stackkit 0.2.6 → 0.2.7

package/modules/auth/authjs/generator.json

@@ -5,18 +5,18 @@
   "operations": [
     {
       "type": "create-file",
-      "source": "lib/auth.ts",
-      "destination": "lib/auth.ts"
+      "source": "shared/lib/auth.ts",
+      "destination": "server/auth/auth.ts"
     },
     {
       "type": "create-file",
-      "source": "api/auth/[...nextauth]/route.ts",
+      "source": "nextjs/api/auth/[...nextauth]/route.ts",
       "destination": "app/api/auth/[...nextauth]/route.ts"
     },
     {
       "type": "create-file",
-      "destination": "proxy.ts",
-      "content": "export { auth as proxy } from \"@/lib/auth\""
+      "source": "nextjs/proxy.ts",
+      "destination": "proxy.ts"
     },
     {
       "type": "patch-file",
@@ -25,7 +25,7 @@
       "operations": [
         {
           "type": "add-to-bottom",
-          "source": "prisma/schema.prisma"
+          "source": "shared/prisma/schema.prisma"
         }
       ]
     },
@@ -41,13 +41,23 @@
       "envVars": {
         "AUTH_SECRET": "",
         "AUTH_GOOGLE_ID": "",
-        "AUTH_GOOGLE_SECRET": ""
+        "AUTH_GOOGLE_SECRET": "",
+        "EMAIL_HOST": "smtp.gmail.com",
+        "EMAIL_PORT": "587",
+        "EMAIL_USER": "",
+        "EMAIL_PASS": "",
+        "EMAIL_FROM": "noreply@yourapp.com"
       }
     },
     {
       "type": "add-dependency",
       "dependencies": {
-        "next-auth": "^5.0.0-beta.30"
+        "next-auth": "^5.0.0-beta.30",
+        "bcryptjs": "^3.0.3",
+        "nodemailer": "^7.0.12"
+      },
+      "devDependencies": {
+        "@types/nodemailer": "^7.0.5"
       }
     }
   ]

package/modules/auth/better-auth/files/express/middlewares/authorize.ts

@@ -0,0 +1,54 @@
+import { NextFunction, Request, Response } from "express";
+import { auth } from "../../modules/auth/auth";
+
+export enum UserRole {
+    USER = "USER",
+    ADMIN = "ADMIN"
+}
+
+const authorize = (...roles: UserRole[]) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      // get user session
+      const session = await auth?.api.getSession({
+        headers: req.headers as any,
+      });
+
+      if (!session) {
+        return res.status(401).json({
+          success: false,
+          message: "You are not authorized!",
+        });
+      }
+
+      if (!session.user.emailVerified) {
+        return res.status(403).json({
+          success: false,
+          message: "Email verification required. Please verify your email!",
+        });
+      }
+
+      req.user = {
+        id: session.user.id,
+        email: session.user.email,
+        name: session.user.name,
+        role: session.user.role as string,
+        emailVerified: session.user.emailVerified,
+      };
+
+      if (roles.length && !roles.includes(req.user.role as UserRole)) {
+        return res.status(403).json({
+          success: false,
+          message:
+            "Forbidden! You don't have permission to access this resources!",
+        });
+      }
+
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+};
+
+export default authorize;

package/modules/auth/better-auth/files/express/types/express.d.ts

@@ -0,0 +1,16 @@
+declare global {
+    namespace Express {
+        interface Request {
+            user?: {
+                id: string;
+                email: string;
+                name: string;
+                role: string;
+                emailVerified: boolean;
+            }
+        }
+    }
+}
+
+export { };
+

package/modules/auth/better-auth/files/nextjs/lib/auth/auth-guards.ts

@@ -0,0 +1,31 @@
+import { auth } from "@/lib/auth";
+import { headers } from "next/headers";
+import { redirect } from "next/navigation";
+
+export async function getSession() {
+  const session = await auth.api.getSession({
+    headers: await headers(),
+  });
+
+  return session;
+}
+
+export async function requireAdmin() {
+  const session = await getSession();
+
+  if (!session || session.user.role !== "ADMIN") {
+    redirect("/login");
+  }
+
+  return session.user;
+}
+
+export async function getUser() {
+  const session = await getSession();
+
+  if (!session) {
+    redirect("/login");
+  }
+
+  return session.user;
+}

