create-stackflow 1.0.5 → 1.0.8

package/README.md

@@ -65,7 +65,7 @@ Features:
 - React Router DOM
 - Zustand / Redux Toolkit / Context API
 - React Hook Form
-- Zod / Yup validation
+- Zod / Yup validation (Joi is backend-only)
 - Axios API layer
 - TanStack Query
 - Protected routes
@@ -141,14 +141,12 @@ StackFlow automatically generates:
 my-app/
 │
 ├── frontend/
+│   └── package.json
 │
 ├── backend/
+│   └── package.json
 │
-├── package.json
-│
-├── .gitignore
-│
-└── README.md
+└── node_modules/   (hoisted at project root after install)
 ```
 
 ---

package/cli.js

@@ -8,7 +8,7 @@ const program = new Command();
 program
   .name("create-stackflow")
   .description("Generate a production-minded MERN starter with frontend, backend, auth, CRUD, and dashboard UI.")
-  .version("1.0.5")
+  .version("1.0.8")
   .argument("[project-name]", "project folder name")
   .option("--skip-install", "generate files without installing dependencies")
   .option("--yes", "use recommended defaults")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-stackflow",
-  "version": "1.0.5",
+  "version": "1.0.8",
   "description": "Interactive CLI for generating modern full-stack MERN applications.",
   "type": "module",
   "bin": {

package/src/commands/create.js

@@ -10,6 +10,7 @@ import { createRootFiles } from "../generators/root.js";
 import { createBackend } from "../generators/backend.js";
 import { createFrontend } from "../generators/frontend.js";
 import { formatName } from "../utils/names.js";
+import { installHoistedWorkspace } from "../utils/install.js";
 
 export async function createStackFlow(options) {
   printBanner();
@@ -46,13 +47,13 @@ export async function createStackFlow(options) {
 
   await fs.ensureDir(projectDir);
 
-  await step("Creating root workspace", () => createRootFiles(context));
   await createFrontend(context);
   await createBackend(context);
+  await step("Writing project gitignore files", () => createRootFiles(context));
 
   if (!context.skipInstall) {
-    await step("Installing root workspace dependencies", () =>
-      execa("npm", ["install"], { cwd: projectDir, stdio: "ignore" }),
+    await step("Installing dependencies (root node_modules)", () =>
+      installHoistedWorkspace(context),
     );
   }
 
@@ -61,7 +62,7 @@ export async function createStackFlow(options) {
   if (context.runProject) {
     console.log(chalk.cyan("\n🚀 Starting the project..."));
     try {
-      await execa("npm", ["run", "dev"], { cwd: projectDir, stdio: "inherit" });
+      await execa("npm", ["run", "dev"], { cwd: context.frontendDir, stdio: "inherit" });
     } catch (error) {
       console.error(chalk.red("\nFailed to start the project."));
       console.error(chalk.dim(error.message));
@@ -77,6 +78,7 @@ function recommendedDefaults(projectName) {
     frontend: "react",
     language: "typescript",
     backendLanguage: "javascript",
+    backendModule: "esm",
     styling: "tailwind",
     tailwind: true,
     uiLibrary: "shadcn",
@@ -103,17 +105,16 @@ function recommendedDefaults(projectName) {
     orm: "Mongoose",
     authStrategy: "JWT",
     passwordHashing: "bcryptjs",
-    fileUpload: "Multer",
+    fileUpload: "None",
     backendValidation: "None",
     securityPackages: ["helmet", "cors", "express-rate-limit", "hpp"],
-    cookieParser: true,
     logging: "Morgan",
-    swagger: true,
+    swagger: false,
     socketio: false,
     winston: false,
     morgan: true,
     cloudinary: false,
-    multer: true,
+    multer: false,
     helmet: true,
     cors: true,
     rateLimit: true,
@@ -163,7 +164,7 @@ function printSuccess(context) {
   console.log(chalk.green.bold("StackFlow app created successfully."));
   console.log();
