express-genix 4.5.2 → 4.6.0

package/index.js

@@ -8,6 +8,7 @@ const crypto = require('crypto');
 const { execSync } = require('child_process');
 const { runPostGenerationCleanup } = require('./lib/cleanup');
 const { generateProject } = require('./lib/generator');
+const { validateProjectName } = require('./lib/utils');
 
 const pkg = require('./package.json');
 const prompt = inquirer.createPromptModule();
@@ -70,13 +71,8 @@ async function main() {
           message: 'Project name:',
           default: 'my-express-app',
           validate: (input) => {
-            if (!/^[a-zA-Z0-9-_]+$/.test(input)) {
-              return 'Project name can only contain letters, numbers, hyphens, and underscores';
-            }
-            if (input.length > 100) {
-              return 'Project name must be less than 100 characters';
-            }
-            return true;
+            const error = validateProjectName(input);
+            return error ? error : true;
           },
         },
         {
@@ -107,7 +103,7 @@ async function main() {
             { name: 'JWT Authentication', value: 'auth', checked: true },
             { name: 'Rate Limiting', value: 'rateLimit', checked: true },
             { name: 'Swagger/OpenAPI Docs', value: 'swagger', checked: true },
-            { name: 'Redis Token Blacklist', value: 'redis' },
+            { name: 'Redis Caching / Token Blacklist', value: 'redis' },
             { name: 'Docker & Docker Compose', value: 'docker', checked: true },
             { name: 'CI/CD (GitHub Actions)', value: 'cicd' },
             { name: 'WebSocket (Socket.io)', value: 'websocket' },
@@ -131,14 +127,17 @@ async function main() {
           choices: [
             { name: 'Rate Limiting', value: 'rateLimit', checked: true },
             { name: 'Swagger/OpenAPI Docs', value: 'swagger', checked: true },
+            { name: 'Redis Caching', value: 'redis' },
             { name: 'Docker & Docker Compose', value: 'docker', checked: true },
             { name: 'CI/CD (GitHub Actions)', value: 'cicd' },
             { name: 'WebSocket (Socket.io)', value: 'websocket' },
             { name: 'Request ID / Correlation ID', value: 'requestId', checked: true },
+            { name: 'Email Service (Nodemailer)', value: 'email' },
             { name: 'File Uploads (Multer)', value: 'fileUpload' },
             { name: 'Audit Logging', value: 'auditLog' },
             { name: 'Prometheus Metrics', value: 'metrics' },
             { name: 'API Versioning (/api/v1)', value: 'apiVersioning' },
+            { name: 'Background Jobs (BullMQ)', value: 'backgroundJobs' },
             { name: 'GraphQL (Apollo Server)', value: 'graphql' },
             { name: 'MCP Server (AI Agent Tools)', value: 'mcp' },
           ],
@@ -172,8 +171,8 @@ async function main() {
         hasCicd: features.includes('cicd'),
         hasWebsocket: features.includes('websocket'),
         hasRequestId: features.includes('requestId'),
-        hasRedis: features.includes('redis') && features.includes('auth') && answers.db !== 'none',
-        hasEmail: features.includes('email') && answers.db !== 'none',
+        hasRedis: features.includes('redis') || features.includes('backgroundJobs'),
+        hasEmail: features.includes('email'),
         hasFileUpload: features.includes('fileUpload'),
         hasSoftDelete: features.includes('softDelete') && answers.db !== 'none',
         hasAuditLog: features.includes('auditLog'),
@@ -249,12 +248,17 @@ Configuration:
         }
 
       } catch (error) {
-        // Rollback: remove partial project directory on failure
-        if (fs.existsSync(projectDir)) {
-          fs.rmSync(projectDir, { recursive: true, force: true });
-          console.error('\n🧹 Rolled back partial project directory.');
+        if (error.message.includes('Failed to install dependencies')) {
+          console.error(`\n⚠️  Project generated, but dependency installation failed.`);
+          console.error(`   Please cd into ${config.projectName} and run "npm install" manually.`);
+        } else {
+          // Rollback: remove partial project directory on failure
+          if (fs.existsSync(projectDir)) {
+            fs.rmSync(projectDir, { recursive: true, force: true });
+            console.error('\n🧹 Rolled back partial project directory.');
+          }
+          console.error(`\n❌ Failed to create project: ${error.message}`);
         }
-        console.error(`\n❌ Failed to create project: ${error.message}`);
         process.exit(1);
       }
     });
@@ -290,109 +294,7 @@ Configuration:
       }
     });
 
