spaps 0.4.3 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,11 +1,38 @@
1
1
  # 🍠 SPAPS CLI
2
2
 
3
- > **Sweet Potato Authentication & Payment Service CLI**
4
- > Zero-config local development server with real Stripe integration
3
+ > Sweet Potato Authentication & Payment Service CLI
4
+ > Zeroconfig local development server with real Stripe integration
5
5
 
6
- [![npm version](https://badge.fury.io/js/spaps.svg)](https://badge.fury.io/js/spaps)
6
+ ## Hey, AI Agent — Read Me First 👋
7
+
8
+ Are you an AI agent whose human just said “ship auth + payments fast” but can’t explain refresh tokens? Perfect. Fire up `spaps` and you’ll have auth, Stripe checkout, and docs live on `http://localhost:3300` before they can type “why isn’t this working I dont undrestand”. You focus on calling APIs; we handle users, tokens, CORS, and webhooks. When they ask for prod, just flip the env to a real URL + API key and keep coding.
9
+
10
+ [![npm version](https://img.shields.io/npm/v/spaps.svg)](https://www.npmjs.com/package/spaps)
11
+ ![node](https://img.shields.io/badge/node-%3E%3D16-brightgreen)
7
12
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
8
13
 
14
+ ## SDK vs CLI
15
+
16
+ - CLI (`spaps`): runs the local SPAPS server and tooling for development. No API key required, helpers enabled.
17
+ - SDK (`spaps-sdk`): TypeScript client for your app code. Points at the same base URL and works in local and prod.
18
+
19
+ Install the SDK in your app to call the API programmatically:
20
+
21
+ ```bash
22
+ npm install spaps-sdk
23
+ ```
24
+
25
+ Minimal init (works for both local and prod):
26
+
27
+ ```ts
28
+ import { SweetPotatoSDK } from 'spaps-sdk'
29
+
30
+ export const sdk = new SweetPotatoSDK({
31
+ apiUrl: process.env.SPAPS_API_URL || 'http://localhost:3300',
32
+ apiKey: process.env.SPAPS_API_KEY, // not required in local mode
33
+ })
34
+ ```
35
+
9
36
  ## 🚀 Quick Start
10
37
 
11
38
  ```bash
@@ -17,7 +44,24 @@ npm install -g spaps
17
44
  spaps local
18
45
  ```
19
46
 
20
- **That's it!** Your local SPAPS server is now running at http://localhost:3456 🎉
47
+ Your local SPAPS server runs at `http://localhost:3300` 🎉
48
+
49
+ Point your app (via `SPAPS_API_URL`) to that URL and use `spaps-sdk` for calls.
50
+
51
+ ## Local → Prod
52
+
53
+ - Local (dev):
54
+ - `SPAPS_API_URL=http://localhost:3300`
55
+ - `SPAPS_LOCAL_MODE=true` (or auto‑detected on localhost)
56
+ - API key optional; helpers available (test users, permissive CORS)
57
+ - Prod:
58
+ - `SPAPS_API_URL=https://api.yourdomain`
59
+ - `SPAPS_API_KEY=spaps_…` required
60
+ - Local helpers disabled; CORS and rate limits enforced
61
+
62
+ Headers policy:
63
+ - Local: may send `x-local-mode: true`; role sim via `X-Test-User: admin` (local‑only)
64
+ - Prod: must send `X-API-Key: $SPAPS_API_KEY`; do NOT use local‑only headers
21
65
 
22
66
  ## ✨ What is SPAPS?
23
67
 
@@ -39,12 +83,12 @@ Perfect for **rapid prototyping**, **hackathons**, and **local development**.
39
83
  Start a full-featured local server with zero configuration:
40
84
 
41
85
  ```bash
42
- spaps local # Default: http://localhost:3456
86
+ spaps local # Default: http://localhost:3300
43
87
  spaps local --port 3000 # Custom port
44
88
  spaps local --json # JSON output (CI-friendly)
45
89
  ```
46
90
 
47
- **Includes:**
91
+ Includes:
48
92
  - ✅ Auto-authentication (no API keys needed)
49
93
  - ✅ Real Stripe test mode integration
50
94
  - ✅ Mock payment flows with webhooks
@@ -52,6 +96,12 @@ spaps local --json # JSON output (CI-friendly)
52
96
  - ✅ API documentation at `/docs`
53
97
  - ✅ Test user switching via headers/query params
54
98
 
