nodejs-quickstart-structure 2.1.1 → 2.2.0

package/templates/common/auth/js/controllers/authController.spec.js.ejs

@@ -1,27 +1,42 @@
 <%_ if (architecture === 'Clean Architecture') { _%>
-const AuthController = require('@/interfaces/controllers/auth/authController');
-const JwtService = require('@/infrastructure/auth/jwtService');
-<%_ } else { _%>
-const AuthController = require('@/controllers/authController');
-const JwtService = require('@/services/jwtService');
-<%_ } _%>
-const HTTP_STATUS = require('@/utils/httpCodes');
-const bcrypt = require('bcryptjs');
-
-jest.mock('bcryptjs');
-<%_ if (architecture === 'Clean Architecture') { _%>
 jest.mock('@/infrastructure/auth/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+jest.mock('@/infrastructure/auth/socialAuthService');
+jest.mock('@/usecases/auth/socialLoginUseCase');
+jest.mock('@/infrastructure/repositories/UserRepository');
+<%_ } _%>
 jest.mock('@/infrastructure/database/models/User', () => ({
     findOne: jest.fn()
 }));
-const User = require('@/infrastructure/database/models/User');
 <%_ } else { _%>
 jest.mock('@/services/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+jest.mock('@/services/socialAuthService');
+<%_ } _%>
 jest.mock('@/models/User', () => ({
     findOne: jest.fn()
 }));
+<%_ } _%>
+jest.mock('bcryptjs');
+
+<%_ if (architecture === 'Clean Architecture') { _%>
+const AuthController = require('@/interfaces/controllers/auth/authController');
+const JwtService = require('@/infrastructure/auth/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+const { SocialLoginUseCase } = require('@/usecases/auth/socialLoginUseCase');
+<%_ } _%>
+const User = require('@/infrastructure/database/models/User');
+<%_ } else { _%>
+const AuthController = require('@/controllers/authController');
+const JwtService = require('@/services/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+const { SocialAuthService } = require('@/services/socialAuthService');
+<%_ } _%>
 const User = require('@/models/User');
 <%_ } _%>
+const HTTP_STATUS = require('@/utils/httpCodes');
+const bcrypt = require('bcryptjs');
+
 <%_ if (caching !== 'None') { _%>
 <%_ const cachePath = (architecture === "MVC") ? (caching === "Redis" ? "@/config/redisClient" : "@/config/memoryCache") : (caching === "Redis" ? "@/infrastructure/caching/redisClient" : "@/infrastructure/caching/memoryCache"); _%>
 jest.mock('<%= cachePath %>', () => ({
@@ -42,11 +57,14 @@ describe('AuthController', () => {
         controller = new AuthController();
         mockReq = {
             body: {},
-            headers: {}
+            headers: {},
+            query: {}
         };
         mockRes = {
             status: jest.fn().mockReturnThis(),
-            json: jest.fn()
+            json: jest.fn(),
+            cookie: jest.fn(),
+            redirect: jest.fn()
         };
         next = jest.fn();
         jest.clearAllMocks();
@@ -62,7 +80,6 @@ describe('AuthController', () => {
             JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
             JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
 
-            // Mock cacheService
             <% if (caching !== 'None') { %>
             cacheService.get.mockResolvedValue([]);
             cacheService.set.mockResolvedValue();<% } %>
@@ -73,7 +90,7 @@ describe('AuthController', () => {
             expect(mockRes.json).toHaveBeenCalledWith({ token: 'mock-access-token', accessToken: 'mock-access-token', refreshToken: 'mock-refresh-token' });
         });
 
-        it('should return 401 on invalid email', async () => {
+        it('should return 401 if user not found', async () => {
             mockReq.body = { email: 'wrong@test.com', password: 'password123' };
             User.findOne.mockResolvedValue(null);
 
@@ -82,7 +99,7 @@ describe('AuthController', () => {
             expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
         });
 
-        it('should return 401 on invalid password', async () => {
+        it('should return 401 if password invalid', async () => {
             const user = { id: 1, email: 'test@test.com', password: 'hashedpassword' };
             mockReq.body = { email: 'test@test.com', password: 'wrongpassword' };
             User.findOne.mockResolvedValue(user);
@@ -92,57 +109,226 @@ describe('AuthController', () => {
 
             expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
         });
+
+        it('should call next on error', async () => {
+            const error = new Error('Database error');
+            User.findOne.mockRejectedValue(error);
+            mockReq.body = { email: 'test@test.com', password: 'password123' };
+
+            await controller.login(mockReq, mockRes, next);
+
+            expect(next).toHaveBeenCalledWith(error);
+        });
     });
 