-  program
-    .command('ai <description>')
-    .description('Generate a project from a natural language description (requires OPENAI_API_KEY or ANTHROPIC_API_KEY)')
-    .option('--skip-install', 'Skip npm install')
-    .option('--skip-cleanup', 'Skip post-generation cleanup')
-    .action(async (description, options) => {
-      const { runAiCommand } = require('./lib/ai-cli');
-      const aiConfig = await runAiCommand(description);
-
-      const inquirerPrompt = inquirer.createPromptModule();
-      const aiFollowUp = await inquirerPrompt([
-        {
-          type: 'confirm',
-          name: 'confirmed',
-          message: 'Generate project with this configuration?',
-          default: true,
-        },
-      ]);
-
-      if (!aiFollowUp.confirmed) {
-        console.log('Cancelled.');
-        process.exit(0);
-      }
-
-      aiConfig.aiProvider = aiFollowUp.aiProvider || 'openai';
-      const features = aiConfig.features || [];
-      const config = {
-        projectName: aiConfig.projectName,
-        language: aiConfig.language || 'javascript',
-        db: aiConfig.db || 'none',
-        logger: aiConfig.logger || 'winston',
-        hasDatabase: aiConfig.db !== 'none',
-        isNoDatabase: aiConfig.db === 'none',
-        isPrisma: aiConfig.db === 'prisma',
-        isTypescript: aiConfig.language === 'typescript',
-        hasAuth: features.includes('auth') && aiConfig.db !== 'none',
-        hasRateLimit: features.includes('rateLimit'),
-        hasSwagger: features.includes('swagger'),
-        hasDocker: features.includes('docker'),
-        hasCicd: features.includes('cicd'),
-        hasWebsocket: features.includes('websocket'),
-        hasRequestId: features.includes('requestId'),
-        hasRedis: features.includes('redis') && features.includes('auth') && aiConfig.db !== 'none',
-        hasEmail: features.includes('email') && aiConfig.db !== 'none',
-        hasFileUpload: features.includes('fileUpload'),
-        hasSoftDelete: features.includes('softDelete') && aiConfig.db !== 'none',
-        hasAuditLog: features.includes('auditLog'),
-        hasMetrics: features.includes('metrics'),
-        hasApiVersioning: features.includes('apiVersioning'),
-        hasBackgroundJobs: features.includes('backgroundJobs'),
-        hasGraphQL: features.includes('graphql'),
-        hasMCP: features.includes('mcp'),
-        jwtSecret: generateSecret(),
-        jwtRefreshSecret: generateSecret(),
-      };
-
-      const projectDir = path.join(process.cwd(), config.projectName);
-
-      if (fs.existsSync(projectDir)) {
-        console.error(`\n❌ Directory "${config.projectName}" already exists!`);
-        process.exit(1);
-      }
-
-      const dbLabel = config.isNoDatabase ? 'no database' : config.db;
-      console.log(`\n🚀 Creating ${config.projectName} (${config.language}, ${dbLabel})...\n`);
-
-      try {
-        await generateProject(config, projectDir, options);
-
-        if (!options.skipCleanup) {
-          await runPostGenerationCleanup(projectDir, config);
-        }
-
-        try {
-          execSync('git init', { cwd: projectDir, stdio: 'pipe' });
-          execSync('git add -A', { cwd: projectDir, stdio: 'pipe' });
-          execSync('git commit -m "Initial commit from express-genix ai"', {
-            cwd: projectDir,
-            stdio: 'pipe',
-            env: { ...process.env, GIT_COMMITTER_NAME: 'express-genix', GIT_COMMITTER_EMAIL: 'cli@express-genix.dev', GIT_AUTHOR_NAME: 'express-genix', GIT_AUTHOR_EMAIL: 'cli@express-genix.dev' },
-          });
-        } catch {
-          // Git not available
-        }
-
-        console.log(`\n✅ Project ${config.projectName} created from AI description!\n`);
-        console.log(`  cd ${config.projectName}`);
-        console.log('  npm run dev\n');
-
-        // Prompt to install Coda VS Code extension
-        if (config.hasMCP) {
-          await promptCodaExtension();
-        }
 
-      } catch (error) {
-        if (fs.existsSync(projectDir)) {
-          fs.rmSync(projectDir, { recursive: true, force: true });
-          console.error('\n🧹 Rolled back partial project directory.');
-        }
-        console.error(`\n❌ Failed to create project: ${error.message}`);
-        process.exit(1);
-      }
-    });
 
   await program.parseAsync(process.argv);
 }

package/lib/cleanup.js

@@ -6,23 +6,25 @@ const runPostGenerationCleanup = async (projectDir) => {
   try {
     // Step 1: Run eslint --fix
     try {
-      execSync(`cd "${projectDir}" && npx eslint . --fix`, { stdio: 'pipe' });
+      execSync('npx eslint . --fix', { cwd: projectDir, stdio: 'pipe' });
       console.log('✅ ESLint auto-fixes applied');
-    } catch {
+    } catch (error) {
       console.log('⚠️  Some ESLint issues may need manual fixing');
+      if (error.stderr) console.log(error.stderr.toString());
     }
 
     // Step 2: Format with Prettier
     try {
-      execSync(`cd "${projectDir}" && npx prettier --write .`, { stdio: 'pipe' });
+      execSync('npx prettier --write .', { cwd: projectDir, stdio: 'pipe' });
       console.log('✅ Code formatted with Prettier');
-    } catch {
+    } catch (error) {
       console.warn('⚠️  Prettier formatting encountered issues');
+      if (error.stderr) console.warn(error.stderr.toString());
     }
 
     // Step 3: Validate
     try {
-      execSync(`cd "${projectDir}" && npx eslint .`, { encoding: 'utf8', stdio: 'pipe' });
+      execSync('npx eslint .', { cwd: projectDir, encoding: 'utf8', stdio: 'pipe' });
       console.log('✅ All linting checks passed');
     } catch (error) {
       const stdout = error.stdout || '';

package/lib/features.js

@@ -79,10 +79,13 @@ const addAuth = (projectDir, templatesDir, pkg) => {
   const files = [
     { template: 'controllers/authController.js.ejs', output: `src/controllers/authController.${ext}` },
     { template: 'controllers/userController.js.ejs', output: `src/controllers/userController.${ext}` },
+    { template: 'controllers/adminController.js.ejs', output: `src/controllers/adminController.${ext}` },
     { template: 'middleware/auth.js.ejs', output: `src/middleware/auth.${ext}` },
     { template: 'middleware/validation.js.ejs', output: `src/middleware/validation.${ext}` },
+    { template: 'middleware/rbac.js.ejs', output: `src/middleware/rbac.${ext}` },
     { template: 'routes/authRoutes.js.ejs', output: `src/routes/authRoutes.${ext}` },
     { template: 'routes/userRoutes.js.ejs', output: `src/routes/userRoutes.${ext}` },
+    { template: 'routes/adminRoutes.js.ejs', output: `src/routes/adminRoutes.${ext}` },
     { template: 'services/authService.js.ejs', output: `src/services/authService.${ext}` },
     { template: 'utils/validators.js.ejs', output: `src/utils/validators.${ext}` },
   ];
@@ -93,12 +96,14 @@ const addAuth = (projectDir, templatesDir, pkg) => {
   } else if (config.db === 'mongodb') {
     files.push(
       { template: 'services/userService.mongodb.js.ejs', output: `src/services/userService.${ext}` },
-      { template: 'models/User.mongo.js.ejs', output: `src/models/User.${ext}` }
+      { template: 'models/User.mongo.js.ejs', output: `src/models/User.${ext}` },
+      { template: 'models/index.mongo.js.ejs', output: `src/models/index.${ext}` }
     );
   } else if (config.db === 'postgresql') {
     files.push(
       { template: 'services/userService.postgres.js.ejs', output: `src/services/userService.${ext}` },
-      { template: 'models/User.postgres.js.ejs', output: `src/models/User.${ext}` }
+      { template: 'models/User.postgres.js.ejs', output: `src/models/User.${ext}` },
+      { template: 'models/index.postgres.js.ejs', output: `src/models/index.${ext}` }
     );
   }
 
