create-stackr 0.2.0

package/templates/shared/scripts/setup.sh.ejs

@@ -0,0 +1,979 @@
+#!/bin/bash
+
+# Full-Stack Auth Boilerplate Setup Script
+# This script sets up the development environment
+
+set -e  # Exit on any error
+
+echo "🚀 Setting up Full-Stack Auth Boilerplate..."
+echo "================================================"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Function to print colored output
+print_status() {
+    echo -e "${GREEN}✓${NC} $1"
+}
+
+print_info() {
+    echo -e "${BLUE}ℹ${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}⚠${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}✗${NC} $1"
+}
+
+# =============================================================================
+# Configuration Functions
+# =============================================================================
+
+# Generate secure random password
+generate_password() {
+    local length=${1:-16}
+    # Use openssl for secure random password generation
+    if command -v openssl &> /dev/null; then
+        openssl rand -base64 32 | tr -d "=+/" | cut -c1-${length}
+    else
+        # Fallback to /dev/urandom if openssl is not available
+        LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c${length}
+    fi
+}
+
+# Generate JWT secret (longer and more secure)
+generate_jwt_secret() {
+    if command -v openssl &> /dev/null; then
+        openssl rand -hex 32
+    else
+        LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64
+    fi
+}
+
+# Prompt for input with default value
+prompt_with_default() {
+    local prompt="$1"
+    local default="$2"
+    local secure="$3"  # If set to "secure", hide input
+    local user_input
+
+    if [ "$secure" = "secure" ]; then
+        printf "${BLUE}${prompt}${NC} [${YELLOW}${default}${NC}]: "
+        read -s user_input
+        echo  # Add newline since -s doesn't echo one
+    else
+        printf "${BLUE}${prompt}${NC} [${YELLOW}${default}${NC}]: "
+        read user_input
+    fi
+
+    # Return default if input is empty
+    echo "${user_input:-$default}"
+}
+
+# Validate password strength (basic check)
+validate_password() {
+    local password="$1"
+    local min_length=8
+
+    if [ ${#password} -lt ${min_length} ]; then
+        print_warning "Password should be at least ${min_length} characters long"
+        return 1
+    fi
+
+    return 0
+}
+
+# Display configuration summary
+display_config_summary() {
+    echo ""
+    echo "📋 Configuration Summary:"
+    echo "=========================="
+    echo "Database User:     $DB_CONFIG_USER"
+    echo "Database Name:     $DB_CONFIG_NAME"
+<% if (backend.eventQueue) { %>
+    echo "Redis Password:    $REDIS_CONFIG_PASSWORD"
+<% } %>
+    echo "JWT Secret:        [Hidden - 64 characters]"
+    echo ""
+}
+
+# Collect all configuration from user
+collect_configuration() {
+    print_info "Let's configure your credentials securely..."
+    echo ""
+
+    # Generate secure defaults
+    local default_db_password=$(generate_password 12)
+<% if (backend.eventQueue) { %>
+    local default_redis_password=$(generate_password 16)
+<% } %>
+    local default_jwt_secret=$(generate_jwt_secret)
+<% if (features.authentication.enabled) { %>
+    local default_auth_secret=$(generate_jwt_secret)
+<% } %>
+
+    # Database configuration
+    echo "🗄️  Database Configuration:"
+    DB_CONFIG_USER=$(prompt_with_default "Database username" "postgres")
+    DB_CONFIG_PASSWORD=$(prompt_with_default "Database password" "$default_db_password" "secure")
+    DB_CONFIG_NAME=$(prompt_with_default "Database name" "auth_boilerplate")
+
+    # Validate database password
+    while ! validate_password "$DB_CONFIG_PASSWORD"; do
+        DB_CONFIG_PASSWORD=$(prompt_with_default "Please enter a stronger database password" "$default_db_password" "secure")
+    done
+
+<% if (backend.eventQueue) { %>
+    echo ""
+    echo "🔄 Redis Configuration:"
+    REDIS_CONFIG_PASSWORD=$(prompt_with_default "Redis password" "$default_redis_password" "secure")
+
+    # Validate Redis password
+    while ! validate_password "$REDIS_CONFIG_PASSWORD"; do
+        REDIS_CONFIG_PASSWORD=$(prompt_with_default "Please enter a stronger Redis password" "$default_redis_password" "secure")
+    done
+
+<% } %>
+    echo ""
+    echo "🔐 Security Configuration:"
+    JWT_CONFIG_SECRET=$(prompt_with_default "JWT secret (leave empty for secure auto-generated)" "$default_jwt_secret")
+<% if (features.authentication.enabled) { %>
+    AUTH_CONFIG_SECRET=$(prompt_with_default "BetterAuth secret (leave empty for secure auto-generated)" "$default_auth_secret")
+<% } %>
+
+    # Global variables for use in other functions
+<% if (backend.eventQueue && features.authentication.enabled) { %>
+    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME REDIS_CONFIG_PASSWORD JWT_CONFIG_SECRET AUTH_CONFIG_SECRET
+<% } else if (backend.eventQueue) { %>
+    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME REDIS_CONFIG_PASSWORD JWT_CONFIG_SECRET
+<% } else if (features.authentication.enabled) { %>
+    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME JWT_CONFIG_SECRET AUTH_CONFIG_SECRET
+<% } else { %>
+    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME JWT_CONFIG_SECRET
+<% } %>
+
+    display_config_summary
+
+    # Confirm configuration
+    echo ""
+    read -p "Proceed with this configuration? (y/n): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        print_info "Configuration cancelled. Re-run the script to try again."
