alexandrump/brainstorming
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: lazy DB initialization — useDb() called inside handlers, not at import

Browse Source 
useRuntimeConfig() and better-sqlite3 were being called at module
top-level, which crashes during Nitro server startup. Now all DB
access is lazy via useDb(), and auth uses process.env directly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Martinez
2026-04-07 15:36:17 +02:00
parent 6148b5012d
commit 08846c9c63
8 changed files with 51 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/api/analysis/index.post.ts
View File

@@ -1,8 +1,9 @@
import db from '../../utils/db' import { useDb } from '../../utils/db'
import { requireAdmin } from '../../utils/auth' import { requireAdmin } from '../../utils/auth'
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
requireAdmin(event) requireAdmin(event)
const db = useDb()
const ideas = db.prepare('SELECT text, category FROM ideas WHERE hidden = 0').all() as any[] const ideas = db.prepare('SELECT text, category FROM ideas WHERE hidden = 0').all() as any[]
if (ideas.length < 3) { if (ideas.length < 3) {

3
server/api/ideas/[id].delete.ts
View File

@@ -1,8 +1,9 @@
import db from '../../utils/db' import { useDb } from '../../utils/db'
import { requireAdmin } from '../../utils/auth' import { requireAdmin } from '../../utils/auth'
export default defineEventHandler((event) => { export default defineEventHandler((event) => {
requireAdmin(event) requireAdmin(event)
const db = useDb()
const id = getRouterParam(event, 'id') const id = getRouterParam(event, 'id')
db.prepare('DELETE FROM ideas WHERE id = ?').run(id) db.prepare('DELETE FROM ideas WHERE id = ?').run(id)
return { ok: true } return { ok: true }

3
server/api/ideas/[id].patch.ts
View File

@@ -1,8 +1,9 @@
import db from '../../utils/db' import { useDb } from '../../utils/db'
import { requireAdmin } from '../../utils/auth' import { requireAdmin } from '../../utils/auth'
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
requireAdmin(event) requireAdmin(event)
const db = useDb()
const id = getRouterParam(event, 'id') const id = getRouterParam(event, 'id')
const body = await readBody(event) const body = await readBody(event)

3
server/api/ideas/index.get.ts
View File

@@ -1,7 +1,8 @@
import db from '../../utils/db' import { useDb } from '../../utils/db'
import { isAdmin } from '../../utils/auth' import { isAdmin } from '../../utils/auth'
export default defineEventHandler((event) => { export default defineEventHandler((event) => {
const db = useDb()
const admin = isAdmin(event) const admin = isAdmin(event)
const rows = admin const rows = admin
? db.prepare('SELECT * FROM ideas ORDER BY created_at DESC').all() ? db.prepare('SELECT * FROM ideas ORDER BY created_at DESC').all()

3
server/api/ideas/index.post.ts
View File

@@ -1,6 +1,7 @@
import db from '../../utils/db' import { useDb } from '../../utils/db'
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
const db = useDb()
const { text, category } = await readBody(event) const { text, category } = await readBody(event)
if (!text?.trim()) { if (!text?.trim()) {
throw createError({ statusCode: 400, statusMessage: 'Text is required' }) throw createError({ statusCode: 400, statusMessage: 'Text is required' })

4
server/api/votes/[id].post.ts
View File

@@ -1,7 +1,8 @@
import { createHash } from 'crypto' import { createHash } from 'crypto'
import db from '../../utils/db' import { useDb } from '../../utils/db'
export default defineEventHandler((event) => { export default defineEventHandler((event) => {
const db = useDb()
const id = getRouterParam(event, 'id') const id = getRouterParam(event, 'id')
const ip = getRequestIP(event, { xForwardedFor: true }) || 'unknown' const ip = getRequestIP(event, { xForwardedFor: true }) || 'unknown'
const voterHash = createHash('sha256').update(ip + ':' + id).digest('hex') const voterHash = createHash('sha256').update(ip + ':' + id).digest('hex')
@@ -10,7 +11,6 @@ export default defineEventHandler((event) => {
db.prepare('INSERT INTO vote_log (idea_id, voter_hash) VALUES (?, ?)').run(id, voterHash) db.prepare('INSERT INTO vote_log (idea_id, voter_hash) VALUES (?, ?)').run(id, voterHash)
db.prepare('UPDATE ideas SET votes = votes + 1 WHERE id = ?').run(id) db.prepare('UPDATE ideas SET votes = votes + 1 WHERE id = ?').run(id)
} catch { } catch {
// UNIQUE constraint = already voted
throw createError({ statusCode: 409, statusMessage: 'Already voted' }) throw createError({ statusCode: 409, statusMessage: 'Already voted' })
} }

