Wire up EncryptID SDK for user authentication with WebAuthn passkeys.
All write API routes (POST/PUT/DELETE) now require auth, while reads
remain public. First user auto-claims orphaned notebooks/notes.
New files:
- src/lib/auth.ts: getAuthUser, requireAuth, getNotebookRole helpers
- src/lib/authFetch.ts: client-side fetch wrapper with JWT token
- src/components/AuthProvider.tsx: EncryptIDProvider wrapper
- src/components/UserMenu.tsx: sign in/out UI for nav bar
- src/app/auth/signin/page.tsx: passkey login/register page
Protected routes: notebooks CRUD, notes CRUD, canvas create, uploads.
Ownership checks: notebook collaborator roles, note author verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace plain Markdown textarea with TipTap editor featuring:
- Toolbar with bold, italic, strike, code, headings, lists, tasks,
blockquotes, code blocks, links, images, undo/redo
- Keyboard shortcuts (Ctrl+B, Ctrl+I, etc.)
- Task list with checkboxes
- Inline image embedding
- Code type notes still use plain textarea for monospace editing
- Note detail view now renders HTML content from TipTap
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Upload API at /api/uploads with 50MB limit, MIME type validation, and
path traversal protection
- Serve uploaded files at /api/uploads/[filename] with immutable caching
- FileUpload component with drag-and-drop, progress, and preview
- IMAGE notes show uploaded image preview in detail view
- FILE notes show download button in detail view
- Docker volume for persistent upload storage
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace Prisma contains-based search with raw SQL using ts_vector/ts_query
for ranked results and headline snippets with <mark> highlighting. Falls
back to ILIKE for partial matches. GIN index applied to production DB.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett