nextworks 0.1.0-alpha.8 → 0.1.0-alpha.9

package/README.md

@@ -215,6 +215,17 @@ You can add a short “Nextworks setup” section to your app README:
 
 ---
 
+## License
+
+The code in this CLI and the generated files is licensed under the MIT License (see `LICENSE`).
+
+The placeholder images in the templates are sourced from Pexels and are
+subject to the [Pexels License](https://www.pexels.com/license/).
+They are included for demonstration purposes only and are **not** covered by
+the MIT License.
+
+---
+
 ## Troubleshooting
 
 - **Prisma errors or missing migrations**

package/dist/cli_manifests/auth_manifest.json

@@ -15,6 +15,8 @@
     "components/auth/minimal-logout-button.tsx",
     "app/(protected)/settings/profile/page.tsx",
     "app/(protected)/settings/profile/profile-form.tsx",
+    "app/(protected)/admin/posts/page.tsx",
+    "app/(protected)/admin/users/page.tsx",
     "components/ui/input.tsx",
     "components/ui/label.tsx",
     "components/ui/button.tsx",
@@ -33,6 +35,7 @@
     "app/api/auth/forgot-password/route.ts",
     "app/api/auth/reset-password/route.ts",
     "app/api/auth/send-verify-email/route.ts",
+    "app/api/users/[id]/route.ts",
     "app/api/signup/route.ts",
     "lib/auth.ts",
     "lib/auth-helpers.ts",

package/dist/kits/auth-core/app/(protected)/admin/posts/page.tsx

@@ -0,0 +1,29 @@
+"use client";
+
+import Link from "next/link";
+
+export default function AdminPostsPlaceholderPage() {
+  return (
+    <main className="mx-auto max-w-2xl px-4 py-12">
+      <h1 className="text-2xl font-semibold text-foreground">
+        Posts admin requires the Data kit
+      </h1>
+      <p className="mt-2 text-sm text-muted-foreground">
+        This project has the auth-core kit installed, which provides
+        authentication and basic admin scaffolding.
+        <br />
+        To create and manage posts, install the Data kit and wire up its admin
+        routes into your app.
+      </p>
+
+      <div className="mt-6 flex items-center gap-3 text-sm">
+        <Link
+          href="/dashboard"
+          className="text-primary underline-offset-4 hover:underline"
+        >
+          Back to dashboard
+        </Link>
+      </div>
+    </main>
+  );
+}

package/dist/kits/auth-core/app/(protected)/admin/users/page.tsx

@@ -0,0 +1,29 @@
+"use client";
+
+import Link from "next/link";
+
+export default function AdminUsersPlaceholderPage() {
+  return (
+    <main className="mx-auto max-w-2xl px-4 py-12">
+      <h1 className="text-2xl font-semibold text-foreground">
+        Users admin requires the Data kit
+      </h1>
+      <p className="mt-2 text-sm text-muted-foreground">
+        This project has the auth-core kit installed, which provides
+        authentication and basic admin scaffolding.
+        <br />
+        To manage users (list, filter, edit, etc.), install the Data kit and
+        add its admin routes to your app.
+      </p>
+
+      <div className="mt-6 flex items-center gap-3 text-sm">
+        <Link
+          href="/dashboard"
+          className="text-primary underline-offset-4 hover:underline"
+        >
+          Back to dashboard
+        </Link>
+      </div>
+    </main>
+  );
+}