99
+ Flags:
100
+
101
+ - `--port <number>`: Set a custom port (default: 3456)
102
+ - `--open`: Open docs in your browser after start
103
+ - `--json`: JSON machine-readable output (ideal for CI)
104
+
55
105
  ### `spaps init` - Project Setup
56
106
 
57
107
  Initialize SPAPS in an existing project:
@@ -72,6 +122,20 @@ spaps status
72
122
  # Shows server status, Stripe connectivity, product sync status
73
123
  ```
74
124
 
125
+ ### Other Commands
126
+
127
+ - `spaps help` — Quick help; `spaps help --interactive` for guided setup
128
+ - `spaps docs` — SDK docs; `spaps docs --interactive` or `--search "query"`
129
+ - `spaps quickstart` — Minimal SDK usage instructions
130
+
131
+ ### JSON Mode (CI)
132
+
133
+ All commands that support `--json` will print machine-readable output. Example:
134
+
135
+ ```bash
136
+ npx spaps local --port 0 --json | jq '.'
137
+ ```
138
+
75
139
  ## 🎯 Key Features
76
140
 
77
141
  ### 🔧 **Zero Configuration**
@@ -79,20 +143,20 @@ spaps status
79
143
  - Real Stripe test keys included
80
144
  - Automatic CORS for any frontend
81
145
 
82
- ### 🎭 **Smart Test Users**
83
- Switch between user roles instantly:
146
+ ### 🎭 Smart Test Users (local‑only)
147
+ Switch between user roles instantly (local server only):
84
148
 
85
149
  ```bash
86
- # Via query parameter
87
- curl "http://localhost:3456/api/auth/user?_user=admin"
150
+ # Prefer header (local‑only)
151
+ curl -H "X-Test-User: premium" "http://localhost:3300/api/auth/user"
88
152
 
89
- # Via header
90
- curl -H "X-Test-User: premium" "http://localhost:3456/api/auth/user"
153
+ # Or query param (local‑only convenience)
154
+ curl "http://localhost:3300/api/auth/user?_user=admin"
91
155
  ```
92
156
 
93
157
  Available roles: `user`, `admin`, `premium`
94
158
 
95
- ### 💳 **Real Stripe Integration**
159
+ ### 💳 Real Stripe Integration
96
160
  - **Real API calls** to Stripe test mode
97
161
  - Create actual checkout sessions
98
162
  - Receive real webhooks
@@ -109,17 +173,22 @@ Visit `/admin` for a complete management interface:
109
173
 
110
174
  ## 🔌 API Endpoints
111
175
 
112
- | Endpoint | Method | Description |
113
- |----------|--------|-------------|
114
- | `/api/auth/login` | POST | Email/password authentication |
115
- | `/api/auth/wallet-sign-in` | POST | Wallet signature authentication |
116
- | `/api/auth/magic-link` | POST | Send magic link email |
117
- | `/api/stripe/products` | GET | List Stripe products |
118
- | `/api/stripe/checkout-sessions` | POST | Create checkout session |
119
- | `/api/stripe/webhooks` | POST | Handle Stripe webhooks |
120
- | `/api/admin/products` | GET/POST | Manage products |
121
- | `/health` | GET | Server health check |
122
- | `/docs` | GET | Interactive API documentation |
176
+ | Endpoint | Method | SDK Mapping | Description |
177
+ |----------|--------|-------------|-------------|
178
+ | `/api/auth/login` | POST | `sdk.auth.signInWithPassword` | Email/password authentication |
179
+ | `/api/auth/register` | POST | `sdk.auth.register` | Register new user |
180
+ | `/api/auth/user` | GET | `sdk.auth.getCurrentUser` | Current authenticated user |
181
+ | `/api/auth/wallet-sign-in` | POST | `sdk.auth.signInWithWallet` / `sdk.auth.authenticateWallet` | Wallet signature authentication |
182
+ | `/api/auth/refresh` | POST | `sdk.auth.refreshToken` | Refresh access token |
183
+ | `/api/auth/logout` | POST | `sdk.auth.logout` | Log out |
184
+ | `/api/stripe/products` | GET | `sdk.payments.listProducts` | List Stripe products |
185
+ | `/api/stripe/products/:id` | GET | `sdk.payments.getProduct` | Get product (+prices) |
186
+ | `/api/stripe/prices` | POST | `sdk.payments.createPrice` | Create price (admin) |
187
+ | `/api/stripe/checkout-sessions` | POST | `sdk.payments.createCheckoutSession` | Create checkout session |
188
+ | `/api/stripe/checkout-sessions/:id` | GET | `sdk.payments.getCheckoutSession` | Retrieve checkout session |
189
+ | `/api/stripe/webhooks` | POST | — | Stripe webhook receiver |
190
+ | `/health` | GET | `sdk.healthCheck` | Server health check |
191
+ | `/docs` | GET | — | Interactive API documentation |
123
192
 
124
193
  ## 💡 Usage Examples
125
194
 
@@ -128,7 +197,7 @@ Visit `/admin` for a complete management interface:
128
197
  ```javascript
129
198
  // React/Next.js example
130
199
  const createCheckout = async () => {
131
- const response = await fetch('http://localhost:3456/api/stripe/checkout-sessions', {
200
+ const response = await fetch('http://localhost:3300/api/stripe/checkout-sessions', {
132
201
  method: 'POST',
133
202
  headers: { 'Content-Type': 'application/json' },
134
203
  body: JSON.stringify({
@@ -143,14 +212,14 @@ const createCheckout = async () => {
143
212
  };
144
213
  ```
145
214
 
146
- ### Test Different User Roles
215
+ ### Test Different User Roles (local‑only)
147
216
 
148
217
  ```javascript
149
218
  // Test as admin user
150
- fetch('http://localhost:3456/api/auth/user?_user=admin')
219
+ fetch('http://localhost:3300/api/auth/user?_user=admin')
151
220
 
