stackkit 0.2.8 → 0.3.0

package/modules/auth/better-auth/files/shared/lib/auth.ts

@@ -1,124 +1,212 @@
 import { betterAuth } from "better-auth";
+import { bearer, emailOTP } from "better-auth/plugins";
 {{#if combo == "prisma:express"}}
-import { sendEmail } from "../../shared/email/email-service";
-import {
-  getPasswordResetEmailTemplate,
-  getVerificationEmailTemplate,
-} from "../../shared/email/email-templates";
-import { prisma } from "../../database/prisma";
+import { Role, UserStatus } from "@prisma/client";
+import { envVars } from "../config/env";
+import { sendEmail } from "../shared/utils/email";
+import { prisma } from "../database/prisma";
 import { prismaAdapter } from "better-auth/adapters/prisma";
 {{/if}}
-
 {{#if combo == "prisma:nextjs"}}
-import { getPasswordResetEmailTemplate, getVerificationEmailTemplate } from "../service/email/email-templates";
+import { Role, UserStatus } from "@prisma/client";
 import { sendEmail } from "../service/email/email-service";
 import { prisma } from "../database/prisma";
+import { envVars } from "@/lib/env";
 import { prismaAdapter } from "better-auth/adapters/prisma";
 {{/if}}
-
 {{#if combo == "mongoose:express"}}
-import { sendEmail } from "../../shared/email/email-service";
-import {
-  getPasswordResetEmailTemplate,
-  getVerificationEmailTemplate,
-} from "../../shared/email/email-templates";
-import { mongoose } from "../../database/mongoose";
+import { envVars } from "../config/env";
+import { Role, UserStatus } from "../modules/auth/auth.constants";
+import { sendEmail } from "../shared/utils/email";
+import { getMongoClient, getMongoDb, mongoose } from "../database/mongoose";
 import { mongodbAdapter } from "better-auth/adapters/mongodb";
 {{/if}}
-
 {{#if combo == "mongoose:nextjs"}}
-import { getPasswordResetEmailTemplate, getVerificationEmailTemplate } from "../service/email/email-templates";
 import { sendEmail } from "../service/email/email-service";
-import { mongoose } from "../database/mongoose";
+import { getMongoClient, getMongoDb, mongoose } from "../database/mongoose";
+import { Role, UserStatus } from "@/lib/auth/auth-constants";
+import { envVars } from "@/lib/env";
 import { mongodbAdapter } from "better-auth/adapters/mongodb";
 {{/if}}
 
-export async function initAuth() {
 {{#if database == "mongoose"}}
-const mongooseInstance = await mongoose();
-const client = mongooseInstance.connection.getClient();
-const db = client.db();
+await mongoose();
+const client = getMongoClient();
+const db = getMongoDb();
+const usersCollection = db.collection("user");
 {{/if}}
 
