millas 0.2.12-beta → 0.2.12-beta-2

package/src/providers/AdminServiceProvider.js

@@ -2,39 +2,96 @@
 
 const ServiceProvider = require('./ServiceProvider');
 const Admin           = require('../admin/Admin');
+const AdminAuth       = require('../admin/AdminAuth');
 
 /**
  * AdminServiceProvider
  *
- * Registers the Admin singleton and exposes it in the container.
+ * Boots the admin panel and wires it to the app's User model.
  *
- * Add to bootstrap/app.js:
- *   app.providers([..., AdminServiceProvider])
+ * ── Authentication flow ───────────────────────────────────────────────────
  *
- * Then register resources and mount:
- *   Admin.register(UserResource);
- *   Admin.mount(route, expressApp);
+ *  AdminAuth resolves the User model in this priority order:
+ *    1. Explicit model in config/admin.js  auth.model
+ *    2. The same model AuthServiceProvider resolved (app/models/User)
+ *    3. Built-in AuthUser (framework fallback)
+ *
+ *  It then enforces:
+ *    - user.is_active === true   (account not disabled)
+ *    - user.is_staff  === true   (has admin panel access)
+ *
+ *  Run `millas createsuperuser` to create your first admin user.
+ *  Run `millas migrate` first if you haven't — the users table must exist.
+ *
+ * ── Usage (bootstrap/app.js) ─────────────────────────────────────────────
+ *
+ *   module.exports = Millas.config()
+ *     .providers([AppServiceProvider])
+ *     .withAdmin()
+ *     .create();
+ *
+ * ── Optional config/admin.js ─────────────────────────────────────────────
+ *
+ *   module.exports = {
+ *     prefix: '/admin',
+ *     title:  'My App Admin',
+ *     auth: {
+ *       cookieMaxAge:   60 * 60 * 8,
+ *       rememberAge:    60 * 60 * 24 * 30,
+ *       maxAttempts:    5,
+ *       lockoutMinutes: 15,
+ *       // model: require('../app/models/AdminUser'),  // explicit override
+ *     },
+ *     // auth: false   — disable auth entirely (not recommended)
+ *   };
  */
 class AdminServiceProvider extends ServiceProvider {
   register(container) {
     container.instance('Admin',         Admin);
+    container.instance('AdminAuth',     AdminAuth);
     container.instance('AdminResource', require('../admin/resources/AdminResource').AdminResource);
     container.instance('AdminField',    require('../admin/resources/AdminResource').AdminField);
     container.instance('AdminFilter',   require('../admin/resources/AdminResource').AdminFilter);
   }
 
   async boot(container) {
+    const basePath = container.make('basePath') || process.cwd();
     let adminConfig = {};
     try {
-      adminConfig = require(process.cwd() + '/config/admin');
-    } catch { /* config is optional */ }
+      adminConfig = require(basePath + '/config/admin');
+    } catch { /* optional */ }
+
+    // auth: {} means "use the User model with is_staff gate" — the Django default.
+    // auth: false disables auth entirely.
+    // Anything else is passed through as-is (model override, cookie settings, etc.)
+    const authConfig = adminConfig.auth !== undefined ? adminConfig.auth : {};
 
     Admin.configure({
       prefix: adminConfig.prefix || '/admin',
       title:  adminConfig.title  || process.env.APP_NAME || 'Millas Admin',
       ...adminConfig,
+      auth: authConfig,
     });
+
+    // ── Wire basePath + User model into AdminAuth ──────────────────────────
+    // Pass basePath so AdminAuth._resolveUserModel() can find app/models/User
+    // without calling process.cwd() at request time.
+    AdminAuth.setBasePath(basePath);
+
+    // AuthServiceProvider runs before us (Database → Auth → Admin order).
+    // It already resolved app/models/User → AuthUser fallback and gave it
+    // to the Auth singleton. We grab the same model so AdminAuth and the
+    // API auth system always use the same table.
+    if (authConfig !== false) {
+      try {
+        const Auth = require('../auth/Auth');
+        // Auth._UserModel is the resolved model — reuse it directly
+        if (Auth._UserModel) {
+          AdminAuth.setUserModel(Auth._UserModel);
+        }
+      } catch { /* Auth not booted yet — AdminAuth will lazy-resolve */ }
+    }
   }
 }
 
