├── .npmrc
├── app
    ├── routes
    │   ├── admin
    │   │   └── cache
    │   │   │   ├── sqlite.tsx
    │   │   │   ├── lru.$cacheKey.ts
    │   │   │   ├── sqlite.$cacheKey.ts
    │   │   │   └── sqlite.server.ts
    │   ├── _marketing
    │   │   ├── about.tsx
    │   │   ├── privacy.tsx
    │   │   ├── support.tsx
    │   │   ├── tos.tsx
    │   │   └── +logos
    │   │   │   ├── stars.jpg
    │   │   │   ├── testing-library.png
    │   │   │   ├── shadcn-ui.svg
    │   │   │   ├── radix.svg
    │   │   │   ├── tailwind.svg
    │   │   │   ├── github.svg
    │   │   │   ├── typescript.svg
    │   │   │   ├── eslint.svg
    │   │   │   ├── sentry.svg
    │   │   │   └── remix.svg
    │   ├── _auth
    │   │   ├── logout.tsx
    │   │   ├── onboarding
    │   │   │   ├── index.server.ts
    │   │   │   └── $provider.server.ts
    │   │   ├── auth.$provider
    │   │   │   └── index.ts
    │   │   └── reset-password.server.ts
    │   ├── _seo
    │   │   ├── robots[.]txt.ts
    │   │   └── sitemap[.]xml.ts
    │   ├── users
    │   │   └── $username
    │   │   │   └── notes
    │   │   │       ├── new.tsx
    │   │   │       ├── index.tsx
    │   │   │       └── $noteId_.edit.tsx
    │   ├── settings
    │   │   └── profile
    │   │   │   └── two-factor
    │   │   │       └── _layout.tsx
    │   ├── me.tsx
    │   ├── resources
    │   │   ├── healthcheck.tsx
    │   │   └── download-user-data.tsx
    │   └── $.tsx
    ├── assets
    │   └── favicons
    │   │   ├── apple-touch-icon.png
    │   │   └── favicon.svg
    ├── utils
    │   ├── providers
    │   │   ├── constants.ts
    │   │   └── provider.ts
    │   ├── totp.server.ts
    │   ├── nonce-provider.ts
    │   ├── verification.server.ts
    │   ├── honeypot.server.ts
    │   ├── redirect-cookie.server.ts
    │   ├── request-info.ts
    │   ├── theme.server.ts
    │   ├── litefs.server.ts
    │   ├── connections.server.ts
    │   ├── misc.error-message.test.ts
    │   ├── monitoring.client.tsx
    │   ├── headers.server.test.ts
    │   ├── db.server.ts
    │   ├── session.server.ts
    │   ├── permissions.server.ts
    │   ├── client-hints.tsx
    │   ├── connections.tsx
    │   ├── user-validation.ts
    │   └── toast.server.ts
    ├── components
    │   ├── floating-toolbar.tsx
    │   ├── ui
    │   │   ├── README.md
    │   │   ├── label.tsx
    │   │   ├── textarea.tsx
    │   │   ├── input.tsx
    │   │   ├── sonner.tsx
    │   │   ├── checkbox.tsx
    │   │   ├── tooltip.tsx
    │   │   ├── button.tsx
    │   │   ├── input-otp.tsx
    │   │   └── status-button.tsx
    │   ├── toaster.tsx
    │   ├── spacer.tsx
    │   ├── error-boundary.tsx
    │   ├── search-bar.tsx
    │   └── progress-bar.tsx
    ├── entry.client.tsx
    └── routes.ts
├── public
    ├── favicon.ico
    ├── img
    │   └── user.png
    ├── favicons
    │   ├── android-chrome-192x192.png
    │   ├── android-chrome-512x512.png
    │   └── README.md
    └── site.webmanifest
├── types
    ├── env.env.d.ts
    ├── reset.d.ts
    ├── icon-name.d.ts
    └── deps.d.ts
├── tests
    ├── fixtures
    │   ├── github
    │   │   └── ghost.jpg
    │   └── images
    │   │   ├── user
    │   │       ├── 0.jpg
    │   │       ├── 1.jpg
    │   │       ├── 2.jpg
    │   │       ├── 3.jpg
    │   │       ├── 4.jpg
    │   │       ├── 5.jpg
    │   │       ├── 6.jpg
    │   │       ├── 7.jpg
    │   │       ├── 8.jpg
    │   │       ├── 9.jpg
    │   │       ├── kody.png
    │   │       └── README.md
    │   │   ├── notes
    │   │       ├── 0.png
    │   │       ├── 1.png
    │   │       ├── 2.png
    │   │       ├── 3.png
    │   │       ├── 4.png
    │   │       ├── 5.png
    │   │       ├── 6.png
    │   │       ├── 7.png
    │   │       ├── 8.png
    │   │       └── 9.png
    │   │   └── kody-notes
    │   │       ├── mountain.png
    │   │       ├── cute-koala.png
    │   │       ├── koala-coder.png
    │   │       ├── koala-cuddle.png
    │   │       ├── koala-eating.png
    │   │       ├── koala-mentor.png
    │   │       └── koala-soccer.png
    ├── mocks
    │   ├── pwned-passwords.ts
    │   ├── README.md
    │   ├── resend.ts
    │   ├── index.ts
    │   └── utils.ts
    ├── e2e
    │   ├── error-boundary.test.ts
    │   └── search.test.ts
    ├── setup
    │   ├── db-setup.ts
    │   ├── global-setup.ts
    │   └── setup-test-env.ts
    └── utils.ts
├── prisma
    ├── migrations
    │   └── migration_lock.toml
    └── sql
    │   └── searchUsers.sql
├── other
    ├── Dockerfile.dockerignore
    ├── sly
    │   ├── sly.json
    │   └── transform-icon.ts
    ├── svg-icons
    │   ├── README.md
    │   ├── laptop.svg
    │   ├── plus.svg
    │   ├── trash.svg
    │   ├── check.svg
    │   ├── arrow-right.svg
    │   ├── arrow-left.svg
    │   ├── magnifying-glass.svg
    │   ├── envelope-closed.svg
    │   ├── lock-open-1.svg
    │   ├── pencil-1.svg
    │   ├── reset.svg
    │   ├── cross-1.svg
    │   ├── exit.svg
    │   ├── lock-closed.svg
    │   ├── dots-horizontal.svg
    │   ├── clock.svg
    │   ├── passkey.svg
    │   ├── file-text.svg
    │   ├── camera.svg
    │   ├── download.svg
    │   ├── avatar.svg
    │   ├── github-logo.svg
    │   ├── update.svg
    │   └── question-mark-circled.svg
    ├── README.md
    └── litefs.yml
├── docs
    ├── decisions
    │   ├── 000-template.md
    │   ├── README.md
    │   ├── 029-remix-auth.md
    │   ├── 034-source-maps.md
    │   ├── 022-report-only-csp.md
    │   ├── 017-resend-email.md
    │   ├── 027-toasts.md
    │   ├── 009-region-selection.md
    │   ├── 011-sitemaps.md
    │   ├── 008-content-security-policy.md
    │   ├── 032-csrf.md
    │   ├── 015-monitoring.md
    │   ├── 026-path-aliases.md
    │   ├── 033-honeypot.md
    │   ├── 006-native-esm.md
    │   ├── 045-rr-auto-routes.md
    │   ├── 013-email-code.md
    │   ├── 001-typescript-only.md
    │   ├── 046-remove-path-aliases.md
    │   ├── 037-generated-internal-command.md
    │   ├── 042-node-sqlite.md
    │   ├── 020-icons.md
    │   ├── 035-remove-csrf.md
    │   ├── 038-remove-cleanup-db.md
    │   ├── 002-email-service.md
    │   ├── 010-memory-swap.md
    │   ├── 041-image-optimization.md
    │   ├── 023-route-based-dialogs.md
    │   └── 036-vite.md
    ├── client-hints.md
    ├── community.md
    ├── memory.md
    ├── email.md
    ├── apis.md
    ├── permissions.md
    ├── secrets.md
    ├── testing.md
    ├── image-optimization.md
    ├── getting-started.md
    ├── icons.md
    ├── README.md
    ├── toasts.md
    ├── guiding-principles.md
    ├── seo.md
    └── timezone.md
├── .prettierignore
├── .vscode
    ├── extensions.json
    └── settings.json
├── remix.init
    ├── index.js
    ├── package.json
    └── gitignore
├── eslint.config.js
├── .github
    └── PULL_REQUEST_TEMPLATE.md
├── components.json
├── tsconfig.json
├── .gitignore
├── index.ts
├── server
    ├── app.ts
    └── utils
    │   └── monitoring.ts
├── react-router.config.ts
├── playwright.config.ts
├── LICENSE.md
├── .env.example
├── fly.toml
└── .cursor
    └── rules
        └── avoid-use-effect.mdc


/.npmrc:
--------------------------------------------------------------------------------
1 | legacy-peer-deps=true
2 | registry=https://registry.npmjs.org/
3 | 


--------------------------------------------------------------------------------
/app/routes/admin/cache/sqlite.tsx:
--------------------------------------------------------------------------------
1 | export { action } from './sqlite.server.ts'
2 | 


--------------------------------------------------------------------------------
/public/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/public/favicon.ico


--------------------------------------------------------------------------------
/public/img/user.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/public/img/user.png


--------------------------------------------------------------------------------
/types/env.env.d.ts:
--------------------------------------------------------------------------------
1 | /// <reference types="vite/client" />
2 | /// <reference types="@remix-run/node" />
3 | 


--------------------------------------------------------------------------------
/types/reset.d.ts:
--------------------------------------------------------------------------------
1 | // Do not add any other lines of code to this file!
2 | import '@epic-web/config/reset.d.ts'
3 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/about.tsx:
--------------------------------------------------------------------------------
1 | export default function AboutRoute() {
2 | 	return <div>About page</div>
3 | }
4 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/privacy.tsx:
--------------------------------------------------------------------------------
1 | export default function PrivacyRoute() {
2 | 	return <div>Privacy</div>
3 | }
4 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/support.tsx:
--------------------------------------------------------------------------------
1 | export default function SupportRoute() {
2 | 	return <div>Support</div>
3 | }
4 | 


--------------------------------------------------------------------------------
/tests/fixtures/github/ghost.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/github/ghost.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/0.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/0.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/1.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/2.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/3.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/4.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/5.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/6.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/7.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/8.jpg


--------------------------------------------------------------------------------
/tests/fixtures/images/user/9.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/9.jpg


--------------------------------------------------------------------------------
/app/routes/_marketing/tos.tsx:
--------------------------------------------------------------------------------
1 | export default function TermsOfServiceRoute() {
2 | 	return <div>Terms of service</div>
3 | }
4 | 


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/0.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/1.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/2.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/3.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/4.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/5.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/6.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/7.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/8.png


--------------------------------------------------------------------------------
/tests/fixtures/images/notes/9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/notes/9.png


--------------------------------------------------------------------------------
/tests/fixtures/images/user/kody.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/user/kody.png


--------------------------------------------------------------------------------
/types/icon-name.d.ts:
--------------------------------------------------------------------------------
1 | // This file is a fallback until you run npm run build:icons
2 | 
3 | export type IconName = string
4 | 


--------------------------------------------------------------------------------
/app/assets/favicons/apple-touch-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/app/assets/favicons/apple-touch-icon.png


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/stars.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/app/routes/_marketing/+logos/stars.jpg


--------------------------------------------------------------------------------
/public/favicons/android-chrome-192x192.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/public/favicons/android-chrome-192x192.png


--------------------------------------------------------------------------------
/public/favicons/android-chrome-512x512.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/public/favicons/android-chrome-512x512.png


--------------------------------------------------------------------------------
/tests/fixtures/images/kody-notes/mountain.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/kody-notes/mountain.png


--------------------------------------------------------------------------------
/tests/fixtures/images/kody-notes/cute-koala.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/kody-notes/cute-koala.png


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/testing-library.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/app/routes/_marketing/+logos/testing-library.png


--------------------------------------------------------------------------------
/tests/fixtures/images/kody-notes/koala-coder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/kody-notes/koala-coder.png


--------------------------------------------------------------------------------
/tests/fixtures/images/kody-notes/koala-cuddle.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/kody-notes/koala-cuddle.png


--------------------------------------------------------------------------------
/tests/fixtures/images/kody-notes/koala-eating.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/kody-notes/koala-eating.png


--------------------------------------------------------------------------------
/tests/fixtures/images/kody-notes/koala-mentor.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/kody-notes/koala-mentor.png


--------------------------------------------------------------------------------
/tests/fixtures/images/kody-notes/koala-soccer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/epicweb-dev/epic-stack/HEAD/tests/fixtures/images/kody-notes/koala-soccer.png


--------------------------------------------------------------------------------
/app/utils/providers/constants.ts:
--------------------------------------------------------------------------------
1 | export const MOCK_CODE_GITHUB = 'MOCK_CODE_GITHUB_KODY'
2 | 
3 | export const MOCK_CODE_GITHUB_HEADER = 'x-mock-code-github'
4 | 


--------------------------------------------------------------------------------
/prisma/migrations/migration_lock.toml:
--------------------------------------------------------------------------------
1 | # Please do not edit this file manually
2 | # It should be added in your version-control system (e.g., Git)
3 | provider = "sqlite"


--------------------------------------------------------------------------------
/tests/fixtures/images/user/README.md:
--------------------------------------------------------------------------------
1 | # User Images
2 | 
3 | This is used when creating users with images. If you don't do that, feel free to
4 | delete this directory.
5 | 


--------------------------------------------------------------------------------
/other/Dockerfile.dockerignore:
--------------------------------------------------------------------------------
 1 | # This file is moved to the root directory before building the image
 2 | 
 3 | /node_modules
 4 | *.log
 5 | .DS_Store
 6 | .env
 7 | /.cache
 8 | /public/build
 9 | /build
10 | 


--------------------------------------------------------------------------------
/app/components/floating-toolbar.tsx:
--------------------------------------------------------------------------------
1 | export const floatingToolbarClassName =
2 | 	'absolute bottom-3 inset-x-3 flex items-center gap-2 rounded-lg bg-muted/80 p-4 pl-5 shadow-xl shadow-accent backdrop-blur-xs md:gap-4 md:pl-7 justify-end'
3 | 


--------------------------------------------------------------------------------
/app/utils/totp.server.ts:
--------------------------------------------------------------------------------
1 | // @epic-web/totp should be used server-side only. It imports `Crypto` which results in Remix
2 | // including a big polyfill. So we put the import in a `.server.ts` file to avoid that
3 | export * from '@epic-web/totp'
4 | 


