Private
Public Access
1
0

Initial implementation: multi-tenant Kanban board (Phase 1)

Complete Phase 1 foundation with working board, column, and card CRUD:
- SvelteKit + TypeScript + Tailwind CSS v4 + adapter-node
- Full Prisma schema with 18 tables (tenants, users, boards, columns, cards, etc.)
- Multi-tenant architecture with hostname-based tenant resolution
- Email/password auth with bcrypt + session cookies
- Board/Column/Card API routes with full CRUD
- Fractional indexing for drag-and-drop ordering
- Board view with svelte-dnd-action for column and card drag-and-drop
- Card modal with inline editing
- Auth pages (login, register)
- Board listing with create form
- RLS policies SQL script for tenant isolation
- Prisma RLS client extensions (forTenant/bypassRLS)
- Permission helpers (canEditBoard, canManageMembers, etc.)
- Socket.IO server setup (dev Vite plugin + production Express server)
- Client-side socket store for real-time updates
- Docker Compose (app + PostgreSQL 16) + multi-stage Dockerfile
- Database seed script (default tenant + admin user)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Catherine Renelle
2026-02-25 20:58:49 -05:00
commit 2f398711c8
52 changed files with 7369 additions and 0 deletions
+98
View File
@@ -0,0 +1,98 @@
import { Server as SocketIOServer } from 'socket.io';
import type { Server as HttpServer } from 'http';
import { validateSession, sessionCookieName } from '$lib/server/auth.js';
let io: SocketIOServer | null = null;
export function initSocketIO(server: HttpServer): SocketIOServer {
io = new SocketIOServer(server, {
cors: {
origin: process.env.ORIGIN || 'http://localhost:5173',
credentials: true
}
});
// Auth middleware — validate session cookie
io.use(async (socket, next) => {
const cookieHeader = socket.handshake.headers.cookie;
if (!cookieHeader) {
// Allow anonymous connections (for public boards)
socket.data.user = null;
return next();
}
const cookies = parseCookies(cookieHeader);
const sessionId = cookies[sessionCookieName()];
if (!sessionId) {
socket.data.user = null;
return next();
}
const session = await validateSession(sessionId);
if (session) {
socket.data.user = session.user;
} else {
socket.data.user = null;
}
next();
});
io.on('connection', (socket) => {
// Join board room
socket.on('join-board', (boardId: string) => {
socket.join(`board:${boardId}`);
// Broadcast presence
socket.to(`board:${boardId}`).emit('user-joined', {
user: socket.data.user
? { id: socket.data.user.id, name: socket.data.user.name }
: null,
socketId: socket.id
});
});
// Leave board room
socket.on('leave-board', (boardId: string) => {
socket.leave(`board:${boardId}`);
socket.to(`board:${boardId}`).emit('user-left', {
socketId: socket.id
});
});
socket.on('disconnect', () => {
// Socket.IO handles room cleanup automatically
});
});
return io;
}
export function getIO(): SocketIOServer | null {
return io;
}
/**
* Emit an event to all clients in a board room.
*/
export function emitToBoardRoom(boardId: string, event: string, data: unknown) {
if (io) {
io.to(`board:${boardId}`).emit(event, data);
}
}
/**
* Emit a notification to a specific user across all their connections.
*/
export function emitToUser(userId: string, event: string, data: unknown) {
if (io) {
io.to(`user:${userId}`).emit(event, data);
}
}
function parseCookies(cookieHeader: string): Record<string, string> {
const cookies: Record<string, string> = {};
cookieHeader.split(';').forEach((cookie) => {
const [name, ...rest] = cookie.trim().split('=');
cookies[name] = decodeURIComponent(rest.join('='));
});
return cookies;
}