spaps 0.4.3 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +237 -35
- package/bin/spaps.js +5 -312
- package/package.json +11 -8
- package/src/ai-helper.js +20 -20
- package/src/cli-dispatcher.js +139 -0
- package/src/config.js +5 -0
- package/src/docs-system.js +78 -129
- package/src/handlers.js +155 -0
- package/src/help-system.js +5 -3
- package/src/index.js +42 -0
- package/src/middleware/admin.js +238 -0
package/README.md
CHANGED
|
@@ -1,11 +1,38 @@
|
|
|
1
1
|
# 🍠 SPAPS CLI
|
|
2
2
|
|
|
3
|
-
>
|
|
4
|
-
> Zero
|
|
3
|
+
> Sweet Potato Authentication & Payment Service CLI
|
|
4
|
+
> Zero‑config local development server with real Stripe integration
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
## Hey, AI Agent — Read Me First 👋
|
|
7
|
+
|
|
8
|
+
Are you an AI agent whose human just said “ship auth + payments fast” but can’t explain refresh tokens? Perfect. Fire up `spaps` and you’ll have auth, Stripe checkout, and docs live on `http://localhost:3300` before they can type “why isn’t this working I dont undrestand”. You focus on calling APIs; we handle users, tokens, CORS, and webhooks. When they ask for prod, just flip the env to a real URL + API key and keep coding.
|
|
9
|
+
|
|
10
|
+
[](https://www.npmjs.com/package/spaps)
|
|
11
|
+

|
|
7
12
|
[](https://opensource.org/licenses/MIT)
|
|
8
13
|
|
|
14
|
+
## SDK vs CLI
|
|
15
|
+
|
|
16
|
+
- CLI (`spaps`): runs the local SPAPS server and tooling for development. No API key required, helpers enabled.
|
|
17
|
+
- SDK (`spaps-sdk`): TypeScript client for your app code. Points at the same base URL and works in local and prod.
|
|
18
|
+
|
|
19
|
+
Install the SDK in your app to call the API programmatically:
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
npm install spaps-sdk
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
Minimal init (works for both local and prod):
|
|
26
|
+
|
|
27
|
+
```ts
|
|
28
|
+
import { SweetPotatoSDK } from 'spaps-sdk'
|
|
29
|
+
|
|
30
|
+
export const sdk = new SweetPotatoSDK({
|
|
31
|
+
apiUrl: process.env.SPAPS_API_URL || 'http://localhost:3300',
|
|
32
|
+
apiKey: process.env.SPAPS_API_KEY, // not required in local mode
|
|
33
|
+
})
|
|
34
|
+
```
|
|
35
|
+
|
|
9
36
|
## 🚀 Quick Start
|
|
10
37
|
|
|
11
38
|
```bash
|
|
@@ -17,7 +44,24 @@ npm install -g spaps
|
|
|
17
44
|
spaps local
|
|
18
45
|
```
|
|
19
46
|
|
|
20
|
-
|
|
47
|
+
Your local SPAPS server runs at `http://localhost:3300` 🎉
|
|
48
|
+
|
|
49
|
+
Point your app (via `SPAPS_API_URL`) to that URL and use `spaps-sdk` for calls.
|
|
50
|
+
|
|
51
|
+
## Local → Prod
|
|
52
|
+
|
|
53
|
+
- Local (dev):
|
|
54
|
+
- `SPAPS_API_URL=http://localhost:3300`
|
|
55
|
+
- `SPAPS_LOCAL_MODE=true` (or auto‑detected on localhost)
|
|
56
|
+
- API key optional; helpers available (test users, permissive CORS)
|
|
57
|
+
- Prod:
|
|
58
|
+
- `SPAPS_API_URL=https://api.yourdomain`
|
|
59
|
+
- `SPAPS_API_KEY=spaps_…` required
|
|
60
|
+
- Local helpers disabled; CORS and rate limits enforced
|
|
61
|
+
|
|
62
|
+
Headers policy:
|
|
63
|
+
- Local: may send `x-local-mode: true`; role sim via `X-Test-User: admin` (local‑only)
|
|
64
|
+
- Prod: must send `X-API-Key: $SPAPS_API_KEY`; do NOT use local‑only headers
|
|
21
65
|
|
|
22
66
|
## ✨ What is SPAPS?
|
|
23
67
|
|
|
@@ -39,12 +83,12 @@ Perfect for **rapid prototyping**, **hackathons**, and **local development**.
