npm - nextworks - Versions diffs - 0.0.1 → 0.1.0-alpha.0 - Mend

nextworks 0.0.1 → 0.1.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/dist/kits/auth-core/app/api/auth/reset-password/route.ts ADDED Viewed

@@ -0,0 +1,63 @@
+import { NextResponse } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { resetPasswordSchema } from "@/lib/validation/forms";
+import { hash } from "bcryptjs";
+import { createHash } from "crypto";
+import { z } from "zod";
+export async function POST(req: Request) {
+  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
+    return NextResponse.json({ message: "Not found" }, { status: 404 });
+  }
+  let body: unknown;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ message: "Invalid request" }, { status: 400 });
+  }
+  try {
+    const parsed = resetPasswordSchema.parse(body);
+    const { token, password } = parsed;
+    const tokenHash = createHash("sha256").update(token).digest("hex");
+    const pr = await prisma.passwordReset.findFirst({ where: { tokenHash } });
+    if (!pr) {
+      return NextResponse.json({ message: "Invalid or expired token" }, { status: 400 });
+    }
+    if ((pr as any).used) {
+      return NextResponse.json({ message: "Token already used" }, { status: 400 });
+    }
+    if (pr.expires < new Date()) {
+      return NextResponse.json({ message: "Token expired" }, { status: 400 });
+    }
+    const hashed = await hash(password, 10);
+    await prisma.user.update({ where: { id: pr.userId }, data: { password: hashed } });
+    await prisma.passwordReset.update({ where: { id: pr.id }, data: { used: true } });
+    return NextResponse.json({ message: "Password updated" });
+  } catch (err: any) {
+    if (err instanceof z.ZodError) {
+      return NextResponse.json({ message: "Validation failed", errors: (err as z.ZodError).issues }, { status: 400 });
+    }
+    return NextResponse.json({ message: "Failed" }, { status: 400 });
+  }
+}
+export async function GET(req: Request) {
+  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
+    return NextResponse.json({ message: "Not found" }, { status: 404 });
+  }
+  const url = new URL(req.url);
+  const token = url.searchParams.get("token");
+  if (!token) return NextResponse.json({ valid: false }, { status: 400 });
+  const tokenHash = createHash("sha256").update(token).digest("hex");
+  const pr = await prisma.passwordReset.findFirst({ where: { tokenHash } });
+  if (!pr) return NextResponse.json({ valid: false });
+  if ((pr as any).used) return NextResponse.json({ valid: false });
+  if (pr.expires < new Date()) return NextResponse.json({ valid: false });
+  return NextResponse.json({ valid: true });
+}

package/dist/kits/auth-core/app/api/auth/send-verify-email/route.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { NextResponse } from "next/server";
+export async function POST(req: Request) {
+  // Placeholder endpoint: future work may implement email verification tokens.
+  return NextResponse.json({ message: "Not implemented" }, { status: 501 });
+}

package/dist/kits/auth-core/app/api/signup/route.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { NextRequest } from "next/server";
+import { hash } from "bcryptjs";
+import { prisma } from "@/lib/prisma";
+import { signupSchema } from "@/lib/validation/forms";
+import { ZodError } from "zod";
+import { jsonOk, jsonFail, jsonFromZod } from "@/lib/server/result";
+export const runtime = "nodejs";
+export async function POST(req: NextRequest) {
+  try {
+    const body = await req.json();
+    const data = signupSchema.parse(body);
+    const existing = await prisma.user.findUnique({
+      where: { email: data.email },
+    });
+    if (existing) {
+      return jsonFail("Email already in use", {
+        status: 409,
+        errors: { email: "Email already in use" },
+        code: "EMAIL_EXISTS",
+      });
+    }
+    const hashed = await hash(data.password, 10);
+    await prisma.user.create({
+      data: { name: data.name, email: data.email, password: hashed },
+    });
+    return jsonOk(undefined, {
+      status: 201,
+      message: "User created successfully",
+    });
+  } catch (error: unknown) {
+    if (error instanceof ZodError) {
+      return jsonFromZod(error, { status: 400, message: "Validation failed" });
+    }
+    return jsonFail("Error during signup", { status: 500 });
+  }
+}

