create-solostack 1.2.2 → 1.3.0

package/src/generators/pro/api-keys.js

@@ -0,0 +1,464 @@
+/**
+ * API Keys Generator - Pro Feature
+ * Generates API key management system with rate limiting
+ */
+
+import path from 'path';
+import { writeFile, ensureDir } from '../../utils/files.js';
+
+export async function generateApiKeys(projectPath) {
+    await ensureDir(path.join(projectPath, 'src/app/api/keys'));
+    await ensureDir(path.join(projectPath, 'src/app/api/keys/create'));
+    await ensureDir(path.join(projectPath, 'src/app/api/keys/revoke'));
+    await ensureDir(path.join(projectPath, 'src/app/dashboard/api-keys'));
+
+    // Generate API key utility
+    const apiKeyUtil = `import crypto from 'crypto';
+import { db } from '@/lib/db';
+
+/**
+ * Generate a new API key
+ * Format: sk_live_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ */
+export function generateApiKey(): { key: string; hash: string; prefix: string } {
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+  let randomPart = '';
+  for (let i = 0; i < 32; i++) {
+    randomPart += chars.charAt(Math.floor(Math.random() * chars.length));
+  }
+  
+  const key = \`sk_live_\${randomPart}\`;
+  const hash = crypto.createHash('sha256').update(key).digest('hex');
+  const prefix = key.substring(0, 12); // sk_live_XXXX
+  
+  return { key, hash, prefix };
+}
+
+/**
+ * Hash an API key for storage
+ */
+export function hashApiKey(key: string): string {
+  return crypto.createHash('sha256').update(key).digest('hex');
+}
+
+/**
+ * Validate an API key and return the user
+ */
+export async function validateApiKey(key: string) {
+  if (!key || !key.startsWith('sk_live_')) {
+    return null;
+  }
+
+  const hash = hashApiKey(key);
+  
+  const apiKey = await db.apiKey.findUnique({
+    where: { key: hash },
+    include: {
+      user: {
+        select: { id: true, email: true, role: true },
+      },
+    },
+  });
+
+  if (!apiKey) {
+    return null;
+  }
+
+  // Check expiration
+  if (apiKey.expiresAt && apiKey.expiresAt < new Date()) {
+    return null;
+  }
+
+  // Update last used timestamp
+  await db.apiKey.update({
+    where: { id: apiKey.id },
+    data: { lastUsedAt: new Date() },
+  });
+
+  return apiKey.user;
+}
+`;
+
+    await writeFile(
+        path.join(projectPath, 'src/lib/api-key-auth.ts'),
+        apiKeyUtil
+    );
+
+    // Generate rate limiting utility (works without Redis, in-memory fallback)
+    const rateLimitUtil = `/**
+ * Simple in-memory rate limiter
+ * For production, consider using Upstash Redis
+ */
+
+interface RateLimitEntry {
+  count: number;
+  resetAt: number;
+}
+
+const rateLimitStore = new Map<string, RateLimitEntry>();
+
+const RATE_LIMIT = 100; // requests
+const WINDOW_MS = 60 * 60 * 1000; // 1 hour
+
+export async function rateLimit(identifier: string): Promise<{
+  success: boolean;
+  remaining: number;
+  reset: number;
+}> {
+  const now = Date.now();
+  const entry = rateLimitStore.get(identifier);
+
+  if (!entry || now > entry.resetAt) {
+    // Create new window
+    rateLimitStore.set(identifier, {
+      count: 1,
+      resetAt: now + WINDOW_MS,
+    });
+    return { success: true, remaining: RATE_LIMIT - 1, reset: now + WINDOW_MS };
+  }
+
+  if (entry.count >= RATE_LIMIT) {
+    return { success: false, remaining: 0, reset: entry.resetAt };
+  }
+
+  entry.count++;
+  return { success: true, remaining: RATE_LIMIT - entry.count, reset: entry.resetAt };
+}
+`;
+
+    await writeFile(
+        path.join(projectPath, 'src/lib/rate-limit.ts'),
+        rateLimitUtil
+    );
+
+    // Generate create API key endpoint
+    const createKeyRoute = `import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { db } from '@/lib/db';
+import { generateApiKey } from '@/lib/api-key-auth';
+
+export async function POST(req: NextRequest) {
+  try {
+    const session = await auth();
+    
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    const { name } = await req.json();
+
+    if (!name || name.length < 1) {
+      return NextResponse.json({ error: 'Name is required' }, { status: 400 });
+    }
+
+    // Check existing keys count (limit to 5)
+    const existingCount = await db.apiKey.count({
+      where: { userId: session.user.id },
+    });
+
+    if (existingCount >= 5) {
+      return NextResponse.json(
+        { error: 'Maximum 5 API keys allowed' },
+        { status: 400 }
+      );
+    }
+
+    const { key, hash, prefix } = generateApiKey();
+
+    await db.apiKey.create({
+      data: {
+        userId: session.user.id,
+        key: hash,
+        keyPrefix: prefix,
+        name,
+      },
+    });
+
+    // Return the actual key only once - user must save it
+    return NextResponse.json({
+      key, // Full key - only shown once!
