Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f123e04e4c | |||
| 15131b72f0 | |||
| f4e34f2826 | |||
| 2396eaab4d | |||
| 97b71d5396 | |||
| bbe95df9ca | |||
| 1380d5a9d3 | |||
| 41dff6f0e2 | |||
| 8002a3db96 | |||
| 88e6845027 | |||
| 085c8b9cfa | |||
| 1d76c63137 |
@@ -11,6 +11,12 @@ AUTH_DISABLED=false
|
|||||||
OIDC_ISSUER=https://authentik.example.com
|
OIDC_ISSUER=https://authentik.example.com
|
||||||
OIDC_AUDIENCE=groombook
|
OIDC_AUDIENCE=groombook
|
||||||
|
|
||||||
|
# ── Setup Wizard ─────────────────────────────────────────────────────────────
|
||||||
|
# When SKIP_OOBE=true, the setup wizard is bypassed regardless of whether a
|
||||||
|
# super user exists in the database. Useful in dev/test environments where the
|
||||||
|
# database has data but the setup wizard would otherwise block access.
|
||||||
|
SKIP_OOBE=false
|
||||||
|
|
||||||
# ── API ───────────────────────────────────────────────────────────────────────
|
# ── API ───────────────────────────────────────────────────────────────────────
|
||||||
PORT=3000
|
PORT=3000
|
||||||
CORS_ORIGIN=http://localhost:8080
|
CORS_ORIGIN=http://localhost:8080
|
||||||
|
|||||||
@@ -418,6 +418,48 @@ describe("GET /setup/status — OOBE bootstrap logic", () => {
|
|||||||
expect(body.showAuthProviderStep).toBe(false); // DB config already exists
|
expect(body.showAuthProviderStep).toBe(false); // DB config already exists
|
||||||
expect(body.authConfigExists).toBe(true);
|
expect(body.authConfigExists).toBe(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("SKIP_OOBE=true bypasses setup check regardless of DB state", async () => {
|
||||||
|
dbStaffRows = []; // no super user
|
||||||
|
dbAuthConfigRows = [];
|
||||||
|
process.env.SKIP_OOBE = "true";
|
||||||
|
|
||||||
|
const app = makeApp();
|
||||||
|
const { status, body } = await getStatus(app);
|
||||||
|
|
||||||
|
expect(status).toBe(200);
|
||||||
|
expect(body.needsSetup).toBe(false);
|
||||||
|
expect(body.showAuthProviderStep).toBe(false);
|
||||||
|
expect(body.authConfigExists).toBe(false);
|
||||||
|
expect(body.authEnvVarsSet).toBe(false);
|
||||||
|
expect(body.skipped).toBe(true);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("SKIP_OOBE=1 also bypasses setup check", async () => {
|
||||||
|
dbStaffRows = [];
|
||||||
|
dbAuthConfigRows = [];
|
||||||
|
process.env.SKIP_OOBE = "1";
|
||||||
|
|
||||||
|
const app = makeApp();
|
||||||
|
const { status, body } = await getStatus(app);
|
||||||
|
|
||||||
|
expect(status).toBe(200);
|
||||||
|
expect(body.needsSetup).toBe(false);
|
||||||
|
expect(body.skipped).toBe(true);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("SKIP_OOBE=yes also bypasses setup check", async () => {
|
||||||
|
dbStaffRows = [];
|
||||||
|
dbAuthConfigRows = [];
|
||||||
|
process.env.SKIP_OOBE = "yes";
|
||||||
|
|
||||||
|
const app = makeApp();
|
||||||
|
const { status, body } = await getStatus(app);
|
||||||
|
|
||||||
|
expect(status).toBe(200);
|
||||||
|
expect(body.needsSetup).toBe(false);
|
||||||
|
