Move calendar config from hardcoded values to DB

Add calendar_users table and load calendar users + auth token from
the database instead of hardcoding in src/config.ts. Seed script
gracefully skips entries when dependencies are missing.

- Add migration 002_calendar_users
- Add scripts/seed-calendar.ts for calendar-specific seeding
- Add getCalendarUsers(), getAuthToken() to src/db.ts
- Load calendar config from DB in instrumentation.ts
- Show calendar users on /config page
- Add DB query tests in src/db.test.ts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: hubyrod

app/config/page.tsx

@@ -1,4 +1,4 @@
-import { getAuthTokens, getGroups, getRoutes } from "@/src/db";
+import { getAuthTokens, getGroups, getRoutes, getCalendarUsers } from "@/src/db";
 
 export const dynamic = "force-dynamic";
 
@@ -50,10 +50,11 @@ const streamBadge: React.CSSProperties = {
 };
 
 export default async function ConfigPage() {
-  const [authTokens, groups, routes] = await Promise.all([
+  const [authTokens, groups, routes, calendarUsers] = await Promise.all([
     getAuthTokens(),
     getGroups(),
     getRoutes(),
+    getCalendarUsers(),
   ]);
 
   return (
@@ -147,6 +148,31 @@ export default async function ConfigPage() {
           </tbody>
         </table>
       </div>
+      {calendarUsers.length > 0 && (
+        <div style={section}>
+          <h2 style={{ fontSize: "1.125rem", fontWeight: 600, marginBottom: "0.75rem" }}>
+            Calendar Users
+          </h2>
+          <table style={table}>
+            <thead>
+              <tr>
+                <th style={th}>Name</th>
+                <th style={th}>Calendar ID</th>
+                <th style={th}>Target ID</th>
+              </tr>
+            </thead>
+            <tbody>
+              {calendarUsers.map((u) => (
+                <tr key={u.name}>
+                  <td style={td}>{u.name}</td>
+                  <td style={{ ...td, ...mono }}>{u.calendarId}</td>
+                  <td style={{ ...td, ...mono }}>{u.targetId}</td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        </div>
+      )}
     </main>
   );
 }

instrumentation.ts

@@ -1,6 +1,6 @@
 import { join } from "node:path";
 import { loadAppConfig } from "@/src/config";
-import { runMigrations, getAllRoutes } from "@/src/db";
+import { runMigrations, getAllRoutes, getCalendarUsers, getAuthToken } from "@/src/db";
 import { validateConnection, type SlashworkConnection } from "@/src/slashwork";
 import { validateCalendarAuth } from "@/src/calendar/auth";
 import { startCalendarPoller } from "@/src/calendar/poller";
@@ -36,15 +36,35 @@ export async function register() {
     log("error", `Failed to load routes from DB: ${err}`);
   }
 
-  if (config.calendar) {
-    const cal = config.calendar;
+  if (process.env.GOOGLE_SERVICE_ACCOUNT_KEY) {
+    try {
+      const calendarAuthToken = await getAuthToken("google_calendar");
+      const calendarUsers = await getCalendarUsers();
 
-    validateCalendarAuth(cal.serviceAccountKey).then(
-      () => {
-        log("info", "Calendar: Google auth validated");
-        startCalendarPoller(cal, config.slashwork.graphqlUrl, log);
-      },
-      (err) => log("error", `Calendar: auth failed — ${err}`),
-    );
+      if (!calendarAuthToken) {
+        log("error", 'Calendar: auth_token "google_calendar" not found in DB');
+        return;
+      }
+      if (calendarUsers.length === 0) {
+        log("warn", "Calendar: no users configured in DB");
+        return;
+      }
+
+      const calendarConfig = {
+        serviceAccountKey: process.env.GOOGLE_SERVICE_ACCOUNT_KEY,
+        authToken: calendarAuthToken,
+        users: calendarUsers,
+      };
+
+      validateCalendarAuth(calendarConfig.serviceAccountKey).then(
+        () => {
+          log("info", "Calendar: Google auth validated");
+          startCalendarPoller(calendarConfig, config.slashwork.graphqlUrl, log);
+        },
+        (err) => log("error", `Calendar: auth failed — ${err}`),
+      );
+    } catch (err) {
+      log("error", `Calendar: failed to load config from DB: ${err}`);
+    }
   }
 }

migrations/002_calendar_users.sql

@@ -0,0 +1,5 @@
+CREATE TABLE calendar_users (
+  name        TEXT PRIMARY KEY,
+  calendar_id TEXT NOT NULL,
+  target_id   TEXT NOT NULL
+);

