nodejs-quickstart-structure 2.0.1 → 2.1.1

package/templates/common/views/pug/signup.pug.ejs

@@ -0,0 +1,241 @@
+doctype html
+html(lang="en")
+    head
+        meta(charset="UTF-8")
+        meta(name="viewport" content="width=device-width, initial-scale=1.0")
+        title Sign Up - <%= projectName %>
+        link(href="https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600&display=swap" rel="stylesheet")
+        style.
+            :root {
+                --primary: #22c55e;
+                --primary-glow: rgba(34, 197, 94, 0.4);
+                --bg-dark: #0f172a;
+                --card-bg: rgba(255, 255, 255, 0.03);
+                --card-border: rgba(255, 255, 255, 0.08);
+                --text-main: #f8fafc;
+                --text-muted: #94a3b8;
+            }
+
+            * {
+                margin: 0;
+                padding: 0;
+                box-sizing: border-box;
+                font-family: 'Poppins', sans-serif;
+            }
+
+            body {
+                background-color: var(--bg-dark);
+                color: var(--text-main);
+                min-height: 100vh;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+                overflow-x: hidden;
+                position: relative;
+            }
+
+            .background-blobs {
+                position: absolute;
+                width: 100%;
+                height: 100%;
+                z-index: -1;
+                filter: blur(80px);
+            }
+
+            .blob {
+                position: absolute;
+                width: 500px;
+                height: 500px;
+                border-radius: 50%;
+                opacity: 0.3;
+                animation: float 25s infinite alternate;
+            }
+
+            .blob-1 {
+                background: radial-gradient(circle, #22c55e 0%, transparent 70%);
+                top: -200px;
+                right: -100px;
+            }
+
+            .blob-2 {
+                background: radial-gradient(circle, #3b82f6 0%, transparent 70%);
+                bottom: -200px;
+                left: -100px;
+                animation-delay: -7s;
+            }
+
+            @keyframes float {
+                0% { transform: translate(0, 0) scale(1); }
+                100% { transform: translate(-150px, 100px) scale(1.3); }
+            }
+
+            .auth-card {
+                background: var(--card-bg);
+                backdrop-filter: blur(15px);
+                -webkit-backdrop-filter: blur(15px);
+                border: 1px solid var(--card-border);
+                border-radius: 28px;
+                padding: 48px;
+                width: 100%;
+                max-width: 480px;
+                box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.6);
+                z-index: 1;
+                margin: 40px 20px;
+                animation: fadeIn 0.8s ease-out;
+            }
+
+            @keyframes fadeIn {
+                from { opacity: 0; transform: translateY(15px); }
+                to { opacity: 1; transform: translateY(0); }
+            }
+
+            .auth-card h2 {
+                font-size: 32px;
+                font-weight: 600;
+                margin-bottom: 8px;
+                text-align: center;
+                background: linear-gradient(to right, #fff, #94a3b8);
+                -webkit-background-clip: text;
+                -webkit-text-fill-color: transparent;
+            }
+
+            .subtitle {
+                text-align: center;
+                color: var(--text-muted);
+                font-size: 14px;
+                margin-bottom: 40px;
+            }
+
+            .form-grid {
+                display: grid;
+                gap: 20px;
+            }
+
+            .form-group label {
+                display: block;
+                margin-bottom: 8px;
+                font-size: 13px;
+                font-weight: 500;
+                color: var(--text-muted);
+            }
+
+            .form-group input {
+                width: 100%;
+                background: rgba(255, 255, 255, 0.04);
+                border: 1px solid var(--card-border);
+                border-radius: 14px;
+                padding: 13px 18px;
+                color: #fff;
+                font-size: 15px;
+                transition: all 0.3s;
+                outline: none;
+            }
+
+            .form-group input:focus {
+                background: rgba(255, 255, 255, 0.07);
+                border-color: var(--primary);
+                box-shadow: 0 0 0 4px var(--primary-glow);
+            }
+
+            .btn-primary {
+                width: 100%;
+                background: var(--primary);
+                color: white;
+                border: none;
+                border-radius: 14px;
+                padding: 15px;
+                font-size: 16px;
+                font-weight: 600;
+                cursor: pointer;
+                transition: all 0.3s cubic-bezier(0.175, 0.885, 0.32, 1.275);
+                margin-top: 15px;
+            }
+
+            .btn-primary:hover {
+                transform: scale(1.02);
+                filter: brightness(1.1);
+                box-shadow: 0 15px 25px -5px rgba(34, 197, 94, 0.4);
+            }
+
+            .footer {
+                margin-top: 40px;
+                text-align: center;
+                font-size: 14px;
+                color: var(--text-muted);
+            }
+
+            .footer a {
+                color: var(--primary);
+                text-decoration: none;
+                font-weight: 600;
+            }
+
+            .back-home {
+                display: block;
+                margin-top: 20px;
+                font-size: 12px;
+                opacity: 0.5;
+            }
+    body
+        div.background-blobs
+            div.blob.blob-1
+            div.blob.blob-2
+        div.auth-card
+            h2 Join Us
+            p.subtitle Create your account in seconds
+            form.form-grid(action="/api/users" method="POST")
+                div.form-group
+                    label(for="name") Full Name
+                    input(type="text" id="name" name="name" placeholder="John Doe" required)
+                div.form-group
+                    label(for="email") Email Address
+                    input(type="email" id="email" name="email" placeholder="john@example.com" required)
+                div.form-group
+                    label(for="password") Choose Password
+                    input(type="password" id="password" name="password" placeholder="••••••••" required)
+                button.btn-primary(type="submit") Create Account
+            div.footer
+                p Already have an account? 
+                    a(href="/login") Sign in
+                a.back-home(href="/") ← Back to home
+
+        <% if (communication === 'GraphQL') { %>
+        script.
+            document.querySelector('form').addEventListener('submit', async (e) => {
+                e.preventDefault();
+                const formData = new FormData(e.target);
+                const data = Object.fromEntries(formData.entries());
+
+                const query = `
+                    mutation CreateUser($name: String!, $email: String!, $password: String!) {
+                        createUser(name: $name, email: $email, password: $password) {
+                            id
+                            name
+                            email
+                        }
+                    }
+                `;
+
+                try {
+                    const response = await fetch('/graphql', {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({
+                            query,
+                            variables: data
+                        })
+                    });
+
+                    const result = await response.json();
+                    if (result.errors) {
+                        alert('Error: ' + result.errors[0].message);
+                    } else {
+                        alert('Account created successfully! Please login.');
+                        window.location.href = '/login';
+                    }
+                } catch (err) {
+                    console.error(err);
+                    alert('An error occurred during signup.');
+                }
+            });
+        <% } %>