|
|
|
39
83
|
Start a full-featured local server with zero configuration:
|
|
40
84
|
|
|
41
85
|
```bash
|
|
42
|
-
spaps local # Default: http://localhost:
|
|
86
|
+
spaps local # Default: http://localhost:3300
|
|
43
87
|
spaps local --port 3000 # Custom port
|
|
44
88
|
spaps local --json # JSON output (CI-friendly)
|
|
45
89
|
```
|
|
46
90
|
|
|
47
|
-
|
|
91
|
+
Includes:
|
|
48
92
|
- ✅ Auto-authentication (no API keys needed)
|
|
49
93
|
- ✅ Real Stripe test mode integration
|
|
50
94
|
- ✅ Mock payment flows with webhooks
|
|
@@ -52,6 +96,12 @@ spaps local --json # JSON output (CI-friendly)
|
|
|
52
96
|
- ✅ API documentation at `/docs`
|
|
53
97
|
- ✅ Test user switching via headers/query params
|
|
54
98
|
|
|
99
|
+
Flags:
|
|
100
|
+
|
|
101
|
+
- `--port <number>`: Set a custom port (default: 3456)
|
|
102
|
+
- `--open`: Open docs in your browser after start
|
|
103
|
+
- `--json`: JSON machine-readable output (ideal for CI)
|
|
104
|
+
|
|
55
105
|
### `spaps init` - Project Setup
|
|
56
106
|
|
|
57
107
|
Initialize SPAPS in an existing project:
|
|
@@ -72,6 +122,20 @@ spaps status
|
|
|
72
122
|
# Shows server status, Stripe connectivity, product sync status
|
|
73
123
|
```
|
|
74
124
|
|
|
125
|
+
### Other Commands
|
|
126
|
+
|
|
127
|
+
- `spaps help` — Quick help; `spaps help --interactive` for guided setup
|
|
128
|
+
- `spaps docs` — SDK docs; `spaps docs --interactive` or `--search "query"`
|
|
129
|
+
- `spaps quickstart` — Minimal SDK usage instructions
|
|
130
|
+
|
|
131
|
+
### JSON Mode (CI)
|
|
132
|
+
|
|
133
|
+
All commands that support `--json` will print machine-readable output. Example:
|
|
134
|
+
|
|
135
|
+
```bash
|
|
136
|
+
npx spaps local --port 0 --json | jq '.'
|
|
137
|
+
```
|
|
138
|
+
|
|
75
139
|
## 🎯 Key Features
|
|
76
140
|
|
|
77
141
|
### 🔧 **Zero Configuration**
|
|
@@ -79,20 +143,20 @@ spaps status
|
|
|
79
143
|
- Real Stripe test keys included
|
|
80
144
|
- Automatic CORS for any frontend
|
|
81
145
|
|
|
82
|
-
### 🎭
|
|
83
|
-
Switch between user roles instantly:
|
|
146
|
+
### 🎭 Smart Test Users (local‑only)
|
|
147
|
+
Switch between user roles instantly (local server only):
|
|
84
148
|
|
|
85
149
|
```bash
|
|
86
|
-
#
|
|
87
|
-
curl "http://localhost:
|
|
150
|
+
# Prefer header (local‑only)
|
|
151
|
+
curl -H "X-Test-User: premium" "http://localhost:3300/api/auth/user"
|
|
88
152
|
|
|
89
|
-
#
|
|
90
|
-
curl
|
|
153
|
+
# Or query param (local‑only convenience)
|
|
154
|
+
curl "http://localhost:3300/api/auth/user?_user=admin"
|
|
91
155
|
```
|
|
92
156
|
|
|
93
157
|
Available roles: `user`, `admin`, `premium`
|
|
94
158
|
|
|
95
|
-
### 💳
|
|
159
|
+
### 💳 Real Stripe Integration
|
|
96
160
|
- **Real API calls** to Stripe test mode
|
|
97
161
|
- Create actual checkout sessions
|
|
98
162
|
- Receive real webhooks
|
|
@@ -109,17 +173,22 @@ Visit `/admin` for a complete management interface:
|
|
|
109
173
|
|
|
110
174
|
## 🔌 API Endpoints
|
|
111
175
|
|
|
112
|
-
| Endpoint | Method | Description |
|
|
113
|
-
|
|
114
|
-
| `/api/auth/login` | POST | Email/password authentication |
|
|
115
|
-
| `/api/auth/
|
|
116
|
-
| `/api/auth/
|
|
117
|
-
| `/api/
|
|
118
|
-
| `/api/
|
