From 331ed40234737c9929f0e2c45003fef9e5d4774c Mon Sep 17 00:00:00 2001 From: adilallo <39313955+adilallo@users.noreply.github.com> Date: Sat, 4 Apr 2026 23:13:04 -0600 Subject: [PATCH] Initiate backend setup --- .env.example | 2 +- CONTRIBUTING.md | 6 +++--- docs/backend-linear-tickets.md | 4 ++-- docs/backend-roadmap.md | 6 +++--- package.json | 5 +---- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/.env.example b/.env.example index 62e14ab..0e71b68 100644 --- a/.env.example +++ b/.env.example @@ -1,4 +1,4 @@ -# Copy to `.env.local` for local development (never commit real secrets). +# Copy to `.env` for local development (never commit real secrets). # PostgreSQL — use `docker compose up -d postgres` and match user/db/password. DATABASE_URL="postgresql://communityrule:communityrule@localhost:5432/communityrule" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ce105d0..fa18910 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,8 +2,8 @@ ## Backend (local) -1. Copy [`.env.example`](.env.example) to `.env.local` and set `SESSION_SECRET` (at least 16 characters). -2. Start Postgres (and optional Mailhog): `docker compose up -d postgres mailhog`. On Apple Silicon, Mailhog is configured for `linux/amd64` in [`docker-compose.yml`](docker-compose.yml) (clear emulation path). You can use `docker compose up -d postgres` only and read OTPs from the dev server log instead of Mailhog (see `.env.example`). +1. Copy [`.env.example`](.env.example) to `.env` and set `SESSION_SECRET` (at least 16 characters). +2. `docker compose up -d postgres mailhog` — omit `mailhog` if you only need Postgres; with `SMTP_URL` unset, OTPs are printed in the dev server log (see `.env.example`). 3. Install dependencies: `npm ci` 4. Apply migrations: `npx prisma migrate dev` 5. Run the app: `npm run dev` @@ -30,7 +30,7 @@ Use `npx prisma studio` to inspect the database. ### Optional draft sync -Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env.local` so the create flow saves drafts to the server when a user is logged in. +Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env` so the create flow saves drafts to the server when a user is logged in. ## Frontend / tests diff --git a/docs/backend-linear-tickets.md b/docs/backend-linear-tickets.md index 8c9bbb4..23aeeeb 100644 --- a/docs/backend-linear-tickets.md +++ b/docs/backend-linear-tickets.md @@ -16,7 +16,7 @@ Use this if you **do not** have SSH or hosting access yet. Most engineering tick ### You do **not** need the server admin for -- **Tickets 1–8, 10:** Everything runs on your machine: `docker compose up -d postgres mailhog`, `.env.local`, `npm run dev`, `npx prisma migrate dev`. OTP email can use Mailhog or dev log (no real SMTP). +- **Tickets 1–8, 10:** Everything runs on your machine: `docker compose up -d postgres mailhog`, `.env`, `npm run dev`, `npx prisma migrate dev`. OTP email can use Mailhog or dev log (no real SMTP). - **Verifying APIs:** Use `localhost` and the same Docker Postgres—no production host. ### The **first** time you need someone with hosting access @@ -34,7 +34,7 @@ Ask the admin to provide (or do for you) the items below—**Ticket 12** turns t | **DNS for mail** | Often **SPF/DKIM** so OTP messages are not spam—admin or whoever owns DNS. | | **TLS + hostname** | HTTPS URL for the site; reverse proxy (nginx, Caddy, etc.) in front of Node. | | **Health check** | Load balancer or platform should probe **`GET /api/health`** (or your chosen path). | -| **Secrets storage** | Env vars or secret manager—never commit `.env.local`. | +| **Secrets storage** | Env vars or secret manager—never commit `.env` with secrets. | | **Backups** | Postgres backup/restore for production (and ideally staging). | Optional: **Docker image deploy** using the repo [Dockerfile](Dockerfile)—admin builds/pushes/runs the container with the env vars above. diff --git a/docs/backend-roadmap.md b/docs/backend-roadmap.md index 4cbc0a9..460bf1f 100644 --- a/docs/backend-roadmap.md +++ b/docs/backend-roadmap.md @@ -126,7 +126,7 @@ Match the current API behavior; tighten as product evolves: --- -**Step 1.** Copy `.env.example` to `.env.local`. Set `DATABASE_URL` and secrets (see file comments). +**Step 1.** Copy `.env.example` to `.env`. Set `DATABASE_URL` and secrets (see file comments). **Step 2.** Start Postgres locally: @@ -162,7 +162,7 @@ npm run dev **Step 9.** **Templates** (when ready): seed `RuleTemplate` rows; `GET /api/templates` is implemented. -**Step 10.** **Frontend sync**: Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env.local` for server drafts when logged in; `localStorage` remains fallback when off or anonymous. +**Step 10.** **Frontend sync**: Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env` for server drafts when logged in; `localStorage` remains fallback when off or anonymous. **Step 11.** **Web vitals:** Move off `.next` files—**prefer an external analytics or logging pipeline** (see §7). Use Postgres for vitals only as a deliberate ops choice. @@ -173,7 +173,7 @@ npm run dev - **HTTPS** in staging/production; session cookie **Secure**. - **Rate-limit** OTP (in-memory OK for one instance; **shared store before multi-instance**—see §5). - **Hash** OTP codes and session tokens before storing; short OTP expiry. -- **Secrets** only in env / secret store — never commit `.env.local`. +- **Secrets** only in env / secret store — never commit `.env` with real values. - **CORS:** prefer **same-origin** `/api/*`; if cross-origin, configure CORS and CSRF carefully. --- diff --git a/package.json b/package.json index 609d5b2..872e8c5 100644 --- a/package.json +++ b/package.json @@ -40,10 +40,7 @@ "analyze:server": "ANALYZE=true npm run build", "analyze:browser": "BUNDLE_ANALYZE=true npm run build", "bundle:analyze": "node scripts/bundle-analyzer.js", - "db:generate": "prisma generate", - "db:migrate": "prisma migrate dev", - "db:deploy": "prisma migrate deploy", - "db:studio": "prisma studio" + "db:deploy": "prisma migrate deploy" }, "dependencies": { "@mdx-js/loader": "^3.1.1",