feat: docker setup

.dockerignore

@@ -0,0 +1,7 @@
+.git
+.nuxt
+.output
+node_modules
+*.db
+.env*
+sqlite.db

.env.example

@@ -0,0 +1,6 @@
+DATABASE_URL=sqlite.db
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=strong_password
+REDIRECT_DOMAIN=pihka.al
+
+NUXT_SESSION_PASSWORD=strong_password

.gitea/workflows/deploy.yml

@@ -0,0 +1,34 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.pihkaal.me
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: git.pihkaal.me/pihkaal/pihka-al:latest
+          cache-from: type=registry,ref=git.pihkaal.me/pihkaal/pihka-al:cache
+          cache-to: type=registry,ref=git.pihkaal.me/pihkaal/pihka-al:cache,mode=max

.gitignore

@@ -13,6 +13,9 @@ node_modules
 logs
 *.log
 
+# Database
+*.db
+
 # Misc
 .DS_Store
 .fleet

Dockerfile

@@ -0,0 +1,22 @@
+FROM node:22-alpine AS base
+RUN corepack enable pnpm
+
+FROM base AS deps
+WORKDIR /app
+RUN apk add --no-cache python3 make g++
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+FROM base AS build
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+RUN pnpm build
+
+FROM base AS runtime
+WORKDIR /app
+COPY --from=build /app/.output ./.output
+
+ENV NODE_ENV=production
+EXPOSE 3000
+CMD ["node", "./.output/server/index.mjs"]

app/app.vue

@@ -1,7 +1,5 @@
 <template>
   <UApp>
-    <UMain>
-      <NuxtPage />
-    </UMain>
+    <NuxtPage />
   </UApp>
 </template>

app/components/ConfirmModal.vue

@@ -0,0 +1,22 @@
+<script setup lang="ts">
+defineProps<{
+  title: string;
+  description?: string;
+}>();
+
+const emit = defineEmits<{ close: [confirmed: boolean] }>();
+</script>
+
+<template>
+  <UModal :title="title">
+    <template #body>
+      <p v-if="description" class="text-sm text-muted">{{ description }}</p>
+    </template>
+    <template #footer>
+      <div class="flex gap-2 justify-end w-full">
+        <UButton variant="ghost" color="neutral" @click="emit('close', false)">Cancel</UButton>
+        <UButton color="error" @click="emit('close', true)">Delete</UButton>
+      </div>
+    </template>
+  </UModal>
+</template>

app/components/LinkModal.vue

@@ -0,0 +1,81 @@
+<script setup lang="ts">
+import { z } from "zod";
+import type { FormSubmitEvent } from "@nuxt/ui";
+
+const props = defineProps<{
+  link: Link | null;
+}>();
+
+const schema = z.object({
+  name: z.string({ error: "Required" }),
+  path: z.string({ error: "Required" }).startsWith("/", "Must start with /"),
+  url: z.url({ error: (err) => err.code === "invalid_type" ? "Required" : "Invalid format", }),
+  disabled: z.boolean().optional(),
+});
+
+type Schema = z.output<typeof schema>;
+
+const emit = defineEmits<{ close: [value: boolean] }>();
+
+const toast = useToast();
+const submitting = ref(false);
+
+const state = reactive<Partial<Schema>>({
+  name: props.link?.name,
+  path: props.link?.path,
+  url: props.link?.url,
+  disabled: props.link?.disabled ?? false,
+});
+
+const onSubmit = async (event: FormSubmitEvent<Schema>) => {
+  submitting.value = true;
+  try {
+    if (props.link) {
+      await $fetch(`/api/links/${props.link.id}`, { method: "PATCH", body: event.data, });
+      toast.add({ title: "Link updated", color: "success" });
+    } else {
+      await $fetch("/api/links", { method: "POST", body: event.data });
+      toast.add({ title: "Link created", color: "success" });
+    }
+    emit("close", true);
+  } catch (error) {
+    toast.add({ title: getApiError(error), color: "error" });
+  } finally {
+    submitting.value = false;
+  }
+}
+</script>
+
+<template>
+  <UModal :title="link ? 'Edit link' : 'New link'">
+    <template #body>
+      <UForm
+        :schema="schema"
+        :state="state"
+        class="space-y-4"
+        @submit="onSubmit"
+      >
+        <UFormField label="Name" name="name">
+          <UInput v-model="state.name" placeholder="my-link" class="w-full" />
+        </UFormField>
+
+        <UFormField label="Path" name="path">
+          <UInput v-model="state.path" placeholder="/go/somewhere" class="w-full" />
+        </UFormField>
+
+        <UFormField label="URL" name="url">
+          <UInput v-model="state.url" placeholder="https://example.com" class="w-full" />
+        </UFormField>
+
+        <UFormField name="disabled">
+          <UCheckbox v-model="state.disabled" label="Disabled" />
+        </UFormField>
+
+        <div class="flex justify-end gap-2 pt-2">
+          <UButton variant="ghost" @click="emit('close', false)">Cancel</UButton>
+          <UButton type="submit" :loading="submitting">{{ link ? "Save" : "Create" }}</UButton>
+        </div>
+      </UForm>
+    </template>
+  </UModal>
+</template>