8
server/utils/auth.ts
View File

@@ -1,8 +1,9 @@
import { randomBytes, timingSafeEqual } from 'crypto' import { randomBytes, timingSafeEqual } from 'crypto'
import type { H3Event } from 'h3' import type { H3Event } from 'h3'
import db from './db' import { useDb } from './db'
export function createSession(): string { export function createSession(): string {
const db = useDb()
const token = randomBytes(32).toString('hex') const token = randomBytes(32).toString('hex')
const expires = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString() const expires = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString()
db.prepare('INSERT INTO sessions (token, expires_at) VALUES (?, ?)').run(token, expires) db.prepare('INSERT INTO sessions (token, expires_at) VALUES (?, ?)').run(token, expires)
@@ -10,6 +11,7 @@ export function createSession(): string {
} }
export function validateSession(token: string): boolean { export function validateSession(token: string): boolean {
const db = useDb()
const row = db.prepare('SELECT expires_at FROM sessions WHERE token = ?').get(token) as any const row = db.prepare('SELECT expires_at FROM sessions WHERE token = ?').get(token) as any
if (!row) return false if (!row) return false
if (new Date(row.expires_at) < new Date()) { if (new Date(row.expires_at) < new Date()) {
@@ -20,12 +22,12 @@ export function validateSession(token: string): boolean {
} }
export function destroySession(token: string) { export function destroySession(token: string) {
const db = useDb()
db.prepare('DELETE FROM sessions WHERE token = ?').run(token) db.prepare('DELETE FROM sessions WHERE token = ?').run(token)
} }
export function checkPassword(input: string): boolean { export function checkPassword(input: string): boolean {
const config = useRuntimeConfig() const expected = process.env.ADMIN_PASSWORD || 'admin'
const expected = config.adminPassword as string
if (input.length !== expected.length) return false if (input.length !== expected.length) return false
return timingSafeEqual(Buffer.from(input), Buffer.from(expected)) return timingSafeEqual(Buffer.from(input), Buffer.from(expected))
} }

63
server/utils/db.ts
View File

@@ -2,38 +2,43 @@ import Database from 'better-sqlite3'
import { mkdirSync } from 'fs' import { mkdirSync } from 'fs'
import { dirname } from 'path' import { dirname } from 'path'
const config = useRuntimeConfig() let _db: InstanceType<typeof Database> | null = null
const dbPath = config.dbPath as string
mkdirSync(dirname(dbPath), { recursive: true }) export function useDb() {
if (_db) return _db
const db = new Database(dbPath) const dbPath = process.env.DB_PATH || './data/brainstorm.db'
db.pragma('journal_mode = WAL')
db.pragma('foreign_keys = ON')
db.exec(` mkdirSync(dirname(dbPath), { recursive: true })
CREATE TABLE IF NOT EXISTS ideas (
id INTEGER PRIMARY KEY AUTOINCREMENT,
text TEXT NOT NULL,
category TEXT NOT NULL DEFAULT 'General',
votes INTEGER NOT NULL DEFAULT 0,
hidden INTEGER NOT NULL DEFAULT 0,
created_at TEXT NOT NULL DEFAULT (datetime('now'))
);
CREATE TABLE IF NOT EXISTS vote_log ( _db = new Database(dbPath)
id INTEGER PRIMARY KEY AUTOINCREMENT, _db.pragma('journal_mode = WAL')
idea_id INTEGER NOT NULL REFERENCES ideas(id) ON DELETE CASCADE, _db.pragma('foreign_keys = ON')
voter_hash TEXT NOT NULL,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
UNIQUE(idea_id, voter_hash)
);
CREATE TABLE IF NOT EXISTS sessions ( _db.exec(`
token TEXT PRIMARY KEY, CREATE TABLE IF NOT EXISTS ideas (
created_at TEXT NOT NULL DEFAULT (datetime('now')), id INTEGER PRIMARY KEY AUTOINCREMENT,
expires_at TEXT NOT NULL text TEXT NOT NULL,
); category TEXT NOT NULL DEFAULT 'General',
`) votes INTEGER NOT NULL DEFAULT 0,
hidden INTEGER NOT NULL DEFAULT 0,
created_at TEXT NOT NULL DEFAULT (datetime('now'))
);
export default db CREATE TABLE IF NOT EXISTS vote_log (
id INTEGER PRIMARY KEY AUTOINCREMENT,
idea_id INTEGER NOT NULL REFERENCES ideas(id) ON DELETE CASCADE,
voter_hash TEXT NOT NULL,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
UNIQUE(idea_id, voter_hash)
);
CREATE TABLE IF NOT EXISTS sessions (
token TEXT PRIMARY KEY,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
expires_at TEXT NOT NULL
);
`)
return _db
}