package/dist/kits/auth-core/app/auth/forgot-password/page.tsx ADDED Viewed

@@ -0,0 +1,21 @@
+import React from "react";
+import ForgotPasswordForm from "@/components/auth/forgot-password-form";
+export default function ForgotPasswordPage() {
+  // Guard rendered server-side: the feature is opt-in via NEXTWORKS_ENABLE_PASSWORD_RESET=1
+  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
+    return (
+      <div className="mx-auto w-full max-w-md pt-6">
+        <h2 className="text-foreground text-center text-2xl font-bold">
+          Not found
+        </h2>
+        <p className="text-muted-foreground mt-1 text-center text-sm">
+          Password reset is disabled.
+        </p>
+      </div>
+    );
+  }
+  // Render the client component (the form)
+  return <ForgotPasswordForm />;
+}

package/dist/kits/auth-core/app/auth/login/page.tsx ADDED Viewed

@@ -0,0 +1,5 @@
+import LoginForm from "@/components/auth/login-form";
+export default function LoginPage() {
+  return <LoginForm />;
+}

package/dist/kits/auth-core/app/auth/reset-password/page.tsx ADDED Viewed

@@ -0,0 +1,187 @@
+"use client";
+import React, { useEffect, useState } from "react";
+import { useSearchParams, useRouter } from "next/navigation";
+import { useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { resetPasswordSchema } from "@/lib/validation/forms";
+import { Input } from "@/components/ui/input";
+import { Button } from "@/components/ui/button";
+import { Form } from "@/components/ui/form/form";
+import { FormField } from "@/components/ui/form/form-field";
+import { FormItem } from "@/components/ui/form/form-item";
+import { FormLabel } from "@/components/ui/form/form-label";
+import { FormControl } from "@/components/ui/form/form-control";
+import { FormMessage } from "@/components/ui/form/form-message";
+import { toast } from "sonner";
+import { signOut } from "next-auth/react";
+export default function ResetPasswordPage() {
+  // Do not gate rendering on process.env here — rendering must be consistent
+  // between server and client to avoid hydration mismatches. The API routes
+  // already enforce the feature guard (returning 404) so we let the client
+  // always render and surface the API's response.
+  const searchParams = useSearchParams();
+  const router = useRouter();
+  const token = searchParams.get("token") || "";
+  const [valid, setValid] = useState<boolean | null>(null);
+  const methods = useForm({
+    resolver: zodResolver(resetPasswordSchema) as any,
+    defaultValues: { token, password: "", confirmPassword: "" },
+  });
+  const {
+    handleSubmit,
+    control,
+    formState: { isSubmitting },
+  } = methods;
+  useEffect(() => {
+    (async () => {
+      if (!token) return setValid(false);
+      try {
+        const res = await fetch(
+          `/api/auth/reset-password?token=${encodeURIComponent(token)}`,
+        );
+        if (res.ok) {
+          const json = await res.json();
+          setValid(!!json.valid);
+        } else {
+          setValid(false);
+        }
+      } catch {
+        setValid(false);
+      }
+    })();
+  }, [token]);
+  const onSubmit = async (data: any) => {
+    try {
+      const res = await fetch("/api/auth/reset-password", {
+        method: "POST",
+        body: JSON.stringify(data),
+        headers: { "Content-Type": "application/json" },
+      });
+      if (res.ok) {
+        toast.success("Password updated. You can now sign in.");
+        try {
+          // Ensure any existing session is cleared so the login page doesn't
+          // immediately redirect away. This also avoids confusion during testing.
+          await signOut({ redirect: false });
+        } catch (e) {
+          // ignore signOut failures but log for debugging
+          // eslint-disable-next-line no-console
+          console.error("signOut failed:", e);
+        }
+        // Poll /api/auth/session until it returns null, or timeout after 2s.
+        // This avoids the race where signOut is accepted server-side but the
+        // client still believes it's authenticated due to caching or timing.
+        const waitForSignOut = async (timeout = 2000, interval = 200) => {
+          const start = Date.now();
+          while (Date.now() - start < timeout) {
+            try {
+              const r = await fetch("/api/auth/session");
+              if (r.ok) {
+                const json = await r.json();
+                if (!json) {
+                  // session cleared
+                  window.location.href = "/auth/login?signup=1";
+                  return;
+                }
+              }
+            } catch (e) {
+              // ignore transient fetch errors
+            }
+            // eslint-disable-next-line no-await-in-loop
+            await new Promise((res) => setTimeout(res, interval));
+          }
+          // Timeout: navigate anyway to ensure user sees login
+          window.location.href = "/auth/login?signup=1";
+        };
+        waitForSignOut();
+      } else {
+        const json = await res.json();
+        toast.error(json?.message || "Failed to reset password");
+      }
+    } catch (e) {
+      toast.error("Failed to reset password");
+    }
+  };
+  if (valid === null)
+    return (
+      <div className="mx-auto w-full max-w-md pt-6">Checking token...</div>
+    );
+  if (valid === false)
+    return (
+      <div className="mx-auto w-full max-w-md pt-6">
+        Invalid or expired token.
+      </div>
+    );
+  return (
+    <div className="mx-auto w-full max-w-md pt-6">
+      <h2 className="text-foreground text-center text-2xl font-bold">
+        Reset password
+      </h2>
+      <p className="text-muted-foreground mt-1 text-center text-sm">
+        Set a new password for your account.
+      </p>
+      <Form methods={methods}>
+        <form
+          onSubmit={handleSubmit(onSubmit)}
+          className="border-border bg-card space-y-4 rounded-lg border p-6 shadow-sm"
+        >
+          <FormField
+            control={control}
+            name="password"
+            render={({ field: f }) => (
+              <FormItem>
+                <FormLabel>New password</FormLabel>
+                <FormControl>
+                  <Input
+                    id="password"
+                    type="password"
+                    placeholder="At least 6 characters"
+                    {...f}
+                  />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+          <FormField
+            control={control}
+            name="confirmPassword"
+            render={({ field: f }) => (
+              <FormItem>
+                <FormLabel>Confirm password</FormLabel>
+                <FormControl>
+                  <Input
+                    id="confirmPassword"
+                    type="password"
+                    placeholder="Repeat password"
+                    {...f}
+                  />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+          <FormField
+            control={control}
+            name="token"
+            render={({ field: f }) => <input type="hidden" {...f} />}
+          />
+          <Button type="submit" disabled={isSubmitting} className="w-full">
+            Set password
+          </Button>
+        </form>
+      </Form>
+    </div>
+  );
+}