package/templates/db/mysql/V1__Initial_Setup.sql.ejs

@@ -2,9 +2,15 @@ CREATE TABLE users (
     id INT AUTO_INCREMENT PRIMARY KEY,
     name VARCHAR(255) NOT NULL,
     email VARCHAR(255) NOT NULL UNIQUE,
+    <% if (auth.includes('JWT')) { %>password VARCHAR(255) NOT NULL, <% } %>
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
     deleted_at TIMESTAMP NULL
 );
 
+<% if (auth.includes('JWT')) { %>
+INSERT INTO users (name, email, password) VALUES ('Admin User', 'admin@example.com', '$2a$10$X.fO9PeyF0Lq0lF8uV6G9u4Vb4e5T0rF8l/JzM6S7X9u4Vb4e5T0r'); -- password: password123
+<% } else { %>
 INSERT INTO users (name, email) VALUES ('Admin User', 'admin@example.com');
+<% } %>
+

package/templates/db/postgres/V1__Initial_Setup.sql.ejs

@@ -2,9 +2,15 @@ CREATE TABLE users (
     id SERIAL PRIMARY KEY,
     name VARCHAR(255) NOT NULL,
     email VARCHAR(255) NOT NULL UNIQUE,
+    <% if (auth.includes('JWT')) { %>password VARCHAR(255) NOT NULL, <% } %>
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     deleted_at TIMESTAMP NULL
 );
 
+<% if (auth.includes('JWT')) { %>
+INSERT INTO users (name, email, password) VALUES ('Admin User', 'admin@example.com', '$2a$10$X.fO9PeyF0Lq0lF8uV6G9u4Vb4e5T0rF8l/JzM6S7X9u4Vb4e5T0r'); -- password: password123
+<% } else { %>
 INSERT INTO users (name, email) VALUES ('Admin User', 'admin@example.com');
+<% } %>
+