+        exit 0
+    fi
+}
+
+# Get the project directory name for volume prefix
+get_project_name() {
+    basename "$(pwd)"
+}
+
+# Check if Docker volumes exist for this project
+has_existing_volumes() {
+    local project_name=$(get_project_name)
+    local dev_volume="${project_name}_postgres_data"
+    local prod_volume="${project_name}_postgres_prod_data"
+
+    # Check if docker is running
+    if ! docker info > /dev/null 2>&1; then
+        return 1
+    fi
+
+    # Check if any volumes exist
+    if docker volume ls --format "{{.Name}}" 2>/dev/null | grep -q "^${dev_volume}$" || \
+       docker volume ls --format "{{.Name}}" 2>/dev/null | grep -q "^${prod_volume}$"; then
+        return 0
+    fi
+
+    return 1
+}
+
+# List existing volumes for this project
+list_existing_volumes() {
+    local project_name=$(get_project_name)
+    docker volume ls --format "{{.Name}}" 2>/dev/null | grep "^${project_name}_" || echo "None"
+}
+
+# Remove all Docker volumes for this project
+remove_project_volumes() {
+    local project_name=$(get_project_name)
+
+    print_warning "This will DELETE all Docker volumes and their data!"
+    echo ""
+    print_info "Volumes to be removed:"
+    list_existing_volumes | sed 's/^/    /'
+    echo ""
+
+    read -p "Are you absolutely sure? Type 'DELETE' to confirm: " -r
+    echo
+
+    if [ "$REPLY" = "DELETE" ]; then
+        print_info "Stopping any running containers..."
+        docker-compose down 2>/dev/null || true
+        docker-compose -f docker-compose.prod.yml down 2>/dev/null || true
+
+        print_info "Removing volumes..."
+        docker volume ls --format "{{.Name}}" 2>/dev/null | grep "^${project_name}_" | while read volume; do
+            docker volume rm "$volume" 2>/dev/null && print_status "Removed: $volume" || print_warning "Could not remove: $volume"
+        done
+
+        print_status "Volume cleanup complete"
+        return 0
+    else
+        print_info "Volume removal cancelled"
+        return 1
+    fi
+}
+
+# Check if existing configuration is present (env files OR volumes)
+has_existing_configuration() {
+    local has_env_files=false
+    local has_volumes=false
+
+    # Check if both env files exist
+    if [ -f "backend/.env" ] && [ -f ".env" ]; then
+        # Check if backend/.env contains configured DATABASE_URL (not placeholder)
+        if ! grep -q "postgresql://username:password@" backend/.env 2>/dev/null; then
+            # Check if root .env contains configured credentials (not empty values)
+            if grep -q "DB_USER=" .env 2>/dev/null && grep -q "DB_PASSWORD=" .env 2>/dev/null; then
+                has_env_files=true
+            fi
+        fi
+    fi
+
+    # Check if Docker volumes exist
+    if has_existing_volumes; then
+        has_volumes=true
+    fi
+
+    # Return true if either exists
+    if [ "$has_env_files" = true ] || [ "$has_volumes" = true ]; then
+        return 0
+    fi
+
+    return 1
+}
+
+# Load existing credentials from .env files
+load_existing_credentials() {
+    if [ ! -f ".env" ]; then
+        print_error "Root .env file not found. Cannot load existing configuration."
