express-genix 2.0.1 → 3.0.1

package/README.md

@@ -3,6 +3,7 @@
 A production-grade CLI tool that generates Express.js applications with best-in-class defaults. Scaffold a complete REST API in seconds — with TypeScript, authentication, Prisma/Mongoose/Sequelize, Docker, CI/CD, and more.
 
 [![npm version](https://img.shields.io/npm/v/express-genix.svg)](https://www.npmjs.com/package/express-genix)
+[![npm downloads](https://img.shields.io/npm/dm/express-genix.svg)](https://www.npmjs.com/package/express-genix)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](https://nodejs.org)
 
@@ -15,20 +16,32 @@ A production-grade CLI tool that generates Express.js applications with best-in-
 
 **Security & Auth**
 - JWT access + refresh tokens with token blacklist logout
+- Role-Based Access Control (RBAC) — admin, moderator, user roles with permission system
+- Admin panel routes for user management (list, view, update roles, delete)
 - Password reset flow (forgot-password / reset-password with crypto tokens)
 - Optional Redis-backed blacklist for production multi-instance deployments
 - Zod request validation with pre-built schemas (register, login, reset, etc.)
 - bcrypt password hashing, input sanitization (`validator`)
 - Helmet, CORS, environment validation on startup
 - Auto-generated cryptographically secure JWT secrets
+- Soft deletes with restore capability
 
 **API & Documentation**
 - Swagger UI + swagger-jsdoc annotation-based docs with example request/response bodies
+- GraphQL (Apollo Server) with type definitions and resolvers
 - Consistent `{ success, data, meta }` response envelope
+- API versioning (`/api/v1/` prefix)
 - Paginated list endpoints
 - Request ID / correlation tracking
 - Response caching middleware (Redis-backed, configurable TTL)
 
+**Services & Infrastructure**
+- Email service (Nodemailer) with welcome and password reset emails
+- File uploads (Multer) with type filtering and size limits
+- Background jobs (BullMQ) with Redis-backed queues and workers
+- Prometheus metrics (`/metrics` endpoint with prom-client)
+- Audit logging middleware with request tracking and sensitive field redaction
+
 **Developer Experience**
 - Interactive prompts — pick language, database, features via checkbox
 - Winston or Pino logger (you choose)
@@ -71,7 +84,7 @@ You'll be prompted for:
 1. **Project name**
 2. **Language** — JavaScript or TypeScript
 3. **Database** — MongoDB, PostgreSQL (Sequelize), PostgreSQL (Prisma), or None
-4. **Features** — Auth, Rate Limiting, Swagger, Redis Token Blacklist, Docker, CI/CD, WebSocket, Request ID
+4. **Features** — Auth, Rate Limiting, Swagger, Redis, Docker, CI/CD, WebSocket, Request ID, Email, File Uploads, Soft Deletes, Audit Logging, Prometheus Metrics, API Versioning, Background Jobs, GraphQL
 5. **Logger** — Winston or Pino
 
