create-tigra 2.6.5 → 2.6.8

package/template/client/src/features/admin/services/admin.service.ts

@@ -0,0 +1,94 @@
+import { apiClient } from '@/lib/api/axios.config';
+import { API_ENDPOINTS } from '@/lib/constants/api-endpoints';
+
+import type { ApiResponse, PaginatedApiResponse } from '@/lib/api/api.types';
+import type {
+  IAdminUser,
+  IAdminUserDetail,
+  IAdminSession,
+  IDashboardStats,
+  IGetUsersParams,
+  IGetSessionsParams,
+  IUpdateUserStatusRequest,
+  IUpdateUserRoleRequest,
+} from '../types/admin.types';
+
+interface PaginatedData<T> {
+  items: T[];
+  pagination: {
+    page: number;
+    limit: number;
+    totalItems: number;
+    totalPages: number;
+    hasNextPage: boolean;
+    hasPreviousPage: boolean;
+  };
+}
+
+class AdminService {
+  // ─── Dashboard Stats ────────────────────────────────────────────────
+
+  async getDashboardStats(): Promise<IDashboardStats> {
+    const response = await apiClient.get<ApiResponse<IDashboardStats>>(
+      API_ENDPOINTS.ADMIN.STATS,
+    );
+    return response.data.data;
+  }
+
+  // ─── User Management ───────────────────────────────────────────────
+
+  async getUsers(params?: IGetUsersParams): Promise<PaginatedData<IAdminUser>> {
+    const response = await apiClient.get<PaginatedApiResponse<IAdminUser>>(
+      API_ENDPOINTS.ADMIN.USERS,
+      { params },
+    );
+    return response.data.data;
+  }
+
+  async getUserDetail(userId: string): Promise<IAdminUserDetail> {
+    const response = await apiClient.get<ApiResponse<IAdminUserDetail>>(
+      API_ENDPOINTS.ADMIN.USER_DETAIL(userId),
+    );
+    return response.data.data;
+  }
+
+  async updateUserStatus(
+    userId: string,
+    data: IUpdateUserStatusRequest,
+  ): Promise<IAdminUser> {
+    const response = await apiClient.patch<ApiResponse<IAdminUser>>(
+      API_ENDPOINTS.ADMIN.USER_STATUS(userId),
+      data,
+    );
+    return response.data.data;
+  }
+
+  async updateUserRole(
+    userId: string,
+    data: IUpdateUserRoleRequest,
+  ): Promise<IAdminUser> {
+    const response = await apiClient.patch<ApiResponse<IAdminUser>>(
+      API_ENDPOINTS.ADMIN.USER_ROLE(userId),
+      data,
+    );
+    return response.data.data;
+  }
+
+  // ─── Session Management ────────────────────────────────────────────
+
+  async getSessions(
+    params?: IGetSessionsParams,
+  ): Promise<PaginatedData<IAdminSession>> {
+    const response = await apiClient.get<PaginatedApiResponse<IAdminSession>>(
+      API_ENDPOINTS.ADMIN.SESSIONS,
+      { params },
+    );
+    return response.data.data;
+  }
+
+  async deleteSession(sessionId: string): Promise<void> {
+    await apiClient.delete(API_ENDPOINTS.ADMIN.SESSION_DELETE(sessionId));
+  }
+}
+
+export const adminService = new AdminService();