-    describe('refresh', () => {
-        it('should return new tokens for a valid refresh token', async () => {
-            mockReq.body = { refreshToken: 'valid-refresh' };
-            const decoded = { id: '1', email: 'test@test.com', jti: 'old-jti' };
-            JwtService.verifyRefreshToken.mockReturnValue(decoded);
-            JwtService.generateToken.mockReturnValue('new-access');
-            JwtService.generateRefreshToken.mockReturnValue('new-refresh');
-            JwtService.decodeToken.mockReturnValue({ jti: 'new-jti' });
+  describe('refresh', () => {
+    it('should return 401 if refresh token is invalid', async () => {
+      mockReq.body = { refreshToken: 'invalid-token' };
+      JwtService.verifyRefreshToken.mockReturnValue(null);
 
-            <% if (caching !== 'None') { %>
-            cacheService.get.mockResolvedValue(['old-jti']);
-            cacheService.set.mockResolvedValue();
+      await controller.refresh(mockReq, mockRes, next);
+
+      expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    });
+
+    it('should return new tokens if refresh token is valid', async () => {
+      mockReq.body = { refreshToken: 'valid-token' };
+      const decoded = { id: '1', email: 'test@test.com', jti: 'test-jti' };
+      JwtService.verifyRefreshToken.mockReturnValue(decoded);
+      JwtService.generateRefreshToken.mockReturnValue('new-refresh-token');
+      JwtService.generateToken.mockReturnValue('new-access-token');
+      JwtService.decodeToken.mockReturnValue({ jti: 'new-jti' });
+
+      <% if (caching !== 'None') { %>
+      cacheService.get.mockResolvedValue(['test-jti']);
+      <% } else { %>
+      JwtService.activeRefreshTokens.set('1', ['test-jti']);
+      <% } %>
+
+      await controller.refresh(mockReq, mockRes, next);
+
+      expect(mockRes.json).toHaveBeenCalledWith(expect.objectContaining({ accessToken: 'new-access-token' }));
+    });
+
+    it('should return 401 if token theft detected', async () => {
+        mockReq.body = { refreshToken: 'stolen-token' };
+        const decoded = { id: '1', email: 'test@test.com', jti: 'stolen-jti' };
+        JwtService.verifyRefreshToken.mockReturnValue(decoded);
+        <% if (caching !== 'None') { %>
+        cacheService.get.mockResolvedValue(['other-jti']);
+        cacheService.del.mockResolvedValue();
+        <% } %>
+
+        await controller.refresh(mockReq, mockRes, next);
+
+        expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    });
+
+    it('should call next on refresh error', async () => {
+        const error = new Error('Redis error');
+        mockReq.body = { refreshToken: 'valid-token' };
+        JwtService.verifyRefreshToken.mockImplementation(() => { throw error; });
+
+        await controller.refresh(mockReq, mockRes, next);
+
+        expect(next).toHaveBeenCalledWith(error);
+    });
+  });
+
+  describe('logout', () => {
+    it('should return 400 if no token provided', async () => {
+      mockReq.headers = {};
+      await controller.logout(mockReq, mockRes, next);
+      expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.BAD_REQUEST);
+    });
+
+    it('should logout successfully', async () => {
+      mockReq.headers = { authorization: 'Bearer valid-token' };
+      mockReq.body = { refreshToken: 'valid-refresh-token' };
+      JwtService.decodeToken.mockReturnValueOnce({ jti: 'access-jti', exp: Math.floor(Date.now() / 1000) + 3600 })
+                            .mockReturnValueOnce({ id: '1', jti: 'refresh-jti' });
+
+      <% if (caching !== 'None') { %>
+      cacheService.get.mockResolvedValue(['refresh-jti']);
+      <% } else { %>
+      JwtService.activeRefreshTokens.set('1', ['refresh-jti']);
+      <% } %>
+
+      await controller.logout(mockReq, mockRes, next);
+
+      expect(mockRes.json).toHaveBeenCalledWith({ message: 'Logged out successfully' });
+    });
+
+    it('should handle logout even if no refresh token provided', async () => {
+        mockReq.headers = { authorization: 'Bearer valid-token' };
+        mockReq.body = {};
+        JwtService.decodeToken.mockReturnValue({ jti: 'access-jti', exp: Math.floor(Date.now() / 1000) + 3600 });
+
+        await controller.logout(mockReq, mockRes, next);
+
+        expect(mockRes.json).toHaveBeenCalledWith({ message: 'Logged out successfully' });
+    });
+
+    it('should call next on logout error', async () => {
+        const error = new Error('Logout error');
+        mockReq.headers = { authorization: 'Bearer valid-token' };
+        JwtService.decodeToken.mockImplementation(() => { throw error; });
+
+        await controller.logout(mockReq, mockRes, next);
+
+        expect(next).toHaveBeenCalledWith(error);
+    });
+  });
+
+<% if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { -%>
+    describe('socialExchange', () => {
+        it('should return 400 if code or provider missing', async () => {
+            mockReq.body = {};
+            await controller.socialExchange(mockReq, mockRes, next);
+            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.BAD_REQUEST);
+        });
+
+        it('should exchange code for JWT tokens', async () => {
+            mockReq.body = { code: 'test-code', provider: 'Google' };
+            const user = { id: 1, email: 'social@test.com' };
+            
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockResolvedValue({
+                    user,
+                    accessToken: 'mock-token',
+                    refreshToken: 'mock-refresh-token'
+                })
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
             <% } else { %>
-            JwtService.activeRefreshTokens.set('1', ['old-jti']);<% } %>
+            SocialAuthService.getGoogleProfile.mockResolvedValue({ email: 'social@test.com', id: 'google-id', name: 'Google User' });
+            User.findOne.mockResolvedValue(user);
+            JwtService.generateToken.mockReturnValue('mock-token');
+            JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
+            <% } %>
+            JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
 
