Gate the app behind Google sign-in restricted to verified @theodo.com
identities, and record the real reporter on filed defects (F9).
- nuxt-auth-utils for sealed cookie sessions + the Google OAuth handler,
mounted at /auth/google/callback to match the registered redirect URI.
- isAllowedGoogleUser re-derives the domain from Google's verified email;
the spoofable `hd` claim is deliberately ignored (DESIGN T9).
- Default-deny: server middleware 401s unauthenticated /api calls (health
and the session endpoint excepted); a global route middleware redirects
unauthenticated page navigations to /login.
- getReporter() now reads the session email instead of the dev stub.
- Env contract moves to nuxt-auth-utils names (NUXT_SESSION_PASSWORD,
NUXT_OAUTH_GOOGLE_*); .env.example, compose and README updated.
Unit-tested: domain check (incl. hd-spoof + look-alike) and public-path
matching. Live OAuth round-trip pending manual verification.
Drop the two-subdomain split (ADR 0004): report at /, view defects at
/defects, with a shared layout + header nav. Renames the dashboard page to
defects.vue and updates plan/README. Transparency over separation now that
auth gates everyone, and it removes the Coolify two-domain routing question.
- Add Nitro plugin to apply Drizzle migrations on server boot (skips when
DATABASE_URL is unset, e.g. during build).
- Split compose: docker-compose.dev.yml (hot-reload + Postgres) vs
docker-compose.yml (production/self-host, env-driven, Coolify-deployable).
- Add .dockerignore; parameterise compose env; document the autodeploy
decision (Coolify watches main, no CI workflow needed) in ADR 0003 and
plan.md T12.