Files
andon/tasks/todo.md
Julien Calixte 82ac540909 feat(auth): Google OAuth, sealed session and default-deny gating (T9)
Gate the app behind Google sign-in restricted to verified @theodo.com
identities, and record the real reporter on filed defects (F9).

- nuxt-auth-utils for sealed cookie sessions + the Google OAuth handler,
  mounted at /auth/google/callback to match the registered redirect URI.
- isAllowedGoogleUser re-derives the domain from Google's verified email;
  the spoofable `hd` claim is deliberately ignored (DESIGN T9).
- Default-deny: server middleware 401s unauthenticated /api calls (health
  and the session endpoint excepted); a global route middleware redirects
  unauthenticated page navigations to /login.
- getReporter() now reads the session email instead of the dev stub.
- Env contract moves to nuxt-auth-utils names (NUXT_SESSION_PASSWORD,
  NUXT_OAUTH_GOOGLE_*); .env.example, compose and README updated.

Unit-tested: domain check (incl. hd-spoof + look-alike) and public-path
matching. Live OAuth round-trip pending manual verification.
2026-05-28 01:09:48 +02:00

42 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Andon — Task Checklist
Derived from [plan.md](./plan.md). Build order follows the House of Quality
weights (DESIGN.md §4). Check off as tasks complete; stop at each checkpoint for
review.
## Phase 1 — Foundation & board spine
- [x] **T1** Scaffold Nuxt 4 + tooling + Dockerised dev (M) — _deps: none_
- [x] **T2** Board-definition module (C1) + BoardView (C2) — F1 (M) — _deps: T1_
- [ ]**Checkpoint:** build + tests pass, board interactive, human review
## Phase 2 — File a defect (G1)
- [x] **T3** Postgres schema + migrations (C8) (S) — _deps: T1_
- [x] **T4** Projects API + ProjectAutocomplete (C4) — F3 (M) — _deps: T3_
- [x] **T5** File a defect: POST /api/defects + DefectForm (C3) — F2 (M) — _deps: T2, T3, T4_
- [ ]**Checkpoint:** defect files end-to-end (dev auth), tests pass, human review
## Phase 3 — See weak points (G2)
- [x] **T6** Defects read API: feed + per-section counts (C7) — F6 (M) — _deps: T3_
- [x] **T7** Dashboard DotMap (C5) — F4 (M) — _deps: T2, T6_
- [x] **T8** VerbatimModal + Feed (C6) — F5 (M) — _deps: T6, T7_
- [x]**Checkpoint:** dashboard dot map + feed + modal work, ≤350ms @2k, human review
## Phase 4 — Authentication (G4)
- [x] **T9** Google OAuth + session + domain-check middleware (C9) — F9 (M) — _deps: T1, retrofits T5_
- [ ]**Checkpoint:** both views gated to @theodo.com, reporters real, human review
## Phase 5 — Notifications (G3)
- [ ] **T10** Web Push subscribe + service worker (C10) — F8 (M) — _deps: T3, T9_
- [ ] **T11** Send push on defect filed (fire-and-forget) — F7 (S) — _deps: T5, T10_
- [ ]**Checkpoint:** file → push arrives ≤10s, filing latency unaffected, human review
## Phase 6 — Ship (F10)
- [ ] **T12** Prod image + Coolify managed Postgres (backups) & domains (C11) (M) — _deps: T1T11_
- [ ]**Checkpoint:** data survives redeploy, both subdomains live, ready for review
## Blocked on open questions (see plan.md)
- [x] Google OAuth client provisioning (blocks T9) — client provided; redirect URI `…/auth/google/callback`
- [ ] Confirm pnpm + Vitest + Playwright vs Theodo template (affects T1)
- [ ] Coolify two-domain routing model (affects T12)
- [ ] "Owner only" vs any subscribed user for push (affects T10/T11)