kybernus 2.4.0 → 3.0.1

package/add-features/auth/nestjs/auth.service.ts

@@ -0,0 +1,81 @@
+import { Injectable, UnauthorizedException, ConflictException, NotFoundException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import * as bcrypt from 'bcryptjs';
+
+// ==========================================
+// 🚨 TODO: DATABASE INTEGRATION REQUIRED 🚨
+// ==========================================
+// This service currently uses an IN-MEMORY array to store users.
+// You MUST replace "this.mockDb" logic with your actual ORM or Repository provider.
+//
+// EXAMPLE WITH PRISMA/TYPEORM:
+// 1. Inject your repository in the constructor:
+//    constructor(private usersService: UsersService, private jwtService: JwtService) {}
+// 2. Change register() to: await this.usersService.create(email, hashedPassword);
+// 3. Change login() to: await this.usersService.findByEmail(email);
+// ==========================================
+
+@Injectable()
+export class AuthService {
+    private mockDb = []; // 🚨 REPLACE THIS WITH REAL DB CALLS 🚨
+
+    constructor(private jwtService: JwtService) { }
+
+    async register(email: string, pass: string) {
+        // 🚨 TODO: Change this to checking your real database!
+        const existingUser = this.mockDb.find((u) => u.email === email);
+        if (existingUser) {
+            throw new ConflictException('User already exists');
+        }
+
+        const hashedPassword = await bcrypt.hash(pass, 12);
+
+        // 🚨 TODO: Change this to inserting into your real database!
+        const newUser = {
+            id: Math.random().toString(36).substring(7),
+            email,
+            password: hashedPassword,
+        };
+        this.mockDb.push(newUser);
+
+        const payload = { userId: newUser.id, email: newUser.email };
+        const { password, ...userResult } = newUser;
+
+        return {
+            user: userResult,
+            access_token: this.jwtService.sign(payload),
+        };
+    }
+
+    async login(email: string, pass: string) {
+        // 🚨 TODO: Change this to fetching from your real database!
+        const user = this.mockDb.find((u) => u.email === email);
+
+        if (!user) {
+            throw new UnauthorizedException('Invalid credentials');
+        }
+
+        const isMatch = await bcrypt.compare(pass, user.password);
+        if (!isMatch) {
+            throw new UnauthorizedException('Invalid credentials');
+        }
+
+        const payload = { userId: user.id, email: user.email };
+
+        return {
+            access_token: this.jwtService.sign(payload),
+        };
+    }
+
+    async getUserProfile(userId: string) {
+        // 🚨 TODO: Change this to fetching from your real database!
+        const user = this.mockDb.find((u) => u.id === userId);
+
+        if (!user) {
+            throw new NotFoundException('User not found');
+        }
+
+        const { password, ...result } = user;
+        return result;
+    }
+}

package/add-features/auth/nestjs/dto/login.dto.ts

@@ -0,0 +1,4 @@
+export class LoginDto {
+    email!: string;
+    password!: string;
+}

package/add-features/auth/nestjs/dto/register.dto.ts

@@ -0,0 +1,4 @@
+export class RegisterDto {
+    email!: string;
+    password!: string;
+}

package/add-features/auth/nestjs/jwt-auth.guard.ts

@@ -0,0 +1,17 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+/**
+ * Guard that protects routes using JWT authentication.
+ * 
+ * Usage: @UseGuards(JwtAuthGuard) on controller or route handler.
+ */
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {
+    handleRequest(err: any, user: any) {
+        if (err || !user) {
+            throw err || new UnauthorizedException('Missing or invalid token');
+        }
+        return user;
+    }
+}

package/add-features/auth/nestjs/jwt.strategy.ts

@@ -0,0 +1,24 @@
+import { Injectable } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+export interface JwtPayload {
+    userId: string;
+    email: string;
+}
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+    constructor() {
+        super({
+            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            secretOrKey: process.env.JWT_SECRET || 'change-me-in-production',
+        });
+    }
+
+    async validate(payload: JwtPayload) {
+        // Passport will automatically attach this to the Request object as `req.user`
+        return { userId: payload.userId, email: payload.email };
+    }
+}

