create-rex-app 1.0.0

package/template-mongo/api/middleware/authMiddleware.js

@@ -0,0 +1,31 @@
+import jwt from 'jsonwebtoken';
+import User from '../models/User.js'; // Ensure this path matches your models folder
+
+const protect = async (req, res, next) => {
+  let token;
+
+  // 1. Check if the "Authorization" header exists and starts with "Bearer"
+  if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
+    try {
+      // 2. Get the token from the string "Bearer <token>"
+      token = req.headers.authorization.split(' ')[1];
+
+      // 3. Verify the token using the Secret Key
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+      // 4. Find the user (exclude password) and attach to 'req'
+      req.user = await User.findById(decoded.id).select('-password');
+
+      next(); // Pass the user to the next step
+    } catch (error) {
+      console.error(error);
+      res.status(401).json({ message: 'Not authorized, token failed' });
+    }
+  }
+
+  if (!token) {
+    res.status(401).json({ message: 'Not authorized, no token' });
+  }
+};
+
+export default protect;

package/template-mongo/api/models/User.js

@@ -0,0 +1,28 @@
+import mongoose from 'mongoose';
+
+const userSchema = new mongoose.Schema({
+  name: {
+    type: String,
+    required: true,
+  },
+  email: {
+    type: String,
+    required: true,
+    unique: true,
+  },
+  password: { 
+    type: String, 
+    required: true 
+  }, // <--- Added this!
+  role: {
+    type: String,
+    default: 'developer',
+  },
+  createdAt: {
+    type: Date,
+    default: Date.now,
+  },
+});
+
+const User = mongoose.model('User', userSchema);
+export default User;

package/template-mongo/api/routes.js

@@ -0,0 +1,99 @@
+import express from 'express';
+import bcrypt from 'bcryptjs'; // <--- Import this
+import User from './models/User.js';
+import jwt from 'jsonwebtoken';
+import protect from './middleware/authMiddleware.js';
+const router = express.Router();
+
+// 1. GET ALL USERS
+router.get('/users', async (req, res) => {
+  try {
+    // Return everything BUT the password (security best practice)
+    const users = await User.find().select('-password'); 
+    res.json(users);
+  } catch (error) {
+    res.status(500).json({ message: error.message });
+  }
+});
+
+// 2. CREATE A USER (Sign Up)
+router.post('/users', async (req, res) => {
+  try {
+    const { name, email, password } = req.body;
+
+    // 1. Check if user exists
+    const userExists = await User.findOne({ email });
+    if (userExists) {
+      return res.status(400).json({ message: 'User already exists' });
+    }
+
+    // 2. Hash the password
+    const salt = await bcrypt.genSalt(10);
+    const hashedPassword = await bcrypt.hash(password, salt);
+
+    // 3. Create user with hashed password
+    const newUser = new User({ 
+      name, 
+      email, 
+      password: hashedPassword 
+    });
+    
+    const savedUser = await newUser.save();
+    
+    // 4. Respond (don't send back the password!)
+    res.status(201).json({
+      _id: savedUser._id,
+      name: savedUser.name,
+      email: savedUser.email,
+    });
+
+  } catch (error) {
+    res.status(400).json({ message: error.message });
+  }
+});
+
+// 3. LOGIN USER (Generate Token)
+router.post('/login', async (req, res) => {
+  try {
+    const { email, password } = req.body;
+
+    // A. Validate User
+    const user = await User.findOne({ email });
+    if (!user) return res.status(400).json({ message: 'Invalid credentials' });
+
+    // B. Validate Password
+    const isMatch = await bcrypt.compare(password, user.password);
+    if (!isMatch) return res.status(400).json({ message: 'Invalid credentials' });
+
+    // C. Generate Token
+    const token = jwt.sign(
+      { id: user._id }, 
+      process.env.JWT_SECRET, 
+      { expiresIn: '30d' }
+    );
+
+    // D. Response: STRICTLY TOKEN ONLY
+    res.json({ 
+      message: "Login successful",
+      token: token 
+    });
+
+  } catch (error) {
+    res.status(500).json({ message: error.message });
+  }
+});
+
+// 4. Profile - Middleware
+router.get('/profile', protect, (req, res) => {
+  // The 'protect' middleware has already run.
+  // It found the user and put it in 'req.user'.
+  
+  res.json({
+    _id: req.user._id,
+    name: req.user.name,
+    email: req.user.email,
+    role: req.user.role,
+    message: `Verification Successful. Welcome, ${req.user.name}!`
+  });
+});
+export default router;

package/template-mongo/env-sample.txt

@@ -0,0 +1,3 @@
+MONGO_URI=
+PORT=
+JWT_SECRET=

package/template-mongo/eslint.config.js

@@ -0,0 +1,29 @@
+import js from '@eslint/js'
+import globals from 'globals'
+import reactHooks from 'eslint-plugin-react-hooks'
+import reactRefresh from 'eslint-plugin-react-refresh'
+import { defineConfig, globalIgnores } from 'eslint/config'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{js,jsx}'],
+    extends: [
+      js.configs.recommended,
+      reactHooks.configs.flat.recommended,
+      reactRefresh.configs.vite,
+    ],
+    languageOptions: {
+      ecmaVersion: 2020,
+      globals: globals.browser,
+      parserOptions: {
+        ecmaVersion: 'latest',
+        ecmaFeatures: { jsx: true },
+        sourceType: 'module',
+      },
+    },
+    rules: {
+      'no-unused-vars': ['error', { varsIgnorePattern: '^[A-Z_]' }],
+    },
+  },
+])

package/template-mongo/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/rex.png" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Rex - One House Partner</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.jsx"></script>
+  </body>
+</html>