kybernus 2.4.0 → 3.0.0

package/README.md

@@ -1,11 +1,11 @@
-# Kybernus CLI 🚀
+# Kybernus CLI - 3.0.0 🚀
 
+**Make sure you always have the most updated version**
 **The Ultimate Backend Scaffolding Tool for Modern Developers.**
 
 Build production-ready applications in minutes. Kybernus generates robust, scalable backend projects with industry best practices built-in.
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![Discord](https://img.shields.io/discord/1234567890?color=5865F2&label=discord&logo=discord&logoColor=white)](https://discord.gg/u5ANEpAAhT)
 
 ---
 
@@ -37,14 +37,19 @@ All stacks and architectures are **100% FREE** and Open Source.
 | **Java Spring Boot** | MVC, Clean, Hexagonal |
 | **NestJS** | MVC, Clean, Hexagonal |
 | **Python FastAPI** | MVC, Clean, Hexagonal |
+| **n8n Automation Engine** | Default, AI Assistant, CRM Tracker, System Monitor |
 
 ---
 
 ## Commands
 
-```bash
-kybernus init       # Generate a new project
-```
+| Command | Description | Standalone Support |
+|:---|:---|:---:|
+| `kybernus init` | Generate a new backend project from scratch | - |
+| `kybernus add` | Add features (Redis, Swagger, Websocket, Husky - stack dependent) | ✅ |
+| `kybernus auth` | Add complete JWT Authentication logic | ✅ |
+| `kybernus deploy` | Generate deployment configs (Vercel, Railway, etc.) | ✅ |
+| `kybernus doctor` | Check your environment for required tools | ✅ |
 
 ---
 
@@ -99,8 +104,12 @@ kybernus init
 ## What's Included
 
 ### 100% Free & Open Source
-- **All stacks** including NestJS and FastAPI
+- **All backend stacks** including NestJS, FastAPI and Spring Boot
+- **n8n Enterprise Automation Engine** with templates
 - **Clean & Hexagonal Architecture** patterns
+- **Kybernus Add**: Inject features like Redis, Websocket and Swagger into any project
+- **Kybernus Auth**: Complete Authentication boilerplate (MVC/Clean)
+- **Kybernus Deploy**: Configs for Vercel, Railway, Fly.io and Render
 - **Docker & docker-compose** configurations
 - **CI/CD pipelines** (GitHub Actions)
 - **Terraform** infrastructure configs

package/add-features/auth/java-spring/AuthController.java

@@ -0,0 +1,54 @@
+package com.example.auth;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.Map;
+
+@RestController
+@RequestMapping("/auth")
+public class AuthController {
+
+    private final AuthService authService;
+
+    public AuthController(AuthService authService) {
+        this.authService = authService;
+    }
+
+    @PostMapping("/register")
+    public ResponseEntity<?> register(@RequestBody RegisterRequest request) {
+        try {
+            Map<String, Object> response = authService.register(request.getEmail(), request.getPassword());
+            return ResponseEntity.status(HttpStatus.CREATED).body(response);
+        } catch (IllegalArgumentException e) {
+            return ResponseEntity.status(HttpStatus.CONFLICT).body(Map.of("error", e.getMessage()));
+        }
+    }
+
+    @PostMapping("/login")
+    public ResponseEntity<?> login(@RequestBody LoginRequest request) {
+        try {
+            Map<String, String> response = authService.login(request.getEmail(), request.getPassword());
+            return ResponseEntity.ok(response);
+        } catch (IllegalArgumentException e) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(Map.of("error", e.getMessage()));
+        }
+    }
+
+    @GetMapping("/me")
+    public ResponseEntity<?> getProfile(Authentication authentication) {
+        if (authentication == null) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(Map.of("error", "Not authenticated"));
+        }
+        
+        String userId = (String) authentication.getPrincipal();
+        try {
+            Map<String, Object> profile = authService.getUserProfile(userId);
+            return ResponseEntity.ok(profile);
+        } catch (IllegalArgumentException e) {
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).body(Map.of("error", e.getMessage()));
+        }
+    }
+}