app/components/LinksTable.vue

@@ -0,0 +1,75 @@
+<script setup lang="ts">
+import type { TableColumn } from "@nuxt/ui";
+
+const UBadge = resolveComponent("UBadge");
+
+const props = defineProps<{
+  data: Link[];
+  status: "pending" | "idle" | "success" | "error";
+}>();
+
+const emit = defineEmits<{
+  edit: [link: Link];
+  delete: [link: Link];
+}>();
+
+const UButton = resolveComponent("UButton");
+
+const columns: TableColumn<Link>[] = [
+  { accessorKey: "name", header: "Name" },
+  { accessorKey: "path", header: "Path" },
+  {
+    accessorKey: "url",
+    header: "URL",
+    cell: ({ row }) =>
+      h("a", {
+          href: row.original.url,
+          target: "_blank",
+          class: "text-primary hover:underline truncate max-w-xs block",
+        },
+        row.original.url,
+      ),
+  },
+  {
+    accessorKey: "disabled",
+    header: "Status",
+    cell: ({ row }) =>
+      h(UBadge, {
+        label: row.original.disabled ? "Disabled" : "Active",
+        color: row.original.disabled ? "error" : "success",
+        variant: "subtle",
+      }),
+  },
+  {
+    id: "actions",
+    cell: ({ row }) =>
+      h("div", { class: "flex justify-end gap-1" }, [
+        h(UButton, {
+          icon: "i-lucide-pencil",
+          variant: "ghost",
+          size: "sm",
+          onClick: () => emit("edit", row.original),
+        }),
+        h(UButton, {
+          icon: "i-lucide-trash-2",
+          variant: "ghost",
+          size: "sm",
+          color: "error",
+          onClick: () => emit("delete", row.original),
+        }),
+      ]),
+  },
+];
+</script>
+
+<template>
+  <UTable
+    :data="data"
+    :columns="columns"
+    :loading="status === 'pending' || status === 'idle'"
+  >
+    <template #empty>
+      {{ status === "pending" || status === "idle" ? "Loading..." : "No data" }}
+    </template>
+  </UTable>
+</template>

app/middleware/auth.ts

@@ -0,0 +1,7 @@
+export default defineNuxtRouteMiddleware(() => {
+  const { loggedIn } = useUserSession();
+
+  if (!loggedIn.value) {
+    return navigateTo("/auth/sign-in");
+  }
+});

app/pages/auth/sign-in.vue

@@ -0,0 +1,59 @@
+<script setup lang="ts">
+import { z } from "zod";
+import type { AuthFormField, FormSubmitEvent } from "@nuxt/ui";
+
+definePageMeta({
+  middleware: () => {
+    const { loggedIn } = useUserSession();
+    if (loggedIn.value) return navigateTo("/dashboard");
+  },
+});
+
+const fields: AuthFormField[] = [
+  { name: "username", type: "text", label: "Username", required: true },
+  { name: "password", type: "password", label: "Password", required: true },
+];
+
+const schema = z.object({
+  username: z.string({ error: "Required" }),
+  password: z.string({ error: "Required" }),
+});
+
+type Schema = z.output<typeof schema>;
+
+const { fetch: fetchSession } = useUserSession();
+const error = ref<string | null>(null);
+const loading = ref(false);
+
+const onSubmit = async (event: FormSubmitEvent<Schema>) => {
+  error.value = null;
+  loading.value = true;
+  try {
+    await $fetch("/api/auth/sign-in", { method: "POST", body: event.data });
+    await fetchSession();
+    await navigateTo("/dashboard");
+  } catch (e) {
+    error.value = getApiError(e);
+  } finally {
+    loading.value = false;
+  }
+};
+</script>
+
+<template>
+  <div class="flex items-center justify-center min-h-screen">
+    <UPageCard class="w-full max-w-sm">
+      <UAuthForm
+        title="Sign In"
+        :fields="fields"
+        :schema="schema"
+        :loading="loading"
+        @submit="onSubmit"
+      >
+        <template v-if="error" #validation>
+          <UAlert color="error" icon="i-lucide-circle-alert" :title="error" />
+        </template>
+      </UAuthForm>
+    </UPageCard>
+  </div>
+</template>