+      prefix,
+      name,
+      message: 'Save this key securely - it will not be shown again.',
+    });
+  } catch (error: any) {
+    console.error('Create API key error:', error);
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}
+`;
+
+    await writeFile(
+        path.join(projectPath, 'src/app/api/keys/create/route.ts'),
+        createKeyRoute
+    );
+
+    // Generate revoke API key endpoint
+    const revokeKeyRoute = `import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { db } from '@/lib/db';
+
+export async function POST(req: NextRequest) {
+  try {
+    const session = await auth();
+    
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    const { keyId } = await req.json();
+
+    if (!keyId) {
+      return NextResponse.json({ error: 'Key ID is required' }, { status: 400 });
+    }
+
+    // Ensure user owns this key
+    const apiKey = await db.apiKey.findFirst({
+      where: {
+        id: keyId,
+        userId: session.user.id,
+      },
+    });
+
+    if (!apiKey) {
+      return NextResponse.json({ error: 'API key not found' }, { status: 404 });
+    }
+
+    await db.apiKey.delete({
+      where: { id: keyId },
+    });
+
+    return NextResponse.json({ success: true });
+  } catch (error: any) {
+    console.error('Revoke API key error:', error);
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}
+`;
+
+    await writeFile(
+        path.join(projectPath, 'src/app/api/keys/revoke/route.ts'),
+        revokeKeyRoute
+    );
+
+    // Generate API keys management page
+    const apiKeysPage = `'use client';
+
+import { useState, useEffect } from 'react';
+import { Key, Plus, Trash2, Copy, Check, Loader2 } from 'lucide-react';
+
+interface ApiKey {
+  id: string;
+  name: string;
+  keyPrefix: string;
+  lastUsedAt: string | null;
+  createdAt: string;
+}
+
+export default function ApiKeysPage() {
+  const [keys, setKeys] = useState<ApiKey[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [creating, setCreating] = useState(false);
+  const [newKeyName, setNewKeyName] = useState('');
+  const [newKey, setNewKey] = useState<string | null>(null);
+  const [copied, setCopied] = useState(false);
+
+  useEffect(() => {
+    fetchKeys();
+  }, []);
+
+  async function fetchKeys() {
+    try {
+      const res = await fetch('/api/keys');
+      if (res.ok) {
+        const data = await res.json();
+        setKeys(data.keys);
+      }
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  async function createKey() {
+    if (!newKeyName.trim()) return;
+    
+    setCreating(true);
+    try {
+      const res = await fetch('/api/keys/create', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: newKeyName }),
+      });
+      
+      if (res.ok) {
+        const data = await res.json();
+        setNewKey(data.key);
+        setNewKeyName('');
+        fetchKeys();
+      }
+    } finally {
+      setCreating(false);
+    }
+  }
+
+  async function revokeKey(keyId: string) {
+    if (!confirm('Are you sure you want to revoke this API key?')) return;
+    
+    await fetch('/api/keys/revoke', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ keyId }),
+    });
+    
+    fetchKeys();
+  }
+
+  function copyToClipboard(text: string) {
+    navigator.clipboard.writeText(text);
+    setCopied(true);
+    setTimeout(() => setCopied(false), 2000);
+  }
+
+  if (loading) {
+    return (
+      <div className="flex items-center justify-center min-h-[400px]">
+        <Loader2 className="h-8 w-8 animate-spin text-indigo-600" />
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-4xl mx-auto p-6">
+      <h1 className="text-3xl font-bold mb-2">API Keys</h1>
+      <p className="text-gray-600 mb-8">Manage your API keys for programmatic access</p>
+
+      {/* New key created banner */}
+      {newKey && (
+        <div className="bg-amber-50 border border-amber-200 rounded-lg p-4 mb-6">
+          <p className="text-sm text-amber-800 mb-2 font-medium">
+            🔑 Save this API key now - it will not be shown again!
