stackkit 0.2.8 → 0.3.0

package/modules/auth/better-auth/files/express/templates/otp.ejs

@@ -0,0 +1,87 @@
+<!doctype html>
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <title>
+        <%= appName || "Your App" %> - Your OTP Code
+    </title>
+</head>
+
+<body style="margin:0; padding:0; background-color:#f3f4f6;">
+    <div style="display:none; max-height:0; overflow:hidden; opacity:0; color:transparent;">
+        Your one-time verification code is ready.
+    </div>
+
+    <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"
+        style="background-color:#f3f4f6; padding:24px 12px;">
+        <tr>
+            <td align="center">
+                <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"
+                    style="max-width:600px; background:#ffffff; border:1px solid #e5e7eb; border-radius:12px; overflow:hidden;">
+                    <tr>
+                        <td
+                            style="padding:28px 24px 16px 24px; font-family:Arial, Helvetica, sans-serif; color:#111827;">
+                            <h1 style="margin:0; font-size:22px; line-height:30px; font-weight:700;">Verification Code
+                            </h1>
+                            <p style="margin:14px 0 0; font-size:15px; line-height:24px; color:#374151;">
+                                Hi <%= userName || "there" %>,
+                            </p>
+                            <p style="margin:10px 0 0; font-size:15px; line-height:24px; color:#374151;">
+                                Use the one-time password (OTP) below to verify your identity for <strong>
+                                    <%= appName || "your account" %>
+                                </strong>.
+                            </p>
+                        </td>
+                    </tr>
+
+                    <tr>
+                        <td align="center"
+                            style="padding:8px 24px 20px 24px; font-family:Arial, Helvetica, sans-serif;">
+                            <div
+                                style="display:inline-block; padding:12px 20px; border-radius:10px; border:1px solid #d1d5db; background:#f9fafb; letter-spacing:7px; font-size:28px; line-height:34px; font-weight:700; color:#111827;">
+                                <%= otp %>
+                            </div>
+                        </td>
+                    </tr>
+
+                    <tr>
+                        <td style="padding:0 24px 22px 24px; font-family:Arial, Helvetica, sans-serif; color:#4b5563;">
+                            <p style="margin:0; font-size:14px; line-height:22px;">
+                                This code will expire in <strong>
+                                    <%= expiresInMinutes || 2 %> minutes
+                                </strong>.
+                            </p>
+                            <p style="margin:10px 0 0; font-size:14px; line-height:22px;">
+                                If you didn’t request this code, please ignore this email and consider changing your
+                                password.
+                            </p>
+                        </td>
+                    </tr>
+
+                    <tr>
+                        <td
+                            style="padding:16px 24px 24px 24px; border-top:1px solid #e5e7eb; font-family:Arial, Helvetica, sans-serif; color:#6b7280;">
+                            <p style="margin:0; font-size:12px; line-height:18px;">
+                                For security, never share this OTP with anyone.
+                            </p>
+                            <p style="margin:6px 0 0; font-size:12px; line-height:18px;">
+                                Need help? Contact
+                                <a href="mailto:<%= supportEmail || " support@example.com" %>" style="color:#2563eb;
+                                    text-decoration:underline;"><%= supportEmail || "support@example.com" %></a>.
+                            </p>
+                            <p style="margin:6px 0 0; font-size:12px; line-height:18px;">
+                                © <%= year || new Date().getFullYear() %>
+                                    <%= appName || "Your App" %>. All rights reserved.
+                            </p>
+                        </td>
+                    </tr>
+                </table>
+            </td>
+        </tr>
+    </table>
+</body>
+
+</html>

package/modules/auth/better-auth/files/express/types/express.d.ts

@@ -1,16 +1,14 @@
 declare global {
     namespace Express {
         interface Request {
-            user?: {
-                id: string;
-                email: string;
-                name: string;
-                role: string;
-                emailVerified: boolean;
-            }
+          user: {
+            id: string;
+            name: string;
+            email: string;
+            role: string;
+          };
         }
     }
 }
 
 export { };
-

package/modules/auth/better-auth/files/express/utils/cookie.ts

@@ -0,0 +1,19 @@
+import { CookieOptions, Request, Response } from "express";
+
+const setCookie = (res: Response, key: string, value: string, options: CookieOptions) => {
+    res.cookie(key, value, options);
+}
+
+const getCookie = (req: Request, key: string) => {
+    return req.cookies[key];
+}
+
+const clearCookie = (res: Response, key: string, options: CookieOptions) => {
+    res.clearCookie(key, options);
+}
+
+export const cookieUtils = {
+    setCookie,
+    getCookie,
+    clearCookie,
+}

