men-boilerplate 1.0.0

package/README.md

@@ -0,0 +1,65 @@
+# MEN Auth Boilerplate (MongoDB, Express, Node.js)
+
+A production-grade, ESM-ready authentication and session management boilerplate. Scaffolds a complete auth system in seconds.
+
+## 🚀 Features
+
+*   **100% ES Modules (ESM)**: Modern, future-proof JavaScript.
+*   **JWT Authentication**: Secure Access & Refresh token rotation.
+*   **Session Management**: Track and manage active sessions (device, IP mapping).
+*   **Persistent Sessions**: Multi-device support with remote revocation (force logout).
+*   **Standard CRUD Factory**: Pre-built logic for MongoDB models.
+*   **Clean Architecture**: Separation of concerns across controllers, routes, models, and middleware.
+
+## 🛠 Installation
+
+Run the following command to scaffold a new project:
+
+```bash
+npx men-setup my-auth-app
+```
+
+
+*Note: Replace `men-boilerplate-setup` with the actual package name after publication.*
+
+## 📂 Project Structure
+
+```text
+src/
+├── auth/           # Middleware and JWT logic
+├── config/         # DB and environment configuration
+├── controllers/    # Request handlers (Auth, Sessions)
+├── crud/           # Reusable CRUD factory
+├── middleware/     # Global error and log handlers
+├── models/         # Mongoose schemas (User, Session)
+├── routes/         # Express routing
+└── utils/          # API Response helpers
+```
+
+## 🔐 Session Management Endpoints
+
+| Method | Endpoint | Description |
+| :--- | :--- | :--- |
+| `POST` | `/api/v1/auth/sign-up` | Create a new user |
+| `POST` | `/api/v1/auth/login` | Login and start a new session |
+| `GET` | `/api/v1/auth/me` | Get current user profile (Protected) |
+| `POST` | `/api/v1/auth/refresh` | Rotate tokens using active session |
+| `GET` | `/api/v1/auth/sessions` | List all active sessions/devices |
+| `DELETE` | `/api/v1/auth/sessions/:id` | Revoke a session (Remote logout) |
+| `POST` | `/api/v1/auth/logout` | Clear current session and cookies |
+
+## ⚙️ Environment Variables
+
+Create a `.env` file in the root:
+
+```env
+PORT=5000
+MONGO_URI=mongodb://localhost:27017/auth-db
+JWT_SECRET=your_jwt_secret
+REFRESH_SECRET=your_refresh_secret
+NODE_ENV=development
+```
+
+## 📝 License
+
+ISC

package/bin/bin.code-workspace

@@ -0,0 +1,13 @@
+{
+	"folders": [
+		{
+			"path": "."
+		},
+		{
+			"path": "../node_modules"
+		},
+		{
+			"path": "../template"
+		}
+	]
+}

package/bin/cli.js

@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { execSync } from 'child_process';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// Ensure we are pointing to the RIGHT template folder inside YOUR package
+const templateDir = path.resolve(__dirname, '../template');
+const targetDir = process.cwd();
+
+async function init() {
+  console.log('🛠️  Starting Scaffolding...');
+  
+  try {
+    // Check if template exists before starting
+    if (!fs.existsSync(templateDir)) {
+      throw new Error(`Template directory not found at: ${templateDir}`);
+    }
+
+    // 1. Copy Files
+    console.log(`📂 Copying from ${templateDir} to ${targetDir}`);
+    fs.cpSync(templateDir, targetDir, { recursive: true });
+
+    // 2. Rename _package.json
+    const oldPkg = path.join(targetDir, '_package.json');
+    const newPkg = path.join(targetDir, 'package.json');
+
+    if (fs.existsSync(oldPkg)) {
+      fs.renameSync(oldPkg, newPkg);
+      console.log('✅ Created package.json');
+    } else {
+      console.warn('⚠️  Warning: _package.json missing from template!');
+    }
+
+    // 3. Install Dependencies
+    console.log('📦 Running npm install...');
+    // We use { stdio: 'inherit' } to see the actual NPM output in the console
+    execSync('npm install', { stdio: 'inherit', cwd: targetDir });
+
+    console.log('\n🚀 ALL DONE! Happy coding.');
+
+  } catch (err) {
+    console.error('\n❌ CRITICAL ERROR:');
+    console.error(err.message);
+    process.exit(1); // Force the process to show it failed
+  }
+}
+
+init();

