stackkit 0.2.6 → 0.2.8

package/dist/lib/utils/path-resolver.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getModulesPath = getModulesPath;
+exports.getTemplatesPath = getTemplatesPath;
+exports.getModulePath = getModulePath;
+exports.getModuleJsonPath = getModuleJsonPath;
+exports.getGeneratorJsonPath = getGeneratorJsonPath;
+exports.getModuleFilesPath = getModuleFilesPath;
+exports.getTemplateJsonPath = getTemplateJsonPath;
+exports.getDatabaseModulesPath = getDatabaseModulesPath;
+exports.getAuthModulesPath = getAuthModulesPath;
+const path_1 = __importDefault(require("path"));
+const constants_1 = require("../constants");
+const package_root_1 = require("./package-root");
+function getModulesPath() {
+    return path_1.default.join((0, package_root_1.getPackageRoot)(), constants_1.DIRECTORY_NAMES.MODULES);
+}
+function getTemplatesPath() {
+    return path_1.default.join((0, package_root_1.getPackageRoot)(), constants_1.DIRECTORY_NAMES.TEMPLATES);
+}
+function getModulePath(category, moduleName) {
+    return path_1.default.join(getModulesPath(), category, moduleName);
+}
+function getModuleJsonPath(category, moduleName) {
+    return path_1.default.join(getModulePath(category, moduleName), constants_1.FILE_NAMES.MODULE_JSON);
+}
+function getGeneratorJsonPath(category, moduleName) {
+    return path_1.default.join(getModulePath(category, moduleName), constants_1.FILE_NAMES.GENERATOR_JSON);
+}
+function getModuleFilesPath(category, moduleName) {
+    return path_1.default.join(getModulePath(category, moduleName), constants_1.DIRECTORY_NAMES.FILES);
+}
+function getTemplateJsonPath(frameworkName) {
+    return path_1.default.join(getTemplatesPath(), frameworkName, constants_1.FILE_NAMES.TEMPLATE_JSON);
+}
+function getDatabaseModulesPath() {
+    return path_1.default.join(getModulesPath(), constants_1.MODULE_CATEGORIES.DATABASE);
+}
+function getAuthModulesPath() {
+    return path_1.default.join(getModulesPath(), constants_1.MODULE_CATEGORIES.AUTH);
+}

package/modules/auth/authjs/files/nextjs/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,3 @@
+import { handlers } from "@/auth"
+
+export const { GET, POST } = handlers

package/modules/auth/authjs/files/nextjs/proxy.ts

@@ -0,0 +1 @@
+export { auth as proxy } from "@/lib/auth";