scripts/seed-calendar.ts

@@ -0,0 +1,52 @@
+/**
+ * Seeds calendar-related data into the database.
+ * Run migrations first: bun scripts/migrate.ts
+ */
+import pg from "pg";
+
+const connectionString = process.env.POSTGRESQL_ADDON_URI;
+if (!connectionString) {
+  console.error("POSTGRESQL_ADDON_URI environment variable is required");
+  process.exit(1);
+}
+
+const pool = new pg.Pool({ connectionString });
+
+async function seed() {
+  console.log("Seeding calendar data...");
+
+  // Seed calendar auth token
+  const calendarToken = process.env.SLASHWORK_AUTH_TOKEN_GOOGLE_CALENDAR;
+  if (calendarToken) {
+    await pool.query(
+      `INSERT INTO auth_tokens (name, token) VALUES ($1, $2)
+       ON CONFLICT (name) DO UPDATE SET token = EXCLUDED.token`,
+      ["google_calendar", calendarToken],
+    );
+    console.log('  auth_token "google_calendar" seeded');
+  } else {
+    console.warn("  Skipping auth_token: SLASHWORK_AUTH_TOKEN_GOOGLE_CALENDAR not set");
+  }
+
+  // Seed calendar users
+  const users = [
+    { name: "Hugo", calendarId: "hugo@skiplabs.io", targetId: "g_cR_HOoSUCphBLt7gktCEyi" },
+  ];
+
+  for (const u of users) {
+    await pool.query(
+      `INSERT INTO calendar_users (name, calendar_id, target_id) VALUES ($1, $2, $3)
+       ON CONFLICT (name) DO UPDATE SET calendar_id = EXCLUDED.calendar_id, target_id = EXCLUDED.target_id`,
+      [u.name, u.calendarId, u.targetId],
+    );
+    console.log(`  calendar_user "${u.name}" seeded`);
+  }
+
+  console.log("Done.");
+  await pool.end();
+}
+
+seed().catch((err) => {
+  console.error("Seed failed:", err);
+  process.exit(1);
+});

scripts/setup-db.ts

@@ -22,37 +22,48 @@ async function seed() {
     { name: "skip", envVar: "SLASHWORK_AUTH_TOKEN_SKIP" },
   ];
 
+  const seededTokens = new Set<string>();
   for (const { name, envVar } of tokenEntries) {
     const token = process.env[envVar];
     if (!token) {
-      console.warn(`Skipping auth_token "${name}": ${envVar} not set`);
+      console.warn(`  Skipping auth_token "${name}": ${envVar} not set`);
       continue;
     }
     await pool.query(
       `INSERT INTO auth_tokens (name, token) VALUES ($1, $2)
        ON CONFLICT (name) DO UPDATE SET token = EXCLUDED.token`,
       [name, token],
     );
+    seededTokens.add(name);
     console.log(`  auth_token "${name}" seeded`);
   }
 
-  // Seed groups
+  // Seed groups (skip if auth token wasn't seeded)
   const groups = [
     { name: "skipper", slashworkId: "g_aVypv5BKvHiKP3tikjHjtj", authToken: "skipper" },
     { name: "skjs", slashworkId: "g_d_Px84GPeIF977BNqP0fGn", authToken: "skjs" },
     { name: "skip", slashworkId: "g_cQCWnkXg9OvL08OvMC6XKZ", authToken: "skip" },
   ];
 
+  const seededGroups = new Set<string>();
   for (const g of groups) {
+    // Check if token exists in DB (may have been seeded in a previous run)
+    const tokenExists = seededTokens.has(g.authToken) ||
+      (await pool.query("SELECT 1 FROM auth_tokens WHERE name = $1", [g.authToken])).rows.length > 0;
+    if (!tokenExists) {
+      console.warn(`  Skipping group "${g.name}": auth_token "${g.authToken}" not available`);
+      continue;
+    }
     await pool.query(
       `INSERT INTO groups (name, slashwork_id, auth_token) VALUES ($1, $2, $3)
        ON CONFLICT (name) DO UPDATE SET slashwork_id = EXCLUDED.slashwork_id, auth_token = EXCLUDED.auth_token`,
       [g.name, g.slashworkId, g.authToken],
     );
+    seededGroups.add(g.name);
     console.log(`  group "${g.name}" seeded`);
   }
 
-  // Seed routes
+  // Seed routes (skip if dependencies aren't available)
   const routes: Array<
     | { name: string; groupName: string; streamId?: undefined; authToken?: undefined }
     | { name: string; groupName?: undefined; streamId: string; authToken: string }
@@ -65,6 +76,22 @@ async function seed() {
   ];
 
   for (const r of routes) {
+    if (r.groupName) {
+      const groupExists = seededGroups.has(r.groupName) ||
+        (await pool.query("SELECT 1 FROM groups WHERE name = $1", [r.groupName])).rows.length > 0;
+      if (!groupExists) {
+        console.warn(`  Skipping route "${r.name}": group "${r.groupName}" not available`);
+        continue;
+      }
+    }
+    if (r.authToken) {
+      const tokenExists = seededTokens.has(r.authToken) ||
+        (await pool.query("SELECT 1 FROM auth_tokens WHERE name = $1", [r.authToken])).rows.length > 0;
+      if (!tokenExists) {
+        console.warn(`  Skipping route "${r.name}": auth_token "${r.authToken}" not available`);
+        continue;
+      }
+    }
     await pool.query(
       `INSERT INTO routes (name, group_name, stream_id, auth_token) VALUES ($1, $2, $3, $4)
        ON CONFLICT (name) DO UPDATE SET group_name = EXCLUDED.group_name, stream_id = EXCLUDED.stream_id, auth_token = EXCLUDED.auth_token`,

src/config.ts

@@ -35,25 +35,8 @@ export function loadAppConfig(): AppConfig {
     throw new Error("config: SLASHWORK_GRAPHQL_URL is required");
   }
 
