nodejs-structure-cli 1.0.5 → 1.0.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-structure-cli",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "type": "module",
   "description": "The ultimate nodejs quickstart structure CLI to scaffold Node.js microservices with MVC or Clean Architecture",
   "main": "bin/index.js",

package/templates/common/database/js/models/User.js.ejs

@@ -10,6 +10,14 @@ class UserModel {
     return this.mockData;
   }
 
+  static async findOne(query) {
+    const { where } = query || {};
+    if (where && where.email) {
+      return this.mockData.find((u) => u.email === where.email);
+    }
+    return null;
+  }
+
   static async create(data) {
     const { id, ...rest } = data;
     const newUser = { id: String(this.mockData.length + 1), ...rest };
@@ -78,6 +86,10 @@ User.init(
       type: DataTypes.DATE,
       allowNull: true,
     },
+    refresh_token: {
+      type: DataTypes.STRING,
+      allowNull: true,
+    },
   },
   {
     sequelize,

package/templates/common/database/js/models/User.js.mongoose.ejs

@@ -1,4 +1,4 @@
-const mongoose = require('mongoose');
+import mongoose from 'mongoose';
 
 const UserSchema = new mongoose.Schema({
     name: {
@@ -22,6 +22,10 @@ const UserSchema = new mongoose.Schema({
         default: null
     },
 <%_ } _%>
+    refresh_token: {
+        type: String,
+        default: null
+    },
     createdAt: {
         type: Date,
         default: Date.now
@@ -32,4 +36,4 @@ const UserSchema = new mongoose.Schema({
     }
 });
 
-module.exports = mongoose.model('User', UserSchema);
+export default mongoose.model('User', UserSchema);

package/templates/common/database/ts/models/User.ts.ejs

@@ -4,6 +4,7 @@ export interface User {
   email: string;
   <% if (auth && auth !== 'None') { %>password?: string;<% } %>
   <% if (includeMulter) { %>imageUrl?: string;<% } %>
+  refresh_token?: string;
 }
 
 export default class UserModel {
@@ -17,6 +18,14 @@ export default class UserModel {
     return this.mockData;
   }
 
+  static async findOne(query: any) {
+    const { where } = query || {};
+    if (where && where.email) {
+      return this.mockData.find((u) => u.email === where.email);
+    }
+    return null;
+  }
+
   static async create(data: Omit<User, 'id'> & { id?: string | number | null }) {
     const { id: _, ...rest } = data;
     const newUser: User = { id: String(this.mockData.length + 1), ...rest };
@@ -89,6 +98,10 @@ User.init(
       type: DataTypes.DATE,
       allowNull: true,
     },
+    refresh_token: {
+      type: DataTypes.STRING,
+      allowNull: true,
+    },
   },
   {
     sequelize,

package/templates/common/database/ts/models/User.ts.mongoose.ejs

@@ -5,6 +5,7 @@ export interface IUser extends Document {
     email: string;
     <% if (auth && auth !== 'None') { %>password?: string;<% } %>
     <% if (includeMulter) { %>imageUrl?: string;<% } %>
+    refresh_token?: string;
     createdAt: Date;
     deletedAt?: Date | null;
 }
@@ -21,6 +22,7 @@ const UserSchema: Schema = new Schema({
     },
     <% if (auth && auth !== 'None') { %>password: { type: String },<% } %>
     <% if (includeMulter) { %>imageUrl: { type: String },<% } %>
+    refresh_token: { type: String, default: null },
     createdAt: {
         type: Date,
         default: Date.now

package/templates/common/src/controllers/authController.js.ejs

@@ -35,26 +35,51 @@ export const login = async (req, res, next) => {
 import jwt from 'jsonwebtoken';
 import bcrypt from 'bcryptjs';
 import { ApiError } from '../errors/ApiError<% if (language === 'TypeScript') { %>.ts<% } else { %>.js<% } %>';
+import User from '<% if (architecture === 'MVC') { %>../models/User.js<% } else { %>../../infrastructure/database/models/User.js<% } %>';
 
-// Mock User database (In production, use your database models)
-const users = []; 
+const generateTokens = (user) => {
+  const accessToken = jwt.sign(
+    { id: user.id || user._id, email: user.email },
+    process.env.JWT_SECRET || 'secret',
+    { expiresIn: process.env.JWT_EXPIRES_IN || '15m' }
+  );
+
+  const refreshToken = jwt.sign(
+    { id: user.id || user._id },
+    process.env.JWT_REFRESH_SECRET || 'refresh_secret',
+    { expiresIn: process.env.JWT_REFRESH_EXPIRES_IN || '7d' }
+  );
+
+  return { accessToken, refreshToken };
+};
 
 export const register = async (req, res, next) => {
   try {
     const { email, password, name } = req.body;
     