package/dist/kits/auth-core/app/auth/signup/page.tsx ADDED Viewed

@@ -0,0 +1,5 @@
+import SignupForm from "@/components/auth/signup-form";
+export default function SignupPage() {
+  return <SignupForm />;
+}

package/dist/kits/auth-core/app/auth/verify-email/page.tsx ADDED Viewed

@@ -0,0 +1,11 @@
+export default function VerifyEmailPage() {
+  return (
+    <div className="mx-auto max-w-sm py-10">
+      <h1 className="text-xl font-semibold">Verify your email</h1>
+      <p className="text-sm text-muted-foreground mt-2">
+        Placeholder page. In a production app you might show a message that a
+        verification email has been sent.
+      </p>
+    </div>
+  );
+}

package/dist/kits/auth-core/components/admin/admin-header.tsx ADDED Viewed

@@ -0,0 +1,57 @@
+"use client";
+import Link from "next/link";
+import { usePathname } from "next/navigation";
+import MinimalLogoutButton from "@/components/auth/minimal-logout-button";
+/**
+ * Minimal admin header with basic links.
+ * - Uses only Next.js primitives and basic utility classes
+ * - Independent from any UI kit
+ */
+export default function AdminHeader() {
+  const pathname = usePathname();
+  const isActive = (href: string) => {
+    if (!pathname) return false;
+    return pathname === href || pathname.startsWith(href + "/");
+  };
+  const linkClass = (href: string) =>
+    [
+      "no-underline border-b-2 pb-0.5 transition-colors hover:text-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring/50 rounded-sm",
+      isActive(href)
+        ? "text-foreground border-foreground"
+        : "text-foreground/70 border-transparent",
+    ].join(" ");
+  return (
+    <header className="bg-background/50 supports-[backdrop-filter]:bg-background/60 border-b backdrop-blur">
+      <div className="mx-auto flex max-w-6xl items-center justify-between gap-4 px-4 py-3">
+        <nav className="flex items-center gap-4 text-sm">
+          <Link
+            className={linkClass("/dashboard")}
+            href="/dashboard"
+            aria-current={isActive("/dashboard") ? "page" : undefined}
+          >
+            Dashboard
+          </Link>
+          <Link
+            className={linkClass("/admin/users")}
+            href="/admin/users"
+            aria-current={isActive("/admin/users") ? "page" : undefined}
+          >
+            Users
+          </Link>
+          <Link
+            className={linkClass("/admin/posts")}
+            href="/admin/posts"
+            aria-current={isActive("/admin/posts") ? "page" : undefined}
+          >
+            Posts
+          </Link>
+        </nav>
+        <MinimalLogoutButton />
+      </div>
+    </header>
+  );
+}

