{"id":50136897,"url":"https://github.com/nickchampion/node-vault","last_synced_at":"2026-05-23T22:30:26.890Z","repository":{"id":359549897,"uuid":"1227169097","full_name":"nickchampion/node-vault","owner":"nickchampion","description":"A privacy information portal covering three practical paths to reducing your digital footprint: de-Googling your phone with GrapheneOS, replacing cloud subscriptions with a self-hosted UmbrelOS home server, and protecting your home network from IoT surveillance.","archived":false,"fork":false,"pushed_at":"2026-05-22T16:38:36.000Z","size":668,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-22T16:58:12.162Z","etag":null,"topics":["grapheneos","networking","phones","privacy","umbrelos"],"latest_commit_sha":null,"homepage":"https://www.nodvault.cloud","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nickchampion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-02T09:58:19.000Z","updated_at":"2026-05-22T16:38:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nickchampion/node-vault","commit_stats":null,"previous_names":["nickchampion/node-vault"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/nickchampion/node-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickchampion%2Fnode-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickchampion%2Fnode-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickchampion%2Fnode-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickchampion%2Fnode-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nickchampion","download_url":"https://codeload.github.com/nickchampion/node-vault/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickchampion%2Fnode-vault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33415020,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-23T22:14:44.296Z","status":"ssl_error","status_checked_at":"2026-05-23T22:14:43.778Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["grapheneos","networking","phones","privacy","umbrelos"],"created_at":"2026-05-23T22:30:26.007Z","updated_at":"2026-05-23T22:30:26.881Z","avatar_url":"https://github.com/nickchampion.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NodeVault\n\nAn NX monorepo containing two frontend applications, a shared REST API, and a set of platform components.\n\n**NodeVault** (`nodevault.cloud`) — a privacy information portal covering three practical paths to reducing your digital footprint: de-Googling your phone with GrapheneOS, replacing cloud subscriptions with a self-hosted UmbrelOS home server, and protecting your home network from IoT surveillance.\n\n**Nick Champion** (`nickchampion.me`) — a personal profile and CV site showcasing engineering background, technical expertise, and project work.\n\n---\n\n## Apps\n\n### `apps/api` — REST API\n\nNode.js API server built on Koa with OpenAPI v3 validation via `openapi-backend`. Runs locally with `tsx watch` and deploys to [Fly.io](https://fly.io) as a Docker container (`nodevault-api`, `lhr` region).\n\n**Stack:** Node.js · Koa · openapi-backend · RavenDB · TypeScript\n\n**Dev server:** `pnpm run api` → `http://api.nodevault.local:9002`\n\n#### Auth flow\n\nMagic-link, no passwords:\n\n1. `POST /auth/login` — looks up user by email, generates an encrypted token stored as a `LoginToken` document (10-minute TTL via RavenDB `@expires`), fetches the rendered login email from the Nuxt app, and sends it via Resend.\n2. User clicks the link → `POST /auth/verify` — decrypts the code, validates the `LoginToken`, marks it used, and returns a signed JWT + user/account payload.\n\n#### Handler pattern\n\n```typescript\nexport const authLogin: ApiHandler = async (context): Promise\u003cResponse\u003e =\u003e {\n  const { email } = context.event.payload as LoginRequestSchema\n  // ...\n  return context.event.response.ok()\n}\n```\n\nHandlers are registered by name in `apps/api/handlers/index.ts` — the key **must exactly match the `operationId`** in the OpenAPI schema. The middy middleware lifecycle auto-commits the RavenDB session after each handler.\n\n#### Request lifecycle\n\n```\nKoa → OpenAPI route match + schema validation\n  → InboundEvent + Context created (RavenDB Session attached)\n  → middy middleware:\n      before:  logging, timer\n      handler: ApiHandler\n      after:   commit session, set response headers\n      error:   normalise to StandardResponse\n  → Koa response\n```\n\n---\n\n### `apps/nodevault` — NodeVault frontend\n\nNuxt 4 (`compatibilityVersion: 4`) SSR app deployed to Cloudflare Workers via the `cloudflare_module` preset. All pages server-render by default; no prerendering.\n\n**Stack:** Nuxt 4 · Vue 3 · Nuxt UI · Pinia · Tailwind CSS · TypeScript\n\n**Dev server:** `pnpm run app` → `http://www.nodevault.local:9001`\n\n**Deploy:** `pnpm run app:build` → Wrangler → Cloudflare Workers (`nodevault` worker)\n\n#### Content areas\n\n| Section | Path | Description |\n|---------|------|-------------|\n| Privacy Phones | `/phones` | GrapheneOS — de-Googling your phone, compatible devices, privacy app stack |\n| Home Server | `/umbrelos` | UmbrelOS self-hosting — hardware, app directory, replacing cloud subscriptions |\n| Privacy Router | `/privacy-router` | DNS blocking, WireGuard VPN, VLAN isolation for home networks |\n| Blog | `/blog` | Articles and guides |\n| Contact | `/company/contact` | Get in touch form |\n| About | `/company/about` | About NodeVault |\n\n#### Layouts\n\n| Layout | Used for |\n|--------|---------|\n| `default` | All public-facing pages — sticky header, footer |\n| `admin` | Admin section — full-width header, left sidebar nav |\n| `email` | Email templates — branded email card shell (header + footer), no Nuxt chrome injected into inline styles |\n\n#### Email rendering\n\nEmail templates are Nuxt pages under `/emails/*` using the `email` layout. The API calls `renderEmail(appUrl, '/emails/login', params)` which fetches the SSR-rendered HTML and passes it to Resend. Query params supply the template variables (e.g. `name`, `code`).