-    const existingUser = users.find(u => u.email === email);
+    const existingUser = await User.findOne(<% if (database === 'MongoDB') { %>{ email }<% } else { %>{ where: { email } }<% } %>);
     if (existingUser) {
       throw new ApiError(400, 'User already exists');
     }
 
     const hashedPassword = await bcrypt.hash(password, 10);
-    const newUser = { id: Date.now(), email, password: hashedPassword, name };
-    users.push(newUser);
+    const user = await User.create({ email, password: hashedPassword, name });
+
+    const { accessToken, refreshToken } = generateTokens(user);
+    
+    // Store refresh token in DB
+    <% if (database === 'MongoDB') { %>
+    user.refresh_token = refreshToken;
+    await user.save();
+    <% } else { %>
+    await User.update({ refresh_token: refreshToken }, { where: { id: user.id } });
+    <% } %>
 
     res.status(201).json({ 
       message: 'User registered successfully',
-      user: { id: newUser.id, email: newUser.email, name: newUser.name }
+      accessToken,
+      refreshToken,
+      user: { id: user.id || user._id, email: user.email, name: user.name }
     });
   } catch (error) {
     next(error);
@@ -65,7 +90,7 @@ export const login = async (req, res, next) => {
   try {
     const { email, password } = req.body;
     
-    const user = users.find(u => u.email === email);
+    const user = await User.findOne(<% if (database === 'MongoDB') { %>{ email }<% } else { %>{ where: { email } }<% } %>);
     if (!user) {
       throw new ApiError(401, 'Invalid credentials');
     }
@@ -75,21 +100,59 @@ export const login = async (req, res, next) => {
       throw new ApiError(401, 'Invalid credentials');
     }
 
-    const token = jwt.sign(
-      { id: user.id, email: user.email },
-      process.env.JWT_SECRET || 'secret',
-      { expiresIn: process.env.JWT_EXPIRES_IN || '1d' }
-    );
+    const { accessToken, refreshToken } = generateTokens(user);
+
+    // Update refresh token in DB
+    <% if (database === 'MongoDB') { %>
+    user.refresh_token = refreshToken;
+    await user.save();
+    <% } else { %>
+    await User.update({ refresh_token: refreshToken }, { where: { id: user.id } });
+    <% } %>
 
     res.status(200).json({ 
       message: 'Login successful',
-      token,
-      user: { id: user.id, email: user.email, name: user.name }
+      accessToken,
+      refreshToken,
+      user: { id: user.id || user._id, email: user.email, name: user.name }
     });
   } catch (error) {
     next(error);
   }
 };
+
+export const refreshToken = async (req, res, next) => {
+  try {
+    const { token } = req.body;
+    if (!token) {
+      throw new ApiError(400, 'Refresh token is required');
+    }
+
+    const decoded = jwt.verify(token, process.env.JWT_REFRESH_SECRET || 'refresh_secret');
+    const user = await User.findOne(<% if (database === 'MongoDB') { %>{ _id: decoded.id, refresh_token: token }<% } else { %>{ where: { id: decoded.id, refresh_token: token } }<% } %>);
+
+    if (!user) {
+      throw new ApiError(401, 'Invalid refresh token');
+    }
+
+    const tokens = generateTokens(user);
+
+    // Update refresh token in DB (Rotation)
+    <% if (database === 'MongoDB') { %>
+    user.refresh_token = tokens.refreshToken;
+    await user.save();
+    <% } else { %>
+    await User.update({ refresh_token: tokens.refreshToken }, { where: { id: user.id } });
+    <% } %>
+
+    res.status(200).json({
+      message: 'Token refreshed successfully',
+      ...tokens
+    });
+  } catch (error) {
+    next(new ApiError(401, 'Invalid or expired refresh token'));
+  }
+};
 <% } else if (auth === 'OAuth' || googleLogin === 'Google Login') { %>
 export const googleCallback = (req, res) => {
   // Passport handles the authentication, we just redirect or respond

package/templates/common/src/controllers/authController.ts.ejs

@@ -36,26 +36,51 @@ export const login = async (req: Request, res: Response, next: NextFunction) =>
 import jwt from 'jsonwebtoken';
 import bcrypt from 'bcryptjs';
 import { ApiError } from '../errors/ApiError';
+import User from '<% if (architecture === 'MVC') { %>../models/User<% if (language === 'TypeScript') { %><% } else { %>.js<% } %><% } else { %>../../infrastructure/database/models/User<% if (language === 'TypeScript') { %><% } else { %>.js<% } %><% } %>';
 
-// Mock User database (In production, use your database models)
-const users: any[] = []; 
+const generateTokens = (user: any) => {
+  const accessToken = jwt.sign(
+    { id: user.id || user._id, email: user.email },
+    process.env.JWT_SECRET || 'secret',
+    { expiresIn: process.env.JWT_EXPIRES_IN || '15m' }
+  );
+
+  const refreshToken = jwt.sign(
+    { id: user.id || user._id },
+    process.env.JWT_REFRESH_SECRET || 'refresh_secret',
+    { expiresIn: process.env.JWT_REFRESH_EXPIRES_IN || '7d' }
+  );
+
+  return { accessToken, refreshToken };
+};
 
 export const register = async (req: Request, res: Response, next: NextFunction) => {
   try {
     const { email, password, name } = req.body;
     