+          </p>
+          <div className="flex items-center gap-2">
+            <code className="flex-1 bg-white border rounded px-3 py-2 text-sm font-mono break-all">
+              {newKey}
+            </code>
+            <button
+              onClick={() => copyToClipboard(newKey)}
+              className="p-2 hover:bg-amber-100 rounded"
+            >
+              {copied ? <Check className="h-5 w-5 text-green-600" /> : <Copy className="h-5 w-5" />}
+            </button>
+          </div>
+          <button
+            onClick={() => setNewKey(null)}
+            className="mt-3 text-sm text-amber-700 hover:underline"
+          >
+            I have saved the key
+          </button>
+        </div>
+      )}
+
+      {/* Create new key */}
+      <div className="bg-white rounded-xl border p-6 mb-8">
+        <h2 className="text-lg font-semibold mb-4">Create New API Key</h2>
+        <div className="flex gap-3">
+          <input
+            type="text"
+            value={newKeyName}
+            onChange={(e) => setNewKeyName(e.target.value)}
+            placeholder="Key name (e.g., Production, Development)"
+            className="flex-1 px-4 py-2 border rounded-lg focus:outline-none focus:ring-2 focus:ring-indigo-500"
+          />
+          <button
+            onClick={createKey}
+            disabled={creating || !newKeyName.trim()}
+            className="inline-flex items-center gap-2 px-4 py-2 bg-indigo-600 text-white rounded-lg hover:bg-indigo-500 disabled:opacity-50"
+          >
+            {creating ? <Loader2 className="h-4 w-4 animate-spin" /> : <Plus className="h-4 w-4" />}
+            Create Key
+          </button>
+        </div>
+      </div>
+
+      {/* Existing keys */}
+      <div className="bg-white rounded-xl border overflow-hidden">
+        <div className="px-6 py-4 border-b">
+          <h2 className="text-lg font-semibold">Your API Keys</h2>
+        </div>
+        
+        {keys.length === 0 ? (
+          <div className="p-6 text-center text-gray-500">
+            <Key className="h-12 w-12 mx-auto mb-3 text-gray-300" />
+            <p>No API keys yet. Create one above.</p>
+          </div>
+        ) : (
+          <ul className="divide-y">
+            {keys.map((key) => (
+              <li key={key.id} className="px-6 py-4 flex items-center justify-between">
+                <div>
+                  <p className="font-medium">{key.name}</p>
+                  <p className="text-sm text-gray-500 font-mono">{key.keyPrefix}••••••••</p>
+                  <p className="text-xs text-gray-400 mt-1">
+                    {key.lastUsedAt
+                      ? \`Last used: \${new Date(key.lastUsedAt).toLocaleDateString()}\`
+                      : 'Never used'}
+                  </p>
+                </div>
+                <button
+                  onClick={() => revokeKey(key.id)}
+                  className="p-2 text-red-500 hover:bg-red-50 rounded"
+                >
+                  <Trash2 className="h-5 w-5" />
+                </button>
+              </li>
+            ))}
+          </ul>
+        )}
+      </div>
+    </div>
+  );
+}
+`;
+
+    await writeFile(
+        path.join(projectPath, 'src/app/dashboard/api-keys/page.tsx'),
+        apiKeysPage
+    );
+
+    // Generate list API keys endpoint
+    const listKeysRoute = `import { NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { db } from '@/lib/db';
+
+export async function GET() {
+  try {
+    const session = await auth();
+    
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    const keys = await db.apiKey.findMany({
+      where: { userId: session.user.id },
+      select: {
+        id: true,
+        name: true,
+        keyPrefix: true,
+        lastUsedAt: true,
+        createdAt: true,
+      },
+      orderBy: { createdAt: 'desc' },
+    });
+
+    return NextResponse.json({ keys });
+  } catch (error: any) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}
+`;
+
+    await writeFile(
+        path.join(projectPath, 'src/app/api/keys/route.ts'),
+        listKeysRoute
+    );
+}

package/src/generators/pro/database-full.js

@@ -0,0 +1,233 @@
+/**
+ * Full Database Schema Generator - Pro Feature
+ * Generates complete Prisma schema with Subscription, Payment, ApiKey models
+ */
+
+import path from 'path';
+import { writeFile, ensureDir } from '../../utils/files.js';
+
+export async function generateFullDatabase(projectPath) {
+    await ensureDir(path.join(projectPath, 'prisma'));
+
+    // Generate full Prisma schema
+    const schema = `// This is your Prisma schema file
+// Generated by SoloStack Pro
+
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+
+// ==========================================
+// User & Authentication Models
+// ==========================================
+
+model User {
+  id                String         @id @default(cuid())
+  email             String         @unique
+  name              String?
+  emailVerified     DateTime?
+  image             String?
+  password          String?
+  role              Role           @default(USER)
+  stripeCustomerId  String?        @unique
+  subscription      Subscription?
+  apiKeys           ApiKey[]
+  createdAt         DateTime       @default(now())
+  updatedAt         DateTime       @updatedAt
+  
+  accounts          Account[]
+  sessions          Session[]
+}
+
+model Account {
+  userId            String
+  type              String
+  provider          String
+  providerAccountId String
+  refresh_token     String?
+  access_token      String?
+  expires_at        Int?