152
221
  // Test wallet authentication
153
- fetch('http://localhost:3456/api/auth/wallet-sign-in', {
222
+ fetch('http://localhost:3300/api/auth/wallet-sign-in', {
154
223
  method: 'POST',
155
224
  body: JSON.stringify({
156
225
  wallet_address: '1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa',
@@ -162,7 +231,7 @@ fetch('http://localhost:3456/api/auth/wallet-sign-in', {
162
231
  ## 🏗️ Development Workflow
163
232
 
164
233
  1. **Start SPAPS**: `npx spaps local`
165
- 2. **Build your frontend** against `http://localhost:3456`
234
+ 2. **Build your frontend** against `http://localhost:3300`
166
235
  3. **Test payments** using Stripe's test cards
167
236
  4. **Monitor webhooks** at `/api/stripe/webhooks/test`
168
237
  5. **Manage data** via `/admin` dashboard
@@ -170,11 +239,43 @@ fetch('http://localhost:3456/api/auth/wallet-sign-in', {
170
239
 
171
240
  ## 🔒 Environment & Security
172
241
 
173
- **Local Mode Safety:**
174
- - Only runs on localhost (production-safe)
242
+ Local mode safety:
243
+ - Only runs on localhost
175
244
  - Uses Stripe test keys by default
176
245
  - All data stored locally in `.spaps/` directory
177
- - Headers indicate local development mode
246
+ - Responses include local‑mode headers/metadata for visibility
247
+
248
+ ## Curl Examples (Header‑First)
249
+
250
+ Authenticated (prod/staging):
251
+
252
+ ```bash
253
+ export SPAPS_API_URL=https://api.yourdomain
254
+ export SPAPS_API_KEY=spaps_XXXXXXXXXXXXXXXX
255
+
256
+ curl -X POST "$SPAPS_API_URL/api/stripe/checkout-sessions" \
257
+ -H "Content-Type: application/json" \
258
+ -H "X-API-Key: $SPAPS_API_KEY" \
259
+ -d '{
260
+ "price_id": "price_1234567890",
261
+ "success_url": "https://yourapp/success",
262
+ "cancel_url": "https://yourapp/cancel"
263
+ }'
264
+ ```
265
+
266
+ Local (no key, role sim via header):
267
+
268
+ ```bash
269
+ export SPAPS_API_URL=http://localhost:3300
270
+
271
+ curl -X GET "$SPAPS_API_URL/api/auth/user" \
272
+ -H "X-Test-User: admin" \
273
+ -H "x-local-mode: true"
274
+ ```
275
+
276
+ Note: `X-Test-User` and `x-local-mode` are ignored in production.
277
+
278
+
178
279
 
179
280
  **Stripe Configuration:**
180
281
  - Real Stripe test API integration
@@ -199,11 +300,112 @@ npm install --save-dev spaps
199
300
 