app/pages/dashboard.vue

@@ -0,0 +1,118 @@
+<script setup lang="ts">
+import { LazyLinkModal, LazyConfirmModal } from "#components";
+
+definePageMeta({ middleware: "auth" });
+
+const toast = useToast();
+const overlay = useOverlay();
+
+const { fetch: fetchSession } = useUserSession();
+
+const signOut = async () => {
+  await $fetch("/api/auth/sign-out", { method: "POST" });
+  await fetchSession();
+  await navigateTo("/auth/sign-in");
+};
+
+const { data: links, status, refresh } = useLazyFetch("/api/links", { key: "links", server: false, });
+
+const route = useRoute();
+const category = computed(() => {
+  if (route.query.filter === "active") return "active";
+  if (route.query.filter === "disabled") return "disabled";
+  return "all";
+});
+
+const filteredLinks = computed(() => {
+  if (!links.value) return [];
+  if (category.value === "active") return links.value.filter((l) => !l.disabled);
+  if (category.value === "disabled") return links.value.filter((l) => l.disabled);
+  return links.value;
+});
+
+const openModal = async (link: Link | null) => {
+  const modal = overlay.create(LazyLinkModal, { destroyOnClose: true });
+  const instance = modal.open({ link });
+  if (await instance.result) await refresh();
+}
+
+const deleteLink = async (link: Link) => {
+  const modal = overlay.create(LazyConfirmModal, { destroyOnClose: true });
+  const instance = modal.open({ title: "Delete link", description: `Are you sure you want to delete "${link.name}"?` });
+  if (!await instance.result) return;
+
+  try {
+    await $fetch(`/api/links/${link.id}`, { method: "DELETE" });
+    toast.add({ title: "Link deleted", color: "success" });
+    await refresh();
+  } catch (error) {
+    toast.add({ title: getApiError(error), color: "error" });
+  }
+};
+
+</script>
+
+<template>
+  <UDashboardGroup>
+    <UDashboardSidebar :toggle="false">
+      <template #header>
+        <UDashboardNavbar title="pihka.al" :toggle="false" />
+      </template>
+
+      <UNavigationMenu
+        orientation="vertical"
+        highlight
+        :items="[
+          {
+            label: 'All',
+            icon: 'i-lucide-link',
+            badge: links?.length ?? 0,
+            to: '/dashboard',
+            active: category === 'all',
+          },
+          {
+            label: 'Active',
+            icon: 'i-lucide-link-2',
+            badge: links?.filter((l) => !l.disabled).length ?? 0,
+            to: '/dashboard?filter=active',
+            active: category === 'active',
+          },
+          {
+            label: 'Disabled',
+            icon: 'i-lucide-link-2-off',
+            badge: links?.filter((l) => l.disabled).length ?? 0,
+            to: '/dashboard?filter=disabled',
+            active: category === 'disabled',
+          },
+        ]"
+        class="px-2"
+      />
+      <template #footer>
+        <UButton variant="ghost" icon="i-lucide-log-out" block @click="signOut">
+          Sign out
+        </UButton>
+      </template>
+    </UDashboardSidebar>
+
+    <UDashboardPanel>
+      <template #header>
+        <UDashboardNavbar :title="category === 'all' ? 'All links' : category === 'active' ? 'Active links' : 'Disabled links'">
+          <template #right>
+            <UButton icon="i-lucide-plus" @click="openModal(null)">
+              New link
+            </UButton>
+          </template>
+        </UDashboardNavbar>
+      </template>
+
+      <template #body>
+        <LinksTable
+          :data="filteredLinks"
+          :status="status"
+          @edit="openModal"
+          @delete="deleteLink"
+        />
+      </template>
+    </UDashboardPanel>
+  </UDashboardGroup>
+</template>

