Kyle Isom
51dd5a6ca3
- Multi-stage Dockerfile: golang:1.25-alpine builder, alpine:3.21 runtime CGO_ENABLED=0, stripped binary, non-root user - systemd: service unit (hardened), backup oneshot, daily timer (02:00 UTC) - Install script: create user, dirs, config, install units - Updated PROGRESS.md with all completed phases Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
79 lines
2.9 KiB
Markdown
79 lines
2.9 KiB
Markdown
# PROGRESS.md — eng-pad-server Implementation Progress
|
|
|
|
This file tracks completed work and decisions. Updated after every step.
|
|
See PROJECT_PLAN.md for the full step list.
|
|
|
|
## Completed
|
|
|
|
### Phase 0: Project Setup (2026-03-24)
|
|
- Go module, Makefile, .golangci.yaml, .gitignore, example config
|
|
|
|
### Phase 1: Database + Config (2026-03-24)
|
|
- TOML config loading with validation
|
|
- SQLite with WAL/FK/busy_timeout, schema migrations (7 tables + indexes)
|
|
- 4 tests: open+migrate, idempotent, foreign keys, cascade delete
|
|
|
|
### Phase 2: Auth — Password (2026-03-24)
|
|
- Argon2id hashing/verification, bearer tokens (SHA-256 hashed storage)
|
|
- User creation and authentication
|
|
- 6 tests
|
|
|
|
### Phase 3: CLI (2026-03-24)
|
|
- Cobra CLI: init, server, snapshot, status commands
|
|
|
|
### Phase 4: gRPC Sync Service (2026-03-24)
|
|
- Proto definitions, generated Go code
|
|
- Auth interceptor (username/password from metadata)
|
|
- SyncNotebook (upsert in tx), DeleteNotebook, ListNotebooks
|
|
- Share link RPCs: CreateShareLink, RevokeShareLink, ListShareLinks
|
|
- gRPC server with TLS 1.3
|
|
|
|
### Phase 5: Rendering (2026-03-24)
|
|
- SVG: strokes → path elements with dashed/arrow support
|
|
- JPG: 300 DPI rasterization via Go image package
|
|
- PDF: minimal raw PDF generation (no external library)
|
|
- 6 tests
|
|
|
|
### Phase 6: REST API (2026-03-24)
|
|
- chi router with TLS, auth middleware (bearer/cookie)
|
|
- Login endpoint, notebook/page endpoints, rendering endpoints
|
|
- Share link endpoints (no auth)
|
|
|
|
### Phase 7: Share Links (2026-03-24)
|
|
- Token generation, validation, revocation, listing
|
|
- Expiry enforcement
|
|
- 4 tests, fixed expiry check bug
|
|
|
|
### Phase 8: Web UI (2026-03-24)
|
|
- HTML templates: layout, login, notebook list, notebook view, page viewer
|
|
- Web server with embedded templates, session auth
|
|
- Share link views, server command wiring, graceful shutdown
|
|
|
|
### Phase 9: FIDO2/U2F (2026-03-24)
|
|
- WebAuthn integration via go-webauthn/webauthn
|
|
- Credential CRUD, user lookup by credential ID
|
|
|
|
### Phase 10: Deployment (2026-03-24)
|
|
- Dockerfile (multi-stage, non-root alpine)
|
|
- systemd units (service, backup oneshot, daily timer)
|
|
- Install script (user, dirs, config, units)
|
|
|
|
## In Progress
|
|
|
|
Phase 11: Android App Sync Integration (in eng-pad repo)
|
|
|
|
## Decisions
|
|
|
|
- **Language**: Go (Metacircular standard)
|
|
- **Database**: SQLite via modernc.org/sqlite (pure Go, no CGo)
|
|
- **Auth**: Argon2id passwords + FIDO2/U2F via go-webauthn/webauthn
|
|
- **gRPC auth**: username/password in metadata per-request (no tokens)
|
|
- **Web auth**: password → bearer token in session cookie
|
|
- **Rendering**: SVG for web viewing, JPG/PDF for export
|
|
- **Sync model**: full notebook replacement (upsert), no incremental sync
|
|
- **Share links**: 32-byte random token, optional expiry, scoped to notebook
|
|
- **Grid**: not rendered server-side (tablet writing aid only)
|
|
- **Coordinate system**: 300 DPI canonical, scaled to 72 DPI for SVG/PDF
|
|
- **FIDO2/U2F**: web UI login only, not gRPC sync
|
|
- **Server is read-only**: mirrors tablet exactly, no content modification
|