fix

2025-12-21 02:03:05 +01:00
parent 167cd1f4bb
commit 9357bd483a
36 changed files with 6251 additions and 1547 deletions
--- a/docs/outcomes/GenerateSSLFromExternalCaddy.md
+++ b/docs/outcomes/GenerateSSLFromExternalCaddy.md
@@ -0,0 +1,19 @@
+# Outcome: Generate SSL From External Caddy
+
+## Summary
+Successfully generated SSL certificates using the external Caddy container and configured the project to use them.
+
+## Changes
+- **Certificate Generation**: Used `caddy reverse-proxy` in the external container to trigger automatic HTTPS for `localhost`.
+- **Files**: Copied `localhost.crt`, `localhost.key`, and `root.crt` to `.ssl/`.
+- **Configuration**: Updated `vite.config.ts` to use the new certificate files.
+- **Documentation**: Added instructions to `README.md` for trusting the root CA.
+
+## Verification
+- Certificates exist in `.ssl/`.
+- `vite.config.ts` points to the correct files.
+- `README.md` contains setup instructions.
+
+## Next Steps
+- Run `npm run dev` to verify the server starts with HTTPS.
+- Follow the instructions in `README.md` to trust the certificate.
--- a/docs/plans/FixAuthSchedulerEnvVars.md
+++ b/docs/plans/FixAuthSchedulerEnvVars.md
@@ -0,0 +1,50 @@
+# Execution Plan - Fix Auth Scheduler Env Vars
+
+The goal of this plan is to fix the issue where the authentication scheduler fails to read environment variables in the SvelteKit application and to increase the scheduler frequency to every 5 minutes.
+
+## User Stories
+
+### Story 1: Fix Environment Variable Access and Update Frequency Logic
+**As a** developer
+**I want** the scheduler to use SvelteKit's idiomatic environment variable handling and support minute-level intervals
+**So that** the configuration is correctly loaded and I can set a more frequent schedule.
+
+**Acceptance Criteria:**
+- `src/lib/server/scheduler.ts` imports `env` from `$env/dynamic/private`.
+- `getConfig()` uses `env.AUTH_SCHEDULER_ENABLED` and `env.AUTH_SCHEDULER_INTERVAL_MINUTES`.
+- `SchedulerConfig` interface uses `intervalMinutes` instead of `intervalHours`.
+- `startScheduler()` calculates the interval in milliseconds based on minutes.
+- `src/hooks.server.ts` comments are updated to reflect the new environment variable names.
+
+**Technical Notes:**
+- SvelteKit does not automatically populate `process.env` with `.env` file values in all contexts. Using `$env/dynamic/private` ensures access to runtime environment variables.
+- Default `intervalMinutes` should be set to a reasonable value (e.g., 720 for 12 hours) if not provided, but the user specifically requested 5 minutes configuration.
+
+### Story 2: Update Configuration
+**As a** user
+**I want** my local environment configuration to reflect the new frequency settings
+**So that** the scheduler runs every 5 minutes as desired.
+
+**Acceptance Criteria:**
+- `.env.local` is updated to include `AUTH_SCHEDULER_INTERVAL_MINUTES=5`.
+- `.env.local` no longer contains `AUTH_SCHEDULER_INTERVAL_HOURS`.
+
+## Implementation Steps
+
+### Step 1: Refactor Scheduler Logic
+- **File:** `src/lib/server/scheduler.ts`
+- **Action:**
+    - Import `env` from `$env/dynamic/private`.
+    - Update `getConfig` function to read from `env`.
+    - Rename `intervalHours` to `intervalMinutes` in `SchedulerConfig` and `getConfig`.
+    - Update `startScheduler` to use `intervalMinutes * 60 * 1000`.
+    - Update log messages to display "min" instead of "h".
+
+### Step 2: Update Hooks Documentation
+- **File:** `src/hooks.server.ts`
+- **Action:** Update the JSDoc comment for `init` to document `AUTH_SCHEDULER_INTERVAL_MINUTES`.