@@ -109,8 +114,28 @@ const addAuth = (projectDir, templatesDir, pkg) => {
     fs.writeFileSync(outputPath, content);
   }
 
+  // Update routes/index.js
+  const routesIndexPath = path.join(projectDir, `src/routes/index.${ext}`);
+  if (fs.existsSync(routesIndexPath)) {
+    let routesContent = fs.readFileSync(routesIndexPath, 'utf8');
+    
+    // Add imports if not present
+    if (!routesContent.includes('authRoutes')) {
+      const imports = `const authRoutes = require('./authRoutes');\nconst userRoutes = require('./userRoutes');\nconst adminRoutes = require('./adminRoutes');\n`;
+      routesContent = routesContent.replace(/(const express = require\('express'\);)/, `$1\n${imports}`);
+    }
+    
+    // Add routes if not present
+    if (!routesContent.includes('/auth')) {
+      const routes = `router.use('/auth', authRoutes);\nrouter.use('/users', userRoutes);\nrouter.use('/admin', adminRoutes);\n`;
+      routesContent = routesContent.replace(/(const router = express\.Router\(\);)/, `$1\n\n${routes}`);
+    }
+    
+    fs.writeFileSync(routesIndexPath, routesContent);
+  }
+
   // Add auth dependencies
-  const depsToAdd = ['jsonwebtoken', 'bcryptjs', 'validator'];
+  const depsToAdd = ['jsonwebtoken', 'bcryptjs', 'validator', 'zod'];
   const missing = depsToAdd.filter((dep) => !(pkg.dependencies && pkg.dependencies[dep]));
   if (missing.length > 0) {
     console.log(`  Installing: ${missing.join(', ')}`);
@@ -142,13 +167,20 @@ const addWebsocket = (projectDir, templatesDir, pkg) => {
     execSync('npm install socket.io', { cwd: projectDir, stdio: 'pipe' });
   }
 
+  // Update server.js
+  const serverPath = path.join(projectDir, `src/server.${ext}`);
+  if (fs.existsSync(serverPath)) {
+    let serverContent = fs.readFileSync(serverPath, 'utf8');
+    
+    if (!serverContent.includes('setupWebSocket')) {
+      serverContent = serverContent.replace(/(const app = require\('\.\/app'\);)/, `$1\nconst { setupWebSocket } = require('./config/websocket');\nconst http = require('http');`);
+      serverContent = serverContent.replace(/const server = app\.listen\(port, \(\) => \{/, `const httpServer = http.createServer(app);\n    const io = setupWebSocket(httpServer);\n    app.set('io', io);\n\n    const server = httpServer.listen(port, () => {`);
+      fs.writeFileSync(serverPath, serverContent);
+    }
+  }
+
   console.log('  Created src/config/websocket.' + ext);
-  console.log('  ⚠️  Wire setupWebSocket into your server file:');
-  console.log('     const http = require("http");');
-  console.log('     const { setupWebSocket } = require("./config/websocket");');
-  console.log('     const httpServer = http.createServer(app);');
-  console.log('     setupWebSocket(httpServer);');
-  console.log('     httpServer.listen(port);');
+  console.log('  ✅ WebSocket setup injected into src/server.' + ext);
 };
 
 const addPrisma = (projectDir, templatesDir, pkg) => {
@@ -200,9 +232,23 @@ const addPrisma = (projectDir, templatesDir, pkg) => {
     console.log('  ⚠️  Run "npx prisma generate" manually');
   }
 
+  // Update server.js
+  const serverPath = path.join(projectDir, `src/server.${ext}`);
+  if (fs.existsSync(serverPath)) {
+    let serverContent = fs.readFileSync(serverPath, 'utf8');
+    if (!serverContent.includes('db.connect()')) {
+      serverContent = serverContent.replace(/(const app = require\('\.\/app'\);)/, `$1\nconst db = require('./config/database');`);
+      serverContent = serverContent.replace(/(try \{)/, `$1\n    await db.connect();`);
+      serverContent = serverContent.replace(/(server\.close\(async \(\) => \{)/, `$1\n        await db.disconnect();`);
+      fs.writeFileSync(serverPath, serverContent);
+    }
+  }
+
   console.log('  Created prisma/schema.prisma and src/config/database.' + ext);
+  console.log('  ✅ Database connection injected into src/server.' + ext);
   console.log('  ⚠️  Add DATABASE_URL to your .env file');
   console.log('  ⚠️  Run "npx prisma migrate dev --name init" to create tables');
+  console.log('  ⚠️  Update your health check endpoint in src/app.' + ext + ' to check Prisma connection');
 };
 
