|
| 1 | +# `sample-code-review` |
| 2 | + |
| 3 | +Monorepo **inside rockets**: the layout is inspired by [rockets-starter](https://github.com/btwld/rockets-starter) (`apps/api` + `apps/web`), but the backend uses **`workspace:^`** — local packages in `packages/*`, **not** the starter's npm versions such as `@bitwild/rockets@1.0.0-alpha.7`. |
| 4 | + |
| 5 | +```text |
| 6 | +rockets/ ← SDK monorepo (source of truth) |
| 7 | +├── packages/rockets-core, rockets-server, … |
| 8 | +└── examples/sample-code-review/ |
| 9 | + ├── apps/ |
| 10 | + │ ├── api/ NestJS + local Rockets (`api`) :3001 |
| 11 | + │ └── web/ Vite + React (`web`) :3000 |
| 12 | + └── packages/typescript-config/ (shared TS only) |
| 13 | +``` |
| 14 | + |
| 15 | +## Authentication (Firebase → token → Rockets server) |
| 16 | + |
| 17 | +Firebase is **not** the application backend. It only issues the **ID token**; the **Rockets server** validates that token on **every** request. |
| 18 | + |
| 19 | +```text |
| 20 | +Web (Firebase Auth) API (@bitwild/rockets) |
| 21 | +───────────────── ─────────────────────── |
| 22 | +email/password login → (does not participate in login) |
| 23 | +getIdToken() → Authorization: Bearer <Firebase JWT> |
| 24 | + → AuthServerGuard (global) |
| 25 | + → FirebaseAuthAdapter.validateToken() |
| 26 | + → request.user = AuthorizedUser (uid, email, roles…) |
| 27 | + → GET /me, /github/*, /analysis/* |
| 28 | +``` |
| 29 | + |
| 30 | +| Layer | Responsibility | |
| 31 | +|-------|----------------| |
| 32 | +| **Firebase (client)** | Web login; `user.getIdToken()` | |
| 33 | +| **`@bitwild/rockets-adapter-firebase`** | Admin SDK / verifier: `verifyIdToken` | |
| 34 | +| **`@bitwild/rockets` (`RocketsModule`)** | `APP_GUARD` + `MeController` + protected routes | |
| 35 | +| **Your controllers** | `@AuthUser()`, `@Ctx()` — user already authenticated | |
| 36 | + |
| 37 | +API config: `RocketsModule.forRoot({ auth: defineFirebaseAuth(), … })` with `authProviderExternallyManaged: true` (the user lives in Firebase, not in the local signup table). |
| 38 | + |
| 39 | +**For real tokens to work:** the same `projectId` must be used in web (`VITE_FIREBASE_PROJECT_ID`) and API (`FIREBASE_PROJECT_ID=rockets-review-demo`). The service account JSON is **optional** in development — the Admin SDK can start with only `projectId`. `FIREBASE_USE_FAKE` must stay **disabled** in `apps/api/.env`. |
| 40 | + |
| 41 | +Quick verification after web login (DevTools → Network → any API call) or: |
| 42 | + |
| 43 | +```bash |
| 44 | +curl -H "Authorization: Bearer <firebase-id-token>" http://localhost:3001/me |
| 45 | +``` |
| 46 | + |
| 47 | +## Local SDK (required) |
| 48 | + |
| 49 | +`apps/api/package.json` declares: |
| 50 | + |
| 51 | +```json |
| 52 | +"@bitwild/rockets": "workspace:^", |
| 53 | +"@bitwild/rockets-core": "workspace:^", |
| 54 | +"@bitwild/rockets-adapter-firebase": "workspace:^" |
| 55 | +``` |
| 56 | + |
| 57 | +Yarn resolves these to `packages/rockets-server`, `packages/rockets-core`, and so on — the same codebase used by [`sample-server`](../sample-server/). |
| 58 | + |
| 59 | +**Before the first `dev`**, build the parent monorepo packages: |
| 60 | + |
| 61 | +```bash |
| 62 | +# from the rockets repository root |
| 63 | +yarn build |
| 64 | +``` |
| 65 | + |
| 66 | +## Quick start |
| 67 | + |
| 68 | +### 1. API (`apps/api/.env`) |
| 69 | + |
| 70 | +```bash |
| 71 | +cp apps/api/.env.example apps/api/.env |
| 72 | +``` |
| 73 | + |
| 74 | +**GitHub OAuth App → Authorization callback URL:** |
| 75 | + |
| 76 | +```text |
| 77 | +http://localhost:3000/auth/github/callback |
| 78 | +``` |
| 79 | + |
| 80 | +It must match `GITHUB_OAUTH_CALLBACK_URL` in the API `.env`. |
| 81 | + |
| 82 | +**Firebase Admin:** `apps/api/secrets/firebase-service-account.json` |
| 83 | + |
| 84 | +### 2. Web (`apps/web/.env`) |
| 85 | + |
| 86 | +```bash |
| 87 | +cp apps/web/.env.example apps/web/.env |
| 88 | +``` |
| 89 | + |
| 90 | +```env |
| 91 | +VITE_API_URL=http://localhost:3001 |
| 92 | +VITE_FIREBASE_API_KEY=... |
