Private
Public Access
1
0

Initial implementation: multi-tenant Kanban board (Phase 1)

Complete Phase 1 foundation with working board, column, and card CRUD:
- SvelteKit + TypeScript + Tailwind CSS v4 + adapter-node
- Full Prisma schema with 18 tables (tenants, users, boards, columns, cards, etc.)
- Multi-tenant architecture with hostname-based tenant resolution
- Email/password auth with bcrypt + session cookies
- Board/Column/Card API routes with full CRUD
- Fractional indexing for drag-and-drop ordering
- Board view with svelte-dnd-action for column and card drag-and-drop
- Card modal with inline editing
- Auth pages (login, register)
- Board listing with create form
- RLS policies SQL script for tenant isolation
- Prisma RLS client extensions (forTenant/bypassRLS)
- Permission helpers (canEditBoard, canManageMembers, etc.)
- Socket.IO server setup (dev Vite plugin + production Express server)
- Client-side socket store for real-time updates
- Docker Compose (app + PostgreSQL 16) + multi-stage Dockerfile
- Database seed script (default tenant + admin user)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Catherine Renelle
2026-02-25 20:58:49 -05:00
commit 2f398711c8
52 changed files with 7369 additions and 0 deletions
+46
View File
@@ -0,0 +1,46 @@
import type { Handle } from '@sveltejs/kit';
import { resolveTenant } from '$lib/server/tenant.js';
import { validateSession, sessionCookieName } from '$lib/server/auth.js';
export const handle: Handle = async ({ event, resolve }) => {
// 1. Resolve tenant from hostname
const hostname = event.url.hostname;
const tenant = await resolveTenant(hostname);
event.locals.tenant = tenant;
// 2. Resolve user session
const sessionId = event.cookies.get(sessionCookieName());
if (sessionId) {
const session = await validateSession(sessionId);
if (session) {
event.locals.session = { id: session.id };
event.locals.user = {
id: session.user.id,
email: session.user.email,
name: session.user.name,
globalRole: session.user.globalRole,
tenantRole: session.user.tenantRole
};
// Ensure user belongs to current tenant (unless site admin)
if (
tenant &&
session.user.tenantId !== tenant.id &&
session.user.globalRole !== 'SITE_ADMIN'
) {
event.locals.user = null;
event.locals.session = null;
}
} else {
// Invalid/expired session — clear cookie
event.cookies.delete(sessionCookieName(), { path: '/' });
event.locals.user = null;
event.locals.session = null;
}
} else {
event.locals.user = null;
event.locals.session = null;
}
return resolve(event);
};