+        return 1
+    fi
+
+    # Source the root .env file to get variables
+    set -a  # Export all variables
+    source .env 2>/dev/null || {
+        print_error "Failed to load existing configuration from .env file."
+        return 1
+    }
+    set +a  # Stop auto-exporting
+
+    # Map to our expected variable names
+    DB_CONFIG_USER="${DB_USER:-postgres}"
+    DB_CONFIG_PASSWORD="${DB_PASSWORD}"
+    DB_CONFIG_NAME="${DB_NAME:-auth_boilerplate}"
+<% if (backend.eventQueue) { %>
+    REDIS_CONFIG_PASSWORD="${REDIS_PASSWORD}"
+<% } %>
+    JWT_CONFIG_SECRET="${JWT_SECRET}"
+
+    # Export for use in other functions
+<% if (backend.eventQueue) { %>
+    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME REDIS_CONFIG_PASSWORD JWT_CONFIG_SECRET
+<% } else { %>
+    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME JWT_CONFIG_SECRET
+<% } %>
+
+    return 0
+}
+
+# Display existing configuration summary
+display_existing_config_summary() {
+    echo ""
+    echo "📋 Existing Configuration Found:"
+    echo "================================="
+    echo "Database User:     $DB_CONFIG_USER"
+    echo "Database Name:     $DB_CONFIG_NAME"
+    echo "Database Password: [Hidden - ${#DB_CONFIG_PASSWORD} characters]"
+<% if (backend.eventQueue) { %>
+    echo "Redis Password:    [Hidden - ${#REDIS_CONFIG_PASSWORD} characters]"
+<% } %>
+    echo "JWT Secret:        [Hidden - ${#JWT_CONFIG_SECRET} characters]"
+    echo ""
+}
+
+# Detect if credentials in .env match what would be in volumes
+# Returns 0 if mismatch detected, 1 if they match or can't determine
+detect_credential_mismatch() {
+    # If no volumes exist, no mismatch possible
+    if ! has_existing_volumes; then
+        return 1
+    fi
+
+    # If no .env files exist, we can't check for mismatch
+    if [ ! -f ".env" ]; then
+        print_warning "Docker volumes exist but no .env file found"
+        print_warning "This suggests volumes may contain different credentials"
+        return 0
+    fi
+
+    # Try to test database connection with current credentials
+    # This is a simple heuristic - if DB is running and connection fails,
+    # credentials likely don't match
+    if docker ps --format "{{.Names}}" 2>/dev/null | grep -q "database"; then
+        print_info "Testing database connection with current credentials..."
+        source .env 2>/dev/null
+
+        # Try to connect - if it fails, credentials don't match
+        if ! docker-compose exec -T database psql -U "${DB_USER}" -d "${DB_NAME}" -c "SELECT 1" > /dev/null 2>&1; then
+            return 0  # Mismatch detected
+        fi
+    fi
+
+    return 1  # No mismatch or can't determine
+}
+
+# Check if Docker is installed
+check_docker() {
+    if ! command -v docker &> /dev/null; then
+        print_error "Docker is not installed. Please install Docker first."
+        print_info "Visit: https://docs.docker.com/get-docker/"
+        exit 1
+    fi
+
+    if ! command -v docker-compose &> /dev/null && ! docker compose version &> /dev/null; then
+        print_error "Docker Compose is not installed. Please install Docker Compose first."
+        print_info "Visit: https://docs.docker.com/compose/install/"
+        exit 1
+    fi
+
+    print_status "Docker and Docker Compose are installed"
+}
+
+# Check if Bun is installed (for backend and mobile development)
+check_bun() {
+    if ! command -v bun &> /dev/null; then
+        print_warning "Bun is not installed. Required for backend and mobile development."
