create-tigra 1.1.0 → 2.0.1

package/template/client/tsconfig.json

@@ -0,0 +1,34 @@
+{
+  "compilerOptions": {
+    "target": "ES2017",
+    "lib": ["dom", "dom.iterable", "esnext"],
+    "allowJs": true,
+    "skipLibCheck": true,
+    "strict": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "module": "esnext",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "jsx": "react-jsx",
+    "incremental": true,
+    "plugins": [
+      {
+        "name": "next"
+      }
+    ],
+    "paths": {
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": [
+    "next-env.d.ts",
+    "**/*.ts",
+    "**/*.tsx",
+    ".next/types/**/*.ts",
+    ".next/dev/types/**/*.ts",
+    "**/*.mts"
+  ],
+  "exclude": ["node_modules"]
+}

package/template/gitignore

@@ -0,0 +1,34 @@
+# Dependencies
+node_modules/
+
+# Build output
+dist/
+.next/
+out/
+
+# Environment files
+.env
+.env.local
+.env.*.local
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# IDE
+.vscode/
+.idea/
+
+# Claude Code local settings
+.claude/settings.local.json
+
+# Playwright MCP artifacts
+.playwright-mcp/
+
+# Logs
+*.log
+npm-debug.log*
+pnpm-debug.log*
+
+# Uploads (local development)
+uploads/

package/template/server/.dockerignore

@@ -0,0 +1,66 @@
+# Node modules (will be installed fresh in Docker)
+node_modules
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Build output (will be built fresh in Docker)
+dist
+build
+*.tsbuildinfo
+
+# Environment files (use Docker env vars instead)
+.env
+.env.local
+.env.*.local
+.env.development
+.env.test
+
+# Git
+.git
+.gitignore
+.gitattributes
+
+# IDE
+.vscode
+.idea
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Testing
+coverage
+.nyc_output
+**/__tests__
+**/*.test.ts
+**/*.spec.ts
+vitest.config.ts
+
+# Documentation
+*.md
+!README.md
+docs
+
+# Docker
+Dockerfile
+.dockerignore
+docker-compose.yml
+phpmyadmin-config.php
+
+# Postman
+postman_collection.json
+postman/
+
+# CI/CD
+.github
+.gitlab-ci.yml
+.circleci
+
+# Misc
+.prettierrc
+.eslintrc
+.eslintignore
+.editorconfig
+tsconfig.json

