alvis/oO
1
0
Fork 0
Code Issues 34 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Phase 0 walking skeleton — monorepo, API, web, ML stub

Browse Source 
Sets up the full Phase 0 foundation:

- pnpm workspaces + turbo build graph; native module build approval
- packages/shared-types: HTTP contracts (Tip, Auth, Integrations, User)
- services/api: Express modular monolith with better-sqlite3/drizzle
  - auth: Google OAuth2 + PKCE via openid-client v6, cookie sessions
  - integrations: Todoist OAuth2 connect/disconnect, token vault
  - recommender: RandomPolicy over Todoist tasks, feedback sink
  - user: profile, consent capture, full account deletion (GDPR)
- apps/web: Next.js 15, three pages (sign-in → connect → tip)
  - tip page: black canvas, hold-to-act gesture, action sheet
  - PWA manifest + theme
- ml/serving: FastAPI stub implementing the POST /score contract
- infra: docker-compose (core/full profiles), Dockerfiles, CI skeleton
- .env.example with all required vars documented

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
alvis
2026-04-14 12:41:24 +00:00
parent 7f173f88d3
commit 65218762be
44 changed files with 4574 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.env.example Normal file
View File

@@ -0,0 +1,18 @@
# Copy to .env.local and fill in values — never commit .env.local
# API
SESSION_SECRET=change-me-to-a-random-32-char-string
PORT=3001
NODE_ENV=development
DATABASE_PATH=./data/oo.db
API_BASE_URL=http://localhost:3001
WEB_BASE_URL=http://localhost:3000
ML_SERVING_URL=http://localhost:8000
# Google OAuth — https://console.cloud.google.com/
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# Todoist OAuth — https://developer.todoist.com/appconsole.html
TODOIST_CLIENT_ID=
TODOIST_CLIENT_SECRET=

14
apps/web/next.config.ts Normal file
View File

@@ -0,0 +1,14 @@
import type { NextConfig } from 'next';
const nextConfig: NextConfig = {
async rewrites() {
return [
{
source: '/api/:path*',
destination: `${process.env.NEXT_PUBLIC_API_URL ?? 'http://localhost:3001'}/api/:path*`,
},
];
},
};
export default nextConfig;

25
apps/web/package.json Normal file
View File

@@ -0,0 +1,25 @@
{
"name": "@oo/web",
"version": "0.0.0",
"private": true,
"scripts": {
"dev": "next dev",
"build": "next build",
"start": "next start",
"lint": "next lint",
"type-check": "tsc --noEmit",
"clean": "rm -rf .next"
},
"dependencies": {
"@oo/shared-types": "workspace:*",
"next": "^15.1.6",
"react": "^19.0.0",
"react-dom": "^19.0.0"
},
"devDependencies": {
"@types/react": "^19.0.0",
"@types/react-dom": "^19.0.0",
"@types/node": "^22.10.5",
"typescript": "^5.7.3"
}
}

21
apps/web/public/manifest.json Normal file
View File

@@ -0,0 +1,21 @@
{
"name": "oO",
"short_name": "oO",
"description": "One tip. Right now.",
"start_url": "/tip",
"display": "standalone",
"background_color": "#000000",
"theme_color": "#000000",
"icons": [
{
"src": "/icon-192.png",
"sizes": "192x192",
"type": "image/png"
},
{
"src": "/icon-512.png",
"sizes": "512x512",
"type": "image/png"
}
]
}

156
apps/web/src/app/connect/page.tsx Normal file
View File

@@ -0,0 +1,156 @@
'use client';
import { useEffect, useState, useCallback } from 'react';
import { useRouter, useSearchParams } from 'next/navigation';
import { getSession, getIntegrations, disconnectIntegration } from '@/lib/api';
import type { Integration } from '@oo/shared-types';
import { Suspense } from 'react';
function ConnectPageInner() {
const router = useRouter();
const searchParams = useSearchParams();
const [integrations, setIntegrations] = useState<Integration[]>([]);
const [loading, setLoading] = useState(true);
const [disconnecting, setDisconnecting] = useState<string | null>(null);
const load = useCallback(async () => {
const { user } = await getSession();
if (!user) { router.replace('/sign-in'); return; }
const { integrations: list } = await getIntegrations();
setIntegrations(list);
setLoading(false);
}, [router]);
useEffect(() => { load(); }, [load]);
// Show banner if just connected
const justConnected = searchParams.get('connected');
const isConnected = (provider: string) =>
integrations.some((i) => i.provider === provider && i.status === 'connected');
const handleDisconnect = async (provider: string) => {
setDisconnecting(provider);
await disconnectIntegration(provider);
await load();
setDisconnecting(null);
};
if (loading) {
return (
<main style={{ minHeight: '100vh', display: 'flex', alignItems: 'center', justifyContent: 'center' }}>
<div style={{ color: 'var(--gray)', fontSize: '0.875rem' }}>Loading</div>
</main>
);
}
const todoistConnected = isConnected('todoist');
return (
<main style={{ minHeight: '100vh', padding: '4rem 2rem', maxWidth: '480px', margin: '0 auto' }}>
<h2 style={{ fontSize: '1.5rem', fontWeight: 300, marginBottom: '0.5rem', letterSpacing: '-0.02em' }}>
Connect your apps
</h2>
<p style={{ color: 'var(--gray)', fontSize: '0.875rem', marginBottom: '3rem' }}>
oO reads what you need, when you need it.
</p>
{justConnected && (
<div style={{
background: 'rgba(255,255,255,0.06)',
borderRadius: '0.5rem',
padding: '0.75rem 1rem',
marginBottom: '1.5rem',
fontSize: '0.875rem',
color: 'var(--white)',
}}>
{justConnected} connected.
</div>
)}
{/* Todoist card */}
<div style={{
border: '1px solid rgba(255,255,255,0.1)',
borderRadius: '0.75rem',
padding: '1.25rem 1.5rem',
display: 'flex',
alignItems: 'center',
justifyContent: 'space-between',
marginBottom: '1rem',
}}>
<div style={{ display: 'flex', alignItems: 'center', gap: '0.875rem' }}>
{/* Todoist logomark */}
<svg width="28" height="28" viewBox="0 0 24 24" fill="none" aria-label="Todoist">
<rect width="24" height="24" rx="6" fill="#DB4035"/>
<path d="M6 8.5L11 13l7-7" stroke="#fff" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"/>
</svg>
<div>
<div style={{ fontWeight: 500, fontSize: '0.9rem' }}>Todoist</div>
<div style={{ color: 'var(--gray)', fontSize: '0.75rem', marginTop: '0.1rem' }}>
{todoistConnected ? 'Connected' : 'Tasks & to-dos'}
</div>
</div>
</div>
{todoistConnected ? (
<button
onClick={() => handleDisconnect('todoist')}
disabled={disconnecting === 'todoist'}
style={{
background: 'transparent',
border: '1px solid rgba(255,255,255,0.15)',
color: 'var(--gray)',
borderRadius: '0.375rem',
padding: '0.375rem 0.875rem',
fontSize: '0.8rem',
}}
>
{disconnecting === 'todoist' ? '…' : 'Disconnect'}
</button>
) : (
<a
href="/api/integrations/todoist/connect?redirectTo=/connect"
style={{
background: 'var(--white)',
color: 'var(--black)',
borderRadius: '0.375rem',
padding: '0.375rem 0.875rem',
fontSize: '0.8rem',
fontWeight: 500,
}}
>
Connect
</a>
)}
</div>
{todoistConnected && (
<div style={{ marginTop: '3rem' }}>
<a
href="/tip"
style={{
display: 'block',
textAlign: 'center',
background: 'var(--white)',
color: 'var(--black)',
borderRadius: '0.5rem',
padding: '0.875rem',
fontWeight: 500,
fontSize: '0.9rem',
}}
>
See my tip
</a>
</div>
)}
</main>
);
}
export default function ConnectPage() {
return (
<Suspense>
<ConnectPageInner />
</Suspense>
);
}