package/templates/mvc/js/src/config/env.js.ejs

@@ -29,6 +29,12 @@ const envSchema = z.object({
   REDIS_PORT: z.string().transform(Number),
   REDIS_PASSWORD: z.string().optional(),
 <%_ } -%>
+<%_ if (auth.includes('JWT')) { -%>
+  JWT_SECRET: z.string(),
+  JWT_EXPIRES_IN: z.string().default('15m'),
+  JWT_REFRESH_SECRET: z.string().default('your-secret-refresh-key'),
+  JWT_REFRESH_EXPIRES_IN: z.string().default('7d'),
+<%_ } -%>
 <%_ if (communication === 'Kafka') { -%>
   KAFKA_BROKER: z.string(),
 <%_ } -%>
@@ -37,10 +43,13 @@ const envSchema = z.object({
 const _env = envSchema.safeParse(process.env);
 
 if (!_env.success) {
-  logger.error('❌ Invalid environment variables:', _env.error.format());
-  process.exit(1);
+  if (process.env.NODE_ENV !== 'test') {
+    logger.error('❌ Invalid environment variables:', _env.error.format());
+    process.exit(1);
+  }
+  logger.warn('⚠️ Environment validation failed. Continuing in test mode.');
 }
 
-const env = _env.data;
+const env = _env.success ? _env.data : process.env;
 
 module.exports = { env };

package/templates/mvc/js/src/controllers/userController.js.ejs

@@ -13,7 +13,7 @@ const cacheService = require('../config/memoryCache');
 const { sendMessage } = require('../services/kafkaService');
 const { KAFKA_ACTIONS } = require('../utils/kafkaEvents');
 <%_ } -%>
-
+<% if (auth.includes('JWT')) { %>const bcrypt = require('bcryptjs');<% } %>
 <% if (communication === 'GraphQL') { -%>
 const getUsers = async () => {
   try {
@@ -41,8 +41,19 @@ const getUsers = async () => {
 
 const createUser = async (data) => {
   try {
-    const { name, email } = data;
+    const { name, email<% if (auth.includes('JWT')) { %>, password<% } %> } = data;
+    <% if (auth.includes('JWT')) { %>
+    let user;
+    if (password) {
+      const hashedPassword = await bcrypt.hash(password, 10);
+      user = await User.create({ name, email, password: hashedPassword });
+    } else {
+      user = await User.create({ name, email });
+    }
+    <% } else { %>
     const user = await User.create({ name, email });
+    <% } %>
+
 <%_ if (caching === 'Redis' || caching === 'Memory Cache') { -%>
     await cacheService.del('users:all');
 <%_ } -%>
@@ -52,7 +63,9 @@ const createUser = async (data) => {
       payload: { id: user.id || user._id, email: user.email }
     }), (user.id || user._id).toString());
 <%_ } -%>
-    return user;
+    const userObj = user.toJSON ? user.toJSON() : { ...user };
+    delete userObj.password;
+    return userObj;
   } catch (error) {
     logger.error(`${ERROR_MESSAGES.CREATE_USER_ERROR}:`, error);
     throw error;
@@ -148,8 +161,17 @@ const getUsers = async (req, res, next) => {
 
 const createUser = async (req, res, next) => {
   try {
-    const { name, email } = req.body || {};
+    const { name, email, password } = req.body || {};
+    <% if (auth.includes('JWT')) { %>
+    if (!password) {
+      return res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'Password is required' });
+    }
+    const hashedPassword = await bcrypt.hash(password, 10);
+    const user = await User.create({ name, email, password: hashedPassword });
+    <% } else { %>
     const user = await User.create({ name, email });
+    <% } %>
+    
 <%_ if (caching === 'Redis' || caching === 'Memory Cache') { -%>
     await cacheService.del('users:all');
 <%_ } -%>
@@ -159,7 +181,9 @@ const createUser = async (req, res, next) => {
       payload: { id: user.id || user._id, email: user.email }
     }), (user.id || user._id).toString());
 <%_ } -%>
-    res.status(HTTP_STATUS.CREATED).json(user);
+    const userObj = user.toJSON ? user.toJSON() : { ...user };
+    delete userObj.password;
+    res.status(HTTP_STATUS.CREATED).json(userObj);
   } catch (error) {
     logger.error(`${ERROR_MESSAGES.CREATE_USER_ERROR}:`, error);
     next(error);