package/modules/auth/better-auth/files/nextjs/proxy.ts

@@ -0,0 +1,34 @@
+import { NextResponse, type NextRequest } from "next/server";
+
+function isAuthenticated(req: NextRequest) {
+  const token = req.cookies.get("better-auth.session_token")?.value;
+
+  return Boolean(token);
+}
+
+export function proxy(req: NextRequest) {
+  const { pathname, search } = req.nextUrl;
+  const authed = isAuthenticated(req);
+
+  if (pathname === "/login" || pathname === "/signup") {
+    if (authed) return NextResponse.redirect(new URL("/dashboard", req.url));
+    return NextResponse.next();
+  }
+
+  if (pathname.startsWith("/dashboard") && !authed) {
+    const next = encodeURIComponent(pathname + (search || ""));
+    return NextResponse.redirect(new URL(`/login?next=${next}`, req.url));
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: [
+    "/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)",
+    "/(api|trpc)(.*)",
+    "/login",
+    "/signup",
+    "/dashboard/:path*",
+  ],
+};

package/modules/auth/better-auth/files/{lib → shared/lib}/auth-client.ts

@@ -1,7 +1,7 @@
 import { createAuthClient } from "better-auth/react";
 
 export const authClient = createAuthClient({
-  baseURL: "http://localhost:3000",
+  baseURL: process.env.BETTER_AUTH_URL || "http://localhost:4000",
 });
 
 export const { signIn, signUp, signOut, useSession } = authClient;

package/modules/auth/better-auth/files/{lib → shared/lib}/auth.ts

@@ -1,35 +1,54 @@
 import { betterAuth } from "better-auth";
-import { sendEmail } from "./email/email-service";
-import { getVerificationEmailTemplate, getPasswordResetEmailTemplate } from "./email/email-templates";
-{{#switch database}}
-{{#case prisma}}
-import { prisma } from "./prisma";
+{{#if combo == "prisma:express"}}
+import { sendEmail } from "../../shared/email/email-service";
+import {
+  getPasswordResetEmailTemplate,
+  getVerificationEmailTemplate,
+} from "../../shared/email/email-templates";
+import { prisma } from "../../database/prisma";
 import { prismaAdapter } from "better-auth/adapters/prisma";
-{{/case}}
-{{#case mongoose}}
-import { mongoose } from "./mongoose";
+{{/if}}
+
+{{#if combo == "prisma:nextjs"}}
+import { getPasswordResetEmailTemplate, getVerificationEmailTemplate } from "../service/email/email-templates";
+import { sendEmail } from "../service/email/email-service";
+import { prisma } from "../database/prisma";
+import { prismaAdapter } from "better-auth/adapters/prisma";
+{{/if}}
+
+{{#if combo == "mongoose:express"}}
+import { sendEmail } from "../../shared/email/email-service";
+import {
+  getPasswordResetEmailTemplate,
+  getVerificationEmailTemplate,
+} from "../../shared/email/email-templates";
+import { mongoose } from "../../database/mongoose";
+import { mongodbAdapter } from "better-auth/adapters/mongodb";
+{{/if}}
+
+{{#if combo == "mongoose:nextjs"}}
+import { getPasswordResetEmailTemplate, getVerificationEmailTemplate } from "../service/email/email-templates";
+import { sendEmail } from "../service/email/email-service";
+import { mongoose } from "../database/mongoose";
 import { mongodbAdapter } from "better-auth/adapters/mongodb";
-{{/case}}
-{{/switch}}
+{{/if}}
 
 export async function initAuth() {
-{{#if database == 'mongoose'}}
+{{#if database == "mongoose"}}
 const mongooseInstance = await mongoose();
 const client = mongooseInstance.connection.getClient();
 const db = client.db();
 {{/if}}
 
