[Epic] Service and data foundation #1

Closed
opened 2026-06-12 20:26:36 +00:00 by james · 0 comments
Owner

The Next.js + TypeScript backbone the rest of the app sits on. By the end of this epic:

  • A containerized Next.js service exists and runs.
  • All data access goes through a DB abstraction with parity on SQLite and Postgres.
  • Migrations are automated.
  • /api/health is the only unauthenticated endpoint; everything else requires a valid session.
  • Local users and OAuth2 users can sign in; the two identity types can be linked to one account.
  • Multiple users can register on a single instance; every user's data is isolated at the DB layer by user_id.

Linked tickets

  • Scaffold Next.js + TypeScript service
  • Database abstraction with SQLite + Postgres + dual-engine test harness
  • Containerize service + unauthenticated /api/health endpoint
  • Authorization middleware
  • Local user authentication
  • OAuth2 authentication + account linking

Exit criteria

  • A self-hoster can docker run the service against either DB engine, register an account locally or via OAuth2, and reach an authorized endpoint with a valid session.
  • Two users registered on the same instance see only their own data; cross-user reads return 404.
The Next.js + TypeScript backbone the rest of the app sits on. By the end of this epic: - A containerized Next.js service exists and runs. - All data access goes through a DB abstraction with parity on SQLite and Postgres. - Migrations are automated. - `/api/health` is the only unauthenticated endpoint; everything else requires a valid session. - Local users and OAuth2 users can sign in; the two identity types can be linked to one account. - **Multiple users can register on a single instance; every user's data is isolated at the DB layer by `user_id`.** ## Linked tickets - Scaffold Next.js + TypeScript service - Database abstraction with SQLite + Postgres + dual-engine test harness - Containerize service + unauthenticated `/api/health` endpoint - Authorization middleware - Local user authentication - OAuth2 authentication + account linking ## Exit criteria - A self-hoster can `docker run` the service against either DB engine, register an account locally or via OAuth2, and reach an authorized endpoint with a valid session. - **Two users registered on the same instance see only their own data; cross-user reads return 404.**
james closed this issue 2026-06-23 12:30:54 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
james/carol#1
No description provided.