31
apps/web/src/app/globals.css Normal file
View File

@@ -0,0 +1,31 @@
*, *::before, *::after {
box-sizing: border-box;
margin: 0;
padding: 0;
}
:root {
--black: #000;
--white: #fff;
--gray: #888;
--dim: rgba(255,255,255,0.08);
--font: -apple-system, BlinkMacSystemFont, 'SF Pro Display', 'Segoe UI', sans-serif;
}
html, body {
height: 100%;
background: var(--black);
color: var(--white);
font-family: var(--font);
-webkit-font-smoothing: antialiased;
}
a {
color: inherit;
text-decoration: none;
}
button {
cursor: pointer;
font-family: inherit;
}

21
apps/web/src/app/layout.tsx Normal file
View File

@@ -0,0 +1,21 @@
import type { Metadata, Viewport } from 'next';
import './globals.css';
export const metadata: Metadata = {
title: 'oO',
description: 'One tip. Right now.',
manifest: '/manifest.json',
appleWebApp: { capable: true, statusBarStyle: 'black', title: 'oO' },
};
export const viewport: Viewport = {
themeColor: '#000000',
};
export default function RootLayout({ children }: { children: React.ReactNode }) {
return (
<html lang="en">
<body>{children}</body>
</html>
);
}

6
apps/web/src/app/page.tsx Normal file
View File

@@ -0,0 +1,6 @@
// Root redirect: send users to /tip (auth guard lives there)
import { redirect } from 'next/navigation';
export default function Home() {
redirect('/tip');
}

68
apps/web/src/app/sign-in/page.tsx Normal file
View File

@@ -0,0 +1,68 @@
'use client';
import { useEffect } from 'react';
import { useRouter } from 'next/navigation';
import { getSession } from '@/lib/api';
export default function SignIn() {
const router = useRouter();
useEffect(() => {
getSession().then(({ user }) => {
if (user) router.replace('/connect');
});
}, [router]);
return (
<main style={{
minHeight: '100vh',
display: 'flex',
flexDirection: 'column',
alignItems: 'center',
justifyContent: 'center',
padding: '2rem',
gap: '3rem',
}}>
<div style={{ textAlign: 'center' }}>
<h1 style={{ fontSize: '4rem', fontWeight: 200, letterSpacing: '-0.05em', marginBottom: '0.5rem' }}>oO</h1>
<p style={{ color: 'var(--gray)', fontSize: '1rem', fontWeight: 300 }}>
one tip. right now.
</p>
</div>
<div style={{ display: 'flex', flexDirection: 'column', gap: '1rem', width: '100%', maxWidth: '320px' }}>
<a
href="/api/auth/login?redirectTo=/connect"
style={{
display: 'flex',
alignItems: 'center',
justifyContent: 'center',
gap: '0.75rem',
padding: '0.875rem 1.5rem',
background: 'var(--white)',
color: 'var(--black)',
borderRadius: '0.5rem',
fontSize: '0.9rem',
fontWeight: 500,
letterSpacing: '0.01em',
}}
>
<svg width="18" height="18" viewBox="0 0 18 18" aria-hidden>
<path fill="#4285F4" d="M17.64 9.2c0-.637-.057-1.251-.164-1.84H9v3.481h4.844c-.209 1.125-.843 2.078-1.796 2.717v2.258h2.908c1.702-1.567 2.684-3.874 2.684-6.615z"/>
<path fill="#34A853" d="M9 18c2.43 0 4.467-.806 5.956-2.184l-2.908-2.258c-.806.54-1.837.86-3.048.86-2.344 0-4.328-1.584-5.036-3.711H.957v2.332A8.997 8.997 0 0 0 9 18z"/>
<path fill="#FBBC05" d="M3.964 10.707A5.41 5.41 0 0 1 3.682 9c0-.593.102-1.17.282-1.707V4.961H.957A8.996 8.996 0 0 0 0 9c0 1.452.348 2.827.957 4.039l3.007-2.332z"/>
<path fill="#EA4335" d="M9 3.58c1.321 0 2.508.454 3.44 1.345l2.582-2.58C13.463.891 11.426 0 9 0A8.997 8.997 0 0 0 .957 4.96l3.007 2.332C4.672 5.163 6.656 3.58 9 3.58z"/>
</svg>
Continue with Google
</a>
</div>
<p style={{ color: 'var(--gray)', fontSize: '0.75rem', textAlign: 'center', maxWidth: '280px', lineHeight: 1.6 }}>
By continuing you agree to our{' '}
<a href="/legal/terms" style={{ textDecoration: 'underline' }}>Terms</a>
{' '}and{' '}
<a href="/legal/privacy" style={{ textDecoration: 'underline' }}>Privacy Policy</a>.
</p>
</main>
);
}

218
apps/web/src/app/tip/page.tsx Normal file
View File

@@ -0,0 +1,218 @@
'use client';
import { useEffect, useState, useRef, useCallback } from 'react';
import { useRouter } from 'next/navigation';
import { getSession, getRecommendation, sendFeedback } from '@/lib/api';
import type { Tip } from '@oo/shared-types';
type State = 'loading' | 'tip' | 'empty' | 'actions' | 'done';
export default function TipPage() {
const router = useRouter();
const [tip, setTip] = useState<Tip | null>(null);
const [state, setState] = useState<State>('loading');
const holdTimer = useRef<ReturnType<typeof setTimeout> | null>(null);
const [pressed, setPressed] = useState(false);
const loadTip = useCallback(async () => {
setState('loading');
const { user } = await getSession();
if (!user) { router.replace('/sign-in'); return; }
const rec = await getRecommendation();
if (!rec) {
setState('empty');
return;
}
setTip(rec.tip);
setState('tip');
}, [router]);
useEffect(() => { loadTip(); }, [loadTip]);
const react = async (action: 'done' | 'dismiss' | 'snooze') => {
if (!tip) return;
setState('done');
await sendFeedback(tip.id, { action });
setTimeout(() => loadTip(), 600);
};
const onPointerDown = () => {
if (state !== 'tip') return;
setPressed(true);
holdTimer.current = setTimeout(() => {
setState('actions');
setPressed(false);
}, 600);
};
const onPointerUp = () => {
setPressed(false);
if (holdTimer.current) {
clearTimeout(holdTimer.current);
holdTimer.current = null;
}
};
return (
<main
onPointerDown={onPointerDown}
onPointerUp={onPointerUp}
onPointerLeave={onPointerUp}
style={{
minHeight: '100vh',
display: 'flex',
flexDirection: 'column',
alignItems: 'center',
justifyContent: 'center',
padding: '3rem 2rem',
userSelect: 'none',
WebkitUserSelect: 'none',
cursor: state === 'tip' ? 'default' : 'pointer',
position: 'relative',
overflow: 'hidden',
}}
>
{/* Radial glow when pressed */}
<div style={{
position: 'absolute',
inset: 0,
background: 'radial-gradient(ellipse at center, rgba(255,255,255,0.04) 0%, transparent 70%)',
opacity: pressed ? 1 : 0,
transition: 'opacity 0.3s ease',
pointerEvents: 'none',
}} />
{state === 'loading' && (
<div style={{ color: 'rgba(255,255,255,0.2)', fontSize: '0.75rem', letterSpacing: '0.15em' }}>
···
</div>
)}
{state === 'tip' && tip && (
<div style={{ textAlign: 'center', maxWidth: '420px' }}>
<p style={{
fontSize: 'clamp(1.25rem, 4vw, 1.75rem)',
fontWeight: 300,
lineHeight: 1.45,
letterSpacing: '-0.01em',
color: 'var(--white)',
transition: 'opacity 0.2s ease',
opacity: pressed ? 0.6 : 1,
}}>
{tip.content}
</p>
<p style={{
marginTop: '2rem',
color: 'rgba(255,255,255,0.2)',
fontSize: '0.65rem',
letterSpacing: '0.12em',
textTransform: 'uppercase',
}}>
hold to act
</p>
</div>
)}
{state === 'empty' && (
<div style={{ textAlign: 'center', color: 'rgba(255,255,255,0.3)' }}>
<p style={{ fontSize: '1.1rem', fontWeight: 300 }}>All clear.</p>
<button
onClick={loadTip}
style={{
marginTop: '2rem',
background: 'transparent',
border: '1px solid rgba(255,255,255,0.1)',
color: 'rgba(255,255,255,0.4)',
borderRadius: '0.375rem',
padding: '0.5rem 1rem',
fontSize: '0.8rem',
}}
>
Check again
</button>
</div>
)}
{state === 'done' && (
<div style={{ color: 'rgba(255,255,255,0.15)', fontSize: '0.75rem', letterSpacing: '0.15em' }}>
···
</div>
)}
{/* Action sheet */}
{state === 'actions' && (
<>
<div
onClick={() => setState('tip')}
style={{
position: 'fixed',
inset: 0,
background: 'rgba(0,0,0,0.5)',
}}
/>
<div style={{
position: 'fixed',
bottom: 0,
left: 0,
right: 0,
background: '#111',
borderRadius: '1rem 1rem 0 0',
padding: '1.5rem 1.5rem 2.5rem',
display: 'flex',
flexDirection: 'column',
gap: '0.75rem',
}}>
{tip && (
<p style={{
color: 'rgba(255,255,255,0.4)',
fontSize: '0.8rem',
marginBottom: '0.5rem',
lineHeight: 1.4,
}}>
{tip.content}
</p>
)}
<ActionButton label="Done ✓" onClick={() => react('done')} primary />
<ActionButton label="Snooze" onClick={() => react('snooze')} />
<ActionButton label="Dismiss" onClick={() => react('dismiss')} />
<button
onClick={() => setState('tip')}
style={{
background: 'transparent',
border: 'none',
color: 'rgba(255,255,255,0.25)',
padding: '0.5rem',
fontSize: '0.8rem',
marginTop: '0.25rem',
}}
>
Cancel
</button>
</div>
</>
)}
</main>
);
}
function ActionButton({ label, onClick, primary }: { label: string; onClick: () => void; primary?: boolean }) {
return (
<button
onClick={onClick}
style={{
background: primary ? 'var(--white)' : 'rgba(255,255,255,0.06)',
color: primary ? 'var(--black)' : 'var(--white)',
border: 'none',
borderRadius: '0.625rem',
padding: '1rem',
fontSize: '0.95rem',
fontWeight: primary ? 500 : 400,
width: '100%',
textAlign: 'center',
}}
>
{label}
</button>
);
}

64
apps/web/src/lib/api.ts Normal file
View File

@@ -0,0 +1,64 @@
import type { RecommendResponse, TipFeedback, IntegrationsResponse, UserProfile } from '@oo/shared-types';
const API = '/api';
async function apiFetch<T>(path: string, init?: RequestInit): Promise<T> {
const res = await fetch(`${API}${path}`, {
credentials: 'include',
...init,
headers: {
'Content-Type': 'application/json',
...init?.headers,
},
});
if (!res.ok) {
const err = await res.json().catch(() => ({ error: res.statusText }));
throw Object.assign(new Error(err.error ?? 'API error'), { status: res.status });
}
if (res.status === 204) return undefined as T;
return res.json() as T;
}
export async function getSession() {
return apiFetch<{ user: { id: string; email: string; name?: string; image?: string } | null }>('/auth/session');
}
export async function getRecommendation(): Promise<RecommendResponse | null> {
try {
return await apiFetch<RecommendResponse>('/recommend', { method: 'POST' });
} catch (e: any) {
if (e.status === 204 || e.status === 422) return null;
throw e;
}
}
export async function sendFeedback(tipId: string, feedback: TipFeedback) {
return apiFetch<{ ok: boolean }>(`/tip/${encodeURIComponent(tipId)}/feedback`, {
method: 'POST',
body: JSON.stringify(feedback),
});
}
export async function getIntegrations(): Promise<IntegrationsResponse> {
return apiFetch<IntegrationsResponse>('/integrations');
}
export async function disconnectIntegration(provider: string) {
return apiFetch<{ ok: boolean }>(`/integrations/${provider}`, { method: 'DELETE' });
}
export async function getProfile(): Promise<UserProfile> {
return apiFetch<UserProfile>('/user/me');
}
export async function giveConsent() {
return apiFetch<{ ok: boolean }>('/user/consent', { method: 'POST' });
}
export async function deleteAccount() {
return apiFetch<{ ok: boolean }>('/user/me', { method: 'DELETE' });
}
export async function logout() {
return apiFetch<{ ok: boolean }>('/auth/logout', { method: 'POST' });
}