 const inferConfig = (projectDir, pkg) => {

package/lib/generator.js

@@ -371,11 +371,12 @@ const generateFiles = async (config, projectDir) => {
 const installDependencies = (projectDir) => {
   try {
     console.log('📦 Installing dependencies...');
-    execSync(`cd "${projectDir}" && npm install`, { stdio: 'inherit' });
+    execSync('npm install', { cwd: projectDir, stdio: 'inherit' });
   } catch (error) {
     console.error('Failed to install dependencies:', error.message);
+    if (error.stderr) console.error(error.stderr.toString());
     console.log('Try running "npm install" manually in the project directory');
-    throw error;
+    throw new Error('Failed to install dependencies');
   }
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "express-genix",
-    "version": "4.5.2",
+    "version": "4.6.0",
     "description": "Production-grade CLI to generate Express apps with JWT, RBAC, GraphQL, TypeScript, Prisma, MongoDB, PostgreSQL, file uploads, email, background jobs, and more",
     "main": "index.js",
     "bin": {

package/templates/controllers/authController.js.ejs

@@ -112,20 +112,29 @@ const forgotPassword = async (req, res, next) => {
     const user = await userService.findByEmail(email);
 
     // Always return success to prevent email enumeration
+    const responseMessage = 'If an account with that email exists, a reset link has been sent.';
+    
     if (!user) {
-      return success(res, { message: 'If an account with that email exists, a reset link has been sent.' });
+      return success(res, { message: responseMessage });
     }
 
-    const resetToken = await authService.generateResetToken(email);
+    // Process asynchronously to prevent timing attacks
+    (async () => {
+      try {
+        const resetToken = await authService.generateResetToken(email);
 <% if (hasEmail) { %>
-    await emailService.sendPasswordResetEmail(email, resetToken);
+        await emailService.sendPasswordResetEmail(email, resetToken);
 <% } else { %>
-    // TODO: Send email with reset link
-    // For development, log the token:
-    console.log(`Password reset token for ${email}: ${resetToken}`);
+        // TODO: Send email with reset link
+        // For development, log the token:
+        console.log(`Password reset token for ${email}: ${resetToken}`);
 <% } %>
+      } catch (err) {
+        console.error('Error in forgotPassword background task:', err);
+      }
+    })();
 
-    return success(res, { message: 'If an account with that email exists, a reset link has been sent.' });
+    return success(res, { message: responseMessage });
   } catch (error) {
     next(error);
   }

package/templates/core/env.ejs

@@ -9,10 +9,8 @@ JWT_REFRESH_SECRET=<%= jwtRefreshSecret %>
 JWT_EXPIRE=15m
 JWT_REFRESH_EXPIRE=7d
 <% } %><% if (hasRedis) { %>
-# Redis (token blacklist store)
+# Redis
 REDIS_URL=redis://localhost:6379
-<% } %><% if (hasBackgroundJobs && !hasRedis) { %>
-# Redis (required for BullMQ)
 REDIS_HOST=localhost
 REDIS_PORT=6379
 <% } %><% if (hasEmail) { %>

package/templates/core/env.example.ejs

@@ -9,10 +9,8 @@ JWT_REFRESH_SECRET=CHANGE_ME_generate_a_64_char_hex_secret
 JWT_EXPIRE=15m
 JWT_REFRESH_EXPIRE=7d
 <% } %><% if (hasRedis) { %>
-# Redis (token blacklist store)
+# Redis
 REDIS_URL=redis://localhost:6379
-<% } %><% if (hasBackgroundJobs && !hasRedis) { %>
-# Redis (required for BullMQ)
 REDIS_HOST=localhost
 REDIS_PORT=6379
 <% } %><% if (hasEmail) { %>

package/templates/core/server.js.ejs

@@ -1,7 +1,5 @@
 require('dotenv').config();
 
-const cluster = require('cluster');
-const os = require('os');
 <% if (hasWebsocket) { %>const http = require('http');<% } %>
 const app = require('./app');<% if (hasDatabase) { %>
 const db = require('./config/database');<% } %><% if (hasRedis) { %>
@@ -12,22 +10,9 @@ const { createLogger } = require('./utils/logger');
 
 const logger = createLogger('Server');
 const port = process.env.PORT || 3000;
-const isPrimary = cluster.isPrimary ?? cluster.isMaster;
 
 const startServer = async () => {
-  if (process.env.NODE_ENV === 'production' && isPrimary) {
-    const numCPUs = os.cpus().length;
-    logger.info(`Master ${process.pid} is running, forking ${numCPUs} workers`);
-
-    for (let i = 0; i < numCPUs; i++) {
-      cluster.fork();
-    }
-
-    cluster.on('exit', (worker, code, signal) => {
-      logger.warn(`Worker ${worker.process.pid} died (code: ${code}, signal: ${signal}). Restarting...`);
-      cluster.fork();
-    });
-  } else {<% if (hasDatabase) { %>
+  try {<% if (hasDatabase) { %>
     await db.connect();<% } %><% if (hasRedis) { %>
     await connectRedis();<% } %><% if (hasGraphQL) { %>
     await app.initGraphQL();<% } %><% if (hasBackgroundJobs) { %>
@@ -38,7 +23,7 @@ const startServer = async () => {
     app.set('io', io);
 
     const server = httpServer.listen(port, () => {<% } else { %>    const server = app.listen(port, () => {<% } %>
-      logger.info(`Worker ${process.pid} running on http://localhost:${port}`);
+      logger.info(`Server running on http://localhost:${port}`);
       logger.info(`Environment: ${process.env.NODE_ENV || 'development'}`);
     });
 
@@ -59,10 +44,10 @@ const startServer = async () => {
 
     process.on('SIGTERM', () => shutdown('SIGTERM'));
     process.on('SIGINT', () => shutdown('SIGINT'));
+  } catch (err) {
+    logger.error('Failed to start server', { error: err.message });
+    process.exit(1);
   }
 };
 