package/dist/kits/auth-core/components/auth/dashboard.tsx ADDED Viewed

@@ -0,0 +1,237 @@
+"use client";
+import React from "react";
+import type { Session } from "next-auth";
+import Link from "next/link";
+import { cn } from "@/lib/utils";
+import LogoutButton from "@/components/auth/logout-button";
+import {
+  Settings,
+  Key,
+  FolderGit2,
+  BookOpen,
+  MessageCircle,
+} from "lucide-react";
+export interface DashboardProps {
+  id?: string;
+  className?: string;
+  session?: Session | null;
+  headingText?: { text?: string; className?: string };
+  subheadingText?: { text?: string; className?: string };
+  container?: { className?: string };
+  card?: { className?: string };
+  heading?: { className?: string };
+  subheading?: { className?: string };
+  actions?: { className?: string };
+  // MVP blocks
+  showProfileCard?: boolean;
+  quickLinks?: Array<{ label: string; href: string; icon?: React.ReactNode }>;
+  quickLinksTitle?: { text?: string; className?: string };
+  // Slots for blocks
+  profileCard?: { className?: string };
+  profileAvatar?: { className?: string };
+  profileContent?: { className?: string };
+  quickLinksCard?: { className?: string };
+  quickLinksGrid?: { className?: string };
+  quickLinkItem?: { className?: string };
+  quickLinkIcon?: { className?: string };
+  showLogout?: boolean;
+  ariaLabel?: string;
+}
+export default function Dashboard({
+  id,
+  className,
+  session,
+  headingText = {
+    text: "Welcome",
+    className: "text-2xl font-semibold text-foreground",
+  },
+  subheadingText,
+  container = { className: "mx-auto max-w-5xl p-6" },
+  card = {
+    className:
+      "rounded-lg border border-border bg-card p-6 shadow-sm text-card-foreground",
+  },
+  heading = { className: "" },
+  subheading = { className: "mt-2 text-sm text-muted-foreground" },
+  actions = { className: "flex items-center gap-3" },
+  // MVP blocks defaults
+  showProfileCard = true,
+  quickLinks = [
+    {
+      label: "Settings",
+      href: "/settings/profile/",
+      icon: <Settings className="h-4 w-4" />,
+    },
+    {
+      label: "API Keys",
+      href: "/settings/api-keys",
+      icon: <Key className="h-4 w-4" />,
+    },
+    {
+      label: "Projects",
+      href: "/projects",
+      icon: <FolderGit2 className="h-4 w-4" />,
+    },
+    { label: "Docs", href: "/docs", icon: <BookOpen className="h-4 w-4" /> },
+    {
+      label: "Support",
+      href: "/support",
+      icon: <MessageCircle className="h-4 w-4" />,
+    },
+  ],
+  quickLinksTitle = {
+    text: "Quick links",
+    className: "text-sm font-medium text-muted-foreground",
+  },
+  profileCard = {
+    className: "rounded-lg border border-border bg-card p-6 shadow-sm",
+  },
+  profileAvatar = {
+    className:
+      "h-12 w-12 rounded-full bg-primary text-primary-foreground flex items-center justify-center text-base font-semibold",
+  },
+  profileContent = { className: "mt-3" },
+  quickLinksCard = {
+    className: "rounded-lg border border-border bg-card p-6 shadow-sm",
+  },
+  quickLinksGrid = { className: "mt-3 grid grid-cols-1 gap-3 sm:grid-cols-2" },
+  quickLinkItem = {
+    className:
+      "group flex items-center gap-3 rounded-md border border-border bg-secondary/30 p-3 text-sm transition-all duration-200 hover:-translate-y-0.5 hover:bg-secondary/50",
+  },
+  quickLinkIcon = {
+    className:
+      "text-muted-foreground group-hover:text-foreground transition-colors",
+  },
+  showLogout = true,
+  ariaLabel = "Dashboard",
+}: DashboardProps) {
+  const displayName =
+    (session?.user?.name && session.user.name.trim().length > 0
+      ? session.user.name
+      : session?.user?.email) ?? "";
+  const computedSubheading =