-    const existingUser = users.find(u => u.email === email);
+    const existingUser = await (User as any).findOne(<% if (database === 'MongoDB') { %>{ email }<% } else { %>{ where: { email } }<% } %>);
     if (existingUser) {
       throw new ApiError(400, 'User already exists');
     }
 
     const hashedPassword = await bcrypt.hash(password, 10);
-    const newUser = { id: Date.now(), email, password: hashedPassword, name };
-    users.push(newUser);
+    const user = await (User as any).create({ email, password: hashedPassword, name });
+
+    const { accessToken, refreshToken } = generateTokens(user);
+    
+    // Store refresh token in DB
+    <% if (database === 'MongoDB') { %>
+    user.refresh_token = refreshToken;
+    await user.save();
+    <% } else { %>
+    await (User as any).update({ refresh_token: refreshToken }, { where: { id: user.id } });
+    <% } %>
 
     res.status(201).json({ 
       message: 'User registered successfully',
-      user: { id: newUser.id, email: newUser.email, name: newUser.name }
+      accessToken,
+      refreshToken,
+      user: { id: user.id || user._id, email: user.email, name: user.name }
     });
   } catch (error: any) {
     next(error);
@@ -66,7 +91,7 @@ export const login = async (req: Request, res: Response, next: NextFunction) =>
   try {
     const { email, password } = req.body;
     
-    const user = users.find(u => u.email === email);
+    const user = await (User as any).findOne(<% if (database === 'MongoDB') { %>{ email }<% } else { %>{ where: { email } }<% } %>);
     if (!user) {
       throw new ApiError(401, 'Invalid credentials');
     }
@@ -76,21 +101,59 @@ export const login = async (req: Request, res: Response, next: NextFunction) =>
       throw new ApiError(401, 'Invalid credentials');
     }
 
-    const token = jwt.sign(
-      { id: user.id, email: user.email },
-      process.env.JWT_SECRET || 'secret',
-      { expiresIn: process.env.JWT_EXPIRES_IN || '1d' }
-    );
+    const { accessToken, refreshToken } = generateTokens(user);
+
+    // Update refresh token in DB
+    <% if (database === 'MongoDB') { %>
+    user.refresh_token = refreshToken;
+    await user.save();
+    <% } else { %>
+    await (User as any).update({ refresh_token: refreshToken }, { where: { id: user.id } });
+    <% } %>
 
     res.status(200).json({ 
       message: 'Login successful',
-      token,
-      user: { id: user.id, email: user.email, name: user.name }
+      accessToken,
+      refreshToken,
+      user: { id: user.id || user._id, email: user.email, name: user.name }
     });
   } catch (error: any) {
     next(error);
   }
 };
+
+export const refreshToken = async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const { token } = req.body;
+    if (!token) {
+      throw new ApiError(400, 'Refresh token is required');
+    }
+
+    const decoded = jwt.verify(token, process.env.JWT_REFRESH_SECRET || 'refresh_secret') as any;
+    const user = await (User as any).findOne(<% if (database === 'MongoDB') { %>{ _id: decoded.id, refresh_token: token }<% } else { %>{ where: { id: decoded.id, refresh_token: token } }<% } %>);
+
+    if (!user) {
+      throw new ApiError(401, 'Invalid refresh token');
+    }
+
+    const tokens = generateTokens(user);
+
+    // Update refresh token in DB (Rotation)
+    <% if (database === 'MongoDB') { %>
+    user.refresh_token = tokens.refreshToken;
+    await user.save();
+    <% } else { %>
+    await (User as any).update({ refresh_token: tokens.refreshToken }, { where: { id: user.id } });
+    <% } %>
+
+    res.status(200).json({
+      message: 'Token refreshed successfully',
+      ...tokens
+    });
+  } catch (error: any) {
+    next(new ApiError(401, 'Invalid or expired refresh token'));
+  }
+};
 <% } else if (auth === 'OAuth' || googleLogin === 'Google Login') { %>
 export const googleCallback = (req: Request, res: Response) => {
   res.status(200).json({

package/templates/common/src/routes/authRoutes.js.ejs

@@ -7,6 +7,9 @@ const router = express.Router();
 <% if (auth === 'Better-Auth' || auth === 'JWT') { %>
 router.post('/register', authController.register);
 router.post('/login', authController.login);
+<% if (auth === 'JWT') { %>
+router.post('/refresh-token', authController.refreshToken);
+<% } %>
 <% } %>
 
 <% if (auth === 'OAuth' || googleLogin === 'Google Login') { %>

package/templates/common/src/routes/authRoutes.ts.ejs

@@ -7,6 +7,9 @@ const router: Router = express.Router();
 <% if (auth === 'Better-Auth' || auth === 'JWT') { %>
 router.post('/register', authController.register);
 router.post('/login', authController.login);
+<% if (auth === 'JWT') { %>
+router.post('/refresh-token', authController.refreshToken);
+<% } %>
 <% } %>
 
 <% if (auth === 'OAuth' || googleLogin === 'Google Login') { %>