--------------------------------------------------------------------------------
/tests/mocks/pwned-passwords.ts:
--------------------------------------------------------------------------------
1 | import { http, HttpResponse } from 'msw'
2 | 
3 | export const handlers = [
4 | 	http.get('https://api.pwnedpasswords.com/range/:prefix', () => {
5 | 		return new HttpResponse('', { status: 200 })
6 | 	}),
7 | ]
8 | 


--------------------------------------------------------------------------------
/app/utils/nonce-provider.ts:
--------------------------------------------------------------------------------
1 | import * as React from 'react'
2 | 
3 | export const NonceContext = React.createContext<string>('')
4 | export const NonceProvider = NonceContext.Provider
5 | export const useNonce = () => React.useContext(NonceContext)
6 | 


--------------------------------------------------------------------------------
/docs/decisions/000-template.md:
--------------------------------------------------------------------------------
 1 | # Title
 2 | 
 3 | Date: YYYY-MM-DD
 4 | 
 5 | Status: proposed | rejected | accepted | deprecated | … | superseded by
 6 | [0005](0005-example.md)
 7 | 
 8 | ## Context
 9 | 
10 | ## Decision
11 | 
12 | ## Consequences
13 | 


--------------------------------------------------------------------------------
/.prettierignore:
--------------------------------------------------------------------------------
 1 | node_modules
 2 | 
 3 | /build
 4 | /public/build
 5 | .env
 6 | 
 7 | /test-results/
 8 | /playwright-report/
 9 | /playwright/.cache/
10 | /tests/fixtures/email/*.json
11 | /coverage
12 | /prisma/migrations
13 | 
14 | package-lock.json
15 | 


--------------------------------------------------------------------------------
/other/sly/sly.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"$schema": "https://sly-cli.fly.dev/registry/config.json",
 3 | 	"libraries": [
 4 | 		{
 5 | 			"name": "@radix-ui/icons",
 6 | 			"directory": "./other/svg-icons",
 7 | 			"transformers": ["transform-icon.ts"]
 8 | 		}
 9 | 	]
10 | }
11 | 


--------------------------------------------------------------------------------
/types/deps.d.ts:
--------------------------------------------------------------------------------
1 | // This module should contain type definitions for modules which do not have
2 | // their own type definitions and are not available on DefinitelyTyped.
3 | 
4 | // declare module 'some-untyped-pkg' {
5 | // 	export function foo(): void;
6 | // }
7 | 


--------------------------------------------------------------------------------
/.vscode/extensions.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"recommendations": [
 3 | 		"bradlc.vscode-tailwindcss",
 4 | 		"dbaeumer.vscode-eslint",
 5 | 		"esbenp.prettier-vscode",
 6 | 		"prisma.prisma",
 7 | 		"qwtel.sqlite-viewer",
 8 | 		"yoavbls.pretty-ts-errors",
 9 | 		"github.vscode-github-actions"
10 | 	]
11 | }
12 | 


--------------------------------------------------------------------------------
/remix.init/index.js:
--------------------------------------------------------------------------------
1 | module.exports = async (...args) => {
2 | 	const { default: main } = await import('./index.mjs')
3 | 	await main(...args).catch((err) => {
4 | 		console.error('Oh no! Something went wrong initializing your epic app:')
5 | 		console.error(err)
6 | 		process.exit(1)
7 | 	})
8 | }
9 | 


--------------------------------------------------------------------------------
/remix.init/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "remix.init",
 3 |   "private": true,
 4 |   "main": "index.js",
 5 |   "dependencies": {
 6 |     "@iarna/toml": "^2.2.5",
 7 |     "execa": "^7.1.1",
 8 |     "inquirer": "^9.2.6",
 9 |     "open": "^9.1.0",
10 |     "parse-github-url": "^1.0.2"
11 |   }
12 | }
13 | 


--------------------------------------------------------------------------------
/.vscode/settings.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"typescript.preferences.autoImportFileExcludePatterns": [
 3 | 		"@remix-run/server-runtime",
 4 | 		"express",
 5 | 		"@radix-ui/**",
 6 | 		"@react-email/**",
 7 | 		"node:stream/consumers",
 8 | 		"node:test",
 9 | 		"node:console"
10 | 	],
11 | 	"workbench.editorAssociations": {
12 | 		"*.db": "sqlite-viewer.view"
13 | 	}
14 | }
15 | 


--------------------------------------------------------------------------------
/app/routes/_auth/logout.tsx:
--------------------------------------------------------------------------------
 1 | import { redirect } from 'react-router'
 2 | import { logout } from '#app/utils/auth.server.ts'
 3 | import { type Route } from './+types/logout.ts'
 4 | 
 5 | export async function loader() {
 6 | 	return redirect('/')
 7 | }
 8 | 
 9 | export async function action({ request }: Route.ActionArgs) {
10 | 	return logout({ request })
11 | }
12 | 


--------------------------------------------------------------------------------
/docs/decisions/README.md:
--------------------------------------------------------------------------------
1 | # Decisions
2 | 
3 | This directory contains all the decisions we've made for this starter template
4 | and serves as a record for whenever we wonder why certain decisions were made.
5 | 
6 | Decisions in here are never final. But these documents should serve as a good
7 | way for someone to come up to speed on why certain decisions were made.
8 | 


--------------------------------------------------------------------------------
/tests/e2e/error-boundary.test.ts:
--------------------------------------------------------------------------------
 1 | import { expect, test } from '#tests/playwright-utils.ts'
 2 | 
 3 | test('Test root error boundary caught', async ({ page, navigate }) => {
 4 | 	const pageUrl = '/does-not-exist'
 5 | 	const res = await navigate(pageUrl as any)
 6 | 
 7 | 	expect(res?.status()).toBe(404)
 8 | 	await expect(page.getByText(/We can't find this page/i)).toBeVisible()
 9 | })
10 | 


--------------------------------------------------------------------------------
/app/routes/_seo/robots[.]txt.ts:
--------------------------------------------------------------------------------
 1 | import { generateRobotsTxt } from '@nasa-gcn/remix-seo'
 2 | import { getDomainUrl } from '#app/utils/misc.tsx'
 3 | import { type Route } from './+types/robots[.]txt.ts'
 4 | 
 5 | export function loader({ request }: Route.LoaderArgs) {
 6 | 	return generateRobotsTxt([
 7 | 		{ type: 'sitemap', value: `${getDomainUrl(request)}/sitemap.xml` },
 8 | 	])
 9 | }
10 | 


--------------------------------------------------------------------------------
/eslint.config.js:
--------------------------------------------------------------------------------
 1 | import { default as defaultConfig } from '@epic-web/config/eslint'
 2 | 
 3 | /** @type {import("eslint").Linter.Config} */
 4 | export default [
 5 | 	...defaultConfig,
 6 | 	// add custom config objects here:
 7 | 	{
 8 | 		files: ['**/tests/**/*.ts'],
 9 | 		rules: { 'react-hooks/rules-of-hooks': 'off' },
10 | 	},
11 | 	{
12 | 		ignores: ['.react-router/*'],
13 | 	},
14 | ]
15 | 


--------------------------------------------------------------------------------
/app/components/ui/README.md:
--------------------------------------------------------------------------------
1 | # shadcn/ui
2 | 
3 | Some components in this directory are downloaded via the
4 | [shadcn/ui](https://ui.shadcn.com) [CLI](https://ui.shadcn.com/docs/cli). Feel
5 | free to customize them to your needs. It's important to know that shadcn/ui is
6 | not a library of components you install, but instead it's a registry of prebuilt
7 | components which you can download and customize.
8 | 


--------------------------------------------------------------------------------
/app/entry.client.tsx:
--------------------------------------------------------------------------------
 1 | import { startTransition } from 'react'
 2 | import { hydrateRoot } from 'react-dom/client'
 3 | import { HydratedRouter } from 'react-router/dom'
 4 | 
 5 | if (ENV.MODE === 'production' && ENV.SENTRY_DSN) {
 6 | 	void import('./utils/monitoring.client.tsx').then(({ init }) => init())
 7 | }
 8 | 
 9 | startTransition(() => {
10 | 	hydrateRoot(document, <HydratedRouter />)
11 | })
12 | 


--------------------------------------------------------------------------------
/tests/mocks/README.md:
--------------------------------------------------------------------------------
 1 | # Mocks
 2 | 
 3 | Use this to mock any third party HTTP resources that you don't have running
 4 | locally and want to have mocked for local development as well as tests.
 5 | 
 6 | Learn more about how to use this at [mswjs.io](https://mswjs.io/)
 7 | 
 8 | For an extensive example, see the
 9 | [source code for kentcdodds.com](https://github.com/kentcdodds/kentcdodds.com/blob/main/mocks/index.ts)
10 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!-- Summary: Put your summary here -->
 2 | 
 3 | ## Test Plan
 4 | 
 5 | <!-- What steps need to be taken to verify this works as expected? -->
 6 | 
 7 | ## Checklist
 8 | 
 9 | - [ ] Tests updated
10 | - [ ] Docs updated
11 | 
12 | ## Screenshots
13 | 
14 | <!-- If what you're changing is within the app, please show before/after.
15 | You can provide a video as well if that makes more sense -->
16 | 


--------------------------------------------------------------------------------
/app/routes/users/$username/notes/new.tsx:
--------------------------------------------------------------------------------
 1 | import { requireUserId } from '#app/utils/auth.server.ts'
 2 | import { NoteEditor } from './+shared/note-editor.tsx'
 3 | import { type Route } from './+types/new.ts'
 4 | 
 5 | export { action } from './+shared/note-editor.server.tsx'
 6 | 
 7 | export async function loader({ request }: Route.LoaderArgs) {
 8 | 	await requireUserId(request)
 9 | 	return {}
10 | }
11 | 
12 | export default NoteEditor
13 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/shadcn-ui.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 256 256"><rect width="256" height="256" fill="none"></rect><line x1="208" y1="128" x2="128" y2="208" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="16"></line><line x1="192" y1="40" x2="40" y2="192" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="16"></line></svg>


--------------------------------------------------------------------------------
/components.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"$schema": "https://ui.shadcn.com/schema.json",
 3 | 	"style": "default",
 4 | 	"rsc": false,
 5 | 	"tsx": true,
 6 | 	"tailwind": {
 7 | 		"config": "",
 8 | 		"css": "app/styles/tailwind.css",
 9 | 		"baseColor": "slate",
10 | 		"cssVariables": true
11 | 	},
12 | 	"aliases": {
13 | 		"components": "#app/components",
14 | 		"utils": "#app/utils/misc",
15 | 		"ui": "#app/components/ui",
16 | 		"lib": "#app/utils"
17 | 	}
18 | }
19 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/radix.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" width="250" height="250" viewBox="0 0 25 25" fill="none" style="margin-right:3px"><path d="M12 25C7.58173 25 4 21.4183 4 17C4 12.5817 7.58173 9 12 9V25Z" fill="currentcolor"></path><path d="M12 0H4V8H12V0Z" fill="currentcolor"></path><path d="M17 8C19.2091 8 21 6.20914 21 4C21 1.79086 19.2091 0 17 0C14.7909 0 13 1.79086 13 4C13 6.20914 14.7909 8 17 8Z" fill="currentcolor"></path></svg>


--------------------------------------------------------------------------------
/app/components/toaster.tsx:
--------------------------------------------------------------------------------
 1 | import { useEffect } from 'react'
 2 | import { toast as showToast } from 'sonner'
 3 | import { type Toast } from '#app/utils/toast.server.ts'
 4 | 
 5 | export function useToast(toast?: Toast | null) {
 6 | 	useEffect(() => {
 7 | 		if (toast) {
 8 | 			setTimeout(() => {
 9 | 				showToast[toast.type](toast.title, {
10 | 					id: toast.id,
11 | 					description: toast.description,
12 | 				})
13 | 			}, 0)
14 | 		}
15 | 	}, [toast])
16 | }
17 | 


--------------------------------------------------------------------------------
/tsconfig.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"include": ["**/*.ts", "**/*.tsx", ".react-router/types/**/*"],
 3 | 	"extends": ["@epic-web/config/typescript"],
 4 | 	"compilerOptions": {
 5 | 		// TODO: Probably should move this into epic-web/config
 6 | 		"types": ["@react-router/node", "vite/client"],
 7 | 		"rootDirs": [".", "./.react-router/types"],
 8 | 		"paths": {
 9 | 			"@/icon-name": [
10 | 				"./app/components/ui/icons/types.ts",
11 | 				"./types/icon-name.d.ts"
12 | 			]
13 | 		}
14 | 	}
15 | }
16 | 


--------------------------------------------------------------------------------
/app/utils/verification.server.ts:
--------------------------------------------------------------------------------
 1 | import { createCookieSessionStorage } from 'react-router'
 2 | 
 3 | export const verifySessionStorage = createCookieSessionStorage({
 4 | 	cookie: {
 5 | 		name: 'en_verification',
 6 | 		sameSite: 'lax', // CSRF protection is advised if changing to 'none'
 7 | 		path: '/',
 8 | 		httpOnly: true,
 9 | 		maxAge: 60 * 10, // 10 minutes
10 | 		secrets: process.env.SESSION_SECRET.split(','),
11 | 		secure: process.env.NODE_ENV === 'production',
12 | 	},
13 | })
14 | 


--------------------------------------------------------------------------------
/other/svg-icons/README.md:
--------------------------------------------------------------------------------
 1 | # Icons
 2 | 
 3 | These icons were downloaded from https://icons.radix-ui.com/ which is licensed
 4 | under MIT: https://github.com/radix-ui/icons/blob/master/LICENSE
 5 | 
 6 | It's important that you only add icons to this directory that the application
 7 | actually needs as the `vite-plugin-icons-spritesheet` plugin is configured to
 8 | generate a spritesheet with icons from this directory. The plugin re-runs on
 9 | every edit/delete/add to this directory.
10 | 


--------------------------------------------------------------------------------
/public/site.webmanifest:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"name": "Epic Notes",
 3 | 	"short_name": "Epic Notes",
 4 | 	"start_url": "/",
 5 | 	"icons": [
 6 | 		{
 7 | 			"src": "/favicons/android-chrome-192x192.png",
 8 | 			"sizes": "192x192",
 9 | 			"type": "image/png"
10 | 		},
11 | 		{
12 | 			"src": "/favicons/android-chrome-512x512.png",
13 | 			"sizes": "512x512",
14 | 			"type": "image/png"
15 | 		}
16 | 	],
17 | 	"theme_color": "#A9ADC1",
18 | 	"background_color": "#1f2028",
19 | 	"display": "standalone"
20 | }
21 | 