   console.log(chalk.white("Next steps:"));
-  console.log(chalk.cyan(`  cd ${context.projectName}`));
+  console.log(chalk.cyan(`  cd ${context.projectName}/${frontend}`));
   console.log(chalk.cyan("  npm run dev"));
   console.log();
   console.log(chalk.dim(`Frontend: ${frontend}`));

package/src/generators/backend.js

@@ -1,8 +1,12 @@
 import path from "node:path";
 import fs from "fs-extra";
 import ora from "ora";
-import { execa } from "execa";
 import { ext, writeTemplate } from "../utils/template.js";
+import {
+  chatBackendFiles,
+  chatServerSocketBlock,
+  patchMainRouteForChat,
+} from "./chat.js";
 
 export async function createBackend(context) {
   const spinner = ora("Generating backend API").start();
@@ -15,26 +19,16 @@ export async function createBackend(context) {
     throw error;
   }
 
-  if (!context.skipInstall) {
-    const install = ora("Installing backend dependencies").start();
-    try {
-      await execa("npm", ["install"], { cwd: context.backendDir, stdio: "ignore" });
-      install.succeed("Installing backend dependencies");
-    } catch (error) {
-      install.fail("Installing backend dependencies");
-      throw error;
-    }
-  }
 }
 
 async function writeBackendFiles(context) {
   const backendContext = { ...context, language: context.backendLanguage || context.language };
   const e = ext(backendContext);
   const isTs = backendContext.language === "typescript";
+  const esm = isTs || context.backendModule !== "cjs";
   const clientUrl = context.frontend === "next" ? "http://localhost:3000" : "http://localhost:5173";
   const deps = {
     bcryptjs: "latest",
-    "cookie-parser": context.cookieParser === false ? undefined : "latest",
     cors: context.cors === false ? undefined : "latest",
     dotenv: "latest",
     express: "latest",
@@ -54,7 +48,6 @@ async function writeBackendFiles(context) {
   const devDeps = isTs
     ? {
         "@types/bcryptjs": "latest",
-        "@types/cookie-parser": "latest",
         "@types/cors": "latest",
         "@types/express": "latest",
         "@types/jsonwebtoken": "latest",
@@ -70,7 +63,7 @@ async function writeBackendFiles(context) {
   await writeTemplate(path.join(context.backendDir, "package.json"), JSON.stringify({
     name: path.basename(context.backendDir),
     version: "1.0.0",
-    type: "module",
+    ...(esm ? { type: "module" } : {}),
     private: true,
     scripts: {
       dev: isTs ? "tsx watch src/server.ts" : "nodemon src/server.js",
@@ -85,8 +78,8 @@ async function writeBackendFiles(context) {
     await writeTemplate(path.join(context.backendDir, "tsconfig.json"), `{
   "compilerOptions": {
     "target": "ES2022",
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
+    "module": "${context.backendModule === "cjs" ? "CommonJS" : "NodeNext"}",
+    "moduleResolution": "${context.backendModule === "cjs" ? "Node" : "NodeNext"}",
     "strict": false,
     "noImplicitAny": false,
     "noCheck": true,
@@ -106,7 +99,6 @@ CLIENT_URL={{clientUrl}}
 MONGODB_URI=mongodb://127.0.0.1:27017/{{databaseName}}
 JWT_SECRET=change_this_super_secret_value
 JWT_EXPIRES_IN=7d
-COOKIE_NAME=stackflow_token
 {{cloudinaryEnv}}
 `, { ...context, clientUrl, cloudinaryEnv: context.cloudinary ? "CLOUDINARY_CLOUD_NAME=\nCLOUDINARY_API_KEY=\nCLOUDINARY_API_SECRET=" : "" });
 
@@ -116,19 +108,16 @@ COOKIE_NAME=stackflow_token
     "src/middleware",
     "src/models",
     "src/routes",
-    "src/services",
     "src/utils",
-    "src/validations"
   ];
   if (context.multer) dirs.push("uploads");
   await Promise.all(dirs.map((dir) => fs.ensureDir(path.join(context.backendDir, dir))));
   if (context.multer) await fs.outputFile(path.join(context.backendDir, "uploads", ".gitkeep"), "");
 
