@vineet1576/create-project
v3.1.0
Published
Scaffold a full-stack Express + React project with JWT auth, hybrid encryption (RSA+AES-GCM / AES-CBC), user & role management, optional frontend & admin panels
Maintainers
Readme
create-project
A CLI tool that scaffolds a full-stack project — pick from API (Express + MongoDB), Frontend (React + Vite), or Admin Panel (React + Vite) — all in one command. Features JWT authentication, hybrid encryption (RSA+AES-GCM or AES-CBC), user & role management, and optional GitHub push.
Usage
npx @vineet1576/create-project my-appOr install globally:
npm install -g @vineet1576/create-project
create-project my-appInteractive Selection
Pick a single platform using arrow keys:
? Select a platform to create:
❯ API (Backend)
Frontend (React + Vite)
Admin Panel (React + Vite)Based on your choice, the CLI adapts the prompts:
| Platform | Prompts shown | |----------|-------| | API | .env config (DB, JWT, SMTP), encryption mode, Git, GitHub | | Frontend | Git, GitHub (no DB/JWT prompts) | | Admin Panel | Git, GitHub (no DB/JWT prompts) |
What You Get
API (Express + MongoDB)
- JWT auth — Register, login (user/admin), auto-login, logout
- User module — Profile, password management, forgot/reset password, email verification
- Single-use verification links — New users receive an encrypted "Verify & Login" link (one-time use, 24h expiry). No plaintext passwords in emails.
- Admin user management — Paginated listing, search, filter, CRUD, status/approval
- Role module — Create, update, list, delete roles
- Encryption — Crypto-secure (RSA+AES-GCM) or legacy (AES-CBC), env-configurable
- Email — Nodemailer with SMTP, ready-to-use HTML templates
- Security — Helmet, CORS, bcrypt, JWT
Frontend (React + Vite)
- Login, Register, Email Verification, Forgot/Reset Password
- Profile management
- Auto-detects encryption mode (crypto-secure or legacy)
- Axios interceptors for transparent encryption
Admin Panel (React + Vite)
- Admin login, Dashboard with user stats
- User management (list, add, edit, delete)
- Role management (list, add, edit, delete)
- Sidebar navigation, DataTable, Modal components
- Auto-detects encryption mode
Encryption Options
| Mode | Algorithm | Use Case |
|------|-----------|----------|
| crypto-secure (CRYPTO_SECURE_ENCRYPTION=true) | RSA-2048 OAEP + AES-256-GCM | End-to-end encrypted API communication with automatic key exchange |
| Legacy (CRYPTO_SECURE_ENCRYPTION=false) | AES-CBC with shared secret key | Simple symmetric encryption for development/staging |
When crypto-secure is enabled, the server automatically generates RSA keys on first run and exposes /.well-known/encryption-key. Frontend/admin clients auto-detect the mode and handle encryption transparently via Axios interceptors.
Generated Project Structure
If you chose API:
my-app/
├── src/ # Express API
│ ├── app.js
│ ├── config/
│ ├── controllers/
│ ├── Emails/
│ ├── middleware/
│ ├── models/
│ ├── routes/
│ ├── services/
│ ├── utils/
│ ├── validations/
│ └── views/
├── keys/ # RSA keypair (auto-generated)
├── .env
├── .env.example
├── .gitignore
├── .prettierrc
├── eslint.config.js
├── ecosystem.config.js
└── package.jsonIf you chose Frontend:
my-app/
├── src/
│ ├── api/
│ ├── components/
│ ├── context/
│ ├── pages/
│ ├── utils/
│ ├── App.jsx
│ ├── main.jsx
│ └── index.css
├── .gitignore
├── .prettierrc
├── eslint.config.js
├── index.html
├── vite.config.js
└── package.jsonIf you chose Admin Panel:
my-app/
├── src/
│ ├── api/
│ ├── components/
│ ├── context/
│ ├── pages/
│ │ ├── Dashboard.jsx
│ │ ├── Login.jsx
│ │ ├── roles/
│ │ └── users/
│ ├── utils/
│ ├── App.jsx
│ ├── main.jsx
│ └── index.css
├── .gitignore
├── .prettierrc
├── eslint.config.js
├── index.html
├── vite.config.js
└── package.jsonBackend API Endpoints
User (/users)
| Method | Path | Description |
|--------|------|-------------|
| POST | /users/register | Register new user (sends verify link) |
| POST | /users/signup | Register via app |
| POST | /users/login | User login |
| POST | /users/admin/login | Admin login |
| POST | /users/auto-login | Auto-login from token |
| POST | /users/logout | Logout |
| GET | /users/profile | Get own profile |
| PUT | /users/edit-profile | Update profile |
| PUT | /users/change-password | Change password |
| PUT | /users/reset-password | Reset password with OTP |
| POST | /users/set-password | Set initial password |
| POST | /users/forgot-password | Send forgot password OTP |
| POST | /users/admin/forgot-password | Admin forgot password |
| GET | /users/verify | Verify email via link (auto-login) |
| POST | /users/verify-otp | Verify OTP |
| PUT | /users/resend-otp | Resend verification OTP |
| POST | /users/add | Admin — add user |
| GET | /users/list | Admin — list users |
| PUT | /users/change-status | Admin — activate/deactivate |
| PUT | /users/change-approval-status | Admin — approve/reject |
| DELETE | /users/delete | Admin — soft-delete user |
| GET | /users/reset-link-expired | Expired link info page |
Role (/roles)
| Method | Path | Description |
|--------|------|-------------|
| POST | /roles/add | Create role |
| GET | /roles/detail | Get role by ID |
| PUT | /roles/update | Update role |
| GET | /roles/listing | List roles (paginated) |
| PUT | /roles/status/change | Activate/deactivate role |
| DELETE | /roles/delete | Soft-delete role |
| GET | /roles/frontend-list | Active roles for dropdowns |
Tech Stack
| Layer | Backend | Frontend / Admin |
|-------|---------|------------------|
| Framework | Express.js | React 18 + Vite |
| Database | MongoDB + Mongoose | — |
| Auth | JWT (jsonwebtoken) | Context API + localStorage |
| Encryption | node-forge / crypto-secure | Web Crypto API / Axios interceptors |
| Validation | Joi | — |
| Email | Nodemailer | — |
| Password | bcryptjs | — |
| Linting | ESLint (flat config) | ESLint (flat config) |
| Formatting | Prettier | Prettier |
| Dev server | Nodemon | Vite dev server |
| Process mgmt | PM2 | — |
License
MIT