-module.exports = AdminServiceProvider;
+module.exports = AdminServiceProvider;

package/src/providers/AuthServiceProvider.js

@@ -16,15 +16,17 @@ const RoleMiddleware  = require('../auth/RoleMiddleware');
  */
 class AuthServiceProvider extends ServiceProvider {
   register(container) {
-    container.instance('Auth',            Auth);
+    container.instance('Auth', Auth);
+    container.alias('auth', 'Auth');
     container.instance('AuthMiddleware',  AuthMiddleware);
   }
 
   async boot(container, app) {
+    const basePath = container.make('basePath') || process.cwd();
     // Load auth config
     let authConfig;
     try {
-      authConfig = require(process.cwd() + '/config/auth');
+      authConfig = require(basePath + '/config/auth');
     } catch {
       authConfig = {
         default: 'jwt',
@@ -32,11 +34,48 @@ class AuthServiceProvider extends ServiceProvider {
       };
     }
 
-    // Load the User model if available
-    let UserModel = null;
+    // ── Resolve the User model ──────────────────────────────────────────────
+    //
+    // Priority order (mirrors Django's AUTH_USER_MODEL pattern):
+    //
+    //   1. config/app.js → auth_user: 'User'
+    //      The model name is looked up in app/models/index.js exports.
+    //      This is the recommended approach — explicit and refactor-safe.
+    //
+    //   2. app/models/User.js (default export or named User export)
+    //      Conventional fallback — works if auth_user is not set and
+    //      the file exists at the default path.
+    //
+    //   3. Built-in AuthUser
+    //      Abstract base class — no table. Used only as a last resort
+    //      so Auth always has a model to work with during early dev.
+    //
+    let UserModel;
     try {
-      UserModel = require(process.cwd() + '/app/models/User');
-    } catch { /* User model optional at boot */ }
+      // Step 1: read auth_user from config/app.js
+      let authUserName = null;
+      try {
+        const appConfig = require(basePath + '/config/app');
+        authUserName = appConfig.auth_user || null;
+      } catch { /* config/app.js missing or has no auth_user key */ }
+
+      if (authUserName) {
+        // Resolve by name from app/models/index.js
+        const modelsIndex = require(basePath + '/app/models/index');
+        const resolved    = modelsIndex[authUserName];
+        if (!resolved) {
+          throw new Error(
+            `[AuthServiceProvider] auth_user: '${authUserName}' not found in app/models/index.js.\n` +
+            `  Available exports: ${Object.keys(modelsIndex).join(', ')}`
+          );
+        }
+        UserModel = resolved;
+      }
+    } catch (err) {
+      if (err.message.includes('[AuthServiceProvider]')) throw err; // re-throw config errors
+      // Step 3: fall back to built-in AuthUser (abstract — no table)
+      UserModel = require('../auth/AuthUser');
+    }
 
     // Configure the Auth singleton
     Auth.configure(authConfig, UserModel);
@@ -50,4 +89,4 @@ class AuthServiceProvider extends ServiceProvider {
   }
 }
 
-module.exports = AuthServiceProvider;
+module.exports = AuthServiceProvider;

package/src/providers/CacheStorageServiceProvider.js

@@ -12,12 +12,13 @@ const Storage         = require('../storage/Storage');
 class CacheServiceProvider extends ServiceProvider {
   register(container) {
     container.instance('Cache', Cache);
+    container.alias('cache', 'Cache');
   }
 
   async boot() {
     let cacheConfig;
     try {
-      cacheConfig = require(process.cwd() + '/config/cache');
+      cacheConfig = require((container.make('basePath') || process.cwd()) + '/config/cache');
     } catch {
       cacheConfig = {
         default: process.env.CACHE_DRIVER || 'memory',
@@ -41,12 +42,13 @@ class CacheServiceProvider extends ServiceProvider {
 class StorageServiceProvider extends ServiceProvider {
   register(container) {
     container.instance('Storage', Storage);
+    container.alias('storage', 'Storage');
   }
 
   async boot() {
     let storageConfig;
     try {
-      storageConfig = require(process.cwd() + '/config/storage');
+      storageConfig = require((container.make('basePath') || process.cwd()) + '/config/storage');
     } catch {
       storageConfig = {
         default: process.env.STORAGE_DRIVER || 'local',
@@ -68,4 +70,4 @@ class StorageServiceProvider extends ServiceProvider {
   }
 }
 