--------------------------------------------------------------------------------
/prisma/sql/searchUsers.sql:
--------------------------------------------------------------------------------
 1 | -- @param {String} $1:like
 2 | SELECT 
 3 |   "User".id,
 4 |   "User".username,
 5 |   "User".name,
 6 |   "UserImage".id AS imageId,
 7 |   "UserImage".objectKey AS imageObjectKey
 8 | FROM "User"
 9 | LEFT JOIN "UserImage" ON "User".id = "UserImage".userId
10 | WHERE "User".username LIKE :like
11 | OR "User".name LIKE :like
12 | ORDER BY (
13 |   SELECT "Note".updatedAt
14 |   FROM "Note"
15 |   WHERE "Note".ownerId = "User".id
16 |   ORDER BY "Note".updatedAt DESC
17 |   LIMIT 1
18 | ) DESC
19 | LIMIT 50
20 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | node_modules
 2 | .DS_store
 3 | 
 4 | /build
 5 | .env
 6 | .cache
 7 | 
 8 | /prisma/data.db
 9 | /prisma/data.db-journal
10 | /tests/prisma
11 | 
12 | /test-results/
13 | /playwright-report/
14 | /playwright/.cache/
15 | /tests/fixtures/email/
16 | /tests/fixtures/uploaded/
17 | /tests/fixtures/openimg/
18 | /coverage
19 | 
20 | /other/cache.db
21 | 
22 | # Easy way to create temporary files/folders that won't accidentally be added to git
23 | *.local.*
24 | 
25 | # generated files
26 | /app/components/ui/icons
27 | .react-router/
28 | 


--------------------------------------------------------------------------------
/other/sly/transform-icon.ts:
--------------------------------------------------------------------------------
 1 | import { type Meta } from '@sly-cli/sly'
 2 | 
 3 | /**
 4 |  * @type {import('@sly-cli/sly/dist').Transformer}
 5 |  */
 6 | export default function transformIcon(input: string, meta: Meta) {
 7 | 	input = prependLicenseInfo(input, meta)
 8 | 
 9 | 	return input
10 | }
11 | 
12 | function prependLicenseInfo(input: string, meta: Meta): string {
13 | 	return [
14 | 		`<!-- Downloaded from ${meta.name} -->`,
15 | 		`<!-- License ${meta.license} -->`,
16 | 		`<!-- ${meta.source} -->`,
17 | 		input,
18 | 	].join('\n')
19 | }
20 | 


--------------------------------------------------------------------------------
/app/assets/favicons/favicon.svg:
--------------------------------------------------------------------------------
 1 | <svg xmlns="http://www.w3.org/2000/svg" width="512" height="512" fill="none" viewBox="0 0 65 65">
 2 |   <style>
 3 |     path {
 4 |       fill: #000;
 5 |     }
 6 |     @media (prefers-color-scheme: dark) {
 7 |       path {
 8 |         fill: #FFF;
 9 |       }
10 |     }
11 |   </style>
12 |   <path d="M39.445 25.555 37 17.163 65 0 47.821 28l-8.376-2.445Zm-13.89 0L28 17.163 0 0l17.179 28 8.376-2.445Zm13.89 13.89L37 47.837 65 65 47.821 37l-8.376 2.445Zm-13.89 0L28 47.837 0 65l17.179-28 8.376 2.445Z"></path>
13 | </svg>
14 | 


--------------------------------------------------------------------------------
/remix.init/gitignore:
--------------------------------------------------------------------------------
 1 | node_modules
 2 | .DS_store
 3 | 
 4 | /build
 5 | .env
 6 | .cache
 7 | 
 8 | /prisma/data.db
 9 | /prisma/data.db-journal
10 | /tests/prisma
11 | 
12 | /test-results/
13 | /playwright-report/
14 | /playwright/.cache/
15 | /tests/fixtures/email/
16 | /tests/fixtures/uploaded/
17 | /tests/fixtures/openimg/
18 | /coverage
19 | 
20 | /other/cache.db
21 | 
22 | # Easy way to create temporary files/folders that won't accidentally be added to git
23 | *.local.*
24 | 
25 | # generated files
26 | /app/components/ui/icons
27 | .react-router/
28 | 


--------------------------------------------------------------------------------
/app/utils/honeypot.server.ts:
--------------------------------------------------------------------------------
 1 | import { Honeypot, SpamError } from 'remix-utils/honeypot/server'
 2 | 
 3 | export const honeypot = new Honeypot({
 4 | 	validFromFieldName: process.env.NODE_ENV === 'test' ? null : undefined,
 5 | 	encryptionSeed: process.env.HONEYPOT_SECRET,
 6 | })
 7 | 
 8 | export async function checkHoneypot(formData: FormData) {
 9 | 	try {
10 | 		await honeypot.check(formData)
11 | 	} catch (error) {
12 | 		if (error instanceof SpamError) {
13 | 			throw new Response('Form not submitted properly', { status: 400 })
14 | 		}
15 | 		throw error
16 | 	}
17 | }
18 | 


--------------------------------------------------------------------------------
/other/README.md:
--------------------------------------------------------------------------------
 1 | # Other
 2 | 
 3 | The "other" directory is where we put stuff that doesn't really have a place,
 4 | but we don't want in the root of the project. In fact, we want to move as much
 5 | stuff here from the root as possible. The only things that should stay in the
 6 | root directory are those things that have to stay in the root for most editor
 7 | and other tool integrations (like most configuration files sadly). Maybe one day
 8 | we can convince tools to adopt a new `.config` directory in the future. Until
 9 | then, we've got this `./other` directory to keep things cleaner.
10 | 


--------------------------------------------------------------------------------
/public/favicons/README.md:
--------------------------------------------------------------------------------
 1 | # Favicon
 2 | 
 3 | This directory has the icons used for android devices. In some cases, we cannot
 4 | reliably detect light/dark mode preference. Hence these icons should not have a
 5 | transparent background. These icons are referenced in the `site.webmanifest`
 6 | file.
 7 | 
 8 | The icons used by modern browsers and Apple devices are in `app/assets/favicons`
 9 | as they can be imported with a fingerprint to bust the browser cache.
10 | 
11 | Note, there's also a `favicon.ico` in the root of `/public` which some older
12 | browsers will request automatically. This is a fallback for those browsers.
13 | 


--------------------------------------------------------------------------------
/app/routes/_seo/sitemap[.]xml.ts:
--------------------------------------------------------------------------------
 1 | import { generateSitemap } from '@nasa-gcn/remix-seo'
 2 | import { getDomainUrl } from '#app/utils/misc.tsx'
 3 | import { type Route } from './+types/sitemap[.]xml.ts'
 4 | 
 5 | export async function loader({ request, context }: Route.LoaderArgs) {
 6 | 	// TODO: This is typeerror is coming up since of the remix-run/server-runtime package. We might need to remove/update that one.
 7 | 	// @ts-expect-error
 8 | 	return generateSitemap(request, context.serverBuild.routes, {
 9 | 		siteUrl: getDomainUrl(request),
10 | 		headers: {
11 | 			'Cache-Control': `public, max-age=${60 * 5}`,
12 | 		},
13 | 	})
14 | }
15 | 


--------------------------------------------------------------------------------
/app/components/ui/label.tsx:
--------------------------------------------------------------------------------
 1 | import * as LabelPrimitive from '@radix-ui/react-label'
 2 | import { cva } from 'class-variance-authority'
 3 | import * as React from 'react'
 4 | 
 5 | import { cn } from '#app/utils/misc.tsx'
 6 | 
 7 | const labelVariants = cva(
 8 | 	'text-sm leading-none font-medium peer-disabled:cursor-not-allowed peer-disabled:opacity-70',
 9 | )
10 | 
11 | const Label = ({
12 | 	className,
13 | 	...props
14 | }: React.ComponentProps<typeof LabelPrimitive.Root>) => (
15 | 	<LabelPrimitive.Root
16 | 		data-slot="label"
17 | 		className={cn(labelVariants(), className)}
18 | 		{...props}
19 | 	/>
20 | )
21 | 
22 | export { Label }
23 | 


--------------------------------------------------------------------------------
/index.ts:
--------------------------------------------------------------------------------
 1 | import 'dotenv/config'
 2 | import * as fs from 'node:fs'
 3 | import sourceMapSupport from 'source-map-support'
 4 | 
 5 | sourceMapSupport.install({
 6 | 	retrieveSourceMap: function (source) {
 7 | 		// get source file without the `file://` prefix or `?t=...` suffix
 8 | 		const match = source.match(/^file:\/\/(.*)\?t=[.\d]+$/)
 9 | 		if (match) {
10 | 			return {
11 | 				url: source,
12 | 				map: fs.readFileSync(`${match[1]}.map`, 'utf8'),
13 | 			}
14 | 		}
15 | 		return null
16 | 	},
17 | })
18 | 
19 | if (process.env.MOCKS === 'true') {
20 | 	await import('./tests/mocks/index.ts')
21 | }
22 | 
23 | await import('./server/index.ts')
24 | 


--------------------------------------------------------------------------------
/app/routes.ts:
--------------------------------------------------------------------------------
 1 | import { type RouteConfig } from '@react-router/dev/routes'
 2 | import { autoRoutes } from 'react-router-auto-routes'
 3 | 
 4 | export default autoRoutes({
 5 | 	ignoredRouteFiles: [
 6 | 		'.*',
 7 | 		'**/*.css',
 8 | 		'**/*.test.{js,jsx,ts,tsx}',
 9 | 		'**/__*.*',
10 | 		// This is for server-side utilities you want to colocate
11 | 		// next to your routes without making an additional
12 | 		// directory. If you need a route that includes "server" or
13 | 		// "client" in the filename, use the escape brackets like:
14 | 		// my-route.[server].tsx
15 | 		'**/*.server.*',
16 | 		'**/*.client.*',
17 | 	],
18 | }) satisfies RouteConfig
19 | 


--------------------------------------------------------------------------------
/app/utils/redirect-cookie.server.ts:
--------------------------------------------------------------------------------
 1 | import * as cookie from 'cookie'
 2 | 
 3 | const key = 'redirectTo'
 4 | export const destroyRedirectToHeader = cookie.serialize(key, '', { maxAge: -1 })
 5 | 
 6 | export function getRedirectCookieHeader(redirectTo?: string) {
 7 | 	return redirectTo && redirectTo !== '/'
 8 | 		? cookie.serialize(key, redirectTo, { maxAge: 60 * 10 })
 9 | 		: null
10 | }
11 | 
12 | export function getRedirectCookieValue(request: Request) {
13 | 	const rawCookie = request.headers.get('cookie')
14 | 	const parsedCookies = rawCookie ? cookie.parse(rawCookie) : {}
15 | 	const redirectTo = parsedCookies[key]
16 | 	return redirectTo || null
17 | }
18 | 


--------------------------------------------------------------------------------
/app/routes/settings/profile/two-factor/_layout.tsx:
--------------------------------------------------------------------------------
 1 | import { type SEOHandle } from '@nasa-gcn/remix-seo'
 2 | import { Outlet } from 'react-router'
 3 | import { Icon } from '#app/components/ui/icon.tsx'
 4 | import { type VerificationTypes } from '#app/routes/_auth/verify.tsx'
 5 | import { type BreadcrumbHandle } from '../../profile/_layout.tsx'
 6 | 
 7 | export const handle: BreadcrumbHandle & SEOHandle = {
 8 | 	breadcrumb: <Icon name="lock-closed">2FA</Icon>,
 9 | 	getSitemapEntries: () => null,
10 | }
11 | 
12 | export const twoFAVerificationType = '2fa' satisfies VerificationTypes
13 | 
14 | export default function TwoFactorRoute() {
15 | 	return <Outlet />
16 | }
17 | 


--------------------------------------------------------------------------------
/app/utils/request-info.ts:
--------------------------------------------------------------------------------
 1 | import { invariant } from '@epic-web/invariant'
 2 | import { useRouteLoaderData } from 'react-router'
 3 | import { type loader as rootLoader } from '#app/root.tsx'
 4 | 
 5 | /**
 6 |  * @returns the request info from the root loader (throws an error if it does not exist)
 7 |  */
 8 | export function useRequestInfo() {
 9 | 	const maybeRequestInfo = useOptionalRequestInfo()
10 | 	invariant(maybeRequestInfo, 'No requestInfo found in root loader')
11 | 
12 | 	return maybeRequestInfo
13 | }
14 | 
15 | export function useOptionalRequestInfo() {
16 | 	const data = useRouteLoaderData<typeof rootLoader>('root')
17 | 
18 | 	return data?.requestInfo
19 | }
20 | 


--------------------------------------------------------------------------------
/server/app.ts:
--------------------------------------------------------------------------------
 1 | /* eslint-disable import/no-duplicates */
 2 | import 'react-router'
 3 | import { createRequestHandler } from '@react-router/express'
 4 | import express from 'express'
 5 | import { type ServerBuild } from 'react-router'
 6 | 
 7 | declare module 'react-router' {
 8 | 	interface AppLoadContext {
 9 | 		serverBuild: ServerBuild
10 | 	}
11 | }
12 | 
13 | export const app = express()
14 | 
15 | app.use(
16 | 	createRequestHandler({
17 | 		mode: process.env.NODE_ENV ?? 'development',
18 | 		build: () => import('virtual:react-router/server-build'),
19 | 		getLoadContext: async () => ({
20 | 			serverBuild: await import('virtual:react-router/server-build'),
21 | 		}),
22 | 	}),
23 | )
24 | 


--------------------------------------------------------------------------------
/other/svg-icons/laptop.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/laptop.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M2 4.25C2 4.11193 2.11193 4 2.25 4H12.75C12.8881 4 13 4.11193 13 4.25V11.5H2V4.25ZM2.25 3C1.55964 3 1 3.55964 1 4.25V12H0V12.5C0 12.7761 0.223858 13 0.5 13H14.5C14.7761 13 15 12.7761 15 12.5V12H14V4.25C14 3.55964 13.4404 3 12.75 3H2.25Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/docs/decisions/029-remix-auth.md:
--------------------------------------------------------------------------------
 1 | # Remix Auth
 2 | 
 3 | Date: 2023-08-14
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | At the start of Epic Stack, we were using
10 | [remix-auth-form](https://github.com/sergiodxa/remix-auth-form) for our
11 | username/password auth solution. This worked fine, but it really didn't give us
12 | any value over handling the auth song-and-dance ourselves.
13 | 
14 | ## Decision
15 | 
16 | Instead of relying on remix-auth for handling authenticating the user's login
17 | form submission, we'll manage it ourselves.
18 | 
19 | ## Consequences
20 | 
21 | This mostly allows us to remove some code. However, we're going to be keeping
22 | remix auth around for GitHub Auth
23 | 