+    subheadingText?.text ?? (displayName ? `Signed in as ${displayName}` : "");
+  const nameOrEmail = displayName || session?.user?.email || "";
+  const initials = nameOrEmail
+    .split(" ")
+    .map((s) => s[0])
+    .filter(Boolean)
+    .slice(0, 2)
+    .join("")
+    .toUpperCase();
+  const createdAtRaw =
+    (session as any)?.user?.createdAt ?? (session as any)?.createdAt;
+  const createdAt = createdAtRaw ? new Date(createdAtRaw) : null;
+  return (
+    <main
+      id={id}
+      aria-label={ariaLabel}
+      className={cn(container.className, className)}
+    >
+      {/* Header card */}
+      <div className={cn(card.className)}>
+        <div className="flex items-center justify-between">
+          {headingText?.text && (
+            <h1 className={cn(headingText.className, heading.className)}>
+              {headingText.text}
+            </h1>
+          )}
+          {showLogout && (
+            <div className={cn(actions.className)}>
+              <LogoutButton />
+            </div>
+          )}
+        </div>
+        {computedSubheading && (
+          <p className={cn(subheading.className, subheadingText?.className)}>
+            {computedSubheading}
+          </p>
+        )}
+      </div>
+      {/* Content grid */}
+      <div className="mt-6 grid grid-cols-1 gap-6 md:grid-cols-2">
+        {showProfileCard && (
+          <div className={cn(profileCard.className)}>
+            <div className="flex items-center gap-4">
+              {session?.user?.image ? (
+                // eslint-disable-next-line @next/next/no-img-element
+                <img
+                  src={session.user.image}
+                  alt="Avatar"
+                  className={cn(
+                    "h-12 w-12 rounded-full object-cover",
+                    profileAvatar.className,
+                  )}
+                />
+              ) : (
+                <div className={cn(profileAvatar.className)}>
+                  {initials || "U"}
+                </div>
+              )}
+              <div className="min-w-0">
+                <div className="text-foreground truncate text-base font-medium">
+                  {session?.user?.name || session?.user?.email || "User"}
+                </div>
+                {session?.user?.email && (
+                  <div className="text-muted-foreground truncate text-sm">
+                    {session.user.email}
+                  </div>
+                )}
+              </div>
+            </div>
+            <div className={cn(profileContent.className)}>
+              {createdAt && !Number.isNaN(createdAt.getTime()) && (
+                <p className="text-muted-foreground text-sm">
+                  Member since {createdAt.toLocaleDateString()}
+                </p>
+              )}
+            </div>
+          </div>
+        )}
+        {/* Quick links */}
+        <div className={cn(quickLinksCard.className)}>
+          {quickLinksTitle?.text && (
+            <div className={cn(quickLinksTitle.className)}>
+              {quickLinksTitle.text}
+            </div>
+          )}
+          <div className={cn(quickLinksGrid.className)}>
+            {quickLinks?.map((item, i) => (
+              <Link
+                key={`${item.label}-${i}`}
+                href={item.href || "#"}
+                className={cn(quickLinkItem.className)}
+              >
+                {item.icon && (
+                  <span className={cn(quickLinkIcon.className)}>
+                    {item.icon}
+                  </span>
+                )}
+                <span className="text-foreground truncate">{item.label}</span>
+              </Link>
+            ))}
+          </div>
+        </div>
+      </div>
+    </main>
+  );
+}