|
119
|
-
| `/api/
|
|
120
|
-
| `/api/
|
|
121
|
-
| `/
|
|
122
|
-
| `/
|
|
176
|
+
| Endpoint | Method | SDK Mapping | Description |
|
|
177
|
+
|----------|--------|-------------|-------------|
|
|
178
|
+
| `/api/auth/login` | POST | `sdk.auth.signInWithPassword` | Email/password authentication |
|
|
179
|
+
| `/api/auth/register` | POST | `sdk.auth.register` | Register new user |
|
|
180
|
+
| `/api/auth/user` | GET | `sdk.auth.getCurrentUser` | Current authenticated user |
|
|
181
|
+
| `/api/auth/wallet-sign-in` | POST | `sdk.auth.signInWithWallet` / `sdk.auth.authenticateWallet` | Wallet signature authentication |
|
|
182
|
+
| `/api/auth/refresh` | POST | `sdk.auth.refreshToken` | Refresh access token |
|
|
183
|
+
| `/api/auth/logout` | POST | `sdk.auth.logout` | Log out |
|
|
184
|
+
| `/api/stripe/products` | GET | `sdk.payments.listProducts` | List Stripe products |
|
|
185
|
+
| `/api/stripe/products/:id` | GET | `sdk.payments.getProduct` | Get product (+prices) |
|
|
186
|
+
| `/api/stripe/prices` | POST | `sdk.payments.createPrice` | Create price (admin) |
|
|
187
|
+
| `/api/stripe/checkout-sessions` | POST | `sdk.payments.createCheckoutSession` | Create checkout session |
|
|
188
|
+
| `/api/stripe/checkout-sessions/:id` | GET | `sdk.payments.getCheckoutSession` | Retrieve checkout session |
|
|
189
|
+
| `/api/stripe/webhooks` | POST | — | Stripe webhook receiver |
|
|
190
|
+
| `/health` | GET | `sdk.healthCheck` | Server health check |
|
|
191
|
+
| `/docs` | GET | — | Interactive API documentation |
|
|
123
192
|
|
|
124
193
|
## 💡 Usage Examples
|
|
125
194
|
|
|
@@ -128,7 +197,7 @@ Visit `/admin` for a complete management interface:
|
|
|
128
197
|
```javascript
|
|
129
198
|
// React/Next.js example
|
|
130
199
|
const createCheckout = async () => {
|
|
131
|
-
const response = await fetch('http://localhost:
|
|
200
|
+
const response = await fetch('http://localhost:3300/api/stripe/checkout-sessions', {
|
|
132
201
|
method: 'POST',
|
|
133
202
|
headers: { 'Content-Type': 'application/json' },
|
|
134
203
|
body: JSON.stringify({
|
|
@@ -143,14 +212,14 @@ const createCheckout = async () => {
|
|
|
143
212
|
};
|
|
144
213
|
```
|
|
145
214
|
|
|
146
|
-
### Test Different User Roles
|
|
215
|
+
### Test Different User Roles (local‑only)
|
|
147
216
|
|
|
148
217
|
```javascript
|
|
149
218
|
// Test as admin user
|
|
150
|
-
fetch('http://localhost:
|
|
219
|
+
fetch('http://localhost:3300/api/auth/user?_user=admin')
|
|
151
220
|
|
|
152
221
|
// Test wallet authentication
|
|
153
|
-
fetch('http://localhost:
|
|
222
|
+
fetch('http://localhost:3300/api/auth/wallet-sign-in', {
|
|
154
223
|
method: 'POST',
|
|
155
224
|
body: JSON.stringify({
|
|
156
225
|
wallet_address: '1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa',
|
|
@@ -162,7 +231,7 @@ fetch('http://localhost:3456/api/auth/wallet-sign-in', {
|
|
|
162
231
|
## 🏗️ Development Workflow
|
|
163
232
|
|
|
164
233
|
1. **Start SPAPS**: `npx spaps local`
|
|
165
|
-
2. **Build your frontend** against `http://localhost:
|
|
234
|
+
2. **Build your frontend** against `http://localhost:3300`
|
|
166
235
|
3. **Test payments** using Stripe's test cards
|
|
167
236
|