-            await controller.refresh(mockReq, mockRes, next);
+            await controller.socialExchange(mockReq, mockRes, next);
 
-            expect(JwtService.generateToken).toHaveBeenCalledWith(expect.objectContaining({ sid: 'new-jti' }));
-            expect(mockRes.json).toHaveBeenCalledWith({ accessToken: 'new-access', refreshToken: 'new-refresh' });
+            expect(mockRes.json).toHaveBeenCalledWith(expect.objectContaining({ accessToken: 'mock-token' }));
         });
 
-        it('should detect theft and revoke if jti is not active', async () => {
-            mockReq.body = { refreshToken: 'stolen-refresh' };
-            const decoded = { id: '1', email: 'test@test.com', jti: 'stolen-jti' };
-            JwtService.verifyRefreshToken.mockReturnValue(decoded);
+        it('should return 400 for invalid provider', async () => {
+            mockReq.body = { code: 'test-code', provider: 'Invalid' };
+            await controller.socialExchange(mockReq, mockRes, next);
+            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.BAD_REQUEST);
+        });
+    });
 
-            <% if (caching !== 'None') { %>
-            cacheService.get.mockResolvedValue(['different-jti']);
+    describe('social redirect methods', () => {
+        <% if (socialAuth.includes('Google')) { %>
+        it('googleLogin should redirect to Google', async () => {
+            await controller.googleLogin(mockReq, mockRes);
+            expect(mockRes.redirect).toHaveBeenCalledWith(expect.stringContaining('accounts.google.com'));
+        });
+
+        it('googleCallback should handle Google callback', async () => {
+            mockReq.query = { code: 'test-code' };
+            const user = { id: 1, email: 'google@test.com' };
+            
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockResolvedValue({
+                    user,
+                    accessToken: 'mock-token',
+                    refreshToken: 'mock-refresh-token'
+                })
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
             <% } else { %>
-            JwtService.activeRefreshTokens.set('1', ['different-jti']);<% } %>
+            SocialAuthService.getGoogleProfile.mockResolvedValue({ email: 'google@test.com' });
+            User.findOne.mockResolvedValue(user);
+            JwtService.generateToken.mockReturnValue('mock-token');
+            JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
+            <% } %>
+            JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
 
-            await controller.refresh(mockReq, mockRes, next);
+            await controller.googleCallback(mockReq, mockRes, next);
 
-            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+            expect(mockRes.cookie).toHaveBeenCalledWith('accessToken', 'mock-token', expect.any(Object));
+            expect(mockRes.redirect).toHaveBeenCalledWith('/');
         });
-    });
+        <% } %>
 
