npm - go-duck-cli - Versions diffs - 1.2.25 → 1.3.2 - Mend

go-duck-cli 1.2.25 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/README.md CHANGED Viewed

@@ -120,6 +120,12 @@ Follow these four steps to get a generated microservice running locally and in K
 Follow these steps to create and run a new microservice with GO-DUCK:
+```bash
+# 0. Design your schema visually (Optional)
+go-duck gdl-planner -p 8000
+```
+This launches a browser-based drag-and-drop canvas at `http://localhost:8000` where you can visually design your entities, relationships, nested BSON objects, and Enums, and then export it directly into a `.gdl` file!
 ```bash
 # 1. Create a new microservice
 go-duck create -o ./my-app -c config.yaml

package/generators/ai_docs.js CHANGED Viewed

@@ -43,6 +43,12 @@ export const generateAIDocs = async (config, entities, outputDir, enums, openEnt
     archContent += `- **Elasticsearch Sync**: ${config.search?.elasticsearch?.enabled ? 'Enabled (via @Searchable)' : 'Disabled'}\n`;
     archContent += `- **OpenTelemetry**: ${config.telemetry?.otel?.enabled ? 'Enabled' : 'Disabled'}\n`;
+    archContent += `\n## Deployment (Kubernetes)\n`;
+    archContent += `- **Network Isolation**: Strict per-service isolated namespaces (e.g., \`[shortName]-[service]-k8s\`).\n`;
+    archContent += `- **Internal Routing**: Services communicate via explicit Fully Qualified Domain Names (FQDN).\n`;
+    archContent += `- **External Exposure**: Infrastructure services are exposed via explicit NodePort mappings (Range: 30000+).\n`;
+    archContent += `- **Self-Contained Manifests**: All manifests inject their own \`kind: Namespace\` block for auto-provisioning.\n`;
     await fs.writeFile(path.join(aiDocsDir, 'ARCHITECTURE.md'), archContent);
     // 2. ENDPOINTS.md

package/generators/config.js CHANGED Viewed

@@ -2,7 +2,7 @@ import fs from 'fs-extra';
 import path from 'path';
 import chalk from 'chalk';
-export const generateConfigLoader = async (outputDir) => {
+export const generateConfigLoader = async (outputDir, configObj) => {
 	const configDir = path.join(outputDir, 'config');
 	await fs.ensureDir(configDir);
@@ -28,6 +28,7 @@ type Config struct {
 			REST struct {
 				Port     int    \`mapstructure:"port"\`
 				Protocol string \`mapstructure:"protocol"\`
+				ApiPathPrefix string \`mapstructure:"api-path-prefix"\`
 			} \`mapstructure:"rest"\`
 			GRPC struct {
 				Addr       string        \`mapstructure:"addr"\`
@@ -242,6 +243,7 @@ func LoadConfig() (*Config, error) {
 	// Default values
 	v.SetDefault("go-duck.server.rest.port", 8080)
 	v.SetDefault("go-duck.server.rest.protocol", "json")
+	v.SetDefault("go-duck.server.rest.api-path-prefix", "/${configObj.name || 'api'}/api")
 	v.SetDefault("go-duck.security.rate-limit.rps", 100.0)
 	v.SetDefault("go-duck.security.rate-limit.burst", 200)
 	v.SetDefault("go-duck.logging.datadog.enabled", false)

package/generators/devops.js CHANGED Viewed

@@ -14,6 +14,8 @@ export const generateDeploymentArtifacts = async (config, projectRootDir) => {
     await fs.ensureDir(githubDir);
     const appName = config.name || 'go-duck';
+    const parts = appName.split(/[-_]/);