app/pages/index.vue

@@ -1,3 +0,0 @@
-<template>
-  <div>ok</div>
-</template>

app/utils/api.ts

@@ -0,0 +1,22 @@
+import { z } from "zod";
+
+const apiErrorSchema = z.object({
+  data: z.object({
+    statusCode: z.number(),
+    message: z.string(),
+  }),
+});
+
+export const getApiError = (
+  error: unknown,
+  defaultMessage: string = "Something went wrong",
+): string => {
+  const parsedError = apiErrorSchema.safeParse(error);
+  if (parsedError.success) {
+    if (parsedError.data.data.statusCode === 500) {
+      return `ERR-500: Internal server error`;
+    }
+    return `ERR-${parsedError.data.data.statusCode}: ${parsedError.data.data.message}`;
+  }
+  return defaultMessage;
+};

docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  app:
+    container_name: pihka-al
+    image: git.pihkaal.me/pihkaal/pihka-al:latest
+    restart: unless-stopped
+    environment:
+      - DATABASE_URL=/data/db.sqlite
+      - ADMIN_USERNAME
+      - ADMIN_PASSWORD
+      - REDIRECT_DOMAIN
+      - NUXT_SESSION_PASSWORD
+    volumes:
+      - db:/data
+    networks:
+      - web
+    labels:
+      - traefik.enable=true
+      - traefik.http.services.pihka-al.loadbalancer.server.port=3000
+
+      # dashboard domain
+      - traefik.http.routers.pihka-al-dashboard.rule=Host(`${DASHBOARD_DOMAIN}`)
+      - traefik.http.routers.pihka-al-dashboard.tls.certresolver=myresolver
+      - traefik.http.routers.pihkaal-me.tls=true
+      - traefik.http.routers.pihka-al-dashboard.service=pihka-al
+
+      # redirect domain
+      - traefik.http.routers.pihka-al-redirect.rule=Host(`${REDIRECT_DOMAIN}`)
+      - traefik.http.routers.pihka-al-redirect.tls.certresolver=myresolver
+      - traefik.http.routers.pihkaal-me.tls=true
+      - traefik.http.routers.pihka-al-redirect.service=pihka-al
+      - traefik.http.routers.pihka-al.middlewares=umami-middleware@file
+
+volumes:
+  db:
+
+networks:
+  web:
+    external: true

drizzle.config.ts

@@ -0,0 +1,11 @@
+import { defineConfig } from 'drizzle-kit'
+import { env } from './server/env'
+
+export default defineConfig({
+  schema: './server/db/schema.ts',
+  out: './server/db/migrations',
+  dialect: 'sqlite',
+  dbCredentials: {
+    url: env.DATABASE_URL,
+  },
+})

nuxt.config.ts

@@ -1,9 +1,14 @@
 // https://nuxt.com/docs/api/configuration/nuxt-config
 export default defineNuxtConfig({
-  modules: [
-    '@nuxt/eslint',
-    '@nuxt/ui'
-  ],
+  modules: ['@nuxt/eslint', '@nuxt/ui', 'nuxt-auth-utils'],
+
+  vite: {
+    optimizeDeps: {
+      include: [
+        'zod',
+      ]
+    }
+  },
 
   devtools: {
     enabled: true
@@ -11,10 +16,6 @@ export default defineNuxtConfig({
 
   css: ['~/assets/css/main.css'],
 
-  routeRules: {
-    '/': { prerender: true }
-  },
-
   compatibilityDate: '2025-01-15',
 
