d3dfa74cf8
apps/admin/: - Nuxt 4.1.3 + @nuxt/ui 4 + @nuxtjs/supabase, port 3017 staging - 7 pages: index (59 LOC dashboard), login (72 LOC), auth/confirm, plus stubs für domains/users/stats/moderation (14-17 LOC each, content für separate Phase 2 Session) - composables/useAdminAuth.ts: Supabase login + verifyAdminRole hook - middleware/admin-auth.ts: route guard (Phase 3 backend-check ready) - layouts/default.vue, app.vue, README.md - nuxt.config.ts: SSR=true, port 3017, dark-mode preference, Supabase pkce-flow, runtimeConfig.adminSecret für Phase 3 backend-binding Deploy-Infrastructure: - .github/workflows/deploy-admin-staging.yml: build admin auf push to main mit path-filter apps/admin/**, scp tar zu Server, atomic-mv + pm2 restart - scripts/deploy-admin-from-artifact.sh: Server-side deploy (extract, atomic mv, pm2 reload). Kein prisma-migrate (admin hat kein eigenes DB-Schema). - apps/admin/start-admin-staging.sh: pm2 start-script mit Infisical-wrapper, port 3017, mappt Infisical SUPABASE_URL/KEY auf NUXT_PUBLIC_* - ecosystem.config.js: rebreak-admin-staging Eintrag (port 3017, max_memory_restart 400M) - ops/nginx/admin-staging.rebreak.org.conf: HTTP→HTTPS redirect, SSL paths, proxy auf 127.0.0.1:3017, noindex header Pending User-Actions für go-live: 1. DNS-A-Record admin.staging.rebreak.org → 49.13.55.22 2. SSL-cert via certbot (oder bestehender wildcard *.staging.rebreak.org) 3. nginx-config auf Server aktivieren (sudo cp + ln + reload) 4. pm2 initial start: pm2 start ecosystem.config.js --only rebreak-admin-staging 5. Infisical-secret ADMIN_SECRET (server-only, Phase 3 binding) GH-Actions: keine neuen Secrets (nutzt bestehende HETZNER_SSH_KEY/HOST/USER) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
88 lines
2.4 KiB
TypeScript
88 lines
2.4 KiB
TypeScript
// apps/admin/nuxt.config.ts
|
|
//
|
|
// Admin-App fuer rebreak.org -- interne Verwaltung (Domain-Approval, User-Management, Stats).
|
|
// Subdomain-Ziel: admin.rebreak.org (Prod) / admin.staging.rebreak.org (Staging)
|
|
// Port auf Hetzner: 3017 (staging), 3018 (prod -- TBD)
|
|
// pm2-Service: rebreak-admin-staging, rebreak-admin (--Phase 2 Deploy)
|
|
//
|
|
// Auth-Modell: Supabase-Login + Backend-Middleware requireAdmin (Phase 3).
|
|
// KEIN Public-Access. Alle Pages hinter /admin/** sind auth-geschuetzt.
|
|
|
|
export default defineNuxtConfig({
|
|
compatibilityDate: "2025-07-15",
|
|
devtools: { enabled: false },
|
|
|
|
// SSR = true (Server-Side Rendering auf Hetzner pm2).
|
|
// Kein static-generate -- Admin braucht Server-Side-Auth-Checks.
|
|
ssr: true,
|
|
|
|
app: {
|
|
htmlAttrs: { lang: "de" },
|
|
head: {
|
|
title: "rebreak Admin",
|
|
meta: [
|
|
{
|
|
name: "viewport",
|
|
content: "width=device-width, initial-scale=1",
|
|
},
|
|
{
|
|
name: "robots",
|
|
content: "noindex, nofollow",
|
|
},
|
|
],
|
|
},
|
|
},
|
|
|
|
modules: [
|
|
"@nuxt/ui",
|
|
"@nuxt/icon",
|
|
"@nuxtjs/supabase",
|
|
"@vueuse/nuxt",
|
|
],
|
|
|
|
supabase: {
|
|
// Runtime-Env ueberschreibt via Infisical (NUXT_PUBLIC_SUPABASE_URL / NUXT_PUBLIC_SUPABASE_KEY).
|
|
// Defaults zeigen auf Staging -- Prod wird via Infisical-env=production gesetzt.
|
|
url: process.env.NUXT_PUBLIC_SUPABASE_URL || "https://db-staging.rebreak.org",
|
|
key: process.env.NUXT_PUBLIC_SUPABASE_KEY || "",
|
|
redirect: true,
|
|
redirectOptions: {
|
|
login: "/login",
|
|
callback: "/auth/confirm",
|
|
// Alle Routes (ausser login + callback) sind admin-only.
|
|
include: ["/((?!login|auth).*)"],
|
|
exclude: ["/login", "/auth/confirm"],
|
|
},
|
|
clientOptions: {
|
|
auth: {
|
|
flowType: "pkce",
|
|
persistSession: true,
|
|
autoRefreshToken: true,
|
|
detectSessionInUrl: true,
|
|
},
|
|
},
|
|
},
|
|
|
|
colorMode: {
|
|
preference: "dark",
|
|
fallback: "dark",
|
|
},
|
|
|
|
css: ["~/assets/css/main.css"],
|
|
|
|
devServer: {
|
|
port: 3017,
|
|
},
|
|
|
|
runtimeConfig: {
|
|
// Server-only: Backend-Admin-Secret fuer requireAdmin-Middleware-Verifizierung.
|
|
// Infisical-Var: ADMIN_SECRET (staging + prod separat).
|
|
adminSecret: "",
|
|
|
|
public: {
|
|
// Backend-API-Base. Staging -> GH-Actions-Default. Prod via Infisical NUXT_PUBLIC_API_BASE.
|
|
apiBase: process.env.NUXT_PUBLIC_API_BASE || "https://staging.rebreak.org",
|
|
},
|
|
},
|
|
});
|