+
+### Step 3: Update Local Configuration
+- **File:** `.env.local`
+- **Action:**
+    - Replace `AUTH_SCHEDULER_INTERVAL_HOURS=1` (or whatever value) with `AUTH_SCHEDULER_INTERVAL_MINUTES=5`.
--- a/docs/plans/GenerateSSLFromExternalCaddy.md
+++ b/docs/plans/GenerateSSLFromExternalCaddy.md
@@ -0,0 +1,82 @@
+# Plan: Generate SSL From External Caddy
+
+## Context
+The user has an existing Caddy container (`f414de049d3c`) acting as a Certificate Authority. We will leverage Caddy's built-in **Automatic HTTPS** features to generate a valid certificate for `localhost` without manually using OpenSSL. By running a temporary Caddy command inside the container, we can trigger the internal CA to issue and store the certificates, which we then export.
+
+## User Stories
+
+### Story 1: Trigger Certificate Generation
+**As a** developer
+**I want** to trigger the external Caddy container to issue a certificate for `localhost`
+**So that** I have a valid certificate signed by its CA
+
+**Acceptance Criteria:**
+- A temporary Caddy command is executed inside the container to serve `localhost` on a non-conflicting port (e.g., 8443).
+- This triggers Caddy's automatic HTTPS logic to generate:
+    - `localhost.crt`
+    - `localhost.key`
+- These files are verified to exist in Caddy's storage (`/data/caddy/certificates/local/localhost/`).
+
+### Story 2: Export and Configure SSL
+**As a** developer
+**I want** to copy the generated certificates to my project and configure Vite
+**So that** the dev server uses them
+
+**Acceptance Criteria:**
+- The following files are copied from the container to the project's `.ssl/` directory:
+    - Leaf Cert: `/data/caddy/certificates/local/localhost/localhost.crt`
+    - Private Key: `/data/caddy/certificates/local/localhost/localhost.key`
+    - Root CA: `/data/caddy/pki/authorities/local/root.crt`
+- `vite.config.ts` is updated to use these files.
+- `.gitignore` is updated to ignore `.ssl/` (but maybe keep the folder structure).
+
+### Story 3: Trust the Root CA
+**As a** developer
+**I want** instructions to trust the Caddy Root CA on my host machine
+**So that** browsers accept the connection
+
+**Acceptance Criteria:**
+- `README.md` is updated with specific instructions for Linux (and other OSs if applicable) to trust the `.ssl/root.crt`.
+- Example for Linux: `sudo cp .ssl/root.crt /usr/local/share/ca-certificates/caddy-local.crt && sudo update-ca-certificates`.
+
+## Technical Specifications
+
+### Certificate Generation (Caddy Native)
+Instead of `openssl`, we use `caddy` itself.
+
+1.  **Trigger Generation**:
+    ```bash
+    docker exec -d f414de049d3c caddy respond --listen :8443 --domain localhost "SSL Init"
+    ```
+    *   `respond`: Simple command to serve a static response.
+    *   `--listen :8443`: Avoids conflict with the main Caddy process on 80/443.
+    *   `--domain localhost`: Tells Caddy to manage certificates for this domain.
+    *   `-d`: Run in detached mode (background).
+
+2.  **Wait & Verify**:
+    Wait a few seconds, then check:
+    ```bash
+    docker exec f414de049d3c ls -l /data/caddy/certificates/local/localhost/
+    ```
+
+3.  **Cleanup**:
+    Kill the temporary process (if it doesn't exit, though `respond` might run forever).
+    ```bash
+    docker exec f414de049d3c pkill -f "caddy respond"
+    ```
+
+### File Locations
+- **Container Paths**:
+    - Cert: `/data/caddy/certificates/local/localhost/localhost.crt`
+    - Key: `/data/caddy/certificates/local/localhost/localhost.key`
+    - Root CA: `/data/caddy/pki/authorities/local/root.crt`
+- **Host Destination**: `./.ssl/`
+
+### Vite Config
+Update `vite.config.ts`:
+```typescript
+https: {
+    key: fs.readFileSync('./.ssl/localhost.key'),
+    cert: fs.readFileSync('./.ssl/localhost.crt') // Note: Caddy uses .crt extension by default
+}
+```