-module.exports = { CacheServiceProvider, StorageServiceProvider };
+module.exports = { CacheServiceProvider, StorageServiceProvider };

package/src/providers/DatabaseServiceProvider.js

@@ -21,10 +21,11 @@ class DatabaseServiceProvider extends ServiceProvider {
   }
 
   async boot(container) {
+    const basePath = container.make('basePath') || process.cwd();
     // Load the database config
     let dbConfig;
     try {
-      dbConfig = require(process.cwd() + '/config/database');
+      dbConfig = require(basePath + '/config/database');
     } catch {
       // Fallback for tests / programmatic use
       dbConfig = {
@@ -42,4 +43,4 @@ class DatabaseServiceProvider extends ServiceProvider {
   }
 }
 
-module.exports = DatabaseServiceProvider;
+module.exports = DatabaseServiceProvider;

package/src/providers/EventServiceProvider.js

@@ -19,6 +19,7 @@ const { emit }        = require('../events/EventEmitter');
 class EventServiceProvider extends ServiceProvider {
   register(container) {
     container.instance('EventEmitter', EventEmitter);
+    container.alias('events', 'EventEmitter');
     container.instance('emit',         emit);
   }
 
@@ -31,4 +32,4 @@ class EventServiceProvider extends ServiceProvider {
   }
 }
 
-module.exports = EventServiceProvider;
+module.exports = EventServiceProvider;

package/src/providers/LogServiceProvider.js

@@ -39,8 +39,9 @@ const patchConsole   = require('../logger/patchConsole');
  */
 class LogServiceProvider extends ServiceProvider {
   register(container) {
-    container.instance('Log',       Log);
-    container.instance('Logger',    Logger);
+    container.instance('Log', Log);
+    container.instance('Logger', Logger);
+    container.alias('log', 'Log');
     container.instance('MillasLog', MillasLog);
   }
 
@@ -58,6 +59,9 @@ class LogServiceProvider extends ServiceProvider {
   beforeBoot(container) {
     let config = {};
     try {
+      // Note: beforeBoot runs before any container bindings exist.
+      // basePath is not yet available — process.cwd() is the correct fallback here.
+      // The path will be correct as long as `millas serve` is run from project root.
       config = require(process.cwd() + '/config/logging');
     } catch {
       // No config file — defaults already applied in logger/index.js
@@ -205,4 +209,4 @@ class LogServiceProvider extends ServiceProvider {
   }
 }
 
-module.exports = LogServiceProvider;
+module.exports = LogServiceProvider;

package/src/providers/MailServiceProvider.js

@@ -19,14 +19,15 @@ const MailMessage     = require('../mail/MailMessage');
  */
 class MailServiceProvider extends ServiceProvider {
   register(container) {
-    container.instance('Mail',        Mail);
+    container.instance('Mail', Mail);
+    container.alias('mail', 'Mail');
     container.instance('MailMessage', MailMessage);
   }
 
   async boot(container) {
     let mailConfig;
     try {
-      mailConfig = require(process.cwd() + '/config/mail');
+      mailConfig = require((container.make('basePath') || process.cwd()) + '/config/mail');
     } catch {
       mailConfig = {
         default:  process.env.MAIL_DRIVER || 'log',
@@ -48,4 +49,4 @@ class MailServiceProvider extends ServiceProvider {
   }
 }
 
-module.exports = MailServiceProvider;
+module.exports = MailServiceProvider;

package/src/providers/QueueServiceProvider.js

@@ -21,14 +21,15 @@ const { dispatch }    = require('../queue/Queue');
  */
 class QueueServiceProvider extends ServiceProvider {
   register(container) {
-    container.instance('Queue',    Queue);
+    container.instance('Queue', Queue);
+    container.alias('queue', 'Queue');
     container.instance('dispatch', dispatch);
   }
 
   async boot(container) {
     let queueConfig;
     try {
-      queueConfig = require(process.cwd() + '/config/queue');
+      queueConfig = require((container.make('basePath') || process.cwd()) + '/config/queue');
     } catch {
       queueConfig = {
         default: process.env.QUEUE_DRIVER || 'sync',
@@ -49,4 +50,4 @@ class QueueServiceProvider extends ServiceProvider {
   }
 }
 