-  const files = backendTemplates({ ...context, language: backendContext.language, clientUrl }, e);
-  
-  // Filter out unused configuration files
+  const files = backendTemplates({ ...context, language: backendContext.language, clientUrl, esm }, e);
+
   if (!context.cloudinary) delete files[`src/config/cloudinary.${e}`];
-  if (!context.multer) delete files[`src/services/uploadService.${e}`];
+  if (!context.multer) delete files[`src/middleware/uploadMiddleware.${e}`];
   if (!context.winston) delete files[`src/utils/logger.${e}`];
   if (!context.swagger) delete files[`src/config/swagger.${e}`];
 
@@ -143,58 +132,62 @@ function compact(object) {
 
 function backendTemplates(context, e) {
   const isTs = context.language === "typescript";
+  const esm = context.esm !== false;
+  const rel = (p) => (esm ? `${p}.js` : p);
+  const im = (binding, from, relative = false) => {
+    const src = relative ? rel(from) : from;
+    return esm
+      ? `import ${binding} from "${src}";`
+      : `const ${binding} = require("${src}");`;
+  };
+  const imDefault = (binding, from, relative = false) => im(binding, from, relative);
+  const imn = (names, from, relative = false) => {
+    const src = relative ? rel(from) : from;
+    return esm
+      ? `import { ${names} } from "${src}";`
+      : `const { ${names} } = require("${src}");`;
+  };
   const type = (name) => isTs ? `: ${name}` : "";
   const reqRes = isTs ? "import type { Request, Response, NextFunction } from \"express\";\n" : "";
   const imports = {
-    logger: context.winston ? "import { logger } from \"./utils/logger.js\";" : "",
-    morgan: context.morgan ? "import morgan from \"morgan\";" : "",
-    swagger: context.swagger ? "import { setupSwagger } from \"./config/swagger.js\";" : "",
-    socket: context.socketio ? "import { Server } from \"socket.io\";" : ""
+    logger: context.winston ? (esm ? imn("logger", "./utils/logger", true) : imn("logger", "./utils/logger", true)) : "",
+    morgan: context.morgan ? im("morgan", "morgan") : "",
+    swagger: context.swagger ? (esm ? imn("setupSwagger", "./config/swagger", true) : imn("setupSwagger", "./config/swagger", true)) : "",
+    socket: context.socketio ? imn("Server", "socket.io") : "",
   };
 
-  return {
-    [`src/server.${e}`]: `import http from "node:http";
-import app from "./app.js";
-import { connectDB } from "./config/db.js";
+  const templates = {
+    [`src/server.${e}`]: `${im("http", "node:http")}
+${imDefault("app", "./app", true)}
+${imn("connectDB", "./config/db", true)}
 ${imports.socket}
 ${imports.logger}
 
 const PORT = Number(process.env.PORT) || 5000;
 
-async function bootstrap() {
+async function startServer() {
   await connectDB();
   const server = http.createServer(app);
-${context.socketio ? `
-  const io = new Server(server, {
-    cors: {
-      origin: process.env.CLIENT_URL || "${context.clientUrl}",
-      credentials: true
-    }
-  });
-
-  io.on("connection", (socket) => {
-    socket.emit("connected", { message: "Socket.IO connected" });
-  });
-` : ""}
+${chatServerSocketBlock(context, context.clientUrl, { imn })}
   server.listen(PORT, () => {
     ${context.winston ? "logger.info(`API running on http://localhost:${PORT}`);" : "console.log(`API running on http://localhost:${PORT}`);"}
   });
 }
 
-bootstrap().catch((error) => {
+startServer().catch((error) => {
   ${context.winston ? "logger.error(error);" : "console.error(error);"}
   process.exit(1);
 });
 `,
     [`src/app.${e}`]: `import "dotenv/config";
 import express from "express";
-${context.cookieParser === false ? "" : "import cookieParser from \"cookie-parser\";"}
 ${context.cors === false ? "" : "import cors from \"cors\";"}
