	test('security headers: helmet on, x-powered-by off', async () => {
+		const res = await request(app).get('/')
+		expect(res.headers['x-powered-by']).toBeUndefined()
+		expect(res.headers['content-security-policy']).toBeDefined()
+		expect(res.headers['x-content-type-options']).toBe('nosniff')
+	})
+
+	test('404 uses the standard envelope (F-14)', async () => {
+		const res = await request(app).get('/api/does-not-exist')
+		expect(res.status).toBe(404)
+		expect(res.body.status).toBe(false)
+		expect(res.body.code).toBe(404)
+		expect(res.body).toHaveProperty('data', null)
+		expect(res.body).toHaveProperty('meta', null)
+		expect(res.body.message).toMatch(/Cannot GET/)
+	})
+})
+
+describe('HTTP — validation & auth', () => {
+	test('invalid login body returns 422 with errors[]', async () => {
+		const res = await request(app).post('/api/auth/login').send({ email: 'x', password: '1' })
+		expect(res.status).toBe(422)
+		expect(res.body.status).toBe(false)
+		expect(res.body.code).toBe(422)
+		expect(Array.isArray(res.body.errors)).toBe(true)
+		expect(res.body.errors.length).toBeGreaterThan(0)
+	})
+
+	test('protected route is 401 without a token, 200 with one', async () => {
+		const noToken = await request(app).get('/api/auth/me')
+		expect(noToken.status).toBe(401)
+
+		const login = await request(app).post('/api/auth/login').send({ email: 'demo@example.com', password: 'password123' })
+		expect(login.status).toBe(200)
+		const token = login.body.data.accessToken
+		expect(typeof token).toBe('string')
+
+		const me = await request(app).get('/api/auth/me').set('Authorization', `Bearer ${token}`)
+		expect(me.status).toBe(200)
+		expect(me.body.data).toHaveProperty('sub')
+	})
+})
+
+describe('HTTP — router resource', () => {
+	test('apiResource mounts index and show', async () => {
+		const index = await request(app).get('/widgets')
+		expect(index.status).toBe(200)
+		expect(index.body.data).toEqual([])
+
+		const show = await request(app).get('/widgets/42')
+		expect(show.status).toBe(200)
+		expect(show.body.data).toEqual({ id: '42' })
+	})
+})
+
+describe('Router — named routes & url()', () => {
+	test('url() substitutes params and appends query', () => {
+		Routes.get('reports/:id', ({ res }) => res.end()).name('reports.show')
+		expect(Routes.url('reports.show', { id: 7 })).toBe('/reports/7')
+		expect(Routes.url('reports.show', { id: 7, tab: 'a' })).toBe('/reports/7?tab=a')
+	})
+})