expect(body.skipped).toBe(true);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("POST /setup/auth-provider — OOBE bootstrap", () => {
|
describe("POST /setup/auth-provider — OOBE bootstrap", () => {
|
||||||
|
|||||||
@@ -105,7 +105,13 @@ api.use("*", resolveStaffMiddleware);
|
|||||||
// Better-Auth handler — mounted as sub-app to handle all /api/auth/* routes
|
// Better-Auth handler — mounted as sub-app to handle all /api/auth/* routes
|
||||||
// authMiddleware and resolveStaffMiddleware both skip /api/auth/ paths
|
// authMiddleware and resolveStaffMiddleware both skip /api/auth/ paths
|
||||||
const authRouter = new Hono();
|
const authRouter = new Hono();
|
||||||
authRouter.all("/*", (c) => getAuth().handler(c.req.raw));
|
authRouter.all("/*", (c) => {
|
||||||
|
try {
|
||||||
|
return getAuth().handler(c.req.raw);
|
||||||
|
} catch {
|
||||||
|
return c.json({ error: "Authentication not configured" }, 503);
|
||||||
|
}
|
||||||
|
});
|
||||||
api.route("/auth", authRouter);
|
api.route("/auth", authRouter);
|
||||||
|
|
||||||
// ── Role guards ────────────────────────────────────────────────────────────────
|
// ── Role guards ────────────────────────────────────────────────────────────────
|
||||||
|
|||||||
@@ -90,6 +90,12 @@ export async function initAuth(): Promise<void> {
|
|||||||
database: drizzleAdapter(getDb(), { provider: "pg" }),
|
database: drizzleAdapter(getDb(), { provider: "pg" }),
|
||||||
secret: BETTER_AUTH_SECRET ?? "placeholder-secret-do-not-use-in-prod",
|
secret: BETTER_AUTH_SECRET ?? "placeholder-secret-do-not-use-in-prod",
|
||||||
baseURL: BETTER_AUTH_URL,
|
baseURL: BETTER_AUTH_URL,
|
||||||
|
rateLimit: {
|
||||||
|
enabled: true,
|
||||||
|
max: 10,
|
||||||
|
window: 60,
|
||||||
|
storage: "database",
|
||||||
|
},
|
||||||
plugins: [
|
plugins: [
|
||||||
genericOAuth({
|
genericOAuth({
|
||||||
config: [
|
config: [
|
||||||
@@ -170,8 +176,6 @@ export async function initAuth(): Promise<void> {
|
|||||||
const hasGoogle = !!(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET);
|
const hasGoogle = !!(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET);
|
||||||
const hasGitHub = !!(process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET);
|
const hasGitHub = !!(process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET);
|
||||||
|
|
||||||
const callbackBase = `${BETTER_AUTH_URL}/api/auth/callback`;
|
|
||||||
|
|
||||||
// Build Better-Auth instance using resolved config
|
// Build Better-Auth instance using resolved config
|
||||||
authInstance = betterAuth({
|
authInstance = betterAuth({
|
||||||
database: drizzleAdapter(db, {
|
database: drizzleAdapter(db, {
|
||||||
@@ -179,6 +183,15 @@ export async function initAuth(): Promise<void> {
|
|||||||
}),
|
}),
|
||||||
secret: BETTER_AUTH_SECRET,
|
secret: BETTER_AUTH_SECRET,
|
||||||
baseURL: BETTER_AUTH_URL,
|
baseURL: BETTER_AUTH_URL,
|
||||||
|
rateLimit: {
|
||||||
|
enabled: true,
|
||||||
|
max: 10,
|
||||||
|
window: 60,
|
||||||
|
storage: "database",
|
||||||
|
},
|
||||||
|
account: {
|
||||||
|
storeStateStrategy: "cookie" as const,
|
||||||
|
},
|
||||||
plugins: [
|
plugins: [
