Private
Public Access
1
0

Initial implementation: multi-tenant Kanban board (Phase 1)

Complete Phase 1 foundation with working board, column, and card CRUD:
- SvelteKit + TypeScript + Tailwind CSS v4 + adapter-node
- Full Prisma schema with 18 tables (tenants, users, boards, columns, cards, etc.)
- Multi-tenant architecture with hostname-based tenant resolution
- Email/password auth with bcrypt + session cookies
- Board/Column/Card API routes with full CRUD
- Fractional indexing for drag-and-drop ordering
- Board view with svelte-dnd-action for column and card drag-and-drop
- Card modal with inline editing
- Auth pages (login, register)
- Board listing with create form
- RLS policies SQL script for tenant isolation
- Prisma RLS client extensions (forTenant/bypassRLS)
- Permission helpers (canEditBoard, canManageMembers, etc.)
- Socket.IO server setup (dev Vite plugin + production Express server)
- Client-side socket store for real-time updates
- Docker Compose (app + PostgreSQL 16) + multi-stage Dockerfile
- Database seed script (default tenant + admin user)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Catherine Renelle
2026-02-25 20:58:49 -05:00
commit 2f398711c8
52 changed files with 7369 additions and 0 deletions
+66
View File
@@ -0,0 +1,66 @@
import bcrypt from 'bcrypt';
import { prisma } from './db.js';
const SALT_ROUNDS = 12;
const SESSION_DURATION_MS = 30 * 24 * 60 * 60 * 1000; // 30 days
export async function hashPassword(password: string): Promise<string> {
return bcrypt.hash(password, SALT_ROUNDS);
}
export async function verifyPassword(password: string, hash: string): Promise<boolean> {
return bcrypt.compare(password, hash);
}
export async function createSession(userId: string): Promise<{ id: string; expiresAt: Date }> {
const expiresAt = new Date(Date.now() + SESSION_DURATION_MS);
const session = await prisma.session.create({
data: { userId, expiresAt }
});
return { id: session.id, expiresAt };
}
export async function validateSession(sessionId: string) {
const session = await prisma.session.findUnique({
where: { id: sessionId },
include: {
user: {
select: {
id: true,
email: true,
name: true,
globalRole: true,
tenantRole: true,
tenantId: true
}
}
}
});
if (!session) return null;
if (session.expiresAt < new Date()) {
await prisma.session.delete({ where: { id: sessionId } });
return null;
}
return session;
}
export async function deleteSession(sessionId: string) {
await prisma.session.delete({ where: { id: sessionId } }).catch(() => {});
}
export function sessionCookieName(): string {
return 'session';
}
export function sessionCookieOptions(expiresAt: Date) {
return {
path: '/',
httpOnly: true,
sameSite: 'lax' as const,
secure: !import.meta.env.DEV,
expires: expiresAt
};
}