+        print_info "Visit: https://bun.sh/"
+    else
+        BUN_VERSION=$(bun --version)
+        print_status "Bun is installed: v$BUN_VERSION"
+    fi
+}
+
+# Create environment files from configuration
+setup_env_files() {
+    # Check if we should skip file creation (when using existing config)
+    if has_existing_configuration && [ -f "backend/.env" ] && [ -f ".env" ]; then
+        # Check if user chose to skip (option 1) by seeing if files weren't modified recently
+        local skip_file_creation=false
+
+        # If both env files exist and contain non-placeholder values, ask before overwriting
+        if grep -q "postgresql://${DB_CONFIG_USER}:${DB_CONFIG_PASSWORD}@" backend/.env 2>/dev/null; then
+            skip_file_creation=true
+        fi
+
+        if [ "$skip_file_creation" = true ]; then
+            print_status "Using existing environment files (credentials match current configuration)"
+<% if (platforms.includes('web')) { %>
+            # Still check if web/.env.local needs to be created
+            if [ -d "web" ] && [ ! -f "web/.env.local" ]; then
+                print_info "Creating web/.env.local..."
+                cat > web/.env.local << EOF
+# =============================================================================
+# Web App Environment Configuration
+# =============================================================================
+
+# Public URL of the web app (used for OAuth callbacks)
+NEXT_PUBLIC_APP_URL=http://localhost:3000
+
+# Backend API URL (server-side only, used by server actions)
+BACKEND_URL=http://localhost:8080
+EOF
+                print_status "Created web/.env.local"
+            fi
+<% } %>
+            return 0
+        fi
+    fi
+
+    print_info "Setting up environment files with your configuration..."
+
+    # Build DATABASE_URL using configured values
+    local database_url="postgresql://${DB_CONFIG_USER}:${DB_CONFIG_PASSWORD}@localhost:5432/${DB_CONFIG_NAME}?schema=public"
+
+    # Backend environment file - create/overwrite with new config
+    print_info "Creating backend/.env with configured values..."
+    cat > backend/.env << EOF
+# Environment Configuration
+NODE_ENV=development
+LOG_LEVEL=debug
+
+# Server Configuration
+API_HOST=0.0.0.0
+API_PORT=8080
+
+# Database Configuration
+DATABASE_URL="${database_url}"
+
+# JWT Configuration
+JWT_SECRET=${JWT_CONFIG_SECRET}
+<% if (features.authentication.enabled) { %>
+# =============================================================================
+# BetterAuth Configuration
+# =============================================================================
+# IMPORTANT: Change this in production! Use a secure random string.
+BETTER_AUTH_SECRET=${AUTH_CONFIG_SECRET}
+BETTER_AUTH_URL=http://localhost:8080
+
+# Trusted Origins for BetterAuth (includes mobile deep link scheme)
+TRUSTED_ORIGINS=http://localhost:3000,http://localhost:8081,<%= appScheme %>://
+<% if (features.authentication.providers.google) { %>
+# =============================================================================
+# Google OAuth Configuration
+# =============================================================================
+# Get credentials at: https://console.cloud.google.com/
+GOOGLE_WEB_CLIENT_ID=YOUR_GOOGLE_WEB_CLIENT_ID
+GOOGLE_CLIENT_SECRET=YOUR_GOOGLE_CLIENT_SECRET
+<% } %>
+<% if (features.authentication.providers.apple) { %>
+# =============================================================================
+# Apple Sign In Configuration
+# =============================================================================
+# Get credentials at: https://developer.apple.com/
+APPLE_SERVICE_ID=YOUR_APPLE_SERVICE_ID
+APPLE_BUNDLE_ID=com.yourcompany.yourapp
+APPLE_CLIENT_SECRET=YOUR_APPLE_CLIENT_SECRET
+<% } %>
+<% if (features.authentication.providers.github) { %>
+# =============================================================================
+# GitHub OAuth Configuration
+# =============================================================================
+# Get credentials at: https://github.com/settings/developers
+GITHUB_CLIENT_ID=YOUR_GITHUB_CLIENT_ID
+GITHUB_CLIENT_SECRET=YOUR_GITHUB_CLIENT_SECRET
+<% } %>
+<% } %>
+# Redis Configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=${REDIS_CONFIG_PASSWORD}
+<% if (backend.eventQueue) { %>
+# BullMQ Configuration (Event Queue)
+BULLMQ_QUEUE_NAME=<%= projectName.toLowerCase().replace(/[^a-z0-9]/g, '_') %>_queue
+BULLMQ_MAX_RETRIES=3
+BULLMQ_BACKOFF_DELAY=5000
+<% } %>
+# CORS Configuration
+ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8081,https://yourdomain.com
+
+# Rate Limiting
+RATE_LIMIT_WINDOW_MS=900000
+RATE_LIMIT_MAX_REQUESTS=100
+<% if (features.authentication.emailVerification || features.authentication.passwordReset) { %>
+# =============================================================================
+# Email Configuration (Required for email verification/password reset)
+# =============================================================================
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USER=your-email@gmail.com
+SMTP_PASS=your-app-password
+EMAIL_FROM=noreply@<%= projectName.toLowerCase().replace(/[^a-z0-9]/g, '') %>.com
+<% } %>
+EOF
+    print_status "Created backend/.env with configured values"
+
+    # Root environment file for Docker - always overwrite with new config
+    print_info "Creating root .env with configured values..."