 The CLI generates your project, installs dependencies, formats code, and creates an initial git commit.
@@ -103,19 +116,22 @@ express-genix add prisma      # Adds Prisma schema, client config, migrations
 ```
 my-express-app/
 ├── src/
-│   ├── config/          # Database, Swagger, WebSocket configuration
-│   ├── controllers/     # Route handlers
-│   ├── middleware/       # Auth, validation, error handling, request ID
-│   ├── models/          # Database models (Mongoose/Sequelize)
+│   ├── config/          # Database, Swagger, WebSocket, queue configuration
+│   ├── controllers/     # Route handlers (auth, user, admin, example)
+│   ├── graphql/         # GraphQL type definitions & resolvers (if selected)
+│   ├── jobs/            # BullMQ background workers (if selected)
+│   ├── middleware/      # Auth, RBAC, validation, error handling, uploads, metrics, audit log
+│   ├── models/          # Database models (Mongoose/Sequelize/Prisma)
 │   ├── routes/          # API route definitions with Swagger annotations
-│   ├── services/        # Business logic layer
+│   ├── services/        # Business logic layer (auth, user, email)
 │   ├── utils/           # Logger, errors, response helpers, validators
 │   ├── app.js|ts        # Express app setup
-│   └── server.js|ts     # Server + clustering + WebSocket
+│   └── server.js|ts     # Server + clustering + WebSocket + workers
 ├── tests/               # Jest + Supertest suites
 ├── prisma/              # Prisma schema (if selected)
 ├── migrations/          # Sequelize migrations (if PostgreSQL + Sequelize)
 ├── seeders/             # Sequelize seeders (if PostgreSQL + Sequelize)
+├── uploads/             # File upload directory (if selected)
 ├── .github/workflows/   # CI/CD pipeline (if selected)
 ├── .env                 # Auto-generated environment config
 ├── .env.example         # Template for team sharing
@@ -126,6 +142,8 @@ my-express-app/
 
 ## API Endpoints (with database + auth)
 
+> When API versioning is enabled, all `/api/*` routes become `/api/v1/*`.
+
 ### Authentication
 | Method | Endpoint | Description |
 |--------|----------|-------------|
@@ -141,12 +159,35 @@ my-express-app/
 |--------|----------|-------------|
 | GET | `/api/users/profile` | Get current user |
 | PUT | `/api/users/profile` | Update profile |
-| DELETE | `/api/users/profile` | Delete account |
+| DELETE | `/api/users/profile` | Delete account (soft delete if enabled) |
+
+### Admin (RBAC — admin role required)
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/admin/users` | List all users (paginated) |
+| GET | `/api/admin/users/:id` | Get user by ID |
+| PUT | `/api/admin/users/:id/role` | Update user role |
+| DELETE | `/api/admin/users/:id` | Delete user |
+| POST | `/api/admin/users/:id/restore` | Restore soft-deleted user |
+
+### File Uploads
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/uploads/single` | Upload a single file |
+| POST | `/api/uploads/multiple` | Upload multiple files (max 10) |
+
+### Background Jobs (BullMQ)
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/jobs` | Dispatch a background job |
+| GET | `/api/jobs/:id` | Get job status |
 
-### Health
+### Observability & Health
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| GET | `/health` | Health check with uptime, DB status, Redis status, memory usage |
+| GET | `/health` | Health check (uptime, DB, Redis, memory) |
+| GET | `/metrics` | Prometheus metrics (prom-client) |
+| GET | `/graphql` | GraphQL Playground (Apollo Server) |
 
 ## Available Scripts
 
@@ -185,10 +226,17 @@ Generated `.env` includes auto-generated JWT secrets:
 | `JWT_SECRET` | Access token secret (auto-generated) | — |
 | `JWT_REFRESH_SECRET` | Refresh token secret (auto-generated) | — |
 | `MONGO_URI` / `DATABASE_URL` | Database connection string | — |
-| `REDIS_URL` | Redis URL (when Redis blacklist enabled) | `redis://localhost:6379` |
+| `REDIS_URL` | Redis URL (token blacklist, caching, BullMQ) | `redis://localhost:6379` |
 | `RATE_LIMIT_WINDOW_MS` | Rate limit window (ms) | `900000` |
 | `RATE_LIMIT_MAX` | Max requests per window | `100` |
 | `LOG_LEVEL` | Logging level | `info` |
+| `SMTP_HOST` | SMTP server host (email service) | — |
+| `SMTP_PORT` | SMTP server port | `587` |
+| `SMTP_USER` | SMTP username | — |
+| `SMTP_PASS` | SMTP password | — |
+| `EMAIL_FROM` | Default sender address | — |
+| `UPLOAD_MAX_SIZE` | Max file upload size in bytes | `5242880` (5 MB) |
+| `UPLOAD_DIR` | Upload destination directory | `uploads` |
 
 ## Docker
 
@@ -196,6 +244,8 @@ Generated `.env` includes auto-generated JWT secrets:
 docker-compose up --build
 ```
 
+The generated `docker-compose.yml` includes services for your app and its dependencies (MongoDB/PostgreSQL, Redis) with health checks, volumes, and a shared network. The `Dockerfile` uses multi-stage builds, runs as a non-root user, and only copies production dependencies.
+
 ## Contributing
 
 Contributions are welcome! Please read our [Contributing Guide](CONTRIBUTING.md) for details.

