mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 19:41:09 +02:00
92bee0d71a
First milestone of the unlisted-share rollout plan (docs/plans/
unlisted-sharing.md). Adds the server-side infrastructure that backs
`visibility='unlisted'` — previously the flag was stamped locally but
led nowhere. After this commit, a token points at an actual snapshot
the SSR share-page will render (M8.3+).
Scope: backend only. No client-side publish/revoke calls yet, no
share-route, no UI. That lands in M8.2/M8.3. Anyone hitting the
endpoints manually with curl can exercise the full publish-fetch-
revoke cycle.
Changes:
- New pgSchema `unlisted` with table `snapshots`:
token (pk, 32-char base64url)
user_id, space_id, collection, record_id, blob (jsonb)
created_at, updated_at, expires_at (nullable), revoked_at
Partial unique index on (user_id, collection, record_id) WHERE
revoked_at IS NULL so one record has at most one active token.
Partial btree on expires_at for the cron-cleanup path.
- Hand-authored SQL migration `apps/api/drizzle/unlisted/0000_init.sql`
(manual-apply per the repo's feedback_api_hand_authored_migrations
memory). Already applied to the local mana_platform.
- Drizzle schema `apps/api/src/modules/unlisted/schema.ts`. All id
fields are `text` not uuid — Better-Auth nanoids aren't UUIDs, same
trap we hit with the website module's publish bug.
- mana-api module `apps/api/src/modules/unlisted/`:
POST /api/v1/unlisted/:collection/:recordId (auth)
Body: { spaceId, blob, expiresAt? }. Re-publish reuses the
existing active token (by (user,collection,record) lookup); a
revoke-then-republish mints a fresh token row. Response includes
a fully-qualified share URL built from Origin/Referer/env.
DELETE /api/v1/unlisted/:collection/:recordId (auth)
Soft-revoke. Idempotent — already-revoked returns
{ revoked: 0 } cleanly so client stores can call it
unconditionally on setVisibility-away.
GET /api/v1/unlisted/public/:token (public)
Rate-limited 20/min/token + 60/min/ip so token enumeration is
impractical. 404 for unknown, 410 Gone for revoked or expired.
Cache-Control: private, max-age=60 + X-Robots-Tag: noindex for
SEO isolation. Returns { token, collection, blob, createdAt,
updatedAt, expiresAt }.
- ALLOWED_COLLECTIONS hardcoded allowlist in POST handler
(events, libraryEntries, places — the M8.3+M8.4 scope). Unknown
collection -> 400 COLLECTION_NOT_ALLOWED. Keeps the schema honest
about what the server accepts.
- drizzle.config extended to include the new schema in managed
migrations.
- index.ts wires unlistedPublicRoutes pre-auth (before
authMiddleware) and unlistedRoutes post-auth.
Verified:
- Migration applied to mana_platform — `unlisted.snapshots` exists
with both partial indexes.
- pnpm run type-check (api): clean
- pnpm run validate:all: theme-tokens, theme-parity, crypto-registry,
encrypted-tools all green
- URL build uses Origin/Referer before the env fallback so dev
(http://localhost:5173) and prod (https://mana.how) both work
without env churn.
Next: M8.2 — shared-privacy client helper + SharedLinkControls
component.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| architecture | ||
| central-services | ||
| decisions | ||
| future | ||
| modules | ||
| observability | ||
| optimizable | ||
| plans | ||
| postmortems | ||
| reports | ||
| test-examples | ||
| ANALYTICS.md | ||
| APP_GAP_ANALYSIS.md | ||
| APP_ONBOARDING.md | ||
| ARCHITECTURE_MIGRATION_REPORT.md | ||
| CAPACITY_PLANNING.md | ||
| CARDS_POSTGRES_MIGRATION.md | ||
| CLOUDFLARE_DOMAINS.md | ||
| CLOUDFLARE_FALLBACK.md | ||
| CLUSTER_HARDWARE_ANALYSE.md | ||
| complexity-hotspots.md | ||
| complexity-map.html | ||
| CONTEXT_INTELLIGENCE_REPORT.md | ||
| DATABASE_MIGRATIONS.md | ||
| DEPLOYMENT.md | ||
| DEVELOPMENT_SCRIPTS.md | ||
| DEVLOG_GUIDELINES.md | ||
| DISCORD_NOTIFICATIONS_SETUP.md | ||
| DOCKER_GUIDE.md | ||
| ENVIRONMENT_VARIABLES.md | ||
| ERROR_TRACKING.md | ||
| EXPO_SDK_UPGRADE.md | ||
| EXTERNAL_SERVICES.md | ||
| EXTERNAL_SSD_OPPORTUNITIES.md | ||
| FIX_COLIMA_MOUNTS.md | ||
| GIT_WORKFLOW.md | ||
| I18N.md | ||
| LOCAL_DEVELOPMENT.md | ||
| LOCAL_LLM_MODELS.md | ||
| LOCAL_STT_MODELS.md | ||
| MAC_MINI_SERVER.md | ||
| MAIL_SERVER.md | ||
| MANA_BOX_HARDWARE.md | ||
| MANA_EARNING_SYSTEM.md | ||
| MANA_VALUES.md | ||
| MICROSERVICES_API_OVERVIEW.md | ||
| MOBILE_DESKTOP_APP_STRATEGY.md | ||
| module-coupling.md | ||
| module-health.md | ||
| MODULE_REGISTRY.md | ||
| MONETIZATION_REPORT.md | ||
| MONITORING.md | ||
| OBSERVABILITY_GAPS.md | ||
| OLLAMA_MODELS.md | ||
| PLAN_TAURI_V2.md | ||
| PORT_SCHEMA.md | ||
| POSTGRES_BACKUP.md | ||
| PRE_LAUNCH_CLEANUP.md | ||
| PROD_READINESS_SCORE.md | ||
| PROJECT_OVERVIEW.md | ||
| PWA_GUIDE.md | ||
| RECOMMENDED_SERVICES.md | ||
| REFACTORING_AUDIT_2026_04.md | ||
| SEPA_ACTIVATION_CHECKLIST.md | ||
| SETUP_TEMPLATES.md | ||
| SHARED_PACKAGES_ROADMAP.md | ||
| SYNC_BILLING_PLAN.md | ||
| TECH_STACK_INDEPENDENCE.md | ||
| TECHNOLOGY_AUDIT_2026_03.md | ||
| TESTING_DEPLOYMENT_CHECKLIST.md | ||
| URL_SCHEMA.md | ||
| USER_SETTINGS.md | ||
| VERSIONING.md | ||
| WHO_MODULE.md | ||
| WINDOWS_GPU_SERVER_SETUP.md | ||