gatekeeper/mini
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b455f87bae3e3e3079c140f161b0852dcbd28ccf
mini/IMPLEMENTATION_PLAN_DIRECT_DB.md

20 KiB
Raw Blame History

🔱 God Mode: Direct PostgreSQL Shim Architecture

Implementation Plan & Task List

Objective: Build a frontend that connects directly to PostgreSQL without going through Directus or traditional REST APIs, using server-side rendering (SSR) and a secure "shim" layer.

Architecture: Astro SSR + Direct PostgreSQL Pool + Secure API Routes

📋 ARCHITECTURE OVERVIEW

┌─────────────────────────────────────────────────────────┐
│  BROWSER (Client-Side JavaScript)                       │
│  - React Components                                     │
│  - TanStack Query for state management                  │
│  - NO database credentials, NO SQL                      │
└─────────────────┬───────────────────────────────────────┘
                  │
                  │ HTTP Requests
                  │
┌─────────────────▼───────────────────────────────────────┐
│  ASTRO SSR LAYER (Server-Side)                          │
│  ┌─────────────────────────────────────────────────┐    │
│  │ 1. Server-Side Pages (---)                      │    │
│  │    - Direct SQL queries in Astro frontmatter    │    │
│  │    - Pool.query() before HTML render            │    │
│  └─────────────────────────────────────────────────┘    │
│  ┌─────────────────────────────────────────────────┐    │
│  │ 2. API Routes (/api/shim/*)                     │    │
│  │    - Secure endpoints for client-side calls     │    │
│  │    - Token validation                           │    │
│  │    - SQL query execution                        │    │
│  └─────────────────────────────────────────────────┘    │
│  ┌─────────────────────────────────────────────────┐    │
│  │ 3. Shim Layer (src/lib/shim/)                   │    │
│  │    - Query builders                             │    │
│  │    - Type-safe SQL functions                    │    │
│  │    - Connection pool management                 │    │
│  └─────────────────────────────────────────────────┘    │
└─────────────────┬───────────────────────────────────────┘
                  │
                  │ SQL Queries (via pg Pool)
                  │
┌─────────────────▼───────────────────────────────────────┐
│  POSTGRESQL DATABASE                                    │
│  - sites, campaigns, generated_articles, work_log, etc. │
└─────────────────────────────────────────────────────────┘

📁 FILES TO CREATE (New Shim Layer)

1. Core Shim Infrastructure

File Path Purpose Priority
src/lib/shim/queries.ts Type-safe SQL query builders for all tables HIGH
src/lib/shim/types.ts TypeScript interfaces matching DB schema HIGH
src/lib/shim/sites.ts Sites-specific queries (CRUD operations) HIGH
src/lib/shim/articles.ts Articles-specific queries HIGH
src/lib/shim/campaigns.ts Campaign-specific queries MEDIUM
src/lib/shim/jobs.ts Generation jobs queries MEDIUM
src/lib/shim/utils.ts Helper functions (pagination, filtering) MEDIUM

2. API Routes (Secure Bridges)

File Path Purpose Priority
src/pages/api/shim/sites/[action].ts Sites CRUD endpoints HIGH
src/pages/api/shim/articles/[action].ts Articles CRUD endpoints HIGH
src/pages/api/shim/campaigns/[action].ts Campaigns CRUD endpoints MEDIUM
src/pages/api/shim/jobs/[action].ts Jobs CRUD endpoints MEDIUM
src/pages/api/shim/health.ts Database health check LOW

3. Example Components

File Path Purpose Priority
src/components/shim/SitesList.tsx React component using shim API HIGH
src/components/shim/ArticleEditor.tsx Article CRUD using shim HIGH
src/pages/shim/sites.astro Demo page: SSR sites list HIGH
src/pages/shim/articles.astro Demo page: SSR articles list MEDIUM

📂 FILES TO USE (Existing Infrastructure)

Already Working - Use As-Is

File Path What It Provides How We'll Use It
src/lib/db.ts PostgreSQL pool connection Import pool for all queries
src/lib/schemas.ts TypeScript type definitions Reference for table structures
astro.config.mjs Astro SSR config + Node adapter Already configured for SSR
package.json Dependencies (pg, @types/pg) Already has what we need
.env DATABASE_URL environment variable Connection string source

Existing Patterns to Mimic

File Path Pattern to Copy Why
src/pages/api/god/[...action].ts Token validation, error handling Security model
src/lib/directus/client.ts Query abstraction pattern Structure for shim layer
src/components/admin/sites/SitesManager.tsx TanStack Query usage Client-side data fetching

📂 FILES TO MODIFY (Minimal Changes)