package/template/client/src/features/admin/types/admin.types.ts

@@ -0,0 +1,65 @@
+import type { IUser } from '@/features/auth/types/auth.types';
+import type { PaginationParams } from '@/lib/api/api.types';
+
+// ─── Admin User ─────────────────────────────────────────────────────────────
+
+export interface IAdminUser extends IUser {
+  deletedAt: string | null;
+  failedLoginAttempts: number;
+  lockedUntil: string | null;
+}
+
+export interface IAdminUserDetail extends IAdminUser {
+  sessionCount: number;
+  lastLogin: string | null;
+}
+
+// ─── Admin Session ──────────────────────────────────────────────────────────
+
+export interface IAdminSession {
+  id: string;
+  userId: string;
+  deviceInfo: string | null;
+  ipAddress: string | null;
+  lastActiveAt: string;
+  expiresAt: string;
+  createdAt: string;
+  user: {
+    id: string;
+    email: string;
+    firstName: string;
+    lastName: string;
+  };
+}
+
+// ─── Dashboard Stats ────────────────────────────────────────────────────────
+
+export interface IDashboardStats {
+  totalUsers: number;
+  activeUsers: number;
+  adminCount: number;
+  recentSignups: number;
+  activeSessions: number;
+}
+
+// ─── Request Params ─────────────────────────────────────────────────────────
+
+export interface IGetUsersParams extends PaginationParams {
+  search?: string;
+  role?: 'USER' | 'ADMIN';
+  isActive?: boolean;
+  sortBy?: 'createdAt' | 'email' | 'firstName';
+  sortOrder?: 'asc' | 'desc';
+}
+
+export interface IGetSessionsParams extends PaginationParams {
+  userId?: string;
+}
+
+export interface IUpdateUserStatusRequest {
+  isActive: boolean;
+}
+
+export interface IUpdateUserRoleRequest {
+  role: 'USER' | 'ADMIN';
+}

package/template/client/src/features/auth/components/AuthInitializer.tsx

@@ -12,6 +12,11 @@ import { setUser, setInitialized } from '../store/authSlice';
 
 const PROTECTED_PATHS: string[] = [ROUTES.DASHBOARD, ROUTES.PROFILE, '/admin'];
 
+// Auth pages where getMe() should never fire — there is no session to hydrate
+// on login/register/reset-password, and calling getMe() here would trigger the
+// 401 → refresh → fail → redirect chain for no reason.
+const AUTH_PATHS: string[] = [ROUTES.LOGIN, ROUTES.REGISTER, ROUTES.RESET_PASSWORD, ROUTES.VERIFY_EMAIL];
+
 interface AuthInitializerProps {
   children: React.ReactNode;
 }
@@ -20,6 +25,10 @@ function isProtectedPath(pathname: string): boolean {
   return PROTECTED_PATHS.some((path) => pathname.startsWith(path));
 }
 
+function isAuthPage(pathname: string): boolean {
+  return AUTH_PATHS.some((path) => pathname.startsWith(path));
+}
+
 export const AuthInitializer = ({ children }: AuthInitializerProps): React.ReactElement => {
   const dispatch = useAppDispatch();
   const pathname = usePathname();
@@ -27,7 +36,15 @@ export const AuthInitializer = ({ children }: AuthInitializerProps): React.React
   const { isAuthenticated, isLoggingOut } = useAppSelector((state) => state.auth);
 
   useEffect(() => {
-    // On public pages, skip auth hydration — just mark as initialized
+    // On auth pages (login, register, etc.), never call getMe().
+    // There is no session to hydrate, and a 401 here would trigger
+    // the refresh → fail → redirect chain, causing an infinite loop.
+    if (isAuthPage(pathname)) {
+      dispatch(setInitialized());
+      return;
+    }
+
+    // On other public pages, skip auth hydration — just mark as initialized
     if (!isProtectedPath(pathname)) {
       dispatch(setInitialized());
       return;

package/template/client/src/lib/api/axios.config.ts

@@ -4,9 +4,10 @@ import type { InternalAxiosRequestConfig } from 'axios';
 
 import { API_ENDPOINTS } from '@/lib/constants/api-endpoints';
 import { ROUTES } from '@/lib/constants/routes';
+import { env } from '@/lib/env';
 
 const apiClient = axios.create({
-  baseURL: process.env.NEXT_PUBLIC_API_BASE_URL || 'http://localhost:8000/api/v1',
+  baseURL: env.NEXT_PUBLIC_API_BASE_URL,
   timeout: 30000,
   withCredentials: true, // Send cookies with every request
 });
@@ -18,6 +19,14 @@ let refreshTimestamp = 0;
 const REFRESH_TIMEOUT_MS = 15000;
 let failedQueue: { resolve: () => void; reject: (error: unknown) => void }[] = [];
 