package/add-features/auth/nextjs/INSTRUCTIONS.md

@@ -0,0 +1,97 @@
+# 🔐 JWT Authentication Module — Next.js (App Router)
+
+A complete, modular authentication flow was added to your Next.js project.
+
+## 📁 Files generated:
+
+- `src/lib/auth/jwt.ts` — Utilities for signing and verifying JSON Web Tokens.
+- `src/lib/auth/session.ts` — Utilities for reading the session cookie from Server Components.
+- `src/app/api/auth/login/route.ts` — Login API Route. **🚨 ACTION REQUIRED HERE**
+- `src/app/api/auth/register/route.ts` — Registration API Route. **🚨 ACTION REQUIRED HERE**
+- `src/middleware.ts` — Edge Middleware that automatically intercepts page requests and redirects unauthenticated users.
+
+## 📦 1. Install Dependencies
+
+You need to install the JWT and Hash libraries:
+
+```bash
+npm install jsonwebtoken bcryptjs
+npm install -D @types/jsonwebtoken @types/bcryptjs
+```
+
+## ⚙️ 2. Environment Variables
+
+Add these to your `.env` or `.env.local` file at the root of your project:
+
+```
+JWT_SECRET=your-super-secret-key-change-me
+JWT_EXPIRES_IN=7d
+```
+
+> 💡 **Tip:** Generate a strong random secret by running this in your terminal:
+> `node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`
+
+---
+
+## 🚨 3. MANDATORY ACTION: Connect to your Database
+
+The generated `login/route.ts` and `register/route.ts` use an **IN-MEMORY MOCK DATABASE** by default so that they compile and run immediately. 
+You **MUST** replace this with your actual database queries (Prisma, Drizzle, MongoDB, etc).
+
+**Open `src/app/api/auth/login/route.ts` and `src/app/api/auth/register/route.ts` and look for the `🚨 TODO` blocks.**
+
+### Example: How to connect `register` to Prisma:
+
+```typescript
+// Inside src/app/api/auth/register/route.ts
+
+import prisma from '@/lib/prisma'; // Provide your own PrismaClient
+
+// Inside the POST function:
+const existingUser = await prisma.user.findUnique({ where: { email } });
+if (existingUser) return NextResponse.json({ error: 'User exists' }, { status: 409 });
+
+const hashedPassword = await bcrypt.hash(password, 12);
+
+const newUser = await prisma.user.create({
+  data: { email, password: hashedPassword },
+});
+
+// ... continuing with token generation ...
+```
+
+---
+
+## ⚡ 4. Consuming the Session in Server Components
+
+You can easily know who the current user is from any Server Component, without making an additional network request:
+
+```tsx
+// src/app/dashboard/page.tsx
+
+import { getSession } from '@/lib/auth/session';
+import { redirect } from 'next/navigation';
+
+export default async function DashboardPage() {
+  const session = await getSession();
+
+  // The middleware already protects /dashboard, but this is how you read the data
+  if (!session) {
+    redirect('/login');
+  }
+
+  return (
+    <div>
+      <h1>Welcome back!</h1>
+      <p>Your ID: {session.userId}</p>
+      <p>Your Email: {session.email}</p>
+    </div>
+  );
+}
+```
+
+## 🔒 5. Middleware Protection
+
+Open `src/middleware.ts`. At the top, you will see `protectedRoutes`. 
+Any route added to that array (e.g. `/dashboard`, `/settings`) cannot be accessed unless a valid JWT cookie is present.
+Unauthenticated users will automatically redirect to `/login`.