package/modules/auth/better-auth/files/express/utils/jwt.ts

@@ -0,0 +1,34 @@
+import jwt, { JwtPayload, SignOptions } from "jsonwebtoken";
+
+const createToken = (payload: JwtPayload, secret: string, { expiresIn }: SignOptions) => {
+    const token = jwt.sign(payload, secret, { expiresIn });
+    return token;
+}
+
+const verifyToken = (token: string, secret: string) => {
+    try {
+        const decoded = jwt.verify(token, secret) as JwtPayload;
+        return {
+            success: true,
+            data: decoded
+        }
+    } catch (error: unknown) {
+        const message = error instanceof Error ? error.message : "Unknown error";
+        return {
+            success: false,
+            message,
+            error
+        }
+    }
+}
+
+const decodeToken = (token: string) => {
+    const decoded = jwt.decode(token) as JwtPayload;
+    return decoded;
+}
+
+export const jwtUtils = {
+    createToken,
+    verifyToken,
+    decodeToken,
+}

package/modules/auth/better-auth/files/express/utils/token.ts

@@ -0,0 +1,66 @@
+import { Response } from "express";
+import { JwtPayload, SignOptions } from "jsonwebtoken";
+import { envVars } from "../../config/env";
+import { cookieUtils } from "./cookie";
+import { jwtUtils } from "./jwt";
+
+//Creating access token
+const getAccessToken = (payload: JwtPayload) => {
+    const accessToken = jwtUtils.createToken(
+        payload,
+        envVars.ACCESS_TOKEN_SECRET,
+        { expiresIn: envVars.ACCESS_TOKEN_EXPIRES_IN } as SignOptions
+    );
+
+    return accessToken;
+}
+
+const getRefreshToken = (payload: JwtPayload) => {
+    const refreshToken = jwtUtils.createToken(
+        payload,
+        envVars.REFRESH_TOKEN_SECRET,
+        { expiresIn: envVars.REFRESH_TOKEN_EXPIRES_IN } as SignOptions
+    );
+    return refreshToken;
+}
+
+const setAccessTokenCookie = (res: Response, token: string) => {
+    cookieUtils.setCookie(res, 'accessToken', token, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "none",
+        path: '/',
+        //1 day
+        maxAge: 60 * 60 * 24 * 1000,
+    });
+}
+
+const setRefreshTokenCookie = (res: Response, token: string) => {
+    cookieUtils.setCookie(res, 'refreshToken', token, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "none",
+        path: '/',
+        //7d
+        maxAge: 60 * 60 * 24 * 1000 * 7,
+    });
+}
+
+const setBetterAuthSessionCookie = (res: Response, token: string) => {
+    cookieUtils.setCookie(res, "better-auth.session_token", token, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "none",
+        path: '/',
+        //1 day
+        maxAge: 60 * 60 * 24 * 1000,
+    });
+}
+
+export const tokenUtils = {
+    getAccessToken,
+    getRefreshToken,
+    setAccessTokenCookie,
+    setRefreshTokenCookie,
+    setBetterAuthSessionCookie,
+}

package/modules/auth/better-auth/files/nextjs/api/auth/[...all]/route.ts

@@ -1,4 +1,4 @@
-import { auth } from "@/lib/auth";
+import { auth } from "@/server/auth/auth";
 import { toNextJsHandler } from "better-auth/next-js";
 
 export const { GET, POST } = toNextJsHandler(auth);

package/modules/auth/better-auth/files/nextjs/lib/auth/auth-guards.ts

@@ -1,6 +1,6 @@
-import { auth } from "@/lib/auth";
 import { headers } from "next/headers";
 import { redirect } from "next/navigation";
+import { auth } from "./auth";
 
 export async function getSession() {
   const session = await auth.api.getSession({
@@ -10,6 +10,16 @@ export async function getSession() {
   return session;
 }
 