+    cat > .env << EOF
+# Database Configuration
+DB_USER=${DB_CONFIG_USER}
+DB_PASSWORD=${DB_CONFIG_PASSWORD}
+DB_NAME=${DB_CONFIG_NAME}
+
+# JWT Configuration
+JWT_SECRET=${JWT_CONFIG_SECRET}
+<% if (backend.eventQueue) { %>
+
+# Redis Configuration
+REDIS_PASSWORD=${REDIS_CONFIG_PASSWORD}
+<% } %>
+
+# Logging
+LOG_LEVEL=debug
+EOF
+    print_status "Created root .env file with configured values"
+<% if (platforms.includes('web')) { %>
+
+    # Web app environment file
+    if [ -d "web" ]; then
+        print_info "Creating web/.env.local..."
+        cat > web/.env.local << EOF
+# =============================================================================
+# Web App Environment Configuration
+# =============================================================================
+
+# Public URL of the web app (used for OAuth callbacks)
+NEXT_PUBLIC_APP_URL=http://localhost:3000
+
+# Backend API URL (server-side only, used by server actions)
+BACKEND_URL=http://localhost:8080
+EOF
+        print_status "Created web/.env.local"
+    fi
+<% } %>
+}
+
+# Install backend dependencies
+install_backend_deps() {
+    if [ -d "backend" ]; then
+        print_info "Installing backend dependencies..."
+        cd backend
+
+        if [ -f "package.json" ]; then
+            bun install
+            print_status "Backend dependencies installed"
+        else
+            print_warning "No package.json found in backend directory"
+        fi
+
+        cd ..
+    else
+        print_warning "Backend directory not found"
+    fi
+}
+
+<% if (platforms.includes('mobile')) { %>
+# Install mobile dependencies
+install_mobile_deps() {
+    if [ -d "mobile" ]; then
+        print_info "Installing mobile dependencies..."
+        cd mobile
+
+        if [ -f "package.json" ]; then
+            bun install
+            print_status "Mobile dependencies installed"
+        else
+            print_warning "No package.json found in mobile directory"
+        fi
+
+        cd ..
+    else
+        print_warning "Mobile directory not found"
+    fi
+}
+<% } %>
+<% if (platforms.includes('web')) { %>
+# Install web dependencies
+install_web_deps() {
+    if [ -d "web" ]; then
+        print_info "Installing web dependencies..."
+        cd web
+
+        if [ -f "package.json" ]; then
+            <%= packageManager %> install
+            print_status "Web dependencies installed"
+        else
+            print_warning "No package.json found in web directory"
+        fi
+
+        cd ..
+    else
+        print_warning "Web directory not found"
+    fi
+}
+<% } %>
+
+# Setup database<% if (backend.eventQueue) { %> and Redis<% } %>
+setup_database() {
+    # Check if volumes exist but credentials might be different
+    if has_existing_volumes; then
+        print_warning "⚠️  Existing Docker volumes detected!"
+        print_warning "If these volumes contain data with different credentials,"
+        print_warning "PostgreSQL will skip initialization and use the existing credentials."
+        print_warning "This may cause authentication failures if credentials don't match."
+        echo ""
+        print_info "Existing volumes:"
+        list_existing_volumes | sed 's/^/    /'
+        echo ""
+        read -p "Continue with database setup? (y/N): " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            print_info "Database setup skipped"
+            return 0
+        fi
+    fi
+
+    print_info "Setting up database<% if (backend.eventQueue) { %> and Redis<% } %> with Docker..."
+
+    # Start database<% if (backend.eventQueue) { %> and Redis services<% } else { %> service<% } %>
+<% if (backend.eventQueue) { %>
+    docker-compose up -d database redis
+<% } else { %>
+    docker-compose up -d database
+<% } %>
+
+    print_info "Waiting for services to be ready..."