package/index.js

@@ -75,6 +75,14 @@ async function main() {
             { name: 'CI/CD (GitHub Actions)', value: 'cicd' },
             { name: 'WebSocket (Socket.io)', value: 'websocket' },
             { name: 'Request ID / Correlation ID', value: 'requestId', checked: true },
+            { name: 'Email Service (Nodemailer)', value: 'email' },
+            { name: 'File Uploads (Multer)', value: 'fileUpload' },
+            { name: 'Soft Deletes', value: 'softDelete' },
+            { name: 'Audit Logging', value: 'auditLog' },
+            { name: 'Prometheus Metrics', value: 'metrics' },
+            { name: 'API Versioning (/api/v1)', value: 'apiVersioning' },
+            { name: 'Background Jobs (BullMQ)', value: 'backgroundJobs' },
+            { name: 'GraphQL (Apollo Server)', value: 'graphql' },
           ],
           when: (ans) => ans.db !== 'none',
         },
@@ -89,6 +97,11 @@ async function main() {
             { name: 'CI/CD (GitHub Actions)', value: 'cicd' },
             { name: 'WebSocket (Socket.io)', value: 'websocket' },
             { name: 'Request ID / Correlation ID', value: 'requestId', checked: true },
+            { name: 'File Uploads (Multer)', value: 'fileUpload' },
+            { name: 'Audit Logging', value: 'auditLog' },
+            { name: 'Prometheus Metrics', value: 'metrics' },
+            { name: 'API Versioning (/api/v1)', value: 'apiVersioning' },
+            { name: 'GraphQL (Apollo Server)', value: 'graphql' },
           ],
           when: (ans) => ans.db === 'none',
         },
@@ -121,6 +134,14 @@ async function main() {
         hasWebsocket: features.includes('websocket'),
         hasRequestId: features.includes('requestId'),
         hasRedis: features.includes('redis') && features.includes('auth') && answers.db !== 'none',
+        hasEmail: features.includes('email') && answers.db !== 'none',
+        hasFileUpload: features.includes('fileUpload'),
+        hasSoftDelete: features.includes('softDelete') && answers.db !== 'none',
+        hasAuditLog: features.includes('auditLog'),
+        hasMetrics: features.includes('metrics'),
+        hasApiVersioning: features.includes('apiVersioning'),
+        hasBackgroundJobs: features.includes('backgroundJobs'),
+        hasGraphQL: features.includes('graphql'),
         jwtSecret: generateSecret(),
         jwtRefreshSecret: generateSecret(),
       };
@@ -163,7 +184,7 @@ async function main() {
 To get started:
   cd ${config.projectName}
   npm run dev
-${config.hasSwagger ? `\nAPI Documentation: http://localhost:3000/api-docs` : ''}
+${config.hasSwagger ? `\nAPI Documentation: http://localhost:3000/api-docs` : ''}${config.hasGraphQL ? `\nGraphQL Playground: http://localhost:3000/graphql` : ''}${config.hasMetrics ? `\nPrometheus Metrics: http://localhost:3000/metrics` : ''}
 Health Check: http://localhost:3000/health
 
 Available scripts:

package/lib/features.js

@@ -232,6 +232,14 @@ const inferConfig = (projectDir, pkg) => {
     hasWebsocket: !!(pkg.dependencies && pkg.dependencies['socket.io']),
     hasRedis: !!(pkg.dependencies && pkg.dependencies.ioredis),
     hasRequestId: !!(pkg.dependencies && pkg.dependencies.uuid),
+    hasEmail: !!(pkg.dependencies && pkg.dependencies.nodemailer),
+    hasFileUpload: !!(pkg.dependencies && pkg.dependencies.multer),
+    hasSoftDelete: false,
+    hasAuditLog: false,
+    hasMetrics: !!(pkg.dependencies && pkg.dependencies['prom-client']),
+    hasApiVersioning: false,
+    hasBackgroundJobs: !!(pkg.dependencies && pkg.dependencies.bullmq),
+    hasGraphQL: !!(pkg.dependencies && pkg.dependencies['@apollo/server']),
     logger: pkg.dependencies && pkg.dependencies.pino ? 'pino' : 'winston',
   };
 };

package/lib/generator.js

@@ -49,6 +49,18 @@ const createDirectoryStructure = (projectDir, config) => {
     dirs.push('.github', '.github/workflows');
   }
 
