k1nq/TREK

mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 21:31:46 +00:00

Files

T

Maurice a876fb2634 feat: Passkey (WebAuthn) login (#1111 )

* feat(auth): passkey (WebAuthn) login — server endpoints, schema + admin toggle

Add @simplewebauthn/server registration and primary (discoverable) login ceremonies under /api/auth/passkey, a webauthn_credentials + single-use webauthn_challenges schema (migration), the instance-wide passkey_login toggle (default off) enforced before auth by a guard, and require_mfa satisfaction via a verified passkey. RP ID/origin come only from server config (webauthn_rp_id/origins -> APP_URL), never request headers.

* feat(auth): passkey enrolment, login button + admin settings UI

PasskeysSection in account settings (add/rename/remove with a current-password step-up), a 'Sign in with a passkey' button on the login page, the admin enable + RP-ID/origins controls, and a per-user admin reset action.

* i18n(auth): passkey strings across all locales

Add login/settings/admin passkey keys to en and all 19 translated locales.

2026-06-05 18:54:13 +02:00

scripts

Migrate TREK 3 to NestJS + React 19 (shared Zod contracts) (#1087 )

2026-05-31 21:10:00 +02:00

src

feat: Passkey (WebAuthn) login (#1111 )

2026-06-05 18:54:13 +02:00

.prettierrc

chore: fix monorepo build pipeline and migrate shared to built package (#1056 )

2026-05-25 21:44:58 +02:00

eslint.config.mjs

chore: move i18n to shared package (#1066 )

2026-05-26 20:27:29 +02:00

package.json

feat(reservations): native booking-confirmation import via KDE KItinerary (#1102 )

2026-06-04 20:40:57 +02:00

README.md

Phase 0 — NestJS + Zod foundation harness (F1–F8) (#1050 )

2026-05-25 14:29:30 +02:00

tsconfig.json

chore: fix monorepo build pipeline and migrate shared to built package (#1056 )

2026-05-25 21:44:58 +02:00

tsup.config.ts

chore: move i18n to shared package (#1066 )

2026-05-26 20:27:29 +02:00

README.md

@trek/shared

Single source of truth for TREK's API contracts, expressed as Zod schemas and consumed by both the server (request validation + inferred DTO types) and the client (typed requests/responses).

This package is part of the incremental NestJS + React 19 migration (see the "Brownfield Rewrite" board). It is intentionally dormant until modules start importing it — adding it changes nothing for users.

Rules

One folder per domain: src/<domain>/<domain>.schema.ts (+ .spec.ts).
Domain-agnostic building blocks live in src/common/.
A route is only considered migrated once its contract lives here.
Schemas are the source of truth; server DTOs and client types are inferred from them (z.infer<typeof schema>), never hand-duplicated.

Consumption (dev)

Both apps resolve @trek/shared to this package's TypeScript source:

Server (tsx): via paths in server/tsconfig.json.
Client (vite): via resolve.alias in client/vite.config.ts (+ paths for the type-checker).

Production packaging (Docker / workspace wiring) is introduced in card F2, when the server first depends on this package at runtime. Until then prod builds are untouched.

Not yet here

The canonical error envelope is finalised in card F5 (it must match TREK's current Express error responses byte-for-byte), so it is deliberately not invented in F1.