+    const shortName = (parts.length > 1 ? parts.map(w => w[0]).join('') : appName).substring(0, 10).toLowerCase() || 'goduck';
     const appPort = config.server?.port || 8080;
     const keycloakHost = config.security?.['keycloak-host'] || 'http://localhost:8180';
     const keycloakPort = keycloakHost.includes(':') ? keycloakHost.split(':').pop() : '8080';
@@ -117,6 +119,7 @@ services:
   mosquitto:
     image: eclipse-mosquitto:2.0.18
     container_name: ${appName}-mqtt
+    command: ["sh", "-c", "mosquitto_passwd -c -b /tmp/mosquitto_passwd ${config.messaging?.mqtt?.username || 'dev_user'} ${config.messaging?.mqtt?.password || 'dev_password'} && chown 1883:1883 /tmp/mosquitto_passwd && exec /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf"]
     ports:
       - "${mqttPort}:1883"
       - "9001:9001"
@@ -269,7 +272,8 @@ networks:
 listener 1883
 listener 9001
 protocol websockets
-allow_anonymous true
+allow_anonymous false
+password_file /tmp/mosquitto_passwd
 `;
     // --- 6. GitHub Actions CI/CD ---
@@ -454,7 +458,7 @@ spec:
             - name: GO_DUCK_SERVER_REST_PORT
               value: "${appPort}"
             - name: GO_DUCK_DATASOURCE_HOST
-              value: postgres
+              value: postgres.${shortName}-postgres-k8s.svc.cluster.local
             - name: GO_DUCK_DATASOURCE_USERNAME
               value: "${config.datasource?.username || 'postgres'}"
             - name: GO_DUCK_DATASOURCE_PASSWORD
@@ -464,17 +468,17 @@ spec:
             - name: GO_DUCK_DATASOURCE_PORT
               value: "5432"
             - name: GO_DUCK_CACHE_REDIS_HOST
-              value: redis:6379
+              value: redis.${shortName}-redis-k8s.svc.cluster.local:6379
             - name: GO_DUCK_MESSAGING_MQTT_BROKER
-              value: tcp://mosquitto:1883
+              value: tcp://mosquitto.${shortName}-mosquitto-k8s.svc.cluster.local:1883
             - name: GO_DUCK_MESSAGING_NATS_URL
-              value: nats://nats:4222
+              value: nats://nats.${shortName}-nats-k8s.svc.cluster.local:4222
             - name: GO_DUCK_TELEMETRY_OTEL_ENDPOINT
-              value: otel-collector:4317
+              value: otel-collector.${shortName}-otel-collector-k8s.svc.cluster.local:4317
             - name: GO_DUCK_ELASTICSEARCH_ADDRESSES
-              value: http://elasticsearch:9200
+              value: http://elasticsearch.${shortName}-elasticsearch-k8s.svc.cluster.local:9200
             - name: GO_DUCK_SECURITY_KEYCLOAK_HOST
-              value: http://keycloak:8080
+              value: http://keycloak.${shortName}-keycloak-k8s.svc.cluster.local:8080
           ports:
             - name: http
               containerPort: ${appPort}
@@ -486,13 +490,16 @@ kind: Service
 metadata:
   name: ${appName}
 spec:
+  type: NodePort
   ports:
     - name: http
       port: ${appPort}
       targetPort: http
+      nodePort: 30080
     - name: grpc
       port: 9000
       targetPort: grpc
+      nodePort: 30090
   selector:
     app: ${appName}
 `;
@@ -549,8 +556,10 @@ kind: Service
 metadata:
   name: postgres
 spec:
+  type: NodePort
   ports:
     - port: 5432
+      nodePort: 30432
   selector:
     app: postgres
 `;
