till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-17 22:09:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
managarten/docs/URL_SCHEMA.md
Till JS bfa8a0a773 fix(mana-auth): /api/v1/auth/login mints JWT via auth.handler instead of api.signInEmail 
Previous attempt (commit 55cc75e7d) tried to fix the broken JWT mint
in /api/v1/auth/login by switching the cookie name from
`mana.session_token` to `__Secure-mana.session_token` for production.
That was necessary but not sufficient: Better Auth's session cookie
value isn't just the raw session token, it's `<token>.<HMAC>` where
the HMAC is derived from the better-auth secret. Reconstructing the
cookie from auth.api.signInEmail's JSON response only gave us the raw
token, so /api/auth/token's get-session middleware still couldn't
validate it and the JWT mint kept silently failing.

Real fix: do the sign-in via auth.handler (the HTTP path) rather than
auth.api.signInEmail (the SDK path). The handler returns a real fetch
Response with a Set-Cookie header containing the fully signed cookie
envelope. We capture that header verbatim and forward it as the cookie
on the /api/auth/token request, which now passes validation and mints
the JWT correctly.

Verified end-to-end on auth.mana.how:

  $ curl -X POST https://auth.mana.how/api/v1/auth/login \
      -d '{"email":"...","password":"..."}'
  {
    "user": {...},
    "token": "<session token>",
    "accessToken": "eyJhbGciOiJFZERTQSI...",   ← real JWT now
    "refreshToken": "<session token>"
  }

Side benefits:
- The email-not-verified path is now handled by checking
  signInResponse.status === 403 directly, no more catching APIError
  with the comment-noted async-stream footgun.
- X-Forwarded-For is forwarded explicitly so Better Auth's rate limiter
  and our security log see the real client IP.
- The leftover catch block now only handles unexpected exceptions
  (network errors etc); the FORBIDDEN-checking logic in it is dead but
  harmless and left in for defense in depth.
2026-04-08 16:25:55 +02:00