-  const config: AppConfig = {
+  return {
     github: { webhookSecret },
     slashwork: { graphqlUrl },
   };
-
-  if (process.env.GOOGLE_SERVICE_ACCOUNT_KEY) {
-    const authToken = process.env.SLASHWORK_AUTH_TOKEN_GOOGLE_CALENDAR;
-    if (!authToken) {
-      throw new Error("config: SLASHWORK_AUTH_TOKEN_GOOGLE_CALENDAR is required when GOOGLE_SERVICE_ACCOUNT_KEY is set");
-    }
-
-    config.calendar = {
-      serviceAccountKey: process.env.GOOGLE_SERVICE_ACCOUNT_KEY,
-      authToken,
-      users: [
-        { name: "Hugo", calendarId: "hugo@skiplabs.io", targetId: "g_cR_HOoSUCphBLt7gktCEyi" },
-      ],
-    };
-  }
-
-  return config;
 }

src/db.test.ts

@@ -0,0 +1,101 @@
+import { test, expect, describe, beforeAll, afterAll } from "bun:test";
+import pg from "pg";
+import {
+  getCalendarUsers,
+  getAuthToken,
+  getAuthTokens,
+  getGroups,
+  getRoutes,
+  getAllRoutes,
+  resolveRouteFromDb,
+} from "./db";
+
+// These tests require POSTGRESQL_ADDON_URI to be set and the DB to be migrated+seeded.
+// They read existing data — no writes, no cleanup needed.
+
+const hasDb = !!process.env.POSTGRESQL_ADDON_URI;
+
+describe.skipIf(!hasDb)("db queries", () => {
+  test("getAuthTokens returns entries with masked tokens", async () => {
+    const tokens = await getAuthTokens();
+    expect(tokens.length).toBeGreaterThan(0);
+    for (const t of tokens) {
+      expect(t.name).toBeTruthy();
+      expect(t.tokenPreview).toMatch(/^.{8}\.\.\..{4}$/);
+    }
+  });
+
+  test("getAuthToken returns token for known name", async () => {
+    const token = await getAuthToken("skipper");
+    expect(token).toBeTruthy();
+    expect(typeof token).toBe("string");
+  });
+
+  test("getAuthToken returns null for unknown name", async () => {
+    const token = await getAuthToken("nonexistent_token_xyz");
+    expect(token).toBeNull();
+  });
+
+  test("getGroups returns entries with required fields", async () => {
+    const groups = await getGroups();
+    expect(groups.length).toBeGreaterThan(0);
+    for (const g of groups) {
+      expect(g.name).toBeTruthy();
+      expect(g.slashworkId).toBeTruthy();
+      expect(g.authToken).toBeTruthy();
+    }
+  });
+
+  test("getRoutes returns entries with correct shape", async () => {
+    const routes = await getRoutes();
+    expect(routes.length).toBeGreaterThan(0);
+    for (const r of routes) {
+      expect(r.name).toBeTruthy();
+      // Each route is either group-based or stream-based
+      if (r.groupName) {
+        expect(r.streamId).toBeNull();
+        expect(r.authToken).toBeNull();
+      } else {
+        expect(r.streamId).toBeTruthy();
+        expect(r.authToken).toBeTruthy();
+      }
+    }
+  });
+
+  test("getAllRoutes resolves target IDs and auth tokens", async () => {
+    const routes = await getAllRoutes();
+    expect(routes.length).toBeGreaterThan(0);
+    for (const r of routes) {
+      expect(r.name).toBeTruthy();
+      expect(r.targetId).toBeTruthy();
+      expect(r.authToken).toBeTruthy();
+    }
+  });
+
+  test("resolveRouteFromDb returns resolved route for known name", async () => {
+    const route = await resolveRouteFromDb("skipper");
+    expect(route).not.toBeNull();
+    expect(route!.targetId).toBeTruthy();
+    expect(route!.authToken).toBeTruthy();
+  });
+
+  test("resolveRouteFromDb returns null for unknown route", async () => {
+    const route = await resolveRouteFromDb("nonexistent_route_xyz");
+    expect(route).toBeNull();
+  });
+
+  test("getCalendarUsers returns entries with required fields", async () => {
+    const users = await getCalendarUsers();
+    expect(users.length).toBeGreaterThan(0);
+    for (const u of users) {
+      expect(u.name).toBeTruthy();
+      expect(u.calendarId).toBeTruthy();
+      expect(u.targetId).toBeTruthy();
+    }
+  });
+
+  test("getAuthToken returns calendar token", async () => {
+    const token = await getAuthToken("google_calendar");
+    expect(token).toBeTruthy();
+  });
+});