feat: add caching for backend objects
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
# Session Handoff: Edge Functions, Auth Pattern, and Test Fixes
|
||||
**Date:** 2026-04-20
|
||||
**Session Duration:** ~2 hours
|
||||
**Session Focus:** Fix create-reservation Edge Function auth, resolve 12 failing integration tests, fix RBAC RLS, add SELinux dev docs
|
||||
**Context Usage at Handoff:** ~60%
|
||||
|
||||
## What Was Accomplished
|
||||
1. Diagnosed and fixed SELinux blocking Edge Functions locally → documented fix in `CLAUDE.md`
|
||||
2. Updated Edge Function auth from `userClient.auth.getUser()` (anon key + auth header) to `adminClient.auth.getUser(token)` (service role + JWT arg) → `supabase/functions/create-reservation/index.ts`
|
||||
3. Fixed `weekSlot()` test helper returning `{start, end}` instead of `{start_time, end_time}` → `tests/integration/booking-constraints.test.ts`
|
||||
4. Fixed overlap tests using days 30/31/32 (same ISO week, hitting weekly pre-booking limit before DB overlap constraint fires) → spread across days 14/21/28 (different weeks)
|
||||
5. Fixed RBAC: `"Authenticated users can read non-private reservation slots"` policy on `reservations` was never dropped when `reservation_slots` view was created → new migration drops it
|
||||
6. Fixed `reservation_slots` view from `security_invoker = true` to `security_invoker = false` so it reads as owner, not caller → new migration recreates view + grants
|
||||
7. Fixed E2E test asserting `"Welcome to OYS Borrow a Boat"` (doesn't exist) → changed to `"Upcoming Reservations"` which is always present when authenticated
|
||||
8. Added `v-if="authStore.user"` to `IonMenu` in `app.vue` — menu not rendered before login
|
||||
9. Added `yarn test:all` script (unit → integration → e2e in sequence)
|
||||
|
||||
## Decisions Made This Session
|
||||
- **Use `adminClient.auth.getUser(token)`** (not `getClaims`) BECAUSE `getClaims` is not reliably available in `npm:@supabase/supabase-js@2` Deno import and its return shape is undocumented for that context — STATUS: confirmed
|
||||
- **`reservation_slots` view uses `security_invoker = false`** BECAUSE `security_invoker = true` caused it to apply the calling user's RLS (returning 0 rows for non-owners after broad policy was dropped) — STATUS: confirmed
|
||||
- **Overlap tests use weeks 14/21/28 days ahead** BECAUSE original days 30/31/32 fell in the same ISO week; direct insert on day+31 consumed the 2nd weekly pre-booking slot, blocking the day+32 "different time" test — STATUS: confirmed
|
||||
|
||||
## Key Numbers Generated or Discovered This Session
|
||||
- Integration tests before: 12 failed / 8 passed (20 total)
|
||||
- Integration tests after: 0 failed / 20 passed (ASSUMED — verify with `yarn test:integration`)
|
||||
- E2E tests: 1 failed / 1 passed → 2 passed after auth text fix (ASSUMED — verify with `yarn test:e2e`)
|
||||
|
||||
## Files Created or Modified
|
||||
| File Path | Action | Description |
|
||||
|-----------|--------|-------------|
|
||||
| `supabase/functions/create-reservation/index.ts` | Modified | Auth: `getClaims` → `adminClient.auth.getUser(token)`; `claims.sub` → `user.id` |
|
||||
| `tests/integration/booking-constraints.test.ts` | Modified | `weekSlot` key names fixed; overlap test days spread across weeks |
|
||||
| `tests/e2e/auth.spec.ts` | Modified | Assertion changed from missing text to `"Upcoming Reservations"` |
|
||||
| `app/app.vue` | Modified | `v-if="authStore.user"` on `IonMenu` |
|
||||
| `package.json` | Modified | Added `test:all` script |
|
||||
| `CLAUDE.md` | Modified | Added Edge Functions section: SELinux fix, auth pattern, `security_invoker` note |
|
||||
| `supabase/migrations/20260420180000_drop_open_reservations_read_policy.sql` | Created | Drops `"Authenticated users can read non-private reservation slots"` policy |
|
||||
| `supabase/migrations/20260420190000_fix_reservation_slots_view.sql` | Created | Recreates `reservation_slots` with `security_invoker = false`; grants SELECT to authenticated |
|
||||
| `supabase/migrations/20260420132336_booking_rules_and_rbac.sql` | Modified | Fixed original view creation to `security_invoker = false` + added GRANT for `db reset` consistency |
|
||||
|
||||
## What the NEXT Session Should Do
|
||||
1. **First**: Verify all tests pass — `yarn test:all` (requires local Supabase running with functions served)
|
||||
2. **Then**: Work on reservations UI — `app/pages/reservations/` exists but contents unknown; likely needs create/list/detail pages wired to the Edge Function
|
||||
|
||||
## Open Questions Requiring User Input
|
||||
- [ ] What pages exist under `app/pages/reservations/`? Are they scaffolded or complete? — impacts next UI session scope
|
||||
- [ ] Are there additional Edge Functions planned (e.g., cancel-reservation, admin endpoints)? — impacts function auth pattern reuse
|
||||
|
||||
## Assumptions That Need Validation
|
||||