+  if (config.hasFileUpload) {
+    dirs.push('uploads');
+  }
+
+  if (config.hasBackgroundJobs) {
+    dirs.push('src/jobs');
+  }
+
+  if (config.hasGraphQL) {
+    dirs.push('src/graphql');
+  }
+
   fs.mkdirSync(projectDir);
   dirs.forEach((dir) => {
     fs.mkdirSync(path.join(projectDir, dir), { recursive: true });
@@ -128,6 +140,10 @@ const generateFiles = async (config, projectDir) => {
     configFiles.push({ template: 'config/redis.js.ejs', output: `src/config/redis.${ext}` });
   }
 
+  if (config.hasBackgroundJobs) {
+    configFiles.push({ template: 'config/queue.js.ejs', output: `src/config/queue.${ext}` });
+  }
+
   // Route files
   const routeFiles = [
     { template: 'routes/index.js.ejs', output: `src/routes/index.${ext}` },
@@ -141,11 +157,13 @@ const generateFiles = async (config, projectDir) => {
   if (config.hasAuth) {
     controllerFiles.push(
       { template: 'controllers/authController.js.ejs', output: `src/controllers/authController.${ext}` },
-      { template: 'controllers/userController.js.ejs', output: `src/controllers/userController.${ext}` }
+      { template: 'controllers/userController.js.ejs', output: `src/controllers/userController.${ext}` },
+      { template: 'controllers/adminController.js.ejs', output: `src/controllers/adminController.${ext}` }
     );
     routeFiles.push(
       { template: 'routes/authRoutes.js.ejs', output: `src/routes/authRoutes.${ext}` },
-      { template: 'routes/userRoutes.js.ejs', output: `src/routes/userRoutes.${ext}` }
+      { template: 'routes/userRoutes.js.ejs', output: `src/routes/userRoutes.${ext}` },
+      { template: 'routes/adminRoutes.js.ejs', output: `src/routes/adminRoutes.${ext}` }
     );
     serviceFiles.push(
       { template: 'services/authService.js.ejs', output: `src/services/authService.${ext}` }
@@ -178,6 +196,24 @@ const generateFiles = async (config, projectDir) => {
     );
   }
 
+  if (config.hasEmail) {
+    serviceFiles.push(
+      { template: 'services/emailService.js.ejs', output: `src/services/emailService.${ext}` }
+    );
+  }
+
+  if (config.hasFileUpload) {
+    routeFiles.push(
+      { template: 'routes/uploadRoutes.js.ejs', output: `src/routes/uploadRoutes.${ext}` }
+    );
+  }
+
+  if (config.hasBackgroundJobs) {
+    routeFiles.push(
+      { template: 'routes/jobRoutes.js.ejs', output: `src/routes/jobRoutes.${ext}` }
+    );
+  }
+
   // Middleware files
   const middlewareFiles = [
     { template: 'middleware/errorHandler.js.ejs', output: `src/middleware/errorHandler.${ext}` },
@@ -196,6 +232,30 @@ const generateFiles = async (config, projectDir) => {
     );
   }
 
+  if (config.hasAuth) {
+    middlewareFiles.push(
+      { template: 'middleware/rbac.js.ejs', output: `src/middleware/rbac.${ext}` }
+    );
+  }
+
+  if (config.hasFileUpload) {
+    middlewareFiles.push(
+      { template: 'middleware/upload.js.ejs', output: `src/middleware/upload.${ext}` }
+    );
+  }
+
+  if (config.hasAuditLog) {
+    middlewareFiles.push(
+      { template: 'middleware/auditLog.js.ejs', output: `src/middleware/auditLog.${ext}` }
+    );
+  }
+
+  if (config.hasMetrics) {
+    middlewareFiles.push(
+      { template: 'middleware/metrics.js.ejs', output: `src/middleware/metrics.${ext}` }
+    );
+  }
+
   if (config.hasRedis) {
     middlewareFiles.push(
       { template: 'middleware/cache.js.ejs', output: `src/middleware/cache.${ext}` }
@@ -245,6 +305,21 @@ const generateFiles = async (config, projectDir) => {
     ...testFiles,
   ];
 