package/add-features/auth/nextjs/jwt.ts

@@ -0,0 +1,21 @@
+import jwt from 'jsonwebtoken';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'change-me-in-production';
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7d';
+
+export interface JwtPayload {
+    userId: string;
+    email: string;
+}
+
+export function generateToken(payload: JwtPayload): string {
+    return jwt.sign(payload, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
+}
+
+export function verifyToken(token: string): JwtPayload | null {
+    try {
+        return jwt.verify(token, JWT_SECRET) as JwtPayload;
+    } catch {
+        return null;
+    }
+}

package/add-features/auth/nextjs/middleware.ts

@@ -0,0 +1,37 @@
+import { NextResponse } from 'next/server';
+import type { NextRequest } from 'next/server';
+import { verifyToken } from '@/lib/auth/jwt';
+
+// Define the routes that require authentication
+const protectedRoutes = ['/dashboard', '/api/protected'];
+const authRoutes = ['/login', '/register'];
+
+export function middleware(request: NextRequest) {
+    const { pathname } = request.nextUrl;
+
+    // Check if it's a protected route
+    const isProtectedRoute = protectedRoutes.some(route => pathname.startsWith(route));
+    const isAuthRoute = authRoutes.some(route => pathname.startsWith(route));
+
+    if (isProtectedRoute || isAuthRoute) {
+        const token = request.cookies.get('token')?.value;
+        const payload = token ? verifyToken(token) : null;
+
+        if (isProtectedRoute && !payload) {
+            // Redirect to login if trying to access a protected route without a valid token
+            return NextResponse.redirect(new URL('/login', request.url));
+        }
+
+        if (isAuthRoute && payload) {
+            // Redirect to dashboard if logged in and trying to access login/register
+            return NextResponse.redirect(new URL('/dashboard', request.url));
+        }
+    }
+
+    return NextResponse.next();
+}
+
+// Ensure the middleware runs on relevant paths
+export const config = {
+    matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
+};

package/add-features/auth/nextjs/routes/login.ts

@@ -0,0 +1,43 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { generateToken } from '@/lib/auth/jwt';
+import { sessionCookieOptions } from '@/lib/auth/session';
+import bcrypt from 'bcryptjs';
+
+// ==========================================
+// 🚨 TODO: DATABASE INTEGRATION REQUIRED 🚨
+// ==========================================
+const mockDb: any[] = []; // 🚨 REPLACE THIS WITH REAL DB CALLS (e.g. Prisma) 🚨
+
+export async function POST(req: NextRequest) {
+    try {
+        const { email, password } = await req.json();
+
+        if (!email || !password) {
+            return NextResponse.json({ error: 'Email and password are required' }, { status: 400 });
+        }
+
+        // 🚨 TODO: Replace with real db call (e.g. prisma.user.findUnique)
+        const user = mockDb.find((u) => u.email === email);
+
+        if (!user) {
+            return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
+        }
+
+        const isMatch = await bcrypt.compare(password, user.password);
+        if (!isMatch) {
+            return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
+        }
+
+        const token = generateToken({ userId: user.id, email: user.email });
+
+        const response = NextResponse.json({ success: true });
+
+        // Set the cookie
+        response.cookies.set('token', token, sessionCookieOptions);
+
+        return response;
+    } catch (error) {
+        console.error('Login error:', error);
+        return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 });
+    }
+}

package/add-features/auth/nextjs/routes/register.ts

@@ -0,0 +1,50 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { generateToken } from '@/lib/auth/jwt';
+import { sessionCookieOptions } from '@/lib/auth/session';
+import bcrypt from 'bcryptjs';
+
+// ==========================================
+// 🚨 TODO: DATABASE INTEGRATION REQUIRED 🚨
+// ==========================================
+const mockDb: any[] = []; // 🚨 REPLACE THIS WITH REAL DB CALLS (e.g. Prisma) 🚨
+
+export async function POST(req: NextRequest) {
+    try {
+        const { email, password } = await req.json();
+
+        if (!email || !password) {
+            return NextResponse.json({ error: 'Email and password are required' }, { status: 400 });
+        }
+
+        // 🚨 TODO: Replace with real db call (e.g. prisma.user.findUnique)
+        const existingUser = mockDb.find((u) => u.email === email);
+        if (existingUser) {
+            return NextResponse.json({ error: 'User already exists' }, { status: 409 });
+        }
+
+        const hashedPassword = await bcrypt.hash(password, 12);
+
+        // 🚨 TODO: Replace with real db call (e.g. prisma.user.create)
+        const newUser = {
+            id: Math.random().toString(36).substring(7),
+            email,
+            password: hashedPassword,
+        };
+        mockDb.push(newUser);
+
+        const token = generateToken({ userId: newUser.id, email: newUser.email });
+
+        const response = NextResponse.json(
+            { user: { id: newUser.id, email: newUser.email } },
+            { status: 201 }
+        );
+
+        // Set the cookie
+        response.cookies.set('token', token, sessionCookieOptions);
+
+        return response;
+    } catch (error) {
+        console.error('Registration error:', error);
+        return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 });
+    }
+}