-startServer().catch((err) => {
-  logger.error('Failed to start server', { error: err.message });
-  process.exit(1);
-});
+startServer();

package/templates/middleware/errorHandler.js.ejs

@@ -31,6 +31,10 @@ const errorHandler = (err, req, res, next) => {
     const message = err.errors.map((e) => e.message).join(', ');
     error = new AppError(message, 400);
   }
+<% } %><% if (db === 'prisma') { %>
+  if (err.code === 'P2002') {
+    error = new AppError('Duplicate field value entered', 400);
+  }
 <% } %><% if (hasAuth) { %>
   if (err.name === 'JsonWebTokenError') {
     error = new AppError('Invalid token', 401);
@@ -41,9 +45,11 @@ const errorHandler = (err, req, res, next) => {
   }
 <% } %>
 
+  const message = error.isOperational ? error.message : 'Internal Server Error';
+
   res.status(error.statusCode || 500).json({
     success: false,
-    error: error.message || 'Internal Server Error',
+    error: process.env.NODE_ENV === 'development' ? (error.message || 'Internal Server Error') : message,
     ...(process.env.NODE_ENV === 'development' && { stack: err.stack }),
   });
 };

package/templates/middleware/validation.js.ejs

@@ -9,11 +9,11 @@ const { AppError } = require('../utils/errors');
  * Usage:
  *   router.post('/users', validate({ body: createUserSchema }), controller.create);
  */
-const validate = (schemas) => (req, res, next) => {
+const validate = (schemas) => async (req, res, next) => {
   const errors = [];
 
   for (const [source, schema] of Object.entries(schemas)) {
-    const result = schema.safeParse(req[source]);
+    const result = await schema.safeParseAsync(req[source]);
     if (!result.success) {
       result.error.issues.forEach((issue) => {
         errors.push(`${source}.${issue.path.join('.')}: ${issue.message}`);

package/templates/migrations/create-users.js.ejs

@@ -37,7 +37,11 @@ module.exports = {
         type: Sequelize.DATE,
         allowNull: false,
         defaultValue: Sequelize.literal('NOW()'),
-      },
+      },<% if (hasSoftDelete) { %>
+      deletedAt: {
+        type: Sequelize.DATE,
+        allowNull: true,
+      },<% } %>
     });
 
     await queryInterface.addIndex('users', ['email'], { unique: true });

package/templates/services/authService.js.ejs

@@ -4,8 +4,19 @@ const crypto = require('crypto');
 <% } %>
 <% if (!hasRedis) { %>
 // In-memory token blacklist — replace with Redis for production.
-const tokenBlacklist = new Set();
+const tokenBlacklist = new Map(); // token → expiresAt
 const resetTokens = new Map(); // token → { email, expiresAt }
+
+// Periodic cleanup to prevent memory leaks
+setInterval(() => {
+  const now = Date.now();
+  for (const [token, expiresAt] of tokenBlacklist.entries()) {
+    if (expiresAt < now) tokenBlacklist.delete(token);
+  }
+  for (const [hash, entry] of resetTokens.entries()) {
+    if (entry.expiresAt < now) resetTokens.delete(hash);
+  }
+}, 60 * 60 * 1000).unref(); // Run every hour
 <% } %>
 const generateTokens = (user) => {
   const payload = {
@@ -66,10 +77,17 @@ const consumeResetToken = async (token) => {
 };
 <% } else { %>
 const blacklistToken = (token) => {
-  tokenBlacklist.add(token);
+  const decoded = jwt.decode(token);
+  const expiresAt = decoded && decoded.exp ? decoded.exp * 1000 : Date.now() + 86400000;
+  tokenBlacklist.set(token, expiresAt);
 };
 
 const isTokenBlacklisted = (token) => {
+  const expiresAt = tokenBlacklist.get(token);
+  if (expiresAt && expiresAt < Date.now()) {
+    tokenBlacklist.delete(token);
+    return false;
+  }
   return tokenBlacklist.has(token);
 };
 

package/templates/services/userService.prisma.js.ejs

@@ -58,12 +58,13 @@ const findAll = async ({ page = 1, limit = 20 } = {}) => {
   const skip = (page - 1) * limit;
   const [users, total] = await Promise.all([
     prisma.user.findMany({
-      select: { id: true, username: true, email: true, role: true, createdAt: true, updatedAt: true },
+<% if (hasSoftDelete) { %>      where: { deletedAt: null },
+<% } %>      select: { id: true, username: true, email: true, role: true, createdAt: true, updatedAt: true },
       orderBy: { createdAt: 'desc' },
       skip,
       take: limit,
     }),
-    prisma.user.count(),
+    prisma.user.count(<% if (hasSoftDelete) { %>{ where: { deletedAt: null } }<% } %>),
   ]);
   return { users, total, page, totalPages: Math.ceil(total / limit) };
 };