-    describe('logout', () => {
-        it('should blacklist access jti and remove refresh jti', async () => {
-            mockReq.headers.authorization = 'Bearer access-token';
-            mockReq.body = { refreshToken: 'refresh-token' };
+        <% if (socialAuth.includes('GitHub')) { %>
+        it('githubLogin should redirect to GitHub', async () => {
+            await controller.githubLogin(mockReq, mockRes);
+            expect(mockRes.redirect).toHaveBeenCalledWith(expect.stringContaining('github.com'));
+        });
+
+        it('githubCallback should handle GitHub callback', async () => {
+            mockReq.query = { code: 'test-code' };
+            const user = { id: 1, email: 'github@test.com' };
             
-            JwtService.decodeToken
-                .mockReturnValueOnce({ jti: 'access-jti', exp: Math.floor(Date.now() / 1000) + 3600 })
-                .mockReturnValueOnce({ id: '1', jti: 'refresh-jti' });
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockResolvedValue({
+                    user,
+                    accessToken: 'mock-token',
+                    refreshToken: 'mock-refresh-token'
+                })
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
+            <% } else { %>
+            SocialAuthService.getGithubProfile.mockResolvedValue({ email: 'github@test.com' });
+            User.findOne.mockResolvedValue(user);
+            JwtService.generateToken.mockReturnValue('mock-token');
+            JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
+            <% } %>
+            JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
 
-            await controller.logout(mockReq, mockRes, next);
+            await controller.githubCallback(mockReq, mockRes, next);
 
-            expect(mockRes.json).toHaveBeenCalledWith({ message: 'Logged out successfully' });
+            expect(mockRes.cookie).toHaveBeenCalledWith('accessToken', 'mock-token', expect.any(Object));
+            expect(mockRes.redirect).toHaveBeenCalledWith('/');
         });
+        <% } %>
     });
+<% } -%>
 });

package/templates/common/auth/js/middleware/authMiddleware.js.ejs

@@ -27,28 +27,32 @@ const authMiddleware = async (req, res, next) => {
   }
 
   if (decoded.jti) {
-    <%_ if (caching !== 'None') { -%>
+    <%_ if (caching !== 'None') { _%>
     const isBlacklisted = await cacheService.get(`blacklist:${decoded.jti}`);
     if (isBlacklisted) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Token revoked' });
-    }<%_ } else { -%>
+    }
+    <%_ } else { _%>
     const expiryDate = JwtService.blacklistedTokens.get(decoded.jti);
     if (expiryDate && Date.now() < expiryDate) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Token revoked' });
-    }<% } %>
+    }
+    <%_ } _%>
   }
 
   if (decoded.sid) {
-    <%_ if (caching !== 'None') { %>
+    <%_ if (caching !== 'None') { _%>
     const cacheKey = `refresh_tokens:${decoded.id}`;
     const activeTokens = await cacheService.get(cacheKey) || [];
     if (!activeTokens.includes(decoded.sid)) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Session expired' });
-    }<%_ } else { -%>
+    }
+    <%_ } else { _%>
     const activeTokens = JwtService.activeRefreshTokens.get(String(decoded.id)) || [];
     if (!activeTokens.includes(decoded.sid)) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Session expired' });
-    }<%_ } -%>
+    }
+    <%_ } _%>
   }
 
   req.user = decoded;

package/templates/common/auth/js/routes/authRoutes.js.ejs

@@ -12,5 +12,16 @@ const authController = new AuthController();
 router.post('/login', (req, res, next) => authController.login(req, res, next));
 router.post('/refresh', (req, res, next) => authController.refresh(req, res, next));
 router.post('/logout', authMiddleware, (req, res, next) => authController.logout(req, res, next));
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+router.post('/social/exchange', (req, res, next) => authController.socialExchange(req, res, next));
+<%_ if (socialAuth.includes('Google')) { _%>
+router.get('/google', (req, res) => authController.googleLogin(req, res));
+router.get('/google/callback', (req, res, next) => authController.googleCallback(req, res, next));
+<%_ } _%>
+<%_ if (socialAuth.includes('GitHub')) { _%>
+router.get('/github', (req, res) => authController.githubLogin(req, res));
+router.get('/github/callback', (req, res, next) => authController.githubCallback(req, res, next));
+<%_ } _%>
+<%_ } _%>
 
 module.exports = router;