+// Circuit breaker — once a refresh fails with a definitive auth error (4xx),
+// this flag is set BEFORE dispatching logout or redirecting. All subsequent
+// 401s are immediately rejected without entering the refresh flow, preventing
+// the race condition where Redux state changes trigger re-renders that fire
+// new API calls before the hard redirect completes.
+// Resets automatically on page reload (window.location.href re-initializes the module).
+let isSessionDead = false;
+
 const processQueue = (error: unknown): void => {
   failedQueue.forEach((promise) => {
     if (error) {
@@ -43,6 +52,12 @@ apiClient.interceptors.response.use(
       return Promise.reject(error);
     }
 
+    // Circuit breaker tripped — session is dead, redirect is pending.
+    // Reject immediately without attempting refresh or queuing.
+    if (isSessionDead) {
+      return Promise.reject(error);
+    }
+
     // Don't retry auth endpoints that don't use tokens —
     // a 401 here means wrong credentials, not an expired token.
     const noRetryEndpoints: string[] = [
@@ -93,6 +108,10 @@ apiClient.interceptors.response.use(
         refreshError.response.status < 500;
 
       if (isAuthFailure) {
+        // Trip the circuit breaker FIRST — prevents any subsequent 401s
+        // from re-entering this flow while the redirect is pending.
+        isSessionDead = true;
+
         const { logout } = await import('@/features/auth/store/authSlice');
         const { store } = await import('@/store');
         store.dispatch(logout());

package/template/client/src/lib/constants/api-endpoints.ts

@@ -13,4 +13,13 @@ export const API_ENDPOINTS = {
     UPDATE_ME: '/users/me',
     DELETE_ME: '/users/me',
   },
+  ADMIN: {
+    STATS: '/admin/stats',
+    USERS: '/admin/users',
+    USER_DETAIL: (userId: string) => `/admin/users/${userId}`,
+    USER_STATUS: (userId: string) => `/admin/users/${userId}/status`,
+    USER_ROLE: (userId: string) => `/admin/users/${userId}/role`,
+    SESSIONS: '/admin/sessions',
+    SESSION_DELETE: (sessionId: string) => `/admin/sessions/${sessionId}`,
+  },
 } as const;

package/template/client/src/lib/constants/app.constants.ts

@@ -1,4 +1,6 @@
-export const APP_NAME = process.env.NEXT_PUBLIC_APP_NAME || 'My App';
+import { env } from '@/lib/env';
+
+export const APP_NAME = env.NEXT_PUBLIC_APP_NAME;
 
 export const PAGINATION = {
   DEFAULT_PAGE: 1,

package/template/client/src/lib/constants/routes.ts

@@ -6,4 +6,10 @@ export const ROUTES = {
   RESET_PASSWORD: '/reset-password',
   DASHBOARD: '/dashboard',
   PROFILE: '/profile',
+  ADMIN: {
+    DASHBOARD: '/admin',
+    USERS: '/admin/users',
+    USER_DETAIL: (userId: string) => `/admin/users/${userId}`,
+    SESSIONS: '/admin/sessions',
+  },
 } as const;

package/template/client/src/lib/env.ts

@@ -0,0 +1,35 @@
+import { z } from 'zod';
+
+// Every field MUST have a .default() so the dev fallback (envSchema.parse({}))
+// can produce valid defaults when env vars are missing in development.
+const envSchema = z.object({
+  NEXT_PUBLIC_API_BASE_URL: z
+    .string()
+    .url('NEXT_PUBLIC_API_BASE_URL must be a valid URL')
+    .default('http://localhost:8000/api/v1'),
+  NEXT_PUBLIC_APP_NAME: z.string().default('My App'),
+});
+
+function validateEnv(): z.infer<typeof envSchema> {
+  const result = envSchema.safeParse({
+    NEXT_PUBLIC_API_BASE_URL: process.env.NEXT_PUBLIC_API_BASE_URL,
+    NEXT_PUBLIC_APP_NAME: process.env.NEXT_PUBLIC_APP_NAME,
+  });
+
+  if (!result.success) {
+    const formatted = result.error.issues
+      .map((issue) => `  - ${issue.path.join('.')}: ${issue.message}`)
+      .join('\n');
+
+    console.error(`\n❌ Invalid environment variables:\n${formatted}\n`);
+
+    // In production, fail hard. In development, warn but continue with defaults.
+    if (process.env.NODE_ENV === 'production') {
+      throw new Error('Invalid environment variables');
+    }
+  }
+
+  return result.success ? result.data : envSchema.parse({});
+}
+
+export const env = validateEnv();