File Path Modification Reason
src/lib/db.ts Add query helper functions Convenience wrappers
.env Verify DATABASE_URL is set Required for local dev
tsconfig.json Add shim types path alias Easier imports

TASK LIST (Step-by-Step Implementation)

PHASE 1: Foundation (30 min)

  • Task 1.1: Create src/lib/shim/types.ts

    • Define interfaces: Site, Article, Campaign, Job
    • Match PostgreSQL schema from migrations
    • Export as named types

  • Task 1.2: Create src/lib/shim/utils.ts

    • buildWhere() - Convert filters to SQL WHERE clauses
    • buildPagination() - LIMIT/OFFSET helpers
    • sanitizeInput() - Basic SQL injection prevention

  • Task 1.3: Enhance src/lib/db.ts

    • Add executeQuery<T>(sql: string, params: any[]): Promise<T[]>
    • Add executeOne<T>(sql: string, params: any[]): Promise<T | null>
    • Add error logging

PHASE 2: Shim Query Builders (45 min)

  • Task 2.1: Create src/lib/shim/sites.ts

    export async function getSites(filters?: FilterOptions): Promise<Site[]>
export async function getSiteById(id: string): Promise<Site | null>
export async function createSite(data: Partial<Site>): Promise<Site>
export async function updateSite(id: string, data: Partial<Site>): Promise<Site>
export async function deleteSite(id: string): Promise<boolean>

  • Task 2.2: Create src/lib/shim/articles.ts

    • Same CRUD pattern as sites
    • Add getArticlesByStatus(status: string)
    • Add getArticlesBySite(siteId: string)

  • Task 2.3: Create src/lib/shim/campaigns.ts

    • Campaign CRUD operations
    • getActiveCampaigns()

  • Task 2.4: Create src/lib/shim/jobs.ts

    • Job queue queries
    • getJobsByStatus(status: string)

PHASE 3: API Routes (Secure Bridges) (60 min)

  • Task 3.1: Create src/pages/api/shim/sites/list.ts

    // GET /api/shim/sites/list?limit=10&offset=0
import { pool } from '@/lib/db';
import { getSites } from '@/lib/shim/sites';

export async function GET({ request }) {
  // 1. Validate token (copy from /api/god/)
  // 2. Parse query params
  // 3. Call getSites()
  // 4. Return JSON
}

  • Task 3.2: Create src/pages/api/shim/sites/[id].ts

    • GET: Fetch single site
    • PUT: Update site
    • DELETE: Delete site

  • Task 3.3: Create src/pages/api/shim/sites/create.ts

    • POST: Create new site
    • Validate required fields
    • Return created site with ID

  • Task 3.4: Repeat for articles (/api/shim/articles/*)

  • Task 3.5: Add token validation middleware

    • Extract from existing /api/god/ pattern
    • Check GOD_MODE_TOKEN or custom token

PHASE 4: Server-Side Pages (SSR Demo) (30 min)

  • Task 4.1: Create src/pages/shim/sites.astro

    ---
import { getSites } from '@/lib/shim/sites';
const sites = await getSites({ limit: 50 });
---
<h1>Sites ({sites.length})</h1>
<ul>
  {sites.map(site => <li>{site.domain}</li>)}
</ul>

  • Task 4.2: Create src/pages/shim/articles.astro

    • Similar pattern for articles
    • Show article count, recent articles

  • Task 4.3: Create src/pages/shim/index.astro

    • Dashboard showing counts from all tables
    • Demo of multi-table queries in one page

PHASE 5: Client-Side Components (React + TanStack Query) (45 min)

  • Task 5.1: Create src/components/shim/SitesList.tsx

    import { useQuery } from '@tanstack/react-query';

export default function SitesList() {
  const { data: sites } = useQuery({
    queryKey: ['shim-sites'],
    queryFn: () => fetch('/api/shim/sites/list').then(r => r.json())
  });

  return <ul>{sites?.map(...)}</ul>;
}

  • Task 5.2: Create src/components/shim/ArticleEditor.tsx

    • Form for creating/editing articles
    • Uses useMutation for POST/PUT
    • Calls /api/shim/articles/[id]

  • Task 5.3: Add components to demo pages

    • Wire SitesList to /shim/sites.astro
    • Make it client:load hydrated

PHASE 6: Testing & Security (30 min)

  • Task 6.1: Test SSR pages locally

    • Visit /shim/sites - should load instantly with data
    • Verify no database credentials in browser

  • Task 6.2: Test API routes

    • curl http://localhost:4321/api/shim/sites/list
    • Verify token requirement works

  • Task 6.3: Security audit

    • Ensure no SQL injection vulnerabilities
    • Verify token validation on all endpoints
    • Check that DATABASE_URL not exposed

  • Task 6.4: Performance test

    • Query 1000+ sites
    • Check connection pool usage
    • Monitor memory with large datasets