package/add-features/auth/java-spring/AuthService.java

@@ -0,0 +1,85 @@
+package com.example.auth;
+
+import com.example.security.JwtUtil;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.util.*;
+
+// ==========================================
+// 🚨 TODO: DATABASE INTEGRATION REQUIRED 🚨
+// ==========================================
+// This service currently uses an IN-MEMORY list to store users.
+// You MUST replace the "mockDb" logic below with your Spring Data JPA Repository.
+//
+// EXAMPLE WITH JPA:
+// 1. Inject UserRepository: 
+//    public AuthService(UserRepository userRepository, PasswordEncoder passwordEncoder, JwtUtil jwtUtil) { ... }
+// 2. Register: userRepository.save(new User(email, passwordEncoder.encode(password)));
+// 3. Login: userRepository.findByEmail(email).orElseThrow(...);
+// ==========================================
+
+@Service
+public class AuthService {
+
+    private final PasswordEncoder passwordEncoder;
+    private final JwtUtil jwtUtil;
+
+    // 🚨 REPLACE THIS WITH REAL DB CALLS (e.g., UserRepository) 🚨
+    private final List<Map<String, String>> mockDb = new ArrayList<>();
+
+    public AuthService(PasswordEncoder passwordEncoder, JwtUtil jwtUtil) {
+        this.passwordEncoder = passwordEncoder;
+        this.jwtUtil = jwtUtil;
+    }
+
+    public Map<String, Object> register(String email, String password) {
+        // 🚨 TODO: Check real DB
+        boolean exists = mockDb.stream().anyMatch(u -> u.get("email").equals(email));
+        if (exists) {
+            throw new IllegalArgumentException("User already exists");
+        }
+
+        String hashedPassword = passwordEncoder.encode(password);
+        String userId = UUID.randomUUID().toString().substring(0, 8);
+
+        // 🚨 TODO: Insert into real DB
+        Map<String, String> newUser = new HashMap<>();
+        newUser.put("id", userId);
+        newUser.put("email", email);
+        newUser.put("password", hashedPassword);
+        mockDb.add(newUser);
+
+        String token = jwtUtil.generateToken(userId, email);
+
+        Map<String, Object> response = new HashMap<>();
+        response.put("user", Map.of("id", userId, "email", email));
+        response.put("accessToken", token);
+        return response;
+    }
+
+    public Map<String, String> login(String email, String password) {
+        // 🚨 TODO: Fetch from real DB
+        Map<String, String> user = mockDb.stream()
+                .filter(u -> u.get("email").equals(email))
+                .findFirst()
+                .orElseThrow(() -> new IllegalArgumentException("Invalid credentials"));
+
+        if (!passwordEncoder.matches(password, user.get("password"))) {
+            throw new IllegalArgumentException("Invalid credentials");
+        }
+
+        String token = jwtUtil.generateToken(user.get("id"), user.get("email"));
+        return Map.of("accessToken", token);
+    }
+
+    public Map<String, Object> getUserProfile(String userId) {
+        // 🚨 TODO: Fetch from real DB
+        Map<String, String> user = mockDb.stream()
+                .filter(u -> u.get("id").equals(userId))
+                .findFirst()
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+
+        return Map.of("id", user.get("id"), "email", user.get("email"));
+    }
+}