package/template/client/src/styles/themes/default.css

@@ -0,0 +1,92 @@
+/*
+ * Default Theme — Claude-inspired warm palette
+ * Accent: Terracotta orange
+ * Vibe: Earthy, warm, approachable
+ *
+ * This is the single theme file. Colors use HEX values.
+ * Light mode: :root selectors. Dark mode: .dark selectors.
+ * To customize: edit the HEX values below.
+ */
+
+:root {
+  --radius: 0.625rem;
+  /* Warm cream background with terracotta orange accent */
+  --background: #f4f3ee;
+  --foreground: #1a170f;
+  --card: #ffffff;
+  --card-foreground: #1a170f;
+  --popover: #ffffff;
+  --popover-foreground: #1a170f;
+  --primary: #c15f3c;
+  --primary-foreground: #ffffff;
+  --secondary: #ebeae3;
+  --secondary-foreground: #302e25;
+  --muted: #ebeae3;
+  --muted-foreground: #b1ada1;
+  --accent: #ebeae3;
+  --accent-foreground: #302e25;
+  --destructive: #e7000b;
+  --border: #deddd4;
+  --input: #deddd4;
+  --ring: #c15f3c;
+  --success: #008339;
+  --success-foreground: #ffffff;
+  --warning: #e99b2a;
+  --warning-foreground: #242119;
+  --info: #0079bf;
+  --info-foreground: #ffffff;
+  --chart-1: #c15f3c;
+  --chart-2: #009689;
+  --chart-3: #104e64;
+  --chart-4: #ebc065;
+  --chart-5: #b1ada1;
+  --sidebar: #f0efe9;
+  --sidebar-foreground: #1a170f;
+  --sidebar-primary: #302e25;
+  --sidebar-primary-foreground: #f4f3ee;
+  --sidebar-accent: #ebeae3;
+  --sidebar-accent-foreground: #302e25;
+  --sidebar-border: #deddd4;
+  --sidebar-ring: #c15f3c;
+}
+
+.dark {
+  /* Dark mode: inverted with same warm undertone */
+  --background: #15130d;
+  --foreground: #e9e8e3;
+  --card: #201e18;
+  --card-foreground: #e9e8e3;
+  --popover: #201e18;
+  --popover-foreground: #e9e8e3;
+  --primary: #d6724f;
+  --primary-foreground: #15130d;
+  --secondary: #2b2922;
+  --secondary-foreground: #e9e8e3;
+  --muted: #2b2922;
+  --muted-foreground: #928f85;
+  --accent: #2b2922;
+  --accent-foreground: #e9e8e3;
+  --destructive: #ff6467;
+  --border: rgba(255, 255, 250, 0.12);
+  --input: rgba(255, 255, 250, 0.15);
+  --ring: #d6724f;
+  --success: #009c50;
+  --success-foreground: #ffffff;
+  --warning: #faab3f;
+  --warning-foreground: #242119;
+  --info: #0099e0;
+  --info-foreground: #ffffff;
+  --chart-1: #d6724f;
+  --chart-2: #00bc7d;
+  --chart-3: #e5a658;
+  --chart-4: #a066df;
+  --chart-5: #e25969;
+  --sidebar: #201e18;
+  --sidebar-foreground: #e9e8e3;
+  --sidebar-primary: #d6724f;
+  --sidebar-primary-foreground: #e9e8e3;
+  --sidebar-accent: #2b2922;
+  --sidebar-accent-foreground: #e9e8e3;
+  --sidebar-border: rgba(255, 255, 250, 0.12);
+  --sidebar-ring: #d6724f;
+}

package/template/server/package.json

@@ -52,6 +52,7 @@
   },
   "overrides": {
     "bn.js": ">=5.2.3",
+    "flatted": ">=3.4.2",
     "@typescript-eslint/typescript-estree": {
       "minimatch": ">=10.2.1"
     }