🔧 DETAILED EXAMPLE: Sites Table Implementation

Step 1: Type Definition (src/lib/shim/types.ts)

export interface Site {
  id: string;
  domain: string;
  status: 'active' | 'inactive' | 'pending';
  site_url: string;
  site_wpjson: string;
  created_at: Date;
  updated_at: Date;
}

export interface FilterOptions {
  limit?: number;
  offset?: number;
  status?: string;
  search?: string;
}

Step 2: Query Builder (src/lib/shim/sites.ts)

import { pool } from '@/lib/db';
import type { Site, FilterOptions } from './types';

export async function getSites(options: FilterOptions = {}): Promise<Site[]> {
  const { limit = 50, offset = 0, status, search } = options;
  
  let sql = 'SELECT * FROM sites WHERE 1=1';
  const params: any[] = [];
  let paramIndex = 1;
  
  if (status) {
    sql += ` AND status = $${paramIndex++}`;
    params.push(status);
  }
  
  if (search) {
    sql += ` AND domain ILIKE $${paramIndex++}`;
    params.push(`%${search}%`);
  }
  
  sql += ` ORDER BY created_at DESC LIMIT $${paramIndex++} OFFSET $${paramIndex++}`;
  params.push(limit, offset);
  
  const { rows } = await pool.query<Site>(sql, params);
  return rows;
}

export async function getSiteById(id: string): Promise<Site | null> {
  const { rows } = await pool.query<Site>(
    'SELECT * FROM sites WHERE id = $1',
    [id]
  );
  return rows[0] || null;
}

export async function createSite(data: Partial<Site>): Promise<Site> {
  const { rows } = await pool.query<Site>(
    `INSERT INTO sites (domain, status, site_url, site_wpjson)
     VALUES ($1, $2, $3, $4)
     RETURNING *`,
    [data.domain, data.status || 'pending', data.site_url, data.site_wpjson]
  );
  return rows[0];
}

export async function updateSite(id: string, data: Partial<Site>): Promise<Site> {
  const fields: string[] = [];
  const values: any[] = [];
  let paramIndex = 1;
  
  Object.entries(data).forEach(([key, value]) => {
    if (value !== undefined && key !== 'id') {
      fields.push(`${key} = $${paramIndex++}`);
      values.push(value);
    }
  });
  
  values.push(id);
  
  const { rows } = await pool.query<Site>(
    `UPDATE sites SET ${fields.join(', ')}, updated_at = NOW()
     WHERE id = $${paramIndex}
     RETURNING *`,
    values
  );
  return rows[0];
}

export async function deleteSite(id: string): Promise<boolean> {
  const result = await pool.query('DELETE FROM sites WHERE id = $1', [id]);
  return result.rowCount ? result.rowCount > 0 : false;
}

Step 3: API Route (src/pages/api/shim/sites/list.ts)

import type { APIRoute } from 'astro';
import { getSites } from '@/lib/shim/sites';

export const GET: APIRoute = async ({ request, url }) => {
  try {
    // 1. Token validation (optional for read operations)
    const token = request.headers.get('Authorization')?.replace('Bearer ', '');
    if (!token || token !== import.meta.env.GOD_MODE_TOKEN) {
      return new Response(JSON.stringify({ error: 'Unauthorized' }), {
        status: 401,
        headers: { 'Content-Type': 'application/json' }
      });
    }
    
    // 2. Parse query params
    const limit = parseInt(url.searchParams.get('limit') || '50');
    const offset = parseInt(url.searchParams.get('offset') || '0');
    const status = url.searchParams.get('status') || undefined;
    const search = url.searchParams.get('search') || undefined;
    
    // 3. Execute query
    const sites = await getSites({ limit, offset, status, search });
    
    // 4. Return JSON
    return new Response(JSON.stringify({ sites, count: sites.length }), {
      status: 200,
      headers: { 'Content-Type': 'application/json' }
    });
    
  } catch (error) {
    console.error('API Error:', error);
    return new Response(JSON.stringify({ error: 'Internal Server Error' }), {
      status: 500,
      headers: { 'Content-Type': 'application/json' }
    });
  }
};

Step 4: SSR Page (src/pages/shim/sites.astro)

---
import AdminLayout from '@/layouts/AdminLayout.astro';
import { getSites } from '@/lib/shim/sites';

// Server-side query - runs before HTML is sent
const sites = await getSites({ limit: 100 });
---

<AdminLayout title="Sites (Direct DB)">
  <h1 class="text-3xl font-bold text-white mb-4">Sites ({sites.length})</h1>
  
