Initial commit: RehearsalHub POC

Full-stack self-hosted band rehearsal platform: Backend (FastAPI + SQLAlchemy 2.0 async): - Auth with JWT (register, login, /me, settings) - Band management with Nextcloud folder integration - Song management with audio version tracking - Nextcloud scan to auto-import audio files - Band membership with link-based invite system - Song comments - Audio analysis worker (BPM, key, loudness, waveform) - Nextcloud activity watcher for auto-import - WebSocket support for real-time annotation updates - Alembic migrations (0001–0003) - Repository pattern, Ruff + mypy configured Frontend (React 18 + Vite + TypeScript strict): - Login/register page with post-login redirect - Home page with band list and creation form - Band page with member panel, invite link, song list, NC scan - Song page with waveform player, annotations, comment thread - Settings page for per-user Nextcloud credentials - Invite acceptance page (/invite/:token) - ESLint v9 flat config + TypeScript strict mode Infrastructure: - Docker Compose: PostgreSQL, Redis, API, worker, watcher, nginx - nginx reverse proxy for static files + /api/ proxy - make check runs all linters before docker compose build Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 21:53:03 +01:00
commit f7be1b994d
139 changed files with 12743 additions and 0 deletions
--- a/traefik/dynamic/routes.yml
+++ b/traefik/dynamic/routes.yml
@@ -0,0 +1,44 @@
+http:
+  routers:
+    # API — HTTP
+    api-http:
+      rule: "Host(`{{ env "DOMAIN" }}`) && PathPrefix(`/api`)"
+      entryPoints:
+        - web
+      service: api
+
+    # Web — HTTP
+    web-http:
+      rule: "Host(`{{ env "DOMAIN" }}`)"
+      entryPoints:
+        - web
+      service: web
+
+    # API — HTTPS (production with real domain + cert)
+    api:
+      rule: "Host(`{{ env "DOMAIN" }}`) && PathPrefix(`/api`)"
+      entryPoints:
+        - websecure
+      service: api
+      tls:
+        certResolver: letsencrypt
+
+    # Web — HTTPS (production with real domain + cert)
+    web:
+      rule: "Host(`{{ env "DOMAIN" }}`)"
+      entryPoints:
+        - websecure
+      service: web
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    api:
+      loadBalancer:
+        servers:
+          - url: "http://api:8000"
+
+    web:
+      loadBalancer:
+        servers:
+          - url: "http://web:80"
--- a/traefik/dynamic/tls.yml
+++ b/traefik/dynamic/tls.yml
@@ -0,0 +1,12 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      sniStrict: true
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@@ -0,0 +1,25 @@
+api:
+  dashboard: true
+  insecure: true  # dashboard on :8080 (mapped to host 9080), disable in production
+
+log:
+  level: INFO
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+
+providers:
+  file:
+    directory: /dynamic
+    watch: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "${ACME_EMAIL}"
+      storage: /acme/acme.json
+      httpChallenge:
+        entryPoint: web