 ${context.helmet === false ? "" : "import helmet from \"helmet\";"}
 ${context.rateLimit === false ? "" : "import rateLimit from \"express-rate-limit\";"}
 ${context.hpp ? "import hpp from \"hpp\";" : ""}
 ${imports.morgan}
 ${imports.swagger}
+${context.multer ? "import { uploadsStatic } from \"./middleware/uploadMiddleware.js\";" : ""}
 import apiRoutes from "./routes/mainRoute.js";
 import { errorHandler } from "./middleware/errorMiddleware.js";
 import { notFound } from "./middleware/notFoundMiddleware.js";
@@ -208,17 +201,12 @@ ${context.cors === false ? "" : `app.use(cors({
   credentials: true
 }));`}
 ${context.rateLimit === false ? "" : "app.use(rateLimit({ windowMs: 15 * 60 * 1000, limit: 300 }));"}
-app.use("/uploads", express.static("uploads"));
+${context.multer ? 'app.use("/uploads", uploadsStatic);' : ""}
 app.use(express.json({ limit: "1mb" }));
 app.use(express.urlencoded({ extended: true }));
-${context.cookieParser === false ? "" : "app.use(cookieParser());"}
 ${context.morgan ? "app.use(morgan(\"dev\"));" : ""}
 ${context.swagger ? "setupSwagger(app);" : ""}
 
-app.get("/api/health", (_req, res) => {
-  res.json({ status: "ok", service: "stackflow-api" });
-});
-
 app.use("/api", apiRoutes);
 app.use(notFound);
 app.use(errorHandler);
@@ -274,37 +262,30 @@ export function signToken(userId) {
     expiresIn: process.env.JWT_EXPIRES_IN || "7d"
   });
 }
-
-export function setAuthCookie(res, token) {
-  res.cookie(process.env.COOKIE_NAME || "stackflow_token", token, {
-    httpOnly: true,
-    sameSite: "lax",
-    secure: process.env.NODE_ENV === "production",
-    maxAge: 7 * 24 * 60 * 60 * 1000
-  });
-}
 `,
     [`src/middleware/authMiddleware.${e}`]: `${reqRes}import jwt from "jsonwebtoken";
 import { User } from "../models/userModel.js";
 
 export async function protect(req${type("Request & { user?: unknown }")}, res${type("Response")}, next${type("NextFunction")}) {
   try {
-    const cookieToken = req.cookies?.[process.env.COOKIE_NAME || "stackflow_token"];
-    const headerToken = req.headers.authorization?.startsWith("Bearer ")
+    const token = req.headers.authorization?.startsWith("Bearer ")
       ? req.headers.authorization.split(" ")[1]
       : undefined;
-    const token = cookieToken || headerToken;
-    if (!token) return res.status(401).json({ message: "Authentication required" });
+    if (!token) {
+      return res.status(401).json({ success: false, message: "Authentication required" });
+    }
 
     const decoded = jwt.verify(token, process.env.JWT_SECRET || "dev_secret");
     const userId = typeof decoded === "object" && "userId" in decoded ? decoded.userId : null;
     const user = await User.findById(userId).select("-password");
-    if (!user) return res.status(401).json({ message: "Invalid authentication" });
+    if (!user) {
+      return res.status(401).json({ success: false, message: "Invalid authentication" });
+    }
 
     req.user = user;
     next();
   } catch {
-    res.status(401).json({ message: "Invalid or expired token" });
+    res.status(401).json({ success: false, message: "Invalid or expired token" });
   }
 }
 `,
@@ -321,49 +302,75 @@ export async function protect(req${type("Request & { user?: unknown }")}, res${t
 }
 `,
     [`src/controllers/authController.${e}`]: `import { User } from "../models/userModel.js";
-import { signToken, setAuthCookie } from "../utils/jwt.js";
+import { signToken } from "../utils/jwt.js";
 
 function publicUser(user) {
   return { id: user._id, name: user.name, email: user.email };
 }
 
-export async function register(req, res, next) {
-  try {
-    const { name, email, password } = req.body;
-    const existing = await User.findOne({ email });