23
apps/web/tsconfig.json Normal file
View File

@@ -0,0 +1,23 @@
{
"compilerOptions": {
"target": "ES2017",
"lib": ["dom", "dom.iterable", "esnext"],
"allowJs": true,
"skipLibCheck": true,
"strict": true,
"noEmit": true,
"esModuleInterop": true,
"module": "esnext",
"moduleResolution": "bundler",
"resolveJsonModule": true,
"isolatedModules": true,
"jsx": "preserve",
"incremental": true,
"plugins": [{ "name": "next" }],
"paths": {
"@/*": ["./src/*"]
}
},
"include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
"exclude": ["node_modules"]
}

1
apps/web/tsconfig.tsbuildinfo Normal file
View File

File diff suppressed because one or more lines are too long

35
infra/ci/ci.yml Normal file
View File

@@ -0,0 +1,35 @@
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
type-check-and-lint:
name: Type-check & lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 10
- uses: actions/setup-node@v4
with:
node-version: 22
cache: pnpm
- run: pnpm install --frozen-lockfile
- run: pnpm build --filter=@oo/shared-types
- run: pnpm type-check
ml-lint:
name: Python lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- run: pip install ruff
- run: ruff check ml/serving/

32
infra/docker/Dockerfile.api Normal file
View File

@@ -0,0 +1,32 @@
FROM node:22-alpine AS base
RUN npm install -g pnpm
FROM base AS deps
WORKDIR /app
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml* ./
COPY packages/shared-types/package.json ./packages/shared-types/
COPY services/api/package.json ./services/api/
RUN pnpm install --frozen-lockfile
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY --from=deps /app/packages/shared-types/node_modules ./packages/shared-types/node_modules
COPY --from=deps /app/services/api/node_modules ./services/api/node_modules
COPY tsconfig.base.json ./
COPY packages/shared-types ./packages/shared-types
COPY services/api ./services/api
RUN pnpm --filter @oo/shared-types build
RUN pnpm --filter @oo/api build
FROM node:22-alpine AS runner
WORKDIR /app
RUN npm install -g pnpm
COPY package.json pnpm-workspace.yaml ./
COPY packages/shared-types/package.json ./packages/shared-types/
COPY services/api/package.json ./services/api/
RUN pnpm install --prod --frozen-lockfile
COPY --from=builder /app/packages/shared-types/dist ./packages/shared-types/dist
COPY --from=builder /app/services/api/dist ./services/api/dist
WORKDIR /app/services/api
CMD ["node", "dist/index.js"]

6
infra/docker/Dockerfile.ml Normal file
View File

@@ -0,0 +1,6 @@
FROM python:3.12-slim
WORKDIR /app
COPY ml/serving/requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY ml/serving/main.py .
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

29
infra/docker/Dockerfile.web Normal file
View File

@@ -0,0 +1,29 @@
FROM node:22-alpine AS base
RUN npm install -g pnpm
FROM base AS deps
WORKDIR /app
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml* ./
COPY packages/shared-types/package.json ./packages/shared-types/
COPY apps/web/package.json ./apps/web/
RUN pnpm install --frozen-lockfile
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY --from=deps /app/packages/shared-types/node_modules ./packages/shared-types/node_modules
COPY --from=deps /app/apps/web/node_modules ./apps/web/node_modules
COPY tsconfig.base.json ./
COPY packages/shared-types ./packages/shared-types
COPY apps/web ./apps/web
RUN pnpm --filter @oo/shared-types build
ENV NEXT_TELEMETRY_DISABLED=1
RUN pnpm --filter @oo/web build
FROM node:22-alpine AS runner
ENV NODE_ENV=production NEXT_TELEMETRY_DISABLED=1
WORKDIR /app
COPY --from=builder /app/apps/web/.next/standalone ./
COPY --from=builder /app/apps/web/.next/static ./apps/web/.next/static
COPY --from=builder /app/apps/web/public ./apps/web/public
CMD ["node", "apps/web/server.js"]

56
infra/docker/docker-compose.yml Normal file
View File

@@ -0,0 +1,56 @@
name: oo
services:
# ── core profile ──────────────────────────────────────────────────────────
api:
build:
context: ../..
dockerfile: infra/docker/Dockerfile.api
profiles: [core, full]
env_file: ../../.env.local
environment:
DATABASE_PATH: /data/oo.db
PORT: "3001"
NODE_ENV: production
volumes:
- api-data:/data
ports:
- "3001:3001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3001/health"]
interval: 10s
timeout: 5s
retries: 5
web:
build:
context: ../..
dockerfile: infra/docker/Dockerfile.web
profiles: [core, full]
env_file: ../../.env.local
environment:
NEXT_PUBLIC_API_URL: "" # rewrites proxy to /api, no cross-origin needed in prod
ports:
- "3000:3000"
depends_on:
api:
condition: service_healthy
# ── full profile ──────────────────────────────────────────────────────────
ml-serving:
build:
context: ../..
dockerfile: infra/docker/Dockerfile.ml
profiles: [full]
ports:
- "8000:8000"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 10s
timeout: 5s
retries: 5
volumes:
api-data:

49
ml/serving/main.py Normal file
View File

@@ -0,0 +1,49 @@
"""
oO ML Serving — Phase 0 stub.
Returns a placeholder response that matches the interface the real scorer will implement.
The recommender service calls this via RemotePolicy (not yet wired in Phase 0).
Contract:
POST /score
Body: { user_id: str, candidates: [{ id: str, content: str, source: str, source_id?: str }] }
Response: { tip_id: str, score: float }
"""
from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
import random
app = FastAPI(title="oO ML Serving", version="0.0.0")
class Candidate(BaseModel):
id: str
content: str
source: str
source_id: str | None = None
class ScoreRequest(BaseModel):
user_id: str
candidates: list[Candidate]
class ScoreResponse(BaseModel):
tip_id: str
score: float
policy: str
@app.get("/health")
def health():
return {"ok": True}
@app.post("/score", response_model=ScoreResponse)
def score(req: ScoreRequest):
if not req.candidates:
raise HTTPException(status_code=422, detail="No candidates")
# Stub: random uniform scoring — real model slots in here
chosen = random.choice(req.candidates)
return ScoreResponse(tip_id=chosen.id, score=1.0, policy="stub-random")

9
ml/serving/package.json Normal file
View File

@@ -0,0 +1,9 @@
{
"name": "@oo/ml-serving",
"version": "0.0.0",
"private": true,
"scripts": {
"dev": "uvicorn main:app --reload --port 8000",
"start": "uvicorn main:app --port 8000"
}
}

