fix: lazy DB initialization — useDb() called inside handlers, not at import

useRuntimeConfig() and better-sqlite3 were being called at module
top-level, which crashes during Nitro server startup. Now all DB
access is lazy via useDb(), and auth uses process.env directly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

server/api/analysis/index.post.ts

@@ -1,8 +1,9 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { requireAdmin } from '../../utils/auth'
 
 export default defineEventHandler(async (event) => {
   requireAdmin(event)
+  const db = useDb()
 
   const ideas = db.prepare('SELECT text, category FROM ideas WHERE hidden = 0').all() as any[]
   if (ideas.length < 3) {

server/api/ideas/[id].delete.ts

@@ -1,8 +1,9 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { requireAdmin } from '../../utils/auth'
 
 export default defineEventHandler((event) => {
   requireAdmin(event)
+  const db = useDb()
   const id = getRouterParam(event, 'id')
   db.prepare('DELETE FROM ideas WHERE id = ?').run(id)
   return { ok: true }

server/api/ideas/[id].patch.ts

@@ -1,8 +1,9 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { requireAdmin } from '../../utils/auth'
 
 export default defineEventHandler(async (event) => {
   requireAdmin(event)
+  const db = useDb()
   const id = getRouterParam(event, 'id')
   const body = await readBody(event)
 

server/api/ideas/index.get.ts

@@ -1,7 +1,8 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { isAdmin } from '../../utils/auth'
 
 export default defineEventHandler((event) => {
+  const db = useDb()
   const admin = isAdmin(event)
   const rows = admin
     ? db.prepare('SELECT * FROM ideas ORDER BY created_at DESC').all()

server/api/ideas/index.post.ts

@@ -1,6 +1,7 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 
 export default defineEventHandler(async (event) => {
+  const db = useDb()
   const { text, category } = await readBody(event)
   if (!text?.trim()) {
     throw createError({ statusCode: 400, statusMessage: 'Text is required' })

server/api/votes/[id].post.ts

@@ -1,7 +1,8 @@
 import { createHash } from 'crypto'
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 
 export default defineEventHandler((event) => {
+  const db = useDb()
   const id = getRouterParam(event, 'id')
   const ip = getRequestIP(event, { xForwardedFor: true }) || 'unknown'
   const voterHash = createHash('sha256').update(ip + ':' + id).digest('hex')
@@ -10,7 +11,6 @@ export default defineEventHandler((event) => {
     db.prepare('INSERT INTO vote_log (idea_id, voter_hash) VALUES (?, ?)').run(id, voterHash)
     db.prepare('UPDATE ideas SET votes = votes + 1 WHERE id = ?').run(id)
   } catch {
-    // UNIQUE constraint = already voted
     throw createError({ statusCode: 409, statusMessage: 'Already voted' })
   }
 

server/utils/auth.ts

@@ -1,8 +1,9 @@
 import { randomBytes, timingSafeEqual } from 'crypto'
 import type { H3Event } from 'h3'
-import db from './db'
+import { useDb } from './db'
 
 export function createSession(): string {
+  const db = useDb()
   const token = randomBytes(32).toString('hex')
   const expires = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString()
   db.prepare('INSERT INTO sessions (token, expires_at) VALUES (?, ?)').run(token, expires)
@@ -10,6 +11,7 @@ export function createSession(): string {
 }
 
 export function validateSession(token: string): boolean {
+  const db = useDb()
   const row = db.prepare('SELECT expires_at FROM sessions WHERE token = ?').get(token) as any
   if (!row) return false
   if (new Date(row.expires_at) < new Date()) {
@@ -20,12 +22,12 @@ export function validateSession(token: string): boolean {
 }
 
 export function destroySession(token: string) {
+  const db = useDb()
   db.prepare('DELETE FROM sessions WHERE token = ?').run(token)
 }
 
 export function checkPassword(input: string): boolean {
-  const config = useRuntimeConfig()
+  const expected = process.env.ADMIN_PASSWORD || 'admin'
-  const expected = config.adminPassword as string
   if (input.length !== expected.length) return false
   return timingSafeEqual(Buffer.from(input), Buffer.from(expected))
 }

server/utils/db.ts

@@ -2,16 +2,20 @@ import Database from 'better-sqlite3'
 import { mkdirSync } from 'fs'
 import { dirname } from 'path'
 
-const config = useRuntimeConfig()
+let _db: InstanceType<typeof Database> | null = null
-const dbPath = config.dbPath as string
+
+export function useDb() {
+  if (_db) return _db
+
+  const dbPath = process.env.DB_PATH || './data/brainstorm.db'
 
   mkdirSync(dirname(dbPath), { recursive: true })
 
-const db = new Database(dbPath)
+  _db = new Database(dbPath)
-db.pragma('journal_mode = WAL')
+  _db.pragma('journal_mode = WAL')
-db.pragma('foreign_keys = ON')
+  _db.pragma('foreign_keys = ON')
 
-db.exec(`
+  _db.exec(`
     CREATE TABLE IF NOT EXISTS ideas (
       id INTEGER PRIMARY KEY AUTOINCREMENT,
       text TEXT NOT NULL,
@@ -36,4 +40,5 @@ db.exec(`
     );
   `)
 
-export default db
+  return _db
+}