-    if (existing) return res.status(409).json({ message: "Email already registered" });
-    const user = await User.create({ name, email, password });
-    const token = signToken(user._id);
-    setAuthCookie(res, token);
-    res.status(201).json({ user: publicUser(user), token });
-  } catch (error) {
-    next(error);
-  }
-}
+const authController = {
+  // Register
+  register: async (req, res) => {
+    try {
+      const { name, email, password } = req.body;
+      const existing = await User.findOne({ email });
+      if (existing) {
+        return res.status(409).json({ success: false, message: "Email already registered" });
+      }
+      const user = await User.create({ name, email, password });
+      const token = signToken(user._id);
+      res.status(201).json({
+        success: true,
+        message: "Account created successfully",
+        data: { user: publicUser(user), token }
+      });
+    } catch (error) {
+      res.status(500).json({ success: false, message: error.message });
+    }
+  },
 
-export async function login(req, res, next) {
-  try {
-    const { email, password } = req.body;
-    const user = await User.findOne({ email });
-    if (!user || !(await user.comparePassword(password))) {
-      return res.status(401).json({ message: "Invalid email or password" });
+  // Login
+  login: async (req, res) => {
+    try {
+      const { email, password } = req.body;
+      const user = await User.findOne({ email });
+      if (!user || !(await user.comparePassword(password))) {
+        return res.status(401).json({ success: false, message: "Invalid email or password" });
+      }
+      const token = signToken(user._id);
+      res.status(200).json({
+        success: true,
+        message: "Logged in successfully",
+        data: { user: publicUser(user), token }
+      });
+    } catch (error) {
+      res.status(500).json({ success: false, message: error.message });
     }
-    const token = signToken(user._id);
-    setAuthCookie(res, token);
-    res.json({ user: publicUser(user), token });
-  } catch (error) {
-    next(error);
-  }
-}
+  },
 
-export async function me(req, res) {
-  res.json({ user: publicUser(req.user) });
-}
+  // Current user
+  me: async (req, res) => {
+    try {
+      res.status(200).json({
+        success: true,
+        message: "Profile fetched successfully",
+        data: { user: publicUser(req.user) }
+      });
+    } catch (error) {
+      res.status(500).json({ success: false, message: error.message });
+    }
+  },
 
-export async function logout(_req, res) {
-  res.clearCookie(process.env.COOKIE_NAME || "stackflow_token");
-  res.json({ message: "Logged out" });
-}
+  // Logout (client clears token)
+  logout: async (_req, res) => {
+    res.status(200).json({
+      success: true,
+      message: "Logged out successfully"
+    });
+  }
+};
+
+export default authController;
 `,
     [`src/controllers/todoController.${e}`]: `import { Todo } from "../models/todoModel.js";
 
@@ -450,15 +457,15 @@ const todoController = {
 export default todoController;
 `,
     [`src/routes/authRoute.${e}`]: `import { Router } from "express";
-import { login, logout, me, register } from "../controllers/authController.js";
+import authController from "../controllers/authController.js";
 import { protect } from "../middleware/authMiddleware.js";
 
 const router = Router();
 
-router.post("/register", register);
-router.post("/login", login);
-router.get("/me", protect, me);
-router.post("/logout", logout);
+router.post("/register", authController.register);
+router.post("/login", authController.login);
+router.get("/me", protect, authController.me);
+router.post("/logout", protect, authController.logout);
 
 export default router;
 `,
