fix: lazy DB initialization — useDb() called inside handlers, not at import

useRuntimeConfig() and better-sqlite3 were being called at module top-level, which crashes during Nitro server startup. Now all DB access is lazy via useDb(), and auth uses process.env directly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 15:36:17 +02:00
parent 6148b5012d
commit 08846c9c63
8 changed files with 51 additions and 39 deletions
--- a/server/api/analysis/index.post.ts
+++ b/server/api/analysis/index.post.ts
@@ -1,8 +1,9 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { requireAdmin } from '../../utils/auth'

 export default defineEventHandler(async (event) => {
  requireAdmin(event)
+  const db = useDb()

  const ideas = db.prepare('SELECT text, category FROM ideas WHERE hidden = 0').all() as any[]
  if (ideas.length < 3) {
--- a/server/api/ideas/[id].delete.ts
+++ b/server/api/ideas/[id].delete.ts
@@ -1,8 +1,9 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { requireAdmin } from '../../utils/auth'

 export default defineEventHandler((event) => {
  requireAdmin(event)
+  const db = useDb()
  const id = getRouterParam(event, 'id')
  db.prepare('DELETE FROM ideas WHERE id = ?').run(id)
  return { ok: true }
--- a/server/api/ideas/[id].patch.ts
+++ b/server/api/ideas/[id].patch.ts
@@ -1,8 +1,9 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { requireAdmin } from '../../utils/auth'

 export default defineEventHandler(async (event) => {
  requireAdmin(event)
+  const db = useDb()
  const id = getRouterParam(event, 'id')
  const body = await readBody(event)

--- a/server/api/ideas/index.get.ts
+++ b/server/api/ideas/index.get.ts
@@ -1,7 +1,8 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'
 import { isAdmin } from '../../utils/auth'

 export default defineEventHandler((event) => {
+  const db = useDb()
  const admin = isAdmin(event)
  const rows = admin
    ? db.prepare('SELECT * FROM ideas ORDER BY created_at DESC').all()
--- a/server/api/ideas/index.post.ts
+++ b/server/api/ideas/index.post.ts
@@ -1,6 +1,7 @@
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'

 export default defineEventHandler(async (event) => {
+  const db = useDb()
  const { text, category } = await readBody(event)
  if (!text?.trim()) {
    throw createError({ statusCode: 400, statusMessage: 'Text is required' })
--- a/server/api/votes/[id].post.ts
+++ b/server/api/votes/[id].post.ts
@@ -1,7 +1,8 @@
 import { createHash } from 'crypto'
-import db from '../../utils/db'
+import { useDb } from '../../utils/db'

 export default defineEventHandler((event) => {
+  const db = useDb()
  const id = getRouterParam(event, 'id')
  const ip = getRequestIP(event, { xForwardedFor: true }) || 'unknown'
  const voterHash = createHash('sha256').update(ip + ':' + id).digest('hex')
@@ -10,7 +11,6 @@ export default defineEventHandler((event) => {
    db.prepare('INSERT INTO vote_log (idea_id, voter_hash) VALUES (?, ?)').run(id, voterHash)
    db.prepare('UPDATE ideas SET votes = votes + 1 WHERE id = ?').run(id)
  } catch {
-    // UNIQUE constraint = already voted
    throw createError({ statusCode: 409, statusMessage: 'Already voted' })
  }

--- a/server/utils/auth.ts
+++ b/server/utils/auth.ts
@@ -1,8 +1,9 @@
 import { randomBytes, timingSafeEqual } from 'crypto'
 import type { H3Event } from 'h3'
-import db from './db'
+import { useDb } from './db'

 export function createSession(): string {
+  const db = useDb()
  const token = randomBytes(32).toString('hex')
  const expires = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString()
  db.prepare('INSERT INTO sessions (token, expires_at) VALUES (?, ?)').run(token, expires)
@@ -10,6 +11,7 @@ export function createSession(): string {
 }

 export function validateSession(token: string): boolean {
+  const db = useDb()
  const row = db.prepare('SELECT expires_at FROM sessions WHERE token = ?').get(token) as any
  if (!row) return false
  if (new Date(row.expires_at) < new Date()) {
@@ -20,12 +22,12 @@ export function validateSession(token: string): boolean {
 }

 export function destroySession(token: string) {
+  const db = useDb()
  db.prepare('DELETE FROM sessions WHERE token = ?').run(token)
 }

 export function checkPassword(input: string): boolean {
-  const config = useRuntimeConfig()
-  const expected = config.adminPassword as string
+  const expected = process.env.ADMIN_PASSWORD || 'admin'
  if (input.length !== expected.length) return false
  return timingSafeEqual(Buffer.from(input), Buffer.from(expected))
 }
--- a/server/utils/db.ts
+++ b/server/utils/db.ts
@@ -2,16 +2,20 @@ import Database from 'better-sqlite3'
 import { mkdirSync } from 'fs'
 import { dirname } from 'path'

-const config = useRuntimeConfig()
-const dbPath = config.dbPath as string
+let _db: InstanceType<typeof Database> | null = null

-mkdirSync(dirname(dbPath), { recursive: true })
+export function useDb() {
+  if (_db) return _db

-const db = new Database(dbPath)
-db.pragma('journal_mode = WAL')
-db.pragma('foreign_keys = ON')
+  const dbPath = process.env.DB_PATH || './data/brainstorm.db'

-db.exec(`
+  mkdirSync(dirname(dbPath), { recursive: true })
+
+  _db = new Database(dbPath)
+  _db.pragma('journal_mode = WAL')
+  _db.pragma('foreign_keys = ON')
+
+  _db.exec(`
    CREATE TABLE IF NOT EXISTS ideas (
      id INTEGER PRIMARY KEY AUTOINCREMENT,
      text TEXT NOT NULL,
@@ -34,6 +38,7 @@ db.exec(`
      created_at TEXT NOT NULL DEFAULT (datetime('now')),
      expires_at TEXT NOT NULL
    );
-`)
+  `)

-export default db
+  return _db
+}