|
||||||
genericOAuth({
|
genericOAuth({
|
||||||
config: [
|
config: [
|
||||||
@@ -205,14 +218,12 @@ export async function initAuth(): Promise<void> {
|
|||||||
google: {
|
google: {
|
||||||
clientId: process.env.GOOGLE_CLIENT_ID!,
|
clientId: process.env.GOOGLE_CLIENT_ID!,
|
||||||
clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
|
clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
|
||||||
redirectURI: `${callbackBase}/google`,
|
|
||||||
},
|
},
|
||||||
} : {}),
|
} : {}),
|
||||||
...(hasGitHub ? {
|
...(hasGitHub ? {
|
||||||
github: {
|
github: {
|
||||||
clientId: process.env.GITHUB_CLIENT_ID!,
|
clientId: process.env.GITHUB_CLIENT_ID!,
|
||||||
clientSecret: process.env.GITHUB_CLIENT_SECRET!,
|
clientSecret: process.env.GITHUB_CLIENT_SECRET!,
|
||||||
redirectURI: `${callbackBase}/github`,
|
|
||||||
},
|
},
|
||||||
} : {}),
|
} : {}),
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -23,7 +23,6 @@ if (process.env.AUTH_DISABLED === "true") {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export const authMiddleware: MiddlewareHandler = async (c, next) => {
|
export const authMiddleware: MiddlewareHandler = async (c, next) => {
|
||||||
// Better-Auth's own routes handle their own auth (OAuth callbacks, session mgmt)
|
|
||||||
if (c.req.path.startsWith("/api/auth/")) {
|
if (c.req.path.startsWith("/api/auth/")) {
|
||||||
await next();
|
await next();
|
||||||
return;
|
return;
|
||||||
@@ -37,7 +36,14 @@ export const authMiddleware: MiddlewareHandler = async (c, next) => {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const session = await getAuth().api.getSession({
|
let auth;
|
||||||
|
try {
|
||||||
|
auth = getAuth();
|
||||||
|
} catch {
|
||||||
|
return c.json({ error: "Authentication not configured" }, 503);
|
||||||
|
}
|
||||||
|
|
||||||
|
const session = await auth.api.getSession({
|
||||||
headers: c.req.raw.headers,
|
headers: c.req.raw.headers,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import type { MiddlewareHandler } from "hono";
|
import type { MiddlewareHandler } from "hono";
|
||||||
import { and, eq, getDb, isNull, staff } from "@groombook/db";
|
import { eq, getDb, staff } from "@groombook/db";
|
||||||
|
|
||||||
export type StaffRole = "groomer" | "receptionist" | "manager";
|
export type StaffRole = "groomer" | "receptionist" | "manager";
|
||||||
export type StaffRow = typeof staff.$inferSelect;
|
export type StaffRow = typeof staff.$inferSelect;
|
||||||
@@ -90,25 +90,6 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
|
|||||||
.from(staff)
|
.from(staff)
|
||||||
.where(eq(staff.oidcSub, jwt.sub));
|
.where(eq(staff.oidcSub, jwt.sub));
|
||||||
if (!fallbackRow) {
|
if (!fallbackRow) {
|
||||||
// Auto-link: staff record exists with matching email but no userId — link it now
|
|
||||||
if (jwt.email) {
|
|
||||||
const [linkedStaff] = await db
|
|
||||||
.select()
|
|
||||||
.from(staff)
|
|
||||||
.where(and(eq(staff.email, jwt.email), isNull(staff.userId)));
|
|
||||||
if (linkedStaff) {
|
|
||||||
await db
|
|
||||||
.update(staff)
|
|
||||||
.set({ userId: jwt.sub })