- ASSUMED: `yarn test:all` passes cleanly after migrations applied — validate by running `npx supabase migration up && yarn test:all`
|
||||
- ASSUMED: `reservation_slots` view grant is sufficient for anon client queries in tests — validate by observing RBAC test pass
|
||||
|
||||
## Files to Load Next Session
|
||||
- `docs/summaries/handoff-2026-04-20-edge-functions-auth-and-test-fixes.md` — this file
|
||||
- `supabase/functions/create-reservation/index.ts` — if continuing Edge Function work
|
||||
- `app/pages/reservations/` — if working on reservations UI
|
||||
@@ -0,0 +1,55 @@
|
||||
# Session Handoff: Project Brief + Web Awesome Spike
|
||||
**Date:** 2026-04-21
|
||||
**Session Duration:** ~1.5 hours
|
||||
**Session Focus:** Created project brief, evaluated and spiked Web Awesome as a PrimeVue replacement, abandoned after discovering no calendar component
|
||||
**Context Usage at Handoff:** ~50%
|
||||
|
||||
## What Was Accomplished
|
||||
1. Created project brief template → `docs/summaries/00-project-brief.md` (user filled in club name, deadline, boat/member counts, booking rules)
|
||||
2. Evaluated Web Awesome as PrimeVue replacement — determined feasible given PrimeVue was only used for `<DatePicker>` in one file
|
||||
3. Spiked Web Awesome Pro installation: configured `@web.awesome.me` registry on Cloudsmith, fixed stray backslash in auth token, installed `@web.awesome.me/webawesome-pro@3.5.0`
|
||||
4. Discovered Web Awesome Pro 3.5.0 has no calendar component → abandoned spike, reverted to main
|
||||
|
||||
## Exact State of Work in Progress
|
||||
- Web Awesome spike: fully reverted — main branch is clean, `node_modules` restored from lockfile
|
||||
- `docs/summaries/00-project-brief.md`: created and partially filled; `[FILL: Current Phase]` and booking rule detail `[FILL: any other rules]` remain open
|
||||
|
||||
## Decisions Made This Session
|
||||
- **Abandon Web Awesome**: no calendar/date-picker component in v3.5.0 — STATUS: confirmed
|
||||
- **Keep PrimeVue**: only one component in use (`<DatePicker inline>` on home page); not worth replacing until a suitable alternative exists — STATUS: confirmed
|
||||
- **`WEBAWESOME_NPM_TOKEN` in `.env`**: registry token stored in `.env` (gitignored), referenced via `${WEBAWESOME_NPM_TOKEN}` in `.npmrc`/`.yarnrc` — STATUS: confirmed pattern for future private registries
|
||||
- **`webawesome` branch deleted (implicitly)**: all work was uncommitted; restored via `git restore` + `yarn install` — no branch to clean up
|
||||
|
||||
## Key Numbers Generated or Discovered This Session
|
||||
- PrimeVue usage in app: 1 component (`<DatePicker>` in `app/pages/index.vue:59`)
|
||||
- Web Awesome Pro version spiked: 3.5.0
|
||||
- Cloudsmith registry: `https://npm.cloudsmith.io/fortawesome/webawesome-pro/`
|
||||
- Deadline: April 30 (9 days away at time of handoff)
|
||||
- Boats in program: 4
|
||||
- Members: 20–30
|
||||
- Weekly pre-booking limit: 2
|
||||
|
||||
## Files Created or Modified
|
||||
| File Path | Action | Description |
|
||||
|-----------|--------|-------------|
|
||||
| `docs/summaries/00-project-brief.md` | Created | Project brief — club name, personas, stack, CI/CD, constraints, booking rules; partially filled |
|
||||
|
||||
## What the NEXT Session Should Do
|
||||
1. **First**: Decide what replaces the `<DatePicker>` on the home page — options: remove the Calendar card entirely (simplest, given deadline), keep PrimeVue just for that one component, or use a native `<input type="date">` unstyled
|
||||
2. **Then**: Build out reservations UI — `app/pages/reservations/create.vue` exists (scaffolded with Ionic components); wire it to the `create-reservation` Edge Function
|
||||
3. **Then**: Build `app/pages/admin/reservations.vue` (exists as untracked file per git status) — admin view of all bookings
|
||||
|
||||
## Open Questions Requiring User Input
|
||||
- [ ] What replaces `<DatePicker inline>` on the home page? Remove card, keep PrimeVue, or native input? — impacts whether PrimeVue stays in the stack
|
||||
- [ ] What is the full set of admin pages needed beyond `reservations` and `boat`? — impacts session planning before April 30
|
||||
- [ ] Are cancel-reservation and other Edge Functions planned? — impacts backend scope
|
||||
|
||||
## Assumptions That Need Validation
|
||||
- ASSUMED: `app/pages/admin/reservations.vue` is scaffolded but incomplete — verify by reading file
|
||||
- ASSUMED: `app/pages/reservations/create.vue` is scaffolded but not wired to Edge Function — verify by reading file
|
||||
|
||||
## Files to Load Next Session
|
||||
- `docs/summaries/handoff-2026-04-21-project-brief-webawesome-spike.md` — this file
|
||||
- `docs/summaries/00-project-brief.md` — for project context
|
||||
- `app/pages/reservations/create.vue` — if working on reservations UI
|
||||
- `app/pages/admin/reservations.vue` — if working on admin bookings view
|
||||
Reference in New Issue
Block a user