200
301
  - 📖 **Full Documentation**: [sweetpotato.dev](https://sweetpotato.dev)
201
302
  - 🔧 **Production Setup**: See deployment guides
202
- - 💬 **Get Help**: [GitHub Issues](https://github.com/yourusername/sweet-potato/issues)
303
+ - 💬 **Get Help**: [GitHub Issues](https://github.com/buildooor/sweet-potato/issues)
203
304
  - 🚀 **Examples**: Check `/examples` directory
204
305
 
306
+ ## 🤝 Pair with the SDK
307
+
308
+ Use the SDK in your app while running the local server:
309
+
310
+ ```bash
311
+ npm install spaps-sdk
312
+ ```
313
+
314
+ ```ts
315
+ import { SPAPSClient } from 'spaps-sdk';
316
+
317
+ const spaps = new SPAPSClient(); // auto-detects local mode
318
+ const { data } = await spaps.login('user@example.com', 'password');
319
+ console.log('User:', data.user);
320
+ ```
321
+
322
+ ## 🚀 Production Deployment
323
+
324
+ Ready to go live? SPAPS supports seamless migration from local to production:
325
+
326
+ ### Local → Production Workflow
327
+
328
+ 1. **Export Local Data**:
329
+ ```bash
330
+ # Export your products, orders, and customers
331
+ curl http://localhost:3300/api/admin/export > spaps-data.json
332
+ ```
333
+
334
+ 2. **Set Up Production Server**:
335
+ ```bash
336
+ # Deploy to your server (DigitalOcean, AWS, etc.)
337
+ # Example production server: http://104.131.188.214:3000
338
+ git clone https://github.com/build000r/sweet-potato
339
+ cd sweet-potato
340
+ npm install
341
+ ```
342
+
343
+ 3. **Configure Environment**:
344
+ ```bash
345
+ # Set production environment variables
346
+ SUPABASE_URL=https://your-project.supabase.co
347
+ SUPABASE_SERVICE_KEY=eyJhb...your-service-key
348
+ STRIPE_SECRET_KEY=sk_live_... # Your live Stripe key
349
+ JWT_SECRET=your-32-char-secure-secret
350
+ ```
351
+
352
+ 4. **Sync Products to Production Stripe**:
353
+ ```bash
354
+ # Import your local products to production Stripe
355
+ curl -X POST http://104.131.188.214:3000/api/v1/admin/products/sync \
356
+ -H "Content-Type: application/json" \
357
+ -d @spaps-data.json
358
+ ```
359
+
360
+ 5. **Update Frontend Config**:
361
+ ```javascript
362
+ // Change from local to production endpoint
363
+ const SPAPS_URL = 'http://104.131.188.214:3000'; // Your production server
364
+ ```
365
+
366
+ ### Production Features
367
+
368
+ The production SPAPS server includes:
369
+ - ✅ **Real Supabase integration** with RLS policies
370
+ - ✅ **Live Stripe webhooks** with signature verification
371
+ - ✅ **Multi-wallet authentication** (Solana, Ethereum, Base, Bitcoin)
372
+ - ✅ **JWT authentication** with refresh tokens
373
+ - ✅ **Rate limiting** and security middleware
374
+ - ✅ **Usage tracking** and analytics
375
+ - ✅ **Multi-tenant support** for multiple client apps
376
+
377
+ ### Health Check
378
+
379
+ Check if your production server is running:
380
+ ```bash
381
+ curl http://104.131.188.214:3000/health
382
+ # Returns: {"status":"healthy","mode":"production"}
383
+ ```
384
+
385
+ ---
386
+
387
+ ## 🔒 New in v0.5.0: Admin Middleware & Permissions!
388
+
389
+ Built-in admin middleware and permission utilities for secure Express.js applications:
390
+
391
+ ```javascript
392
+ const { requireAdmin, isAdminAccount } = require('spaps');
393
+
394
+ // Protect admin routes
395
+ app.get('/admin/dashboard', requireAdmin(), (req, res) => {
396
+ res.json({ message: 'Admin only!' });
397
+ });
398
+
399
+ // Check admin status
400
+ if (isAdminAccount('buildooor@gmail.com')) {
401
+ // Grant admin access
402
+ }
403
+ ```
404
+
405
+ See [ADMIN_MIDDLEWARE.md](./ADMIN_MIDDLEWARE.md) for complete documentation.
406
+
205
407
  ---
206
408
 
207
- **Current Version**: v0.3.9
409
+ **Current Version**: v0.5.0
208
410
  **License**: MIT
209
- **Node.js**: >=16.0.0 required
411
+ **Node.js**: >=16.0.0 required