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "men-boilerplate",
+  "version": "1.0.0",
+  "main": "index.js",
+  "type": "module",
+  "bin": {
+    "men-setup": "bin/cli.js"
+  },
+  "files": [
+    "bin",
+    "template"
+  ],
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "bcryptjs": "^3.0.3",
+    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.6",
+    "dotenv": "^17.4.0",
+    "express": "^5.2.1",
+    "jsonwebtoken": "^9.0.3",
+    "mongoose": "^9.4.1",
+    "morgan": "^1.10.1",
+    "winston": "^3.19.0"
+  },
+  "devDependencies": {
+    "jest": "^30.3.0",
+    "nodemon": "^3.1.14",
+    "supertest": "^7.2.2"
+  }
+}

package/template/.env.example

@@ -0,0 +1,7 @@
+PORT=5000
+MONGO_URI=mongodb://localhost:27017/my-auth-db
+JWT_SECRET=replace_me_with_something_secure
+REFRESH_SECRET=replace_me_with_something_even_more_secure
+NODE_ENV=development
+MORGAN_FORMAT=dev
+CORS_ORIGIN=*

package/template/_package.json

@@ -0,0 +1,23 @@
+{
+  "name": "my-new-auth-app",
+  "version": "1.0.0",
+  "type": "module",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js",
+    "dev": "nodemon server.js"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
+    "dotenv": "^16.0.3",
+    "express": "^4.18.2",
+    "jsonwebtoken": "^9.0.1",
+    "mongoose": "^7.5.0",
+    "morgan": "^1.10.0"
+  },
+  "devDependencies": {
+    "nodemon": "^3.0.1"
+  }
+}

package/template/index.js

@@ -0,0 +1,39 @@
+import express from 'express';
+import cors from 'cors';
+import morgan from 'morgan';
+import cookieParser from 'cookie-parser';
+
+import config from './src/config/config.js';
+import connectDB from './src/config/db.js';
+import authRoutes from './src/routes/authRoutes.js';
+import globalErrorHandler from './src/middleware/errorHandler.js';
+
+
+export const bootstrap = async (app, options = {}) => {
+  
+  await connectDB();
+
+  
+  app.use(express.json({ limit: '10kb' }));
+  app.use(cookieParser());
+  app.use(morgan(options.morganFormat || config.morganFormat));
+  
+  app.use(cors({
+    origin: options.corsOrigin || config.corsOrigin,
+    credentials: true 
+  }));
+
+  
+  
+  app.use('/api/v1/auth', authRoutes);
+
+  
+  app.use(globalErrorHandler);
+
+  console.log('🛡️ Auth Engine: System Bootstrapped Successfully.');
+};
+
+
+export { default as factory } from './src/crud/factory.js';
+export { default as ApiResponse } from './src/utils/ApiResponse.js';
+export { default as protect } from './src/auth/authMiddleware.js';

package/template/server.js

@@ -0,0 +1,19 @@
+import express from 'express';
+import { bootstrap } from './index.js';
+
+const app = express();
+const port = process.env.PORT || 5000;
+
+const startServer = async () => {
+    try {
+        await bootstrap(app);
+        app.listen(port, () => {
+            console.log(`🚀 Server running on http://localhost:${port}`);
+        });
+    } catch (error) {
+        console.error('❌ Failed to start server:', error.message);
+        process.exit(1);
+    }
+};
+
+startServer();

package/template/src/auth/authMiddleware.js

@@ -0,0 +1,22 @@
+import jwt from 'jsonwebtoken';
+import ApiResponse from '../utils/ApiResponse.js';
+import asyncHandler from '../utils/asyncHandler.js';
+import User from '../models/BaseUser.js';
+
+const protect = asyncHandler(async (req, res, next) => {
+  let token = req.cookies.accessToken;
+
+  if (!token) {
+    return ApiResponse.error(res, 'Not authorized, token missing', 401);
+  }
+
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    req.user = await User.findById(decoded.id);
+    next();
+  } catch (error) {
+    return ApiResponse.error(res, 'Token expired or invalid', 401);
+  }
+});
+
+export default protect;