@@ -476,7 +483,7 @@ export default router;
     [`src/routes/todoRoute.${e}`]: `import { Router } from "express";
 import todoController from "../controllers/todoController.js";
 import { protect } from "../middleware/authMiddleware.js";
-${context.multer ? "import { upload } from \"../services/uploadService.js\";" : ""}
+${context.multer ? "import { upload } from \"../middleware/uploadMiddleware.js\";" : ""}
 
 const router = Router();
 
@@ -489,34 +496,35 @@ router.delete("/:id", todoController.deleteTodo);
 
 export default router;
 `,
-    [`src/services/uploadService.${e}`]: context.multer ? `import multer from "multer";
-
-const storage = multer.diskStorage({
+    [`src/middleware/uploadMiddleware.${e}`]: context.multer
+      ? `${im("multer", "multer")}
+${im("express", "express")}
+${esm ? "" : "const { diskStorage } = multer;\n"}
+const storage = ${esm ? "multer.diskStorage" : "diskStorage"}({
   destination: "uploads/",
   filename: (_req, file, callback) => {
     callback(null, \`\${Date.now()}-\${file.originalname}\`);
   }
 });
 
-export const upload = multer({ storage });
-` : `export {};
-`,
-    [`src/validations/authValidation.${e}`]: `export const authValidation = {
-  register: ["name", "email", "password"],
-  login: ["email", "password"]
-};
-`,
-    [`src/utils/logger.${e}`]: context.winston ? `import winston from "winston";
+${esm ? "export const upload = multer({ storage });" : "const upload = multer({ storage });\n"}
+${esm ? "export const uploadsStatic = express.static(\"uploads\");" : "const uploadsStatic = express.static(\"uploads\");\n"}
+${esm ? "" : "module.exports = { upload, uploadsStatic };"}
+`
+      : undefined,
+    [`src/utils/logger.${e}`]: context.winston
+      ? `${im("winston", "winston")}
 
-export const logger = winston.createLogger({
+const logger = winston.createLogger({
   level: "info",
   format: winston.format.combine(winston.format.timestamp(), winston.format.json()),
   transports: [new winston.transports.Console()]
 });
-` : `export const logger = console;
-`,
-    [`src/config/swagger.${e}`]: context.swagger ? `import swaggerJSDoc from "swagger-jsdoc";
-import swaggerUi from "swagger-ui-express";
+${esm ? "export { logger };" : "module.exports = { logger };"}
+`
+      : undefined,
+    [`src/config/swagger.${e}`]: context.swagger ? `${im("swaggerJSDoc", "swagger-jsdoc")}
+${im("swaggerUi", "swagger-ui-express")}
 
 export function setupSwagger(app) {
   const spec = swaggerJSDoc({
@@ -529,9 +537,11 @@ export function setupSwagger(app) {
 
   app.use("/api/docs", swaggerUi.serve, swaggerUi.setup(spec));
 }
-` : `export function setupSwagger() {}
-`,
-    [`src/config/cloudinary.${e}`]: context.cloudinary ? `import { v2 as cloudinary } from "cloudinary";
+${esm ? "" : "\nmodule.exports = { setupSwagger };"}
+`
+      : undefined,
+    [`src/config/cloudinary.${e}`]: context.cloudinary
+      ? `${esm ? 'import { v2 as cloudinary } from "cloudinary";' : 'const { v2: cloudinary } = require("cloudinary");'}
 
 cloudinary.config({
   cloud_name: process.env.CLOUDINARY_CLOUD_NAME,
@@ -539,8 +549,25 @@ cloudinary.config({
   api_secret: process.env.CLOUDINARY_API_SECRET
 });
 
-export { cloudinary };
-` : `export {};
+${esm ? "export { cloudinary };" : "module.exports = { cloudinary };"}
 `
+      : undefined,
+  };
+
+  const merged = {
+    ...templates,
+    ...chatBackendFiles(context, e, { im, imn, esm }),
   };
+
+  if (merged[`src/routes/mainRoute.${e}`]) {
+    merged[`src/routes/mainRoute.${e}`] = patchMainRouteForChat(
+      merged[`src/routes/mainRoute.${e}`],
+      context,
+      e,
+    );
+  }
+
+  return Object.fromEntries(
+    Object.entries(merged).filter(([, value]) => value !== undefined),
+  );
 }