polymech/mono
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5fbffdee5e
mono/packages/ui/docs/database-todos.md
Babayaga 0fa17ead0c playtime - 4/5
2026-02-08 15:09:32 +01:00

49 lines
2.8 KiB
Markdown
Raw Blame History

# Database & Architecture Todos
## Server-Side & Schema Tasks
### Schema Changes (Postgres/Supabase)
- [ ] **Split `profiles` Table**:
- [ ] Create `user_secrets` table (Columns: `user_id` (PK, FK), `openai_api_key`, `bria_api_key`, `replicate_api_key`, `settings`, `google_api_key`).
- [ ] Migrate data from `profiles` to `user_secrets` (Ref: [`src/integrations/supabase/types.ts`](../src/integrations/supabase/types.ts)).
- [ ] Drop secret columns from `profiles`.
- [ ] Rename `profiles` to `profiles_public` (optional, or just restrict access).
- [ ] **Create `page_collaborators` Table**:
- [ ] Columns: `page_id` (FK), `user_id` (FK), `role` (enum: 'viewer', 'editor', 'owner'), `created_at`.
- [ ] Add unique constraint on `(page_id, user_id)`.
- [ ] **RLS Policies Update**:
- [ ] `user_secrets`: Enable RLS. Policy: `auth.uid() = user_id`.
- [ ] `profiles`: Policy: Public read. Update strictly limited to owner.
- [ ] `pages`: Policy:
- Read: `is_public` OR `auth.uid() = owner` OR `auth.uid() IN (select user_id from page_collaborators)`.
- Update: `auth.uid() = owner` OR `auth.uid() IN (select user_id from page_collaborators where role IN ('editor', 'owner'))`.
### Server Logic (Node/Hono)
- [ ] **Implement `ServingProduct` Endpoints** (Ref: [`server/src/products/serving/index.ts`](../server/src/products/serving/index.ts)):
- [ ] `GET /api/feed`: Returns hydrated feed (Posts + Authors + Cover Images).
- [ ] `GET /api/profile/:id`: Returns public profile + recent posts.
- [ ] `GET /api/me/secrets`: (Secure) Returns user secrets for settings page.
- [ ] **Server-Side Injection**:
- [ ] Update `handleServeApp` in [`ServingProduct`](../server/src/products/serving/index.ts) to pre-fetch User & Feed.
- [ ] Inject into `index.html` as `window.__INITIAL_STATE__`.
---
## Client-Side Tasks
### `src/lib/db.ts` Refactor
- [ ] **Deprecate Direct Selects**: Identify all `supabase.from('posts').select(...)` calls in [`src/lib/db.ts`](../src/lib/db.ts).
- [ ] **Implement Proxy Clients**:
- [ ] Create `fetchFeedFromProxy()` calling `/api/feed` in [`src/lib/db.ts`](../src/lib/db.ts).
- [ ] Create `fetchProfileFromProxy(id)` calling `/api/profile/:id` in [`src/lib/db.ts`](../src/lib/db.ts).
- [ ] **Hydration Logic**:
- [ ] Check `window.__INITIAL_STATE__` on app boot to populate React Query cache before fetching.
### Component Updates
- [ ] **Post Page**:
- [ ] Use `fetchPostFromProxy` (or standard `db.fetchPostById` redirected to proxy) in [`src/pages/Post.tsx`](../src/pages/Post.tsx).
- [ ] Handle 404s gracefully (See Security.md for details).
- [ ] **PageManager**:
- [ ] Update [`src/components/PageManager.tsx`](../src/components/PageManager.tsx) to fetch "My Pages" AND "Shared Pages".
Reference in New Issue View Git Blame Copy Permalink