package/lib/ai-cli.js

@@ -1,133 +0,0 @@
-/**
- * AI CLI handler — interprets natural language project descriptions
- * and maps them to express-genix configuration flags.
- *
- * Requires @langchain/openai or @langchain/anthropic to be installed.
- * These are NOT bundled with express-genix to keep the CLI lightweight.
- *
- * Install with: npm install -g @langchain/core @langchain/openai
- */
-
-const SYSTEM_PROMPT = `You are an expert Express.js project configurator for the express-genix CLI tool.
-Given a natural language description of a web application, output a JSON configuration object.
-
-Available options:
-- projectName: string (lowercase, hyphens only, no spaces)
-- language: "javascript" | "typescript"
-- db: "mongodb" | "postgresql" | "prisma" | "none"
-- logger: "winston" | "pino"
-- features: array of feature strings from this list:
-  - "auth" (JWT authentication — requires a database)
-  - "rateLimit" (rate limiting)
-  - "swagger" (Swagger/OpenAPI docs)
-  - "redis" (Redis token blacklist — requires auth)
-  - "docker" (Docker & Docker Compose)
-  - "cicd" (GitHub Actions CI/CD)
-  - "websocket" (WebSocket via Socket.io)
-  - "requestId" (request ID / correlation tracking)
-  - "email" (Nodemailer email service — requires database)
-  - "fileUpload" (Multer file uploads)
-  - "softDelete" (soft deletes — requires database + auth)
-  - "auditLog" (audit logging middleware)
-  - "metrics" (Prometheus metrics)
-  - "apiVersioning" (API versioning /api/v1)
-  - "backgroundJobs" (BullMQ background jobs)
-  - "graphql" (GraphQL via Apollo Server)
-  - "mcp" (MCP Server — exposes API as AI-agent tools)
-  - "ai" (LangChain/LangGraph AI service)
-
-Rules:
-- Always include "auth", "rateLimit", "swagger", "requestId" unless explicitly unwanted
-- Include "docker" for production-ready apps
-- Include "ai" if the description mentions AI, chatbot, LLM, or intelligence
-- Include "mcp" if the description mentions AI agents, tools, or MCP
-- Choose "prisma" for modern stacks, "mongodb" for documents, "postgresql" for relational
-- Infer a short kebab-case project name from the description
-- Output ONLY valid JSON. No explanation, no markdown fences.`;
-
-const runAiCommand = async (description) => {
-  // Check for API key
-  const hasOpenAI = !!process.env.OPENAI_API_KEY;
-  const hasAnthropic = !!process.env.ANTHROPIC_API_KEY;
-  const hasGemini = !!process.env.GOOGLE_API_KEY;
-
-  if (!hasOpenAI && !hasAnthropic && !hasGemini) {
-    console.error('❌ The AI command requires an API key.');
-    console.error('   Set one of these environment variables:');
-    console.error('     export OPENAI_API_KEY=sk-...');
-    console.error('     export ANTHROPIC_API_KEY=sk-ant-...');
-    console.error('     export GOOGLE_API_KEY=AI...');
-    process.exit(1);
-  }
-
-  // Try to load LangChain (not bundled — must be installed separately)
-  let ChatModel;
-  try {
-    if (hasGemini) {
-      const { ChatGoogleGenerativeAI } = require('@langchain/google-genai');
-      ChatModel = new ChatGoogleGenerativeAI({
-        model: 'gemini-2.0-flash',
-        maxOutputTokens: 1024,
-        apiKey: process.env.GOOGLE_API_KEY,
-      });
-    } else if (hasAnthropic) {
-      const { ChatAnthropic } = require('@langchain/anthropic');
-      ChatModel = new ChatAnthropic({
-        modelName: 'claude-sonnet-4-20250514',
-        maxTokens: 1024,
-        anthropicApiKey: process.env.ANTHROPIC_API_KEY,
-      });
-    } else {
-      const { ChatOpenAI } = require('@langchain/openai');
-      ChatModel = new ChatOpenAI({
-        modelName: 'gpt-4o-mini',
-        maxTokens: 1024,
-        openAIApiKey: process.env.OPENAI_API_KEY,
-      });
-    }
-  } catch {
-    console.error('❌ LangChain packages not found.');
-    console.error('   Install them globally to use the AI command:');
-    console.error('     npm install -g @langchain/core @langchain/openai @langchain/anthropic @langchain/google-genai');
-    process.exit(1);
-  }
-
-  const { HumanMessage, SystemMessage } = require('@langchain/core/messages');
-
-  console.log('🤖 Analyzing your description...\n');
-
-  const response = await ChatModel.invoke([
-    new SystemMessage(SYSTEM_PROMPT),
-    new HumanMessage(description),
-  ]);
-
-  let config;
-  try {
-    const jsonMatch = response.content.match(/\{[\s\S]*\}/);
-    if (!jsonMatch) throw new Error('No JSON found in response');
-    config = JSON.parse(jsonMatch[0]);
-  } catch {
-    console.error('❌ Could not parse AI response. Try a clearer description.');
-    console.error('   Raw output:', response.content);
-    process.exit(1);
-  }
-
-  // Validate required fields
-  if (!config.projectName || !config.language || !config.db) {
-    console.error('❌ AI response missing required fields. Try again.');
-    process.exit(1);
-  }
-
-  // Display interpreted config
-  console.log('📋 Interpreted configuration:\n');
-  console.log(`   Project:    ${config.projectName}`);
-  console.log(`   Language:   ${config.language}`);
-  console.log(`   Database:   ${config.db}`);
-  console.log(`   Logger:     ${config.logger || 'winston'}`);
-  console.log(`   Features:   ${(config.features || []).join(', ') || 'base'}`);
-  console.log('');
-
-  return config;
-};
-
-module.exports = { runAiCommand };

