AI-powered website template generator with secure authentication and production-ready deployment workflows
AI template generation โข Google sign-in and email auth โข Production hardening (P0/P1/P2) โข CI with smoke tests
Live Demo โข Features โข Quick Start โข Tech Stack
Cooture v4 is a full-stack web application designed to generate clean, responsive website templates from natural-language prompts. The project combines a static frontend experience with a Node.js backend that securely proxies AI generation requests to Gemini.
It includes a hardened authentication flow with email/password and Google sign-in, plus production-focused controls such as CORS allowlisting, structured logging, rate limits, readiness checks, audit logs, and CI validation. The goal is to keep UX smooth while maintaining deployment-grade safety and maintainability.
- โ AI-powered website template generation via Gemini backend proxy
- โ Dual authentication: email/password and Google sign-in
- โ Dual-mode session support: HttpOnly cookie session + bearer compatibility
- โ Forgot/reset password lifecycle and optional email verification flow
- โ Password-change session revocation with versioned token checks
- โ Readiness + health endpoints for deployment orchestration
- โ Audit logging for auth and privileged action attempts
- โ Route-specific rate limits and payload validation
- โ CI pipelines for backend tests and frontend smoke checks
| Technology | Purpose |
|---|---|
| HTML5 + SCSS/CSS | UI layout and styling |
| Vanilla JavaScript | Auth, API integration, and interactive behavior |
| Bootstrap | Responsive components and utility classes |
| Playwright | Auth-page smoke testing |
| Technology | Purpose |
|---|---|
| Node.js + Express | API server and routing |
| Firebase Admin + Firestore | User data and identity integration |
| JWT + HttpOnly Cookies | Session/auth model with dual compatibility |
| Gemini API | Template generation engine |
| Helmet + CORS + Rate Limit | Security hardening and abuse resistance |
| Jest + Supertest | Backend test coverage |
| Service | Role |
|---|---|
| GitHub Actions | CI checks (security, tests, smoke) |
| Vercel | Frontend hosting |
| Render | Backend hosting |
cooture-v4/
โโโ .github/
โ โโโ workflows/
โ โโโ ci.yml
โ โโโ secret-hygiene.yml
โโโ backend/
โ โโโ middleware/
โ โ โโโ authMiddleware.js
โ โโโ routes/
โ โ โโโ ai.js
โ โ โโโ auth.js
โ โโโ tests/
โ โ โโโ api.test.js
โ โโโ utils/
โ โ โโโ auditLogger.js
โ โ โโโ authSession.js
โ โ โโโ firebaseAdmin.js
โ โ โโโ requestContext.js
โ โ โโโ responses.js
โ โ โโโ validation.js
โ โโโ .env.example
โ โโโ package.json
โ โโโ package-lock.json
โ โโโ render.yaml
โ โโโ server.js
โโโ frontend/
โ โโโ js/
โ โ โโโ custom.js
โ โ โโโ firebase-init.js
โ โโโ scss/
โ โโโ scripts/
โ โ โโโ check-static.js
โ โโโ tests/
โ โ โโโ auth-pages.spec.js
โ โโโ login.html
โ โโโ signup.html
โ โโโ forgot-password.html
โ โโโ reset-password.html
โ โโโ package.json
โ โโโ package-lock.json
โ โโโ playwright.config.js
โโโ scripts/
โ โโโ security/
โ โโโ scan-git-secrets.ps1
โโโ LICENSE
โโโ README.md
git clone https://github.com/LegendarySumit/cooture-v4.git
cd cooture-v4
cd backend
npm install
cd ../frontend
npm installcd ../backend
cp .env.example .envFill .env with your actual secrets and deployment origins.
cd backend
npm startcd frontend
npx http-server -p 3000 -a 127.0.0.1| Variable | Required | Example |
|---|---|---|
JWT_SECRET |
Yes | long random secret |
GEMINI_API_KEY |
Yes | Gemini API key |
FRONTEND_ORIGINS |
Yes | https://cooture-v4.vercel.app,http://localhost:3000 |
FIREBASE_SERVICE_ACCOUNT or FIREBASE_SERVICE_ACCOUNT_PATH |
Yes | one-line JSON or local path |
GEMINI_MODEL |
Yes | gemini-2.5-flash |
GEMINI_API_URL |
Yes | https://generativelanguage.googleapis.com/v1beta |
| Variable | Suggested Production Value |
|---|---|
EMAIL_VERIFICATION_REQUIRED |
false (switch to true when ready) |
FRONTEND_BASE_URL |
https://cooture-v4.vercel.app |
SESSION_COOKIE_NAME |
cooture_session |
SESSION_COOKIE_SECURE |
true |
SESSION_COOKIE_SAMESITE |
none |
SESSION_COOKIE_MAX_AGE_MS |
604800000 |
SESSION_TOKEN_TTL |
7d |
- Sign up with email/password or continue with Google.
- Log in to access protected generation features.
- Enter a prompt describing the desired page layout.
- Generate and review AI output from the secured backend route.
- Use account lifecycle pages for password reset and session management.
POST /auth/signup
POST /auth/login
POST /auth/google
POST /auth/google/signup
GET /auth/me
POST /auth/logout
POST /auth/forgot-password
POST /auth/reset-password
POST /auth/password/change
POST /auth/verify-email/request
GET /auth/verify-email/confirm?token=...POST /ai/generateGET /health
GET /ready| Category | Status |
|---|---|
| P0 (security baseline) | โ Complete |
| P1 (stability + abuse resistance) | โ Complete |
| P2 (security maturity + lifecycle) | โ Complete |
| Backend tests | โ Passing |
| Frontend smoke tests | โ Passing |
| Production readiness | 96% |
- Ensure
FRONTEND_ORIGINScontains exact origin(s) with protocol and no trailing slash. - Example:
https://cooture-v4.vercel.app,https://www.cooture-v4.vercel.app,http://localhost:3000
- Ensure backend sends
Cross-Origin-Opener-Policy: same-origin-allow-popups. - Confirm Firebase Admin credentials are valid in Render.
- Use
SESSION_COOKIE_SECURE=trueandSESSION_COOKIE_SAMESITE=nonein production.
- Add transactional email delivery for reset and verification links
- Add user-level generation history and saved templates
- Add role-based admin dashboard with explicit authorization policies
- Add per-user token/session management UI
- Expand API contract tests for full account lifecycle edge cases
This project is licensed under the MIT License. See LICENSE.
LegendarySumit
- GitHub: @LegendarySumit
- Project: Cooture v4
- Live Demo: cooture-v4.vercel.app
๐ Build Faster, Ship Smarter
Cooture v4 โข Production-ready AI website generation workflow
โญ Star this repo if you find it helpful!