--------------------------------------------------------------------------------
/app/utils/theme.server.ts:
--------------------------------------------------------------------------------
 1 | import * as cookie from 'cookie'
 2 | 
 3 | const cookieName = 'en_theme'
 4 | export type Theme = 'light' | 'dark'
 5 | 
 6 | export function getTheme(request: Request): Theme | null {
 7 | 	const cookieHeader = request.headers.get('cookie')
 8 | 	const parsed = cookieHeader ? cookie.parse(cookieHeader)[cookieName] : 'light'
 9 | 	if (parsed === 'light' || parsed === 'dark') return parsed
10 | 	return null
11 | }
12 | 
13 | export function setTheme(theme: Theme | 'system') {
14 | 	if (theme === 'system') {
15 | 		return cookie.serialize(cookieName, '', { path: '/', maxAge: -1 })
16 | 	} else {
17 | 		return cookie.serialize(cookieName, theme, { path: '/', maxAge: 31536000 })
18 | 	}
19 | }
20 | 


--------------------------------------------------------------------------------
/react-router.config.ts:
--------------------------------------------------------------------------------
 1 | import { type Config } from '@react-router/dev/config'
 2 | import { sentryOnBuildEnd } from '@sentry/react-router'
 3 | 
 4 | const MODE = process.env.NODE_ENV
 5 | 
 6 | export default {
 7 | 	// Defaults to true. Set to false to enable SPA for all routes.
 8 | 	ssr: true,
 9 | 
10 | 	routeDiscovery: { mode: 'initial' },
11 | 
12 | 	future: {
13 | 		unstable_optimizeDeps: true,
14 | 	},
15 | 
16 | 	buildEnd: async ({ viteConfig, reactRouterConfig, buildManifest }) => {
17 | 		if (MODE === 'production' && process.env.SENTRY_AUTH_TOKEN) {
18 | 			await sentryOnBuildEnd({
19 | 				viteConfig,
20 | 				reactRouterConfig,
21 | 				buildManifest,
22 | 			})
23 | 		}
24 | 	},
25 | } satisfies Config
26 | 


--------------------------------------------------------------------------------
/app/components/ui/textarea.tsx:
--------------------------------------------------------------------------------
 1 | import * as React from 'react'
 2 | 
 3 | import { cn } from '#app/utils/misc.tsx'
 4 | 
 5 | const Textarea = ({
 6 | 	className,
 7 | 	...props
 8 | }: React.ComponentProps<'textarea'>) => {
 9 | 	return (
10 | 		<textarea
11 | 			className={cn(
12 | 				'border-input bg-background ring-offset-background placeholder:text-muted-foreground focus-visible:ring-ring aria-[invalid]:border-input-invalid flex min-h-[80px] w-full rounded-md border px-3 py-2 text-base focus-visible:ring-2 focus-visible:ring-offset-2 focus-visible:outline-hidden disabled:cursor-not-allowed disabled:opacity-50 md:text-sm',
13 | 				className,
14 | 			)}
15 | 			{...props}
16 | 		/>
17 | 	)
18 | }
19 | 
20 | export { Textarea }
21 | 


--------------------------------------------------------------------------------
/tests/mocks/resend.ts:
--------------------------------------------------------------------------------
 1 | import { faker } from '@faker-js/faker'
 2 | import { HttpResponse, http, type HttpHandler } from 'msw'
 3 | import { requireHeader, writeEmail } from './utils.ts'
 4 | 
 5 | const { json } = HttpResponse
 6 | 
 7 | export const handlers: Array<HttpHandler> = [
 8 | 	http.post(`https://api.resend.com/emails`, async ({ request }) => {
 9 | 		requireHeader(request.headers, 'Authorization')
10 | 		const body = await request.json()
11 | 		console.info('🔶 mocked email contents:', body)
12 | 
13 | 		const email = await writeEmail(body)
14 | 
15 | 		return json({
16 | 			id: faker.string.uuid(),
17 | 			from: email.from,
18 | 			to: email.to,
19 | 			created_at: new Date().toISOString(),
20 | 		})
21 | 	}),
22 | ]
23 | 


--------------------------------------------------------------------------------
/app/utils/litefs.server.ts:
--------------------------------------------------------------------------------
 1 | // litefs-js should be used server-side only. It imports `fs` which results in Remix
 2 | // including a big polyfill. So we put the import in a `.server.ts` file to avoid that
 3 | // polyfill from being included. https://github.com/epicweb-dev/epic-stack/pull/331
 4 | export {
 5 | 	getInstanceInfo,
 6 | 	getInstanceInfoSync,
 7 | 	TXID_NUM_COOKIE_NAME,
 8 | 	waitForUpToDateTxNumber,
 9 | 	getTxNumber,
10 | 	getTxSetCookieHeader,
11 | 	checkCookieForTransactionalConsistency,
12 | 	getInternalInstanceDomain,
13 | 	getAllInstances,
14 | } from 'litefs-js'
15 | 
16 | export {
17 | 	ensurePrimary,
18 | 	ensureInstance,
19 | 	getReplayResponse,
20 | 	handleTransactionalConsistency,
21 | 	appendTxNumberCookie,
22 | } from 'litefs-js/remix'
23 | 


--------------------------------------------------------------------------------
/other/svg-icons/plus.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/plus.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M8 2.75C8 2.47386 7.77614 2.25 7.5 2.25C7.22386 2.25 7 2.47386 7 2.75V7H2.75C2.47386 7 2.25 7.22386 2.25 7.5C2.25 7.77614 2.47386 8 2.75 8H7V12.25C7 12.5261 7.22386 12.75 7.5 12.75C7.77614 12.75 8 12.5261 8 12.25V8H12.25C12.5261 8 12.75 7.77614 12.75 7.5C12.75 7.22386 12.5261 7 12.25 7H8V2.75Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/docs/client-hints.md:
--------------------------------------------------------------------------------
 1 | # Client Hints
 2 | 
 3 | > **NOTE:** Find background on this concept in the decision document:
 4 | > `0005-client-pref-cookies.md`.
 5 | 
 6 | [Watch the tip](https://www.epicweb.dev/tips/use-client-hints-to-eliminate-content-layout-shift)
 7 | on [EpicWeb.dev](https://www.epicweb.dev):
 8 | 
 9 | [![Kent smiling with VSCode showing code in the client-hints.tsx file](https://github.com/epicweb-dev/epic-stack/assets/1500684/ede18d0a-c117-4c65-9f1e-a87f262e4ce1)](https://www.epicweb.dev/tips/use-client-hints-to-eliminate-content-layout-shift)
10 | 
11 | This functionality has been moved into `@epic-web/client-hints` and is the
12 | primary source for documentation on this feature. Our integration can be found
13 | in `app/utils/client-hints.tsx`.
14 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/tailwind.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 54 33"><g clip-path="url(#prefix__clip0)"><path fill="#38bdf8" fill-rule="evenodd" d="M27 0c-7.2 0-11.7 3.6-13.5 10.8 2.7-3.6 5.85-4.95 9.45-4.05 2.054.513 3.522 2.004 5.147 3.653C30.744 13.09 33.808 16.2 40.5 16.2c7.2 0 11.7-3.6 13.5-10.8-2.7 3.6-5.85 4.95-9.45 4.05-2.054-.513-3.522-2.004-5.147-3.653C36.756 3.11 33.692 0 27 0zM13.5 16.2C6.3 16.2 1.8 19.8 0 27c2.7-3.6 5.85-4.95 9.45-4.05 2.054.514 3.522 2.004 5.147 3.653C17.244 29.29 20.308 32.4 27 32.4c7.2 0 11.7-3.6 13.5-10.8-2.7 3.6-5.85 4.95-9.45 4.05-2.054-.513-3.522-2.004-5.147-3.653C23.256 19.31 20.192 16.2 13.5 16.2z" clip-rule="evenodd"/></g><defs><clipPath id="prefix__clip0"><path fill="#fff" d="M0 0h54v32.4H0z"/></clipPath></defs></svg>


--------------------------------------------------------------------------------
/other/svg-icons/trash.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/trash.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M5.5 1C5.22386 1 5 1.22386 5 1.5C5 1.77614 5.22386 2 5.5 2H9.5C9.77614 2 10 1.77614 10 1.5C10 1.22386 9.77614 1 9.5 1H5.5ZM3 3.5C3 3.22386 3.22386 3 3.5 3H5H10H11.5C11.7761 3 12 3.22386 12 3.5C12 3.77614 11.7761 4 11.5 4H11V12C11 12.5523 10.5523 13 10 13H5C4.44772 13 4 12.5523 4 12V4L3.5 4C3.22386 4 3 3.77614 3 3.5ZM5 4H10V12H5V4Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/routes/me.tsx:
--------------------------------------------------------------------------------
 1 | import { redirect } from 'react-router'
 2 | import { requireUserId, logout } from '#app/utils/auth.server.ts'
 3 | import { prisma } from '#app/utils/db.server.ts'
 4 | import { type Route } from './+types/me.ts'
 5 | 
 6 | export async function loader({ request }: Route.LoaderArgs) {
 7 | 	const userId = await requireUserId(request)
 8 | 	const user = await prisma.user.findUnique({ where: { id: userId } })
 9 | 	if (!user) {
10 | 		const requestUrl = new URL(request.url)
11 | 		const loginParams = new URLSearchParams([
12 | 			['redirectTo', `${requestUrl.pathname}${requestUrl.search}`],
13 | 		])
14 | 		const redirectTo = `/login?${loginParams}`
15 | 		await logout({ request, redirectTo })
16 | 		return redirect(redirectTo)
17 | 	}
18 | 	return redirect(`/users/${user.username}`)
19 | }
20 | 


--------------------------------------------------------------------------------
/tests/setup/db-setup.ts:
--------------------------------------------------------------------------------
 1 | import path from 'node:path'
 2 | import fsExtra from 'fs-extra'
 3 | import { afterAll, beforeEach } from 'vitest'
 4 | import { BASE_DATABASE_PATH } from './global-setup.ts'
 5 | 
 6 | const databaseFile = `./tests/prisma/data.${process.env.VITEST_POOL_ID || 0}.db`
 7 | const databasePath = path.join(process.cwd(), databaseFile)
 8 | process.env.DATABASE_URL = `file:${databasePath}`
 9 | 
10 | beforeEach(async () => {
11 | 	await fsExtra.copyFile(BASE_DATABASE_PATH, databasePath)
12 | })
13 | 
14 | afterAll(async () => {
15 | 	// we *must* use dynamic imports here so the process.env.DATABASE_URL is set
16 | 	// before prisma is imported and initialized
17 | 	const { prisma } = await import('#app/utils/db.server.ts')
18 | 	await prisma.$disconnect()
19 | 	await fsExtra.remove(databasePath)
20 | })
21 | 


--------------------------------------------------------------------------------
/other/svg-icons/check.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/check.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M11.4669 3.72684C11.7558 3.91574 11.8369 4.30308 11.648 4.59198L7.39799 11.092C7.29783 11.2452 7.13556 11.3467 6.95402 11.3699C6.77247 11.3931 6.58989 11.3355 6.45446 11.2124L3.70446 8.71241C3.44905 8.48022 3.43023 8.08494 3.66242 7.82953C3.89461 7.57412 4.28989 7.55529 4.5453 7.78749L6.75292 9.79441L10.6018 3.90792C10.7907 3.61902 11.178 3.53795 11.4669 3.72684Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/routes/_auth/onboarding/index.server.ts:
--------------------------------------------------------------------------------
 1 | import { invariant } from '@epic-web/invariant'
 2 | import { redirect } from 'react-router'
 3 | import { verifySessionStorage } from '#app/utils/verification.server.ts'
 4 | import { type VerifyFunctionArgs } from '../verify.server.ts'
 5 | import { onboardingEmailSessionKey } from './index.tsx'
 6 | 
 7 | export async function handleVerification({ submission }: VerifyFunctionArgs) {
 8 | 	invariant(
 9 | 		submission.status === 'success',
10 | 		'Submission should be successful by now',
11 | 	)
12 | 	const verifySession = await verifySessionStorage.getSession()
13 | 	verifySession.set(onboardingEmailSessionKey, submission.value.target)
14 | 	return redirect('/onboarding', {
15 | 		headers: {
16 | 			'set-cookie': await verifySessionStorage.commitSession(verifySession),
17 | 		},
18 | 	})
19 | }
20 | 


--------------------------------------------------------------------------------
/app/components/ui/input.tsx:
--------------------------------------------------------------------------------
 1 | import * as React from 'react'
 2 | 
 3 | import { cn } from '#app/utils/misc.tsx'
 4 | 
 5 | const Input = ({
 6 | 	className,
 7 | 	type,
 8 | 	...props
 9 | }: React.ComponentProps<'input'>) => {
10 | 	return (
11 | 		<input
12 | 			data-slot="input"
13 | 			type={type}
14 | 			className={cn(
15 | 				'border-input bg-background ring-offset-background placeholder:text-muted-foreground focus-visible:ring-ring aria-[invalid]:border-input-invalid flex h-10 w-full rounded-md border px-3 py-2 text-base file:border-0 file:bg-transparent file:text-base file:font-medium focus-visible:ring-2 focus-visible:ring-offset-2 focus-visible:outline-hidden disabled:cursor-not-allowed disabled:opacity-50 md:text-sm md:file:text-sm',
16 | 				className,
17 | 			)}
18 | 			{...props}
19 | 		/>
20 | 	)
21 | }
22 | 
23 | export { Input }
24 | 


--------------------------------------------------------------------------------
/app/routes/_auth/onboarding/$provider.server.ts:
--------------------------------------------------------------------------------
 1 | import { invariant } from '@epic-web/invariant'
 2 | import { redirect } from 'react-router'
 3 | import { verifySessionStorage } from '#app/utils/verification.server.ts'
 4 | import { type VerifyFunctionArgs } from '../verify.server.ts'
 5 | import { onboardingEmailSessionKey } from './index.tsx'
 6 | 
 7 | export async function handleVerification({ submission }: VerifyFunctionArgs) {
 8 | 	invariant(
 9 | 		submission.status === 'success',
10 | 		'Submission should be successful by now',
11 | 	)
12 | 	const verifySession = await verifySessionStorage.getSession()
13 | 	verifySession.set(onboardingEmailSessionKey, submission.value.target)
14 | 	return redirect('/onboarding', {
15 | 		headers: {
16 | 			'set-cookie': await verifySessionStorage.commitSession(verifySession),
17 | 		},
18 | 	})
19 | }
20 | 


--------------------------------------------------------------------------------
/app/utils/connections.server.ts:
--------------------------------------------------------------------------------
 1 | // import { createCookieSessionStorage } from 'react-router'
 2 | import { type ProviderName } from './connections.tsx'
 3 | import { GitHubProvider } from './providers/github.server.ts'
 4 | import { type AuthProvider } from './providers/provider.ts'
 5 | import { type Timings } from './timing.server.ts'
 6 | 
 7 | export const providers: Record<ProviderName, AuthProvider> = {
 8 | 	github: new GitHubProvider(),
 9 | }
10 | 
11 | export function handleMockAction(providerName: ProviderName, request: Request) {
12 | 	return providers[providerName].handleMockAction(request)
13 | }
14 | 
15 | export function resolveConnectionData(
16 | 	providerName: ProviderName,
17 | 	providerId: string,
18 | 	options?: { timings?: Timings },
19 | ) {
20 | 	return providers[providerName].resolveConnectionData(providerId, options)
21 | }
22 | 


