chore: add some infra for local testing · danielroe.dev/synchub.to@5730d94

+67

.env.example

··· 1 + # Copy to `.env` and fill in. 2 + 3 + # --------------------------------------------------------------------------- 4 + # OG image URL signing secret. nuxt-og-image renders OG images on demand at 5 + # runtime; this HMAC secret signs the generated URLs so callers can't craft 6 + # arbitrary image-generation requests against the endpoint (which would burn 7 + # CPU and bandwidth). 8 + # 9 + # Generate with: npx nuxt-og-image generate-secret 10 + # (or any 32-byte hex string — the CLI just calls randomBytes(32).toString('hex')) 11 + # --------------------------------------------------------------------------- 12 + NUXT_OG_IMAGE_SECRET=<32-byte hex string> 13 + 14 + # --------------------------------------------------------------------------- 15 + # Public URL the app is reachable at. For local dev this is the loopback host 16 + # (note: 127.0.0.1, not localhost — required by the AT Proto OAuth spec for 17 + # the synthetic dev `client_id`). 18 + # --------------------------------------------------------------------------- 19 + NUXT_PUBLIC_URL=http://127.0.0.1:3000 20 + 21 + # --------------------------------------------------------------------------- 22 + # Database. Get a connection string from https://neon.tech (free tier is fine). 23 + # Copy the "pooled" connection string for serverless workloads. 24 + # --------------------------------------------------------------------------- 25 + NUXT_DATABASE_URL=postgres://user:password@host.neon.tech/dbname?sslmode=require 26 + 27 + # --------------------------------------------------------------------------- 28 + # AT Proto OAuth client signing key (ES256 private JWK). 29 + # Generate with: pnpm gen:jwk 30 + # Paste the full JSON object on a single line below. 31 + # --------------------------------------------------------------------------- 32 + NUXT_ATPROTO_PRIVATE_JWK={"kty":"EC","kid":"...","crv":"P-256","x":"...","y":"...","d":"..."} 33 + 34 + # --------------------------------------------------------------------------- 35 + # Application encryption key (KEK) — wraps SSH private keys and AT Proto 36 + # session blobs at rest. Base64-encoded 32 bytes. 37 + # Generate with: pnpm gen:encryption-key 38 + # --------------------------------------------------------------------------- 39 + NUXT_ENCRYPTION_KEY=<base64-encoded 32 bytes> 40 + 41 + # --------------------------------------------------------------------------- 42 + # GitHub App credentials. After creating the App at 43 + # https://github.com/settings/apps/new, copy: 44 + # - The numeric App ID (top of the App settings page). 45 + # - The webhook secret you set during creation. 46 + # - A generated private key (.pem). On Vercel, store with literal "\n" in 47 + # place of newlines; locally, keep the real newlines. 48 + # --------------------------------------------------------------------------- 49 + NUXT_GITHUB_APP_ID=<numeric app id> 50 + NUXT_GITHUB_WEBHOOK_SECRET=<webhook secret> 51 + NUXT_GITHUB_APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY----- 52 + ... 53 + -----END RSA PRIVATE KEY----- 54 + " 55 + 56 + # --------------------------------------------------------------------------- 57 + # Cron secret — protects the worker tick endpoint (`/api/jobs/run`) from 58 + # unauthenticated callers. In prod, Vercel Cron sends this automatically; 59 + # locally, `pnpm jobs:tick` reads it from this env var. 60 + # Generate with: pnpm gen:cron-secret 61 + # --------------------------------------------------------------------------- 62 + NUXT_CRON_SECRET=<base64url-encoded 32 bytes> 63 + 64 + # Optional: per-invocation worker time budget in milliseconds. 65 + # Default 25_000. Set lower in dev so `pnpm jobs:tick` returns sooner when 66 + # the queue is empty. 67 + # NUXT_WORKER_BUDGET_MS=5000

+1

package.json

··· 23 23 "gen:jwk": "node scripts/gen-jwk.ts", 24 24 "gen:encryption-key": "node -e \"console.log(require('node:crypto').randomBytes(32).toString('base64'))\"", 25 25 "gen:cron-secret": "node -e \"console.log(require('node:crypto').randomBytes(32).toString('base64url'))\"", 26 + "jobs:tick": "node --env-file=.env scripts/jobs-tick.ts", 26 27 "test:types": "vue-tsc -b --noEmit", 27 28 "test": "vp test", 28 29 "test:watch": "vp test watch",

+33

scripts/jobs-tick.ts

··· 1 + /** 2 + * Trigger the worker tick endpoint locally. 3 + * 4 + * Reads `NUXT_CRON_SECRET` from `.env` (loaded by Node's --env-file when run 5 + * via `pnpm jobs:tick`) and POSTs to /api/jobs/run with the matching 6 + * `Authorization: Bearer …` header. 7 + * 8 + * In production, Vercel Cron does this automatically every minute; this 9 + * script is the local equivalent. 10 + */ 11 + 12 + import process from 'node:process' 13 + 14 + const url = process.env.JOBS_TICK_URL ?? 'http://127.0.0.1:3000/api/jobs/run' 15 + const secret = process.env.NUXT_CRON_SECRET 16 + 17 + if (!secret) { 18 + console.error('NUXT_CRON_SECRET not set; copy from .env or run `pnpm gen:cron-secret`') 19 + process.exit(1) 20 + } 21 + 22 + const response = await fetch(url, { 23 + method: 'POST', 24 + headers: { authorization: `Bearer ${secret}` }, 25 + }) 26 + 27 + const body = await response.text() 28 + if (!response.ok) { 29 + console.error(`worker tick failed with ${response.status}: ${body}`) 30 + process.exit(1) 31 + } 32 + 33 + console.log(body)

Configure Feed

Configure Feed