package/template/server/.env.example

@@ -1,69 +1,96 @@
-# ==============================================
-# SERVER CONFIGURATION
-# ==============================================
-
-NODE_ENV=development
-PORT=3000
-API_PREFIX=/api/v1
-LOG_LEVEL=info
-
-# ==============================================
-# DATABASE CONFIGURATION (MySQL)
-# ==============================================
-
-DATABASE_URL="mysql://root:{{DATABASE_PASSWORD}}@localhost:3306/{{DATABASE_NAME}}"
-
-
-# ==============================================
-# REDIS CONFIGURATION
-# ==============================================
-
-REDIS_HOST=localhost
-REDIS_PORT=6379
-REDIS_PASSWORD=
-REDIS_DB=0
-
-# ==============================================
-# JWT AUTHENTICATION
-# =============================================='
-
-# enter strong jwt secret in production !
-JWT_SECRET=123412341234123412341234123412341234123412341234123412341234
-JWT_ACCESS_EXPIRATION=15m
-JWT_REFRESH_EXPIRATION=7d
-JWT_ISSUER={{PROJECT_NAME}}
-
-# ==============================================
-# CORS CONFIGURATION
-# ==============================================
-
-CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
-
-# ==============================================
-# FILE UPLOAD CONFIGURATION
-# ==============================================
-
-MAX_FILE_SIZE=10485760
-ALLOWED_FILE_TYPES=image/jpeg,image/png,image/webp,application/pdf
-UPLOAD_DIR=./uploads
-
-# ==============================================
-# RATE LIMITING
-# ==============================================
-
-RATE_LIMIT_MAX=100
-RATE_LIMIT_WINDOW=900000
-
-# ==============================================
-# DEVELOPMENT TOOLS
-# ==============================================
-
-PRISMA_QUERY_LOG=false
-SLOW_QUERY_THRESHOLD=1000
-
-# ==============================================
-# ADMIN SEED (Initial Setup)
-# ==============================================
-
-ADMIN_EMAIL=admin@{{PROJECT_NAME}}.dev
-ADMIN_PASSWORD=Admin123!
+# ===================================================================
+# APPLICATION CONFIGURATION
+# ===================================================================
+
+# Environment: development | production | test
+NODE_ENV=development
+
+# Server port (default: 8000)
+PORT=8000
+
+# Server host (0.0.0.0 = listen on all interfaces)
+HOST=0.0.0.0
+
+# ===================================================================
+# DATABASE CONFIGURATION (MySQL 8.0+)
+# ===================================================================
+
+# Database connection string
+# Format: mysql://username:password@host:port/database
+DATABASE_URL="mysql://root:rootpassword@localhost:3306/{{DATABASE_NAME}}"
+
+# Connection pool settings (for high-traffic production)
+# Min connections: 2-5 for low traffic, 5-10 for medium, 10-20 for high
+# Max connections: 10 for dev, 20-50 for production (10K-100K users/day)
+DATABASE_POOL_MIN=2
+DATABASE_POOL_MAX=10
+
+# ===================================================================
+# REDIS CONFIGURATION
+# ===================================================================
+
+# Redis connection URL
+# Format: redis://[:password@]host:port[/database]
+REDIS_URL="redis://localhost:6379"
+
+# Max retry attempts for failed Redis operations
+REDIS_MAX_RETRIES=3
+
+# Connection timeout in milliseconds
+REDIS_CONNECT_TIMEOUT=10000
+
+# ===================================================================
+# JWT AUTHENTICATION
+# ===================================================================
+
+# JWT secret key (MUST be at least 32 characters)
+# CRITICAL: Generate a strong random secret for production!
+# Example: openssl rand -base64 48
+JWT_SECRET="{{JWT_SECRET}}"
+
+# Access token expiry (short-lived)
+# Format: 1s, 1m, 1h, 1d (default: 15m)
+JWT_ACCESS_EXPIRY="15m"
+
+# Refresh token expiry (long-lived)
+# Format: 1s, 1m, 1h, 1d (default: 7d)
+JWT_REFRESH_EXPIRY="7d"
+
+# Cookie signing secret (separate from JWT for defense-in-depth)
+# Optional: defaults to JWT_SECRET if not set
+# For production: generate a separate secret: openssl rand -base64 48
+# COOKIE_SECRET="change-this-to-a-different-secret-at-least-32-chars"
+
+# ===================================================================
+# CORS (Cross-Origin Resource Sharing)
+# ===================================================================
+
+# Allowed origins for CORS
+# Development: Optional (allows all origins for easier local dev)
+# Production: REQUIRED (must be your frontend URL for security)
+# Multiple origins: Separate with commas
+# Examples:
+#   Single origin: CORS_ORIGIN="https://myapp.com"
+#   Multiple origins: CORS_ORIGIN="https://myapp.com,https://app.myapp.com"
+#   Local dev: CORS_ORIGIN="http://localhost:3001"
+# CORS_ORIGIN="http://localhost:3001"
+
+# ===================================================================
+# LOGGING
+# ===================================================================
+
+# Log level: fatal | error | warn | info | debug | trace
+# Production: info or warn (reduces noise)
+# Development: debug (verbose logging)
+# Staging: info
+LOG_LEVEL=info
+
+# ===================================================================
+# ERROR TRACKING (Optional)
+# ===================================================================
+
+# Sentry DSN for error tracking and monitoring
+# Get your DSN from: https://sentry.io/settings/projects/
+# Leave empty to disable Sentry
+# Example: SENTRY_DSN="https://examplePublicKey@o0.ingest.sentry.io/0"
+# SENTRY_DSN=""