+    sleep 15
+
+    # Run database migrations
+    if [ -d "backend" ] && [ -f "backend/package.json" ]; then
+        print_info "Running database migrations..."
+        cd backend
+
+<% if (backend.orm === 'prisma') { %>
+        # Generate Prisma client
+        bun prisma generate
+
+        # Push schema to database
+        bun prisma db push
+<% } else if (backend.orm === 'drizzle') { %>
+        # Generate Drizzle migrations
+        bun run db:generate
+
+        # Push schema to database
+        bun run db:push
+<% } %>
+
+        print_status "Database<% if (backend.eventQueue) { %> and Redis<% } %> setup complete"
+        cd ..
+    else
+        print_warning "Cannot run migrations - backend not found or invalid"
+    fi
+}
+
+# Make scripts executable
+make_scripts_executable() {
+    print_info "Making scripts executable..."
+    chmod +x scripts/*.sh 2>/dev/null || true
+    print_status "Scripts are now executable"
+}
+
+# Print next steps
+print_next_steps() {
+    echo ""
+    echo "🎉 Setup complete! Next steps:"
+    echo "================================================"
+    echo ""
+    echo "📦 Start the development environment:"
+    echo "   ./scripts/docker-dev.sh"
+    echo ""
+    echo "🌐 Access your services:"
+    echo "   Backend API: http://localhost:8080"
+    echo "   Database:   localhost:5432"
+<% if (backend.eventQueue) { %>
+    echo "   Redis:      localhost:6379"
+<% } %>
+    echo ""
+<% if (platforms.includes('mobile')) { %>
+    echo "📱 For mobile development:"
+    echo "   cd mobile && <%= packageManager %> start"
+    echo ""
+<% } %>
+<% if (platforms.includes('web')) { %>
+    echo "🌐 For web development:"
+    echo "   cd web && <%= packageManager %> run dev"
+    echo ""
+<% } %>
+    echo "🐳 Docker commands:"
+    echo "   docker-compose logs -f backend  # View backend logs"
+    echo "   docker-compose down            # Stop all services"
+    echo ""
+    echo "📚 Documentation:"
+    echo "   - Main README.md for overview"
+    echo "   - backend/README.md for backend setup"
+    echo "   - mobile/README.md for mobile setup"
+    echo ""
+}
+
+# Main execution
+main() {
+    echo "Starting setup process..."
+    echo ""
+
+    check_docker
+    check_bun
+
+    # Check for existing configuration
+    if has_existing_configuration; then
+        # Determine what exists
+        local has_env_files=false
+        local has_volumes=false
+
+        if [ -f "backend/.env" ] && [ -f ".env" ]; then
+            if ! grep -q "postgresql://username:password@" backend/.env 2>/dev/null; then
+                if grep -q "DB_USER=" .env 2>/dev/null && grep -q "DB_PASSWORD=" .env 2>/dev/null; then
+                    has_env_files=true
+                fi
+            fi
+        fi
+
+        if has_existing_volumes; then
+            has_volumes=true
+        fi
+
+        # Show status
+        echo ""
+        echo "⚠️  Existing Setup Detected:"
+        echo "============================"
+        if [ "$has_env_files" = true ]; then
+            echo "  .env files:     FOUND"
+        else
+            echo "  .env files:     NOT FOUND"
+        fi
+
+        if [ "$has_volumes" = true ]; then
+            echo "  Docker volumes: FOUND"
+            echo ""
+            print_info "Existing volumes:"
+            list_existing_volumes | sed 's/^/    /'
+        else
+            echo "  Docker volumes: NOT FOUND"
+        fi
+        echo ""
+
+        # Check for credential mismatch
+        if [ "$has_env_files" = true ] && [ "$has_volumes" = true ]; then
+            if detect_credential_mismatch; then
+                print_warning "⚠️  CREDENTIAL MISMATCH DETECTED!"
+                print_warning "Your .env files may contain different credentials than your Docker volumes."
+                print_warning "This will cause authentication failures!"