package/templates/mvc/js/src/controllers/userController.spec.js.ejs

@@ -1,5 +1,9 @@
+<% if (communication !== 'GraphQL') { -%>
 const HTTP_STATUS = require('@/utils/httpCodes');
+<% } -%>
+<% if (communication === 'GraphQL') { -%>
 const ERROR_MESSAGES = require('@/utils/errorMessages');
+<% } -%>
 <% if (communication !== 'GraphQL') { -%>
 // Express-only imports would go here
 <% } -%>
@@ -40,6 +44,11 @@ jest.mock('@/config/memoryCache', () => ({
 }));
 <%_ } -%>
 jest.mock('@/utils/logger');
+<%_ if (auth.includes('JWT')) { _%>
+jest.mock('bcryptjs', () => ({
+    hash: jest.fn().mockResolvedValue('hashed_password')
+}));
+<%_ } _%>
 <%_ if (communication === 'Kafka') { -%>
 jest.mock('@/services/kafkaService', () => {
     const mockSendMessage = jest.fn().mockResolvedValue(undefined);
@@ -166,7 +175,7 @@ describe('UserController', () => {
     describe('createUser', () => {
         it('should successfully create a new user (Happy Path)', async () => {
             // Arrange
-            const payload = { name: 'Alice', email: 'alice@example.com' };
+            const payload = { name: 'Alice', email: 'alice@example.com', password: 'password123' };
 <% if (communication === 'GraphQL') { -%>
             const dataArg = payload;
 <% } else { -%>
@@ -185,20 +194,26 @@ describe('UserController', () => {
             const result = await createUser(dataArg);
 
             // Assert
-<%_ if (database === 'None') { -%>
+            expect(result.password).toBeUndefined();
             expect(result.name).toBe(payload.name);
             expect(result.email).toBe(payload.email);
-<%_ } else { -%>
-            expect(result).toEqual(expectedUser);
-            expect(User.create).toHaveBeenCalledWith(payload);
-<%_ } -%>
+            
+            expect(User.create).toHaveBeenCalledWith({
+                name: payload.name,
+                email: payload.email
+                <%_ if (auth.includes('JWT')) { _%>, password: 'hashed_password'<%_ } _%>
+            });
 <% } else { -%>
             await createUser(mockRequest, mockResponse, mockNext);
 
             // Assert
             expect(mockResponse.status).toHaveBeenCalledWith(HTTP_STATUS.CREATED);
-            expect(mockResponse.json).toHaveBeenCalledWith(expectedUser);
-            expect(User.create).toHaveBeenCalledWith(payload);
+            expect(mockResponse.json).toHaveBeenCalledWith(expect.not.objectContaining({ password: expect.anything() }));
+            expect(User.create).toHaveBeenCalledWith({
+                name: payload.name,
+                email: payload.email
+                <%_ if (auth.includes('JWT')) { _%>, password: 'hashed_password'<%_ } _%>
+            });
 <%_ } -%>
 <%_ if (caching === 'Redis' || caching === 'Memory Cache') { -%>
             expect(cacheService.del).toHaveBeenCalledWith('users:all');
@@ -211,7 +226,7 @@ describe('UserController', () => {
         it('should handle errors when creation fails (Error Handling)', async () => {
             // Arrange
             const error = new Error('Creation Error');
-            const payload = { name: 'Bob', email: 'bob@example.com' };
+            const payload = { name: 'Bob', email: 'bob@example.com', password: 'password123' };
 <% if (communication === 'GraphQL') { -%>
             const dataArg = payload;
 <% } else { -%>
@@ -232,7 +247,7 @@ describe('UserController', () => {
 <%_ if (communication === 'Kafka') { -%>
         it('should successfully create a new user with _id for Kafka (Happy Path)', async () => {
             // Arrange
-            const payload = { name: 'Bob', email: 'bob@example.com' };
+            const payload = { name: 'Bob', email: 'bob@example.com', password: 'password123' };
 <% if (communication === 'GraphQL') { -%>
             const dataArg = payload;
 <% } else { -%>
@@ -446,9 +461,9 @@ describe('UserController', () => {
             const error = new Error('Database Error');
             User.create.mockRejectedValue(error);
 <% if (communication === 'GraphQL') { -%>
-            await expect(createUser({ name: 'Alice', email: 'alice@example.com' })).rejects.toThrow(error);
+            await expect(createUser({ name: 'Alice', email: 'alice@example.com'<% if (auth.includes('JWT')) { %>, password: 'password123'<% } %> })).rejects.toThrow(error);
 <% } else { -%>
-            mockRequest.body = { name: 'Alice', email: 'alice@example.com' };
+            mockRequest.body = { name: 'Alice', email: 'alice@example.com', password: 'password123' };
             await createUser(mockRequest, mockResponse, mockNext);
             expect(mockNext).toHaveBeenCalledWith(error);
 <% } -%>