package/template/src/auth/jwtService.js

@@ -0,0 +1 @@
+// JWT signing and Refresh Token logic

package/template/src/config/config.js

@@ -0,0 +1,41 @@
+import dotenv from 'dotenv';
+
+
+dotenv.config();
+
+const config = {
+  
+  port: process.env.PORT || 5000,
+  nodeEnv: process.env.NODE_ENV || 'development',
+  
+  
+  mongoUri: process.env.MONGO_URI,
+
+  
+  jwtSecret: process.env.JWT_SECRET || 'super-secret-key-change-me',
+  jwtExpire: process.env.JWT_EXPIRE || '15m',
+  
+  refreshSecret: process.env.REFRESH_SECRET || 'even-more-secret-key-change-me',
+  refreshExpire: process.env.REFRESH_EXPIRE || '7d',
+
+  
+  cookieExpire: process.env.COOKIE_EXPIRE || 7, 
+
+  
+  corsOrigin: process.env.CORS_ORIGIN || '*',
+  
+  
+  morganFormat: process.env.MORGAN_FORMAT || 'dev'
+};
+
+
+if (config.nodeEnv === 'production') {
+  if (!process.env.JWT_SECRET || !process.env.REFRESH_SECRET) {
+    console.warn('⚠️ WARNING: JWT_SECRET or REFRESH_SECRET is missing in production!');
+  }
+  if (!process.env.MONGO_URI) {
+    console.error('❌ ERROR: MONGO_URI is required in production!');
+  }
+}
+
+export default config;

package/template/src/config/db.js

@@ -0,0 +1,19 @@
+import mongoose from 'mongoose';
+import config from './config.js';
+
+const connectDB = async () => {
+  try {
+    const conn = await mongoose.connect(config.mongoUri);
+
+    console.log(`🍀 MongoDB Connected: ${conn.connection.host}`);
+    mongoose.connection.on('error', (err) => {
+      console.error(`❌ MongoDB Runtime Error: ${err}`);
+    });
+
+  } catch (error) {
+    console.error(`❌ Error connecting to MongoDB: ${error.message}`); 
+    process.exit(1);
+  }
+};
+
+export default connectDB;

