k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-21 06:11:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Migrate TREK 3 to NestJS + React 19 with a shared Zod contract layer

Browse Source 
Brownfield strangler migration of the backend onto NestJS modules
(auth, trips, days, places, assignments, packing, todo, budget,
reservations, collab, files, photos, journey, share, settings, backup,
oidc, oauth, admin, atlas, vacay, weather, airports, maps, categories,
tags, notifications, system-notices) served through a per-prefix
dispatcher, keeping the existing SQLite/better-sqlite3 DB and JWT
httpOnly cookie auth, with behavioural parity for every route.

Client: React 19 upgrade, "page = wiring container + data hook"
pattern across all pages, per-domain Zustand stores bound to
@trek/shared contracts, and decomposition of the large components
(DayPlanSidebar, PackingListPanel, CollabNotes, FileManager,
MemoriesPanel, PlacesSidebar, CollabChat, SystemNoticeModal,
BudgetPanel, PlaceFormModal, ...) into focused render units backed by
in-file hooks.

Apply the shared global request pipeline (helmet/CSP, CORS, HSTS,
forced HTTPS, the global MFA policy and request logging) to the NestJS
instance as well, so a migrated route is protected identically to the
legacy fallback rather than bypassing it.
This commit is contained in:
Maurice
2026-05-30 02:39:26 +02:00
parent 6d2dd37414
commit fc7d8b5d12
347 changed files with 31278 additions and 10381 deletions
Download Patch File Download Diff File Expand all files Collapse all files
shared/src/oidc/oidc.schema.spec.ts
+17
View File
@@ -0,0 +1,17 @@
import { describe, it, expect } from 'vitest';
import { oidcCallbackQuerySchema, oidcExchangeQuerySchema } from './oidc.schema';
describe('oidcCallbackQuerySchema', () => {
it('accepts code+state, an error, or nothing (all optional)', () => {
expect(oidcCallbackQuerySchema.safeParse({ code: 'c', state: 's' }).success).toBe(true);
expect(oidcCallbackQuerySchema.safeParse({ error: 'access_denied' }).success).toBe(true);
expect(oidcCallbackQuerySchema.safeParse({}).success).toBe(true);
});
});
describe('oidcExchangeQuerySchema', () => {
it('requires a code', () => {
expect(oidcExchangeQuerySchema.safeParse({ code: 'c' }).success).toBe(true);
expect(oidcExchangeQuerySchema.safeParse({}).success).toBe(false);
});
});
shared/src/oidc/oidc.schema.ts
+21
View File
@@ -0,0 +1,21 @@
import { z } from 'zod';
/**
* OIDC SSO contract for /api/auth/oidc.
*
* The flow is redirect-based and carries no request bodies — inputs arrive as
* query params (the provider callback's code/state/error, the optional invite on
* /login, and the auth-code on /exchange). These schemas pin those query shapes;
* the cryptographic verification + provisioning live in the OIDC service.
*/
export const oidcCallbackQuerySchema = z.object({
code: z.string().optional(),
state: z.string().optional(),
error: z.string().optional(),
});
export type OidcCallbackQuery = z.infer<typeof oidcCallbackQuerySchema>;
export const oidcExchangeQuerySchema = z.object({
code: z.string(),
});
export type OidcExchangeQuery = z.infer<typeof oidcExchangeQuerySchema>;