|
|
||||||
.where(eq(staff.id, linkedStaff.id));
|
|
||||||
console.log(
|
|
||||||
`[rbac] Auto-linked staff ${linkedStaff.id} to Better-Auth user ${jwt.sub} via email ${jwt.email}`
|
|
||||||
);
|
|
||||||
c.set("staff", linkedStaff);
|
|
||||||
await next();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return c.json(
|
return c.json(
|
||||||
{ error: "Forbidden: no staff record found for authenticated user" },
|
{ error: "Forbidden: no staff record found for authenticated user" },
|
||||||
403
|
403
|
||||||
|
|||||||
@@ -9,6 +9,17 @@ export const setupRouter = new Hono<AppEnv>();
|
|||||||
// GET /api/setup/status — public (no auth), returns whether setup is needed
|
// GET /api/setup/status — public (no auth), returns whether setup is needed
|
||||||
// and whether the auth provider bootstrap step should be shown
|
// and whether the auth provider bootstrap step should be shown
|
||||||
setupRouter.get("/status", async (c) => {
|
setupRouter.get("/status", async (c) => {
|
||||||
|
const skipOobe = ["true", "1", "yes"].includes((process.env.SKIP_OOBE || "").toLowerCase());
|
||||||
|
if (skipOobe) {
|
||||||
|
return c.json({
|
||||||
|
needsSetup: false,
|
||||||
|
showAuthProviderStep: false,
|
||||||
|
authConfigExists: false,
|
||||||
|
authEnvVarsSet: false,
|
||||||
|
skipped: true,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
const db = getDb();
|
const db = getDb();
|
||||||
|
|
||||||
// Check if any super user exists
|
// Check if any super user exists
|
||||||
|
|||||||
@@ -18,6 +18,10 @@ const createStaffSchema = z.object({
|
|||||||
|
|
||||||
const updateStaffSchema = createStaffSchema.partial().omit({ email: true });
|
const updateStaffSchema = createStaffSchema.partial().omit({ email: true });
|
||||||
|
|
||||||
|
const linkUserSchema = z.object({
|
||||||
|
userId: z.string().min(1),
|
||||||
|
});
|
||||||
|
|
||||||
staffRouter.get("/me", async (c) => {
|
staffRouter.get("/me", async (c) => {
|
||||||
const staffRow = c.get("staff");
|
const staffRow = c.get("staff");
|
||||||
return c.json(staffRow);
|
return c.json(staffRow);
|
||||||
@@ -106,6 +110,32 @@ staffRouter.patch("/:id", zValidator("json", updateStaffSchema), async (c) => {
|
|||||||
return c.json(row);
|
return c.json(row);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
staffRouter.patch("/:id/link-user", zValidator("json", linkUserSchema), async (c) => {
|
||||||
|
const db = getDb();
|
||||||
|
const targetId = c.req.param("id");
|
||||||
|
const body = c.req.valid("json");
|
||||||
|
const currentStaff = c.get("staff");
|
||||||
|
|
||||||
|
if (currentStaff.role !== "manager" && !currentStaff.isSuperUser) {
|
||||||
|
return c.json({ error: "Forbidden: only managers or super users can link staff to users" }, 403);
|
||||||
|
}
|
||||||
|
|
||||||
|
const [existing] = await db
|
||||||
|
.select()
|
||||||
|
.from(staff)
|
||||||
|
.where(eq(staff.id, targetId))
|
||||||
|
.limit(1);
|
||||||
|
if (!existing) return c.json({ error: "Not found" }, 404);
|
||||||
|
|
||||||
|
const [updated] = await db
|
||||||
|
.update(staff)