+  // GraphQL files
+  if (config.hasGraphQL) {
+    allFiles.push(
+      { template: 'graphql/typeDefs.js.ejs', output: `src/graphql/typeDefs.${ext}` },
+      { template: 'graphql/resolvers.js.ejs', output: `src/graphql/resolvers.${ext}` }
+    );
+  }
+
+  // Background job worker
+  if (config.hasBackgroundJobs) {
+    allFiles.push(
+      { template: 'jobs/worker.js.ejs', output: `src/jobs/worker.${ext}` }
+    );
+  }
+
   const errors = [];
 
   for (const file of allFiles) {

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "express-genix",
-    "version": "2.0.1",
-    "description": "Production-grade CLI to generate Express apps with JWT, TypeScript, Prisma, MongoDB, PostgreSQL, rate-limiting, Swagger, CI/CD, and more",
+    "version": "3.0.1",
+    "description": "Production-grade CLI to generate Express apps with JWT, RBAC, GraphQL, TypeScript, Prisma, MongoDB, PostgreSQL, file uploads, email, background jobs, and more",
     "main": "index.js",
     "bin": {
         "express-genix": "index.js"

package/templates/config/queue.js.ejs

@@ -0,0 +1,29 @@
+const { Queue } = require('bullmq');
+const logger = require('../utils/logger');
+
+const redisConnection = {
+  host: process.env.REDIS_HOST || 'localhost',
+  port: parseInt(process.env.REDIS_PORT, 10) || 6379,
+};
+
+// Define your queues here
+const emailQueue = new Queue('email', { connection: redisConnection });
+const defaultQueue = new Queue('default', { connection: redisConnection });
+
+const addJob = async (queueName, jobName, data, options = {}) => {
+  const queues = { email: emailQueue, default: defaultQueue };
+  const queue = queues[queueName] || defaultQueue;
+
+  const job = await queue.add(jobName, data, {
+    attempts: 3,
+    backoff: { type: 'exponential', delay: 1000 },
+    removeOnComplete: { count: 100 },
+    removeOnFail: { count: 500 },
+    ...options,
+  });
+
+  logger.info(`Job added: ${jobName} (${job.id}) to queue ${queueName}`);
+  return job;
+};
+
+module.exports = { emailQueue, defaultQueue, addJob, redisConnection };

package/templates/config/schema.prisma.ejs

@@ -12,8 +12,10 @@ model User {
   username  String   @unique @db.VarChar(50)
   email     String   @unique
   password  String
+  role      String   @default("user")
   createdAt DateTime @default(now()) @map("created_at")
   updatedAt DateTime @updatedAt @map("updated_at")
+<% if (hasSoftDelete) { %>  deletedAt DateTime? @map("deleted_at")<% } %>
 
   @@map("users")
 }

package/templates/controllers/adminController.js.ejs

@@ -0,0 +1,109 @@
+const userService = require('../services/userService');
+const { AppError } = require('../utils/errors');
+const { success } = require('../utils/response');
+
+const listUsers = async (req, res, next) => {
+  try {
+    const page = parseInt(req.query.page, 10) || 1;
+    const limit = Math.min(parseInt(req.query.limit, 10) || 20, 100);
+    const users = await userService.findAll({ page, limit });
+
+    return success(res, users);
+  } catch (error) {
+    next(error);
+  }
+};
+
+const getUserById = async (req, res, next) => {
+  try {
+    const user = await userService.findById(req.params.id);
+    if (!user) {
+      throw new AppError('User not found', 404);
+    }
+
+    return success(res, {
+      user: {
+        id: user.id,
+        username: user.username,
+        email: user.email,
+        role: user.role,
+        createdAt: user.createdAt,
+      },
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+const updateUserRole = async (req, res, next) => {
+  try {
+    const { role } = req.body;
+    const validRoles = ['user', 'moderator', 'admin'];
+
+    if (!validRoles.includes(role)) {
+      throw new AppError(`Invalid role. Must be one of: ${validRoles.join(', ')}`, 400);
+    }
+
+    const user = await userService.findById(req.params.id);
+    if (!user) {
+      throw new AppError('User not found', 404);
+    }
+
+    const updatedUser = await userService.updateById(req.params.id, { role });
+
+    return success(res, {
+      message: 'User role updated successfully',
+      user: {
+        id: updatedUser.id,
+        username: updatedUser.username,
+        email: updatedUser.email,
+        role: updatedUser.role,
+      },
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+const deleteUser = async (req, res, next) => {
+  try {
+    if (req.params.id === req.user.userId) {
+      throw new AppError('Cannot delete your own admin account', 400);
+    }
+
+    const user = await userService.findById(req.params.id);
+    if (!user) {
+      throw new AppError('User not found', 404);
+    }
+
+    await userService.deleteById(req.params.id);
+    return success(res, { message: 'User deleted successfully' });
+  } catch (error) {
+    next(error);
+  }
+};
+<% if (hasSoftDelete) { %>
+const restoreUser = async (req, res, next) => {
+  try {
+    const user = await userService.restoreById(req.params.id);
+    if (!user) {
+      throw new AppError('User not found or not deleted', 404);
+    }
+    return success(res, { message: 'User restored successfully' });
+  } catch (error) {
+    next(error);
+  }
+};
+
+const listDeletedUsers = async (req, res, next) => {
+  try {
+    const page = parseInt(req.query.page, 10) || 1;
+    const limit = Math.min(parseInt(req.query.limit, 10) || 20, 100);
+    const users = await userService.findDeleted({ page, limit });
+    return success(res, users);
+  } catch (error) {
+    next(error);
+  }
+};
+<% } %>
+module.exports = { listUsers, getUserById, updateUserRole, deleteUser<% if (hasSoftDelete) { %>, restoreUser, listDeletedUsers<% } %> };