-module.exports = QueueServiceProvider;
+module.exports = QueueServiceProvider;

package/src/router/Router.js

@@ -1,211 +1,178 @@
 'use strict';
 
-const MiddlewareRegistry = require('./MiddlewareRegistry');
-const ErrorRenderer      = require('../errors/ErrorRenderer');
-const MillasRequest      = require('../http/MillasRequest');
-const MillasResponse     = require('../http/MillasResponse');
-const ResponseDispatcher = require('../http/ResponseDispatcher');
-const RequestContext     = require('../http/RequestContext');
-
+/**
+ * Router
+ *
+ * Bridges the Millas RouteRegistry to any HttpAdapter.
+ * Zero knowledge of Express (or any HTTP engine) — it only calls
+ * the adapter interface defined in HttpAdapter.js.
+ *
+ * Responsibilities:
+ *   - Resolve route handlers from the RouteRegistry
+ *   - Resolve middleware aliases from the MiddlewareRegistry
+ *   - Ask the adapter to mount each route
+ *   - Ask the adapter to mount the welcome page, 404, and error handler
+ */
 class Router {
   /**
-   * @param {object}             expressApp
-   * @param {RouteRegistry}      registry
-   * @param {MiddlewareRegistry} middlewareRegistry
-   * @param {Container|null}     container   — DI container, injected into RequestContext
+   * @param {import('../http/adapters/HttpAdapter')} adapter
+   * @param {import('./RouteRegistry')}              registry
+   * @param {import('./MiddlewareRegistry')}         middlewareRegistry
+   * @param {import('../container/Container')|null}  container
    */
-  constructor(expressApp, registry, middlewareRegistry, container = null) {
-    this._app       = expressApp;
+  constructor(adapter, registry, middlewareRegistry, container = null) {
+    this._adapter   = adapter;
     this._registry  = registry;
-    this._mw        = middlewareRegistry || new MiddlewareRegistry();
+    this._mw        = middlewareRegistry;
     this._container = container;
   }
 
+  // ── Public API ─────────────────────────────────────────────────────────────
+
   /**
-   * Bind all registered routes onto the Express app.
-   * Does NOT add 404/error handlers — call mountFallbacks() after
-   * all other middleware (like Admin) has been registered.
+   * Mount all registered routes onto the adapter.
+   * Does NOT add fallbacks — call mountFallbacks() after all routes
+   * and any extra middleware (e.g. Admin panel) have been added.
    */
   mountRoutes() {
-    const routes = this._registry.all();
-    for (const route of routes) {
+    for (const route of this._registry.all()) {
       this._bindRoute(route);
     }
     return this;
   }
 
   /**
-   * Add the 404 + global error handlers.
-   * Must be called LAST — after all routes and admin panels.
+   * Mount the 404 + error handlers.
+   * Must be called LAST — after all routes and the admin panel.
    */
   mountFallbacks() {
-    this._app.use(ErrorRenderer.notFound());
-    this._app.use(ErrorRenderer.handler());
+    this._maybeInjectWelcome();
+    this._adapter.mountNotFound();
+    this._adapter.mountErrorHandler();
     return this;
   }
 
   /**
-   * Bind all registered routes onto the Express app
-   * AND add 404/error handlers (original behaviour).
+   * Mount routes + fallbacks in one call.
    */
   mount() {
-    const routes = this._registry.all();
-    for (const route of routes) {
-      this._bindRoute(route);
-    }
-    this._app.use(ErrorRenderer.notFound());
-    this._app.use(ErrorRenderer.handler());
+    this.mountRoutes();
+    this._maybeInjectWelcome();
+    this._adapter.mountNotFound();
+    this._adapter.mountErrorHandler();
+    return this;
   }
 
-  // ─── Private ──────────────────────────────────────────────────────────────
+  // ── Private ────────────────────────────────────────────────────────────────
 
