Skip to content

LegendarySumit/cooture-v4

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

20 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

๐ŸŽจ Cooture v4

AI-powered website template generator with secure authentication and production-ready deployment workflows

HTML5 JavaScript Node.js Express Firebase Gemini Vercel Render

AI template generation โ€ข Google sign-in and email auth โ€ข Production hardening (P0/P1/P2) โ€ข CI with smoke tests

Live Demo โ€ข Features โ€ข Quick Start โ€ข Tech Stack


๐Ÿ“– About

Cooture v4 is a full-stack web application designed to generate clean, responsive website templates from natural-language prompts. The project combines a static frontend experience with a Node.js backend that securely proxies AI generation requests to Gemini.

It includes a hardened authentication flow with email/password and Google sign-in, plus production-focused controls such as CORS allowlisting, structured logging, rate limits, readiness checks, audit logs, and CI validation. The goal is to keep UX smooth while maintaining deployment-grade safety and maintainability.


โœจ Features

  • โœ… AI-powered website template generation via Gemini backend proxy
  • โœ… Dual authentication: email/password and Google sign-in
  • โœ… Dual-mode session support: HttpOnly cookie session + bearer compatibility
  • โœ… Forgot/reset password lifecycle and optional email verification flow
  • โœ… Password-change session revocation with versioned token checks
  • โœ… Readiness + health endpoints for deployment orchestration
  • โœ… Audit logging for auth and privileged action attempts
  • โœ… Route-specific rate limits and payload validation
  • โœ… CI pipelines for backend tests and frontend smoke checks

๐Ÿ› ๏ธ Tech Stack

Frontend

Technology Purpose
HTML5 + SCSS/CSS UI layout and styling
Vanilla JavaScript Auth, API integration, and interactive behavior
Bootstrap Responsive components and utility classes
Playwright Auth-page smoke testing

Backend

Technology Purpose
Node.js + Express API server and routing
Firebase Admin + Firestore User data and identity integration
JWT + HttpOnly Cookies Session/auth model with dual compatibility
Gemini API Template generation engine
Helmet + CORS + Rate Limit Security hardening and abuse resistance
Jest + Supertest Backend test coverage

DevOps

Service Role
GitHub Actions CI checks (security, tests, smoke)
Vercel Frontend hosting
Render Backend hosting

๐Ÿ“ Project Structure

cooture-v4/
โ”œโ”€โ”€ .github/
โ”‚   โ””โ”€โ”€ workflows/
โ”‚       โ”œโ”€โ”€ ci.yml
โ”‚       โ””โ”€โ”€ secret-hygiene.yml
โ”œโ”€โ”€ backend/
โ”‚   โ”œโ”€โ”€ middleware/
โ”‚   โ”‚   โ””โ”€โ”€ authMiddleware.js
โ”‚   โ”œโ”€โ”€ routes/
โ”‚   โ”‚   โ”œโ”€โ”€ ai.js
โ”‚   โ”‚   โ””โ”€โ”€ auth.js
โ”‚   โ”œโ”€โ”€ tests/
โ”‚   โ”‚   โ””โ”€โ”€ api.test.js
โ”‚   โ”œโ”€โ”€ utils/
โ”‚   โ”‚   โ”œโ”€โ”€ auditLogger.js
โ”‚   โ”‚   โ”œโ”€โ”€ authSession.js
โ”‚   โ”‚   โ”œโ”€โ”€ firebaseAdmin.js
โ”‚   โ”‚   โ”œโ”€โ”€ requestContext.js
โ”‚   โ”‚   โ”œโ”€โ”€ responses.js
โ”‚   โ”‚   โ””โ”€โ”€ validation.js
โ”‚   โ”œโ”€โ”€ .env.example
โ”‚   โ”œโ”€โ”€ package.json
โ”‚   โ”œโ”€โ”€ package-lock.json
โ”‚   โ”œโ”€โ”€ render.yaml
โ”‚   โ””โ”€โ”€ server.js
โ”œโ”€โ”€ frontend/
โ”‚   โ”œโ”€โ”€ js/
โ”‚   โ”‚   โ”œโ”€โ”€ custom.js
โ”‚   โ”‚   โ””โ”€โ”€ firebase-init.js
โ”‚   โ”œโ”€โ”€ scss/
โ”‚   โ”œโ”€โ”€ scripts/
โ”‚   โ”‚   โ””โ”€โ”€ check-static.js
โ”‚   โ”œโ”€โ”€ tests/
โ”‚   โ”‚   โ””โ”€โ”€ auth-pages.spec.js
โ”‚   โ”œโ”€โ”€ login.html
โ”‚   โ”œโ”€โ”€ signup.html
โ”‚   โ”œโ”€โ”€ forgot-password.html
โ”‚   โ”œโ”€โ”€ reset-password.html
โ”‚   โ”œโ”€โ”€ package.json
โ”‚   โ”œโ”€โ”€ package-lock.json
โ”‚   โ””โ”€โ”€ playwright.config.js
โ”œโ”€โ”€ scripts/
โ”‚   โ””โ”€โ”€ security/
โ”‚       โ””โ”€โ”€ scan-git-secrets.ps1
โ”œโ”€โ”€ LICENSE
โ””โ”€โ”€ README.md