3
ml/serving/requirements.txt Normal file
View File

@@ -0,0 +1,3 @@
fastapi==0.115.6
uvicorn[standard]==0.32.1
pydantic==2.10.4

22
package.json Normal file
View File

@@ -0,0 +1,22 @@
{
"name": "oo-monorepo",
"private": true,
"version": "0.0.0",
"packageManager": "pnpm@10.33.0",
"scripts": {
"build": "turbo build",
"dev": "turbo dev",
"lint": "turbo lint",
"type-check": "turbo type-check",
"test": "turbo test",
"clean": "turbo clean"
},
"pnpm": {
"onlyBuiltDependencies": ["better-sqlite3", "esbuild", "sharp"]
},
"devDependencies": {
"turbo": "^2.3.3",
"typescript": "^5.7.3",
"@types/node": "^22.10.5"
}
}

21
packages/shared-types/package.json Normal file
View File

@@ -0,0 +1,21 @@
{
"name": "@oo/shared-types",
"version": "0.0.0",
"private": true,
"main": "./dist/index.js",
"types": "./dist/index.d.ts",
"exports": {
".": {
"import": "./dist/index.js",
"types": "./dist/index.d.ts"
}
},
"scripts": {
"build": "tsc",
"type-check": "tsc --noEmit",
"clean": "rm -rf dist"
},
"devDependencies": {
"typescript": "^5.7.3"
}
}

12
packages/shared-types/src/http/auth.ts Normal file
View File

@@ -0,0 +1,12 @@
/** Session user returned by /api/auth/session */
export interface SessionUser {
id: string;
email: string;
name?: string;
image?: string;
}
/** GET /api/auth/session response */
export interface SessionResponse {
user: SessionUser | null;
}

18
packages/shared-types/src/http/integrations.ts Normal file
View File

@@ -0,0 +1,18 @@
export type IntegrationProvider = 'todoist';
export type IntegrationStatus = 'connected' | 'disconnected' | 'error';
export interface Integration {
provider: IntegrationProvider;
status: IntegrationStatus;
connectedAt?: string; // ISO 8601
}
/** GET /api/integrations response */
export interface IntegrationsResponse {
integrations: Integration[];
}
/** DELETE /api/integrations/:provider — revokes token */
export interface DisconnectResponse {
ok: boolean;
}

19
packages/shared-types/src/http/tip.ts Normal file
View File

@@ -0,0 +1,19 @@
/** A single recommendation surfaced to the user */
export interface Tip {
id: string;
content: string;
source: 'todoist' | 'advice';
sourceId?: string;
createdAt: string; // ISO 8601
}
/** POST /recommend response */
export interface RecommendResponse {
tip: Tip;
}
/** POST /tip/:id/feedback request body */
export interface TipFeedback {
action: 'done' | 'dismiss' | 'snooze';
snoozedUntil?: string; // ISO 8601, required when action = snooze
}

14
packages/shared-types/src/http/user.ts Normal file
View File

@@ -0,0 +1,14 @@
/** GET /api/user/me */
export interface UserProfile {
id: string;
email: string;
name?: string;
image?: string;
createdAt: string;
consentGiven: boolean;
}
/** DELETE /api/user/me — account deletion */
export interface DeleteAccountResponse {
ok: boolean;
}

4
packages/shared-types/src/index.ts Normal file
View File

@@ -0,0 +1,4 @@
export * from './http/tip.js';
export * from './http/auth.js';
export * from './http/integrations.js';
export * from './http/user.js';

8
packages/shared-types/tsconfig.json Normal file
View File

@@ -0,0 +1,8 @@
{
"extends": "../../tsconfig.base.json",
"compilerOptions": {
"outDir": "dist",
"rootDir": "src"
},
"include": ["src"]
}

2789
pnpm-lock.yaml generated Normal file
View File

File diff suppressed because it is too large Load Diff

5
pnpm-workspace.yaml Normal file
View File

@@ -0,0 +1,5 @@
packages:
- 'apps/*'
- 'services/*'
- 'packages/*'
- 'ml/serving'

38
services/api/package.json Normal file
View File

@@ -0,0 +1,38 @@
{
"name": "@oo/api",
"version": "0.0.0",
"private": true,
"type": "module",
"main": "./dist/index.js",
"scripts": {
"build": "tsc",
"dev": "tsx watch src/index.ts",
"start": "node dist/index.js",
"type-check": "tsc --noEmit",
"clean": "rm -rf dist"
},
"dependencies": {
"@oo/shared-types": "workspace:*",
"express": "^4.21.2",
"express-session": "^1.18.1",
"better-sqlite3": "^11.8.1",
"drizzle-orm": "^0.38.3",
"openid-client": "^6.3.4",
"node-fetch": "^3.3.2",
"dotenv": "^16.4.7",
"zod": "^3.24.1",
"nanoid": "^5.1.0",
"cookie-parser": "^1.4.7",
"cors": "^2.8.5"
},
"devDependencies": {
"@types/express": "^5.0.0",
"@types/express-session": "^1.18.1",
"@types/better-sqlite3": "^7.6.12",
"@types/cookie-parser": "^1.4.8",
"@types/cors": "^2.8.17",
"tsx": "^4.19.2",
"typescript": "^5.7.3",
"drizzle-kit": "^0.30.4"
}
}

32
services/api/src/config.ts Normal file
View File

@@ -0,0 +1,32 @@
import 'dotenv/config';
function require(name: string): string {
const val = process.env[name];
if (!val) throw new Error(`Missing required env var: ${name}`);
return val;
}
function optional(name: string, fallback: string): string {
return process.env[name] ?? fallback;
}
export const config = {
PORT: parseInt(optional('PORT', '3001'), 10),
NODE_ENV: optional('NODE_ENV', 'development'),
DATABASE_PATH: optional('DATABASE_PATH', './data/oo.db'),
SESSION_SECRET: require('SESSION_SECRET'),
GOOGLE_CLIENT_ID: require('GOOGLE_CLIENT_ID'),
GOOGLE_CLIENT_SECRET: require('GOOGLE_CLIENT_SECRET'),
TODOIST_CLIENT_ID: require('TODOIST_CLIENT_ID'),
TODOIST_CLIENT_SECRET: require('TODOIST_CLIENT_SECRET'),
/** Absolute base URL of this API, e.g. http://localhost:3001 */
API_BASE_URL: optional('API_BASE_URL', 'http://localhost:3001'),
/** Absolute base URL of the web app, e.g. http://localhost:3000 */
WEB_BASE_URL: optional('WEB_BASE_URL', 'http://localhost:3000'),
ML_SERVING_URL: optional('ML_SERVING_URL', 'http://localhost:8000'),
};