+export async function requireSuperAdmin() {
+  const session = await getSession();
+
+  if (!session || session.user.role !== "SUPER_ADMIN") {
+    redirect("/login");
+  }
+
+  return session.user;
+}
+
 export async function requireAdmin() {
   const session = await getSession();
 

package/modules/auth/better-auth/files/nextjs/templates/email-otp.tsx

@@ -0,0 +1,74 @@
+interface OtpTemplateProps {
+  name?: string | null;
+  otp: string;
+}
+
+const escapeHtml = (value: string) =>
+  value
+    .replaceAll("&", "&")
+    .replaceAll("<", "&lt;")
+    .replaceAll(">", "&gt;")
+    .replaceAll('"', "&quot;")
+    .replaceAll("'", "&#39;");
+
+const renderOtpTemplate = ({ name, otp }: OtpTemplateProps) => {
+  const safeName = name ? escapeHtml(name) : null;
+  const safeOtp = escapeHtml(otp);
+
+  return `<html>
+      <body
+        style="margin:0;padding:24px;background-color:#f8fafc;font-family:Arial,sans-serif;color:#0f172a;"
+      >
+        <table
+          role="presentation"
+          width="100%"
+          cellpadding="0"
+          cellspacing="0"
+          style="max-width:560px;margin:0 auto;background:#ffffff;"
+        >
+          <tbody>
+            <tr>
+              <td style="padding:28px 24px;">
+                <h2 style="margin:0 0 12px;font-size:22px;">Verification Code</h2>
+                <p style="margin:0 0 16px;font-size:15px;line-height:1.6;">
+                  ${safeName ? `Hi ${safeName},` : "Hi,"}
+                </p>
+                <p style="margin:0 0 16px;font-size:15px;line-height:1.6;">
+                  Use the OTP below to continue. This code will expire in 2 minutes.
+                </p>
+                <div
+                  style="display:inline-block;padding:12px 18px;border:1px solid #e2e8f0;border-radius:8px;letter-spacing:6px;font-size:22px;font-weight:700;background-color:#f1f5f9;"
+                >
+                  ${safeOtp}
+                </div>
+                <p style="margin:20px 0 0;font-size:13px;color:#475569;">
+                  If you did not request this code, you can safely ignore this email.
+                </p>
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </body>
+    </html>`;
+};
+
+export const renderEmailTemplate = (
+  templateName: string,
+  templateData: Record<string, unknown>,
+) => {
+  switch (templateName) {
+    case "otp": {
+      const name =
+        typeof templateData.name === "string" ? templateData.name : null;
+      const otp = typeof templateData.otp === "string" ? templateData.otp : "";
+
+      if (!otp) {
+        throw new Error("OTP value is required for otp template");
+      }
+
+      return `<!DOCTYPE html>${renderOtpTemplate({ name, otp })}`;
+    }
+    default:
+      throw new Error(`Unknown email template: ${templateName}`);
+  }
+};