|
||||||
|
.set({ userId: body.userId, updatedAt: new Date() })
|
||||||
|
.where(eq(staff.id, targetId))
|
||||||
|
.returning();
|
||||||
|
|
||||||
|
return c.json(updated);
|
||||||
|
});
|
||||||
|
|
||||||
staffRouter.delete("/:id", async (c) => {
|
staffRouter.delete("/:id", async (c) => {
|
||||||
const db = getDb();
|
const db = getDb();
|
||||||
const id = c.req.param("id");
|
const id = c.req.param("id");
|
||||||
|
|||||||
@@ -85,6 +85,7 @@ test("admin staff page loads", async ({ page }) => {
|
|||||||
|
|
||||||
test("admin invoices page loads", async ({ page }) => {
|
test("admin invoices page loads", async ({ page }) => {
|
||||||
await page.goto("/admin/invoices");
|
await page.goto("/admin/invoices");
|
||||||
|
await page.waitForLoadState("domcontentloaded");
|
||||||
await expect(page.getByText("GroomBook")).toBeVisible();
|
await expect(page.getByText("GroomBook")).toBeVisible();
|
||||||
await expect(page.getByRole("link", { name: "Invoices" })).toBeVisible();
|
await expect(page.getByRole("link", { name: "Invoices" })).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -3,13 +3,13 @@ kind: Kustomization
|
|||||||
namespace: groombook-uat
|
namespace: groombook-uat
|
||||||
images:
|
images:
|
||||||
- name: ghcr.io/groombook/api
|
- name: ghcr.io/groombook/api
|
||||||
newTag: "2026.04.03-90be1be"
|
newTag: "2026.04.12-15131b7"
|
||||||
- name: ghcr.io/groombook/web
|
- name: ghcr.io/groombook/web
|
||||||
newTag: "2026.04.03-90be1be"
|
newTag: "2026.04.12-15131b7"
|
||||||
- name: ghcr.io/groombook/migrate
|
- name: ghcr.io/groombook/migrate
|
||||||
newTag: "2026.04.03-90be1be"
|
newTag: "2026.04.12-15131b7"
|
||||||
- name: ghcr.io/groombook/seed
|
- name: ghcr.io/groombook/seed
|
||||||
newTag: "2026.04.03-90be1be"
|
newTag: "2026.04.12-15131b7"
|
||||||
resources:
|
resources:
|
||||||
- ../../base
|
- ../../base
|
||||||
- postgres-sealed-secret.yaml
|
- postgres-sealed-secret.yaml
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@groombook/types": "workspace:*",
|
"@groombook/types": "workspace:*",
|
||||||
"@tailwindcss/vite": "^4.2.2",
|
"@tailwindcss/vite": "^4.2.2",
|
||||||
"better-auth": "^1.0.0",
|
"better-auth": "^1.5.6",
|
||||||
"lucide-react": "^0.577.0",
|
"lucide-react": "^0.577.0",
|
||||||
"react": "^19.0.0",
|
"react": "^19.0.0",
|
||||||
"react-dom": "^19.0.0",
|
"react-dom": "^19.0.0",
|
||||||
|
|||||||
+80
-36
@@ -1,4 +1,4 @@
|
|||||||
import { Routes, Route, Link, useLocation, Navigate } from "react-router-dom";
|
import { Routes, Route, Link, useLocation, Navigate, useNavigate } from "react-router-dom";
|
||||||
import { useEffect, useState } from "react";
|
import { useEffect, useState } from "react";
|
||||||
import { AppointmentsPage } from "./pages/Appointments.js";
|
import { AppointmentsPage } from "./pages/Appointments.js";
|
||||||
import { ClientsPage } from "./pages/Clients.js";
|
import { ClientsPage } from "./pages/Clients.js";
|
||||||
@@ -18,22 +18,31 @@ import { DevLoginSelector, getDevUser } from "./pages/DevLoginSelector.js";
|
|||||||
import { DevSessionIndicator } from "./components/DevSessionIndicator.js";