53
services/api/src/db/index.ts Normal file
View File

@@ -0,0 +1,53 @@
import Database from 'better-sqlite3';
import { drizzle } from 'drizzle-orm/better-sqlite3';
import * as schema from './schema.js';
import { config } from '../config.js';
const sqlite = new Database(config.DATABASE_PATH);
sqlite.pragma('journal_mode = WAL');
sqlite.pragma('foreign_keys = ON');
export const db = drizzle(sqlite, { schema });
export function runMigrations() {
sqlite.exec(`
CREATE TABLE IF NOT EXISTS users (
id TEXT PRIMARY KEY,
email TEXT NOT NULL UNIQUE,
name TEXT,
image TEXT,
google_id TEXT UNIQUE,
consent_given INTEGER NOT NULL DEFAULT 0,
consent_at TEXT,
created_at TEXT NOT NULL,
deleted_at TEXT
);
CREATE TABLE IF NOT EXISTS integration_tokens (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL REFERENCES users(id),
provider TEXT NOT NULL,
access_token TEXT NOT NULL,
refresh_token TEXT,
expires_at TEXT,
connected_at TEXT NOT NULL,
UNIQUE(user_id, provider)
);
CREATE TABLE IF NOT EXISTS tip_feedback (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL REFERENCES users(id),
tip_id TEXT NOT NULL,
action TEXT NOT NULL,
source_id TEXT,
created_at TEXT NOT NULL
);
CREATE TABLE IF NOT EXISTS sessions (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL REFERENCES users(id),
expires_at TEXT NOT NULL,
created_at TEXT NOT NULL
);
`);
}

39
services/api/src/db/schema.ts Normal file
View File

@@ -0,0 +1,39 @@
import { sqliteTable, text, integer } from 'drizzle-orm/sqlite-core';
export const users = sqliteTable('users', {
id: text('id').primaryKey(),
email: text('email').notNull().unique(),
name: text('name'),
image: text('image'),
googleId: text('google_id').unique(),
consentGiven: integer('consent_given', { mode: 'boolean' }).notNull().default(false),
consentAt: text('consent_at'),
createdAt: text('created_at').notNull(),
deletedAt: text('deleted_at'),
});
export const integrationTokens = sqliteTable('integration_tokens', {
id: text('id').primaryKey(),
userId: text('user_id').notNull().references(() => users.id),
provider: text('provider').notNull(), // 'todoist'
accessToken: text('access_token').notNull(),
refreshToken: text('refresh_token'),
expiresAt: text('expires_at'),
connectedAt: text('connected_at').notNull(),
});
export const tipFeedback = sqliteTable('tip_feedback', {
id: text('id').primaryKey(),
userId: text('user_id').notNull().references(() => users.id),
tipId: text('tip_id').notNull(),
action: text('action').notNull(), // 'done' | 'dismiss' | 'snooze'
sourceId: text('source_id'),
createdAt: text('created_at').notNull(),
});
export const sessions = sqliteTable('sessions', {
id: text('id').primaryKey(),
userId: text('user_id').notNull().references(() => users.id),
expiresAt: text('expires_at').notNull(),
createdAt: text('created_at').notNull(),
});

39
services/api/src/index.ts Normal file
View File

@@ -0,0 +1,39 @@
import 'dotenv/config';
import express from 'express';
import cookieParser from 'cookie-parser';
import cors from 'cors';
import { config } from './config.js';
import { runMigrations } from './db/index.js';
import { sessionMiddleware } from './middleware/session.js';
import { authRouter } from './routes/auth.js';
import { integrationsRouter } from './routes/integrations.js';
import { recommenderRouter } from './routes/recommender.js';
import { userRouter } from './routes/user.js';
import { mkdir } from 'fs/promises';
import { dirname } from 'path';
await mkdir(dirname(config.DATABASE_PATH), { recursive: true });
runMigrations();
const app = express();
app.use(
cors({
origin: config.WEB_BASE_URL,
credentials: true,
}),
);
app.use(express.json());
app.use(cookieParser());
app.use(sessionMiddleware);
app.get('/health', (_req, res) => res.json({ ok: true }));
app.use('/api/auth', authRouter);
app.use('/api/integrations', integrationsRouter);
app.use('/api', recommenderRouter);
app.use('/api/user', userRouter);
app.listen(config.PORT, () => {
console.log(`oO API listening on http://localhost:${config.PORT}`);
});

47
services/api/src/middleware/session.ts Normal file
View File

@@ -0,0 +1,47 @@
import { Request, Response, NextFunction } from 'express';
import { db } from '../db/index.js';
import { sessions, users } from '../db/schema.js';
import { eq, gt } from 'drizzle-orm';
export interface AuthenticatedRequest extends Request {
userId?: string;
}
/**
* Reads the `sid` cookie, validates it against the sessions table,
* and sets req.userId if valid. Does not reject unauthenticated requests —
* individual route handlers must guard themselves.
*/
export async function sessionMiddleware(
req: AuthenticatedRequest,
_res: Response,
next: NextFunction,
) {
const sid = req.cookies?.sid as string | undefined;
if (!sid) return next();
const now = new Date().toISOString();
const [session] = await db
.select()
.from(sessions)
.where(eq(sessions.id, sid))
.limit(1);
if (session && session.expiresAt > now) {
req.userId = session.userId;
}
next();
}
export function requireAuth(
req: AuthenticatedRequest,
res: Response,
next: NextFunction,
) {
if (!req.userId) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
next();
}