 return betterAuth({
-{{#switch database}}
-{{#case prisma}}
+{{#if database == "prisma"}}
   database: prismaAdapter(prisma, {
     provider: "{{prismaProvider}}",
   }),
-{{/case}}
-{{#case mongoose}}
+{{/if}}
+{{#if database == "mongoose"}}
   database: mongodbAdapter(db, { client }),
-{{/case}}
-{{/switch}}
+{{/if}}
   baseURL: process.env.BETTER_AUTH_URL,
   secret: process.env.BETTER_AUTH_SECRET,
   trustedOrigins: [process.env.APP_URL!],
@@ -57,8 +76,10 @@ return betterAuth({
   },
   socialProviders: {
     google: {
-      clientId: process.env.GOOGLE_CLIENT_ID!,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+      accessType: "offline", 
+      prompt: "select_account consent",
+      clientId: process.env.GOOGLE_CLIENT_ID as string,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
     },
   },
   emailVerification: {
@@ -95,4 +116,9 @@ return betterAuth({
  })
 };
 
-export const auth = await initAuth();
+export let auth: any = undefined;
+
+export async function setupAuth() {
+  auth = await initAuth();
+  return auth;
+}

package/modules/auth/better-auth/files/{prisma → shared/prisma}/schema.prisma

@@ -1,4 +1,8 @@
-{{#var defaultId = {{#if prismaProvider == "mongodb"}}@default(auto()) @map("_id") @db.ObjectId{{else}}@default(cuid()){{/if}}}}
+{{#if prismaProvider == "mongodb"}}
+{{#var defaultId = @default(auto()) @map("_id") @db.ObjectId}}
+{{else}}
+{{#var defaultId = @default(cuid())}}
+{{/if}}
 model User {
     id            String    @id {{defaultId}}
     name          String
@@ -9,7 +13,7 @@ model User {
     updatedAt     DateTime  @updatedAt
     sessions      Session[]
     accounts      Account[]
-    role          String    @default("USER")
+    role          Role    @default(USER)
 
     @@unique([email])
     @@map("user")
@@ -61,3 +65,8 @@ model Verification {
     @@index([identifier])
     @@map("verification")
 }
+
+enum Role {
+    USER
+    ADMIN
+}

package/modules/auth/better-auth/generator.json

@@ -5,33 +5,81 @@
   "operations": [
     {
       "type": "create-file",
-      "source": "lib/auth.ts",
-      "destination": "lib/auth.ts",
-      "condition": { "framework": ["nextjs", "express"] }
+      "source": "shared/lib/auth.ts",
+      "destination": "server/auth/auth.ts",
+      "condition": { "framework": ["nextjs"] }
     },
     {
       "type": "create-file",
-      "source": "lib/email-service.ts",
-      "destination": "lib/email/email-service.ts",
-      "condition": { "framework": ["nextjs", "express"] }
+      "source": "shared/lib/auth.ts",
+      "destination": "src/modules/auth/auth.ts",
+      "condition": { "framework": ["express"] }
     },
     {
       "type": "create-file",
-      "source": "lib/email-templates.ts",
-      "destination": "lib/email/email-templates.ts",
-      "condition": { "framework": ["nextjs", "express"] }
+      "source": "shared/lib/email/email-service.ts",
+      "destination": "server/service/email/email-service.ts",
+      "condition": { "framework": ["nextjs"] }
     },
     {
       "type": "create-file",
-      "source": "api/auth/[...all]/route.ts",
+      "source": "shared/lib/email/email-service.ts",
+      "destination": "src/shared/email/email-service.ts",
+      "condition": { "framework": ["express"] }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/email/email-templates.ts",
+      "destination": "server/service/email/email-templates.ts",
+      "condition": { "framework": ["nextjs"] }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/email/email-templates.ts",
+      "destination": "src/shared/email/email-templates.ts",
+      "condition": { "framework": ["express"] }
+    },
+    {
+      "type": "create-file",
+      "source": "nextjs/api/auth/[...all]/route.ts",
       "destination": "app/api/auth/[...all]/route.ts",
       "condition": { "framework": "nextjs" }
     },
     {
       "type": "create-file",
-      "source": "lib/auth-client.ts",
-      "destination": "lib/auth-client.ts",
-      "condition": { "framework": ["nextjs", "react"] }
+      "source": "nextjs/proxy.ts",
+      "destination": "proxy.ts",
+      "condition": { "framework": "nextjs" }
+    },
+    {
+      "type": "create-file",
+      "source": "nextjs/lib/auth/auth-guards.ts",
+      "destination": "server/auth/guards.ts",
+      "condition": { "framework": "nextjs" }
+    },
+    {
+      "type": "create-file",
+      "source": "express/middlewares/authorize.ts",
+      "destination": "src/shared/middlewares/authorize.middleware.ts",
+      "condition": { "framework": "express" }
+    },
+    {
+      "type": "create-file",
+      "source": "express/types/express.d.ts",
+      "destination": "src/types/express.d.ts",
+      "condition": { "framework": "express" }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/auth-client.ts",
+      "destination": "lib/auth/auth-client.ts",
+      "condition": { "framework": ["nextjs"] }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/auth-client.ts",
+      "destination": "src/shared/lib/auth-client.ts",
+      "condition": { "framework": ["react"] }
     },
     {
       "type": "patch-file",
@@ -40,7 +88,7 @@
       "operations": [
         {
           "type": "add-to-bottom",
-          "source": "prisma/schema.prisma"
+          "source": "shared/prisma/schema.prisma"
         }
       ]
     },
@@ -51,12 +99,12 @@
       "operations": [
         {
           "type": "add-import",
-          "imports": ["import { initAuth } from \"../lib/auth\";"]
+          "imports": ["import { setupAuth } from \"./modules/auth/auth\";"]
         },
         {
           "type": "add-code",
           "before": "const port = env.port;",
-          "code": "await initAuth();"
+          "code": "await setupAuth();"
         }
       ]
     },
@@ -67,13 +115,20 @@
       "operations": [
         {
           "type": "add-import",
-          "imports": ["import { auth } from \"../lib/auth\";",
+          "imports": ["import { auth } from \"./modules/auth/auth\";",
           "import { toNodeHandler } from \"better-auth/node\";"]
         },
         {
           "type": "add-code",
-          "after": "// routes",
-          "code": "app.all(\"/api/auth/*splat\", toNodeHandler(auth));"
+          "after": "// API routes",
+          "code": [
+            "app.all(\"/api/auth/*splat\", (req: Request, res: Response) => {",
+            "  if (!auth) {",
+            "    return res.status(503).json({ success: false, message: \"Auth not ready\" });",
+            "  }",
+            "  return toNodeHandler(auth)(req, res);",
+            "});"
+          ]
         }
       ]
     },