package/template/src/controllers/authControllers.js

@@ -0,0 +1,151 @@
+import jwt from 'jsonwebtoken';
+const { sign, verify } = jwt;
+
+import User, { create, findOne, findById } from '../models/BaseUser.js';
+import Session from '../models/Session.js';
+import { success, error } from '../utils/ApiResponse.js';
+import asyncHandler from '../utils/asyncHandler.js';
+
+
+
+
+const sendTokenResponse = async (user, statusCode, res, req = {}) => {
+  const accessToken = sign({ id: user._id }, process.env.JWT_SECRET, { 
+    expiresIn: process.env.JWT_EXPIRE || '15m' 
+  });
+  const refreshToken = sign({ id: user._id }, process.env.REFRESH_SECRET, { 
+    expiresIn: process.env.REFRESH_EXPIRE || '7d' 
+  });
+
+  // Calculate expiration date for session
+  const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days matching REFRESH_EXPIRE
+
+  // Create a Session record
+  await Session.create({
+    userId: user._id,
+    refreshToken,
+    device: req.get ? req.get('User-Agent') : 'Unknown',
+    ip: req.ip || 'Unknown',
+    expiresAt
+  });
+
+  const cookieOptions = {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'Lax',
+  };
+
+  res.cookie('accessToken', accessToken, { 
+    ...cookieOptions, 
+    expires: new Date(Date.now() + 15 * 60 * 1000) 
+  });
+  
+  res.cookie('refreshToken', refreshToken, { 
+    ...cookieOptions, 
+    expires: expiresAt
+  });
+
+  return success(res, "Authentication successful", {
+    id: user._id,
+    email: user.email
+  }, statusCode);
+};
+
+
+export const signUp = asyncHandler(async (req, res, next) => {
+  const user = await create(req.body);
+  await sendTokenResponse(user, 201, res, req);
+});
+
+
+export const login = asyncHandler(async (req, res, next) => {
+  const { email, password } = req.body;
+
+  if (!email || !password) {
+    return error(res, "Please provide email and password", 400);
+  }
+
+  const user = await findOne({ email }).select('+password');
+
+  if (!user || !(await user.comparePassword(password, user.password))) {
+    return error(res, "Invalid credentials", 401);
+  }
+
+  await sendTokenResponse(user, 200, res, req);
+});
+
+
+export const refresh = asyncHandler(async (req, res, next) => {
+  const { refreshToken } = req.cookies;
+
+  if (!refreshToken) {
+    return error(res, "No refresh token provided", 401);
+  }
+
+  // Find session record
+  const session = await Session.findOne({ refreshToken, isValid: true });
+  if (!session) {
+     return error(res, "Invalid or expired session", 401);
+  }
+
+  const decoded = verify(refreshToken, process.env.REFRESH_SECRET);
+  const user = await findById(decoded.id);
+
+  if (!user) {
+    return error(res, "User no longer exists", 401);
+  }
+
+  // Delete old session and create new one
+  await session.deleteOne();
+  await sendTokenResponse(user, 200, res, req);
+});
+
+
+export const getMe = asyncHandler(async (req, res, next) => {
+  
+  return success(res, "User profile retrieved", req.user);
+});
+
+export const logout = asyncHandler(async (req, res, next) => {
+  const { refreshToken } = req.cookies;
+
+  if (refreshToken) {
+    await Session.deleteOne({ refreshToken });
+  }
+
+  res.cookie('accessToken', 'none', { expires: new Date(Date.now() + 10 * 1000), httpOnly: true });
+  res.cookie('refreshToken', 'none', { expires: new Date(Date.now() + 10 * 1000), httpOnly: true });
+  
+  return success(res, "Logged out successfully");
+});
+
+
+export const getSessions = asyncHandler(async (req, res, next) => {
+  const sessions = await Session.find({ userId: req.user._id, isValid: true })
+    .select('-refreshToken') // Don't expose token in listing
+    .sort('-createdAt');
+    
+  return success(res, "Active sessions retrieved", sessions);
+});
+
+export const revokeSession = asyncHandler(async (req, res, next) => {
+  const sessionId = req.params.id;
+  
+  const session = await Session.findOne({ _id: sessionId, userId: req.user._id });
+  if (!session) {
+    return error(res, "Session not found", 404);
+  }
+  
+  await session.deleteOne();
+  return success(res, "Session revoked successfully");
+});
+
+
+export function healthCheck(req, res) {
+  res.status(200).json({
+    status: "success",
+    message: "Server is healthy",
+    uptime: process.uptime(),
+    timestamp: new Date().toISOString()
+  });
+}

package/template/src/crud/factory.js

@@ -0,0 +1,79 @@
+import APIFeatures from './queryBuilder.js';
+import ApiResponse from '../utils/ApiResponse.js';
+import asyncHandler from '../utils/asyncHandler.js';
+
+/**
+ * Factory functions to handle standard CRUD operations
+ * @param {import('mongoose').Model} Model - The Mongoose model to use
+ */
+const factory = (Model) => ({
+  
+  
+  getAll: asyncHandler(async (req, res, next) => {
+    const features = new APIFeatures(Model.find(), req.query)
+      .filter()
+      .sort()
+      .limitFields()
+      .paginate();
+
+    const docs = await features.query;
+
+    
+    const filterObj = new APIFeatures(Model.find(), req.query).filter().query.getFilter();
+    const total = await Model.countDocuments(filterObj);
+
+    const page = Number(req.query.page) || 1;
+    const limit = Number(req.query.limit) || 10;
+
+    return ApiResponse.success(res, "Resources retrieved successfully", docs, 200, {
+      total,
+      page,
+      limit,
+      totalPages: Math.ceil(total / limit)
+    });
+  }),
+
+  
+  getOne: asyncHandler(async (req, res, next) => {
+    const doc = await Model.findById(req.params.id);
+
+    if (!doc) {
+      return ApiResponse.error(res, "No document found with that ID", 404);
+    }
+
+    return ApiResponse.success(res, "Resource retrieved successfully", doc);
+  }),
+
+  
+  createOne: asyncHandler(async (req, res, next) => {
+    const doc = await Model.create(req.body);
+    return ApiResponse.success(res, "Resource created successfully", doc, 201);
+  }),
+
+  
+  updateOne: asyncHandler(async (req, res, next) => {
+    const doc = await Model.findByIdAndUpdate(req.params.id, req.body, {
+      new: true,
+      runValidators: true 
+    });
+
+    if (!doc) {
+      return ApiResponse.error(res, "No document found with that ID", 404);
+    }
+
+    return ApiResponse.success(res, "Resource updated successfully", doc);
+  }),
+
+  
+  deleteOne: asyncHandler(async (req, res, next) => {
+    const doc = await Model.findByIdAndDelete(req.params.id);
+
+    if (!doc) {
+      return ApiResponse.error(res, "No document found with that ID", 404);
+    }
+
+    return ApiResponse.success(res, "Resource deleted successfully", null, 204);
+  })
+});
+
+export default factory;

