AI-powered website template generator with secure authentication and production-ready deployment workflows
AI template generation • Google sign-in and email auth • Production hardening (P0/P1/P2) • CI with smoke tests
Cooture v4 is a full-stack web application designed to generate clean, responsive website templates from natural-language prompts. The project combines a static frontend experience with a Node.js backend that securely proxies AI generation requests to Gemini.
It includes a hardened authentication flow with email/password and Google sign-in, plus production-focused controls such as CORS allowlisting, structured logging, rate limits, readiness checks, audit logs, and CI validation. The goal is to keep UX smooth while maintaining deployment-grade safety and maintainability.
- ✅ AI-powered website template generation via Gemini backend proxy
- ✅ Dual authentication: email/password and Google sign-in
- ✅ Dual-mode session support: HttpOnly cookie session + bearer compatibility
- ✅ Forgot/reset password lifecycle and optional email verification flow
- ✅ Password-change session revocation with versioned token checks
- ✅ Readiness + health endpoints for deployment orchestration
- ✅ Audit logging for auth and privileged action attempts
- ✅ Route-specific rate limits and payload validation
- ✅ CI pipelines for backend tests and frontend smoke checks
| Technology | Purpose |
|---|---|
| HTML5 + SCSS/CSS | UI layout and styling |
| Vanilla JavaScript | Auth, API integration, and interactive behavior |
| Bootstrap | Responsive components and utility classes |
| Playwright | Auth-page smoke testing |
| Technology | Purpose |
|---|---|
| Node.js + Express | API server and routing |
| Firebase Admin + Firestore | User data and identity integration |
| JWT + HttpOnly Cookies | Session/auth model with dual compatibility |
| Gemini API | Template generation engine |
| Helmet + CORS + Rate Limit | Security hardening and abuse resistance |
| Jest + Supertest | Backend test coverage |
| Service | Role |
|---|---|
| GitHub Actions | CI checks (security, tests, smoke) |
| Vercel | Frontend hosting |
| Render | Backend hosting |
cooture-v4/
├── .github/
│ └── workflows/
│ ├── ci.yml
│ └── secret-hygiene.yml
├── backend/
│ ├── middleware/
│ │ └── authMiddleware.js
│ ├── routes/
│ │ ├── ai.js
│ │ └── auth.js
│ ├── tests/
│ │ └── api.test.js
│ ├── utils/
│ │ ├── auditLogger.js
│ │ ├── authSession.js
│ │ ├── firebaseAdmin.js
│ │ ├── requestContext.js
│ │ ├── responses.js
│ │ └── validation.js
│ ├── .env.example
│ ├── package.json
│ ├── package-lock.json
│ ├── render.yaml
│ └── server.js
├── frontend/
│ ├── js/
│ │ ├── custom.js
│ │ └── firebase-init.js
│ ├── scss/
│ ├── scripts/
│ │ └── check-static.js
│ ├── tests/
│ │ └── auth-pages.spec.js
│ ├── login.html
│ ├── signup.html
│ ├── forgot-password.html
│ ├── reset-password.html
│ ├── package.json
│ ├── package-lock.json
│ └── playwright.config.js
├── scripts/
│ └── security/
│ └── scan-git-secrets.ps1
├── LICENSE
└── README.md
git clone https://github.com/LegendarySumit/cooture-v4.git
cd cooture-v4
cd backend
npm install
cd ../frontend
npm installcd ../backend
cp .env.example .envFill .env with your actual secrets and deployment origins.
cd backend
npm startcd frontend
npx http-server -p 3000 -a 127.0.0.1| Variable | Required | Example |
|---|---|---|
JWT_SECRET |
Yes | long random secret |
GEMINI_API_KEY |
Yes | Gemini API key |
FRONTEND_ORIGINS |
Yes | https://cooture-v4.vercel.app,http://localhost:3000 |
FIREBASE_SERVICE_ACCOUNT or FIREBASE_SERVICE_ACCOUNT_PATH |
Yes | one-line JSON or local path |
GEMINI_MODEL |
Yes | gemini-2.5-flash |
GEMINI_API_URL |
Yes | https://generativelanguage.googleapis.com/v1beta |
| Variable | Suggested Production Value |
|---|---|
EMAIL_VERIFICATION_REQUIRED |
false (switch to true when ready) |
FRONTEND_BASE_URL |
https://cooture-v4.vercel.app |
SESSION_COOKIE_NAME |
cooture_session |
SESSION_COOKIE_SECURE |
true |
SESSION_COOKIE_SAMESITE |
none |
SESSION_COOKIE_MAX_AGE_MS |
604800000 |
SESSION_TOKEN_TTL |
7d |
- Sign up with email/password or continue with Google.
- Log in to access protected generation features.
- Enter a prompt describing the desired page layout.
- Generate and review AI output from the secured backend route.
- Use account lifecycle pages for password reset and session management.
POST /auth/signup
POST /auth/login
POST /auth/google
POST /auth/google/signup
GET /auth/me
POST /auth/logout
POST /auth/forgot-password
POST /auth/reset-password
POST /auth/password/change
POST /auth/verify-email/request
GET /auth/verify-email/confirm?token=...POST /ai/generateGET /health
GET /ready| Category | Status |
|---|---|
| P0 (security baseline) | ✅ Complete |
| P1 (stability + abuse resistance) | ✅ Complete |
| P2 (security maturity + lifecycle) | ✅ Complete |
| Backend tests | ✅ Passing |
| Frontend smoke tests | ✅ Passing |
| Production readiness | 96% |
- Ensure
FRONTEND_ORIGINScontains exact origin(s) with protocol and no trailing slash. - Example:
https://cooture-v4.vercel.app,https://www.cooture-v4.vercel.app,http://localhost:3000
- Ensure backend sends
Cross-Origin-Opener-Policy: same-origin-allow-popups. - Confirm Firebase Admin credentials are valid in Render.
- Use
SESSION_COOKIE_SECURE=trueandSESSION_COOKIE_SAMESITE=nonein production.
- Add transactional email delivery for reset and verification links
- Add user-level generation history and saved templates
- Add role-based admin dashboard with explicit authorization policies
- Add per-user token/session management UI
- Expand API contract tests for full account lifecycle edge cases
This project is licensed under the MIT License. See LICENSE.
LegendarySumit
- GitHub: @LegendarySumit
- Project: Cooture v4
- Live Demo: cooture-v4.vercel.app
🚀 Build Faster, Ship Smarter
Cooture v4 • Production-ready AI website generation workflow
⭐ Star this repo if you find it helpful!