Trey t
42e7bedea4
The honeyDue Go API no longer owns identity — Ory Kratos at
NEXT_PUBLIC_KRATOS_URL does. Rewrite the web app's auth layer to use Kratos
browser self-service flows and the ory_kratos_session cookie.
- Kratos client (src/lib/kratos/): flow init/fetch/submit, whoami, logout,
message helpers, and the useKratosFlow lifecycle hook.
- Generic flow renderer (src/components/auth/): KratosFlowForm renders
ui.nodes (inputs, oidc social buttons, hidden csrf), KratosMessages
surfaces flow-level messages, AuthGate guards /app via whoami.
- Auth pages (login/register/forgot-password/verify-email/reset-password)
rewritten as Kratos login/registration/recovery/verification/settings
flows. Password change in settings now uses the Kratos settings flow.
- Proxy + serverFetch forward the ory_kratos_session cookie to the Go API
instead of "Authorization: Token". Deleted /api/auth/{login,logout,me}.
- Middleware does a cheap ory_kratos_session cookie pre-filter; AuthGate's
whoami call is authoritative.
- auth store rewritten around whoami + GET /auth/me; removed dead auth API
functions, types/auth, validations/auth, code-input.
- Added NEXT_PUBLIC_KRATOS_URL to config (.env.example) and CLAUDE.md.
npm run build passes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
honeyDue Web App
Next.js web client for the honeyDue property management platform. Connects to the Go REST API backend.
Features
- Residences — Create and manage properties, share access with household members via invite codes
- Tasks — Track maintenance tasks with kanban board, due dates, recurring schedules, and completion photos
- Contractors — Manage service providers with contact info, specialties, and task associations
- Documents — Store leases, warranties, manuals, and other property documents
- Demo Mode — Try the full app with mock data at
/demo, no account required - Notifications — Real-time notification bell with preference management
- Settings — Profile editing, password changes, notification preferences, account deletion
Tech Stack
- Framework: Next.js 16 (App Router, Turbopack)
- UI: Tailwind CSS + shadcn/ui
- State: TanStack React Query for server state
- Forms: React Hook Form + Zod validation
- Drag & Drop: @dnd-kit for kanban board
- Analytics: PostHog
- E2E Tests: Playwright
- Deployment: Docker (Dokku-compatible)
Getting Started
# Install dependencies
npm install
# Run development server
npm run dev
Open http://localhost:3000.
Scripts
| Command | Description |
|---|---|
npm run dev |
Start dev server with Turbopack |
npm run build |
Production build |
npm run start |
Start production server |
npm run lint |
Run ESLint |
npm run test:e2e |
Run Playwright tests |
npm run test:e2e:ui |
Run Playwright tests with UI |
Environment Variables
| Variable | Description | Required |
|---|---|---|
NEXT_PUBLIC_API_URL |
Go API base URL (e.g. https://honeyDue.treytartt.com/api) |
Yes |
API_URL |
Server-side API URL (defaults to NEXT_PUBLIC_API_URL) |
No |
NEXT_PUBLIC_POSTHOG_KEY |
PostHog project API key | No |
NEXT_PUBLIC_POSTHOG_HOST |
PostHog instance URL | No |
Architecture
src/
├── app/ # Next.js App Router pages
│ ├── (auth)/ # Login, register, forgot password
│ ├── api/ # Route handlers (auth, proxy)
│ ├── app/ # Authenticated app pages
│ └── demo/ # Demo mode (mirrors app/ with mock data)
├── components/
│ ├── contractors/ # Contractor cards, forms
│ ├── dashboard/ # Stats cards, recent activity
│ ├── demo/ # Demo banner
│ ├── documents/ # Document cards, forms, image gallery
│ ├── layout/ # Sidebar, top bar, mobile nav
│ ├── notifications/ # Notification bell
│ ├── onboarding/ # Onboarding steps
│ ├── residences/ # Residence cards
│ ├── settings/ # Profile, password, preferences
│ ├── shared/ # Error banner, form field
│ ├── sharing/ # Share codes, user management
│ ├── tasks/ # Kanban board, task cards, forms
│ └── ui/ # shadcn/ui primitives
├── lib/
│ ├── analytics/ # PostHog provider
│ ├── api/ # API client, auth, residences, tasks, etc.
│ ├── demo/ # Demo data provider, mock data
│ └── hooks/ # React Query hooks per domain
└── tests/ # Playwright E2E tests
All client-side API requests go through Next.js proxy route handlers (/api/proxy/...) which attach the auth token from an httpOnly cookie before forwarding to the Go API.
License
Private