package/template/server/.env.production.example

@@ -0,0 +1,90 @@
+# ===================================================================
+# PRODUCTION ENVIRONMENT CONFIGURATION
+# ===================================================================
+# This file contains production-optimized settings for high-traffic
+# deployments (10K-100K users/day). Copy to .env and customize.
+# ===================================================================
+
+# ===================================================================
+# APPLICATION
+# ===================================================================
+
+NODE_ENV=production
+PORT=3000
+HOST=0.0.0.0
+
+# ===================================================================
+# DATABASE (MySQL 8.0+)
+# ===================================================================
+
+# Production database connection
+# CRITICAL: Use secure credentials, SSL/TLS, and private network
+DATABASE_URL="mysql://prod_user:SECURE_PASSWORD@db.internal:3306/prod_db?ssl=true"
+
+# Connection pool for high traffic (10K-100K users/day)
+# Recommended: 20-50 connections for production
+# Monitor and adjust based on load testing results
+DATABASE_POOL_MIN=10
+DATABASE_POOL_MAX=50
+
+# ===================================================================
+# REDIS
+# ===================================================================
+
+# Production Redis instance
+# CRITICAL: Use authentication and private network
+REDIS_URL="redis://:REDIS_PASSWORD@redis.internal:6379"
+
+# Production retry settings
+REDIS_MAX_RETRIES=5
+REDIS_CONNECT_TIMEOUT=5000
+
+# ===================================================================
+# JWT AUTHENTICATION
+# ===================================================================
+
+# CRITICAL: Generate a cryptographically secure secret
+# Example: openssl rand -base64 48
+JWT_SECRET="YOUR_PRODUCTION_JWT_SECRET_MUST_BE_AT_LEAST_32_CHARS_LONG"
+
+# Production token expiry (tighter security)
+JWT_ACCESS_EXPIRY="15m"
+JWT_REFRESH_EXPIRY="7d"
+
+# ===================================================================
+# CORS
+# ===================================================================
+
+# REQUIRED in production - your frontend domain(s)
+# Multiple origins separated by commas
+CORS_ORIGIN="https://yourdomain.com,https://app.yourdomain.com"
+
+# ===================================================================
+# LOGGING
+# ===================================================================
+
+# Production: info or warn (reduces log volume)
+# Use warn to reduce costs in high-traffic scenarios
+LOG_LEVEL=info
+
+# ===================================================================
+# ERROR TRACKING
+# ===================================================================
+
+# Sentry for production error monitoring
+# Get your DSN from: https://sentry.io/settings/projects/
+SENTRY_DSN="https://YOUR_PUBLIC_KEY@o0.ingest.sentry.io/YOUR_PROJECT_ID"
+
+# ===================================================================
+# PRODUCTION CHECKLIST
+# ===================================================================
+# [ ] DATABASE_URL uses secure credentials and SSL
+# [ ] JWT_SECRET is a strong random string (48+ chars)
+# [ ] CORS_ORIGIN is set to your exact frontend URL(s)
+# [ ] REDIS_URL uses authentication if Redis is exposed
+# [ ] LOG_LEVEL is set to info or warn
+# [ ] SENTRY_DSN is configured for error tracking
+# [ ] Database connection pool tested under load
+# [ ] All secrets are stored in environment variables, not in code
+# [ ] SSL/TLS certificates are configured
+# [ ] Firewall rules restrict access to database and Redis