package/modules/database/mongoose/generator.json

@@ -6,12 +6,26 @@
     {
       "type": "create-file",
       "source": "lib/mongoose.ts",
-      "destination": "lib/mongoose.ts"
+      "destination": "server/database/mongoose.ts",
+      "condition": { "framework": ["nextjs"] }
+    },
+    {
+      "type": "create-file",
+      "source": "lib/mongoose.ts",
+      "destination": "src/database/mongoose.ts",
+      "condition": { "framework": ["express"] }
+    },
+    {
+      "type": "create-file",
+      "source": "models/health.ts",
+      "destination": "src/modules/health/health.model.ts",
+      "condition": { "framework": ["express"] }
     },
     {
       "type": "create-file",
       "source": "models/health.ts",
-      "destination": "models/health.ts"
+      "destination": "server/database/models/health.model.ts",
+      "condition": { "framework": ["nextjs"] }
     },
     {
       "type": "patch-file",

package/modules/database/prisma/files/lib/prisma.ts

@@ -1,5 +1,5 @@
+import { PrismaClient } from "@prisma/client";
 import 'dotenv/config';
-import { PrismaClient } from './generated/prisma/client'
 
 const globalForPrisma = globalThis as unknown as {
   prisma: PrismaClient | undefined

package/modules/database/prisma/files/prisma/schema.prisma

@@ -1,6 +1,5 @@
 generator client {
-    provider = "prisma-client"
-    output   = "../lib/generated/prisma"
+    provider = "prisma-client-js"
 }
 
