Rebuild authentication from scratch

.env.example

@@ -1,18 +1,32 @@
-# Local DB Connect String
-# Based on the docker compose database template
+# --- Postgres Database Connection URL ---
+# The provided example corresponds to the docker compose database
 DATABASE_URL=postgres://cscrew:database@localhost:32700/hackhelp
 
-# Organization to test on
+AUTH_SECRET=
+BASE_URL=
+
+# --- GitHub App Configuration
+# Organization for HackHelp to integrate with. It is a single tenant app and is not designed to work across multiple orgs at once.
 PUBLIC_GITHUB_ORGNAME=UVMHacks2026
 
 GITHUB_APP_ID=
-GITHUB_APP_INSTALL_ID=
+# Client ID for OAuth
 GITHUB_APP_CLIENT_ID=
+# Client Secret for OAuth
 GITHUB_APP_CLIENT_SECRET=
+# App Private Key 
 GITHUB_APP_PRIVATE_KEY=
-
+# Signing webhooks
 GITHUB_WEBHOOK_SECRET=
 
-PUBLIC_SHOW_CHALLENGES=
+# --- UVM NetID OIDC Configuration ---
+# Allows UVM faculty and students to sign in with their NetIDs via Microsoft Entra
+UVM_NETID_OIDC_CLIENT_ID=
+UVM_NETID_OIDC_CLIENT_SECRET=
+UVM_NETID_OIDC_DISCOVERY_URL=
 
-WHITELIST_ENDPOINT_TOKEN=
+# --- SMTP Connection URL for sending emails ---
+# This example URL applies to servers that use STARTTLS on port 587. ?pool=true enables connection pooling.
+SMTP_URL="smtp://user:pass@smtp.example.com:587/?pool=true"
+# Email account to send from
+PUBLIC_SMTP_FROM="user@example.com"

README.md

@@ -20,14 +20,26 @@ The connection string with the credentials as set in the repo is `postgres://csc
 
 #### Set up environment variables
 
-| Env Var                    | Description                                             |
-| -------------------------- | ------------------------------------------------------- |
-| `DATABASE_URL`             | The url of your PostgreSQL database                     |
-| `GITHUB_APP_ID`            |                                                         |
-| `GITHUB_APP_PRIVATE_KEY`   |                                                         |
-| `GITHUB_APP_CLIENT_ID`     | OAuth Client ID of the Github App                       |
-| `GITHUB_APP_CLIENT_SECRET` | OAuth Client Secret of the Github App                   |
-| `PUBLIC_GITHUB_ORGNAME`    | The slug of the GitHub Org that HackHelp should control |
+See `.env.example` for all required environment variables
+
+#### GitHub App Credentials
+
+##### Permissions
+
+**Repository permissions**
+
+- Administration: Read & Write
+- Contents: Read
+- Issues: Read & Write
+
+**Organization permissions**
+
+- Administration: Read & Write
+- Members: Read & Write
+
+**Account permissions**
+
+- Email addresses: Read
 
 ### Get Started
 

drizzle/0000_silky_the_hood.sql

@@ -0,0 +1,75 @@
+CREATE TABLE "configuration" (
+	"key" text PRIMARY KEY NOT NULL,
+	"value" json
+);
+--> statement-breakpoint
+CREATE TABLE "account" (
+	"id" text PRIMARY KEY NOT NULL,
+	"account_id" text NOT NULL,
+	"provider_id" text NOT NULL,
+	"user_id" text NOT NULL,
+	"access_token" text,
+	"refresh_token" text,
+	"id_token" text,
+	"access_token_expires_at" timestamp,
+	"refresh_token_expires_at" timestamp,
+	"scope" text,
+	"password" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "passkey" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text,
+	"public_key" text NOT NULL,
+	"user_id" text NOT NULL,
+	"credential_id" text NOT NULL,
+	"counter" integer NOT NULL,
+	"device_type" text NOT NULL,
+	"backed_up" boolean NOT NULL,
+	"transports" text,
+	"created_at" timestamp,
+	"aaguid" text
+);
+--> statement-breakpoint
+CREATE TABLE "session" (
+	"id" text PRIMARY KEY NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"token" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"ip_address" text,
+	"user_agent" text,
+	"user_id" text NOT NULL,
+	CONSTRAINT "session_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE "user" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"email" text NOT NULL,
+	"email_verified" boolean DEFAULT false NOT NULL,
+	"image" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "user_email_unique" UNIQUE("email")
+);
+--> statement-breakpoint
+CREATE TABLE "verification" (
+	"id" text PRIMARY KEY NOT NULL,
+	"identifier" text NOT NULL,
+	"value" text NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "account" ADD CONSTRAINT "account_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "passkey" ADD CONSTRAINT "passkey_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "session" ADD CONSTRAINT "session_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "account_userId_idx" ON "account" USING btree ("user_id");--> statement-breakpoint
+CREATE INDEX "passkey_userId_idx" ON "passkey" USING btree ("user_id");--> statement-breakpoint
+CREATE INDEX "passkey_credentialID_idx" ON "passkey" USING btree ("credential_id");--> statement-breakpoint
+CREATE INDEX "session_userId_idx" ON "session" USING btree ("user_id");--> statement-breakpoint
+CREATE INDEX "verification_identifier_idx" ON "verification" USING btree ("identifier");

drizzle/0001_elite_omega_red.sql

@@ -0,0 +1,5 @@
+ALTER TABLE "session" ADD COLUMN "impersonated_by" text;--> statement-breakpoint
+ALTER TABLE "user" ADD COLUMN "role" text;--> statement-breakpoint
+ALTER TABLE "user" ADD COLUMN "banned" boolean DEFAULT false;--> statement-breakpoint
+ALTER TABLE "user" ADD COLUMN "ban_reason" text;--> statement-breakpoint
+ALTER TABLE "user" ADD COLUMN "ban_expires" timestamp;

drizzle/0002_violet_norman_osborn.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "user" ADD COLUMN "username" text;--> statement-breakpoint
+ALTER TABLE "user" ADD COLUMN "display_username" text;--> statement-breakpoint
+ALTER TABLE "user" ADD CONSTRAINT "user_username_unique" UNIQUE("username");