   _bindRoute(route) {
-    const verb = route.verb.toLowerCase();
-    const path = route.path;
-
-    const mwHandlers = this._resolveMiddleware(route.middleware || []);
-    const terminal   = this._resolveHandler(route.handler, route.method, route.verb, path, route.name);
-
-    this._app[verb](path, ...mwHandlers, terminal);
+    const middlewareHandlers = this._resolveMiddleware(route.middleware || []);
+    const terminalHandler    = this._resolveTerminalHandler(
+      route.handler,
+      route.method,
+      route.verb,
+      route.path,
+      route.name
+    );
+
+    this._adapter.mountRoute(route.verb, route.path, [
+      ...middlewareHandlers,
+      terminalHandler,
+    ]);
   }
 
   _resolveMiddleware(list) {
     return list.map(alias => {
       try {
-        return this._mw.resolve(alias);
+        return this._mw.resolve(alias, this._adapter, this._container);
       } catch (err) {
-        console.warn(`[Millas] Warning: ${err.message} — skipping.`);
-        return (_req, _res, next) => next();
+        console.warn(`[Millas] Middleware warning: ${err.message} — skipping.`);
+        return this._mw.resolvePassthrough(this._adapter);
       }
     });
   }
 
-  _resolveHandler(handler, method, verb, path, routeName) {
-    let fn;
-    let inferredName;
+  _resolveTerminalHandler(handler, method, verb, path, routeName) {
+    const kernelFn    = this._extractKernelFn(handler, method);
+    const displayName = this._buildDisplayName(handler, method, verb, path, routeName);
+    return this._adapter.wrapKernelHandler(kernelFn, displayName, this._container);
+  }
 
+  /**
+   * Pull the actual function out of the handler definition.
+   * Three forms:
+   *   1. Bare function/arrow:          Route.get('/', () => jsonify({}))
+   *   2. Controller class + method:    Route.get('/', UserController, 'index')
+   *   3. Controller instance + method: Route.get('/', controllerInstance, 'index')
+   */
+  _extractKernelFn(handler, method) {
     if (typeof handler === 'function' && !method) {
-      fn = handler;
-      // Use function name if it has one, otherwise build from route
-      inferredName = handler.name && handler.name !== 'anonymous' && handler.name !== ''
-        ? handler.name
-        : null;
-    } else if (typeof handler === 'function' && typeof method === 'string') {
+      return handler;
+    }
+
+    if (typeof handler === 'function' && typeof method === 'string') {
       const instance = new handler();
       if (typeof instance[method] !== 'function') {
-        throw new Error(`Method "${method}" not found on controller "${handler.name}".`);
+        throw new Error(
+          `Method "${method}" not found on controller "${handler.name}".`
+        );
       }
-      fn = instance[method].bind(instance);
-      inferredName = `${handler.name}.${method}`;
-    } else if (typeof handler === 'object' && handler !== null && typeof method === 'string') {
+      return instance[method].bind(instance);
+    }
+
+    if (typeof handler === 'object' && handler !== null && typeof method === 'string') {
       if (typeof handler[method] !== 'function') {
         throw new Error(`Method "${method}" not found on handler object.`);
       }
-      fn = handler[method].bind(handler);
-      inferredName = `${handler.constructor?.name || 'Controller'}.${method}`;
-    } else if (typeof handler === 'function') {
-      fn = handler;
-      inferredName = handler.name && handler.name !== 'anonymous' ? handler.name : null;
-    } else {
-      throw new Error(`Invalid route handler: ${JSON.stringify(handler)}`);
+      return handler[method].bind(handler);
     }
 
-    // Build the display name shown in error messages, priority:
-    //   1. Explicit route name (Route.get(...).name('users.index'))
-    //   2. Controller.method (UserController.index)
-    //   3. Named function   (async function getUsers)
-    //   4. Route signature  (GET /users/:id)
-    const displayName = routeName
-      || inferredName
-      || (verb && path ? `${verb.toUpperCase()} ${path}` : 'anonymous');
+    if (typeof handler === 'function') {
+      return handler;
+    }
 
-    return this._buildKernelHandler(fn, displayName);
+    throw new Error(`Invalid route handler: ${JSON.stringify(handler)}`);
   }
 