package/templates/controllers/authController.js.ejs

@@ -3,6 +3,7 @@ const authService = require('../services/authService');
 const userService = require('../services/userService');
 const { AppError } = require('../utils/errors');
 const { success, created } = require('../utils/response');
+<% if (hasEmail) { %>const emailService = require('../services/emailService');<% } %>
 
 const register = async (req, res, next) => {
   try {
@@ -16,7 +17,10 @@ const register = async (req, res, next) => {
     const hashedPassword = await bcrypt.hash(password, 12);
     const user = await userService.create({ username, email, password: hashedPassword });
     const tokens = authService.generateTokens(user);
-
+<% if (hasEmail) { %>
+    // Send welcome email (non-blocking)
+    emailService.sendWelcomeEmail(email, username).catch(() => {});
+<% } %>
     return created(res, {
       message: 'User registered successfully',
       user: { id: user.id, username: user.username, email: user.email },
@@ -113,12 +117,13 @@ const forgotPassword = async (req, res, next) => {
     }
 
     const resetToken = await authService.generateResetToken(email);
-
+<% if (hasEmail) { %>
+    await emailService.sendPasswordResetEmail(email, resetToken);
+<% } else { %>
     // TODO: Send email with reset link
-    // await emailService.sendResetEmail(email, resetToken);
-    //
     // For development, log the token:
     console.log(`Password reset token for ${email}: ${resetToken}`);
+<% } %>
 
     return success(res, { message: 'If an account with that email exists, a reset link has been sent.' });
   } catch (error) {

package/templates/controllers/userController.js.ejs

@@ -14,6 +14,7 @@ const getProfile = async (req, res, next) => {
         id: user.id,
         username: user.username,
         email: user.email,
+        role: user.role,
         createdAt: user.createdAt,
       },
     });