package/templates/common/auth/js/services/jwtService.js.ejs

@@ -25,7 +25,7 @@ class JwtService {
   static verifyToken(token) {
     try {
       return jwt.verify(token, this.SECRET);
-    } catch {
+    } catch (error) {
       return null;
     }
   }
@@ -33,7 +33,7 @@ class JwtService {
   static verifyRefreshToken(token) {
     try {
       return jwt.verify(token, this.REFRESH_SECRET);
-    } catch {
+    } catch (error) {
       return null;
     }
   }
@@ -41,7 +41,7 @@ class JwtService {
   static decodeToken(token) {
     try {
       return jwt.decode(token);
-    } catch {
+    } catch (error) {
       return null;
     }
   }

package/templates/common/auth/js/services/jwtService.spec.js.ejs

@@ -58,6 +58,12 @@ describe('JwtService', () => {
             expect(jwt.verify).toHaveBeenCalledWith(token, secret);
             expect(result).toEqual(payload);
         });
+
+        it('should return null for an invalid token', () => {
+            jwt.verify.mockImplementation(() => { throw new Error('Invalid token'); });
+            const result = JwtService.verifyToken(token);
+            expect(result).toBeNull();
+        });
     });
 
     describe('verifyRefreshToken', () => {
@@ -69,6 +75,12 @@ describe('JwtService', () => {
             expect(jwt.verify).toHaveBeenCalledWith(token, 'test-refresh-secret');
             expect(result).toEqual(payload);
         });
+
+        it('should return null for an invalid refresh token', () => {
+            jwt.verify.mockImplementation(() => { throw new Error('Invalid token'); });
+            const result = JwtService.verifyRefreshToken(token);
+            expect(result).toBeNull();
+        });
     });
 
     describe('decodeToken', () => {
@@ -80,5 +92,23 @@ describe('JwtService', () => {
             expect(jwt.decode).toHaveBeenCalledWith(token);
             expect(result).toEqual(payload);
         });
+
+        it('should return null if decode fails', () => {
+            jwt.decode.mockImplementation(() => { throw new Error('Decode failed'); });
+            const result = JwtService.decodeToken(token);
+            expect(result).toBeNull();
+        });
+    });
+
+    describe('fallback values', () => {
+        it('should use default values if env not set', () => {
+            delete process.env.JWT_SECRET;
+            delete process.env.JWT_REFRESH_SECRET;
+            delete process.env.JWT_EXPIRES_IN;
+            delete process.env.JWT_REFRESH_EXPIRES_IN;
+            
+            expect(JwtService.SECRET).toBeDefined();
+            expect(JwtService.REFRESH_SECRET).toBeDefined();
+        });
     });
 });