+  token_type        String?
+  scope             String?
+  id_token          String?
+  session_state     String?
+  
+  user              User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+  
+  @@id([provider, providerAccountId])
+}
+
+model Session {
+  sessionToken String   @unique
+  userId       String
+  expires      DateTime
+  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+}
+
+model VerificationToken {
+  identifier String
+  token      String   @unique
+  expires    DateTime
+  
+  @@unique([identifier, token])
+}
+
+// ==========================================
+// Subscription & Payments Models
+// ==========================================
+
+model Subscription {
+  id                   String              @id @default(cuid())
+  userId               String              @unique
+  user                 User                @relation(fields: [userId], references: [id], onDelete: Cascade)
+  stripeSubscriptionId String              @unique
+  stripePriceId        String
+  status               SubscriptionStatus
+  currentPeriodStart   DateTime
+  currentPeriodEnd     DateTime
+  cancelAtPeriodEnd    Boolean             @default(false)
+  createdAt            DateTime            @default(now())
+  updatedAt            DateTime            @updatedAt
+}
+
+model Payment {
+  id               String   @id @default(cuid())
+  userId           String
+  stripePaymentId  String   @unique
+  amount           Int      // Amount in cents
+  currency         String   @default("usd")
+  status           String
+  createdAt        DateTime @default(now())
+}
+
+model StripeEvent {
+  id          String   @id
+  type        String
+  processed   Boolean  @default(false)
+  createdAt   DateTime @default(now())
+}
+
+// ==========================================
+// API Key Model
+// ==========================================
+
+model ApiKey {
+  id          String    @id @default(cuid())
+  userId      String
+  user        User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+  key         String    @unique  // Hashed key
+  keyPrefix   String              // First 8 chars for display (sk_live_abc1...)
+  name        String
+  lastUsedAt  DateTime?
+  createdAt   DateTime  @default(now())
+  expiresAt   DateTime?
+}
+
+// ==========================================
+// Enums
+// ==========================================
+
+enum Role {
+  USER
+  ADMIN
+}
+
+enum SubscriptionStatus {
+  ACTIVE
+  CANCELED
+  PAST_DUE
+  TRIALING
+  INCOMPLETE
+}
+`;
+
+    await writeFile(path.join(projectPath, 'prisma/schema.prisma'), schema);
+
+    // Generate seed script
+    const seed = `import { PrismaClient } from '@prisma/client';
+import bcrypt from 'bcryptjs';
+
+const prisma = new PrismaClient();
+
+async function main() {
+  console.log('🌱 Seeding database...');
+  
+  // Create admin user
+  const adminPassword = await bcrypt.hash('admin123', 12);
+  const admin = await prisma.user.upsert({
+    where: { email: 'admin@example.com' },
+    update: {},
+    create: {
+      email: 'admin@example.com',
+      name: 'Admin User',
+      password: adminPassword,
+      role: 'ADMIN',
+      emailVerified: new Date(),
+    },
+  });
+  console.log('✓ Created admin user:', admin.email);
+
+  // Create test user with subscription
+  const userPassword = await bcrypt.hash('user123', 12);
+  const user = await prisma.user.upsert({
+    where: { email: 'user@example.com' },
+    update: {},
+    create: {
+      email: 'user@example.com',
+      name: 'Test User',
+      password: userPassword,
+      role: 'USER',
+      emailVerified: new Date(),
+      stripeCustomerId: 'cus_test123',
+      subscription: {
+        create: {
+          stripeSubscriptionId: 'sub_test123',
+          stripePriceId: 'price_pro',
+          status: 'ACTIVE',
+          currentPeriodStart: new Date(),
+          currentPeriodEnd: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000), // 30 days
+        },
+      },
+    },
+  });
+  console.log('✓ Created test user with subscription:', user.email);
+
+  // Create free user
+  const freePassword = await bcrypt.hash('free123', 12);
+  const freeUser = await prisma.user.upsert({
+    where: { email: 'free@example.com' },
+    update: {},
+    create: {
+      email: 'free@example.com',
+      name: 'Free User',
+      password: freePassword,
+      role: 'USER',
+      emailVerified: new Date(),
+    },
+  });
+  console.log('✓ Created free user:', freeUser.email);
+
+  console.log('\\n✅ Seeding complete!');
+  console.log('\\n📝 Test credentials:');
+  console.log('   Admin: admin@example.com / admin123');
+  console.log('   Pro User: user@example.com / user123');
+  console.log('   Free User: free@example.com / free123');
+}
+
+main()
+  .catch((e) => {
+    console.error(e);
+    process.exit(1);
+  })
+  .finally(async () => {
+    await prisma.$disconnect();
+  });
+`;
+
+    await writeFile(path.join(projectPath, 'prisma/seed.ts'), seed);
+}