+                echo ""
+            fi
+        fi
+
+        # Load existing credentials if available
+        if [ "$has_env_files" = true ]; then
+            if load_existing_credentials; then
+                display_existing_config_summary
+            fi
+        fi
+
+        # Present options based on what exists
+        echo "🔧 Setup Options:"
+        echo "================="
+
+        if [ "$has_env_files" = true ] && [ "$has_volumes" = false ]; then
+            # Scenario A: Only .env exists, no volumes - safe to reuse or regenerate
+            echo "1. Use existing .env configuration"
+            echo "2. Reconfigure - Enter new credentials"
+            echo "3. Auto-generate - Generate new secure defaults"
+            echo "4. Exit setup"
+
+        elif [ "$has_env_files" = false ] && [ "$has_volumes" = true ]; then
+            # Scenario B: Only volumes exist, no .env - need to either reset volumes or exit
+            print_warning "Docker volumes exist but no .env files found!"
+            print_warning "Cannot proceed without resetting volumes or restoring .env files."
+            echo ""
+            echo "1. Reset everything - DELETE volumes and create new setup"
+            echo "2. Exit (manually restore your .env files, then re-run setup)"
+
+        else
+            # Scenario C: Both exist - most common scenario
+            echo "1. Keep everything - Use existing configuration (RECOMMENDED if working)"
+            echo "2. Reset everything - DELETE volumes and create new setup"
+            echo "3. Reconfigure credentials only (⚠️  DANGER: May cause mismatch)"
+            echo "4. Exit setup"
+        fi
+
+        echo ""
+        read -p "Choose option: " -n 1 -r
+        echo
+        echo ""
+
+        case $REPLY in
+            1)
+                if [ "$has_env_files" = false ] && [ "$has_volumes" = true ]; then
+                    # Scenario B, Option 1: Reset volumes
+                    print_info "Resetting everything..."
+                    if remove_project_volumes; then
+                        print_info "Now generating new credentials..."
+                        DB_CONFIG_USER="postgres"
+                        DB_CONFIG_PASSWORD=$(generate_password 12)
+                        DB_CONFIG_NAME="auth_boilerplate"
+<% if (backend.eventQueue) { %>
+                        REDIS_CONFIG_PASSWORD=$(generate_password 16)
+<% } %>
+                        JWT_CONFIG_SECRET=$(generate_jwt_secret)
+<% if (backend.eventQueue) { %>
+                        export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME REDIS_CONFIG_PASSWORD JWT_CONFIG_SECRET
+<% } else { %>
+                        export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME JWT_CONFIG_SECRET
+<% } %>
+                    else
+                        print_error "Setup cancelled - volumes were not removed"
+                        exit 1
+                    fi
+                else
+                    # Scenarios A & C, Option 1: Keep/use existing
+                    print_status "Using existing configuration"
+                    if [ "$has_env_files" = false ]; then
+                        print_error "Cannot proceed - no .env files to use"
+                        exit 1
+                    fi
+                fi
+                ;;
+            2)
+                if [ "$has_env_files" = false ] && [ "$has_volumes" = true ]; then
+                    # Scenario B, Option 2: Exit
+                    print_info "Setup cancelled. Please restore your .env files."
+                    exit 0
+                elif [ "$has_volumes" = true ]; then
+                    # Scenario C, Option 2: Reset everything
+                    print_info "Resetting everything (volumes + credentials)..."
+                    if remove_project_volumes; then
+                        print_info "Now generating new credentials..."
+                        DB_CONFIG_USER="postgres"
+                        DB_CONFIG_PASSWORD=$(generate_password 12)
+                        DB_CONFIG_NAME="auth_boilerplate"
+<% if (backend.eventQueue) { %>
+                        REDIS_CONFIG_PASSWORD=$(generate_password 16)
+<% } %>
+                        JWT_CONFIG_SECRET=$(generate_jwt_secret)
+<% if (backend.eventQueue) { %>
+                        export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME REDIS_CONFIG_PASSWORD JWT_CONFIG_SECRET
+<% } else { %>
+                        export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME JWT_CONFIG_SECRET
+<% } %>
+                    else
+                        print_error "Setup cancelled - volumes were not removed"
+                        exit 1
+                    fi
+                else
+                    # Scenario A, Option 2: Reconfigure
+                    print_info "Reconfiguring credentials..."
+                    collect_configuration
+                fi
+                ;;
+            3)
+                if [ "$has_env_files" = false ] && [ "$has_volumes" = true ]; then
+                    # Scenario B: No option 3
+                    print_info "Invalid option. Exiting."