๐Ÿš€ Quick Start

1. Clone and install

git clone https://github.com/LegendarySumit/cooture-v4.git
cd cooture-v4

cd backend
npm install

cd ../frontend
npm install

2. Configure backend env

cd ../backend
cp .env.example .env

Fill .env with your actual secrets and deployment origins.

3. Run backend

cd backend
npm start

4. Run frontend

cd frontend
npx http-server -p 3000 -a 127.0.0.1

โš™๏ธ Configuration

Required backend variables

Variable Required Example
JWT_SECRET Yes long random secret
GEMINI_API_KEY Yes Gemini API key
FRONTEND_ORIGINS Yes https://cooture-v4.vercel.app,http://localhost:3000
FIREBASE_SERVICE_ACCOUNT or FIREBASE_SERVICE_ACCOUNT_PATH Yes one-line JSON or local path
GEMINI_MODEL Yes gemini-2.5-flash
GEMINI_API_URL Yes https://generativelanguage.googleapis.com/v1beta

Optional P2 session/lifecycle variables

Variable Suggested Production Value
EMAIL_VERIFICATION_REQUIRED false (switch to true when ready)
FRONTEND_BASE_URL https://cooture-v4.vercel.app
SESSION_COOKIE_NAME cooture_session
SESSION_COOKIE_SECURE true
SESSION_COOKIE_SAMESITE none
SESSION_COOKIE_MAX_AGE_MS 604800000
SESSION_TOKEN_TTL 7d

๐Ÿ“š Usage

  1. Sign up with email/password or continue with Google.
  2. Log in to access protected generation features.
  3. Enter a prompt describing the desired page layout.
  4. Generate and review AI output from the secured backend route.
  5. Use account lifecycle pages for password reset and session management.

๐Ÿ”Œ API Endpoints

Auth

POST /auth/signup
POST /auth/login
POST /auth/google
POST /auth/google/signup
GET  /auth/me
POST /auth/logout
POST /auth/forgot-password
POST /auth/reset-password
POST /auth/password/change
POST /auth/verify-email/request
GET  /auth/verify-email/confirm?token=...

AI

POST /ai/generate

Ops

GET /health
GET /ready

๐Ÿ“Š Project Statistics

Category Status
P0 (security baseline) โœ… Complete
P1 (stability + abuse resistance) โœ… Complete
P2 (security maturity + lifecycle) โœ… Complete
Backend tests โœ… Passing
Frontend smoke tests โœ… Passing
Production readiness 96%

๐Ÿ› Troubleshooting

CORS blocked from Vercel

  • Ensure FRONTEND_ORIGINS contains exact origin(s) with protocol and no trailing slash.
  • Example: https://cooture-v4.vercel.app,https://www.cooture-v4.vercel.app,http://localhost:3000

Google sign-in popup closes/fails

  • Ensure backend sends Cross-Origin-Opener-Policy: same-origin-allow-popups.
  • Confirm Firebase Admin credentials are valid in Render.

Cookies not persisted cross-site

  • Use SESSION_COOKIE_SECURE=true and SESSION_COOKIE_SAMESITE=none in production.

๐Ÿ”ฎ Future Enhancements

  • Add transactional email delivery for reset and verification links
  • Add user-level generation history and saved templates
  • Add role-based admin dashboard with explicit authorization policies
  • Add per-user token/session management UI
  • Expand API contract tests for full account lifecycle edge cases

๐Ÿ“„ License

This project is licensed under the MIT License. See LICENSE.


๐Ÿ‘จโ€๐Ÿ’ป Author

LegendarySumit


๐Ÿš€ Build Faster, Ship Smarter

Cooture v4 โ€ข Production-ready AI website generation workflow


โญ Star this repo if you find it helpful!

About

Cooture v4 is a full-stack web application that lets users generate ready-to-use website templates powered by AI. It combines a clean fashion-inspired interface with modern authentication so users can explore templates, save their profile, and build faster.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors