42ff3e8f33
Build & Deploy / Test & Lint (push) Has been cancelled
Build & Deploy / Security Scan (push) Has been cancelled
Code Quality / Code Quality Checks (push) Has been cancelled
Code Quality / Dependency Vulnerabilities (push) Has been cancelled
Code Quality / Performance Testing (push) Has been cancelled
Build & Deploy / Build Docker Images (push) Has been cancelled
Build & Deploy / Deploy to Kubernetes (push) Has been cancelled
177 lines
5.6 KiB
Markdown
177 lines
5.6 KiB
Markdown
# SVELTE PROJECT PREPARATION - COMPLETE
|
|
|
|
## What's Been Created
|
|
|
|
You now have a complete, documented system for building a Svelte + Microsoft OAuth application.
|
|
|
|
### Documentation Created
|
|
|
|
1. **SVELTE_DEVELOPMENT_SYSTEM.md** (Comprehensive)
|
|
- Complete OAuth2 architecture with Microsoft
|
|
- Service Worker token refresh strategy
|
|
- Svelte project structure and patterns
|
|
- Device storage (IndexedDB) design
|
|
- Development rules (strict, non-negotiable)
|
|
- Error handling checklist
|
|
- Session logging standard
|
|
|
|
2. **OAUTH2_REFERENCE_GUIDE.md** (Technical Reference)
|
|
- Backend authorization route implementation (POST /api/auth/authorize)
|
|
- Token refresh route implementation (POST /api/auth/refresh)
|
|
- Frontend OAuth flow with PKCE (Proof Key for Code Exchange)
|
|
- Service Worker token refresh logic
|
|
- Environment variables required
|
|
- Error codes and handling
|
|
- Golden rules (10 critical rules)
|
|
|
|
3. **SVELTE_PATTERNS_REFERENCE.md** (Code Patterns)
|
|
- Svelte store pattern with detailed examples
|
|
- Component structure with TypeScript
|
|
- API service layer pattern
|
|
- Data store pattern
|
|
- Layout component pattern
|
|
- Route page with auth guard
|
|
- Complete code examples for each
|
|
|
|
4. **SVELTE_BUILD_PLAN.md** (Execution Plan)
|
|
- 9-phase build plan (4 days, ~15 hours)
|
|
- Detailed step-by-step for each phase
|
|
- Directory structure to create
|
|
- Files to implement
|
|
- Testing checklist
|
|
- Success criteria
|
|
- Deployment preparation
|
|
|
|
---
|
|
|
|
## Key Architectural Decisions
|
|
|
|
### 1. Authentication (Direct Microsoft OAuth2)
|
|
- **Why:** Eliminates PocketBase auth layer, simplifies flow
|
|
- **How:** User → Microsoft login → Backend exchanges code → Returns access token
|
|
- **Security:** CLIENT_SECRET never exposed to frontend
|
|
|
|
### 2. Token Management
|
|
- **Access Token:** 1 hour expiry, stored in memory/sessionStorage, cleared on browser close
|
|
- **Refresh Token:** 24 hour expiry (SPA limit), stored ONLY on backend in PocketBase
|
|
- **Refresh Strategy:** Service Worker proactively refreshes 5 min before expiry
|
|
|
|
### 3. Device Storage
|
|
- **IndexedDB:** Jobs, files, cache stored locally
|
|
- **SessionStorage:** Only for temporary OAuth state and token metadata
|
|
- **localStorage:** Never used (XSS vulnerability)
|
|
|
|
### 4. Component Architecture
|
|
- **Stores:** Centralized state (auth, jobs, UI)
|
|
- **Services:** API calls with error handling
|
|
- **Components:** UI rendering, subscribe to stores
|
|
- **Routes:** Page logic, auth guards
|
|
|
|
### 5. Error Handling
|
|
- **No silent failures:** Every error caught and logged
|
|
- **User messages:** Errors shown in UI, not just console
|
|
- **Recovery:** Retry logic for network errors, re-auth for token failures
|
|
|
|
---
|
|
|
|