package/template/server/Dockerfile

@@ -0,0 +1,94 @@
+# ===================================================================
+# Multi-stage Dockerfile for Production Deployment
+# Optimized for Coolify, Docker Compose, and Kubernetes
+# ===================================================================
+
+# ===================================================================
+# Stage 1: Dependencies (cached layer)
+# ===================================================================
+FROM node:20-alpine AS dependencies
+
+# Install production dependencies only
+WORKDIR /app
+
+# Copy package files
+COPY package.json package-lock.json* pnpm-lock.yaml* yarn.lock* ./
+
+# Install dependencies (use the lockfile that exists)
+RUN if [ -f pnpm-lock.yaml ]; then \
+      npm install -g pnpm && pnpm install --prod --frozen-lockfile; \
+    elif [ -f yarn.lock ]; then \
+      yarn install --production --frozen-lockfile; \
+    else \
+      npm ci --omit=dev; \
+    fi
+
+# ===================================================================
+# Stage 2: Build (compile TypeScript)
+# ===================================================================
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Copy package files and install ALL dependencies (including dev)
+COPY package.json package-lock.json* pnpm-lock.yaml* yarn.lock* ./
+
+RUN if [ -f pnpm-lock.yaml ]; then \
+      npm install -g pnpm && pnpm install --frozen-lockfile; \
+    elif [ -f yarn.lock ]; then \
+      yarn install --frozen-lockfile; \
+    else \
+      npm ci; \
+    fi
+
+# Copy source code and Prisma schema
+COPY . .
+
+# Generate Prisma Client
+RUN npx prisma generate
+
+# Build TypeScript
+RUN npm run build
+
+# ===================================================================
+# Stage 3: Production Runtime
+# ===================================================================
+FROM node:20-alpine AS production
+
+# Install dumb-init for proper signal handling
+RUN apk add --no-cache dumb-init
+
+# Create non-root user for security
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nodejs -u 1001
+
+WORKDIR /app
+
+# Copy production dependencies from dependencies stage
+COPY --from=dependencies --chown=nodejs:nodejs /app/node_modules ./node_modules
+
+# Copy generated Prisma client from builder stage (not present in prod deps)
+COPY --from=builder --chown=nodejs:nodejs /app/node_modules/.prisma ./node_modules/.prisma
+
+# Copy built application from builder stage
+COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist
+COPY --from=builder --chown=nodejs:nodejs /app/package.json ./package.json
+
+# Copy Prisma files (needed for migrations)
+COPY --from=builder --chown=nodejs:nodejs /app/prisma ./prisma
+
+# Switch to non-root user
+USER nodejs
+
+# Expose port (matches default PORT in env.ts; override via PORT env var)
+EXPOSE 8000
+
+# Health check for container orchestration
+HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
+  CMD node -e "const p=process.env.PORT||8000;require('http').get('http://localhost:'+p+'/api/v1/live',(r)=>{process.exit(r.statusCode===200?0:1)})"
+
+# Use dumb-init to handle signals properly
+ENTRYPOINT ["dumb-init", "--"]
+
+# Start the application
+CMD ["node", "dist/server.js"]