package/templates/core/app.js.ejs

@@ -6,6 +6,13 @@ const morgan = require('morgan');
 <% if (hasSwagger) { %>const swaggerUi = require('swagger-ui-express');
 const swaggerSpec = require('./config/swagger');<% } %>
 <% if (hasRequestId) { %>const { requestId } = require('./middleware/requestId');<% } %>
+<% if (hasMetrics) { %>const { metricsMiddleware, metricsEndpoint } = require('./middleware/metrics');<% } %>
+<% if (hasAuditLog) { %>const { auditLog } = require('./middleware/auditLog');<% } %>
+<% if (hasGraphQL) { %>const { ApolloServer } = require('@apollo/server');
+const { expressMiddleware } = require('@apollo/server/express4');
+const typeDefs = require('./graphql/typeDefs');
+const resolvers = require('./graphql/resolvers');<% if (hasAuth) { %>
+const authService = require('./services/authService');<% } %><% } %>
 const routes = require('./routes');
 const errorHandler = require('./middleware/errorHandler');
 <% if (hasDatabase || hasAuth) { %>const { validateEnv } = require('./utils/envValidator');
@@ -31,6 +38,18 @@ app.use(morgan(process.env.NODE_ENV === 'production' ? 'combined' : 'dev'));
 // Body parsing
 app.use(express.json({ limit: '10mb' }));
 app.use(express.urlencoded({ extended: true }));
+<% if (hasFileUpload) { %>
+// Serve uploaded files
+const path = require('path');
+app.use('/uploads', express.static(path.join(process.cwd(), process.env.UPLOAD_DIR || 'uploads')));
+<% } %>
+<% if (hasMetrics) { %>
+// Prometheus metrics
+app.use(metricsMiddleware);
+app.get('/metrics', metricsEndpoint);<% } %>
+<% if (hasAuditLog) { %>
+// Audit logging
+app.use(auditLog());<% } %>
 <% if (hasRateLimit) { %>
 // Rate limiting
 const limiter = rateLimit({
@@ -96,9 +115,39 @@ app.get('/health', async (req, res) => {
 app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec, {
   customCss: '.swagger-ui .topbar { display: none }',
 }));<% } %>
+<% if (hasGraphQL) { %>
+// GraphQL setup (async — call initGraphQL() before starting server)
+let apolloServer;
+
+const initGraphQL = async () => {
+  apolloServer = new ApolloServer({ typeDefs, resolvers });
+  await apolloServer.start();
+
+  app.use('/graphql', expressMiddleware(apolloServer, {
+    context: async ({ req }) => {
+<% if (hasAuth) { %>      // Extract user from JWT if present
+      const authHeader = req.headers.authorization;
+      if (authHeader) {
+        const token = authHeader.split(' ')[1];
+        try {
+          const user = authService.verifyToken(token);
+          return { user };
+        } catch {
+          return { user: null };
+        }
+      }
+<% } %>      return { user: null };
+    },
+  }));
+};
 
+app.initGraphQL = initGraphQL;
+<% } %>
 // API routes
-app.use('/api', routes);
+<% if (hasApiVersioning) { %>app.use('/api/v1', routes);
+// Future versions: app.use('/api/v2', v2Routes);
+<% } else { %>app.use('/api', routes);
+<% } %>
 
 // 404 handler
 app.use('*', (req, res) => {

package/templates/core/env.ejs

@@ -11,6 +11,23 @@ JWT_REFRESH_EXPIRE=7d
 <% } %><% if (hasRedis) { %>
 # Redis (token blacklist store)
 REDIS_URL=redis://localhost:6379
+<% } %><% if (hasBackgroundJobs && !hasRedis) { %>
+# Redis (required for BullMQ)
+REDIS_HOST=localhost
+REDIS_PORT=6379
+<% } %><% if (hasEmail) { %>
+# Email (SMTP)
+SMTP_HOST=smtp.ethereal.email
+SMTP_PORT=587
+SMTP_SECURE=false
+SMTP_USER=
+SMTP_PASS=
+SMTP_FROM="App" <noreply@example.com>
+FRONTEND_URL=http://localhost:3000
+<% } %><% if (hasFileUpload) { %>
+# File Uploads
+UPLOAD_DIR=uploads
+UPLOAD_MAX_SIZE=5242880
 <% } %><% if (db === 'mongodb') { %>
 # Database
 MONGO_URI=mongodb://localhost:27017/<%= projectName %>

package/templates/core/env.example.ejs

@@ -11,6 +11,23 @@ JWT_REFRESH_EXPIRE=7d
 <% } %><% if (hasRedis) { %>
 # Redis (token blacklist store)
 REDIS_URL=redis://localhost:6379
+<% } %><% if (hasBackgroundJobs && !hasRedis) { %>
+# Redis (required for BullMQ)
+REDIS_HOST=localhost
+REDIS_PORT=6379
+<% } %><% if (hasEmail) { %>
+# Email (SMTP)
+SMTP_HOST=smtp.ethereal.email
+SMTP_PORT=587
+SMTP_SECURE=false
+SMTP_USER=
+SMTP_PASS=
+SMTP_FROM="App" <noreply@example.com>
+FRONTEND_URL=http://localhost:3000
+<% } %><% if (hasFileUpload) { %>
+# File Uploads
+UPLOAD_DIR=uploads
+UPLOAD_MAX_SIZE=5242880
 <% } %><% if (db === 'mongodb') { %>
 # Database
 MONGO_URI=mongodb://localhost:27017/<%= projectName %>