-return betterAuth({
+export const auth = betterAuth({
 {{#if database == "prisma"}}
   database: prismaAdapter(prisma, {
     provider: "{{prismaProvider}}",
   }),
 {{/if}}
 {{#if database == "mongoose"}}
-  database: mongodbAdapter(db, { client }),
+  database: mongodbAdapter(db, { client, transaction: false }),
 {{/if}}
-  baseURL: process.env.BETTER_AUTH_URL,
-  secret: process.env.BETTER_AUTH_SECRET,
-  trustedOrigins: [process.env.APP_URL!],
-  user: {
-    additionalFields: {
-      role: {
-        type: "string",
-        defaultValue: "USER",
-        required: true,
-      },
-    },
-  },
+  baseURL: envVars.BETTER_AUTH_URL,
+  secret: envVars.BETTER_AUTH_SECRET,
+  trustedOrigins: [
+    envVars.FRONTEND_URL || envVars.BETTER_AUTH_URL || "http://localhost:3000",
+  ],
   emailAndPassword: {
     enabled: true,
     requireEmailVerification: true,
-    sendResetPassword: async ({ user, url }) => {
-    const { html, text } = getPasswordResetEmailTemplate(user, url);
-      await sendEmail({
-        to: user.email,
-        subject: "Reset Your Password",
-        text,
-        html,
-      });
-    },
   },
   socialProviders: {
     google: {
-      accessType: "offline", 
+      clientId: envVars.GOOGLE_CLIENT_ID as string,
+      clientSecret: envVars.GOOGLE_CLIENT_SECRET as string,
+      accessType: "offline",
       prompt: "select_account consent",
-      clientId: process.env.GOOGLE_CLIENT_ID as string,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
+      mapProfileToUser: () => {
+        return {
+          role: Role.USER,
+          status: UserStatus.ACTIVE,
+          needPasswordChange: false,
+          emailVerified: true,
+          isDeleted: false,
+          deletedAt: null,
+        };
+      },
     },
   },
   emailVerification: {
-    sendVerificationEmail: async ({ user, url }) => {
-      const { html, text } = getVerificationEmailTemplate(user, url);
-      await sendEmail({
-        to: user.email,
-        subject: "Verify Your Email Address",
-        text,
-        html,
-      });
-    },
+    sendOnSignUp: true,
     sendOnSignIn: true,
+    autoSignInAfterVerification: true,
   },
-  rateLimit: {
-    window: 10,
-    max: 100,
-  },
-  account: {
-    accountLinking: {
-      enabled: true,
-      trustedProviders: ["google"],
+  user: {
+    additionalFields: {
+      role: {
+        type: "string",
+        required: true,
+        defaultValue: Role.USER,
+      },
+      status: {
+        type: "string",
+        required: true,
+        defaultValue: UserStatus.ACTIVE,
+      },
+      needPasswordChange: {
+        type: "boolean",
+        required: true,
+        defaultValue: false,
+      },
+      isDeleted: {
+        type: "boolean",
+        required: true,
+        defaultValue: false,
+      },
+      deletedAt: {
+        type: "date",
+        required: false,
+        defaultValue: null,
+      },
     },
   },
+  plugins: [
+    bearer(),
+    emailOTP({
+      overrideDefaultEmailVerification: true,
+      async sendVerificationOTP({ email, otp, type }) {
+        if (type === "email-verification") {
+          {{#if database == "prisma"}}
+          const user = await prisma.user.findUnique({
+            where: {
+              email,
+            },
+          });
+          {{/if}}
+          {{#if database == "mongoose"}}
+          const user = await usersCollection.findOne({ email });
+          {{/if}}
+
+          if (!user) {
+            console.error(
+              `User with email ${email} not found. Cannot send verification OTP.`,
+            );
+            return;
+          }
+
+          if (user && user.role === Role.SUPER_ADMIN) {
+            console.log(
+              `User with email ${email} is a super admin. Skipping sending verification OTP.`,
+            );
+            return;
+          }
+
+          if (user && !user.emailVerified) {
+            sendEmail({
+              to: email,
+              subject: "Verify your email",
+              templateName: "otp",
+              templateData: {
+                name: user.name,
+                otp,
+              },
+            });
+          }
+        } else if (type === "forget-password") {
+          {{#if database == "prisma"}}
+          const user = await prisma.user.findUnique({
+            where: {
+              email,
+            },
+          });
+          {{/if}}
+          {{#if database == "mongoose"}}
+          const user = await usersCollection.findOne({ email });
+          {{/if}}
+
+          if (user) {
+            sendEmail({
+              to: email,
+              subject: "Password Reset OTP",
+              templateName: "otp",
+              templateData: {
+                name: user.name,
+                otp,
+              },
+            });
+          }
+        }
+      },
+      expiresIn: 2 * 60, // 2 minutes in seconds
+      otpLength: 6,
+    }),
+  ],
   session: {
+    expiresIn: 60 * 60 * 60 * 24, // 1 day in seconds
+    updateAge: 60 * 60 * 60 * 24, // 1 day in seconds
     cookieCache: {
       enabled: true,
-      maxAge: 60 * 60 * 24 * 7,
+      maxAge: 60 * 60 * 60 * 24, // 1 day in seconds
     },
-    expiresIn: 60 * 60 * 24 * 7,
-    updateAge: 60 * 60 * 24,
-    cookieName: "better-auth.session_token",
-  }
- })
-};
-
-export let auth: any = undefined;
-
-export async function setupAuth() {
-  auth = await initAuth();
-  return auth;
-}
+  },
+  redirectURLs: {
+    signIn: `${envVars.BETTER_AUTH_URL}/api/v1/auth/google/success`,
+  },
+  advanced: {
+    useSecureCookies: false,
+    cookies: {
+      state: {
+        attributes: {
+          sameSite: "none",
+          secure: true,
+          httpOnly: true,
+          path: "/",
+        },
+      },
+      sessionToken: {
+        attributes: {
+          sameSite: "none",
+          secure: true,
+          httpOnly: true,
+          path: "/",
+        },
+      },
+    },
+  },
+});

package/modules/auth/better-auth/files/shared/mongoose/auth/constants.ts

@@ -0,0 +1,11 @@
+export const Role = {
+  ADMIN: "ADMIN",
+  USER: "USER",
+  SUPER_ADMIN: "SUPER_ADMIN",
+} as const;
+
+export const UserStatus = {
+  ACTIVE: "ACTIVE",
+  BLOCKED: "BLOCKED",
+  DELETED: "DELETED",
+} as const;