package/template/src/crud/queryBuilder.js

@@ -0,0 +1,79 @@
+class QueryBuillder {
+    constructor(query, queryString) {
+        this.query = query
+        this.queryString = queryString
+    }
+
+    filter() {
+        const queryObj = { ...this.queryString }
+
+        const excludedFields = ["page", "sort", "limit", "fields", "search"]
+
+
+        let queryStr = queryObj.JSON.stringfy(queryObj)
+        excludedFields.forEach(el => delete queryObj[el])
+
+        queryStr.replace(/\b(gte|gt|lte|lt)\b/g,(match)=> `$${match}`)
+
+        this.query = this.query.find(JSON.parse(queryStr))
+        
+        return this
+
+        
+
+    }
+
+    search(fields = []) {
+        if (this.queryString.search) {
+            const keyWords = this.queryString.search
+
+            const searchQuery = {
+                $or: fields.map(field => ({[field]:{$regex:keyWords}}))
+            }
+
+            this.query = this.query.find(searchQuery)
+
+            
+        }
+
+       return this
+    }
+
+    sort() {
+        if (this.queryString.sort) {
+            const sortQuery = this.queryString.sort.split(",").join(" ")
+            this.query = this.query.sort(sortQuery)
+        }
+
+        else {
+            this.query = this.query.sort('-createdAt')
+        }
+
+        return this
+    }
+
+     limitFields() {
+    if (this.queryString.fields) {
+      const fields = this.queryString.fields.split(",").join(" ");
+      this.query = this.query.select(fields);
+    } else {
+      this.query = this.query.select("-__v");
+    }
+
+    return this;
+  }
+
+  paginate() {
+    const page = parseInt(this.queryString.page) || 1;
+    const limit = parseInt(this.queryString.limit) || 10;
+    const skip = (page - 1) * limit;
+
+    this.query = this.query.skip(skip).limit(limit);
+    return this;
+  }
+
+
+
+}
+
+export default QueryBuillder

package/template/src/middleware/errorHandler.js

@@ -0,0 +1,60 @@
+import ApiResponse from '../utils/ApiResponse.js';
+
+/**
+ * Global Error Handling Middleware
+ * Catch-all for every error passed via next(err)
+ */
+const globalErrorHandler = (err, req, res, next) => {
+  
+  err.statusCode = err.statusCode || 500;
+  err.status = err.status || 'error';
+
+  
+  
+  if (err.name === 'CastError') {
+    const message = `Invalid ${err.path}: ${err.value}.`;
+    return ApiResponse.error(res, message, 400);
+  }
+
+  
+  
+  if (err.code === 11000) {
+    const field = Object.keys(err.keyValue)[0];
+    const value = Object.values(err.keyValue)[0];
+    const message = `Duplicate field value: "${value}". This ${field} is already in use.`;
+    return ApiResponse.error(res, message, 400);
+  }
+
+  
+  
+  if (err.name === 'ValidationError') {
+    const errors = Object.values(err.errors).map(el => el.message);
+    const message = `Invalid input data: ${errors.join('. ')}`;
+    return ApiResponse.error(res, message, 400);
+  }
+
+  
+  if (err.name === 'JsonWebTokenError') {
+    return ApiResponse.error(res, 'Invalid token. Please log in again.', 401);
+  }
+
+  if (err.name === 'TokenExpiredError') {
+    return ApiResponse.error(res, 'Your session has expired. Please refresh your token.', 401);
+  }
+
+  
+  const message = err.message || 'An unexpected error occurred on the server.';
+  
+  
+  
+  const errorDetails = process.env.NODE_ENV === 'development' ? { stack: err.stack } : null;
+
+  return ApiResponse.error(
+    res, 
+    message, 
+    err.statusCode, 
+    errorDetails
+  );
+};
+
+export default globalErrorHandler;