package/modules/auth/authjs/files/shared/lib/auth.ts

@@ -0,0 +1,119 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import { PrismaAdapter } from "@auth/prisma-adapter";
+import bcrypt from "bcryptjs";
+import NextAuth from "next-auth";
+import Credentials from "next-auth/providers/credentials";
+import EmailProvider from "next-auth/providers/email";
+import Google from "next-auth/providers/google";
+import {
+  getUserById,
+  getUserByProviderAccountId,
+  getUserByUsername,
+} from "./actions/auth";
+import { sendEmail } from "./email/email-service";
+import { getVerificationEmailTemplate } from "./email/email-templates";
+import { prisma } from "./prisma";
+
+const options: any = {
+  adapter: PrismaAdapter(prisma),
+  providers: [
+    Google({
+      clientId: process.env.GOOGLE_CLIENT_ID ?? "",
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET ?? "",
+      profile(profile: any) {
+        const p = profile as Record<string, any>;
+        return {
+          id: p.sub ?? p.id,
+          name: p.name,
+          email: p.email,
+          image: p.picture,
+          role: p.role ?? "USER",
+        };
+      },
+    }),
+    (Credentials({
+      id: "credentials",
+      name: "Credentials",
+      credentials: {
+        username: { label: "Email", type: "text" },
+        password: { label: "Password", type: "password" },
+      },
+      async authorize(credentials: any) {
+        if (!credentials?.username || !credentials?.password) return null;
+        const user = await getUserByUsername(credentials.username as string);
+        if (!user) return null;
+        const hashed = (user as any).password;
+        if (!hashed) return null; // OAuth-only account
+        const ok = await bcrypt.compare(credentials.password as string, hashed);
+        if (!ok) return null;
+        // strip sensitive fields
+        const safe = { ...user } as Record<string, any>;
+        delete safe.password;
+        return safe;
+      },
+    }),
+    EmailProvider({
+      server: process.env.EMAIL_SERVER,
+      from: process.env.EMAIL_FROM,
+      async sendVerificationRequest({ identifier, url, provider }: any) {
+        const { html, text } = getVerificationEmailTemplate(
+          { email: identifier },
+          url,
+        );
+        await sendEmail({
+          to: identifier,
+          subject: "Verify your email",
+          html,
+          text,
+          from: provider?.from,
+        });
+      },
+    })),
+  ],
+  callbacks: {
+    // ensure provider-account linking is safe
+    async signIn({ user, account }: any) {
+      if (account && account.provider !== "credentials") {
+        const linked = await getUserByProviderAccountId(
+          account.providerAccountId as string,
+        );
+        if (linked && linked.id !== user.id)
+          return "/sign-in/?error=OAuthAccountNotLinked";
+      }
+      return true;
+    },
+    // keep session payload minimal
+    async jwt({ token, user }: any) {
+      if (user) {
+        token.user = {
+          id: user.id,
+          email: user.email,
+          name: user.name,
+          role: user.role ?? "USER",
+        };
+        token.role = token.user.role;
+      }
+      if (token.sub && !token.user) {
+        const dbUser = await getUserById(token.sub as string);
+        if (dbUser)
+          token.user = {
+            id: dbUser.id,
+            email: dbUser.email,
+            name: dbUser.name,
+            role: (dbUser as any).role ?? "USER",
+          };
+      }
+      return token;
+    },
+    async session({ session, token }: any) {
+      session.user = token.user;
+      session.role = token.role ?? "USER";
+      return session;
+    },
+  },
+  session: { strategy: "jwt" },
+  secret: process.env.AUTH_SECRET,
+  debug: process.env.NODE_ENV !== "production",
+};
+
+export const { handlers, signIn, signOut, auth } = NextAuth(options);

package/modules/auth/authjs/files/{prisma → shared/prisma}/schema.prisma

@@ -1,4 +1,8 @@
-{{#var defaultId = {{#if prismaProvider == "mongodb"}}@default(auto()) @map("_id") @db.ObjectId{{else}}@default(cuid()){{/if}}}}
+{{#if prismaProvider == "mongodb"}}
+{{#var defaultId = @default(auto()) @map("_id") @db.ObjectId}}
+{{else}}
+{{#var defaultId = @default(cuid())}}
+{{/if}}
 model Account {
   id                String  @id {{defaultId}}
   userId            String  @map("user_id")
@@ -35,6 +39,7 @@ model User {
   email         String?   @unique
   emailVerified DateTime? @map("email_verified")
   image         String?
+  role          Role      @default(USER)
   accounts      Account[]
   sessions      Session[]
 
@@ -48,4 +53,9 @@ model VerificationToken {
 
   @@unique([identifier, token])
   @@map("verification_tokens")
+}
+
+enum Role {
+  USER
+  ADMIN
 }

package/modules/auth/authjs/generator.json

@@ -5,18 +5,18 @@
   "operations": [
     {
       "type": "create-file",
-      "source": "lib/auth.ts",
-      "destination": "lib/auth.ts"
+      "source": "shared/lib/auth.ts",
+      "destination": "server/auth/auth.ts"
     },
     {
       "type": "create-file",
-      "source": "api/auth/[...nextauth]/route.ts",
+      "source": "nextjs/api/auth/[...nextauth]/route.ts",
       "destination": "app/api/auth/[...nextauth]/route.ts"
     },
     {
       "type": "create-file",
-      "destination": "proxy.ts",
-      "content": "export { auth as proxy } from \"@/lib/auth\""
+      "source": "nextjs/proxy.ts",
+      "destination": "proxy.ts"
     },
     {
       "type": "patch-file",
@@ -25,7 +25,7 @@
       "operations": [
         {
           "type": "add-to-bottom",
-          "source": "prisma/schema.prisma"
+          "source": "shared/prisma/schema.prisma"
         }
       ]
     },
@@ -41,13 +41,23 @@
       "envVars": {
         "AUTH_SECRET": "",
         "AUTH_GOOGLE_ID": "",
-        "AUTH_GOOGLE_SECRET": ""
+        "AUTH_GOOGLE_SECRET": "",
+        "EMAIL_HOST": "smtp.gmail.com",
+        "EMAIL_PORT": "587",
+        "EMAIL_USER": "",
+        "EMAIL_PASS": "",
+        "EMAIL_FROM": "noreply@yourapp.com"
       }
     },
     {
       "type": "add-dependency",
       "dependencies": {
-        "next-auth": "^5.0.0-beta.30"
+        "next-auth": "^5.0.0-beta.30",
+        "bcryptjs": "^3.0.3",
+        "nodemailer": "^7.0.12"
+      },
+      "devDependencies": {
+        "@types/nodemailer": "^7.0.5"
       }
     }
   ]