package/modules/auth/better-auth/files/shared/mongoose/auth/helper.ts

@@ -0,0 +1,51 @@
+import status from "http-status";
+import { getMongoDb, mongoose } from "../../database/mongoose";
+import { AppError } from "../../shared/errors/app-error";
+
+export type AuthUser = {
+  id: string;
+  role: string;
+  name: string;
+  email: string;
+  status?: string;
+  isDeleted?: boolean;
+  emailVerified?: boolean;
+  needPasswordChange?: boolean;
+  deletedAt?: Date | null;
+};
+
+export type AuthUserDocument = AuthUser & {
+  createdAt?: Date;
+  updatedAt?: Date;
+};
+
+export type AuthSessionDocument = {
+  token: string;
+  userId: string;
+  createdAt?: Date;
+  updatedAt?: Date;
+  expiresAt?: Date;
+};
+
+export const getAuthCollections = async () => {
+  await mongoose();
+
+  try {
+    const db = getMongoDb();
+
+    return {
+      users: db.collection<AuthUserDocument>("user"),
+      sessions: db.collection<AuthSessionDocument>("session"),
+    };
+  } catch {
+    throw new AppError(
+      status.INTERNAL_SERVER_ERROR,
+      "Auth database is not initialized",
+    );
+  }
+};
+
+export const deleteAuthUserById = async (id: string) => {
+  const { users } = await getAuthCollections();
+  await users.deleteOne({ id });
+};

package/modules/auth/better-auth/files/shared/prisma/schema.prisma

@@ -4,16 +4,20 @@
 {{#var defaultId = @default(cuid())}}
 {{/if}}
 model User {
-    id            String    @id {{defaultId}}
-    name          String
-    email         String
-    emailVerified Boolean   @default(false)
-    image         String?
-    createdAt     DateTime  @default(now())
-    updatedAt     DateTime  @updatedAt
-    sessions      Session[]
-    accounts      Account[]
-    role          Role    @default(USER)
+    id                 String     @id {{defaultId}}
+    name               String
+    email              String
+    emailVerified      Boolean    @default(false)
+    role               Role       @default(USER)
+    status             UserStatus @default(ACTIVE)
+    needPasswordChange Boolean    @default(false)
+    isDeleted          Boolean    @default(false)
+    deletedAt          DateTime?
+    image              String?
+    createdAt          DateTime   @default(now())
+    updatedAt          DateTime   @updatedAt
+    sessions           Session[]
+    accounts           Account[]
 
     @@unique([email])
     @@map("user")
@@ -67,6 +71,13 @@ model Verification {
 }
 
 enum Role {
-    USER
+    SUPER_ADMIN
     ADMIN
+    USER
+}
+
+enum UserStatus {
+    ACTIVE
+    BLOCKED
+    DELETED
 }

package/modules/auth/better-auth/files/shared/utils/email.ts

@@ -0,0 +1,70 @@
+import nodemailer from "nodemailer";
+{{#if framework == "express"}}
+import ejs from "ejs";
+import status from "http-status";
+import path from "path";
+import { envVars } from "../../config/env";
+import { AppError } from "../errors/app-error";
+{{/if}}
+{{#if framework == "nextjs"}}
+import { renderEmailTemplate } from "../email/otp-template";
+import { envVars } from "../env";
+{{/if}}
+
+const transporter = nodemailer.createTransport({
+  host: envVars.EMAIL_SENDER.SMTP_HOST,
+  secure: true,
+  auth: {
+    user: envVars.EMAIL_SENDER.SMTP_USER,
+    pass: envVars.EMAIL_SENDER.SMTP_PASS,
+  },
+  port: Number(envVars.EMAIL_SENDER.SMTP_PORT),
+});
+
+interface SendEmailOptions {
+  to: string;
+  subject: string;
+  templateName: string;
+  templateData: Record<string, string | number | boolean | object>;
+  attachments?: {
+    filename: string;
+    content: Buffer | string;
+    contentType: string;
+  }[];
+}
+
+export const sendEmail = async ({
+  subject,
+  templateData,
+  templateName,
+  to,
+  attachments,
+}: SendEmailOptions) => {
+  try {
+    {{#if framework == "express"}}
+        const templatePath = path.resolve(
+      process.cwd(),
+      `src/templates/${templateName}.ejs`,
+    );
+
+    const html = await ejs.renderFile(templatePath, templateData);
+    {{/if}}
+    {{#if framework == "nextjs"}}
+    const html = renderEmailTemplate(templateName, templateData);
+    {{/if}}
+
+    await transporter.sendMail({
+      from: envVars.EMAIL_SENDER.SMTP_FROM,
+      to: to,
+      subject: subject,
+      html: html,
+      attachments: attachments?.map((attachment) => ({
+        filename: attachment.filename,
+        content: attachment.content,
+        contentType: attachment.contentType,
+      })),
+    });
+  } catch {
+    throw new AppError(status.INTERNAL_SERVER_ERROR, "Failed to send email");
+  }
+};