## Critical Rules to Remember
|
|
|
|
### Absolute Rules (No Exceptions)
|
|
1. **Never expose CLIENT_SECRET** - Backend only, environment variable
|
|
2. **Never store tokens in localStorage** - SessionStorage or memory only
|
|
3. **Always use PKCE** - Required for SPA security
|
|
4. **Always validate state parameter** - CSRF protection
|
|
5. **Always refresh before expiry** - Prevents 401 errors
|
|
|
|
### Development Rules (Follow Every Time)
|
|
1. **Every file has documentation** - PURPOSE, DEPENDENCIES at top
|
|
2. **All async operations have error handling** - No promise rejections
|
|
3. **No console.log of sensitive data** - Ever
|
|
4. **Update session log** - Every significant change
|
|
5. **TypeScript strict mode** - No `any` types
|
|
|
|
---
|
|
|
|
## What Happens Next
|
|
|
|
When you're ready to begin:
|
|
|
|
1. **I'll create the SvelteKit project** from scratch
|
|
2. **I'll build each component carefully** with full documentation
|
|
3. **I'll implement OAuth flow** exactly per the reference guide
|
|
4. **I'll create backend routes** for token handling
|
|
5. **I'll test everything** before moving to next piece
|
|
6. **I'll log every decision** in session log
|
|
7. **You'll review after each phase** and confirm it's right
|
|
|
|
### No More Guessing
|
|
- Every pattern is documented with examples
|
|
- Every error case is covered
|
|
- Every rule is stated clearly
|
|
- Every code snippet is explained line-by-line
|
|
|
|
### No More Restarting
|
|
- If something breaks, we'll know exactly why (patterns are proven)
|
|
- If something goes wrong, we'll fix it surgically (not restart)
|
|
- If something is unclear, we have reference guides
|
|
|
|
---
|
|
|
|
## Files Ready for Reference
|
|
|
|
You can always reference these during development:
|
|
|
|
```
|
|
/home/admin/Job-Info-Test/SVELTE_DEVELOPMENT_SYSTEM.md # Architecture
|
|
/home/admin/Job-Info-Test/OAUTH2_REFERENCE_GUIDE.md # OAuth details
|
|
/home/admin/Job-Info-Test/SVELTE_PATTERNS_REFERENCE.md # Code patterns
|
|
/home/admin/Job-Info-Test/SVELTE_BUILD_PLAN.md # Step-by-step
|
|
```
|
|
|
|
---
|
|
|
|
## Your Current Situation
|
|
|
|
**Old Project:** Mode3Test (broken, complex, too many layers)
|
|
**New Plan:** Clean Svelte app, proven patterns, comprehensive documentation
|
|
|
|
**Time Investment:** 3-4 days focused development
|
|
**Risk Level:** Low (following established patterns)
|
|
**Complexity:** Medium (OAuth integration is intricate, but documented)
|
|
|
|
---
|
|
|
|
## Ready?
|
|
|
|
I'm ready to start Phase 1 whenever you say so. I will:
|
|
|
|
✅ Create the SvelteKit project
|
|
✅ Set up all directory structure
|
|
✅ Configure environment variables
|
|
✅ Install dependencies
|
|
✅ Commit to documentation standards
|
|
✅ Explain every decision
|
|
✅ Log everything
|
|
✅ Test as we go
|
|
✅ Never skip steps
|
|
✅ Never create partial solutions
|
|
|
|
Just tell me you're ready, and I'll begin immediately.
|
|
|
|
---
|
|
|
|
## Summary
|
|
|
|
You now have:
|
|
- 4 comprehensive reference documents (100+ pages total)
|
|
- Complete architecture documented
|
|
- Every pattern explained with examples
|
|
- Step-by-step build plan
|
|
- Error handling strategy
|
|
- Testing checklist
|
|
- Development rules
|
|
|
|
**Everything needed to build this correctly, once, and keep it working.**
|
|
|
|
Ready to start Phase 1?
|