   eslint: {

package.json

@@ -8,15 +8,27 @@
     "preview": "nuxt preview",
     "postinstall": "nuxt prepare",
     "lint": "eslint .",
-    "typecheck": "nuxt typecheck"
+    "typecheck": "nuxt typecheck",
+    "db:push": "drizzle-kit push",
+    "db:generate": "drizzle-kit generate",
+    "db:migrate": "drizzle-kit migrate",
+    "db:studio": "drizzle-kit studio"
   },
   "dependencies": {
     "@nuxt/ui": "^4.5.1",
+    "better-sqlite3": "^12.8.0",
+    "dotenv": "^17.3.1",
+    "drizzle-orm": "^0.45.1",
     "nuxt": "^4.4.2",
-    "tailwindcss": "^4.2.1"
+    "nuxt-auth-utils": "0.5.29",
+    "tailwindcss": "^4.2.1",
+    "zod": "^4.3.6"
   },
   "devDependencies": {
+    "@iconify-json/lucide": "^1.2.98",
     "@nuxt/eslint": "^1.15.2",
+    "@types/better-sqlite3": "^7.6.13",
+    "drizzle-kit": "^0.31.10",
     "eslint": "^10.0.3",
     "typescript": "^5.9.3",
     "vue-tsc": "^3.2.5"

pnpm-workspace.yaml

@@ -4,3 +4,5 @@ ignoredBuiltDependencies:
   - esbuild
   - unrs-resolver
   - vue-demi
+onlyBuiltDependencies:
+  - better-sqlite3

server/api/auth/sign-in.post.ts

@@ -0,0 +1,52 @@
+import { timingSafeEqual } from "node:crypto";
+import { z } from "zod";
+import { env } from "#server/env";
+
+const bodySchema = z.object({
+  username: z.string(),
+  password: z.string(),
+});
+
+const attempts = new Map<string, { count: number; resetAt: number }>();
+const MAX_ATTEMPTS = 10;
+const WINDOW_MS = 60_000;
+
+const isRateLimited = (ip: string): boolean => {
+  const now = Date.now();
+  const entry = attempts.get(ip);
+
+  if (!entry || now > entry.resetAt) {
+    attempts.set(ip, { count: 1, resetAt: now + WINDOW_MS });
+    return false;
+  }
+
+  if (entry.count >= MAX_ATTEMPTS) return true;
+  entry.count++;
+  return false;
+};
+
+const safeEqual = (a: string, b: string): boolean => {
+  const aBuf = Buffer.from(a);
+  const bBuf = Buffer.from(b);
+  if (aBuf.length !== bBuf.length) {
+    timingSafeEqual(aBuf, aBuf);
+    return false;
+  }
+  return timingSafeEqual(aBuf, bBuf);
+};
+
+export default defineEventHandler(async (event) => {
+  const ip = getRequestIP(event) ?? "unknown";
+  if (isRateLimited(ip)) {
+    throw createError({ statusCode: 429, message: "Too many attempts, try again later" });
+  }
+
+  const body = await readValidatedBody(event, bodySchema.parse);
+
+  const valid = safeEqual(body.username, env.ADMIN_USERNAME) && safeEqual(body.password, env.ADMIN_PASSWORD);
+  if (!valid) {
+    throw createError({ statusCode: 401, message: "Invalid credentials" });
+  }
+
+  await setUserSession(event, { user: { username: body.username } });
+});

server/api/auth/sign-out.post.ts

@@ -0,0 +1,3 @@
+export default defineEventHandler(async (event) => {
+  await clearUserSession(event);
+});

server/api/links/[id]/index.delete.ts

@@ -0,0 +1,22 @@
+import { db } from "#server/db";
+import * as tables from "#server/db/schema";
+import { eq } from "drizzle-orm";
+import { z } from "zod";
+
+const paramsSchema = z.object({
+  id: z.string().transform(Number),
+});
+
+export default defineEventHandler(async (event) => {
+  const params = await getValidatedRouterParams(event, paramsSchema.parse);
+
+  const [link] = await db
+    .delete(tables.links)
+    .where(eq(tables.links.id, params.id))
+    .returning();
+  if (!link) {
+    throw createError({ statusCode: 404, message: "Link not found" });
+  }
+
+  return link;
+});

server/api/links/[id]/index.get.ts

@@ -0,0 +1,21 @@
+import { db } from "#server/db";
+import * as tables from "#server/db/schema";
+import { eq } from "drizzle-orm";
+import { z } from "zod";
+
+const paramsSchema = z.object({
+  id: z.string().transform(Number),
+});
+
+export default defineEventHandler(async (event) => {
+  const params = await getValidatedRouterParams(event, paramsSchema.parse);
+
+  const link = await db.query.links.findFirst({
+    where: eq(tables.links.id, params.id),
+  });
+  if (!link) {
+    throw createError({ statusCode: 404, message: "Link not found" });
+  }
+
+  return link;
+});