package/templates/agents/graph.js.ejs

@@ -1,84 +0,0 @@
-const { createReactAgent } = require('@langchain/langgraph/prebuilt');
-const { tool } = require('@langchain/core/tools');
-const { HumanMessage } = require('@langchain/core/messages');
-const { z } = require('zod');
-const { getModel } = require('../config/ai');
-
-// --- Built-in Tools ---
-
-const currentTimeTool = tool(
-  async () => new Date().toISOString(),
-  {
-    name: 'current_time',
-    description: 'Get the current date and time in ISO 8601 format',
-    schema: z.object({}),
-  }
-);
-
-const calculatorTool = tool(
-  async ({ expression }) => {
-    // Only allow digits and math operators — no code injection possible
-    const sanitized = expression.replace(/[^0-9+\-*/().%\s]/g, '');
-    if (sanitized !== expression.trim()) {
-      return 'Error: Expression contains invalid characters. Use only numbers and +, -, *, /, (, ), %';
-    }
-    try {
-      const result = new Function(`"use strict"; return (${sanitized})`)();
-      if (!isFinite(result)) return 'Error: Result is not a finite number';
-      return String(result);
-    } catch {
-      return 'Error: Could not evaluate expression';
-    }
-  },
-  {
-    name: 'calculator',
-    description: 'Evaluate a mathematical expression using standard operators: +, -, *, /, %',
-    schema: z.object({
-      expression: z.string().describe('Math expression, e.g. "2 + 3 * 4"'),
-    }),
-  }
-);
-
-/**
- * Create a LangGraph ReAct agent with tool-calling capabilities.
- *
- * @param {Object} options
- * @param {Array}  options.tools - Additional @langchain/core tools to register
- * @param {string} options.systemPrompt - System instruction for the agent
- * @param {string} options.model - Model name override
- */
-const createAgent = (options = {}) => {
-  const tools = [
-    currentTimeTool,
-    calculatorTool,
-    ...(options.tools || []),
-  ];
-
-  const model = getModel(options);
-
-  return createReactAgent({
-    llm: model,
-    tools,
-    messageModifier: options.systemPrompt || 'You are a helpful assistant. Use the provided tools when needed to answer questions accurately.',
-  });
-};
-
-/**
- * Run the agent with a single message and return the final response.
- */
-const runAgent = async (message, options = {}) => {
-  const agent = createAgent(options);
-
-  const result = await agent.invoke({
-    messages: [new HumanMessage(message)],
-  });
-
-  const lastMessage = result.messages[result.messages.length - 1];
-
-  return {
-    content: lastMessage.content,
-    steps: result.messages.length,
-  };
-};
-
-module.exports = { createAgent, runAgent, currentTimeTool, calculatorTool };

package/templates/config/ai.js.ejs

@@ -1,47 +0,0 @@
-<% if (aiProvider === 'openai') { %>
-const { ChatOpenAI } = require('@langchain/openai');
-<% } else if (aiProvider === 'anthropic') { %>
-const { ChatAnthropic } = require('@langchain/anthropic');
-<% } else if (aiProvider === 'gemini') { %>
-const { ChatGoogleGenerativeAI } = require('@langchain/google-genai');
-<% } else if (aiProvider === 'ollama') { %>
-const { ChatOllama } = require('@langchain/ollama');
-<% } %>
-
-/**
- * Create a LangChain chat model based on the configured provider.
- */
-const getModel = (options = {}) => {
-  const temperature = options.temperature ?? parseFloat(process.env.AI_TEMPERATURE || '0.7');
-  const maxTokens = options.maxTokens ?? parseInt(process.env.AI_MAX_TOKENS || '2048', 10);
-<% if (aiProvider === 'openai') { %>
-  return new ChatOpenAI({
-    modelName: options.model || process.env.AI_MODEL || 'gpt-4o-mini',
-    temperature,
-    maxTokens,
-    openAIApiKey: process.env.OPENAI_API_KEY,
-  });
-<% } else if (aiProvider === 'anthropic') { %>
-  return new ChatAnthropic({
-    modelName: options.model || process.env.AI_MODEL || 'claude-sonnet-4-20250514',
-    temperature,
-    maxTokens,
-    anthropicApiKey: process.env.ANTHROPIC_API_KEY,
-  });
-<% } else if (aiProvider === 'gemini') { %>
-  return new ChatGoogleGenerativeAI({
-    model: options.model || process.env.AI_MODEL || 'gemini-2.0-flash',
-    temperature,
-    maxOutputTokens: maxTokens,
-    apiKey: process.env.GOOGLE_API_KEY,
-  });
-<% } else if (aiProvider === 'ollama') { %>
-  return new ChatOllama({
-    model: options.model || process.env.AI_MODEL || 'llama3',
-    temperature,
-    baseUrl: process.env.OLLAMA_BASE_URL || 'http://localhost:11434',
-  });
-<% } %>
-};
-
-module.exports = { getModel };

package/templates/controllers/aiController.js.ejs

@@ -1,100 +0,0 @@
-const aiService = require('../services/aiService');
-const { runAgent } = require('../agents/graph');
-const { success, error } = require('../utils/response');
-
-/**
- * POST /ai/chat — Send a message, get a complete AI response.
- */
-const chatHandler = async (req, res, next) => {
-  try {
-    const { message, systemPrompt, history, model, temperature, maxTokens } = req.body;
-
-    if (!message) {
-      return error(res, 'Message is required', 400);
-    }
-
-    const result = await aiService.chat(message, {
-      systemPrompt,
-      history,
-      model,
-      temperature,
-      maxTokens,
-    });
-
-    return success(res, result);
-  } catch (err) {
-    next(err);
-  }
-};
-
-/**
- * POST /ai/stream — Stream an AI response via Server-Sent Events.
- */
-const streamHandler = async (req, res, next) => {
-  try {
-    const { message, systemPrompt, history, model, temperature, maxTokens } = req.body;
-
-    if (!message) {
-      return error(res, 'Message is required', 400);
-    }
-
-    res.setHeader('Content-Type', 'text/event-stream');
-    res.setHeader('Cache-Control', 'no-cache');
-    res.setHeader('Connection', 'keep-alive');
-
-    const generator = aiService.stream(message, {
-      systemPrompt,
-      history,
-      model,
-      temperature,
-      maxTokens,
-    });
-
-    for await (const chunk of generator) {
-      res.write(`data: ${JSON.stringify({ content: chunk })}\n\n`);
-    }
-
-    res.write('data: [DONE]\n\n');
-    res.end();
-  } catch (err) {
-    next(err);
-  }
-};
-
-/**
- * POST /ai/chain — Run a prompt template chain with variables.
- */
-const chainHandler = async (req, res, next) => {
-  try {
-    const { template, variables, model } = req.body;
-
-    if (!template) {
-      return error(res, 'Template is required', 400);
-    }
-
-    const result = await aiService.chain(template, variables || {}, { model });
-    return success(res, { content: result });
-  } catch (err) {
-    next(err);
-  }
-};
-
-/**
- * POST /ai/agent — Run the LangGraph ReAct agent.
- */
-const agentHandler = async (req, res, next) => {
-  try {
-    const { message, systemPrompt, model } = req.body;
-
-    if (!message) {
-      return error(res, 'Message is required', 400);
-    }
-
-    const result = await runAgent(message, { systemPrompt, model });
-    return success(res, result);
-  } catch (err) {
-    next(err);
-  }
-};
-
-module.exports = { chatHandler, streamHandler, chainHandler, agentHandler };