package/modules/auth/better-auth/files/express/middlewares/authorize.ts

@@ -0,0 +1,54 @@
+import { NextFunction, Request, Response } from "express";
+import { auth } from "../../modules/auth/auth";
+
+export enum UserRole {
+    USER = "USER",
+    ADMIN = "ADMIN"
+}
+
+const authorize = (...roles: UserRole[]) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      // get user session
+      const session = await auth?.api.getSession({
+        headers: req.headers as any,
+      });
+
+      if (!session) {
+        return res.status(401).json({
+          success: false,
+          message: "You are not authorized!",
+        });
+      }
+
+      if (!session.user.emailVerified) {
+        return res.status(403).json({
+          success: false,
+          message: "Email verification required. Please verify your email!",
+        });
+      }
+
+      req.user = {
+        id: session.user.id,
+        email: session.user.email,
+        name: session.user.name,
+        role: session.user.role as string,
+        emailVerified: session.user.emailVerified,
+      };
+
+      if (roles.length && !roles.includes(req.user.role as UserRole)) {
+        return res.status(403).json({
+          success: false,
+          message:
+            "Forbidden! You don't have permission to access this resources!",
+        });
+      }
+
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+};
+
+export default authorize;

package/modules/auth/better-auth/files/express/types/express.d.ts

@@ -0,0 +1,16 @@
+declare global {
+    namespace Express {
+        interface Request {
+            user?: {
+                id: string;
+                email: string;
+                name: string;
+                role: string;
+                emailVerified: boolean;
+            }
+        }
+    }
+}
+
+export { };
+

package/modules/auth/better-auth/files/nextjs/lib/auth/auth-guards.ts

@@ -0,0 +1,31 @@
+import { auth } from "@/lib/auth";
+import { headers } from "next/headers";
+import { redirect } from "next/navigation";
+
+export async function getSession() {
+  const session = await auth.api.getSession({
+    headers: await headers(),
+  });
+
+  return session;
+}
+
+export async function requireAdmin() {
+  const session = await getSession();
+
+  if (!session || session.user.role !== "ADMIN") {
+    redirect("/login");
+  }
+
+  return session.user;
+}
+
+export async function getUser() {
+  const session = await getSession();
+
+  if (!session) {
+    redirect("/login");
+  }
+
+  return session.user;
+}

package/modules/auth/better-auth/files/nextjs/proxy.ts

@@ -0,0 +1,34 @@
+import { NextResponse, type NextRequest } from "next/server";
+
+function isAuthenticated(req: NextRequest) {
+  const token = req.cookies.get("better-auth.session_token")?.value;
+
+  return Boolean(token);
+}
+
+export function proxy(req: NextRequest) {
+  const { pathname, search } = req.nextUrl;
+  const authed = isAuthenticated(req);
+
+  if (pathname === "/login" || pathname === "/signup") {
+    if (authed) return NextResponse.redirect(new URL("/dashboard", req.url));
+    return NextResponse.next();
+  }
+
+  if (pathname.startsWith("/dashboard") && !authed) {
+    const next = encodeURIComponent(pathname + (search || ""));
+    return NextResponse.redirect(new URL(`/login?next=${next}`, req.url));
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: [
+    "/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)",
+    "/(api|trpc)(.*)",
+    "/login",
+    "/signup",
+    "/dashboard/:path*",
+  ],
+};

package/modules/auth/better-auth/files/{lib → shared/lib}/auth-client.ts

@@ -1,7 +1,7 @@
 import { createAuthClient } from "better-auth/react";
 
 export const authClient = createAuthClient({
-  baseURL: "http://localhost:3000",
+  baseURL: process.env.BETTER_AUTH_URL || "http://localhost:4000",
 });
 
 export const { signIn, signUp, signOut, useSession } = authClient;