package/template/src/middleware/logger.js

@@ -0,0 +1 @@
+// Morgan and Winston configuration

package/template/src/models/BaseUser.js

@@ -0,0 +1,37 @@
+import mongoose from 'mongoose';
+import bcrypt from 'bcryptjs';
+
+const BaseUserSchema = new mongoose.Schema({
+  email: {
+    type: String,
+    required: [true, 'Email is required'],
+    unique: true,
+    lowercase: true,
+  },
+  password: {
+    type: String,
+    required: [true, 'Password is required'],
+    select: false, 
+  }
+}, { timestamps: true });
+
+
+
+BaseUserSchema.pre('save', async function() {
+  if (!this.isModified('password')) return;
+  this.password = await bcrypt.hash(this.password, 12);
+});
+
+
+
+BaseUserSchema.methods.comparePassword = async function(candidatePassword, userPassword) {
+  return await bcrypt.compare(candidatePassword, userPassword);
+};
+
+const User = mongoose.model('User', BaseUserSchema);
+
+export const create = (...args) => User.create(...args);
+export const findOne = (...args) => User.findOne(...args);
+export const findById = (...args) => User.findById(...args);
+
+export default User;

package/template/src/models/Session.js

@@ -0,0 +1,36 @@
+import mongoose from 'mongoose';
+
+const SessionSchema = new mongoose.Schema({
+  userId: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'User',
+    required: true,
+  },
+  refreshToken: {
+    type: String,
+    required: true,
+    unique: true,
+  },
+  device: {
+    type: String,
+    default: 'Unknown Device',
+  },
+  ip: {
+    type: String,
+  },
+  isValid: {
+    type: Boolean,
+    default: true,
+  },
+  expiresAt: {
+    type: Date,
+    required: true,
+  }
+}, { timestamps: true });
+
+
+SessionSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+
+const Session = mongoose.model('Session', SessionSchema);
+
+export default Session;

package/template/src/routes/authRoutes.js

@@ -0,0 +1,23 @@
+import express from 'express';
+import * as authController from '../controllers/authControllers.js';
+import protect from '../auth/authMiddleware.js';
+
+const router = express.Router();
+
+// Public Routes
+router.post('/sign-up', authController.signUp);
+router.post('/login', authController.login);
+router.post('/refresh', authController.refresh);
+router.get('/health', authController.healthCheck);
+
+// Protected Routes
+router.use(protect); // Applies protection to all routes below this line
+router.get('/me', authController.getMe);
+router.post('/logout', authController.logout);
+
+// Session Management
+router.get('/sessions', authController.getSessions);
+router.delete('/sessions/:id', authController.revokeSession);
+
+
+export default router;

package/template/src/utils/ApiResponse.js

@@ -0,0 +1,46 @@
+class ApiResponse {
+    constructor({statusCode = 200, success = true, data = null, message = ""}) {
+        this.statusCode = statusCode,
+        this.success=success
+        this.data = data
+        this.message = message
+        
+    }
+
+    send(res) {
+        return res.status(this.statusCode).json(
+            {
+                success: this.success,
+                message:this.message,
+                data:this.data,
+            }
+        )
+
+    }
+
+    static success(res, message = "Success", data = null, statusCode = 200, meta = null) {
+       const response = {
+           success: true,
+           message,
+           data,
+           ...(meta && { meta })
+       };
+       return res.status(statusCode).json(response);
+    }
+
+    static error(res, message = "Error", statusCode = 500, data = null) {
+       const response = {
+           success: false,
+           message,
+           ...(data && { data })
+       };
+       return res.status(statusCode).json(response);
+    }
+
+}
+
+export default ApiResponse;
+
+// Named exports for convenience
+export const success = ApiResponse.success;
+export const error = ApiResponse.error;

package/template/src/utils/asyncHandler.js

@@ -0,0 +1,5 @@
+const asyncHandler = fn => (req, res, next) => {
+    return Promise.resolve(fn(req,res,next)).catch(next)
+}
+
+export default asyncHandler