package/add-features/auth/java-spring/INSTRUCTIONS.md

@@ -0,0 +1,119 @@
+# 🔐 JWT Authentication Module — Java Spring Boot
+
+A complete, modular authentication flow was added to your project inside the `com.example.auth` and `com.example.security` packages.
+
+## 📁 Files generated:
+
+- `AuthController.java` — REST Controller exposing `/auth/login`, `/auth/register`, and `/auth/me`.
+- `AuthService.java` — Business logic (token generation, password validation). **🚨 ACTION REQUIRED HERE**
+- `dto/LoginRequest.java` and `dto/RegisterRequest.java` — Input validation objects.
+- `security/SecurityConfig.java` — Configures the `SecurityFilterChain` to protect routes.
+- `security/JwtUtil.java` and `security/JwtRequestFilter.java` — Token utility and filter.
+
+## 📦 1. Add Dependencies (`pom.xml` / `build.gradle`)
+
+You need the `jjwt` library and `spring-boot-starter-security`:
+
+```xml
+<dependency>
+    <groupId>io.jsonwebtoken</groupId>
+    <artifactId>jjwt-api</artifactId>
+    <version>0.12.6</version>
+</dependency>
+<dependency>
+    <groupId>io.jsonwebtoken</groupId>
+    <artifactId>jjwt-impl</artifactId>
+    <version>0.12.6</version>
+    <scope>runtime</scope>
+</dependency>
+<dependency>
+    <groupId>io.jsonwebtoken</groupId>
+    <artifactId>jjwt-jackson</artifactId>
+    <version>0.12.6</version>
+    <scope>runtime</scope>
+</dependency>
+<dependency>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-security</artifactId>
+</dependency>
+```
+
+## ⚙️ 2. Environment Variables
+
+Add these to your `application.properties` or `application.yml`:
+
+```properties
+jwt.secret=your-super-secret-key-change-me-must-be-at-least-32-chars
+jwt.expiration=604800000
+```
+
+---
+
+## 🚨 3. MANDATORY ACTION: Connect to your Database
+
+The generated `AuthService.java` uses an **IN-MEMORY MOCK DATABASE** by default so that the API compiles and runs immediately. 
+You **MUST** replace this with calls to your actual Database (e.g., Spring Data JPA `UserRepository`).
+
+**Open `AuthService.java` and look for the `🚨 TODO` blocks.**
+
+### Example: How to connect it to JPA:
+
+```java
+// Inside AuthService.java
+
+@Service
+public class AuthService {
+    private final UserRepository userRepository; // <-- Inject your real DB Repo
+    private final PasswordEncoder passwordEncoder;
+    private final JwtUtil jwtUtil;
+
+    // Remove the mockDb completely!
+
+    public AuthService(UserRepository userRepository, PasswordEncoder passwordEncoder, JwtUtil jwtUtil) {
+        this.userRepository = userRepository;
+        this.passwordEncoder = passwordEncoder;
+        this.jwtUtil = jwtUtil;
+    }
+
+    public Map<String, Object> register(String email, String password) {
+        if (userRepository.existsByEmail(email)) {
+             throw new IllegalArgumentException("User already exists");
+        }
+
+        User newUser = new User();
+        newUser.setEmail(email);
+        newUser.setPassword(passwordEncoder.encode(password));
+        userRepository.save(newUser);
+
+        String token = jwtUtil.generateToken(newUser.getId(), newUser.getEmail());
+        // Return response...
+    }
+}
+```
+
+---
+
+## 🔒 4. How to protect other controllers
+
+The `SecurityConfig.java` is already checking the JWT token. 
+Any new controller you create is **automatically protected**, except for the permitAll routes (`/auth/**` and `/swagger-ui/**`).
+
+To access the logged-in user inside any Controller:
+
+```java
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class DashboardController {
+
+    @GetMapping("/api/dashboard")
+    public String dashboard(Authentication authentication) {
+        // authentication is non-null because the route is protected
+        String userId = (String) authentication.getPrincipal();
+
+        return "Welcome, user ID: " + userId;
+    }
+}
+```

package/add-features/auth/java-spring/dto/LoginRequest.java

@@ -0,0 +1,22 @@
+package com.example.auth;
+
+public class LoginRequest {
+    private String email;
+    private String password;
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}

package/add-features/auth/java-spring/dto/RegisterRequest.java

@@ -0,0 +1,22 @@
+package com.example.auth;
+
+public class RegisterRequest {
+    private String email;
+    private String password;
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}