package/modules/auth/better-auth/files/{lib → shared/lib}/auth.ts

@@ -1,35 +1,54 @@
 import { betterAuth } from "better-auth";
-import { sendEmail } from "./email/email-service";
-import { getVerificationEmailTemplate, getPasswordResetEmailTemplate } from "./email/email-templates";
-{{#switch database}}
-{{#case prisma}}
-import { prisma } from "./prisma";
+{{#if combo == "prisma:express"}}
+import { sendEmail } from "../../shared/email/email-service";
+import {
+  getPasswordResetEmailTemplate,
+  getVerificationEmailTemplate,
+} from "../../shared/email/email-templates";
+import { prisma } from "../../database/prisma";
 import { prismaAdapter } from "better-auth/adapters/prisma";
-{{/case}}
-{{#case mongoose}}
-import { mongoose } from "./mongoose";
+{{/if}}
+
+{{#if combo == "prisma:nextjs"}}
+import { getPasswordResetEmailTemplate, getVerificationEmailTemplate } from "../service/email/email-templates";
+import { sendEmail } from "../service/email/email-service";
+import { prisma } from "../database/prisma";
+import { prismaAdapter } from "better-auth/adapters/prisma";
+{{/if}}
+
+{{#if combo == "mongoose:express"}}
+import { sendEmail } from "../../shared/email/email-service";
+import {
+  getPasswordResetEmailTemplate,
+  getVerificationEmailTemplate,
+} from "../../shared/email/email-templates";
+import { mongoose } from "../../database/mongoose";
+import { mongodbAdapter } from "better-auth/adapters/mongodb";
+{{/if}}
+
+{{#if combo == "mongoose:nextjs"}}
+import { getPasswordResetEmailTemplate, getVerificationEmailTemplate } from "../service/email/email-templates";
+import { sendEmail } from "../service/email/email-service";
+import { mongoose } from "../database/mongoose";
 import { mongodbAdapter } from "better-auth/adapters/mongodb";
-{{/case}}
-{{/switch}}
+{{/if}}
 
 export async function initAuth() {
-{{#if database == 'mongoose'}}
+{{#if database == "mongoose"}}
 const mongooseInstance = await mongoose();
 const client = mongooseInstance.connection.getClient();
 const db = client.db();
 {{/if}}
 
 return betterAuth({
-{{#switch database}}
-{{#case prisma}}
+{{#if database == "prisma"}}
   database: prismaAdapter(prisma, {
     provider: "{{prismaProvider}}",
   }),
-{{/case}}
-{{#case mongoose}}
+{{/if}}
+{{#if database == "mongoose"}}
   database: mongodbAdapter(db, { client }),
-{{/case}}
-{{/switch}}
+{{/if}}
   baseURL: process.env.BETTER_AUTH_URL,
   secret: process.env.BETTER_AUTH_SECRET,
   trustedOrigins: [process.env.APP_URL!],
@@ -57,8 +76,10 @@ return betterAuth({
   },
   socialProviders: {
     google: {
-      clientId: process.env.GOOGLE_CLIENT_ID!,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+      accessType: "offline", 
+      prompt: "select_account consent",
+      clientId: process.env.GOOGLE_CLIENT_ID as string,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
     },
   },
   emailVerification: {
@@ -95,4 +116,9 @@ return betterAuth({
  })
 };
 
-export const auth = await initAuth();
+export let auth: any = undefined;
+
+export async function setupAuth() {
+  auth = await initAuth();
+  return auth;
+}

package/modules/auth/better-auth/files/{prisma → shared/prisma}/schema.prisma

@@ -1,4 +1,8 @@
-{{#var defaultId = {{#if prismaProvider == "mongodb"}}@default(auto()) @map("_id") @db.ObjectId{{else}}@default(cuid()){{/if}}}}
+{{#if prismaProvider == "mongodb"}}
+{{#var defaultId = @default(auto()) @map("_id") @db.ObjectId}}
+{{else}}
+{{#var defaultId = @default(cuid())}}
+{{/if}}
 model User {
     id            String    @id {{defaultId}}
     name          String
@@ -9,7 +13,7 @@ model User {
     updatedAt     DateTime  @updatedAt
     sessions      Session[]
     accounts      Account[]
-    role          String    @default("USER")
+    role          Role    @default(USER)
 