package/add-features/auth/nextjs/session.ts

@@ -0,0 +1,28 @@
+import { cookies } from 'next/headers';
+import { verifyToken, JwtPayload } from './jwt';
+
+/**
+ * Get the current user from the session cookie.
+ * This can only be called from Server Components, Server Actions, or API Routes.
+ */
+export async function getSession(): Promise<JwtPayload | null> {
+    const cookieStore = await cookies();
+    const token = cookieStore.get('token')?.value;
+
+    if (!token) {
+        return null;
+    }
+
+    return verifyToken(token);
+}
+
+/**
+ * Define your cookie configuration to be used during login/logout
+ */
+export const sessionCookieOptions = {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'lax' as const,
+    path: '/',
+    maxAge: 60 * 60 * 24 * 7, // 7 days (must match your JWT expiry conceptually)
+};

package/add-features/auth/nodejs-express/INSTRUCTIONS.md

@@ -0,0 +1,109 @@
+# 🔐 JWT Authentication Module — Node.js Express
+
+A complete, modular authentication flow was added to your project inside the `auth/` directory.
+
+## 📁 Files generated:
+
+- `auth.routes.ts` — The Express Router defining `/login`, `/register`, and `/me`.
+- `auth.controller.ts` — Handles HTTP Requests and Responses.
+- `auth.service.ts` — Business logic (token generation, password hashing). **🚨 ACTION REQUIRED HERE**
+- `auth.middleware.ts` — Middleware to protect secure routes.
+- `jwt.config.ts` — JWT sign and verify utilities.
+
+## 📦 1. Install Dependencies
+
+You need to install the JWT and Cryptography packages:
+
+```bash
+npm install jsonwebtoken bcryptjs
+npm install -D @types/jsonwebtoken @types/bcryptjs
+```
+
+## ⚙️ 2. Environment Variables
+
+Add these to your `.env` file at the root of your project:
+
+```
+JWT_SECRET=your-super-secret-key-change-me
+JWT_EXPIRES_IN=7d
+```
+
+> 💡 **Tip:** Generate a strong random secret by running this in your terminal:
+> `node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`
+
+---
+
+## 🚨 3. MANDATORY ACTION: Connect to your Database
+
+The generated `auth.service.ts` uses an **IN-MEMORY MOCK DATABASE** by default so that it compiles and runs immediately. 
+You **MUST** replace this with your actual Database / ORM calls.
+
+**Open `auth/auth.service.ts` and look for the `🚨 TODO` blocks.**
+
+### Example: How to connect it to Prisma:
+
+```typescript
+// Inside auth.service.ts
+
+import { PrismaClient } from '@prisma/client';
+import bcrypt from 'bcryptjs';
+import { generateToken } from './jwt.config';
+
+const prisma = new PrismaClient();
+
+export class AuthService {
+  async register(email: string, password: string) {
+    const existingUser = await prisma.user.findUnique({ where: { email } });
+    if (existingUser) throw new Error('User already exists');
+
+    const hashedPassword = await bcrypt.hash(password, 12);
+
+    const newUser = await prisma.user.create({
+      data: { email, password: hashedPassword },
+    });
+
+    const token = generateToken({ userId: newUser.id, email: newUser.email });
+    return { token };
+  }
+}
+```
+
+---
+
+## ⚡ 4. Plug the Router into your App
+
+Currently, the routes exist but your Express server doesn't know about them.
+You must register the `auth.routes.ts` file in your main Express app entrypoint.
+
+**Open your `src/app.ts` or `src/index.ts` and add:**
+
+```typescript
+import express from 'express';
+// 1. Import the router
+import authRoutes from './auth/auth.routes'; 
+
+const app = express();
+app.use(express.json());
+
+// 2. Register the router
+app.use('/api/auth', authRoutes);
+
+app.listen(3000, () => console.log('Server running!'));
+```
+
+## 🔒 5. How to protect other routes
+
+You can secure any other route in your API by importing the `authMiddleware`:
+
+```typescript
+import { authMiddleware } from './auth/auth.middleware';
+
+// Any route using authMiddleware requires a valid 'Authorization: Bearer <token>' header
+app.get('/api/admin/dashboard', authMiddleware, (req, res) => {
+  // You now have access to the logged-in user's payload!
+  console.log(req.user.userId);
+  console.log(req.user.email);
+  
+  res.json({ secretData: "This is locked" });
+});
+```

