Initial implementation: multi-tenant Kanban board (Phase 1)
Complete Phase 1 foundation with working board, column, and card CRUD: - SvelteKit + TypeScript + Tailwind CSS v4 + adapter-node - Full Prisma schema with 18 tables (tenants, users, boards, columns, cards, etc.) - Multi-tenant architecture with hostname-based tenant resolution - Email/password auth with bcrypt + session cookies - Board/Column/Card API routes with full CRUD - Fractional indexing for drag-and-drop ordering - Board view with svelte-dnd-action for column and card drag-and-drop - Card modal with inline editing - Auth pages (login, register) - Board listing with create form - RLS policies SQL script for tenant isolation - Prisma RLS client extensions (forTenant/bypassRLS) - Permission helpers (canEditBoard, canManageMembers, etc.) - Socket.IO server setup (dev Vite plugin + production Express server) - Client-side socket store for real-time updates - Docker Compose (app + PostgreSQL 16) + multi-stage Dockerfile - Database seed script (default tenant + admin user) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,46 @@
|
||||
import type { Handle } from '@sveltejs/kit';
|
||||
import { resolveTenant } from '$lib/server/tenant.js';
|
||||
import { validateSession, sessionCookieName } from '$lib/server/auth.js';
|
||||
|
||||
export const handle: Handle = async ({ event, resolve }) => {
|
||||
// 1. Resolve tenant from hostname
|
||||
const hostname = event.url.hostname;
|
||||
const tenant = await resolveTenant(hostname);
|
||||
event.locals.tenant = tenant;
|
||||
|
||||
// 2. Resolve user session
|
||||
const sessionId = event.cookies.get(sessionCookieName());
|
||||
if (sessionId) {
|
||||
const session = await validateSession(sessionId);
|
||||
if (session) {
|
||||
event.locals.session = { id: session.id };
|
||||
event.locals.user = {
|
||||
id: session.user.id,
|
||||
email: session.user.email,
|
||||
name: session.user.name,
|
||||
globalRole: session.user.globalRole,
|
||||
tenantRole: session.user.tenantRole
|
||||
};
|
||||
|
||||
// Ensure user belongs to current tenant (unless site admin)
|
||||
if (
|
||||
tenant &&
|
||||
session.user.tenantId !== tenant.id &&
|
||||
session.user.globalRole !== 'SITE_ADMIN'
|
||||
) {
|
||||
event.locals.user = null;
|
||||
event.locals.session = null;
|
||||
}
|
||||
} else {
|
||||
// Invalid/expired session — clear cookie
|
||||
event.cookies.delete(sessionCookieName(), { path: '/' });
|
||||
event.locals.user = null;
|
||||
event.locals.session = null;
|
||||
}
|
||||
} else {
|
||||
event.locals.user = null;
|
||||
event.locals.session = null;
|
||||
}
|
||||
|
||||
return resolve(event);
|
||||
};
|
||||
Reference in New Issue
Block a user