package/add-features/auth/java-spring/security/JwtRequestFilter.java

@@ -0,0 +1,45 @@
+package com.example.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Collections;
+
+@Component
+public class JwtRequestFilter extends OncePerRequestFilter {
+
+    @Autowired
+    private JwtUtil jwtUtil;
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            FilterChain filterChain) throws ServletException, IOException {
+        final String header = request.getHeader("Authorization");
+
+        if (header != null && header.startsWith("Bearer ")) {
+            String token = header.substring(7);
+            try {
+                String userId = jwtUtil.extractUserId(token);
+                if (userId != null && !jwtUtil.isTokenExpired(token)) {
+                    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, null,
+                            Collections.emptyList());
+                    SecurityContextHolder.getContext().setAuthentication(auth);
+                }
+            } catch (Exception ignored) {
+                // Invalid token — continue without authentication (handled by SecurityConfig)
+            }
+        }
+
+        filterChain.doFilter(request, response);
+    }
+}

package/add-features/auth/java-spring/security/JwtUtil.java

@@ -0,0 +1,59 @@
+package com.example.security;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class JwtUtil {
+
+    @Value("${jwt.secret:change-me-in-production}")
+    private String secret;
+
+    @Value("${jwt.expiration:604800000}") // 7 days in ms
+    private long expirationMs;
+
+    private SecretKey getSigningKey() {
+        // Ensure secret is long enough for HS256
+        String paddedSecret = secret.length() < 32 ? String.format("%-32s", secret).replace(' ', '0') : secret;
+        return Keys.hmacShaKeyFor(paddedSecret.getBytes(StandardCharsets.UTF_8));
+    }
+
+    public String generateToken(String userId, String email) {
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("email", email);
+
+        return Jwts.builder()
+                .setClaims(claims)
+                .setSubject(userId)
+                .setIssuedAt(new Date())
+                .setExpiration(new Date(System.currentTimeMillis() + expirationMs))
+                .signWith(getSigningKey(), SignatureAlgorithm.HS256)
+                .compact();
+    }
+
+    public Claims extractClaims(String token) {
+        return Jwts.parserBuilder()
+                .setSigningKey(getSigningKey())
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+
+    public String extractUserId(String token) {
+        return extractClaims(token).getSubject();
+    }
+
+    public boolean isTokenExpired(String token) {
+        return extractClaims(token).getExpiration().before(new Date());
+    }
+}

package/add-features/auth/java-spring/security/SecurityConfig.java

@@ -0,0 +1,39 @@
+package com.example.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+public class SecurityConfig {
+
+    private final JwtRequestFilter jwtRequestFilter;
+
+    public SecurityConfig(JwtRequestFilter jwtRequestFilter) {
+        this.jwtRequestFilter = jwtRequestFilter;
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(csrf -> csrf.disable())
+                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/auth/login", "/auth/register").permitAll()
+                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
+                        .anyRequest().authenticated())
+                .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+}