package/templates/common/auth/js/services/socialAuthService.js.ejs

@@ -0,0 +1,175 @@
+<% if (architecture === 'MVC') { -%>
+const logger = require('../utils/logger');
+<% } else { -%>
+const logger = require('../log/logger');
+<% } -%>
+const axios = require('axios');
+
+<% if (architecture === 'Clean Architecture') { -%>
+// Provider implementations for Clean Architecture
+<% if (socialAuth.includes('Google')) { -%>
+class GoogleProvider {
+  constructor() {
+    this.name = 'Google';
+  }
+  async getProfile(code, redirectUri) {
+    try {
+      const params = new URLSearchParams();
+      params.append('code', code);
+      params.append('client_id', process.env.GOOGLE_CLIENT_ID);
+      params.append('client_secret', process.env.GOOGLE_CLIENT_SECRET);
+      params.append('redirect_uri', redirectUri);
+      params.append('grant_type', 'authorization_code');
+
+      const tokenResponse = await axios.post('https://oauth2.googleapis.com/token', params.toString(), {
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
+      });
+
+      const { access_token } = tokenResponse.data;
+      const profileResponse = await axios.get('https://www.googleapis.com/oauth2/v2/userinfo', {
+        headers: { Authorization: `Bearer ${access_token}` },
+      });
+
+      return {
+        id: profileResponse.data.id,
+        email: profileResponse.data.email,
+        name: profileResponse.data.name,
+        picture: profileResponse.data.picture
+      };
+    } catch (error) {
+      logger.error('Google OAuth error:', error.response?.data || error.message);
+      throw new Error('Failed to authenticate with Google');
+    }
+  }
+}
+<% } -%>
+
+<% if (socialAuth.includes('GitHub')) { -%>
+class GitHubProvider {
+  constructor() {
+    this.name = 'GitHub';
+  }
+  async getProfile(code) {
+    try {
+      const tokenResponse = await axios.post(
+        'https://github.com/login/oauth/access_token',
+        {
+          client_id: process.env.GITHUB_CLIENT_ID,
+          client_secret: process.env.GITHUB_CLIENT_SECRET,
+          code,
+        },
+        { headers: { Accept: 'application/json' } }
+      );
+
+      const { access_token } = tokenResponse.data;
+      if (!access_token) throw new Error('No access token returned from GitHub');
+
+      const [profileRes, emailsRes] = await Promise.all([
+        axios.get('https://api.github.com/user', { headers: { Authorization: `Bearer ${access_token}` } }),
+        axios.get('https://api.github.com/user/emails', { headers: { Authorization: `Bearer ${access_token}` } })
+      ]);
+
+      const email = emailsRes.data.find((e) => e.primary)?.email || emailsRes.data[0]?.email;
+
+      return {
+        id: profileRes.data.id.toString(),
+        email,
+        name: profileRes.data.name || profileRes.data.login,
+      };
+    } catch (error) {
+      logger.error('GitHub OAuth error:', error.response?.data || error.message);
+      throw new Error('Failed to authenticate with GitHub');
+    }
+  }
+}
+<% } -%>
+
+module.exports = {
+  <% if (socialAuth.includes('Google')) { %>GoogleProvider,<% } %>
+  <% if (socialAuth.includes('GitHub')) { %>GitHubProvider,<% } %>
+};
+<% } else { -%>
+class SocialAuthService {
+<% if (socialAuth.includes('Google')) { -%>
+  static async getGoogleProfile(code, redirectUri) {
+    try {
+      const params = new URLSearchParams();
+      params.append('code', code);
+      params.append('client_id', process.env.GOOGLE_CLIENT_ID);
+      params.append('client_secret', process.env.GOOGLE_CLIENT_SECRET);
+      params.append('redirect_uri', redirectUri);
+      params.append('grant_type', 'authorization_code');
+
+      const tokenResponse = await axios.post('https://oauth2.googleapis.com/token', params.toString(), {
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
+      });
+
+      const { access_token } = tokenResponse.data;
+
+      const profileResponse = await axios.get('https://www.googleapis.com/oauth2/v2/userinfo', {
+        headers: { Authorization: `Bearer ${access_token}` },
+      });
+
+      return {
+        id: profileResponse.data.id,
+        email: profileResponse.data.email,
+        name: profileResponse.data.name,
+        picture: profileResponse.data.picture
+      };
+    } catch (error) {
+      if (axios.isAxiosError(error)) {
+        const detail = error.response?.data;
+        logger.error('Google OAuth error:', detail || error.message);
+        if (detail?.error === 'invalid_grant') {
+          logger.error('HINT: The code is likely expired or already used. Get a new one!');
+        }
+      } else {
+        logger.error('Google OAuth error:', error.message);
+      }
+      throw new Error('Failed to authenticate with Google');
+    }
+  }
+<% } -%>
+
+<% if (socialAuth.includes('GitHub')) { -%>
+  static async getGithubProfile(code) {
+    try {
+      const tokenResponse = await axios.post(
+        'https://github.com/login/oauth/access_token',
+        {
+          client_id: process.env.GITHUB_CLIENT_ID,
+          client_secret: process.env.GITHUB_CLIENT_SECRET,
+          code,
+        },
+        { headers: { Accept: 'application/json' } }
+      );
+
+      const { access_token } = tokenResponse.data;
+      if (!access_token) {
+        throw new Error('No access token returned from GitHub');
+      }
+
+      const profileResponse = await axios.get('https://api.github.com/user', {
+        headers: { Authorization: `Bearer ${access_token}` },
+      });
+
+      const emailsResponse = await axios.get('https://api.github.com/user/emails', {
+        headers: { Authorization: `Bearer ${access_token}` },
+      });
+
+      const primaryEmail = emailsResponse.data.find((e) => e.primary)?.email || emailsResponse.data[0]?.email;
+
+      return {
+        id: profileResponse.data.id.toString(),
+        email: primaryEmail,
+        name: profileResponse.data.name || profileResponse.data.login,
+      };
+    } catch (error) {
+      logger.error('GitHub OAuth error:', error.response?.data || error.message);
+      throw new Error('Failed to authenticate with GitHub');
+    }
+  }
+<% } -%>
+}
+module.exports = { SocialAuthService };
+<% } -%>