package/templates/routes/aiRoutes.js.ejs

@@ -1,117 +0,0 @@
-const express = require('express');
-const { chatHandler, streamHandler, chainHandler, agentHandler } = require('../controllers/aiController');
-
-const router = express.Router();
-
-/**
- * @swagger
- * <% if (hasApiVersioning) { %>/v1<% } %>/ai/chat:
- *   post:
- *     summary: Send a chat message to the AI
- *     tags: [AI]
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             required: [message]
- *             properties:
- *               message:
- *                 type: string
- *                 example: "What is Node.js?"
- *               systemPrompt:
- *                 type: string
- *                 example: "You are a helpful coding assistant."
- *               history:
- *                 type: array
- *                 items:
- *                   type: object
- *                   properties:
- *                     role:
- *                       type: string
- *                       enum: [user, assistant]
- *                     content:
- *                       type: string
- *               model:
- *                 type: string
- *     responses:
- *       200:
- *         description: AI response
- */
-router.post('/chat', chatHandler);
-
-/**
- * @swagger
- * <% if (hasApiVersioning) { %>/v1<% } %>/ai/stream:
- *   post:
- *     summary: Stream an AI response via Server-Sent Events
- *     tags: [AI]
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             required: [message]
- *             properties:
- *               message:
- *                 type: string
- *     responses:
- *       200:
- *         description: SSE stream of AI response chunks
- */
-router.post('/stream', streamHandler);
-
-/**
- * @swagger
- * <% if (hasApiVersioning) { %>/v1<% } %>/ai/chain:
- *   post:
- *     summary: Run a prompt template chain with variable substitution
- *     tags: [AI]
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             required: [template]
- *             properties:
- *               template:
- *                 type: string
- *                 example: "Summarize the following text: {text}"
- *               variables:
- *                 type: object
- *                 example: { "text": "Node.js is a JavaScript runtime..." }
- *     responses:
- *       200:
- *         description: Chain result
- */
-router.post('/chain', chainHandler);
-
-/**
- * @swagger
- * <% if (hasApiVersioning) { %>/v1<% } %>/ai/agent:
- *   post:
- *     summary: Run the LangGraph ReAct agent with tool calling
- *     tags: [AI]
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             required: [message]
- *             properties:
- *               message:
- *                 type: string
- *                 example: "What time is it right now?"
- *               systemPrompt:
- *                 type: string
- *     responses:
- *       200:
- *         description: Agent response with tool-use steps
- */
-router.post('/agent', agentHandler);
-
-module.exports = router;

package/templates/services/aiService.js.ejs

@@ -1,80 +0,0 @@
-const { getModel } = require('../config/ai');
-const { HumanMessage, SystemMessage, AIMessage } = require('@langchain/core/messages');
-const { StringOutputParser } = require('@langchain/core/output_parsers');
-const { ChatPromptTemplate } = require('@langchain/core/prompts');
-const { logger } = require('../utils/logger');
-
-const DEFAULT_SYSTEM_PROMPT = 'You are a helpful AI assistant.';
-
-/**
- * Send a chat message and get a complete response.
- */
-const chat = async (message, options = {}) => {
-  const model = getModel(options);
-  const messages = [
-    new SystemMessage(options.systemPrompt || DEFAULT_SYSTEM_PROMPT),
-  ];
-
-  if (Array.isArray(options.history)) {
-    for (const msg of options.history) {
-      if (msg.role === 'user') messages.push(new HumanMessage(msg.content));
-      else if (msg.role === 'assistant') messages.push(new AIMessage(msg.content));
-    }
-  }
-
-  messages.push(new HumanMessage(message));
-
-  const response = await model.invoke(messages);
-
-  logger.info('AI chat completed', {
-    provider: process.env.AI_PROVIDER,
-  });
-
-  return {
-    content: response.content,
-    model: response.response_metadata?.model || 'unknown',
-    usage: response.usage_metadata || null,
-  };
-};
-
-/**
- * Stream a chat response. Returns an async generator yielding text chunks.
- */
-const stream = async function* (message, options = {}) {
-  const model = getModel(options);
-  const messages = [
-    new SystemMessage(options.systemPrompt || DEFAULT_SYSTEM_PROMPT),
-  ];
-
-  if (Array.isArray(options.history)) {
-    for (const msg of options.history) {
-      if (msg.role === 'user') messages.push(new HumanMessage(msg.content));
-      else if (msg.role === 'assistant') messages.push(new AIMessage(msg.content));
-    }
-  }
-
-  messages.push(new HumanMessage(message));
-
-  const streamResponse = await model.stream(messages);
-
-  for await (const chunk of streamResponse) {
-    if (chunk.content) {
-      yield chunk.content;
-    }
-  }
-};
-
-/**
- * Run a prompt template chain with variable substitution.
- */
-const chain = async (template, variables = {}, options = {}) => {
-  const model = getModel(options);
-  const prompt = ChatPromptTemplate.fromTemplate(template);
-  const outputParser = new StringOutputParser();
-  const pipeline = prompt.pipe(model).pipe(outputParser);
-
-  const result = await pipeline.invoke(variables);
-  return result;
-};
-
-module.exports = { chat, stream, chain };