server/api/links/[id]/index.patch.ts

@@ -0,0 +1,40 @@
+import { db } from "#server/db";
+import * as tables from "#server/db/schema";
+import { eq } from "drizzle-orm";
+import { z } from "zod";
+
+const paramsSchema = z.object({
+  id: z.string().transform(Number),
+});
+
+const bodySchema = z
+  .object({
+    name: z.string().min(1).optional(),
+    path: z.string().min(1).startsWith("/").optional(),
+    url: z.url().optional(),
+    disabled: z.boolean().optional(),
+  })
+  .refine((data) => Object.values(data).some((v) => v !== undefined), {
+    message: "At least one field must be provided",
+  });
+
+export default defineEventHandler(async (event) => {
+  const params = await getValidatedRouterParams(event, paramsSchema.parse);
+  const body = await readValidatedBody(event, bodySchema.parse);
+
+  const conflicts = await findConflictingFields(body, params.id);
+  if (conflicts.length > 0) {
+    throw createError({ statusCode: 409, message: `A link with this ${joinFields(conflicts)} already exists` });
+  }
+
+  const [link] = await db
+    .update(tables.links)
+    .set(body)
+    .where(eq(tables.links.id, params.id))
+    .returning();
+  if (!link) {
+    throw createError({ statusCode: 404, message: "Link not found" });
+  }
+
+  return link;
+});

server/api/links/index.get.ts

@@ -0,0 +1,5 @@
+import { db } from "#server/db";
+
+export default defineEventHandler(async () => {
+  return db.query.links.findMany();
+});

server/api/links/index.post.ts

@@ -0,0 +1,22 @@
+import { db } from "#server/db";
+import * as tables from "#server/db/schema";
+import { z } from "zod";
+
+const bodySchema = z.object({
+  name: z.string().min(1),
+  path: z.string().min(1).startsWith("/"),
+  url: z.url(),
+  disabled: z.boolean().optional(),
+});
+
+export default defineEventHandler(async (event) => {
+  const body = await readValidatedBody(event, bodySchema.parse);
+
+  const conflicts = await findConflictingFields(body);
+  if (conflicts.length > 0) {
+    throw createError({ statusCode: 409, message: `A link with this ${joinFields(conflicts)} already exists` });
+  }
+
+  const [link] = await db.insert(tables.links).values(body).returning();
+  return link;
+});

server/db/index.ts

@@ -0,0 +1,7 @@
+import Database from 'better-sqlite3'
+import { drizzle } from 'drizzle-orm/better-sqlite3'
+import * as schema from './schema'
+import { env } from '../env'
+
+const sqlite = new Database(env.DATABASE_URL)
+export const db = drizzle(sqlite, { schema })

server/db/migrations/0000_pretty_mentor.sql

@@ -0,0 +1,10 @@
+CREATE TABLE `links` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`name` text NOT NULL,
+	`path` text NOT NULL,
+	`url` text NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `links_name_unique` ON `links` (`name`);--> statement-breakpoint
+CREATE UNIQUE INDEX `links_path_unique` ON `links` (`path`);--> statement-breakpoint
+CREATE UNIQUE INDEX `links_url_unique` ON `links` (`url`);

server/db/migrations/0001_tense_grey_gargoyle.sql

@@ -0,0 +1 @@
+ALTER TABLE `links` ADD `disabled` integer DEFAULT false NOT NULL;

server/db/migrations/meta/0000_snapshot.json

@@ -0,0 +1,78 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "d03860ad-0d5c-4943-92ba-d704c74e1501",
+  "prevId": "00000000-0000-0000-0000-000000000000",
+  "tables": {
+    "links": {
+      "name": "links",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "path": {
+          "name": "path",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "links_name_unique": {
+          "name": "links_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        },
+        "links_path_unique": {
+          "name": "links_path_unique",
+          "columns": [
+            "path"
+          ],
+          "isUnique": true
+        },
+        "links_url_unique": {
+          "name": "links_url_unique",
+          "columns": [
+            "url"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}

