Skip to content

feat(infra): infrastructure provisioning#1

Merged
Ryanakml merged 1 commit intomainfrom
phase/infrastructure-provisioning
Mar 6, 2026
Merged

feat(infra): infrastructure provisioning#1
Ryanakml merged 1 commit intomainfrom
phase/infrastructure-provisioning

Conversation

@Ryanakml
Copy link
Copy Markdown
Owner

@Ryanakml Ryanakml commented Mar 6, 2026
edited by coderabbitai bot
Loading

Summary

  • Provision Redis and Supabase resources for staging and production.
  • Configure WhatsApp Cloud API application and secrets.
  • Add Docker Compose for local Redis and optional OpenTelemetry collector.
  • Provide seed scripts and one-command local development startup.
  • Establish network and security baselines (TLS, restricted ingress, admin access protection).
  • Add IP and rate limiting for sensitive endpoints.

Testing

  • npm run lint (not run)
  • npm run typecheck (not run)
  • npm run test (not run)
  • npm run build (not run)

Summary by CodeRabbit

Release Notes

  • New Features

    • Added admin health endpoint with authentication and rate limiting protections.
    • Added authentication and authorization enforcement to dashboard access.
    • Added local development infrastructure startup and shutdown commands with optional observability collector support.
    • Added HTTPS enforcement with configurable insecure mode for development.

  • Documentation

    • Updated README with local infrastructure setup prerequisites and usage instructions.

  • Chores

    • Added npm scripts for infrastructure and database operations.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 6, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 20dfbded-d7ef-4151-897d-dd3eb56a9045

📥 Commits

Reviewing files that changed from the base of the PR and between 75b7210 and afe0197.

⛔ Files ignored due to path filters (1)
  • apps/api/src/index.js.map is excluded by !**/*.map
📒 Files selected for processing (16)
  • README.md
  • apps/api/src/index.js
  • apps/api/src/index.ts
  • apps/api/tsconfig.json
  • apps/dashboard/middleware.ts
  • apps/worker/tsconfig.json
  • docker-compose.local.yml
  • docker/otel-collector-config.yml
  • package.json
  • packages/config/package.json
  • packages/config/src/index.ts
  • scripts/local-dev-down.sh
  • scripts/local-dev-up.sh
  • scripts/seed-local-db.sh
  • scripts/seed/seed-local.sql
  • typescript
📝 Walkthrough

Walkthrough

This pull request introduces admin authentication and authorization middleware with HTTPS enforcement for the API and dashboard, adds local development infrastructure tooling including Docker Compose configuration with Redis and OpenTelemetry Collector services, implements shell scripts for orchestrating local development environments, and expands environment variable configuration to support new security features.

Changes

Cohort / File(s) Summary
API Admin & Security Features
apps/api/src/index.js, apps/api/src/index.ts		 Added HTTPS enforcement with configurable bypass, IP allowlist validation, per-IP rate limiting, header-based admin user and role authentication/authorization, and new /admin/health endpoint. Includes trust proxy configuration and IP normalization utilities.
Dashboard Middleware
apps/dashboard/middleware.ts		 New Next.js middleware enforcing HTTPS redirect (configurable), requiring admin user header (x-wa-user), and validating role header (x-wa-role) against allowed roles (default 'admin'). Applies to all routes except Next.js internal assets.
TypeScript Configuration
apps/api/tsconfig.json, apps/worker/tsconfig.json		 Updated @wa-chat/config path mappings from dist/index.d.ts to src/index.ts for source-based module resolution during build.
Environment Configuration
packages/config/src/index.ts		 Extended OPTIONAL_ENV_VARS with new admin feature toggles (ALLOW_INSECURE_HTTP, TRUST_PROXY, ADMIN_IP_ALLOWLIST, ADMIN_RATE_LIMIT_WINDOW_MS, ADMIN_RATE_LIMIT_MAX, ADMIN_AUTH_HEADER, ADMIN_ROLE_HEADER, ADMIN_ALLOWED_ROLES).
Package Configuration
packages/config/package.json		 Added exports field with explicit mappings for types, import, and default entry points to dist/index files.
Local Infrastructure Setup
docker-compose.local.yml, docker/otel-collector-config.yml		 Added Docker Compose configuration defining Redis (7.4-alpine) and OpenTelemetry Collector services with health checks, port mappings, and volume mounts. Includes OTEL collector configuration with otlp receiver, batch processor, and logging exporter pipelines.
Development Scripts
scripts/local-dev-up.sh, scripts/local-dev-down.sh, scripts/seed-local-db.sh, scripts/seed/seed-local.sql		 New Bash scripts for local infrastructure lifecycle management (up/down) with optional OTEL profile enablement, automatic database seeding via psql, and seed SQL template for future real data.
Development Commands
package.json		 Added npm scripts: dev:infra, dev:infra:down, and seed:local for streamlined local development workflow.
Documentation
README.md		 Added "Local infrastructure" section documenting Docker prerequisites, one-command startup (scripts/local-dev-up.sh), optional OTEL enablement (ENABLE_OTEL=1), manual seeding, and shutdown commands.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Middleware as Dashboard<br/>Middleware
    participant App as Next.js App
    
    Client->>Middleware: Request (HTTP/HTTPS)
    alt HTTPS Enforcement
        Note over Middleware: Check x-forwarded-proto<br/>or URL protocol
        alt Insecure & ALLOW_INSECURE_HTTP ≠ 'true'
            Middleware-->>Client: 307 Redirect to HTTPS
        end
    end
    
    Middleware->>Middleware: Check x-wa-user header
    alt User Header Missing
        Middleware-->>Client: 401 Unauthorized
    end
    
    Middleware->>Middleware: Check x-wa-role header<br/>& validate against<br/>allowed roles
    alt Role Invalid/Missing
        Middleware-->>Client: 403 Forbidden
    end
    
    Middleware->>App: NextResponse.next()
    App-->>Client: 200 OK
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Behind secure gates with admin's might,
Docker spins Redis through the night,
Scripts and headers guard the site,
Local dev flows pure and bright! 🛡️✨

✨ Finishing Touches
  • 📝 Generate docstrings (stacked PR)
  • 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch phase/infrastructure-provisioning

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Ryanakml Ryanakml merged commit 1859971 into main Mar 6, 2026
1 check was pending
This was referenced Mar 6, 2026
Merged
Merged
Merged
Merged
Merged
@coderabbitai coderabbitai bot mentioned this pull request Mar 14, 2026
Merged
@coderabbitai coderabbitai bot mentioned this pull request Mar 23, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Ryanakml