--------------------------------------------------------------------------------
/other/svg-icons/arrow-right.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/arrow-right.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M8.14645 3.14645C8.34171 2.95118 8.65829 2.95118 8.85355 3.14645L12.8536 7.14645C13.0488 7.34171 13.0488 7.65829 12.8536 7.85355L8.85355 11.8536C8.65829 12.0488 8.34171 12.0488 8.14645 11.8536C7.95118 11.6583 7.95118 11.3417 8.14645 11.1464L11.2929 8H2.5C2.22386 8 2 7.77614 2 7.5C2 7.22386 2.22386 7 2.5 7H11.2929L8.14645 3.85355C7.95118 3.65829 7.95118 3.34171 8.14645 3.14645Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/other/svg-icons/arrow-left.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/arrow-left.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M6.85355 3.14645C7.04882 3.34171 7.04882 3.65829 6.85355 3.85355L3.70711 7H12.5C12.7761 7 13 7.22386 13 7.5C13 7.77614 12.7761 8 12.5 8H3.70711L6.85355 11.1464C7.04882 11.3417 7.04882 11.6583 6.85355 11.8536C6.65829 12.0488 6.34171 12.0488 6.14645 11.8536L2.14645 7.85355C1.95118 7.65829 1.95118 7.34171 2.14645 7.14645L6.14645 3.14645C6.34171 2.95118 6.65829 2.95118 6.85355 3.14645Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/components/ui/sonner.tsx:
--------------------------------------------------------------------------------
 1 | import { Toaster as Sonner } from 'sonner'
 2 | 
 3 | type ToasterProps = React.ComponentProps<typeof Sonner>
 4 | 
 5 | const EpicToaster = ({ theme, ...props }: ToasterProps) => {
 6 | 	return (
 7 | 		<Sonner
 8 | 			theme={theme}
 9 | 			className="toaster group"
10 | 			toastOptions={{
11 | 				classNames: {
12 | 					toast:
13 | 						'group toast group-[.toaster]:bg-background group-[.toaster]:text-foreground group-[.toaster]:border-border group-[.toaster]:shadow-lg',
14 | 					description: 'group-[.toast]:text-muted-foreground',
15 | 					actionButton:
16 | 						'group-[.toast]:bg-primary group-[.toast]:text-primary-foreground',
17 | 					cancelButton:
18 | 						'group-[.toast]:bg-muted group-[.toast]:text-muted-foreground',
19 | 				},
20 | 			}}
21 | 			{...props}
22 | 		/>
23 | 	)
24 | }
25 | 
26 | export { EpicToaster }
27 | 


--------------------------------------------------------------------------------
/app/utils/providers/provider.ts:
--------------------------------------------------------------------------------
 1 | import { type Strategy } from 'remix-auth/strategy'
 2 | import { type Timings } from '../timing.server.ts'
 3 | 
 4 | // Define a user type for cleaner typing
 5 | export type ProviderUser = {
 6 | 	id: string | number
 7 | 	email: string
 8 | 	username?: string
 9 | 	name?: string
10 | 	imageUrl?: string
11 | }
12 | 
13 | export interface AuthProvider {
14 | 	getAuthStrategy(): Strategy<ProviderUser, any> | null
15 | 	handleMockAction(request: Request): Promise<void>
16 | 	resolveConnectionData(
17 | 		providerId: string,
18 | 		options?: { timings?: Timings },
19 | 	): Promise<{
20 | 		displayName: string
21 | 		link?: string | null
22 | 	}>
23 | }
24 | 
25 | export const normalizeEmail = (s: string) => s.toLowerCase()
26 | 
27 | export const normalizeUsername = (s: string) =>
28 | 	s.replace(/[^a-zA-Z0-9_]/g, '_').toLowerCase()
29 | 


--------------------------------------------------------------------------------
/docs/decisions/034-source-maps.md:
--------------------------------------------------------------------------------
 1 | # Source Maps
 2 | 
 3 | Date: 2023-11-03
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Read [016-source-maps](016-source-maps.md) to come up to speed on the context.
10 | 
11 | Because of our built-in sentry support, we need to generate source maps, but we
12 | do not necessarily need to ship source maps to the client. Despite the arguments
13 | made in the original source map decision document, the benefit of shipping
14 | source maps over not shipping them is reduced thanks to Sentry. And the dangers
15 | are still present.
16 | 
17 | ## Decision
18 | 
19 | Delete source maps after they've been uploaded to Sentry.
20 | 
21 | ## Consequences
22 | 
23 | This will mean debugging a production application in the client will be really
24 | hard, but with Sentry properly configured it should definitely not be a problem.
25 | 


--------------------------------------------------------------------------------
/docs/community.md:
--------------------------------------------------------------------------------
 1 | # Community
 2 | 
 3 | Here you can find useful learning resources and tools built and maintained by
 4 | the community, such as libraries, examples, articles, and videos.
 5 | 
 6 | ## Learning resources
 7 | 
 8 | The primary learning resources for the Epic Stack is
 9 | [EpicWeb.dev](https://www.epicweb.dev), [EpicReact.dev](https://epicreact.dev),
10 | and [TestingJavaScript.com](https://testingjavascript.com). On these you will
11 | find free and paid premium content that will help you build epic web
12 | applications (with or without the Epic Stack).
13 | 
14 | The community has put together some additional learning resources that you may
15 | enjoy!
16 | 
17 | ### Videos
18 | 
19 | - **Dark Mode Toggling using Client-preference cookies** by
20 |   [@rajeshdavidbabu](https://github.com/rajeshdavidbabu) - Youtube
21 |   [link](https://www.youtube.com/watch?v=UND-kib_iw4)
22 | 


--------------------------------------------------------------------------------
/other/svg-icons/magnifying-glass.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/magnifying-glass.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M10 6.5C10 8.433 8.433 10 6.5 10C4.567 10 3 8.433 3 6.5C3 4.567 4.567 3 6.5 3C8.433 3 10 4.567 10 6.5ZM9.30884 10.0159C8.53901 10.6318 7.56251 11 6.5 11C4.01472 11 2 8.98528 2 6.5C2 4.01472 4.01472 2 6.5 2C8.98528 2 11 4.01472 11 6.5C11 7.56251 10.6318 8.53901 10.0159 9.30884L12.8536 12.1464C13.0488 12.3417 13.0488 12.6583 12.8536 12.8536C12.6583 13.0488 12.3417 13.0488 12.1464 12.8536L9.30884 10.0159Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/utils/misc.error-message.test.ts:
--------------------------------------------------------------------------------
 1 | import { faker } from '@faker-js/faker'
 2 | import { expect, test } from 'vitest'
 3 | import { consoleError } from '#tests/setup/setup-test-env.ts'
 4 | import { getErrorMessage } from './misc.tsx'
 5 | 
 6 | test('Error object returns message', () => {
 7 | 	const message = faker.lorem.words(2)
 8 | 	expect(getErrorMessage(new Error(message))).toBe(message)
 9 | })
10 | 
11 | test('String returns itself', () => {
12 | 	const message = faker.lorem.words(2)
13 | 	expect(getErrorMessage(message)).toBe(message)
14 | })
15 | 
16 | test('undefined falls back to Unknown', () => {
17 | 	consoleError.mockImplementation(() => {})
18 | 	expect(getErrorMessage(undefined)).toBe('Unknown Error')
19 | 	expect(consoleError).toHaveBeenCalledWith(
20 | 		'Unable to get error message for error',
21 | 		undefined,
22 | 	)
23 | 	expect(consoleError).toHaveBeenCalledTimes(1)
24 | })
25 | 


--------------------------------------------------------------------------------
/docs/memory.md:
--------------------------------------------------------------------------------
 1 | # Memory
 2 | 
 3 | Epic Stack apps start with a single instance with 256MB of memory. This is a
 4 | pretty small amount of memory, but it's enough to get started with. To help
 5 | avoid memory pressure even at that scale, we allocate a 512MB swap file. Learn
 6 | more about this decision in
 7 | [the memory swap decision document](decisions/010-memory-swap.md).
 8 | 
 9 | To modify or increase the swap file, check `.swap_size_mb` in `fly.toml`. This
10 | file is executed before running our app within the `litefs.yml` config.
11 | 
12 | > **NOTE**: PRs welcome to document how to determine the effectiveness of the
13 | > swap file for your app.
14 | 
15 | To increase the memory allocated to your vm, use the
16 | [`fly scale`](https://fly.io/docs/flyctl/scale-memory/) command. You can
17 | [learn more about memory sizing in the Fly docs](https://fly.io/docs/machines/guides-examples/machine-sizing).
18 | 


--------------------------------------------------------------------------------
/other/svg-icons/envelope-closed.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/envelope-closed.svg -->
 4 | <!-- @radix-ui/icons -->
 5 | <!-- https://github.com/radix-ui/icons/blob/master/LICENSE -->
 6 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 7 |   <path
 8 |     fill-rule="evenodd"
 9 |     clip-rule="evenodd"
10 |     d="M1 2C0.447715 2 0 2.44772 0 3V12C0 12.5523 0.447715 13 1 13H14C14.5523 13 15 12.5523 15 12V3C15 2.44772 14.5523 2 14 2H1ZM1 3L14 3V3.92494C13.9174 3.92486 13.8338 3.94751 13.7589 3.99505L7.5 7.96703L1.24112 3.99505C1.16621 3.94751 1.0826 3.92486 1 3.92494V3ZM1 4.90797V12H14V4.90797L7.74112 8.87995C7.59394 8.97335 7.40606 8.97335 7.25888 8.87995L1 4.90797Z"
11 |     fill="currentColor"
12 |   />
13 | </svg>
14 | 


--------------------------------------------------------------------------------
/other/svg-icons/lock-open-1.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/lock-open-1.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M7.4986 0C6.3257 0 5.36107 0.38943 4.73753 1.19361C4.23745 1.83856 4 2.68242 4 3.63325H5C5 2.84313 5.19691 2.23312 5.5278 1.80636C5.91615 1.30552 6.55152 1 7.4986 1C8.35683 1 8.96336 1.26502 9.35846 1.68623C9.75793 2.11211 10 2.76044 10 3.63601V6H3C2.44772 6 2 6.44772 2 7V13C2 13.5523 2.44772 14 3 14H12C12.5523 14 13 13.5523 13 13V7C13 6.44771 12.5523 6 12 6H11V3.63601C11 2.58135 10.7065 1.66167 10.0878 1.0021C9.46477 0.337871 8.57061 0 7.4986 0ZM3 7H12V13H3V7Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/other/svg-icons/pencil-1.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/pencil-1.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M11.8536 1.14645C11.6583 0.951184 11.3417 0.951184 11.1465 1.14645L3.71455 8.57836C3.62459 8.66832 3.55263 8.77461 3.50251 8.89155L2.04044 12.303C1.9599 12.491 2.00189 12.709 2.14646 12.8536C2.29103 12.9981 2.50905 13.0401 2.69697 12.9596L6.10847 11.4975C6.2254 11.4474 6.3317 11.3754 6.42166 11.2855L13.8536 3.85355C14.0488 3.65829 14.0488 3.34171 13.8536 3.14645L11.8536 1.14645ZM4.42166 9.28547L11.5 2.20711L12.7929 3.5L5.71455 10.5784L4.21924 11.2192L3.78081 10.7808L4.42166 9.28547Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/other/svg-icons/reset.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/reset.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M4.85355 2.14645C5.04882 2.34171 5.04882 2.65829 4.85355 2.85355L3.70711 4H9C11.4853 4 13.5 6.01472 13.5 8.5C13.5 10.9853 11.4853 13 9 13H5C4.72386 13 4.5 12.7761 4.5 12.5C4.5 12.2239 4.72386 12 5 12H9C10.933 12 12.5 10.433 12.5 8.5C12.5 6.567 10.933 5 9 5H3.70711L4.85355 6.14645C5.04882 6.34171 5.04882 6.65829 4.85355 6.85355C4.65829 7.04882 4.34171 7.04882 4.14645 6.85355L2.14645 4.85355C1.95118 4.65829 1.95118 4.34171 2.14645 4.14645L4.14645 2.14645C4.34171 1.95118 4.65829 1.95118 4.85355 2.14645Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/github.svg:
--------------------------------------------------------------------------------
1 | <svg width="98" height="96" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z" fill="#24292f"/></svg>


--------------------------------------------------------------------------------
/other/svg-icons/cross-1.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/cross-1.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M12.8536 2.85355C13.0488 2.65829 13.0488 2.34171 12.8536 2.14645C12.6583 1.95118 12.3417 1.95118 12.1464 2.14645L7.5 6.79289L2.85355 2.14645C2.65829 1.95118 2.34171 1.95118 2.14645 2.14645C1.95118 2.34171 1.95118 2.65829 2.14645 2.85355L6.79289 7.5L2.14645 12.1464C1.95118 12.3417 1.95118 12.6583 2.14645 12.8536C2.34171 13.0488 2.65829 13.0488 2.85355 12.8536L7.5 8.20711L12.1464 12.8536C12.3417 13.0488 12.6583 13.0488 12.8536 12.8536C13.0488 12.6583 13.0488 12.3417 12.8536 12.1464L8.20711 7.5L12.8536 2.85355Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/playwright.config.ts:
--------------------------------------------------------------------------------
 1 | import { defineConfig, devices } from '@playwright/test'
 2 | import 'dotenv/config'
 3 | 
 4 | const PORT = process.env.PORT || '3000'
 5 | 
 6 | export default defineConfig({
 7 | 	testDir: './tests/e2e',
 8 | 	timeout: 15 * 1000,
 9 | 	expect: {
10 | 		timeout: 5 * 1000,
11 | 	},
12 | 	fullyParallel: true,
13 | 	forbidOnly: !!process.env.CI,
14 | 	retries: process.env.CI ? 2 : 0,
15 | 	workers: process.env.CI ? 1 : undefined,
16 | 	reporter: 'html',
17 | 	use: {
18 | 		baseURL: `http://localhost:${PORT}/`,
19 | 		trace: 'on-first-retry',
20 | 	},
21 | 
22 | 	projects: [
23 | 		{
24 | 			name: 'chromium',
25 | 			use: {
26 | 				...devices['Desktop Chrome'],
27 | 			},
28 | 		},
29 | 	],
30 | 
31 | 	webServer: {
32 | 		command: process.env.CI ? 'npm run start:mocks' : 'npm run dev',
33 | 		port: Number(PORT),
34 | 		reuseExistingServer: true,
35 | 		stdout: 'pipe',
36 | 		stderr: 'pipe',
37 | 		env: {
38 | 			PORT,
39 | 			NODE_ENV: 'test',
40 | 		},
41 | 	},
42 | })
43 | 