|
import { DevSessionIndicator } from "./components/DevSessionIndicator.js";
|
||||||
import { BrandingProvider, useBranding } from "./BrandingContext.js";
|
import { BrandingProvider, useBranding } from "./BrandingContext.js";
|
||||||
import { GlobalSearch } from "./components/GlobalSearch.js";
|
import { GlobalSearch } from "./components/GlobalSearch.js";
|
||||||
import { useSession, signIn } from "./lib/auth-client.js";
|
import { useSession, signIn, signOut } from "./lib/auth-client.js";
|
||||||
|
|
||||||
function LoginPage() {
|
function LoginPage() {
|
||||||
const [isLoading, setIsLoading] = useState(false);
|
const [isLoading, setIsLoading] = useState(false);
|
||||||
const [providers, setProviders] = useState<string[]>([]);
|
const [providers, setProviders] = useState<string[]>([]);
|
||||||
|
const [error, setError] = useState<string | null>(null);
|
||||||
|
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
fetch("/api/auth/providers")
|
fetch("/api/auth/providers")
|
||||||
.then((r) => r.json())
|
.then((r) => r.json())
|
||||||
.then((data) => setProviders(data.providers ?? []))
|
.then((data) => setProviders(data.providers ?? []))
|
||||||
.catch(() => setProviders([]));
|
.catch(() => setProviders([]));
|
||||||
|
const params = new URLSearchParams(window.location.search);
|
||||||
|
const authError = params.get("error");
|
||||||
|
if (authError) setError(authError.replace(/_/g, " "));
|
||||||
}, []);
|
}, []);
|
||||||
|
|
||||||
const handleSocialLogin = async (provider: string) => {
|
const handleSocialLogin = async (provider: string) => {
|
||||||
setIsLoading(true);
|
setIsLoading(true);
|
||||||
await signIn.social({ provider, callbackURL: window.location.origin });
|
setError(null);
|
||||||
|
const result = await signIn.social({ provider, callbackURL: window.location.origin });
|
||||||
|
if (result?.error) {
|
||||||
|
setError(result.error.message ?? "Sign-in failed");
|
||||||
|
setIsLoading(false);
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
const isGoogle = providers.includes("google");
|
const isGoogle = providers.includes("google");
|
||||||
@@ -65,6 +74,11 @@ function LoginPage() {
|
|||||||
<p style={{ color: "#6b7280", marginBottom: "1.5rem", fontSize: 14 }}>
|
<p style={{ color: "#6b7280", marginBottom: "1.5rem", fontSize: 14 }}>
|
||||||
Sign in to continue
|
Sign in to continue
|
||||||
</p>
|
</p>
|
||||||
|
{error && (
|
||||||
|
<div style={{ background: "#fef2f2", border: "1px solid #fecaca", borderRadius: 6, padding: "0.5rem 0.75rem", marginBottom: "1rem", color: "#991b1b", fontSize: 13 }}>
|
||||||
|
{error}
|
||||||
|
</div>
|
||||||
|
)}
|
||||||
{isGoogle && (
|
{isGoogle && (
|
||||||
<button
|
<button
|
||||||
onClick={() => handleSocialLogin("google")}
|
onClick={() => handleSocialLogin("google")}
|
||||||
@@ -167,6 +181,7 @@ const NAV_LINKS = [
|
|||||||
|
|
||||||
function AdminLayout() {
|
function AdminLayout() {
|
||||||
const location = useLocation();
|
const location = useLocation();
|
||||||
|
const navigate = useNavigate();
|
||||||
