harivansh-afk/betterNAS
1
1
Fork 0
mirror of https://github.com/harivansh-afk/betterNAS.git synced 2026-04-15 18:01:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
betterNAS/CLAUDE.md
Hari 1bbfb6647d
user-owned DAVs (#14)
2026-04-01 20:26:44 -04:00

2.2 KiB
Raw Blame History

Project Constraints

Delivery sequencing

  • Start with apps/control-plane first.
  • Deliver the core backend in 2 steps, not 3:
    1. control-server plus node-service contract and runtime loop
    2. web control plane on top of that stable backend seam
  • Do not start web UI work until the control-server and node-service contract is stable.

Architecture

  • control-server is the clean backend contract that other parts consume.
  • apps/node-agent reports into apps/control-plane.
  • apps/web reads from apps/control-plane.
  • Local mount UX is issued by apps/control-plane.

Backend contract priorities

  • The first backend seam must cover:
    • node enrollment
    • node heartbeats
    • node export reporting
    • control-server persistence of nodes and exports
    • mount profile issuance for one export
  • control-server should own:
    • node auth
    • user auth
    • mount issuance

Mount profile shape

  • Prefer standard WebDAV username and password semantics for Finder compatibility.
  • The consumer-facing mount profile should behave like:
    • export id
    • display name
    • mount URL
    • username
    • password
    • readonly
    • expires at

Service boundary

  • Keep node-service limited to the WebDAV mount surface.
  • Route admin and control actions through control-server, not directly from browsers to node-service.

User-scoped auth requirements

  • Remove the bootstrap token flow for v1.
  • Use a single user-provided username and password across the entire stack:
    • apps/node-agent authenticates with the user's username and password from environment variables
    • web app sessions authenticate with the same username and password
    • WebDAV and Finder authentication use the same username and password
  • Do not generate separate WebDAV credentials for users.
  • Nodes and exports must be owned by users and scoped so authenticated users can only view and mount their own resources.
  • Package the node binary for user download and distribution.

V1 simplicity

  • Keep the implementation as simple as possible.
  • Do not over-engineer the auth or distribution model for v1.
  • Prefer the smallest change set that makes the product usable and distributable.