     @@unique([email])
     @@map("user")
@@ -61,3 +65,8 @@ model Verification {
     @@index([identifier])
     @@map("verification")
 }
+
+enum Role {
+    USER
+    ADMIN
+}

package/modules/auth/better-auth/generator.json

@@ -5,33 +5,81 @@
   "operations": [
     {
       "type": "create-file",
-      "source": "lib/auth.ts",
-      "destination": "lib/auth.ts",
-      "condition": { "framework": ["nextjs", "express"] }
+      "source": "shared/lib/auth.ts",
+      "destination": "server/auth/auth.ts",
+      "condition": { "framework": ["nextjs"] }
     },
     {
       "type": "create-file",
-      "source": "lib/email-service.ts",
-      "destination": "lib/email/email-service.ts",
-      "condition": { "framework": ["nextjs", "express"] }
+      "source": "shared/lib/auth.ts",
+      "destination": "src/modules/auth/auth.ts",
+      "condition": { "framework": ["express"] }
     },
     {
       "type": "create-file",
-      "source": "lib/email-templates.ts",
-      "destination": "lib/email/email-templates.ts",
-      "condition": { "framework": ["nextjs", "express"] }
+      "source": "shared/lib/email/email-service.ts",
+      "destination": "server/service/email/email-service.ts",
+      "condition": { "framework": ["nextjs"] }
     },
     {
       "type": "create-file",
-      "source": "api/auth/[...all]/route.ts",
+      "source": "shared/lib/email/email-service.ts",
+      "destination": "src/shared/email/email-service.ts",
+      "condition": { "framework": ["express"] }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/email/email-templates.ts",
+      "destination": "server/service/email/email-templates.ts",
+      "condition": { "framework": ["nextjs"] }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/email/email-templates.ts",
+      "destination": "src/shared/email/email-templates.ts",
+      "condition": { "framework": ["express"] }
+    },
+    {
+      "type": "create-file",
+      "source": "nextjs/api/auth/[...all]/route.ts",
       "destination": "app/api/auth/[...all]/route.ts",
       "condition": { "framework": "nextjs" }
     },
     {
       "type": "create-file",
-      "source": "lib/auth-client.ts",
-      "destination": "lib/auth-client.ts",
-      "condition": { "framework": ["nextjs", "react"] }
+      "source": "nextjs/proxy.ts",
+      "destination": "proxy.ts",
+      "condition": { "framework": "nextjs" }
+    },
+    {
+      "type": "create-file",
+      "source": "nextjs/lib/auth/auth-guards.ts",
+      "destination": "server/auth/guards.ts",
+      "condition": { "framework": "nextjs" }
+    },
+    {
+      "type": "create-file",
+      "source": "express/middlewares/authorize.ts",
+      "destination": "src/shared/middlewares/authorize.middleware.ts",
+      "condition": { "framework": "express" }
+    },
+    {
+      "type": "create-file",
+      "source": "express/types/express.d.ts",
+      "destination": "src/types/express.d.ts",
+      "condition": { "framework": "express" }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/auth-client.ts",
+      "destination": "lib/auth/auth-client.ts",
+      "condition": { "framework": ["nextjs"] }
+    },
+    {
+      "type": "create-file",
+      "source": "shared/lib/auth-client.ts",
+      "destination": "src/shared/lib/auth-client.ts",
+      "condition": { "framework": ["react"] }
     },
     {
       "type": "patch-file",
@@ -40,7 +88,7 @@
       "operations": [
         {
           "type": "add-to-bottom",
-          "source": "prisma/schema.prisma"
+          "source": "shared/prisma/schema.prisma"
         }
       ]
     },
@@ -51,12 +99,12 @@
       "operations": [
         {
           "type": "add-import",
-          "imports": ["import { initAuth } from \"../lib/auth\";"]
+          "imports": ["import { setupAuth } from \"./modules/auth/auth\";"]
         },
         {
           "type": "add-code",
           "before": "const port = env.port;",
-          "code": "await initAuth();"
+          "code": "await setupAuth();"
         }
       ]
     },
@@ -67,13 +115,20 @@
       "operations": [
         {
           "type": "add-import",
-          "imports": ["import { auth } from \"../lib/auth\";",
+          "imports": ["import { auth } from \"./modules/auth/auth\";",
           "import { toNodeHandler } from \"better-auth/node\";"]
         },
         {
           "type": "add-code",
-          "after": "// routes",
-          "code": "app.all(\"/api/auth/*splat\", toNodeHandler(auth));"
+          "after": "// API routes",
+          "code": [
+            "app.all(\"/api/auth/*splat\", (req: Request, res: Response) => {",
+            "  if (!auth) {",
+            "    return res.status(503).json({ success: false, message: \"Auth not ready\" });",
+            "  }",
+            "  return toNodeHandler(auth)(req, res);",
+            "});"
+          ]
         }
       ]
     },