package/template/server/docker-compose.yml

@@ -1,111 +1,82 @@
-version: '3.8'
-name: {{PROJECT_NAME}}
-
-services:
-  # ==============================================
-  # MySQL Database Service
-  # ==============================================
-  mysql:
-    image: mysql:8.0
-    container_name: {{PROJECT_NAME}}-mysql
-    restart: unless-stopped
-    ports:
-      - '3306:3306'
-    environment:
-      MYSQL_ROOT_PASSWORD: {{DATABASE_PASSWORD}}
-      MYSQL_DATABASE: {{DATABASE_NAME}}
-      # Performance tuning
-      MYSQL_INNODB_BUFFER_POOL_SIZE: 256M
-      MYSQL_MAX_CONNECTIONS: 100
-    volumes:
-      # Persist MySQL data
-      - {{PROJECT_NAME}}_mysql_data:/var/lib/mysql
-      # Custom MySQL configuration (optional)
-      # - ./docker/mysql/my.cnf:/etc/mysql/conf.d/my.cnf
-    networks:
-      - {{PROJECT_NAME}}-network
-    healthcheck:
-      test: [ 'CMD', 'mysqladmin', 'ping', '-h', 'localhost', '-u', 'root', '-p{{DATABASE_PASSWORD}}' ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 30s
-    command:
-      - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_unicode_ci
-      - --default-authentication-plugin=mysql_native_password
-
-  # ==============================================
-  # Redis Cache Service
-  # ==============================================
-  redis:
-    image: redis:7-alpine
-    container_name: {{PROJECT_NAME}}-redis
-    restart: unless-stopped
-    ports:
-      - '6379:6379'
-    volumes:
-      # Persist Redis data
-      - {{PROJECT_NAME}}_redis_data:/data
-      # Custom Redis configuration (optional)
-      # - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf
-    networks:
-      - {{PROJECT_NAME}}-network
-    healthcheck:
-      test: [ 'CMD', 'redis-cli', 'ping' ]
-      interval: 10s
-      timeout: 3s
-      retries: 5
-      start_period: 10s
-    command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy noeviction
-  # ==============================================
-  # phpMyAdmin (Database Management UI)
-  # ==============================================
-  # Access at: http://localhost:8080
-  phpmyadmin:
-    image: phpmyadmin/phpmyadmin:latest
-    container_name: {{PROJECT_NAME}}-phpmyadmin
-    restart: unless-stopped
-    ports:
-      - '8080:80'
-    environment:
-      PMA_HOST: mysql
-      PMA_ARBITRARY: 1
-      # PMA_USER: root       <-- Removed to allow manual login
-      # PMA_PASSWORD: password <-- Removed to allow manual login
-    networks:
-      - {{PROJECT_NAME}}-network
-    depends_on:
-      - mysql
-
-  # ==============================================
-  # Redis Commander (Redis Management UI)
-  # ==============================================
-  # Access at: http://localhost:8081
-  redis-commander:
-    image: rediscommander/redis-commander:latest
-    container_name: {{PROJECT_NAME}}-redis-commander
-    restart: unless-stopped
-    ports:
-      - '8081:8081'
-    environment:
-      REDIS_HOSTS: local:redis:6379
-    networks:
-      - {{PROJECT_NAME}}-network
-    depends_on:
-      - redis
-  # ==============================================
-  # Named Volumes for Data Persistence
-  # ==============================================
-volumes:
-  {{PROJECT_NAME}}_mysql_data:
-    driver: local
-  {{PROJECT_NAME}}_redis_data:
-    driver: local
-
-# ==============================================
-# Network Configuration
-# ==============================================
-networks:
-  {{PROJECT_NAME}}-network:
-    driver: bridge
+# WARNING: These credentials are for LOCAL DEVELOPMENT ONLY.
+# Change all passwords and secrets before using in any shared or production environment.
+
+name: {{PROJECT_NAME}}
+
+services:
+  mysql:
+    image: mysql:8.0
+    container_name: {{PROJECT_NAME}}-mysql
+    restart: unless-stopped
+    ports:
+      - '3306:3306'
+    environment:
+      MYSQL_ROOT_PASSWORD: rootpassword
+      MYSQL_DATABASE: {{DATABASE_NAME}}
+    volumes:
+      - mysql_data:/var/lib/mysql
+    networks:
+      - {{PROJECT_NAME}}-network
+    healthcheck:
+      test: ['CMD', 'mysqladmin', 'ping', '-h', 'localhost']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  phpmyadmin:
+    image: phpmyadmin:latest
+    container_name: {{PROJECT_NAME}}-phpmyadmin
+    restart: unless-stopped
+    ports:
+      - '8080:80'
+    environment:
+      PMA_HOST: mysql
+      PMA_PORT: 3306
+      MYSQL_ROOT_PASSWORD: rootpassword
+      PMA_ARBITRARY: 0
+      HIDE_PHP_VERSION: 'true'
+    volumes:
+      - ./phpmyadmin-config.php:/etc/phpmyadmin/config.user.inc.php
+    depends_on:
+      mysql:
+        condition: service_healthy
+    networks:
+      - {{PROJECT_NAME}}-network
+
+  redis:
+    image: redis:7-alpine
+    container_name: {{PROJECT_NAME}}-redis
+    restart: unless-stopped
+    ports:
+      - '6379:6379'
+    volumes:
+      - redis_data:/data
+    networks:
+      - {{PROJECT_NAME}}-network
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  redis-commander:
+    image: rediscommander/redis-commander:latest
+    container_name: {{PROJECT_NAME}}-redis-commander
+    restart: unless-stopped
+    ports:
+      - '8081:8081'
+    environment:
+      REDIS_HOSTS: local:redis:6379
+    depends_on:
+      redis:
+        condition: service_healthy
+    networks:
+      - {{PROJECT_NAME}}-network
+
+volumes:
+  mysql_data:
+  redis_data:
+
+networks:
+  {{PROJECT_NAME}}-network:
+    driver: bridge