@@ -582,8 +591,10 @@ kind: Service
 metadata:
   name: redis
 spec:
+  type: NodePort
   ports:
     - port: 6379
+      nodePort: 30379
   selector:
     app: redis
 `;
@@ -615,8 +626,10 @@ kind: Service
 metadata:
   name: nats
 spec:
+  type: NodePort
   ports:
     - port: 4222
+      nodePort: 30222
   selector:
     app: nats
 `;
@@ -630,7 +643,8 @@ data:
     listener 1883
     listener 9001
     protocol websockets
-    allow_anonymous true
+    allow_anonymous false
+    password_file /tmp/mosquitto_passwd
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -651,6 +665,7 @@ spec:
       containers:
         - name: mosquitto
           image: eclipse-mosquitto:2.0.18
+          command: ["sh", "-c", "mosquitto_passwd -c -b /tmp/mosquitto_passwd ${config.messaging?.mqtt?.username || 'dev_user'} ${config.messaging?.mqtt?.password || 'dev_password'} && chown 1883:1883 /tmp/mosquitto_passwd && exec /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf"]
           ports:
             - containerPort: 1883
             - containerPort: 9001
@@ -668,11 +683,14 @@ kind: Service
 metadata:
   name: mosquitto
 spec:
+  type: NodePort
   ports:
     - name: mqtt
       port: 1883
+      nodePort: 31883
     - name: ws
       port: 9001
+      nodePort: 30001
   selector:
     app: mosquitto
 `;
@@ -711,8 +729,10 @@ kind: Service
 metadata:
   name: elasticsearch
 spec:
+  type: NodePort
   ports:
     - port: 9200
+      nodePort: 30200
   selector:
     app: elasticsearch
 `;
@@ -748,11 +768,14 @@ kind: Service
 metadata:
   name: jaeger
 spec:
+  type: NodePort
   ports:
     - name: ui
       port: 16686
+      nodePort: 30686
     - name: otlp-grpc
       port: 4317
+      nodePort: 30317
   selector:
     app: jaeger
 `;
@@ -824,11 +847,14 @@ kind: Service
 metadata:
   name: otel-collector
 spec:
+  type: NodePort
   ports:
     - name: otlp-grpc
       port: 4317
+      nodePort: 30317
     - name: otlp-http
       port: 4318
+      nodePort: 30318
   selector:
     app: otel-collector
 `;
@@ -890,8 +916,10 @@ kind: Service
 metadata:
   name: keycloak
 spec:
+  type: NodePort
   ports:
     - port: 8080
+      nodePort: 30880
   selector:
     app: keycloak
 `;
@@ -909,17 +937,33 @@ spec:
     await fs.writeFile(path.join(devopsDir, 'app.yml'), appYaml);
     await fs.writeFile(path.join(devopsDir, 'docker-compose.yml'), dockerCompose);
     await fs.writeFile(path.join(k8sDir, 'mosquitto.conf'), mosquittoConf);
+    // Namespace calculation: unique namespace per service
+    const applyNs = (yamlString, serviceName) => {
+        const nsName = `${shortName}-${serviceName}-k8s`;
+        const nsBlock = `apiVersion: v1\nkind: Namespace\nmetadata:\n  name: ${nsName}\n---\n`;
+        return nsBlock + yamlString.replace(/^metadata:$/gm, `metadata:\n  namespace: ${nsName}`);
+    };
+    const servicesList = ['app', 'postgres', 'redis', 'nats', 'mosquitto', 'elasticsearch', 'jaeger', 'otel-collector', 'keycloak'];
+    if (config.datasource?.mongodb?.enabled) servicesList.push('mongodb');
+    // We conditionally add minio if storage is enabled (or any blob provider), but for safety we'll just generate its namespace always.