--------------------------------------------------------------------------------
/app/routes/resources/healthcheck.tsx:
--------------------------------------------------------------------------------
 1 | // learn more: https://fly.io/docs/reference/configuration/#services-http_checks
 2 | import { prisma } from '#app/utils/db.server.ts'
 3 | import { type Route } from './+types/healthcheck.ts'
 4 | 
 5 | export async function loader({ request }: Route.LoaderArgs) {
 6 | 	const host =
 7 | 		request.headers.get('X-Forwarded-Host') ?? request.headers.get('host')
 8 | 
 9 | 	try {
10 | 		// if we can connect to the database and make a simple query
11 | 		// and make a HEAD request to ourselves, then we're good.
12 | 		await Promise.all([
13 | 			prisma.user.count(),
14 | 			fetch(`${new URL(request.url).protocol}${host}`, {
15 | 				method: 'HEAD',
16 | 				headers: { 'X-Healthcheck': 'true' },
17 | 			}).then((r) => {
18 | 				if (!r.ok) return Promise.reject(r)
19 | 			}),
20 | 		])
21 | 		return new Response('OK')
22 | 	} catch (error: unknown) {
23 | 		console.log('healthcheck ❌', { error })
24 | 		return new Response('ERROR', { status: 500 })
25 | 	}
26 | }
27 | 


--------------------------------------------------------------------------------
/app/routes/users/$username/notes/index.tsx:
--------------------------------------------------------------------------------
 1 | import { type Route as NotesRoute } from './+types/_layout.ts'
 2 | import { type Route } from './+types/index.ts'
 3 | 
 4 | export default function NotesIndexRoute() {
 5 | 	return (
 6 | 		<div className="container pt-12">
 7 | 			<p className="text-body-md">Select a note</p>
 8 | 		</div>
 9 | 	)
10 | }
11 | 
12 | export const meta: Route.MetaFunction = ({ params, matches }) => {
13 | 	const notesMatch = matches.find(
14 | 		(m) => m?.id === 'routes/users/$username/notes',
15 | 	) as { data: NotesRoute.ComponentProps['loaderData'] }
16 | 
17 | 	const displayName = notesMatch?.data?.owner.name ?? params.username
18 | 	const noteCount = notesMatch?.data?.owner.notes.length ?? 0
19 | 	const notesText = noteCount === 1 ? 'note' : 'notes'
20 | 	return [
21 | 		{ title: `${displayName}'s Notes | Epic Notes` },
22 | 		{
23 | 			name: 'description',
24 | 			content: `Checkout ${displayName}'s ${noteCount} ${notesText} on Epic Notes`,
25 | 		},
26 | 	]
27 | }
28 | 


--------------------------------------------------------------------------------
/docs/email.md:
--------------------------------------------------------------------------------
 1 | # Email
 2 | 
 3 | This document describes how to get [Resend](https://resend.com) (the Epic Stack
 4 | email provider) setup.
 5 | 
 6 | > **NOTE**: this is an optional step. During development the emails will be
 7 | > logged to the terminal and in production if you haven't set the proper
 8 | > environment variables yet you will get a warning until you set the environment
 9 | > variables.
10 | 
11 | Create [an API Key](https://resend.com/api-keys) and set `RESEND_API_KEY` in
12 | both prod and staging:
13 | 
14 | ```sh
15 | fly secrets set RESEND_API_KEY="re_blAh_blaHBlaHblahBLAhBlAh" --app [YOUR_APP_NAME]
16 | fly secrets set RESEND_API_KEY="re_blAh_blaHBlaHblahBLAhBlAh" --app [YOUR_APP_NAME]-staging
17 | ```
18 | 
19 | Setup a [custom sending domain](https://resend.com/domains) and then make sure
20 | to update the `from` email address in `app/utils/email.server.ts` and the
21 | `expect(email.from).toBe` in `tests/e2e/onboarding.test.ts` to the one you want
22 | your emails to come from.
23 | 


--------------------------------------------------------------------------------
/other/svg-icons/exit.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/exit.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M3 1C2.44771 1 2 1.44772 2 2V13C2 13.5523 2.44772 14 3 14H10.5C10.7761 14 11 13.7761 11 13.5C11 13.2239 10.7761 13 10.5 13H3V2L10.5 2C10.7761 2 11 1.77614 11 1.5C11 1.22386 10.7761 1 10.5 1H3ZM12.6036 4.89645C12.4083 4.70118 12.0917 4.70118 11.8964 4.89645C11.7012 5.09171 11.7012 5.40829 11.8964 5.60355L13.2929 7H6.5C6.22386 7 6 7.22386 6 7.5C6 7.77614 6.22386 8 6.5 8H13.2929L11.8964 9.39645C11.7012 9.59171 11.7012 9.90829 11.8964 10.1036C12.0917 10.2988 12.4083 10.2988 12.6036 10.1036L14.8536 7.85355C15.0488 7.65829 15.0488 7.34171 14.8536 7.14645L12.6036 4.89645Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/components/spacer.tsx:
--------------------------------------------------------------------------------
 1 | export function Spacer({
 2 | 	size,
 3 | }: {
 4 | 	/**
 5 | 	 * The size of the space
 6 | 	 *
 7 | 	 * 4xs: h-4 (16px)
 8 | 	 *
 9 | 	 * 3xs: h-8 (32px)
10 | 	 *
11 | 	 * 2xs: h-12 (48px)
12 | 	 *
13 | 	 * xs: h-16 (64px)
14 | 	 *
15 | 	 * sm: h-20 (80px)
16 | 	 *
17 | 	 * md: h-24 (96px)
18 | 	 *
19 | 	 * lg: h-28 (112px)
20 | 	 *
21 | 	 * xl: h-32 (128px)
22 | 	 *
23 | 	 * 2xl: h-36 (144px)
24 | 	 *
25 | 	 * 3xl: h-40 (160px)
26 | 	 *
27 | 	 * 4xl: h-44 (176px)
28 | 	 */
29 | 	size:
30 | 		| '4xs'
31 | 		| '3xs'
32 | 		| '2xs'
33 | 		| 'xs'
34 | 		| 'sm'
35 | 		| 'md'
36 | 		| 'lg'
37 | 		| 'xl'
38 | 		| '2xl'
39 | 		| '3xl'
40 | 		| '4xl'
41 | }) {
42 | 	const options: Record<typeof size, string> = {
43 | 		'4xs': 'h-4',
44 | 		'3xs': 'h-8',
45 | 		'2xs': 'h-12',
46 | 		xs: 'h-16',
47 | 		sm: 'h-20',
48 | 		md: 'h-24',
49 | 		lg: 'h-28',
50 | 		xl: 'h-32',
51 | 		'2xl': 'h-36',
52 | 		'3xl': 'h-40',
53 | 		'4xl': 'h-44',
54 | 	}
55 | 	const className = options[size]
56 | 	return <div className={className} />
57 | }
58 | 


--------------------------------------------------------------------------------
/other/svg-icons/lock-closed.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/lock-closed.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M5 4.63601C5 3.76031 5.24219 3.1054 5.64323 2.67357C6.03934 2.24705 6.64582 1.9783 7.5014 1.9783C8.35745 1.9783 8.96306 2.24652 9.35823 2.67208C9.75838 3.10299 10 3.75708 10 4.63325V5.99999H5V4.63601ZM4 5.99999V4.63601C4 3.58148 4.29339 2.65754 4.91049 1.99307C5.53252 1.32329 6.42675 0.978302 7.5014 0.978302C8.57583 0.978302 9.46952 1.32233 10.091 1.99162C10.7076 2.65557 11 3.57896 11 4.63325V5.99999H12C12.5523 5.99999 13 6.44771 13 6.99999V13C13 13.5523 12.5523 14 12 14H3C2.44772 14 2 13.5523 2 13V6.99999C2 6.44771 2.44772 5.99999 3 5.99999H4ZM3 6.99999H12V13H3V6.99999Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/utils/monitoring.client.tsx:
--------------------------------------------------------------------------------
 1 | import * as Sentry from '@sentry/react-router'
 2 | 
 3 | export function init() {
 4 | 	Sentry.init({
 5 | 		dsn: ENV.SENTRY_DSN,
 6 | 		environment: ENV.MODE,
 7 | 		beforeSend(event) {
 8 | 			if (event.request?.url) {
 9 | 				const url = new URL(event.request.url)
10 | 				if (
11 | 					url.protocol === 'chrome-extension:' ||
12 | 					url.protocol === 'moz-extension:'
13 | 				) {
14 | 					// This error is from a browser extension, ignore it
15 | 					return null
16 | 				}
17 | 			}
18 | 			return event
19 | 		},
20 | 		integrations: [
21 | 			Sentry.replayIntegration(),
22 | 			Sentry.browserProfilingIntegration(),
23 | 		],
24 | 
25 | 		// Set tracesSampleRate to 1.0 to capture 100%
26 | 		// of transactions for performance monitoring.
27 | 		// We recommend adjusting this value in production
28 | 		tracesSampleRate: 1.0,
29 | 
30 | 		// Capture Replay for 10% of all sessions,
31 | 		// plus for 100% of sessions with an error
32 | 		replaysSessionSampleRate: 0.1,
33 | 		replaysOnErrorSampleRate: 1.0,
34 | 	})
35 | }
36 | 


--------------------------------------------------------------------------------
/tests/setup/global-setup.ts:
--------------------------------------------------------------------------------
 1 | import path from 'node:path'
 2 | import { execaCommand } from 'execa'
 3 | import fsExtra from 'fs-extra'
 4 | import 'dotenv/config'
 5 | import '#app/utils/env.server.ts'
 6 | import '#app/utils/cache.server.ts'
 7 | 
 8 | export const BASE_DATABASE_PATH = path.join(
 9 | 	process.cwd(),
10 | 	`./tests/prisma/base.db`,
11 | )
12 | 
13 | export async function setup() {
14 | 	const databaseExists = await fsExtra.pathExists(BASE_DATABASE_PATH)
15 | 
16 | 	if (databaseExists) {
17 | 		const databaseLastModifiedAt = (await fsExtra.stat(BASE_DATABASE_PATH))
18 | 			.mtime
19 | 		const prismaSchemaLastModifiedAt = (
20 | 			await fsExtra.stat('./prisma/schema.prisma')
21 | 		).mtime
22 | 
23 | 		if (prismaSchemaLastModifiedAt < databaseLastModifiedAt) {
24 | 			return
25 | 		}
26 | 	}
27 | 
28 | 	await execaCommand(
29 | 		'npx prisma migrate reset --force --skip-seed --skip-generate',
30 | 		{
31 | 			stdio: 'inherit',
32 | 			env: {
33 | 				...process.env,
34 | 				DATABASE_URL: `file:${BASE_DATABASE_PATH}`,
35 | 			},
36 | 		},
37 | 	)
38 | }
39 | 


--------------------------------------------------------------------------------
/other/svg-icons/dots-horizontal.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/dots-horizontal.svg -->
 4 | <!-- @radix-ui/icons -->
 5 | <!-- https://github.com/radix-ui/icons/blob/master/LICENSE -->
 6 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 7 |   <path
 8 |     fill-rule="evenodd"
 9 |     clip-rule="evenodd"
10 |     d="M3.625 7.5C3.625 8.12132 3.12132 8.625 2.5 8.625C1.87868 8.625 1.375 8.12132 1.375 7.5C1.375 6.87868 1.87868 6.375 2.5 6.375C3.12132 6.375 3.625 6.87868 3.625 7.5ZM8.625 7.5C8.625 8.12132 8.12132 8.625 7.5 8.625C6.87868 8.625 6.375 8.12132 6.375 7.5C6.375 6.87868 6.87868 6.375 7.5 6.375C8.12132 6.375 8.625 6.87868 8.625 7.5ZM12.5 8.625C13.1213 8.625 13.625 8.12132 13.625 7.5C13.625 6.87868 13.1213 6.375 12.5 6.375C11.8787 6.375 11.375 6.87868 11.375 7.5C11.375 8.12132 11.8787 8.625 12.5 8.625Z"
11 |     fill="currentColor"
12 |   />
13 | </svg>
14 | 


--------------------------------------------------------------------------------
/app/utils/headers.server.test.ts:
--------------------------------------------------------------------------------
 1 | import { format, parse } from '@tusbar/cache-control'
 2 | import { expect, test } from 'vitest'
 3 | import { getConservativeCacheControl } from './headers.server.ts'
 4 | 
 5 | test('works for basic usecase', () => {
 6 | 	const result = getConservativeCacheControl(
 7 | 		'max-age=3600',
 8 | 		'max-age=1800, s-maxage=600',
 9 | 		'private, max-age=86400',
10 | 	)
11 | 
12 | 	expect(result).toEqual(
13 | 		format({
14 | 			maxAge: 1800,
15 | 			sharedMaxAge: 600,
16 | 			private: true,
17 | 		}),
18 | 	)
19 | })
20 | test('retains boolean directive', () => {
21 | 	const result = parse(
22 | 		getConservativeCacheControl('private', 'no-cache,no-store'),
23 | 	)
24 | 
25 | 	expect(result.private).toBe(true)
26 | 	expect(result.noCache).toBe(true)
27 | 	expect(result.noStore).toBe(true)
28 | })
29 | test('gets smallest number directive', () => {
30 | 	const result = parse(
31 | 		getConservativeCacheControl(
32 | 			'max-age=10, s-maxage=300',
33 | 			'max-age=300, s-maxage=600',
34 | 		),
35 | 	)
36 | 
37 | 	expect(result.maxAge).toBe(10)
38 | 	expect(result.sharedMaxAge).toBe(300)
39 | })
40 | 


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
 1 | Copyright © 2023 Kent C. Dodds
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 4 | this software and associated documentation files (the “Software”), to deal in
 5 | the Software without restriction, including without limitation the rights to
 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 7 | the Software, and to permit persons to whom the Software is furnished to do so,
 8 | subject to the following conditions:
 9 | 
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 | 
13 | THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
15 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
16 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
17 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
18 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19 | 