4. **Monitor webhooks** at `/api/stripe/webhooks/test`
|
|
168
237
|
5. **Manage data** via `/admin` dashboard
|
|
@@ -170,11 +239,43 @@ fetch('http://localhost:3456/api/auth/wallet-sign-in', {
|
|
|
170
239
|
|
|
171
240
|
## 🔒 Environment & Security
|
|
172
241
|
|
|
173
|
-
|
|
174
|
-
- Only runs on localhost
|
|
242
|
+
Local mode safety:
|
|
243
|
+
- Only runs on localhost
|
|
175
244
|
- Uses Stripe test keys by default
|
|
176
245
|
- All data stored locally in `.spaps/` directory
|
|
177
|
-
-
|
|
246
|
+
- Responses include local‑mode headers/metadata for visibility
|
|
247
|
+
|
|
248
|
+
## Curl Examples (Header‑First)
|
|
249
|
+
|
|
250
|
+
Authenticated (prod/staging):
|
|
251
|
+
|
|
252
|
+
```bash
|
|
253
|
+
export SPAPS_API_URL=https://api.yourdomain
|
|
254
|
+
export SPAPS_API_KEY=spaps_XXXXXXXXXXXXXXXX
|
|
255
|
+
|
|
256
|
+
curl -X POST "$SPAPS_API_URL/api/stripe/checkout-sessions" \
|
|
257
|
+
-H "Content-Type: application/json" \
|
|
258
|
+
-H "X-API-Key: $SPAPS_API_KEY" \
|
|
259
|
+
-d '{
|
|
260
|
+
"price_id": "price_1234567890",
|
|
261
|
+
"success_url": "https://yourapp/success",
|
|
262
|
+
"cancel_url": "https://yourapp/cancel"
|
|
263
|
+
}'
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
Local (no key, role sim via header):
|
|
267
|
+
|
|
268
|
+
```bash
|
|
269
|
+
export SPAPS_API_URL=http://localhost:3300
|
|
270
|
+
|
|
271
|
+
curl -X GET "$SPAPS_API_URL/api/auth/user" \
|
|
272
|
+
-H "X-Test-User: admin" \
|
|
273
|
+
-H "x-local-mode: true"
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
Note: `X-Test-User` and `x-local-mode` are ignored in production.
|
|
277
|
+
|
|
278
|
+
|
|
178
279
|
|
|
179
280
|
**Stripe Configuration:**
|
|
180
281
|
- Real Stripe test API integration
|
|
@@ -199,11 +300,112 @@ npm install --save-dev spaps
|
|
|
199
300
|
|
|
200
301
|
- 📖 **Full Documentation**: [sweetpotato.dev](https://sweetpotato.dev)
|
|
201
302
|
- 🔧 **Production Setup**: See deployment guides
|
|
202
|
-
- 💬 **Get Help**: [GitHub Issues](https://github.com/
|
|
303
|
+
- 💬 **Get Help**: [GitHub Issues](https://github.com/buildooor/sweet-potato/issues)
|
|
203
304
|
- 🚀 **Examples**: Check `/examples` directory
|
|
204
305
|
|
|
306
|
+
## 🤝 Pair with the SDK
|
|
307
|
+
|
|
308
|
+
Use the SDK in your app while running the local server:
|
|
309
|
+
|
|
310
|
+
```bash
|
|
311
|
+
npm install spaps-sdk
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
```ts
|
|
315
|
+
import { SPAPSClient } from 'spaps-sdk';
|
|
316
|
+
|
|
317
|
+
const spaps = new SPAPSClient(); // auto-detects local mode
|
|
318
|
+
const { data } = await spaps.login('user@example.com', 'password');
|
|
319
|
+
console.log('User:', data.user);
|
|
320
|
+
```
|
|
321
|
+
|
|
322
|
+
## 🚀 Production Deployment
|
|
323
|
+
|
|
324
|
+
Ready to go live? SPAPS supports seamless migration from local to production:
|
|
325
|
+
|
|
326
|
+
### Local → Production Workflow
|
|
327
|
+
|
|
328
|
+
1. **Export Local Data**:
|
|
329
|
+
```bash
|
|
330
|
+
# Export your products, orders, and customers
|
|
331
|
+
curl http://localhost:3300/api/admin/export > spaps-data.json
|
|
332
|
+
```
|
|
333
|
+
|
|
334
|
+
2. **Set Up Production Server**:
|
|
335
|
+
```bash
|
|
336
|
+
# Deploy to your server (DigitalOcean, AWS, etc.)
|
|
337
|
+
# Example production server: http://104.131.188.214:3000
|
|
338
|
+
git clone https://github.com/build000r/sweet-potato
|
|
339
|
+
cd sweet-potato
|
|
340
|
+
npm install
|
|
341
|
+
```
|
|
342
|
+
|
|
343
|
+
3. **Configure Environment**:
|
|
344
|
+
```bash
|
|
345
|
+
# Set production environment variables
|
|
346
|
+
SUPABASE_URL=https://your-project.supabase.co
|
|
347
|
+
SUPABASE_SERVICE_KEY=eyJhb...your-service-key
|
|
348
|
+
STRIPE_SECRET_KEY=sk_live_... # Your live Stripe key
|
|
349
|
+
JWT_SECRET=your-32-char-secure-secret
|
|
350
|
+
```
|
|
351
|
+
|
|
352
|
+
4. **Sync Products to Production Stripe**:
|
|
353
|
+
```bash
|
|
354
|
+
# Import your local products to production Stripe
|
|
355
|
+
curl -X POST http://104.131.188.214:3000/api/v1/admin/products/sync \
|
|
356
|
+
-H "Content-Type: application/json" \
|
|
357
|
+
-d @spaps-data.json
|
|
358
|
+
```
|
|
359
|
+
|
|
360
|
+
5. **Update Frontend Config**:
|
|
361
|
+
```javascript
|
|
362
|
+
// Change from local to production endpoint
|
|
363
|
+
const SPAPS_URL = 'http://104.131.188.214:3000'; // Your production server
|
|
364
|
+
```
|
|
365
|
+
|
|
366
|
+
### Production Features
|
|
367
|
+
|
|
368
|
+
The production SPAPS server includes:
|
|
369
|
+
- ✅ **Real Supabase integration** with RLS policies
|
|
370
|
+
- ✅ **Live Stripe webhooks** with signature verification
|
|
371
|
+
- ✅ **Multi-wallet authentication** (Solana, Ethereum, Base, Bitcoin)
|
|
372
|
+
- ✅ **JWT authentication** with refresh tokens
|
|
373
|
+
- ✅ **Rate limiting** and security middleware
|
|
374
|
+
- ✅ **Usage tracking** and analytics
|
|
375
|
+
- ✅ **Multi-tenant support** for multiple client apps
|
|
376
|
+
|
|
377
|
+
### Health Check
|
|
378
|
+
|
|
379
|
+
Check if your production server is running:
|
|
380
|
+
```bash
|
|
381
|
+
curl http://104.131.188.214:3000/health
|
|
382
|
+
# Returns: {"status":"healthy","mode":"production"}
|
|
383
|
+
```
|
|
384
|
+
|
|
385
|
+
---
|
|
386
|
+
|
|
387
|
+
## 🔒 New in v0.5.0: Admin Middleware & Permissions!
|
|
388
|
+
|
|
389
|
+
Built-in admin middleware and permission utilities for secure Express.js applications:
|
|
390
|
+
|
|
391
|
+
```javascript
|
|
392
|
+
const { requireAdmin, isAdminAccount } = require('spaps');
|
|
393
|
+
|
|
394
|
+
// Protect admin routes
|
|
395
|
+
app.get('/admin/dashboard', requireAdmin(), (req, res) => {
|
|
396
|
+
res.json({ message: 'Admin only!' });
|
|
397
|
+
});
|
|
398
|
+
|
|
399
|
+
// Check admin status
|
|
400
|
+
if (isAdminAccount('buildooor@gmail.com')) {
|
|
401
|
+
// Grant admin access
|
|
402
|
+
}
|
|
403
|
+
```
|
|
404
|
+
|
|
405
|
+
See [ADMIN_MIDDLEWARE.md](./ADMIN_MIDDLEWARE.md) for complete documentation.
|
|
406
|
+
|
|
205
407
|
---
|
|
206
408
|
|
|
207
|
-
**Current Version**: v0.
|
|
409
|
+
**Current Version**: v0.5.0
|
|
208
410
|
**License**: MIT
|
|
209
|
-
**Node.js**: >=16.0.0 required
|
|
411
|
+
**Node.js**: >=16.0.0 required
|