package/dist/kits/auth-core/app/api/users/[id]/route.ts

@@ -0,0 +1,127 @@
+import { NextRequest } from "next/server";
+import { prisma } from "@/lib/prisma";
+import type { Prisma } from "@prisma/client";
+import { jsonOk, jsonFail } from "@/lib/server/result";
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/lib/auth";
+
+// Ensure Prisma runs in Node.js (not Edge)
+export const runtime = "nodejs";
+
+type RouteContext = { params: Promise<{ id: string }> };
+
+// Type guards/helpers (kept minimal here)
+const hasErrorCode = (e: unknown, code: string): boolean =>
+  typeof e === "object" &&
+  e !== null &&
+  "code" in e &&
+  typeof (e as { code?: unknown }).code === "string" &&
+  (e as { code: string }).code === code;
+
+export async function GET(_req: NextRequest, { params }: RouteContext) {
+  try {
+    const { id } = await params; // async params in Next.js 15
+
+    const user = await prisma.user.findUnique({
+      where: { id },
+      select: { id: true, name: true, email: true, role: true },
+    });
+
+    if (!user) {
+      return jsonFail("Not found", { status: 404 });
+    }
+
+    return jsonOk(user);
+  } catch (e) {
+    console.error("GET /api/users/[id] error:", e);
+    return jsonFail("Failed to fetch user", { status: 500 });
+  }
+}
+
+export async function PUT(req: NextRequest, { params }: RouteContext) {
+  try {
+    // Only admins may update other users. Allow self-update as well.
+    const session = await getServerSession(authOptions);
+    if (!session?.user) return jsonFail("Unauthorized", { status: 401 });
+
+    const { id } = await params;
+    const isAdmin = (session.user as { role?: string }).role === "admin";
+    const isSelf = (session.user as { id?: string }).id === id;
+    if (!isAdmin && !isSelf) return jsonFail("Forbidden", { status: 403 });
+
+    const body: unknown = await req.json();
+    if (typeof body !== "object" || body === null) {
+      return jsonFail("Body must be a JSON object", { status: 400 });
+    }
+
+    // Validate with Zod (imported lazily to keep this route light)
+    const { userUpdateSchema } = await import("@/lib/validation/forms");
+    try {
+      const parsed = userUpdateSchema.parse(body);
+
+      // Build Prisma-compatible update object
+      const data: Prisma.UserUpdateInput = {};
+      if (parsed.name !== undefined)
+        data.name = parsed.name === "" ? null : parsed.name;
+      if (parsed.email !== undefined) data.email = parsed.email;
+      if (parsed.image !== undefined)
+        data.image = parsed.image === "" ? null : parsed.image;
+      if (parsed.password !== undefined) {
+        // Hash password before saving
+        const { hashPassword } = await import("@/lib/hash");
+        data.password = await hashPassword(parsed.password as string);
+      }
+      if (parsed.emailVerified !== undefined)
+        data.emailVerified = parsed.emailVerified as any;
+
+      const updated = await prisma.user.update({
+        where: { id },
+        data,
+      });
+
+      return jsonOk(updated, { status: 200, message: "User updated" });
+    } catch (err) {
+      // Zod errors
+      if (err && typeof err === "object" && "issues" in (err as any)) {
+        const { jsonFromZod } = await import("@/lib/server/result");
+        return jsonFromZod(err as any, {
+          status: 400,
+          message: "Validation failed",
+        });
+      }
+      throw err;
+    }
+  } catch (e) {
+    console.error("PUT /api/users/[id] error:", e);
+    if (hasErrorCode(e, "P2025")) {
+      return jsonFail("Not found", { status: 404 });
+    }
+    return jsonFail("Failed to update user", { status: 500 });
+  }
+}
+
+export async function DELETE(_req: NextRequest, { params }: RouteContext) {
+  try {
+    const { requireAdminApi } = await import("@/lib/auth-helpers");
+    const session = await requireAdminApi();
+    if (!session) return jsonFail("Forbidden", { status: 403 });
+
+    const { id } = await params;
+
+    // Clean up dependent records first to avoid FK violations
+    await prisma.$transaction([
+      prisma.account.deleteMany({ where: { userId: id } }),
+      prisma.session.deleteMany({ where: { userId: id } }),
+      prisma.post.deleteMany({ where: { authorId: id } }),
+      prisma.user.delete({ where: { id } }),
+    ]);
+
+    return jsonOk({ ok: true }, { status: 200, message: "User deleted" });
+  } catch (e) {
+    console.error("DELETE /api/users/[id] error:", e);
+    if (hasErrorCode(e, "P2025")) {
+      return jsonFail("Not found", { status: 404 });
+    }
+    return jsonFail("Failed to delete user", { status: 500 });
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nextworks",
-  "version": "0.1.0-alpha.8",
+  "version": "0.1.0-alpha.9",
   "description": "Nextworks CLI - Feature kits installer for Next.js apps",
   "main": "dist/index.js",
   "bin": {