152
services/api/src/routes/auth.ts Normal file
View File

@@ -0,0 +1,152 @@
import { type Router as ExpressRouter, Router, Request, Response } from 'express';
import * as client from 'openid-client';
import { nanoid } from 'nanoid';
import { db } from '../db/index.js';
import { users, sessions } from '../db/schema.js';
import { eq } from 'drizzle-orm';
import { config } from '../config.js';
const router: ExpressRouter = Router();
// In-memory PKCE state store (dev-only; replace with Redis/DB for prod)
const pendingStates = new Map<string, { codeVerifier: string; redirectTo: string }>();
let oidcConfig: client.Configuration | null = null;
async function getOidcConfig() {
if (oidcConfig) return oidcConfig;
oidcConfig = await client.discovery(
new URL('https://accounts.google.com'),
config.GOOGLE_CLIENT_ID,
config.GOOGLE_CLIENT_SECRET,
);
return oidcConfig;
}
/** GET /api/auth/login — redirect to Google */
router.get('/login', async (req: Request, res: Response) => {
const cfg = await getOidcConfig();
const state = nanoid();
const codeVerifier = client.randomPKCECodeVerifier();
const codeChallenge = await client.calculatePKCECodeChallenge(codeVerifier);
const redirectTo = (req.query.redirectTo as string) ?? '/tip';
pendingStates.set(state, { codeVerifier, redirectTo });
// Expire after 10 minutes
setTimeout(() => pendingStates.delete(state), 10 * 60 * 1000);
const redirectUri = `${config.API_BASE_URL}/api/auth/callback`;
const authUrl = client.buildAuthorizationUrl(cfg, {
redirect_uri: redirectUri,
scope: 'openid email profile',
state,
code_challenge: codeChallenge,
code_challenge_method: 'S256',
});
res.redirect(authUrl.toString());
});
/** GET /api/auth/callback — Google returns here */
router.get('/callback', async (req: Request, res: Response) => {
const cfg = await getOidcConfig();
const state = req.query.state as string;
const pending = pendingStates.get(state);
if (!pending) {
res.status(400).json({ error: 'Invalid or expired state' });
return;
}
pendingStates.delete(state);
const redirectUri = `${config.API_BASE_URL}/api/auth/callback`;
const currentUrl = new URL(req.url, config.API_BASE_URL);
let tokens: client.TokenEndpointResponse;
try {
tokens = await client.authorizationCodeGrant(cfg, currentUrl, {
pkceCodeVerifier: pending.codeVerifier,
expectedState: state,
});
} catch (err) {
console.error('OAuth callback error', err);
res.status(400).json({ error: 'OAuth error' });
return;
}
// openid-client v6: ID token claims via tokens.id_token decoding
const idToken = tokens.id_token;
if (!idToken) {
res.status(400).json({ error: 'No ID token' });
return;
}
// Decode JWT payload without verification (already verified by the library)
const payload = JSON.parse(Buffer.from(idToken.split('.')[1], 'base64url').toString()) as {
sub: string; email: string; name?: string; picture?: string;
};
if (!payload.email) {
res.status(400).json({ error: 'No email in token claims' });
return;
}
// Upsert user
const googleId = payload.sub;
const email = payload.email;
const name = payload.name;
const image = payload.picture;
const now = new Date().toISOString();
let [user] = await db.select().from(users).where(eq(users.googleId, googleId)).limit(1);
if (!user) {
const id = nanoid();
await db.insert(users).values({ id, email, name, image, googleId, createdAt: now });
[user] = await db.select().from(users).where(eq(users.id, id)).limit(1);
}
// Create session (30-day TTL)
const sid = nanoid(32);
const expiresAt = new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString();
await db.insert(sessions).values({ id: sid, userId: user.id, expiresAt, createdAt: now });
res
.cookie('sid', sid, {
httpOnly: true,
secure: config.NODE_ENV === 'production',
sameSite: 'lax',
expires: new Date(expiresAt),
path: '/',
})
.redirect(`${config.WEB_BASE_URL}${pending.redirectTo}`);
});
/** POST /api/auth/logout */
router.post('/logout', async (req: Request, res: Response) => {
const sid = req.cookies?.sid as string | undefined;
if (sid) {
await db.delete(sessions).where(eq(sessions.id, sid));
}
res.clearCookie('sid').json({ ok: true });
});
/** GET /api/auth/session */
router.get('/session', async (req: Request, res: Response) => {
const sid = req.cookies?.sid as string | undefined;
if (!sid) {
res.json({ user: null });
return;
}
const now = new Date().toISOString();
const [session] = await db.select().from(sessions).where(eq(sessions.id, sid)).limit(1);
if (!session || session.expiresAt <= now) {
res.json({ user: null });
return;
}
const [user] = await db.select().from(users).where(eq(users.id, session.userId)).limit(1);
if (!user || user.deletedAt) {
res.json({ user: null });
return;
}
res.json({ user: { id: user.id, email: user.email, name: user.name, image: user.image } });
});
export { router as authRouter };

141
services/api/src/routes/integrations.ts Normal file
View File

@@ -0,0 +1,141 @@
import { type Router as ExpressRouter, Router, Request, Response } from 'express';
import { nanoid } from 'nanoid';
import { db } from '../db/index.js';
import { integrationTokens } from '../db/schema.js';
import { eq, and } from 'drizzle-orm';
import { config } from '../config.js';
import { requireAuth, AuthenticatedRequest } from '../middleware/session.js';
const router: ExpressRouter = Router();
const TODOIST_OAUTH_URL = 'https://todoist.com/oauth/authorize';
const TODOIST_TOKEN_URL = 'https://todoist.com/oauth/access_token';
const TODOIST_SCOPES = 'data:read_write';
// In-memory CSRF state store
const pendingStates = new Map<string, { userId: string; redirectTo: string }>();
/** GET /api/integrations — list connected integrations */
router.get('/', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
const tokens = await db
.select()
.from(integrationTokens)
.where(eq(integrationTokens.userId, req.userId!));
const integrations = tokens.map((t) => ({
provider: t.provider,
status: 'connected',
connectedAt: t.connectedAt,
}));
res.json({ integrations });
});
/** GET /api/integrations/todoist/connect — start OAuth */
router.get('/todoist/connect', requireAuth, (req: AuthenticatedRequest, res: Response) => {
const state = nanoid();
pendingStates.set(state, {
userId: req.userId!,
redirectTo: (req.query.redirectTo as string) ?? '/connect',
});
setTimeout(() => pendingStates.delete(state), 10 * 60 * 1000);
const url = new URL(TODOIST_OAUTH_URL);
url.searchParams.set('client_id', config.TODOIST_CLIENT_ID);
url.searchParams.set('scope', TODOIST_SCOPES);
url.searchParams.set('state', state);
url.searchParams.set('redirect_uri', `${config.API_BASE_URL}/api/integrations/todoist/callback`);
res.redirect(url.toString());
});
/** GET /api/integrations/todoist/callback — Todoist returns here */
router.get('/todoist/callback', async (req: Request, res: Response) => {
const state = req.query.state as string;
const code = req.query.code as string;
const pending = pendingStates.get(state);
if (!pending) {
res.status(400).json({ error: 'Invalid or expired state' });
return;
}
pendingStates.delete(state);
// Exchange code for token
const body = new URLSearchParams({
client_id: config.TODOIST_CLIENT_ID,
client_secret: config.TODOIST_CLIENT_SECRET,
code,
redirect_uri: `${config.API_BASE_URL}/api/integrations/todoist/callback`,
});
const tokenRes = await fetch(TODOIST_TOKEN_URL, {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded', Accept: 'application/json' },
body: body.toString(),
});
if (!tokenRes.ok) {
res.status(502).json({ error: 'Failed to exchange Todoist token' });
return;
}
const { access_token } = (await tokenRes.json()) as { access_token: string };
const now = new Date().toISOString();
const id = nanoid();
// Delete existing token (if any) then insert fresh
await db
.delete(integrationTokens)
.where(
and(
eq(integrationTokens.userId, pending.userId),
eq(integrationTokens.provider, 'todoist'),
),
);
await db.insert(integrationTokens).values({
id,
userId: pending.userId,
provider: 'todoist',
accessToken: access_token,
connectedAt: now,
});
res.redirect(`${config.WEB_BASE_URL}${pending.redirectTo}?connected=todoist`);
});
/** DELETE /api/integrations/:provider — revoke token */
router.delete('/:provider', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
const provider = String(req.params.provider);
const [token] = await db
.select()
.from(integrationTokens)
.where(
and(
eq(integrationTokens.userId, req.userId!),
eq(integrationTokens.provider, provider),
),
)
.limit(1);
if (token?.provider === 'todoist') {
// Best-effort revocation
await fetch('https://api.todoist.com/sync/v9/access_tokens/revoke', {
method: 'POST',
headers: { Authorization: `Bearer ${token.accessToken}` },
}).catch(() => {});
}
await db
.delete(integrationTokens)
.where(
and(
eq(integrationTokens.userId, req.userId!),
eq(integrationTokens.provider, provider),
),
);
res.json({ ok: true });
});
export { router as integrationsRouter };