171 lines
5.4 KiB
Markdown
Raw Blame History

# URL Schema - mana.how
This document defines the URL schema for all mana.how subdomains.
## Naming Convention
- **Landing Pages**: Plural form (e.g., `calendars.mana.how`)
- **Web Apps**: Singular form (e.g., `calendar.mana.how`)
- **APIs**: Singular + `-api` suffix (e.g., `calendar-api.mana.how`)
- **Short URLs**: Redirect to Web Apps for convenience
---
## Complete URL Mapping
### Core Apps (Production)
| App | Web App | API | Status |
|-----|---------|-----|--------|
| **Calendar** | calendar.mana.how | api.mana.how/calendar | Active |
| **Clock** | clock.mana.how | api.mana.how/clock | Active |
| **Todo** | todo.mana.how | api.mana.how/todo | Active |
| **Contacts** | contacts.mana.how | api.mana.how/contacts | Active |
| **Chat** | chat.mana.how | api.mana.how/chat | Active |
| **Storage** | storage.mana.how | api.mana.how/storage | Active |
| **Zitare** | zitare.mana.how | api.mana.how/zitare | Active |
| **NutriPhi** | nutriphi.mana.how | api.mana.how/nutriphi | Active |
| **Presi** | presi.mana.how | api.mana.how/presi | Active |
| **SkillTree** | skilltree.mana.how | api.mana.how/skilltree | Active |
| **Photos** | photos.mana.how | api.mana.how/photos | Active |
### Platform Services
| Service | URL | Description |
|---------|-----|-------------|
| **Main Dashboard** | mana.how | Main landing/dashboard |
| **Auth Service** | auth.mana.how | Central authentication (mana-auth) |
| **API Gateway** | api.mana.how | Unified API gateway |
| **Media Service** | media.mana.how | Image/video processing |
| **LLM Service** | llm.mana.how | LLM abstraction layer |
| **LLM Playground** | playground.mana.how | LLM testing interface |
| **File Storage** | files.mana.how | MinIO/S3 file access |
### Automation
| Service | URL | Description |
|---------|-----|-------------|
| **N8N** | n.mana.how | Workflow automation |
### Monitoring & Admin
| Service | URL | Description |
|---------|-----|-------------|
| **Grafana** | grafana.mana.how | Metrics dashboards |
| **Umami** | (internal :8010) | Web analytics |
### Umami Tracking (Analytics)
For web analytics, the following apps are tracked in Umami:
| Umami Website ID | Display Name | Domain |
|------------------|--------------|--------|
| `mana-webapp` | Dashboard | mana.how |
| `chat-webapp` | Chat | chat.mana.how |
| `todo-webapp` | Todo | todo.mana.how |
| `calendar-webapp` | Calendar | calendar.mana.how |
| `clock-webapp` | Clock | clock.mana.how |
| `contacts-webapp` | Contacts | contacts.mana.how |
| `storage-webapp` | Storage | storage.mana.how |
| `zitare-webapp` | Zitare | zitare.mana.how |
| `nutriphi-webapp` | NutriPhi | nutriphi.mana.how |
| `presi-webapp` | Presi | presi.mana.how |
| `skilltree-webapp` | SkillTree | skilltree.mana.how |
| `photos-webapp` | Photos | photos.mana.how |
---
## Short URL Redirects
Convenience redirects for quick access to Web Apps:
| Short URL | Redirects To |
|-----------|--------------|
| cal.mana.how | calendar.mana.how |
| clok.mana.how | clock.mana.how |
| con.mana.how | contact.mana.how |
| pic.mana.how | picture.mana.how |
| zit.mana.how | zitare.mana.how |
---
## Hosting
### Landing Pages (Astro Static Sites)
**Platform:** Cloudflare Pages
Landing pages are deployed via Cloudflare Pages using Wrangler CLI:
```bash
# Deploy individual landing page
pnpm deploy:landing:calendar
pnpm deploy:landing:clock
pnpm deploy:landing:todo
pnpm deploy:landing:contacts
pnpm deploy:landing:chat
pnpm deploy:landing:picture
pnpm deploy:landing:zitare
# Deploy all landing pages
pnpm deploy:landing:all
```
**Cloudflare Project Names:**
| App | Cloudflare Project | Custom Domain |
|-----|-------------------|---------------|
| Calendar | calendars-landing | calendars.mana.how |
| Clock | clocks-landing | clocks.mana.how |
| Todo | todos-landing | todos.mana.how |
| Contacts | contacts-landing | contacts.mana.how |
| Chat | chats-landing | chats.mana.how |
| Picture | pictures-landing | pictures.mana.how |
| Zitare | zitares-landing | zitares.mana.how |
### Web Apps & APIs
**Platform:** Mac Mini (self-hosted) via Docker + Cloudflare Tunnel
---
## DNS Configuration
Web apps and APIs are routed via Cloudflare Tunnel to the Mac Mini. Landing pages use Cloudflare Pages.
### Cloudflare Tunnel (Web Apps & APIs)
All `*.mana.how` subdomains are routed via Cloudflare Tunnel to the Mac Mini Docker containers. No A records needed — Cloudflare manages the DNS.
### CNAME Records (Cloudflare - Landing Pages)
```
calendars.mana.how CNAME calendars-landing.pages.dev
clocks.mana.how CNAME clocks-landing.pages.dev
todos.mana.how CNAME todos-landing.pages.dev
contacts.mana.how CNAME contacts-landing.pages.dev
chats.mana.how CNAME chats-landing.pages.dev
pictures.mana.how CNAME pictures-landing.pages.dev
zitares.mana.how CNAME zitares-landing.pages.dev
```
### Short URL Redirects (Cloudflare Redirect Rules or CNAME)
```
cal.mana.how → 301 redirect to calendar.mana.how
clok.mana.how → 301 redirect to clock.mana.how
con.mana.how → 301 redirect to contact.mana.how
pic.mana.how → 301 redirect to picture.mana.how
zit.mana.how → 301 redirect to zitare.mana.how
```
---
## Adding a New App
1. Create landing page in `apps/{app}/apps/landing/`
2. Add `wrangler.toml` with project name `{apps}-landing`
3. Add deploy script to root `package.json`
4. Create Cloudflare Pages project: `npx wrangler pages project create {apps}-landing`
5. Add custom domain in Cloudflare dashboard
6. Update this documentation
Reference in a new issue View git blame Copy permalink