| 93 | +VITE_FIREBASE_AUTH_DOMAIN=... |
| 94 | +VITE_FIREBASE_PROJECT_ID=... |
| 95 | +VITE_FIREBASE_APP_ID=... |
| 96 | +``` |
| 97 | + |
| 98 | +### 3. Run API + Web |
| 99 | + |
| 100 | +From the **rockets root** (recommended): |
| 101 | + |
| 102 | +```bash |
| 103 | +yarn build |
| 104 | +yarn workspace sample-code-review dev |
| 105 | +``` |
| 106 | + |
| 107 | +Or only inside the example: |
| 108 | + |
| 109 | +```bash |
| 110 | +cd examples/sample-code-review |
| 111 | +yarn dev |
| 112 | +``` |
| 113 | + |
| 114 | +| App | URL | |
| 115 | +|-----|-----| |
| 116 | +| Web | http://localhost:3000 | |
| 117 | +| API | http://localhost:3001 | |
| 118 | +| Swagger | http://localhost:3001/api | |
| 119 | + |
| 120 | +### 4. Flow |
| 121 | + |
| 122 | +1. Sign in with Firebase (email/password) |
| 123 | +2. Connect GitHub → callback `/auth/github/callback` |
| 124 | +3. Choose a repo → Run code review (GitHub API + OpenAI `gpt-4o-mini` when `OPENAI_API_KEY` or `OPEN_API_KEY` is present in `apps/api/.env`) |
| 125 | +4. Open the report |
| 126 | + |
| 127 | +**OpenAI (optional, inexpensive for testing):** |
| 128 | + |
| 129 | +```env |
| 130 | +OPENAI_API_KEY=sk-... # or OPEN_API_KEY |
| 131 | +OPENAI_MODEL=gpt-4o-mini |
| 132 | +``` |
| 133 | + |
| 134 | +## Two persistence backends |
| 135 | + |
| 136 | +| Data | Backend | Config | |
| 137 | +|------|---------|--------| |
| 138 | +| GitHub OAuth / connection, `userMetadata` | **SQLite** (TypeORM via `repository` in `RocketsModule`) | `DATABASE_PATH` or `:memory:` | |
| 139 | +| Code review reports | **Firestore** via `@bitwild/rockets-repository-firestore` | `FIREBASE_FIRESTORE_REPORTS_COLLECTION` (default: `code_review_reports`) | |
| 140 | + |
| 141 | +`CodeReviewReportEntity` declares `repository: FirestoreRepositoryModule` in its bundle — the same per-entity override pattern Rockets uses for TypeORM. Services use `@InjectDynamicRepository` + `RepositoryInterface`, not custom storage code. |
| 142 | + |
| 143 | +Each report is stored as a document in `code_review_reports/{reportId}`. The list endpoint supports API filters: |
| 144 | + |
| 145 | +- `GET /analysis/reports?github=org/repo` — GitHub repository |
| 146 | +- `GET /analysis/reports?q=text` — search in `fullName` and `summary` |
| 147 | +- `GET /analysis/reports?status=completed` — job status |
| 148 | + |
| 149 | +E2E uses `FIREBASE_FIRESTORE_USE_FAKE=true` (in-memory Firestore). In production, enable **Cloud Firestore** in the Firebase Console (Native mode). |
| 150 | + |
| 151 | +New monorepo package: `packages/rockets-repository-firestore` (mirrors the role played by `@concepta/nestjs-repository-typeorm`). |
| 152 | + |
| 153 | +## Scripts |
| 154 | + |
| 155 | +| Command | Description | |
| 156 | +|---------|-------------| |
| 157 | +| `yarn dev` | API + Web in parallel (`concurrently`) | |
| 158 | +| `yarn dev:api` | API only | |
| 159 | +| `yarn dev:web` | Web only | |
| 160 | +| `yarn build` | Build both apps | |
| 161 | +| `yarn test:e2e` | API E2E (test fakes enabled) | |
| 162 | + |
| 163 | +From the **rockets** root: |
| 164 | + |
| 165 | +| Command | Description | |
| 166 | +|---------|-------------| |
| 167 | +| `yarn sample-code-review:dev` | `yarn build` (local SDK) + `dev` | |
| 168 | +| `yarn sample-code-review:test:e2e` | build + e2e | |
| 169 | + |
| 170 | +## Difference vs `rockets-starter` |
| 171 | + |
| 172 | +| `rockets-starter` (GitHub) | This example | |
| 173 | +|----------------------------|--------------| |
| 174 | +| `@bitwild/rockets@1.0.0-alpha.7` from npm | `workspace:^` → local `packages/*` | |
| 175 | +| Built-in `@bitwild/rockets-auth` | Firebase via `defineFirebaseAuth()` | |
| 176 | +| Next.js web | Vite + React (same ports 3000/3001) | |
| 177 | +| PostgreSQL | SQLite (like `sample-server`) | |
| 178 | + |
| 179 | +## Related |
| 180 | + |
| 181 | +- [`../sample-server/`](../sample-server/) — canonical Rockets config |
| 182 | +- [`apps/api/src/app.module.ts`](apps/api/src/app.module.ts) — `RocketsModule.forRoot` |
0 commit comments