updating branch#20
Closed
rootSpook wants to merge 12 commits into
Closed
Conversation
…rofiles - Add .firebaserc with dev/prod project aliases for firebase use switching - Add .env.production template documenting all required vars (no real values) - Update .env.example to include FIREBASE_ADMIN_* server-only vars - Update .gitignore: untrack .firebaserc (needed in CI), scope env ignores, add service-account JSON patterns - Add firebase.json Storage emulator port; remove any hosting block - Add cors.json for Firebase Storage CORS policy (applied via gsutil) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…o env variables autoSeed.server.ts was reading serviceAccountKey.json from disk, which does not exist in any cloud deployment environment (Vercel, Cloud Run, etc.) and would silently skip seeding or hard-crash firebase-admin initialization. Replaced with FIREBASE_ADMIN_PROJECT_ID / FIREBASE_ADMIN_CLIENT_EMAIL / FIREBASE_ADMIN_PRIVATE_KEY env var credentials. Private key \n literals are unescaped at runtime to handle Vercel's secret storage format.
…yment pipelines - Add .github/workflows/ci.yml: lint, unit tests, security rules tests (with Java for Firebase emulator), and full Next.js production build; runs on every PR and push to main/develop - Add .github/workflows/deploy-rules.yml: deploys Firestore and Storage rules to dev (develop branch) or prod (main branch, gated by the production GitHub Environment approval step) - Add DEPLOYMENT.md: comprehensive 6-phase deployment playbook covering env management, Firebase rules CLI, Vercel hosting, CI/CD setup, custom domain DNS records, SSL provisioning, and a post-deployment verification checklist with common gotcha fixes
…ase isolation Refactor the single-tenant NGO website into a multi-tenant platform where each tenant runs on its own Firebase project. A master Firebase project (Admin SDK) acts as a registry that maps request domains to tenant configs. Core infrastructure - Add lib/tenant/masterDb.ts: server-only Admin SDK helper that resolves tenant records from the master Firestore by domain or ID - Add lib/firebase/clientApp.ts: lazy tenant-aware Firebase client factory (getOrInitTenantApp) that initialises the [DEFAULT] app on demand - Add lib/firebase/TenantFirebaseContext.tsx: React context + useTenantFirebase hook; provides auth, db, and storage scoped to the resolved tenant - Add lib/firebase/tenantServerDb.ts: Firestore REST API helper for server-side reads using only apiKey + projectId (no Admin SDK per tenant) - Add lib/firebase/getDefaultDb.ts: singleton db resolver for server content helpers; returns a silent no-op stub during next build when env vars are absent - Add app/api/tenant/config/route.ts: secure API route that exposes the tenant Firebase config to the client bootstrap - Add middleware.ts: Edge middleware that stamps x-tenant-domain on every request Service layer - Refactor services.ts, editorServices.ts, adminServices.ts, navServices.ts, storageUtils.ts to accept db / auth / storage as explicit parameters instead of importing a global singleton - Add lib/firebase/hooks/ with useTenantServices hook that pre-binds all service functions to the current tenant's db/auth/storage from context Call-site migration - Update all 11 admin pages, EditorPanelContext, NavProvider, InlineManagers, and upload components to consume useTenantServices() instead of calling service functions directly - Update server components (TeamGridBlock, pages/[slug]) to pass getDefaultDb() - Update publicContent.ts and publicPagesContent.ts to skip Firestore entirely (isDbAvailable() guard) during next build, returning seed data instead layout.tsx - Resolve tenant from x-tenant-domain header via masterDb - Fall back to NEXT_PUBLIC_FIREBASE_* single-tenant vars in local dev - Wrap the tree in TenantFirebaseProvider with the resolved config - Fetch nav and site settings via Firestore REST (tenantServerDb) with per-tenant unstable_cache tags for correct cache isolation Firestore rules - Restructure isAdmin/isEditor helpers to guard all get() calls behind request.auth != null checks, preventing null dereference errors in the emulator - Split mixed public+auth allow read rules into two separate allow statements to work correctly with the Firebase emulator's evaluation model - Add Option B (shared-project, tenant-namespaced) rules as commented reference CI / testing - Remove NEXT_PUBLIC_FIREBASE_* placeholder injection from ci.yml; build now succeeds with absent env vars via the silent stub pattern - Add unit tests for clientApp, getDefaultDb, masterDb, navServices, storageUtils - Fix integration test runner to use vitest.integration.config.ts (fileParallelism: false, singleFork: true) to prevent clearFirestore() race conditions between parallel test files - Remove orderBy from integration test queries that required composite indexes not loadable via initializeTestEnvironment
fix(lint): resolve warnings introduced by multi-tenant refactor - Remove unused _geist/_geistMono variable assignments in layout.tsx - Replace infer _ctx with unknown in useTenantServices.ts type utilities - Remove stale eslint-disable comment in EditorPanelContext.tsx - Suppress intentional useMemo exhaustive-deps for stable function refs - Add firestore-debug.log to .gitignore
Next.js requires font loaders to be assigned to a const — removing the unused imports and declarations resolves the Turbopack build error.
Feature/deployment setup
…ation Unit tests: - Add full test suite for editorServices.ts (162 tests, 100% coverage) - Expand services.test.ts to cover all read functions — getSiteSettings, getPublishedContentByType, getContentBySlug, getPublishedEvents, getCategories, getTags, getPublicMediaAssets, getActiveCampaigns, getPublicIbanEntries, getPublicSupporters (61 tests total) - Add isDbAvailable() tests to getDefaultDb.test.ts to cover lines 27-28 Integration tests: - Fix concurrent clearFirestore() race condition by giving each test file its own emulator namespace via a suite suffix in newEnv(); prevents one file's beforeEach from wiping staff docs seeded by a parallel file, which caused Null value error in isEditor() security rule evaluation
Test/firebase coverage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.