 datasource db {

package/modules/database/prisma/generator.json

@@ -16,7 +16,14 @@
     {
       "type": "create-file",
       "source": "lib/prisma.ts",
-      "destination": "lib/prisma.ts"
+      "destination": "server/database/prisma.ts",
+      "condition": { "framework": ["nextjs"] }
+    },
+    {
+      "type": "create-file",
+      "source": "lib/prisma.ts",
+      "destination": "src/database/prisma.ts",
+      "condition": { "framework": ["express"] }
     },
     {
       "type": "add-dependency",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "stackkit",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "description": "Production-ready CLI to create and extend JavaScript or TypeScript apps with modular stacks.",
   "main": "dist/index.js",
   "bin": {
@@ -80,4 +80,4 @@
     "@types/validate-npm-package-name": "^4.0.2",
     "typescript": "^5.3.3"
   }
-}
+}

package/templates/express/env.example

@@ -1,2 +1,3 @@
 PORT=3000
-NODE_ENV=development
+NODE_ENV=development
+CORS_ORIGIN="http://localhost:3000"

package/templates/express/package.json

@@ -8,15 +8,15 @@
     "build": "tsc",
     "lint": "eslint src --ext .ts",
     "lint:fix": "eslint src --ext .ts --fix",
-    "start": "node dist/server.js",
-    "start:prod": "cross-env NODE_ENV=production node dist/server.js"
+    "start": "node dist/server.js"
   },
   "dependencies": {
     "cors": "^2.8.5",
     "dotenv": "^17.2.3",
     "express": "^5.2.1",
     "helmet": "^8.1.0",
-    "morgan": "^1.10.1"
+    "morgan": "^1.10.1",
+    "express-rate-limit": "^6.10.0"
   },
   "devDependencies": {
     "@types/cors": "^2.8.19",
@@ -25,7 +25,6 @@
     "@types/node": "^25.0.8",
     "@typescript-eslint/eslint-plugin": "^8.53.0",
     "@typescript-eslint/parser": "^8.53.0",
-    "cross-env": "^10.1.0",
     "eslint": "^9.39.2",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3"

package/templates/express/src/app.ts

@@ -1,28 +1,26 @@
-import cors from "cors";
-import express, { Application, NextFunction, Request, Response } from "express";
-import helmet from "helmet";
-import morgan from "morgan";
-import { env } from "./config/env";
-import { authRoutes } from "./features/health/health.route";
-import { errorHandler } from "./middlewares/error.middleware";
+import express, { Application, Request, Response } from "express";
+import { cors } from "./config/cors";
+import { helmet } from "./config/helmet";
+import { logger } from "./config/logger";
+import { limiter } from "./config/rate-limit";
+import { apiRoutes } from "./routes";
+import { errorHandler } from "./shared/middlewares/error.middleware";
+import { notFound } from "./shared/middlewares/not-found.middleware";
 
 // app initialization
 const app: Application = express();
 app.use(express.json());
 
-// security headers
-app.use(helmet());
+app.use(helmet);
+app.use(logger);
+app.use(cors);
+app.use(limiter);
 
-// logging
-if (env.isProduction) {
-  app.use(morgan("combined"));
-} else {
-  app.use(morgan("dev"));
+// trust proxy when behind proxies (load balancers)
+if (process.env.NODE_ENV === "production") {
+  app.set("trust proxy", 1);
 }
 
-// cors configuration
-app.use(cors());
-
 // Home page route
 app.get("/", (_req: Request, res: Response) => {
   res.status(200).json({
@@ -34,16 +32,11 @@ app.get("/", (_req: Request, res: Response) => {
   });
 });
 
-// routes
-app.use("/api/health", authRoutes);
+// API routes
+app.use("/api", apiRoutes);
 
 // unhandled routes
-app.use((req: Request, _res: Response, next: NextFunction) => {
-  const error: any = new Error(`Can't find ${req.originalUrl} on this server!`);
-  error.status = 404;
-
-  next(error);
-});
+app.use(notFound);
 
 // Global error handler
 app.use(errorHandler);

package/templates/express/src/config/cors.ts

@@ -0,0 +1,12 @@
+import createCors from "cors";
+import { env } from "./env";
+
+const origin = env.isProduction
+  ? process.env.CORS_ORIGIN
+    ? process.env.CORS_ORIGIN.split(",").map((s) => s.trim())
+    : false
+  : true;
+
+const cors = createCors({ origin });
+
+export { cors };

package/templates/express/src/config/helmet.ts

@@ -0,0 +1,5 @@
+import createHelmet from "helmet";
+
+const helmet = createHelmet();
+
+export { helmet };