116
services/api/src/routes/recommender.ts Normal file
View File

@@ -0,0 +1,116 @@
import { type Router as ExpressRouter, Router, Response } from 'express';
import { nanoid } from 'nanoid';
import { db } from '../db/index.js';
import { integrationTokens, tipFeedback } from '../db/schema.js';
import { eq, and } from 'drizzle-orm';
import { requireAuth, AuthenticatedRequest } from '../middleware/session.js';
import type { Tip } from '@oo/shared-types';
const router: ExpressRouter = Router();
/** Fetch active Todoist tasks for a user via their stored token */
async function fetchTodoistTasks(accessToken: string): Promise<Tip[]> {
const res = await fetch('https://api.todoist.com/rest/v2/tasks?filter=today|overdue', {
headers: { Authorization: `Bearer ${accessToken}` },
});
if (!res.ok) return [];
const tasks = (await res.json()) as Array<{
id: string;
content: string;
due?: { string: string };
}>;
return tasks.map((t) => ({
id: `todoist:${t.id}`,
content: t.content,
source: 'todoist' as const,
sourceId: t.id,
createdAt: new Date().toISOString(),
}));
}
/**
* RandomPolicy — picks one task at random from the candidate set.
* Contract: same interface the ML scorer will implement.
*/
function randomPolicy(candidates: Tip[]): Tip | null {
if (!candidates.length) return null;
return candidates[Math.floor(Math.random() * candidates.length)];
}
/** POST /api/recommend */
router.post('/', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
const [token] = await db
.select()
.from(integrationTokens)
.where(
and(
eq(integrationTokens.userId, req.userId!),
eq(integrationTokens.provider, 'todoist'),
),
)
.limit(1);
if (!token) {
res.status(422).json({ error: 'No integrations connected' });
return;
}
const candidates = await fetchTodoistTasks(token.accessToken);
const tip = randomPolicy(candidates);
if (!tip) {
res.status(204).end();
return;
}
res.json({ tip });
});
/** POST /api/tip/:id/feedback */
router.post('/tip/:id/feedback', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
const { action } = req.body as { action: string };
const tipId = String(req.params.id);
if (!['done', 'dismiss', 'snooze'].includes(action)) {
res.status(400).json({ error: 'Invalid action' });
return;
}
await db.insert(tipFeedback).values({
id: nanoid(),
userId: req.userId!,
tipId,
action,
sourceId: tipId.startsWith('todoist:') ? tipId.slice(8) : null,
createdAt: new Date().toISOString(),
});
// If done, mark complete in Todoist
if (action === 'done' && tipId.startsWith('todoist:')) {
const todoistId = tipId.slice(8);
const [token] = await db
.select()
.from(integrationTokens)
.where(
and(
eq(integrationTokens.userId, req.userId!),
eq(integrationTokens.provider, 'todoist'),
),
)
.limit(1);
if (token) {
await fetch(`https://api.todoist.com/rest/v2/tasks/${todoistId}/close`, {
method: 'POST',
headers: { Authorization: `Bearer ${token.accessToken}` },
}).catch(() => {});
}
}
res.json({ ok: true });
});
export { router as recommenderRouter };

68
services/api/src/routes/user.ts Normal file
View File

@@ -0,0 +1,68 @@
import { type Router as ExpressRouter, Router, Response } from 'express';
import { db } from '../db/index.js';
import { users, integrationTokens, tipFeedback, sessions } from '../db/schema.js';
import { eq } from 'drizzle-orm';
import { requireAuth, AuthenticatedRequest } from '../middleware/session.js';
const router: ExpressRouter = Router();
/** GET /api/user/me */
router.get('/me', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
const [user] = await db.select().from(users).where(eq(users.id, req.userId!)).limit(1);
if (!user || user.deletedAt) {
res.status(404).json({ error: 'User not found' });
return;
}
res.json({
id: user.id,
email: user.email,
name: user.name,
image: user.image,
createdAt: user.createdAt,
consentGiven: user.consentGiven,
});
});
/** POST /api/user/consent — record consent */
router.post('/consent', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
await db
.update(users)
.set({ consentGiven: true, consentAt: new Date().toISOString() })
.where(eq(users.id, req.userId!));
res.json({ ok: true });
});
/** DELETE /api/user/me — account deletion */
router.delete('/me', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
const userId = req.userId!;
// Revoke all integration tokens
const tokens = await db
.select()
.from(integrationTokens)
.where(eq(integrationTokens.userId, userId));
for (const token of tokens) {
if (token.provider === 'todoist') {
await fetch('https://api.todoist.com/sync/v9/access_tokens/revoke', {
method: 'POST',
headers: { Authorization: `Bearer ${token.accessToken}` },
}).catch(() => {});
}
}
// Delete cascade
await db.delete(integrationTokens).where(eq(integrationTokens.userId, userId));
await db.delete(tipFeedback).where(eq(tipFeedback.userId, userId));
await db.delete(sessions).where(eq(sessions.userId, userId));
// Soft-delete user (GDPR: keep audit trail row without PII)
await db
.update(users)
.set({ deletedAt: new Date().toISOString(), email: `deleted:${userId}`, name: null, image: null, googleId: null })
.where(eq(users.id, userId));
res.clearCookie('sid').json({ ok: true });
});
export { router as userRouter };

11
services/api/tsconfig.json Normal file
View File

@@ -0,0 +1,11 @@
{
"extends": "../../tsconfig.base.json",
"compilerOptions": {
"module": "NodeNext",
"moduleResolution": "NodeNext",
"outDir": "dist",
"rootDir": "src",
"lib": ["ES2022"]
},
"include": ["src"]
}

16
tsconfig.base.json Normal file
View File

@@ -0,0 +1,16 @@
{
"compilerOptions": {
"target": "ES2022",
"lib": ["ES2022"],
"module": "NodeNext",
"moduleResolution": "NodeNext",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true,
"resolveJsonModule": true,
"declaration": true,
"declarationMap": true,
"sourceMap": true
}
}

25
turbo.json Normal file
View File

@@ -0,0 +1,25 @@
{
"$schema": "https://turbo.build/schema.json",
"ui": "tui",
"tasks": {
"build": {
"dependsOn": ["^build"],
"inputs": ["$TURBO_DEFAULT$", ".env*"],
"outputs": [".next/**", "!.next/cache/**", "dist/**"]
},
"dev": {
"cache": false,
"persistent": true
},
"type-check": {
"dependsOn": ["^build"]
},
"lint": {},
"test": {
"dependsOn": ["^build"]
},
"clean": {
"cache": false
}
}
}