package/add-features/auth/nodejs-express/auth.controller.ts

@@ -0,0 +1,59 @@
+import { Request, Response } from 'express';
+import { AuthService } from './auth.service';
+
+const authService = new AuthService();
+
+export class AuthController {
+
+    async register(req: Request, res: Response) {
+        try {
+            const { email, password } = req.body;
+
+            if (!email || !password) {
+                return res.status(400).json({ error: 'Email and password are required' });
+            }
+
+            const result = await authService.register(email, password);
+            return res.status(201).json(result);
+        } catch (error: any) {
+            if (error.message === 'User already exists') {
+                return res.status(409).json({ error: 'User already exists' });
+            }
+            return res.status(500).json({ error: 'Internal server error' });
+        }
+    }
+
+    async login(req: Request, res: Response) {
+        try {
+            const { email, password } = req.body;
+
+            if (!email || !password) {
+                return res.status(400).json({ error: 'Email and password are required' });
+            }
+
+            const result = await authService.login(email, password);
+            return res.status(200).json(result);
+        } catch (error: any) {
+            if (error.message === 'Invalid credentials') {
+                return res.status(401).json({ error: 'Invalid credentials' });
+            }
+            return res.status(500).json({ error: 'Internal server error' });
+        }
+    }
+
+    async getProfile(req: Request, res: Response) {
+        // req.user is populated by the auth.middleware.ts
+        const user = req.user;
+
+        if (!user) {
+            return res.status(401).json({ error: 'Not authenticated' });
+        }
+
+        try {
+            const profile = await authService.getUserProfile(user.userId);
+            return res.status(200).json(profile);
+        } catch (error) {
+            return res.status(404).json({ error: 'User not found' });
+        }
+    }
+}

package/add-features/auth/nodejs-express/auth.middleware.ts

@@ -0,0 +1,38 @@
+import { Request, Response, NextFunction } from 'express';
+import { verifyToken, JwtPayload } from './jwt.config';
+
+/**
+ * Extends Express Request to include the authenticated user payload.
+ */
+declare global {
+    namespace Express {
+        interface Request {
+            user?: JwtPayload;
+        }
+    }
+}
+
+/**
+ * Middleware that validates the JWT from the Authorization header.
+ * 
+ * Usage:
+ * router.get('/protected-route', authMiddleware, controllerHandler);
+ */
+export function authMiddleware(req: Request, res: Response, next: NextFunction): void {
+    const header = req.headers.authorization;
+
+    if (!header || !header.startsWith('Bearer ')) {
+        res.status(401).json({ error: 'Missing or invalid Authorization header' });
+        return;
+    }
+
+    const token = header.split(' ')[1];
+
+    try {
+        const payload = verifyToken(token);
+        req.user = payload;
+        next();
+    } catch {
+        res.status(401).json({ error: 'Invalid or expired token' });
+    }
+}

package/add-features/auth/nodejs-express/auth.routes.ts

@@ -0,0 +1,15 @@
+import { Router } from 'express';
+import { AuthController } from './auth.controller';
+import { authMiddleware } from './auth.middleware';
+
+const router = Router();
+const authController = new AuthController();
+
+// Public Routes
+router.post('/register', authController.register);
+router.post('/login', authController.login);
+
+// Protected Routes (requires valid JWT)
+router.get('/me', authMiddleware, authController.getProfile);
+
+export default router;