package/add-features/auth/nestjs/INSTRUCTIONS.md

@@ -0,0 +1,112 @@
+# 🔐 JWT Authentication Module — NestJS
+
+A complete, modular authentication flow was added to your project inside the `auth/` directory.
+
+## 📁 Files generated:
+
+- `auth.module.ts` — The NestJS Module combining Controllers, Services, and JWT configurations.
+- `auth.controller.ts` — Exposes the `/auth/login`, `/auth/register`, and `/auth/me` endpoints.
+- `auth.service.ts` — Business logic (token generation, password validation). **🚨 ACTION REQUIRED HERE**
+- `jwt.strategy.ts` — Connects Passport to handle `Bearer Token` parsing automatically.
+- `jwt-auth.guard.ts` — The `@UseGuards(JwtAuthGuard)` decorator mapped directly to JWT.
+- `dto/*.dto.ts` — Inputs for validation.
+
+## 📦 1. Install Dependencies
+
+You need to install Passport, JWT, and bcrypt:
+
+```bash
+npm install @nestjs/passport @nestjs/jwt passport passport-jwt bcryptjs
+npm install -D @types/passport-jwt @types/bcryptjs
+```
+
+## ⚙️ 2. Environment Variables
+
+Add these to your `.env` file at the root of your project:
+
+```
+JWT_SECRET=your-super-secret-key-change-me
+JWT_EXPIRES_IN=7d
+```
+
+> 💡 **Tip:** Generate a strong random secret by running this in your terminal:
+> `node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`
+
+---
+
+## 🚨 3. MANDATORY ACTION: Connect to your Database
+
+The generated `auth.service.ts` uses an **IN-MEMORY MOCK DATABASE** by default so that it compiles and runs immediately. 
+You **MUST** replace this with calls to your actual Database (TypeORM, Prisma, Mongoose, etc).
+
+**Open `auth/auth.service.ts` and look for the `🚨 TODO` blocks.**
+
+### Example: How to connect it to TypeORM:
+
+```typescript
+// Inside auth.service.ts
+
+@Injectable()
+export class AuthService {
+  constructor(
+    @InjectRepository(User)
+    private usersRepository: Repository<User>, // <-- Inject real DB
+    private jwtService: JwtService
+  ) {}
+
+  async register(email: string, pass: string) {
+    const existingUser = await this.usersRepository.findOne({ where: { email } });
+    if (existingUser) throw new ConflictException('User already exists');
+
+    const hashedPassword = await bcrypt.hash(pass, 12);
+
+    const newUser = this.usersRepository.create({ email, password: hashedPassword });
+    await this.usersRepository.save(newUser);
+
+    const payload = { userId: newUser.id, email: newUser.email };
+    return { access_token: this.jwtService.sign(payload) };
+  }
+}
+```
+
+---
+
+## ⚡ 4. Plug the Module into your App
+
+Currently, the `AuthModule` exists, but your root App Module doesn't know about it.
+You must register it in your `app.module.ts`.
+
+**Open `src/app.module.ts` and add:**
+
+```typescript
+import { Module } from '@nestjs/common';
+import { AuthModule } from './auth/auth.module'; // <-- IMPORT HERE
+
+@Module({
+  imports: [
+    AuthModule, // <-- ADD HERE
+    // ...other modules
+  ],
+})
+export class AppModule {}
+```
+
+## 🔒 5. How to protect other controllers
+
+You can secure any other route by decorating it or its controller with `@UseGuards(JwtAuthGuard)`:
+
+```typescript
+import { Controller, Get, UseGuards, Request } from '@nestjs/common';
+import { JwtAuthGuard } from './auth/jwt-auth.guard';
+
+@Controller('admin')
+@UseGuards(JwtAuthGuard) // Protects all routes inside this controller
+export class AdminController {
+
+  @Get('dashboard')
+  getDashboard(@Request() req) {
+    // You now have access to the logged-in user's payload!
+    return { secretData: `Welcome, user ${req.user.userId}` };
+  }
+}
+```

package/add-features/auth/nestjs/auth.controller.ts

@@ -0,0 +1,27 @@
+import { Controller, Post, Get, Body, UseGuards, Request } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { JwtAuthGuard } from './jwt-auth.guard';
+import { LoginDto } from './dto/login.dto';
+import { RegisterDto } from './dto/register.dto';
+
+@Controller('auth')
+export class AuthController {
+    constructor(private readonly authService: AuthService) { }
+
+    @Post('register')
+    async register(@Body() registerDto: RegisterDto) {
+        return this.authService.register(registerDto.email, registerDto.password);
+    }
+
+    @Post('login')
+    async login(@Body() loginDto: LoginDto) {
+        return this.authService.login(loginDto.email, loginDto.password);
+    }
+
+    @UseGuards(JwtAuthGuard)
+    @Get('me')
+    getProfile(@Request() req) {
+        // req.user is extracted by the JwtStrategy from the Bearer token
+        return this.authService.getUserProfile(req.user.userId);
+    }
+}

package/add-features/auth/nestjs/auth.module.ts

@@ -0,0 +1,20 @@
+import { Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { AuthService } from './auth.service';
+import { AuthController } from './auth.controller';
+import { JwtStrategy } from './jwt.strategy';
+
+@Module({
+    imports: [
+        PassportModule,
+        JwtModule.register({
+            secret: process.env.JWT_SECRET || 'change-me-in-production',
+            signOptions: { expiresIn: process.env.JWT_EXPIRES_IN || '7d' },
+        }),
+    ],
+    controllers: [AuthController],
+    providers: [AuthService, JwtStrategy],
+    exports: [AuthService],
+})
+export class AuthModule { }