\n\n#### Key composables \u0026 stores\n\n| Path | Purpose |\n|------|---------|\n| `app/stores/auth-store.ts` | Pinia store — JWT tokens, expiry, `apiOptions()` |\n| `app/composables/useApiClient.ts` | Returns a typed `NodeVaultApiClient` bound to auth tokens |\n| `app/composables/useConfig.ts` | Runtime config access |\n\n---\n\n### `apps/nickchampion` — Personal profile site\n\nNuxt 4 SSR app deployed to Cloudflare Workers. Light-only UI (sky/slate colour scheme) with forced light mode — dark mode is disabled at the CSS level regardless of system preference.\n\n**Stack:** Nuxt 4 · Vue 3 · Nuxt UI · Tailwind CSS · TypeScript\n\n**Dev server:** `pnpm run nickchampion` → `http://www.nickchampion.local:9003`\n\n**Deploy:** Cloudflare Workers (`nickchampion` worker)\n\n#### Pages\n\n| Route | Description |\n|-------|-------------|\n| `/` | Landing page — intro, key strengths, technical expertise, current project, recent roles |\n| `/cv` | Full CV — career history, education, notable achievements |\n| `/nodevault` | NodeVault project showcase — what it is, tech stack, engineering highlights |\n| `/contact` | Contact form — name, email, optional phone, message; posts to `/comms/contact` API endpoint |\n\n#### Notes\n\n- No auth — fully public, no admin section\n- Contact form submits to the same `/comms/contact` API endpoint as NodeVault, with `interests: ['other']` injected silently (required by the shared schema)\n- Uses `PhoneInput` component copied from NodeVault, backed by `Countries` domain model\n- Dark mode disabled: `@variant dark` redefined to `never-dark` in CSS, plus `.dark` CSS variable block overridden to light values in `app/assets/css/main.css`\n\n---\n\n## Components (shared libraries)\n\n| Package alias | Path | Purpose |\n|---------------|------|---------|\n| `@nodevault/platform.components.api` | `components/api` | Koa server, OpenAPI routing, middy middleware, handler types |\n| `@nodevault/platform.components.nodevault.server` | `components/nodevault/server` | Server config, domain models, RavenDB indexes |\n| `@nodevault/platform.components.nodevault.client` | `components/nodevault/client` | Client runtime config, `NodeVaultApiClient`, typed request methods |\n| `@nodevault/platform.components.nodevault.openapi` | `components/nodevault/openapi` | OpenAPI document composition, models, request/response schemas |\n| `@nodevault/platform.components.configuration` | `components/configuration` | Config builder (`build\u003cT\u003e()`) |\n| `@nodevault/platform.components.context` | `components/context` | `Context`, `InboundEvent`, `Response`, `Log`, middy wrappers |\n| `@nodevault/platform.components.domain` | `components/domain` | Domain models (`User`, `Account`, `LoginToken`, `Contact`), types, geo data |\n| `@nodevault/platform.components.ravendb` | `components/ravendb` | `Session` wrapper, document store helpers, search utilities |\n| `@nodevault/platform.components.search` | `components/search` | Search/query builders |\n| `@nodevault/platform.components.utils` | `components/utils` | Pure utilities — date, string, math (no Node.js-specific APIs) |\n| `@nodevault/platform.components.utils.server` | `components/utils-server` | Server-only utilities — crypto, encoding, JWT |\n| `@nodevault/platform.integrations.resend` | `integrations/resend` | Resend email client — `createResendClient`, `sendEmail` |\n| `@nodevault/platform.integrations.cloudflare` | `integrations/cloudflare` | Cloudflare Workers helpers |\n\n---\n\n## Development\n\n```bash\n# Install dependencies\npnpm install\n\n# Start servers (separate terminals)\npnpm run api          # API on :9002\npnpm run app          # NodeVault Nuxt on :9001\npnpm run nickchampion # Nick Champion Nuxt on :9003\n\n# Type check everything\nnpx tsc --noEmit\n\n# Run tests\nnpx vitest\n\n# Lint with autofix\npnpm run lint\n\n# Regenerate OpenAPI client types from schemas\npnpm run schemas\n```\n\n### Local hosts\n\nAdd to `/etc/hosts`:\n\n```\n127.0.0.1  api.nodevault.local\n127.0.0.1  www.nodevault.local\n127.0.0.1  www.nickchampion.local\n```\n\n### Configuration\n\nServer config is passed as a base64-encoded JSON string in the `NODEVAULT` environment variable. Local overrides are read from the path in `NODEVAULT_OVERRIDES`. See `components/configuration/server/configuration.ts` for the full config schema.\n\n---\n\n## Deployment\n\n| App | Platform | Command |\n|-----|----------|---------|\n| `apps/api` | Fly.io (Docker, `lhr`) | `fly deploy` from `apps/api/` |\n| `apps/nodevault` | Cloudflare Workers | `pnpm run app:build` then `wrangler deploy` from `apps/nodevault/` |\n| `apps/nickchampion` | Cloudflare Workers | build then `wrangler deploy` from `apps/nickchampion/` |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnickchampion%2Fnode-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnickchampion%2Fnode-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnickchampion%2Fnode-vault/lists"}