# Momswap Geo Backend

Go backend service for user-owned GeoJSON feature collections with Ed25519 authentication and invitation-based onboarding.

## What is implemented

- Ed25519 challenge-response auth (`/v1/auth/challenge`, `/v1/auth/login`)
- Hybrid invitation onboarding (signed invite payload + inviter lineage)
- User registration with ownership proof (`/v1/auth/register`)
- Per-user collections and Point feature CRUD endpoints
- Static no-build frontend (`web/`) using Vue + Vuetify from CDN
- Reusable TypeScript API client (`libs/geo-api-client`) using `@noble/ed25519`
- Bun tests for the TS client and Go tests for API flows
- Gitea CI workflow running Go and Bun test suites

## Quick start

```bash
go test ./...
go run ./cmd/api
```

Run tests via Docker (avoids local permission issues, e.g. `var/`):

```bash
docker compose --profile test run --rm test
```

Primary deployed base URL: `https://momswap.produktor.duckdns.org/`.

Local default (for development): `http://localhost:8122`.

Optional environment variables:

- `ADDR` (default `:8122`)
- `ADMIN_PUBLIC_KEY` — **required for registration**: bootstrap admin + service key for `register-by-signature`. Generate with `./bin/gen-admin-key.sh`
- `SERVICE_PUBLIC_KEY` (public key users sign to register; defaults to `ADMIN_PUBLIC_KEY`)

**Deployment:** Set `ADMIN_PUBLIC_KEY` before starting. Without it, `/v1/service-key` returns 503 and registration is disabled.

## Docker Compose

Generate server keys (creates `etc/server-service.*`), then build and run:

```bash
./bin/gen-server-keys.sh
COMPOSE_BAKE=true docker compose up --build -d
```

Or use `./bin/up.sh` which runs the key generation if needed.

This starts:

- `db` (`postgis/postgis`) on `5432`
- `api` on `8122`, wired with `DATABASE_URL` to the `db` service

Stop the service:

```bash
docker compose down
```

For local development with auto-rebuild on file changes:

```bash
COMPOSE_BAKE=true docker compose --profile dev up --watch
```

Notes:

- `api` service listens on `8122` inside the container, mapped to host `8122` (reverse proxy at `https://momswap.produktor.duckdns.org`).
- `api` service uses the production `runtime` image target.
- `api-dev` profile uses the `dev` image target and Docker Compose watch.
- DB defaults can be overridden via `POSTGRES_DB`, `POSTGRES_USER`, `POSTGRES_PASSWORD`.

## Frontend

Frontend is served by the Go backend at runtime.

Example:

```bash
go run ./cmd/api
```

Then visit:

- Production: `https://momswap.produktor.duckdns.org/web/`
- Local: `http://localhost:8122/web/`

## API client library

Path: `libs/geo-api-client`

```bash
cd libs/geo-api-client
bun install
bun test
bun run build
```

Frontend TypeScript integration guide:

- `docs/typescript-frontend-integration.md`
- `docs/ed25519-security-use-cases.md`

## CI

Workflow: `.gitea/workflows/ci.yml`

- `go test ./...`
- `bun test` in `libs/geo-api-client`

## Testing policy

- Keep fast unit tests as the default (`go test ./...`).
- If a test requires a real Postgres instance, use embedded/ephemeral Postgres in the test process or test fixture lifecycle.
- Do not require manually running an external Postgres container for routine test runs.