-  /**
-   * The kernel handler — the Promise wrapper that:
-   *   1. Wraps the raw Express req into a MillasRequest
-   *   2. Calls the route handler with only the MillasRequest
-   *   3. Receives a MillasResponse (or plain value, auto-wrapped)
-   *   4. Dispatches through ResponseDispatcher to Express res
-   *   5. Raises a clear error if the handler returned nothing
-   */
-  _buildKernelHandler(fn, displayName) {
-    const fnName    = displayName || fn.name || 'anonymous';
-    const container = this._container;
-
-    return (expressReq, expressRes, expressNext) => {
-      const millaReq = new MillasRequest(expressReq);
-      const ctx      = new RequestContext(millaReq, container);
-
-      let nextCalled = false;
-      const trackedNext = (...args) => {
-        nextCalled = true;
-        expressNext(...args);
-      };
-
-      new Promise((resolve, reject) => {
-        try {
-          resolve(fn(ctx, trackedNext));
-        } catch (err) {
-          reject(err);
-        }
-      })
-      .then(value => {
-        if (nextCalled) return;
-        if (expressRes.headersSent) return;
-
-        if (value === undefined || value === null) {
-          const err = Object.assign(
-            new Error(
-              `The route handler "${fnName}" did not return a response.\n` +
-              `Return a MillasResponse or a plain value:\n\n` +
-              `  return jsonify({ ok: true })\n` +
-              `  return { ok: true }           // auto-wrapped\n` +
-              `  return 'Hello world'          // auto-wrapped\n` +
-              `  return redirect('/login')\n` +
-              `  return view('home', { data })`
-            ),
-            { status: 500, statusCode: 500 }
-          );
-          return expressNext(err);
-        }
-
-        if (value instanceof Error) return expressNext(value);
-
-        try {
-          const response = MillasResponse.isResponse(value)
-            ? value
-            : ResponseDispatcher.autoWrap(value);
-          ResponseDispatcher.dispatch(response, expressRes);
-        } catch (dispatchErr) {
-          expressNext(dispatchErr);
-        }
-      })
-      .catch(expressNext);
-    };
+  _buildDisplayName(handler, method, verb, path, routeName) {
+    if (routeName) return routeName;
+
+    if (typeof handler === 'function' && method) {
+      return `${handler.name}.${method}`;
+    }
+
+    if (
+      typeof handler === 'function' &&
+      handler.name &&
+      handler.name !== 'anonymous' &&
+      handler.name !== ''
+    ) {
+      return handler.name;
+    }
+
+    return verb && path ? `${verb.toUpperCase()} ${path}` : 'anonymous';
   }
 
   /**
-   * Wrap a route handler so that:
-   *
-   *   1. Async functions have their rejections forwarded to next(err)
-   *   2. Return values are automatically sent as a response — so developers
-   *      can write handlers without touching req/res at all:
-   *
-   *        Route.get('/', () => ({ status: 'ok' }))
-   *        Route.get('/hello', () => 'Hello world')
-   *        Route.get('/user', async () => await User.find(1))
-   *        Route.get('/ping', (req, res) => res.json({ pong: true }))  // still works
-   *
-   *   Return value rules:
-   *     string        → res.send(value)
-   *     number        → res.json(value)         (rarely useful but safe)
-   *     object/array  → res.json(value)
-   *     null/undefined → do nothing (handler called res itself, or next())
-   *     Error         → next(value)
+   * If no user-defined GET / route exists, ask the adapter to serve
+   * a developer-friendly welcome page.
+   * Only active outside production — silently skipped in prod.
    */
-
+  _maybeInjectWelcome() {
+    if (process.env.NODE_ENV === 'production') return;
+
+    const hasRoot = this._registry.all().some(
+      r => r.verb === 'GET' && (r.path === '/' || r.path === '')
+    );
+
+    if (!hasRoot) {
+      let version = '';
+      try { version = require('../../package.json').version; } catch {}
+      this._adapter.mountWelcome(
+        this._adapter.makeWelcomeHandler(version)
+      );
+    }
+  }
 }
 
-module.exports = Router;
+module.exports = Router;