Scaffold NewApproach: Full-stack Bun+Hono+TypeScript+TailwindCSS project

- Create modular project structure with src/backend, src/frontend, public
- Hono server with routing, static file serving, and API endpoints
- TailwindCSS styling pipeline with Tailwind CLI
- Vanilla JS frontend (extensible for frameworks)
- Complete TypeScript configuration and type checking
- Auth module as self-contained submodule
- Ready for development: bun run dev (port 3000)
- All dependencies installed and tested

Also:
- Lock main branch with read-only settings in VS Code
- Create .github/copilot-instructions.md with Monica persona
- Initialize session logging system

Status: Project ready for feature development
This commit is contained in:
2026-01-09 13:33:22 +00:00
parent e4e3e65ea4
commit c33ee3dfe7
19 changed files with 1999 additions and 0 deletions
+87
View File
@@ -0,0 +1,87 @@
# Auth Module
Universal, pattern-based authentication token management for multi-auth scenarios.
## Overview
The Auth module provides a standardized interface for managing authentication tokens across different providers (PocketBase, Microsoft Graph) and auth flows (delegated, app-only).
## Key Features
- **Pattern-based configuration**: Enable only the auth flows you need (`pb`, `graph`, `pb+graph`)
- **Unified token storage**: All tokens stored in localStorage under consistent keys
- **Type-safe**: Full TypeScript support with explicit token types
- **Modular**: Works standalone; extend or integrate with larger auth systems
- **No dependencies**: Uses browser APIs only (localStorage, optional PocketBase SDK)
## Quick Start
### Basic Usage
```typescript
import Auth from './auth.ts';
// Initialize with pattern and optional config
await Auth.configure('pb+graph', {
pbUrl: 'http://localhost:8090',
graphApiUrl: 'https://graph.microsoft.com/v1.0'
});
// Get a token
const pbUserToken = Auth.getToken('pb-user');
const graphToken = Auth.getToken('graph-user');
// Set a token
Auth.setToken('graph-user', 'access_token_here');
// Clear specific token
Auth.clearToken('pb-user');
// Clear all tokens
Auth.clearAllTokens();
```
## Token Types
- `pb-user`: PocketBase user authentication token
- `pb-agent`: PocketBase service account token
- `graph-user`: Microsoft Graph delegated token (on behalf of user)
- `graph-agent`: Microsoft Graph app-only token (service principal)
## Configuration
```typescript
interface AuthConfig {
pbUrl?: string; // PocketBase URL (default: http://127.0.0.1:8090)
graphApiUrl?: string; // Graph API URL (not required for token storage)
}
```
## Security Considerations
- Tokens are stored in plaintext in `localStorage`
- Never store highly sensitive credentials in browser localStorage
- For production: consider using secure HTTP-only cookies via backend
- Implement token refresh logic before expiration
- Clear tokens on logout
## File Structure
```
auth/
├── auth.ts # Main module (TypeScript)
├── auth-test.html # Test/demo HTML
└── README.md # This file
```
## Testing
Open `auth-test.html` in a browser to test the module functionality.
## Future Enhancements
- Token refresh logic
- Expiration tracking
- Secure storage option (HTTP-only cookies via backend)
- Multiple identity provider support
- Event emitters for token changes