rebreak-monorepo/apps/admin/nuxt.config.ts

// apps/admin/nuxt.config.ts
//
// Admin-App fuer rebreak.org -- interne Verwaltung (Domain-Approval, User-Management, Stats).
// Subdomain-Ziel: admin.rebreak.org (Prod) / admin.staging.rebreak.org (Staging)
// Port auf Hetzner: 3017 (staging), 3018 (prod -- TBD)
// pm2-Service: rebreak-admin-staging, rebreak-admin (--Phase 2 Deploy)
//
// Auth-Modell: Supabase-Login + Backend-Middleware requireAdmin (Phase 3).
// KEIN Public-Access. Alle Pages hinter /admin/** sind auth-geschuetzt.

export default defineNuxtConfig({
  compatibilityDate: "2025-07-15",
  devtools: { enabled: false },

  // SSR = true (Server-Side Rendering auf Hetzner pm2).
  // Kein static-generate -- Admin braucht Server-Side-Auth-Checks.
  ssr: true,

  app: {
    htmlAttrs: { lang: "de" },
    head: {
      title: "rebreak Admin",
      meta: [
        {
          name: "viewport",
          content: "width=device-width, initial-scale=1",
        },
        {
          name: "robots",
          content: "noindex, nofollow",
        },
      ],
    },
  },

  modules: [
    "@nuxt/ui",
    "@nuxt/icon",
    "@nuxtjs/supabase",
    "@vueuse/nuxt",
  ],

  supabase: {
    // Runtime-Env ueberschreibt via Infisical (NUXT_PUBLIC_SUPABASE_URL / NUXT_PUBLIC_SUPABASE_KEY).
    // Defaults zeigen auf Staging -- Prod wird via Infisical-env=production gesetzt.
    url: process.env.NUXT_PUBLIC_SUPABASE_URL || "https://db-staging.rebreak.org",
    key: process.env.NUXT_PUBLIC_SUPABASE_KEY || "",
    redirect: true,
    redirectOptions: {
      login: "/login",
      callback: "/auth/confirm",
      // Alle Routes (ausser login + callback) sind admin-only.
      include: ["/((?!login|auth).*)"],
      exclude: ["/login", "/auth/confirm"],
    },
    clientOptions: {
      auth: {
        flowType: "pkce",
        persistSession: true,
        autoRefreshToken: true,
        detectSessionInUrl: true,
      },
    },
  },

  colorMode: {
    preference: "dark",
    fallback: "dark",
  },

  css: ["~/assets/css/main.css"],

  devServer: {
    port: 3017,
  },

  runtimeConfig: {
    // Server-only: Backend-Admin-Secret fuer requireAdmin-Middleware-Verifizierung.
    // Infisical-Var: ADMIN_SECRET (staging + prod separat).
    adminSecret: "",

    public: {
      // Backend-API-Base. Staging -> GH-Actions-Default. Prod via Infisical NUXT_PUBLIC_API_BASE.
      apiBase: process.env.NUXT_PUBLIC_API_BASE || "https://staging.rebreak.org",
    },
  },
});