polymech/mono
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
mono/packages/ui/docs/database-todos.md
Babayaga 0fa17ead0c playtime - 4/5
2026-02-08 15:09:32 +01:00

2.8 KiB
Raw Permalink Blame History

Database & Architecture Todos

Server-Side & Schema Tasks

Schema Changes (Postgres/Supabase)

  • Split profiles Table:
    • Create user_secrets table (Columns: user_id (PK, FK), openai_api_key, bria_api_key, replicate_api_key, settings, google_api_key).
    • Migrate data from profiles to user_secrets (Ref: src/integrations/supabase/types.ts).
    • Drop secret columns from profiles.
    • Rename profiles to profiles_public (optional, or just restrict access).
  • Create page_collaborators Table:
    • Columns: page_id (FK), user_id (FK), role (enum: 'viewer', 'editor', 'owner'), created_at.
    • Add unique constraint on (page_id, user_id).
  • RLS Policies Update:
    • user_secrets: Enable RLS. Policy: auth.uid() = user_id.
    • profiles: Policy: Public read. Update strictly limited to owner.
    • pages: Policy:
      • Read: is_public OR auth.uid() = owner OR auth.uid() IN (select user_id from page_collaborators).
      • Update: auth.uid() = owner OR auth.uid() IN (select user_id from page_collaborators where role IN ('editor', 'owner')).

Server Logic (Node/Hono)

  • Implement ServingProduct Endpoints (Ref: server/src/products/serving/index.ts):
    • GET /api/feed: Returns hydrated feed (Posts + Authors + Cover Images).
    • GET /api/profile/:id: Returns public profile + recent posts.
    • GET /api/me/secrets: (Secure) Returns user secrets for settings page.
  • Server-Side Injection:
    • Update handleServeApp in ServingProduct to pre-fetch User & Feed.
    • Inject into index.html as window.__INITIAL_STATE__.

Client-Side Tasks

src/lib/db.ts Refactor

  • Deprecate Direct Selects: Identify all supabase.from('posts').select(...) calls in src/lib/db.ts.
  • Implement Proxy Clients:
    • Create fetchFeedFromProxy() calling /api/feed in src/lib/db.ts.
    • Create fetchProfileFromProxy(id) calling /api/profile/:id in src/lib/db.ts.
  • Hydration Logic:
    • Check window.__INITIAL_STATE__ on app boot to populate React Query cache before fetching.

Component Updates

  • Post Page:
    • Use fetchPostFromProxy (or standard db.fetchPostById redirected to proxy) in src/pages/Post.tsx.
    • Handle 404s gracefully (See Security.md for details).
  • PageManager: