4.3 KiB
4.3 KiB
FoamKing Delivery Cleanup Design
Date: 2026-02-22
Goal
Prepare the FoamKing calculator for zip delivery to customer. Clean up routes, security, auth, DB, and strip debug/dev artifacts. Customer will integrate into their own infrastructure.
1. Route Restructure
| Before | After | Access |
|---|---|---|
/ |
/ |
Public — calculator |
/tilbud/[slug] |
/tilbud/[slug] |
Public — quote view |
/admin |
/intern/beregner |
Protected — detailed calculator breakdown |
/dashboard |
/intern |
Protected — quote management (kanban) |
/historik |
/intern/historik |
Protected — quote archive |
/login |
/intern/login |
Public — login page |
Middleware protects /intern/* except /intern/login.
2. Authentication
Replace DB-based auth with env-based single admin user.
lib/auth.ts exports:
checkAuth(request)— single function, clear comments for JWT/OAuth swaplogin(email, password)— compares againstADMIN_EMAIL/ADMIN_PASSWORDenv varslogout(token)— clears session
Implementation: in-memory session Map or signed cookie. No DB tables for users/sessions.
Remove:
userstablesessionstable/api/auth/setupendpointbcryptdependency
.env config:
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=changeme
3. Database Cleanup
Keep SQLite (better-sqlite3), clean schema, add seed script.
Single table:
CREATE TABLE quotes (
id INTEGER PRIMARY KEY AUTOINCREMENT,
postal_code TEXT NOT NULL,
address TEXT,
area REAL NOT NULL,
height REAL NOT NULL,
include_floor_heating INTEGER DEFAULT 1,
flooring_type TEXT DEFAULT 'STANDARD',
customer_name TEXT NOT NULL,
customer_email TEXT NOT NULL,
customer_phone TEXT NOT NULL,
remarks TEXT,
total_excl_vat REAL NOT NULL,
total_incl_vat REAL NOT NULL,
status TEXT DEFAULT 'new',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
email_opened_at TEXT
);
- Quote IDs start at 1000
- No migration hacks (clean CREATE TABLE only)
lib/db.tsopens DB and exports connection — no schema creation on import
Seed script (npm run setup):
- Creates
data/directory - Creates quotes table
- Sets auto-increment start to 1000
- Prints success message
4. Security Hardening
- Remove all hardcoded credentials from codebase
- Remove
docs/mail.txtfrom delivery - Rate limiting on
/api/quote-requestand/api/auth/login(simple in-memory counter) - Validate/sanitize all inputs server-side
- Cookies:
httpOnly,secure,sameSite: strict - Remove
/api/auth/setupendpoint
5. Debug Stripping
- Remove all
console.logstatements - Remove "Admin Mode" toggle from public pages
- Remove dev-only comments and TODO markers
6. Distance Calculation
Unchanged — dual approach:
- Default: Hardcoded postal code lookup table (no API key needed)
- Optional: OpenRouteService API for precise driving distances (free tier, 2000 req/day)
7. Build & Zip Delivery
scripts/build-release.sh:
- Create temp directory
/tmp/foamking-release-<timestamp>/ - Copy shipping files:
app/,components/,lib/,public/,scripts/setup.jsmiddleware.tspackage.json,tsconfig.json,tailwind.config.tspostcss.config.mjs,eslint.config.mjs,next.config.ts.env.example,OPSÆTNING.md,SETUP.md
- Run
npm install+npm run buildto verify compilation - Remove
node_modules/and.next/from temp dir - Zip as
foamking-beregner-<date>.zip
Excluded from zip:
.git/,docs/,node_modules/,.next/,data/.env.local,CLAUDE.md,README.md,package-lock.json
8. Setup Documentation
OPSÆTNING.md (Danish) + SETUP.md (English) covering:
- Prerequisites (Node.js, npm)
- Install dependencies (
npm install) - Configure
.env.local:ADMIN_EMAIL/ADMIN_PASSWORD(required)- SMTP: Office 365 —
smtp.office365.com:587with STARTTLS, enable SMTP AUTH fortilbud@foamking.dkin Exchange Admin Center (required) OPENROUTE_API_KEY(optional — for precise distance calculation)
- Run
npm run setup(creates database) - Build and start (
npm run build && npm start) - Route overview:
/= public calculator,/intern= admin dashboard - Auth customization: how to replace
checkAuth()inlib/auth.tsfor JWT/OAuth