package/templates/mvc/js/src/graphql/context.js.ejs

@@ -1,7 +1,18 @@
+<% if (auth.includes('JWT')) { %>const JwtService = require('../services/jwtService');<% } %>
+
 const gqlContext = async ({ req }) => {
-  // Setup authorization or context here
-  const token = req.headers.authorization || '';
-  return { token };
+  const context = {};
+  <% if (auth.includes('JWT')) { %>
+  const authHeader = req.headers.authorization || '';
+  if (authHeader.startsWith('Bearer ')) {
+    const token = authHeader.split(' ')[1];
+    const user = JwtService.verifyToken(token);
+    if (user) {
+      context.user = user;
+    }
+  }<% } %>
+  
+  return context;
 };
 
 module.exports = { gqlContext };

package/templates/mvc/js/src/graphql/context.spec.js.ejs

@@ -1,29 +1,44 @@
+<% if (auth.includes('JWT')) { %>const JwtService = require('@/services/jwtService');
+jest.mock('@/services/jwtService');<% } %>
 const { gqlContext } = require('@/graphql/context');
-const { resolvers } = require('@/graphql/resolvers');
-const { typeDefs } = require('@/graphql/typeDefs');
+const { resolvers } = require('@/graphql/index');
+const { typeDefs } = require('@/graphql/typeDefs/index');
 
 describe('GraphQL Context', () => {
-    it('should exercise GraphQL index entry points', () => {
-        expect(resolvers).toBeDefined();
-        expect(typeDefs).toBeDefined();
+    afterEach(() => {
+        jest.clearAllMocks();
     });
-  it('should return context with token when authorization header is present', async () => {
-    const mockRequest = {
-      headers: {
-        authorization: 'Bearer token123',
-      },
-    };
 
-    const context = await gqlContext({ req: mockRequest });
-    expect(context).toEqual({ token: 'Bearer token123' });
-  });
+    it('should return context with user when authorization header is present and valid', async () => {
+        <% if (auth.includes('JWT')) { %>
+        const mockUser = { id: '1', email: 'test@test.com' };
+        JwtService.verifyToken.mockReturnValue(mockUser);
+        const mockRequest = {
+            headers: {
+                authorization: 'Bearer valid-token',
+            },
+        };
 
-  it('should return context with empty token when authorization header is missing', async () => {
-    const mockRequest = {
-      headers: {},
-    };
+        const context = await gqlContext({ req: mockRequest });
+        expect(context.user).toEqual(mockUser);
+        expect(JwtService.verifyToken).toHaveBeenCalledWith('valid-token');
+        <% } else { %>
+        const mockRequest = {
+            headers: {
+                authorization: 'Bearer token123',
+            },
+        };
+        const context = await gqlContext({ req: mockRequest });
+        expect(context).toEqual({});
+        <% } %>
+    });
+
+    it('should return empty context when authorization header is missing', async () => {
+        const mockRequest = {
+            headers: {},
+        };
 
-    const context = await gqlContext({ req: mockRequest });
-    expect(context).toEqual({ token: '' });
-  });
+        const context = await gqlContext({ req: mockRequest });
+        expect(context).toEqual({});
+    });
 });

package/templates/mvc/js/src/graphql/resolvers/user.resolvers.js.ejs

@@ -2,18 +2,23 @@ const userController = require('../../controllers/userController');
 
 const userResolvers = {
   Query: {
-    getAllUsers: async () => {
+    getAllUsers: async (_, __, <% if (auth.includes('JWT')) { %>{ user }<% } else { %>_context<% } %>) => {
+      <% if (auth.includes('JWT')) { %>if (!user) throw new Error('Unauthorized');<% } %>
       return await userController.getUsers();
     }
   },
   Mutation: {
-    createUser: async (_, { name, email }) => {
-      return await userController.createUser({ name, email });
+    createUser: async (_, { name, email<% if (auth.some(a => a !=='None')) { %>, password<% } %> }) => {
+      // Create user is typically public for registration
+      const user = await userController.createUser({ name, email<% if (auth.some(a => a !=='None')) { %>, password<% } %> });
+      return user;
     },
-    updateUser: async (_, { id, name, email }) => {
+    updateUser: async (_, { id, name, email }, <% if (auth.includes('JWT')) { %>{ user }<% } else { %>_context<% } %>) => {
+      <% if (auth.includes('JWT')) { %>if (!user) throw new Error('Unauthorized');<% } %>
       return await userController.updateUser(id, { name, email });
     },
-    deleteUser: async (_, { id }) => {
+    deleteUser: async (_, { id }, <% if (auth.includes('JWT')) { %>{ user }<% } else { %>_context<% } %>) => {
+      <% if (auth.includes('JWT')) { %>if (!user) throw new Error('Unauthorized');<% } %>
       return await userController.deleteUser(id);
     }
   }<%_ if (database === 'MongoDB') { -%>,