const { branding } = useBranding();
|
const { branding } = useBranding();
|
||||||
|
|
||||||
const logoSrc = branding.logoBase64 && branding.logoMimeType
|
const logoSrc = branding.logoBase64 && branding.logoMimeType
|
||||||
@@ -195,6 +210,7 @@ function AdminLayout() {
|
|||||||
alignItems: "center",
|
alignItems: "center",
|
||||||
gap: 8,
|
gap: 8,
|
||||||
marginRight: "1.25rem",
|
marginRight: "1.25rem",
|
||||||
|
flexShrink: 0,
|
||||||
}}>
|
}}>
|
||||||
{logoSrc && (
|
{logoSrc && (
|
||||||
<img src={logoSrc} alt="" style={{ width: 24, height: 24, objectFit: "contain" }} />
|
<img src={logoSrc} alt="" style={{ width: 24, height: 24, objectFit: "contain" }} />
|
||||||
@@ -208,45 +224,73 @@ function AdminLayout() {
|
|||||||
</strong>
|
</strong>
|
||||||
</div>
|
</div>
|
||||||
<GlobalSearch />
|
<GlobalSearch />
|
||||||
<Link
|
<div style={{
|
||||||
to="/admin/book"
|
display: "flex",
|
||||||
|
overflowX: "auto",
|
||||||
|
flex: 1,
|
||||||
|
minWidth: 0,
|
||||||
|
gap: "0.25rem",
|
||||||
|
}}>
|
||||||
|
<Link
|
||||||
|
to="/admin/book"
|
||||||
|
style={{
|
||||||
|
padding: "0.4rem 0.85rem",
|
||||||
|
borderRadius: 6,
|
||||||
|
textDecoration: "none",
|
||||||
|
fontSize: 13,
|
||||||
|
fontWeight: 600,
|
||||||
|
color: "#fff",
|
||||||
|
background: branding.primaryColor,
|
||||||
|
boxShadow: "0 1px 2px rgba(79, 138, 111, 0.3)",
|
||||||
|
flexShrink: 0,
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
Book
|
||||||
|
</Link>
|
||||||
|
{NAV_LINKS.map(({ to, label }) => {
|
||||||
|
const active =
|
||||||
|
to === "/admin"
|
||||||
|
? location.pathname === "/admin"
|
||||||
|
: location.pathname.startsWith(to);
|
||||||
|
return (
|
||||||
|
<Link
|
||||||
|
key={to}
|
||||||
|
to={to}
|
||||||
|
style={{
|
||||||
|
padding: "0.4rem 0.75rem",
|
||||||
|
borderRadius: 6,
|
||||||
|
textDecoration: "none",
|
||||||
|
fontSize: 13,
|
||||||
|
fontWeight: active ? 600 : 500,
|
||||||
|
color: active ? "#2d6a4f" : "#4b5563",
|
||||||
|
background: active ? "#ecfdf5" : "transparent",
|
||||||
|
flexShrink: 0,
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
{label}
|
||||||
|
</Link>
|
||||||
|
);
|
||||||
|
})}
|
||||||
|
</div>
|
||||||
|
<button
|
||||||
|
onClick={async () => {
|
||||||
|
await signOut();
|
||||||
|
navigate("/login");
|
||||||
|
}}
|
||||||
style={{
|
style={{
|
||||||
|
flexShrink: 0,
|
||||||
padding: "0.4rem 0.85rem",
|
padding: "0.4rem 0.85rem",
|
||||||
borderRadius: 6,
|
borderRadius: 6,
|
||||||
textDecoration: "none",
|
border: "1px solid #e2e8f0",
|
||||||
|
background: "#fff",
|
||||||
|
color: "#4b5563",
|
||||||
fontSize: 13,
|
fontSize: 13,
|
||||||
fontWeight: 600,
|
fontWeight: 500,
|
||||||
color: "#fff",
|
cursor: "pointer",
|
||||||
background: branding.primaryColor,
|
|
||||||
marginRight: "0.5rem",
|
|
||||||
boxShadow: "0 1px 2px rgba(79, 138, 111, 0.3)",
|
|
||||||
}}
|
}}
|
||||||
>
|
>
|
||||||
Book
|
Logout
|
||||||
</Link>
|
</button>
|
||||||
{NAV_LINKS.map(({ to, label }) => {
|
|
||||||
const active =
|
|
||||||
to === "/admin"
|
|
||||||
? location.pathname === "/admin"