+                    exit 0
+                elif [ "$has_volumes" = true ]; then
+                    # Scenario C, Option 3: Dangerous reconfigure
+                    print_warning "⚠️  WARNING: Changing credentials without resetting volumes!"
+                    print_warning "This WILL cause authentication failures if volumes already exist."
+                    print_warning "Only proceed if you know what you're doing."
+                    echo ""
+                    read -p "Continue anyway? (y/N): " -n 1 -r
+                    echo
+                    if [[ $REPLY =~ ^[Yy]$ ]]; then
+                        print_info "Reconfiguring credentials..."
+                        collect_configuration
+                    else
+                        print_info "Cancelled. Using existing configuration."
+                    fi
+                else
+                    # Scenario A, Option 3: Auto-generate
+                    print_info "Generating new secure auto-generated credentials..."
+                    DB_CONFIG_USER="postgres"
+                    DB_CONFIG_PASSWORD=$(generate_password 12)
+                    DB_CONFIG_NAME="auth_boilerplate"
+<% if (backend.eventQueue) { %>
+                    REDIS_CONFIG_PASSWORD=$(generate_password 16)
+<% } %>
+                    JWT_CONFIG_SECRET=$(generate_jwt_secret)
+<% if (backend.eventQueue) { %>
+                    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME REDIS_CONFIG_PASSWORD JWT_CONFIG_SECRET
+<% } else { %>
+                    export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME JWT_CONFIG_SECRET
+<% } %>
+
+                    echo "Generated new secure credentials:"
+                    echo "- Database: ${DB_CONFIG_USER} / [hidden]"
+<% if (backend.eventQueue) { %>
+                    echo "- Redis: [hidden password]"
+<% } %>
+                    echo "- JWT: [hidden secret]"
+                fi
+                ;;
+            4)
+                if [ "$has_env_files" = false ] && [ "$has_volumes" = true ]; then
+                    # Scenario B: No option 4
+                    print_info "Invalid option. Exiting."
+                else
+                    # Scenarios A & C: Exit
+                    print_info "Setup cancelled"
+                fi
+                exit 0
+                ;;
+            *)
+                if [ "$has_env_files" = false ] && [ "$has_volumes" = true ]; then
+                    print_info "Invalid option. Exiting."
+                    exit 0
+                else
+                    print_info "Invalid option. Using existing configuration."
+                fi
+                ;;
+        esac
+    else
+        # No existing configuration - ask for initial setup
+        print_info "No existing configuration found. Let's set up credentials."
+        echo ""
+        read -p "Configure custom credentials? (y/n - 'n' uses secure defaults): " -n 1 -r
+        echo
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+            collect_configuration
+        else
+            print_info "Using secure auto-generated credentials..."
+            # Generate secure defaults without prompts
+            DB_CONFIG_USER="postgres"
+            DB_CONFIG_PASSWORD=$(generate_password 12)
+            DB_CONFIG_NAME="auth_boilerplate"
+<% if (backend.eventQueue) { %>
+            REDIS_CONFIG_PASSWORD=$(generate_password 16)
+<% } %>
+            JWT_CONFIG_SECRET=$(generate_jwt_secret)
+<% if (backend.eventQueue) { %>
+            export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME REDIS_CONFIG_PASSWORD JWT_CONFIG_SECRET
+<% } else { %>
+            export DB_CONFIG_USER DB_CONFIG_PASSWORD DB_CONFIG_NAME JWT_CONFIG_SECRET
+<% } %>
+
+            echo "Generated secure credentials:"
+            echo "- Database: ${DB_CONFIG_USER} / [hidden]"
+<% if (backend.eventQueue) { %>
+            echo "- Redis: [hidden password]"
+<% } %>
+            echo "- JWT: [hidden secret]"
+        fi
+    fi
+
+    setup_env_files
+    make_scripts_executable
+
+    # Ask if user wants to install dependencies
+    read -p "Install dependencies? (y/n): " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        install_backend_deps
+<% if (platforms.includes('mobile')) { %>
+        install_mobile_deps
+<% } %>
+<% if (platforms.includes('web')) { %>
+        install_web_deps
+<% } %>
+    fi
+
+    # Ask if user wants to setup database<% if (backend.eventQueue) { %> and Redis<% } %>
+    read -p "Setup database<% if (backend.eventQueue) { %> and Redis<% } %> with Docker? (y/n): " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        setup_database
+    fi
+
+    print_next_steps
+}
+
+# Run main function
+main "$@"