server/db/migrations/meta/0001_snapshot.json

@@ -0,0 +1,86 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "0e8befef-3e4f-43f1-a031-95c2ca514e30",
+  "prevId": "d03860ad-0d5c-4943-92ba-d704c74e1501",
+  "tables": {
+    "links": {
+      "name": "links",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "path": {
+          "name": "path",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "disabled": {
+          "name": "disabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        }
+      },
+      "indexes": {
+        "links_name_unique": {
+          "name": "links_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        },
+        "links_path_unique": {
+          "name": "links_path_unique",
+          "columns": [
+            "path"
+          ],
+          "isUnique": true
+        },
+        "links_url_unique": {
+          "name": "links_url_unique",
+          "columns": [
+            "url"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}

server/db/migrations/meta/_journal.json

@@ -0,0 +1,20 @@
+{
+  "version": "7",
+  "dialect": "sqlite",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "6",
+      "when": 1773788954273,
+      "tag": "0000_pretty_mentor",
+      "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "6",
+      "when": 1773792538248,
+      "tag": "0001_tense_grey_gargoyle",
+      "breakpoints": true
+    }
+  ]
+}

server/db/schema.ts

@@ -0,0 +1,9 @@
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+
+export const links = sqliteTable("links", {
+  id: integer("id").primaryKey({ autoIncrement: true }),
+  name: text("name").notNull().unique(),
+  path: text("path").notNull().unique(),
+  url: text("url").notNull(),
+  disabled: integer("disabled", { mode: "boolean" }).notNull().default(false),
+});

server/env.ts

@@ -0,0 +1,11 @@
+import 'dotenv/config'
+import { z } from 'zod'
+
+const schema = z.object({
+  DATABASE_URL: z.string().min(1),
+  ADMIN_USERNAME: z.string().min(1).default("admin"),
+  ADMIN_PASSWORD: z.string().min(1),
+  REDIRECT_DOMAIN: z.string().min(1),
+})
+
+export const env = schema.parse(process.env)

server/middleware/auth.ts

@@ -0,0 +1,7 @@
+export default defineEventHandler(async (event) => {
+  const path = getRequestURL(event).pathname;
+
+  if (path.startsWith("/api/") && !path.startsWith("/api/auth/")) {
+    await requireUserSession(event);
+  }
+});

server/middleware/redirect.ts

@@ -0,0 +1,31 @@
+import { db } from "#server/db";
+import * as tables from "#server/db/schema";
+import { eq } from "drizzle-orm";
+import { env } from "#server/env";
+
+export default defineEventHandler(async (event) => {
+  const host = getRequestHost(event, { xForwardedHost: true }).split(":")[0];
+
+  if (host !== env.REDIRECT_DOMAIN) {
+    if (getRequestURL(event).pathname === "/") {
+      return sendRedirect(event, "/dashboard", 302);
+    }
+    return;
+  }
+
+  const path = getRequestURL(event).pathname;
+
+  const link = await db.query.links.findFirst({
+    where: eq(tables.links.path, path),
+  });
+
+  if (!link) {
+    throw createError({ statusCode: 404, message: "Not found" });
+  }
+
+  if (link.disabled) {
+    throw createError({ statusCode: 410, message: "This link has been disabled" });
+  }
+
+  return sendRedirect(event, link.url, 302);
+});

server/utils/links.ts

@@ -0,0 +1,34 @@
+import { db } from "#server/db";
+import * as tables from "#server/db/schema";
+import { and, eq, ne } from "drizzle-orm";
+
+const UNIQUE_FIELDS = ["name", "path"] as const;
+type UniqueField = (typeof UNIQUE_FIELDS)[number];
+
+export const joinFields = (fields: string[]): string => {
+  if (fields.length <= 1) return fields.join("");
+  return `${fields.slice(0, -1).join(", ")} and ${fields.at(-1)}`;
+};
+
+export const findConflictingFields = async (
+  values: Partial<Record<UniqueField, string>>,
+  excludeId?: number,
+): Promise<UniqueField[]> => {
+  const conflicts: UniqueField[] = [];
+
+  for (const field of UNIQUE_FIELDS) {
+    const value = values[field];
+    if (!value) continue;
+
+    const conflict = await db.query.links.findFirst({
+      where: and(
+        eq(tables.links[field], value),
+        excludeId !== undefined ? ne(tables.links.id, excludeId) : undefined,
+      ),
+    });
+
+    if (conflict) conflicts.push(field);
+  }
+
+  return conflicts;
+};

shared/types/app.ts

@@ -0,0 +1,3 @@
+import type { InternalApi } from "nitropack/types";
+
+export type Link = InternalApi["/api/links"]["get"][number];