|
|
||||||
: location.pathname.startsWith(to);
|
|
||||||
return (
|
|
||||||
<Link
|
|
||||||
key={to}
|
|
||||||
to={to}
|
|
||||||
style={{
|
|
||||||
padding: "0.4rem 0.75rem",
|
|
||||||
borderRadius: 6,
|
|
||||||
textDecoration: "none",
|
|
||||||
fontSize: 13,
|
|
||||||
fontWeight: active ? 600 : 500,
|
|
||||||
color: active ? "#2d6a4f" : "#4b5563",
|
|
||||||
background: active ? "#ecfdf5" : "transparent",
|
|
||||||
}}
|
|
||||||
>
|
|
||||||
{label}
|
|
||||||
</Link>
|
|
||||||
);
|
|
||||||
})}
|
|
||||||
</nav>
|
</nav>
|
||||||
<main style={{ padding: "1.25rem 1.5rem" }}>
|
<main style={{ padding: "1.25rem 1.5rem" }}>
|
||||||
<Routes>
|
<Routes>
|
||||||
|
|||||||
@@ -41,11 +41,11 @@ export default defineConfig({
|
|||||||
workbox: {
|
workbox: {
|
||||||
globPatterns: ["**/*.{js,css,html,ico,png,svg,woff2}"],
|
globPatterns: ["**/*.{js,css,html,ico,png,svg,woff2}"],
|
||||||
navigateFallbackDenylist: [
|
navigateFallbackDenylist: [
|
||||||
/^\/api\/auth\/oauth2\/callback\//,
|
/^\/api\/auth\//,
|
||||||
],
|
],
|
||||||
runtimeCaching: [
|
runtimeCaching: [
|
||||||
{
|
{
|
||||||
urlPattern: /^http.*\/api\/.*/i,
|
urlPattern: /^http.*\/api\/(?!auth\/).*/i,
|
||||||
handler: "NetworkFirst",
|
handler: "NetworkFirst",
|
||||||
options: {
|
options: {
|
||||||
cacheName: "api-cache",
|
cacheName: "api-cache",
|
||||||
|
|||||||
+1
-1
Submodule infra updated: 49575eb4f6...d6c0d13d02
@@ -0,0 +1,6 @@
|
|||||||
|
-- Better-Auth rate limiting table (GRO-574)
|
||||||
|
CREATE TABLE "rate_limit" (
|
||||||
|
key TEXT NOT NULL PRIMARY KEY,
|
||||||
|
count INTEGER NOT NULL,
|
||||||
|
last_request BIGINT NOT NULL
|
||||||
|
);
|
||||||
@@ -176,6 +176,13 @@
|
|||||||
"when": 1775396067192,
|
"when": 1775396067192,
|
||||||
"tag": "0024_invoice_indexes",
|
"tag": "0024_invoice_indexes",
|
||||||
"breakpoints": true
|
"breakpoints": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"idx": 25,
|
||||||
|
"version": "7",
|
||||||
|
"when": 1775482467192,
|
||||||
|
"tag": "0025_rate_limit",
|
||||||
|
"breakpoints": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
Generated
+1
-1
@@ -87,7 +87,7 @@ importers:
|
|||||||
specifier: ^4.2.2
|
specifier: ^4.2.2
|
||||||
version: 4.2.2(vite@6.4.1(@types/node@22.19.15)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.46.1)(tsx@4.21.0))
|
version: 4.2.2(vite@6.4.1(@types/node@22.19.15)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.46.1)(tsx@4.21.0))
|
||||||
better-auth:
|
better-auth:
|
||||||
specifier: ^1.0.0
|
specifier: ^1.5.6
|
||||||
version: 1.5.6(@opentelemetry/api@1.9.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(vitest@3.2.4(@types/node@22.19.15)(jiti@2.6.1)(jsdom@26.1.0)(lightningcss@1.32.0)(terser@5.46.1)(tsx@4.21.0))
|
version: 1.5.6(@opentelemetry/api@1.9.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(vitest@3.2.4(@types/node@22.19.15)(jiti@2.6.1)(jsdom@26.1.0)(lightningcss@1.32.0)(terser@5.46.1)(tsx@4.21.0))
|
||||||
lucide-react:
|
lucide-react:
|
||||||
specifier: ^0.577.0
|
specifier: ^0.577.0
|
||||||
|
|||||||
Reference in New Issue
Block a user