initial project setup

Fastify + Prisma backend, React + Vite frontend, Docker deployment. Multi-board feedback platform with anonymous cookie auth, passkey upgrade path, ALTCHA spam protection, plugin system, and full privacy-first architecture.
2026-03-19 18:05:16 +02:00
commit f07eddf29e
77 changed files with 7031 additions and 0 deletions
--- a/packages/api/src/server.ts
+++ b/packages/api/src/server.ts
@@ -0,0 +1,93 @@
+import Fastify from "fastify";
+import cookie from "@fastify/cookie";
+import cors from "@fastify/cors";
+import rateLimit from "@fastify/rate-limit";
+import fastifyStatic from "@fastify/static";
+import { resolve } from "node:path";
+import { existsSync } from "node:fs";
+
+import securityPlugin from "./middleware/security.js";
+import authPlugin from "./middleware/auth.js";
+import { loadPlugins } from "./plugins/loader.js";
+
+import boardRoutes from "./routes/boards.js";
+import postRoutes from "./routes/posts.js";
+import voteRoutes from "./routes/votes.js";
+import commentRoutes from "./routes/comments.js";
+import reactionRoutes from "./routes/reactions.js";
+import identityRoutes from "./routes/identity.js";
+import passkeyRoutes from "./routes/passkey.js";
+import feedRoutes from "./routes/feed.js";
+import activityRoutes from "./routes/activity.js";
+import pushRoutes from "./routes/push.js";
+import privacyRoutes from "./routes/privacy.js";
+import adminAuthRoutes from "./routes/admin/auth.js";
+import adminPostRoutes from "./routes/admin/posts.js";
+import adminBoardRoutes from "./routes/admin/boards.js";
+import adminCategoryRoutes from "./routes/admin/categories.js";
+import adminStatsRoutes from "./routes/admin/stats.js";
+
+export async function createServer() {
+  const app = Fastify({
+    logger: {
+      serializers: {
+        req(req) {
+          return {
+            method: req.method,
+            url: req.url,
+          };
+        },
+      },
+    },
+  });
+
+  await app.register(cookie, { secret: process.env.TOKEN_SECRET });
+  await app.register(cors, {
+    origin: true,
+    credentials: true,
+  });
+  await app.register(rateLimit, {
+    max: 100,
+    timeWindow: "1 minute",
+  });
+
+  await app.register(securityPlugin);
+  await app.register(authPlugin);
+
+  // api routes under /api/v1
+  await app.register(async (api) => {
+    await api.register(boardRoutes);
+    await api.register(postRoutes);
+    await api.register(voteRoutes);
+    await api.register(commentRoutes);
+    await api.register(reactionRoutes);
+    await api.register(identityRoutes);
+    await api.register(passkeyRoutes);
+    await api.register(feedRoutes);
+    await api.register(activityRoutes);
+    await api.register(pushRoutes);
+    await api.register(privacyRoutes);
+    await api.register(adminAuthRoutes);
+    await api.register(adminPostRoutes);
+    await api.register(adminBoardRoutes);
+    await api.register(adminCategoryRoutes);
+    await api.register(adminStatsRoutes);
+  }, { prefix: "/api/v1" });
+
+  // serve static frontend build in production
+  const webDist = resolve(process.cwd(), "../web/dist");
+  if (process.env.NODE_ENV === "production" && existsSync(webDist)) {
+    await app.register(fastifyStatic, {
+      root: webDist,
+      wildcard: false,
+    });
+
+    app.setNotFoundHandler((_req, reply) => {
+      reply.sendFile("index.html");
+    });
+  }
+
+  await loadPlugins(app);
+
+  return app;
+}