feat: establish organizer console access#15
Closed
Elvis020 wants to merge 1 commit into
Closed
Conversation
Add the first website-owned organizer console slice at /organizer-console, including a protected Worker route, Google OAuth PKCE login and callback pages, and session-aware Organizer/Sign out controls across the public site.\n\nThe Worker validates Google identity with Supabase, requires an active admin_memberships row before issuing an opaque HTTP-only devcon_admin cookie, stores only a token hash in admin_sessions, checks current membership status and role on protected requests, records login/logout audit events, and rejects cross-origin session mutations. Public assets stay asset-first; only organizer and auth paths execute Worker code.\n\nDocument the required Cloudflare Worker secrets, Supabase redirect URLs, and Google OAuth origin. Verify with pnpm install --frozen-lockfile, pnpm build, pnpm wrangler deploy --dry-run, generated Worker types, and local Worker smoke checks for public 200, login 200, unauthenticated and forged-cookie console redirects, cross-origin logout 403, missing-config 503, and public 404 behavior.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR starts Phase 3 by adding the secure organizer-console entry point to the Cloudflare-hosted website.
It keeps the public website static-first, but introduces Worker runtime handling only for organizer/auth paths:
/organizer-console/**/api/auth/**All normal public pages and assets remain served through Cloudflare Workers Static Assets.
What this adds
Organizer entry points
Organizeraction to the public website navigation areas.Sign outaction when an organizer session is present./organizer-console/as the protected organizer landing route./organizer-console/login/for Google sign-in./organizer-console/auth/callback/for browser-side auth completion.Google + Supabase auth bridge
public.admin_membershipsbefore creating a website organizer session.devcon_adminsession cookie.public.admin_sessions.public.admin_audit_log.Worker runtime boundary
devcongress-website.SUPABASE_SERVICE_ROLE_KEYserver-only.keep_vars: true.Admin setup required
The current production Worker is static-assets-only, so Cloudflare may not allow Worker runtime secrets to be added until this PR deploys a Worker script.
After the Worker script exists, add these Cloudflare Worker secrets to
devcongress-website:Then rerun the deployment if the first production run needs those secrets.
✅ In Supabase Auth, add necessary allowed redirect URLs(this has been done)
✅ In Google OAuth client, add necessary redirect javascript origin urls (this has been done).
Security notes
public.admin_membershipsin supabase.Out of scope
events-managementapp.Verification
Previously verified on this branch with:
pnpm install --frozen-lockfilepnpm buildpnpm wrangler deploy --dry-run/returned200/organizer-console/login/returned200/organizer-console/without a session redirected to login403503404Full Google OAuth E2E still requires the production Worker secrets and Supabase/Google callback configuration above.