package/templates/mvc/js/src/graphql/resolvers/user.resolvers.spec.js.ejs

@@ -11,40 +11,62 @@ jest.mock('@/controllers/userController', () => ({
 }));
 
 describe('User Resolvers', () => {
+  const mockContext = { 
+    <% if (auth.includes('JWT')) { %>user: { id: 'admin', email: 'admin@test.com' }<% } %>
+  };
+
   afterEach(() => {
     jest.clearAllMocks();
   });
 
   describe('Query.getAllUsers', () => {
-    it('should return all users', async () => {
-      const result = await userResolvers.Query.getAllUsers();
+    it('should return all users when authorized', async () => {
+      const result = await userResolvers.Query.getAllUsers(null, null, mockContext);
       expect(result).toEqual([{ id: '1', name: 'John Doe', email: 'john@example.com' }]);
       expect(mockGetUsers).toHaveBeenCalledTimes(1);
     });
+
+    <% if (auth.includes('JWT')) { %>
+    it('should throw error when unauthorized', async () => {
+      await expect(userResolvers.Query.getAllUsers(null, null, {})).rejects.toThrow('Unauthorized');
+    });
+    <% } %>
   });
 
   describe('Mutation.createUser', () => {
-    it('should create and return a new user', async () => {
-      const result = await userResolvers.Mutation.createUser(null, { name: 'Jane', email: 'jane@example.com' });
+    it('should create and return a new user (Public)', async () => {
+      const payload = { name: 'Jane', email: 'jane@example.com'<% if (auth.some(a => a !=='None')) { %>, password: 'password123'<% } %> };
+      const result = await userResolvers.Mutation.createUser(null, payload);
       expect(result).toEqual({ id: '1', name: 'Jane', email: 'jane@example.com' });
-      expect(mockCreateUser).toHaveBeenCalledWith({ name: 'Jane', email: 'jane@example.com' });
-      expect(mockCreateUser).toHaveBeenCalledTimes(1);
+      expect(mockCreateUser).toHaveBeenCalledWith(payload);
     });
   });
 
   describe('Mutation.updateUser', () => {
-    it('should update and return the user', async () => {
+    it('should update and return the user when authorized', async () => {
       const payload = { name: 'Updated' };
-      const result = await userResolvers.Mutation.updateUser(null, { id: '1', ...payload });
+      const result = await userResolvers.Mutation.updateUser(null, { id: '1', ...payload }, mockContext);
       expect(result).toMatchObject(payload);
     });
+
+    <% if (auth.includes('JWT')) { %>
+    it('should throw error when unauthorized', async () => {
+      await expect(userResolvers.Mutation.updateUser(null, { id: '1', name: 'N' }, {})).rejects.toThrow('Unauthorized');
+    });
+    <% } %>
   });
 
   describe('Mutation.deleteUser', () => {
-    it('should delete and return true', async () => {
-      const result = await userResolvers.Mutation.deleteUser(null, { id: '1' });
+    it('should delete and return true when authorized', async () => {
+      const result = await userResolvers.Mutation.deleteUser(null, { id: '1' }, mockContext);
       expect(result).toBe(true);
     });
+
+    <% if (auth.includes('JWT')) { %>
+    it('should throw error when unauthorized', async () => {
+      await expect(userResolvers.Mutation.deleteUser(null, { id: '1' }, {})).rejects.toThrow('Unauthorized');
+    });
+    <% } %>
   });
 <%_ if (database === 'MongoDB') { -%>
   describe('User.id', () => {

package/templates/mvc/js/src/graphql/typeDefs/user.types.js.ejs

@@ -10,7 +10,7 @@ const userTypes = `#graphql
   }
 
   type Mutation {
-    createUser(name: String!, email: String!): User
+    createUser(name: String!, email: String!<%_ if (auth.some(a => a !=='None')) { _%>, password: String!<%_ } _%>): User
     updateUser(id: ID!, name: String, email: String): User
     deleteUser(id: ID!): Boolean
   }