--------------------------------------------------------------------------------
/other/svg-icons/clock.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/clock.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M7.50009 0.877014C3.84241 0.877014 0.877258 3.84216 0.877258 7.49984C0.877258 11.1575 3.8424 14.1227 7.50009 14.1227C11.1578 14.1227 14.1229 11.1575 14.1229 7.49984C14.1229 3.84216 11.1577 0.877014 7.50009 0.877014ZM1.82726 7.49984C1.82726 4.36683 4.36708 1.82701 7.50009 1.82701C10.6331 1.82701 13.1729 4.36683 13.1729 7.49984C13.1729 10.6328 10.6331 13.1727 7.50009 13.1727C4.36708 13.1727 1.82726 10.6328 1.82726 7.49984ZM8 4.50001C8 4.22387 7.77614 4.00001 7.5 4.00001C7.22386 4.00001 7 4.22387 7 4.50001V7.50001C7 7.63262 7.05268 7.7598 7.14645 7.85357L9.14645 9.85357C9.34171 10.0488 9.65829 10.0488 9.85355 9.85357C10.0488 9.65831 10.0488 9.34172 9.85355 9.14646L8 7.29291V4.50001Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/docs/apis.md:
--------------------------------------------------------------------------------
 1 | # APIs
 2 | 
 3 | Remix routes have the ability to handle both backend code and UI code in the
 4 | same file. Remix `loader`s and `action`s are backend code that's tightly coupled
 5 | to the UI code for that route.
 6 | 
 7 | Additionally, you can define routes that don't have any UI at all. These are
 8 | called [resource routes](https://remix.run/docs/en/main/guides/resource-routes).
 9 | This allows you to create REST endpoints or a GraphQL endpoint to make your app
10 | data and logic consumable by third parties or additional clients (like a mobile
11 | app). You can also use this to generate PDFs, images, stream multi-media and
12 | more.
13 | 
14 | The Epic Stack has a few resource routes in place for managing images, the
15 | cache, and even has a few
16 | ["full stack components"](https://www.epicweb.dev/full-stack-components) for
17 | components that manage the connection with their associated backend code.
18 | [Watch the talk](https://www.youtube.com/watch?v=30HAT5Quvgk&list=PLV5CVI1eNcJgNqzNwcs4UKrlJdhfDjshf).
19 | 
20 | So, yes, you can absolutely use the Epic Stack to build APIs for consumption by
21 | third party clients.
22 | 


--------------------------------------------------------------------------------
/other/svg-icons/passkey.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" viewBox="30.96 35.2 141.45 151.95">
2 |   <path fill="currentColor" d="M172.32 96.79c0 13.78-8.48 25.5-20.29 29.78l7.14 11.83-10.57 13 10.57 12.71-17.04 22.87-12.01-12.82V125.7c-10.68-4.85-18.15-15.97-18.15-28.91 0-17.4 13.51-31.51 30.18-31.51 16.66 0 30.17 14.11 30.17 31.51zm-30.18 4.82c4.02 0 7.28-3.4 7.28-7.6 0-4.2-3.26-7.61-7.28-7.61s-7.28 3.4-7.28 7.61c-.01 4.2 3.26 7.6 7.28 7.6z"/>
3 |   <path fill="currentColor" d="M172.41 96.88c0 13.62-8.25 25.23-19.83 29.67l6.58 11.84-9.73 13 9.73 12.71-17.03 23.05v-85.54c4.02 0 7.28-3.41 7.28-7.6 0-4.2-3.26-7.61-7.28-7.61V65.28c16.73 0 30.28 14.15 30.28 31.6zm-52.17 34.55c-9.75-8-16.3-20.3-17.2-34.27H50.8c-10.96 0-19.84 9.01-19.84 20.13v25.17c0 5.56 4.44 10.07 9.92 10.07h69.44c5.48 0 9.92-4.51 9.92-10.07v-11.03zm-47.08-40.3c-2.42-.46-4.82-.89-7.11-1.86-8.65-3.63-13.69-10.32-15.32-19.77-1.12-6.47-.59-12.87 2.03-18.92 3.72-8.6 10.39-13.26 19.15-14.84 5.24-.94 10.46-.73 15.5 1.15 7.59 2.82 12.68 8.26 15.03 16.24 2.38 8.05 2.03 16.1-1.56 23.72-3.72 7.96-10.21 12.23-18.42 13.9-.68.14-1.37.27-2.05.41-2.41-.03-4.83-.03-7.25-.03z"/>
4 | </svg>


--------------------------------------------------------------------------------
/tests/utils.ts:
--------------------------------------------------------------------------------
 1 | import * as setCookieParser from 'set-cookie-parser'
 2 | import { sessionKey } from '#app/utils/auth.server.ts'
 3 | import { authSessionStorage } from '#app/utils/session.server.ts'
 4 | 
 5 | export const BASE_URL = 'https://www.epicstack.dev'
 6 | 
 7 | export function convertSetCookieToCookie(setCookie: string) {
 8 | 	const parsedCookie = setCookieParser.parseString(setCookie)
 9 | 	return new URLSearchParams({
10 | 		[parsedCookie.name]: parsedCookie.value,
11 | 	}).toString()
12 | }
13 | 
14 | export async function getSessionSetCookieHeader(
15 | 	session: { id: string },
16 | 	existingCookie?: string,
17 | ) {
18 | 	const authSession = await authSessionStorage.getSession(existingCookie)
19 | 	authSession.set(sessionKey, session.id)
20 | 	const setCookieHeader = await authSessionStorage.commitSession(authSession)
21 | 	return setCookieHeader
22 | }
23 | 
24 | export async function getSessionCookieHeader(
25 | 	session: { id: string },
26 | 	existingCookie?: string,
27 | ) {
28 | 	const setCookieHeader = await getSessionSetCookieHeader(
29 | 		session,
30 | 		existingCookie,
31 | 	)
32 | 	return convertSetCookieToCookie(setCookieHeader)
33 | }
34 | 


--------------------------------------------------------------------------------
/app/routes/admin/cache/lru.$cacheKey.ts:
--------------------------------------------------------------------------------
 1 | import { invariantResponse } from '@epic-web/invariant'
 2 | import { lruCache } from '#app/utils/cache.server.ts'
 3 | import {
 4 | 	getAllInstances,
 5 | 	getInstanceInfo,
 6 | 	ensureInstance,
 7 | } from '#app/utils/litefs.server.ts'
 8 | import { requireUserWithRole } from '#app/utils/permissions.server.ts'
 9 | import { type Route } from './+types/lru.$cacheKey.ts'
10 | 
11 | export async function loader({ request, params }: Route.LoaderArgs) {
12 | 	await requireUserWithRole(request, 'admin')
13 | 	const searchParams = new URL(request.url).searchParams
14 | 	const currentInstanceInfo = await getInstanceInfo()
15 | 	const allInstances = await getAllInstances()
16 | 	const instance =
17 | 		searchParams.get('instance') ?? currentInstanceInfo.currentInstance
18 | 	await ensureInstance(instance)
19 | 
20 | 	const { cacheKey } = params
21 | 	invariantResponse(cacheKey, 'cacheKey is required')
22 | 	return {
23 | 		instance: {
24 | 			hostname: instance,
25 | 			region: allInstances[instance],
26 | 			isPrimary: currentInstanceInfo.primaryInstance === instance,
27 | 		},
28 | 		cacheKey,
29 | 		value: lruCache.get(cacheKey),
30 | 	}
31 | }
32 | 


--------------------------------------------------------------------------------
/app/routes/admin/cache/sqlite.$cacheKey.ts:
--------------------------------------------------------------------------------
 1 | import { invariantResponse } from '@epic-web/invariant'
 2 | import { cache } from '#app/utils/cache.server.ts'
 3 | import {
 4 | 	getAllInstances,
 5 | 	getInstanceInfo,
 6 | 	ensureInstance,
 7 | } from '#app/utils/litefs.server.ts'
 8 | import { requireUserWithRole } from '#app/utils/permissions.server.ts'
 9 | import { type Route } from './+types/sqlite.$cacheKey.ts'
10 | 
11 | export async function loader({ request, params }: Route.LoaderArgs) {
12 | 	await requireUserWithRole(request, 'admin')
13 | 	const searchParams = new URL(request.url).searchParams
14 | 	const currentInstanceInfo = await getInstanceInfo()
15 | 	const allInstances = await getAllInstances()
16 | 	const instance =
17 | 		searchParams.get('instance') ?? currentInstanceInfo.currentInstance
18 | 	await ensureInstance(instance)
19 | 
20 | 	const { cacheKey } = params
21 | 	invariantResponse(cacheKey, 'cacheKey is required')
22 | 	return {
23 | 		instance: {
24 | 			hostname: instance,
25 | 			region: allInstances[instance],
26 | 			isPrimary: currentInstanceInfo.primaryInstance === instance,
27 | 		},
28 | 		cacheKey,
29 | 		value: cache.get(cacheKey),
30 | 	}
31 | }
32 | 


--------------------------------------------------------------------------------
/.env.example:
--------------------------------------------------------------------------------
 1 | LITEFS_DIR="/litefs/data"
 2 | DATABASE_PATH="./prisma/data.db"
 3 | DATABASE_URL="file:./data.db?connection_limit=1"
 4 | CACHE_DATABASE_PATH="./other/cache.db"
 5 | SESSION_SECRET="super-duper-s3cret"
 6 | HONEYPOT_SECRET="super-duper-s3cret"
 7 | RESEND_API_KEY="re_blAh_blaHBlaHblahBLAhBlAh"
 8 | SENTRY_DSN="your-dsn"
 9 | 
10 | # this is set to a random value in the Dockerfile
11 | INTERNAL_COMMAND_TOKEN="some-made-up-token"
12 | 
13 | # the mocks and some code rely on these two being prefixed with "MOCK_"
14 | # if they aren't then the real github api will be attempted
15 | GITHUB_CLIENT_ID="MOCK_GITHUB_CLIENT_ID"
16 | GITHUB_CLIENT_SECRET="MOCK_GITHUB_CLIENT_SECRET"
17 | GITHUB_TOKEN="MOCK_GITHUB_TOKEN"
18 | GITHUB_REDIRECT_URI="https://example.com/auth/github/callback"
19 | 
20 | # set this to false to prevent search engines from indexing the website
21 | # default to allow indexing for seo safety
22 | ALLOW_INDEXING="true"
23 | 
24 | # Tigris Object Storage (S3-compatible) Configuration
25 | AWS_ACCESS_KEY_ID="mock-access-key"
26 | AWS_SECRET_ACCESS_KEY="mock-secret-key"
27 | AWS_REGION="auto"
28 | AWS_ENDPOINT_URL_S3="https://fly.storage.tigris.dev"
29 | BUCKET_NAME="mock-bucket"
30 | 


--------------------------------------------------------------------------------
/tests/e2e/search.test.ts:
--------------------------------------------------------------------------------
 1 | import { expect, test } from '#tests/playwright-utils.ts'
 2 | 
 3 | test('Search from home page', async ({ page, navigate, insertNewUser }) => {
 4 | 	const newUser = await insertNewUser()
 5 | 	await navigate('/')
 6 | 
 7 | 	// Search for an existing user.
 8 | 	await page.getByRole('searchbox', { name: /search/i }).fill(newUser.username)
 9 | 	await page.getByRole('button', { name: /search/i }).click()
10 | 
11 | 	await expect(page.getByText('Epic Notes Users')).toBeVisible()
12 | 	const userList = page.getByRole('main').getByRole('list')
13 | 	await expect(userList.getByRole('listitem')).toHaveCount(1)
14 | 	await expect(
15 | 		userList
16 | 			.getByRole('listitem')
17 | 			.getByRole('link', {
18 | 				name: `${newUser.name || newUser.username} profile`,
19 | 			}),
20 | 	).toBeVisible()
21 | 
22 | 	// Search for a non-existing user.
23 | 	await page.getByRole('searchbox', { name: /search/i }).fill('__nonexistent__')
24 | 	await page.getByRole('button', { name: /search/i }).click()
25 | 	await page.waitForURL(`/users?search=__nonexistent__`)
26 | 
27 | 	await expect(userList.getByRole('listitem')).not.toBeVisible()
28 | 	await expect(page.getByText(/no users found/i)).toBeVisible()
29 | })
30 | 


--------------------------------------------------------------------------------
/other/svg-icons/file-text.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/file-text.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M3 2.5C3 2.22386 3.22386 2 3.5 2H9.08579C9.21839 2 9.34557 2.05268 9.43934 2.14645L11.8536 4.56066C11.9473 4.65443 12 4.78161 12 4.91421V12.5C12 12.7761 11.7761 13 11.5 13H3.5C3.22386 13 3 12.7761 3 12.5V2.5ZM3.5 1C2.67157 1 2 1.67157 2 2.5V12.5C2 13.3284 2.67157 14 3.5 14H11.5C12.3284 14 13 13.3284 13 12.5V4.91421C13 4.51639 12.842 4.13486 12.5607 3.85355L10.1464 1.43934C9.86514 1.15804 9.48361 1 9.08579 1H3.5ZM4.5 4C4.22386 4 4 4.22386 4 4.5C4 4.77614 4.22386 5 4.5 5H7.5C7.77614 5 8 4.77614 8 4.5C8 4.22386 7.77614 4 7.5 4H4.5ZM4.5 7C4.22386 7 4 7.22386 4 7.5C4 7.77614 4.22386 8 4.5 8H10.5C10.7761 8 11 7.77614 11 7.5C11 7.22386 10.7761 7 10.5 7H4.5ZM4.5 10C4.22386 10 4 10.2239 4 10.5C4 10.7761 4.22386 11 4.5 11H10.5C10.7761 11 11 10.7761 11 10.5C11 10.2239 10.7761 10 10.5 10H4.5Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/docs/decisions/022-report-only-csp.md:
--------------------------------------------------------------------------------
 1 | # Report-only CSP
 2 | 
 3 | Date: 2023-07-14
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | The Epic Stack uses a strict
10 | [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
11 | All the reasons for this explained in
12 | [the decision document](./008-content-security-policy.md) still apply. However,
13 | As people adapt the Epic Stack to their own needs, they may easily forget to add
14 | important sources to the CSP. This can lead to a frustrating experience for new
15 | users of the Epic Stack.
16 | 
17 | There's an option for CSPs called `report-only` which allows the browser to
18 | report CSP violations without actually blocking the resource. This turns the CSP
19 | into an opt-in which follows our [guiding principle](#app/guiding-principles.md)
20 | of "Minimize Setup Friction" (similar to deferring setup of third-party services
21 | until they're actually needed).
22 | 
23 | ## Decision
24 | 
25 | Enable report-only on the CSP by default.
26 | 
27 | ## Consequences
28 | 
29 | New users of the Epic Stack won't be blocked by the CSP by default. But this
30 | also means they won't be as safe by default. We'll need to make sure enforcing
31 | the CSP is documented well.
32 | 