package/modules/auth/better-auth/files/shared/config/env.ts

@@ -0,0 +1,117 @@
+{{#if framework == "express" }}
+import dotenv from "dotenv";
+import status from "http-status";
+import path from "path";
+import { AppError } from "../shared/errors/app-error";
+
+dotenv.config({ path: path.join(process.cwd(), ".env") });
+{{/if}}
+
+interface EnvConfig {
+  APP_URL?: string;
+  DATABASE_URL: string;
+  FRONTEND_URL?: string;
+  BETTER_AUTH_URL: string;
+  BETTER_AUTH_SECRET: string;
+  GOOGLE_CLIENT_ID: string;
+  GOOGLE_CLIENT_SECRET: string;
+  GOOGLE_CALLBACK_URL: string;
+  EMAIL_SENDER: {
+    SMTP_USER: string;
+    SMTP_PASS: string;
+    SMTP_HOST: string;
+    SMTP_PORT: string;
+    SMTP_FROM: string;
+  };
+  {{#if framework == "express" }}
+  NODE_ENV: string;
+  PORT: string;
+  BETTER_AUTH_SESSION_TOKEN_EXPIRES_IN: string;
+  BETTER_AUTH_SESSION_TOKEN_UPDATE_AGE: string;
+  ACCESS_TOKEN_SECRET: string;
+  ACCESS_TOKEN_EXPIRES_IN: string;
+  REFRESH_TOKEN_SECRET: string;
+  REFRESH_TOKEN_EXPIRES_IN: string;
+  SUPER_ADMIN_EMAIL: string;
+  SUPER_ADMIN_PASSWORD: string;
+  {{/if}}
+}
+
+const loadEnvVars = (): EnvConfig => {
+  const requiredEnvVars = [
+    "APP_URL",
+    "DATABASE_URL",
+    "FRONTEND_URL",
+    "BETTER_AUTH_URL",
+    "BETTER_AUTH_SECRET",
+    "GOOGLE_CLIENT_ID",
+    "GOOGLE_CLIENT_SECRET",
+    "GOOGLE_CALLBACK_URL",
+    "EMAIL_SENDER_SMTP_USER",
+    "EMAIL_SENDER_SMTP_PASS",
+    "EMAIL_SENDER_SMTP_HOST",
+    "EMAIL_SENDER_SMTP_PORT",
+    "EMAIL_SENDER_SMTP_FROM",
+    {{#if framework == "express" }}
+    "NODE_ENV",
+    "PORT",
+    "BETTER_AUTH_SESSION_TOKEN_EXPIRES_IN",
+    "BETTER_AUTH_SESSION_TOKEN_UPDATE_AGE",
+    "ACCESS_TOKEN_SECRET",
+    "ACCESS_TOKEN_EXPIRES_IN",
+    "REFRESH_TOKEN_SECRET",
+    "REFRESH_TOKEN_EXPIRES_IN",
+    "SUPER_ADMIN_EMAIL",
+    "SUPER_ADMIN_PASSWORD",
+    {{/if}}
+  ];
+
+  requiredEnvVars.forEach((varName) => {
+    if (!process.env[varName]) {
+      {{#if framework == "express" }}
+      throw new AppError(
+        status.INTERNAL_SERVER_ERROR,
+        `Environment variable ${varName} is required but not set in .env file.`,
+      );
+      {{else}}
+      throw new Error(
+        `Environment variable ${varName} is required but not defined.`,
+      );
+      {{/if}}
+    }
+  });
+
+  return {
+    APP_URL: process.env.APP_URL as string,
+    DATABASE_URL: process.env.DATABASE_URL as string,
+    FRONTEND_URL: process.env.FRONTEND_URL as string,
+    BETTER_AUTH_URL: process.env.BETTER_AUTH_URL as string,
+    BETTER_AUTH_SECRET: process.env.BETTER_AUTH_SECRET as string,
+    GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID as string,
+    GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET as string,
+    GOOGLE_CALLBACK_URL: process.env.GOOGLE_CALLBACK_URL as string,
+    EMAIL_SENDER: {
+      SMTP_USER: process.env.EMAIL_SENDER_SMTP_USER as string,
+      SMTP_PASS: process.env.EMAIL_SENDER_SMTP_PASS as string,
+      SMTP_HOST: process.env.EMAIL_SENDER_SMTP_HOST as string,
+      SMTP_PORT: process.env.EMAIL_SENDER_SMTP_PORT as string,
+      SMTP_FROM: process.env.EMAIL_SENDER_SMTP_FROM as string,
+    },
+    {{#if framework == "express" }}
+    NODE_ENV: process.env.NODE_ENV as string,
+    PORT: process.env.PORT as string,
+        BETTER_AUTH_SESSION_TOKEN_EXPIRES_IN: process.env
+      .BETTER_AUTH_SESSION_TOKEN_EXPIRES_IN as string,
+    BETTER_AUTH_SESSION_TOKEN_UPDATE_AGE: process.env
+      .BETTER_AUTH_SESSION_TOKEN_UPDATE_AGE as string,
+    ACCESS_TOKEN_SECRET: process.env.ACCESS_TOKEN_SECRET as string,
+    ACCESS_TOKEN_EXPIRES_IN: process.env.ACCESS_TOKEN_EXPIRES_IN as string,
+    REFRESH_TOKEN_SECRET: process.env.REFRESH_TOKEN_SECRET as string,
+    REFRESH_TOKEN_EXPIRES_IN: process.env.REFRESH_TOKEN_EXPIRES_IN as string,
+    SUPER_ADMIN_EMAIL: process.env.SUPER_ADMIN_EMAIL as string,
+    SUPER_ADMIN_PASSWORD: process.env.SUPER_ADMIN_PASSWORD as string,
+    {{/if}}
+  };
+};
+
+export const envVars = loadEnvVars();

package/modules/auth/better-auth/files/shared/lib/auth-client.ts

@@ -1,7 +1,7 @@
 import { createAuthClient } from "better-auth/react";
 
 export const authClient = createAuthClient({
-  baseURL: process.env.BETTER_AUTH_URL || "http://localhost:4000",
+  baseURL: process.env.BETTER_AUTH_URL || "http://localhost:5000",
 });
 
 export const { signIn, signUp, signOut, useSession } = authClient;