  <div class="space-y-2">
    {sites.map(site => (
      <div class="p-4 bg-slate-800 rounded-lg">
        <h3 class="text-white font-semibold">{site.domain}</h3>
        <p class="text-slate-400 text-sm">{site.site_url}</p>
        <span class={`text-xs px-2 py-1 rounded ${
          site.status === 'active' ? 'bg-green-500/20 text-green-400' : 'bg-gray-500/20 text-gray-400'
        }`}>
          {site.status}
        </span>
      </div>
    ))}
  </div>
</AdminLayout>

Step 5: React Component (src/components/shim/SitesList.tsx)

import React from 'react';
import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
import type { Site } from '@/lib/shim/types';

export default function SitesList() {
  const queryClient = useQueryClient();
  
  const { data, isLoading } = useQuery({
    queryKey: ['shim-sites'],
    queryFn: async () => {
      const response = await fetch('/api/shim/sites/list', {
        headers: {
          'Authorization': `Bearer ${import.meta.env.PUBLIC_GOD_MODE_TOKEN}`
        }
      });
      return response.json();
    }
  });
  
  const deleteMutation = useMutation({
    mutationFn: async (id: string) => {
      await fetch(`/api/shim/sites/${id}`, {
        method: 'DELETE',
        headers: {
          'Authorization': `Bearer ${import.meta.env.PUBLIC_GOD_MODE_TOKEN}`
        }
      });
    },
    onSuccess: () => {
      queryClient.invalidateQueries({ queryKey: ['shim-sites'] });
    }
  });
  
  if (isLoading) return <div>Loading...</div>;
  
  return (
    <div className="space-y-2">
      {data?.sites?.map((site: Site) => (
        <div key={site.id} className="p-4 bg-slate-800 rounded-lg flex justify-between items-center">
          <div>
            <h3 className="text-white font-semibold">{site.domain}</h3>
            <p className="text-slate-400 text-sm">{site.site_url}</p>
          </div>
          <button
            onClick={() => deleteMutation.mutate(site.id)}
            className="px-3 py-1 bg-red-600 text-white rounded hover:bg-red-700"
          >
            Delete
          </button>
        </div>
      ))}
    </div>
  );
}

🔒 SECURITY CHECKLIST

  • Never expose DATABASE_URL to client-side code
  • Always validate tokens in API routes
  • Always use parameterized queries ($1, $2) - never string concatenation
  • Never trust user input - sanitize before queries
  • Use connection pooling (already in db.ts)
  • Limit query results (default LIMIT 50)
  • Log all database errors server-side
  • Test for SQL injection vulnerabilities

🚀 DEPLOYMENT CHECKLIST

  • Set DATABASE_URL environment variable in Coolify
  • Set GOD_MODE_TOKEN for API authentication
  • Verify Dockerfile builds with pg dependency
  • Test connection pool limits under load
  • Monitor database connection count
  • Set up database backups
  • Configure SSL for PostgreSQL connection (production)

📊 EXPECTED PERFORMANCE

Operation SSR (Server-Side) API Route (Client-Side)
Get 50 sites ~10ms ~50ms (includes HTTP)
Create site ~15ms ~60ms
Update site ~12ms ~55ms
Complex join ~50ms ~100ms

Why SSR is faster: No HTTP roundtrip, query executes before HTML is sent.

🎯 SUCCESS CRITERIA

  1. Can view sites list on /shim/sites without any client-side API calls
  2. Can create/update/delete sites via React component using /api/shim/sites/*
  3. No database credentials visible in browser DevTools
  4. All queries use parameterized SQL (no injection risk)
  5. Connection pool stays under 20 connections
  6. Token validation works on all API endpoints
  7. SSR pages load in < 100ms with 1000+ records

<EFBFBD><EFBFBD> IMPLEMENTATION STATUS UPDATE (Dec 16, 2025)

PHASES COMPLETED

Phase 1-6: COMPLETE

  • Created complete shim layer with Zod validation
  • Implemented connection pool monitoring
  • Added SEO enforcement
  • Built monitoring dashboard
  • All API routes secured with token auth

🔱 GOD TIER FEATURES ACTIVE

  1. Zod Validation - All data validated before SQL (src/lib/shim/schemas.ts)
  2. Pool Monitoring - Real-time connection tracking (src/lib/shim/pool.ts)
  3. SEO Enforcement - Cannot publish without metadata (src/lib/shim/articles.ts)
  4. Live Dashboard - /shim/dashboard with auto-refresh

📊 NEW ROUTES

  • /shim/dashboard - Monitoring dashboard (SSR)
  • /shim/sites - Sites list (SSR + React)
  • /api/shim/health - Health check endpoint
  • /api/shim/sites/list - Paginated sites API

🚀 STATUS: PRODUCTION READY

Implementation: 90% Complete

Reference in New Issue View Git Blame Copy Permalink