+    servicesList.push('minio');
+    const k8sNamespaceYaml = servicesList.map(svc => `apiVersion: v1\nkind: Namespace\nmetadata:\n  name: ${shortName}-${svc}-k8s`).join('\n---\n');
+    await fs.writeFile(path.join(k8sDir, 'namespace.yaml'), k8sNamespaceYaml);
     // Write Kubernetes manifest assets
-    await fs.writeFile(path.join(k8sDir, 'app.yaml'), k8sAppYaml);
-    await fs.writeFile(path.join(k8sDir, 'postgres.yaml'), k8sPostgresYaml);
-    await fs.writeFile(path.join(k8sDir, 'redis.yaml'), k8sRedisYaml);
-    await fs.writeFile(path.join(k8sDir, 'nats.yaml'), k8sNatsYaml);
-    await fs.writeFile(path.join(k8sDir, 'mosquitto.yaml'), k8sMosquittoYaml);
-    await fs.writeFile(path.join(k8sDir, 'elasticsearch.yaml'), k8sElasticsearchYaml);
-    await fs.writeFile(path.join(k8sDir, 'jaeger.yaml'), k8sJaegerYaml);
-    await fs.writeFile(path.join(k8sDir, 'otel-collector-k8s.yaml'), k8sOtelCollectorYaml);
-    await fs.writeFile(path.join(k8sDir, 'keycloak.yaml'), k8sKeycloakYaml);
+    await fs.writeFile(path.join(k8sDir, 'app.yaml'), applyNs(k8sAppYaml, 'app'));
+    await fs.writeFile(path.join(k8sDir, 'postgres.yaml'), applyNs(k8sPostgresYaml, 'postgres'));
+    await fs.writeFile(path.join(k8sDir, 'redis.yaml'), applyNs(k8sRedisYaml, 'redis'));
+    await fs.writeFile(path.join(k8sDir, 'nats.yaml'), applyNs(k8sNatsYaml, 'nats'));
+    await fs.writeFile(path.join(k8sDir, 'mosquitto.yaml'), applyNs(k8sMosquittoYaml, 'mosquitto'));
+    await fs.writeFile(path.join(k8sDir, 'elasticsearch.yaml'), applyNs(k8sElasticsearchYaml, 'elasticsearch'));
+    await fs.writeFile(path.join(k8sDir, 'jaeger.yaml'), applyNs(k8sJaegerYaml, 'jaeger'));
+    await fs.writeFile(path.join(k8sDir, 'otel-collector-k8s.yaml'), applyNs(k8sOtelCollectorYaml, 'otel-collector'));
+    await fs.writeFile(path.join(k8sDir, 'keycloak.yaml'), applyNs(k8sKeycloakYaml, 'keycloak'));
     // Additional optional services manifests
     const k8sMongoYaml = `apiVersion: apps/v1
@@ -949,8 +993,10 @@ kind: Service
 metadata:
   name: mongodb
 spec:
+  type: NodePort
   ports:
     - port: 27017
+      nodePort: 30017
   selector:
     app: mongodb`;
     const k8sMinioYaml = `apiVersion: apps/v1
@@ -988,12 +1034,14 @@ kind: Service
 metadata:
   name: minio
 spec:
+  type: NodePort
   ports:
     - port: 9000
+      nodePort: 30900
   selector:
     app: minio`;
-    await fs.writeFile(path.join(k8sDir, 'mongodb.yaml'), k8sMongoYaml);
-    await fs.writeFile(path.join(k8sDir, 'minio.yaml'), k8sMinioYaml);
+    await fs.writeFile(path.join(k8sDir, 'mongodb.yaml'), applyNs(k8sMongoYaml, 'mongodb'));
+    await fs.writeFile(path.join(k8sDir, 'minio.yaml'), applyNs(k8sMinioYaml, 'minio'));
     await fs.writeFile(path.join(githubDir, 'ci.yml'), ciWorkflow);
     await fs.writeFile(path.join(githubDir, 'cd.yml'), cdWorkflow);

package/generators/security.js CHANGED Viewed

@@ -21,7 +21,7 @@ import (
 	"time"
 	"github.com/gin-gonic/gin"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"{{app_name}}/config"
 )
@@ -164,7 +164,7 @@ func JWTMiddleware() gin.HandlerFunc {
 				return nil, fmt.Errorf("missing kid header")
 			}
 			return GetPublicKeyByKid(kid, config.GetConfig())
-		})
+		}, jwt.WithLeeway(10*time.Second))
 		if err != nil || !token.Valid {
 			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid or expired token"})