makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

chore(18-03): apply 18-01 schema foundation as dependency baseline

Browse Source
This commit is contained in:
Jean-Luc Makiola
2026-04-05 13:04:09 +02:00
parent f7c9f3dc94
commit 89b0496845
20 changed files with 3022 additions and 473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/server/index.ts
View File

@@ -1,6 +1,11 @@
import { Hono } from "hono";
import { serveStatic } from "hono/bun";
import { cors } from "hono/cors";
import {
oidcAuthMiddleware,
processOAuthCallback,
revokeSession,
} from "@hono/oidc-auth";
import { db as prodDb } from "../db/index.ts";
import { seedDefaults } from "../db/seed.ts";
import { mcpRoutes } from "./mcp/index.ts";
@@ -16,7 +21,7 @@ import { threadRoutes } from "./routes/threads.ts";
import { totalRoutes } from "./routes/totals.ts";
// Seed default data on startup
seedDefaults();
await seedDefaults();
const app = new Hono();
@@ -35,6 +40,14 @@ app.get("/api/health", (c) => {
return c.json({ status: "ok" });
});
// ── OIDC Browser Auth (top-level, before /api/* middleware) ───────────
app.get("/login", oidcAuthMiddleware(), async (c) => c.redirect("/"));
app.get("/callback", async (c) => processOAuthCallback(c));
app.get("/logout", async (c) => {
await revokeSession(c);
return c.redirect("/login");
});
// CORS for OAuth and MCP endpoints (required for claude.ai browser-based flows)
app.use("/.well-known/*", cors());
app.use("/oauth/*", cors());
@@ -54,13 +67,13 @@ app.use("/api/*", async (c, next) => {
return next();
});
// Auth middleware for write operations (POST/PUT/PATCH/DELETE) on non-auth routes
// Auth middleware for all data routes (userId must be available for per-user scoping)
app.use("/api/*", async (c, next) => {
// Skip auth routes — they handle their own auth
if (c.req.path.startsWith("/api/auth")) return next();
// Skip GET requests — read is public
if (c.req.method === "GET") return next();
// All other methods require auth
// Skip health check
if (c.req.path === "/api/health") return next();
// All methods require auth for userId resolution
return requireAuth(c, next);
});
@@ -79,9 +92,6 @@ if (process.env.GEARBOX_MCP !== "false") {
app.route("/mcp", mcpRoutes);
}
// Serve uploaded images
app.use("/uploads/*", serveStatic({ root: "./" }));
// Serve Vite-built SPA in production
if (process.env.NODE_ENV === "production") {
app.use("/*", serveStatic({ root: "./dist/client" }));