--------------------------------------------------------------------------------
/other/svg-icons/camera.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/camera.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M2 3C1.44772 3 1 3.44772 1 4V11C1 11.5523 1.44772 12 2 12H13C13.5523 12 14 11.5523 14 11V4C14 3.44772 13.5523 3 13 3H2ZM0 4C0 2.89543 0.895431 2 2 2H13C14.1046 2 15 2.89543 15 4V11C15 12.1046 14.1046 13 13 13H2C0.895431 13 0 12.1046 0 11V4ZM2 4.25C2 4.11193 2.11193 4 2.25 4H4.75C4.88807 4 5 4.11193 5 4.25V5.75454C5 5.89261 4.88807 6.00454 4.75 6.00454H2.25C2.11193 6.00454 2 5.89261 2 5.75454V4.25ZM12.101 7.58421C12.101 9.02073 10.9365 10.1853 9.49998 10.1853C8.06346 10.1853 6.89893 9.02073 6.89893 7.58421C6.89893 6.14769 8.06346 4.98315 9.49998 4.98315C10.9365 4.98315 12.101 6.14769 12.101 7.58421ZM13.101 7.58421C13.101 9.57302 11.4888 11.1853 9.49998 11.1853C7.51117 11.1853 5.89893 9.57302 5.89893 7.58421C5.89893 5.5954 7.51117 3.98315 9.49998 3.98315C11.4888 3.98315 13.101 5.5954 13.101 7.58421Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/other/svg-icons/download.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/download.svg -->
 4 | <!-- @radix-ui/icons -->
 5 | <!-- https://github.com/radix-ui/icons/blob/master/LICENSE -->
 6 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 7 |   <path
 8 |     fill-rule="evenodd"
 9 |     clip-rule="evenodd"
10 |     d="M7.50005 1.04999C7.74858 1.04999 7.95005 1.25146 7.95005 1.49999V8.41359L10.1819 6.18179C10.3576 6.00605 10.6425 6.00605 10.8182 6.18179C10.994 6.35753 10.994 6.64245 10.8182 6.81819L7.81825 9.81819C7.64251 9.99392 7.35759 9.99392 7.18185 9.81819L4.18185 6.81819C4.00611 6.64245 4.00611 6.35753 4.18185 6.18179C4.35759 6.00605 4.64251 6.00605 4.81825 6.18179L7.05005 8.41359V1.49999C7.05005 1.25146 7.25152 1.04999 7.50005 1.04999ZM2.5 10C2.77614 10 3 10.2239 3 10.5V12C3 12.5539 3.44565 13 3.99635 13H11.0012C11.5529 13 12 12.5528 12 12V10.5C12 10.2239 12.2239 10 12.5 10C12.7761 10 13 10.2239 13 10.5V12C13 13.1041 12.1062 14 11.0012 14H3.99635C2.89019 14 2 13.103 2 12V10.5C2 10.2239 2.22386 10 2.5 10Z"
11 |     fill="currentColor"
12 |   />
13 | </svg>
14 | 


--------------------------------------------------------------------------------
/docs/decisions/017-resend-email.md:
--------------------------------------------------------------------------------
 1 | # Migrating to Resend
 2 | 
 3 | Date: 2023-06-20
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Mailgun changed their pricing model to make it more difficult to understand what
10 | is available within the free tier which motivated us to re-evaluate our
11 | selection here. While mailgun is still a fine service,
12 | [Resend](https://resend.com/) has caught the attention of several users of the
13 | Epic Stack. It has a generous (and obvious) free tier of 3k emails a month. They
14 | check all the boxes regarding table-stakes features you'd expect from an email
15 | service. On top of those things, the UI is simple and easy to use. It's also a
16 | lot cheaper than Mailgun.
17 | 
18 | ## Decision
19 | 
20 | We'll migrate to Resend. As a part of this migration, we're going to avoid
21 | coupling ourselves too closely to it to make it easier to switch to another
22 | provider if you so desire. So we'll be using the REST API instead of the SDK.
23 | 
24 | ## Consequences
25 | 
26 | Code changes are relatively minimal. Only the `app/utils/email.server.ts` util
27 | and the mock for it need to be changed. Then we also need to update
28 | documentation to use the Resend API key instead of the mailgun sending domain,
29 | etc.
30 | 


--------------------------------------------------------------------------------
/app/utils/db.server.ts:
--------------------------------------------------------------------------------
 1 | import { styleText } from 'node:util'
 2 | import { remember } from '@epic-web/remember'
 3 | // Changed import due to issue: https://github.com/remix-run/react-router/pull/12644
 4 | import { PrismaClient } from '@prisma/client/index.js'
 5 | 
 6 | export const prisma = remember('prisma', () => {
 7 | 	// NOTE: if you change anything in this function you'll need to restart
 8 | 	// the dev server to see your changes.
 9 | 
10 | 	// Feel free to change this log threshold to something that makes sense for you
11 | 	const logThreshold = 20
12 | 
13 | 	const client = new PrismaClient({
14 | 		log: [
15 | 			{ level: 'query', emit: 'event' },
16 | 			{ level: 'error', emit: 'stdout' },
17 | 			{ level: 'warn', emit: 'stdout' },
18 | 		],
19 | 	})
20 | 	client.$on('query', async (e) => {
21 | 		if (e.duration < logThreshold) return
22 | 		const color =
23 | 			e.duration < logThreshold * 1.1
24 | 				? 'green'
25 | 				: e.duration < logThreshold * 1.2
26 | 					? 'blue'
27 | 					: e.duration < logThreshold * 1.3
28 | 						? 'yellow'
29 | 						: e.duration < logThreshold * 1.4
30 | 							? 'redBright'
31 | 							: 'red'
32 | 		const dur = styleText(color, `${e.duration}ms`)
33 | 		console.info(`prisma:query - ${dur} - ${e.query}`)
34 | 	})
35 | 	void client.$connect()
36 | 	return client
37 | })
38 | 


--------------------------------------------------------------------------------
/docs/decisions/027-toasts.md:
--------------------------------------------------------------------------------
 1 | # Toasts
 2 | 
 3 | Date: 2023-08-14
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | In the Epic Stack we used the Shadcn toast implementation. This worked ok, but
10 | it did require a lot of custom code for ourselves and did a poor job of managing
11 | multiple toast messages.
12 | 
13 | We also had a shared `flash` session implementation for both toasts and
14 | confetti. This was overly complex.
15 | 
16 | There's another library
17 | [someone told me about](https://twitter.com/ayushverma1194/status/1674848096155467788)
18 | that is a better fit. It's simpler and has an API sufficient to our use cases.
19 | 
20 | It's also sufficiently customizable from a design perspective as well. And it's
21 | actively developed.
22 | 
23 | ## Decision
24 | 
25 | Remove our own toast implementation and use the library instead.
26 | 
27 | Also separate the toast and confetti session implementations. Toasts can
28 | continue to use a regular session, but confetti will be a much simpler cookie.
29 | 
30 | ## Consequences
31 | 
32 | This will limit the level of customizability because we're now relying on a
33 | library for managing toast messages, however it also reduces the maintenance
34 | burden for users of the Epic Stack.
35 | 
36 | This will also simplify the confetti implementation.
37 | 


--------------------------------------------------------------------------------
/docs/decisions/009-region-selection.md:
--------------------------------------------------------------------------------
 1 | # Region Selection
 2 | 
 3 | Date: 2023-06-02
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Fly supports running your app in
10 | [34 regions](https://fly.io/docs/reference/regions/) all over the world. The
11 | Epic Stack is set up to allow you to run in as many of these regions as you
12 | like, but for cost reasons, it's best to start out with a single region until
13 | your app needs that level of scale.
14 | 
15 | Region selection has an important impact on the performance of your app. When
16 | you're choosing a single region, you're choosing who your app is going to be
17 | slower for. So you really should choose the region that's closest to the most
18 | critical/closest users.
19 | 
20 | Unfortunately, there's no way for us to know this for every app. We can't just
21 | select a region for you. And we also can't just select the region that's closest
22 | to you. We need you to actually think about and make this decision.
23 | 
24 | ## Decision
25 | 
26 | Ask which region the app should be deployed to during setup.
27 | 
28 | ## Consequences
29 | 
30 | Forces the developer to make a choice (goes against the "Minimize Setup
31 | Friction" guiding principle). However, we can make it slightly better by
32 | defaulting to the region that's closest to the developer.
33 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/typescript.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <svg width="512" height="512" fill="none" version="1.1" viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
3 | <title>TypeScript logo</title>
4 |  <rect width="512" height="512" rx="50" fill="#3178c6"/>
5 |  <path d="m317 407v50c8.1 4.2 18 7.3 29 9.4s23 3.1 35 3.1c12 0 23-1.1 34-3.4 11-2.3 20-6.1 28-11 8.1-5.3 15-12 19-21s7.1-19 7.1-32c0-9.1-1.4-17-4.1-24s-6.6-13-12-18c-5.1-5.3-11-10-18-14s-15-8.2-24-12c-6.6-2.7-12-5.3-18-7.9-5.2-2.6-9.7-5.2-13-7.8-3.7-2.7-6.5-5.5-8.5-8.4-2-3-3-6.3-3-10 0-3.4 0.89-6.5 2.7-9.3s4.3-5.1 7.5-7.1c3.2-2 7.2-3.5 12-4.6 4.7-1.1 9.9-1.6 16-1.6 4.2 0 8.6 0.31 13 0.94 4.6 0.63 9.3 1.6 14 2.9 4.7 1.3 9.3 2.9 14 4.9 4.4 2 8.5 4.3 12 6.9v-47c-7.6-2.9-16-5.1-25-6.5s-19-2.1-31-2.1c-12 0-23 1.3-34 3.8s-20 6.5-28 12c-8.1 5.4-14 12-19 21-4.7 8.4-7 18-7 30 0 15 4.3 28 13 38 8.6 11 22 19 39 27 6.9 2.8 13 5.6 19 8.3s11 5.5 15 8.4c4.3 2.9 7.7 6.1 10 9.5 2.5 3.4 3.8 7.4 3.8 12 0 3.2-0.78 6.2-2.3 9s-3.9 5.2-7.1 7.2-7.1 3.6-12 4.8c-4.7 1.1-10 1.7-17 1.7-11 0-22-1.9-32-5.7-11-3.8-21-9.5-30-17zm-84-123h64v-41h-179v41h64v183h51z" clip-rule="evenodd" fill="#fff" fill-rule="evenodd" style="fill:#fff"/>
6 | </svg>
7 | 


--------------------------------------------------------------------------------
/app/components/ui/checkbox.tsx:
--------------------------------------------------------------------------------
 1 | import * as CheckboxPrimitive from '@radix-ui/react-checkbox'
 2 | import * as React from 'react'
 3 | 
 4 | import { cn } from '#app/utils/misc.tsx'
 5 | 
 6 | export type CheckboxProps = Omit<
 7 | 	React.ComponentPropsWithoutRef<typeof CheckboxPrimitive.Root>,
 8 | 	'type'
 9 | > & {
10 | 	type?: string
11 | }
12 | 
13 | const Checkbox = ({
14 | 	className,
15 | 	...props
16 | }: React.ComponentProps<typeof CheckboxPrimitive.Root>) => (
17 | 	<CheckboxPrimitive.Root
18 | 		data-slot="checkbox"
19 | 		className={cn(
20 | 			'peer border-primary ring-offset-background focus-visible:ring-ring data-[state=checked]:bg-primary data-[state=checked]:text-primary-foreground size-4 shrink-0 rounded-sm border focus-visible:ring-2 focus-visible:ring-offset-2 focus-visible:outline-hidden disabled:cursor-not-allowed disabled:opacity-50',
21 | 			className,
22 | 		)}
23 | 		{...props}
24 | 	>
25 | 		<CheckboxPrimitive.Indicator
26 | 			data-slot="checkbox-indicator"
27 | 			className={cn('flex items-center justify-center text-current')}
28 | 		>
29 | 			<svg viewBox="0 0 8 8">
30 | 				<path
31 | 					d="M1,4 L3,6 L7,2"
32 | 					stroke="currentcolor"
33 | 					strokeWidth="1"
34 | 					fill="none"
35 | 				/>
36 | 			</svg>
37 | 		</CheckboxPrimitive.Indicator>
38 | 	</CheckboxPrimitive.Root>
39 | )
40 | 
41 | export { Checkbox }
42 | 


--------------------------------------------------------------------------------
/app/routes/_auth/auth.$provider/index.ts:
--------------------------------------------------------------------------------
 1 | import { redirect } from 'react-router'
 2 | import { authenticator } from '#app/utils/auth.server.ts'
 3 | import { handleMockAction } from '#app/utils/connections.server.ts'
 4 | import { ProviderNameSchema } from '#app/utils/connections.tsx'
 5 | import { getReferrerRoute } from '#app/utils/misc.tsx'
 6 | import { getRedirectCookieHeader } from '#app/utils/redirect-cookie.server.ts'
 7 | import { type Route } from './+types/index.ts'
 8 | 
 9 | export async function loader() {
10 | 	return redirect('/login')
11 | }
12 | 
13 | export async function action({ request, params }: Route.ActionArgs) {
14 | 	const providerName = ProviderNameSchema.parse(params.provider)
15 | 
16 | 	try {
17 | 		await handleMockAction(providerName, request)
18 | 		return await authenticator.authenticate(providerName, request)
19 | 	} catch (error: unknown) {
20 | 		if (error instanceof Response) {
21 | 			const formData = await request.formData()
22 | 			const rawRedirectTo = formData.get('redirectTo')
23 | 			const redirectTo =
24 | 				typeof rawRedirectTo === 'string'
25 | 					? rawRedirectTo
26 | 					: getReferrerRoute(request)
27 | 			const redirectToCookie = getRedirectCookieHeader(redirectTo)
28 | 			if (redirectToCookie) {
29 | 				error.headers.append('set-cookie', redirectToCookie)
30 | 			}
31 | 		}
32 | 		throw error
33 | 	}
34 | }
35 | 


--------------------------------------------------------------------------------
/app/utils/session.server.ts:
--------------------------------------------------------------------------------
 1 | import { createCookieSessionStorage } from 'react-router'
 2 | 
 3 | export const authSessionStorage = createCookieSessionStorage({
 4 | 	cookie: {
 5 | 		name: 'en_session',
 6 | 		sameSite: 'lax', // CSRF protection is advised if changing to 'none'
 7 | 		path: '/',
 8 | 		httpOnly: true,
 9 | 		secrets: process.env.SESSION_SECRET.split(','),
10 | 		secure: process.env.NODE_ENV === 'production',
11 | 	},
12 | })
13 | 
14 | // we have to do this because every time you commit the session you overwrite it
15 | // so we store the expiration time in the cookie and reset it every time we commit
16 | const originalCommitSession = authSessionStorage.commitSession
17 | 
18 | Object.defineProperty(authSessionStorage, 'commitSession', {
19 | 	value: async function commitSession(
20 | 		...args: Parameters<typeof originalCommitSession>
21 | 	) {
22 | 		const [session, options] = args
23 | 		if (options?.expires) {
24 | 			session.set('expires', options.expires)
25 | 		}
26 | 		if (options?.maxAge) {
27 | 			session.set('expires', new Date(Date.now() + options.maxAge * 1000))
28 | 		}
29 | 		const expires = session.has('expires')
30 | 			? new Date(session.get('expires'))
31 | 			: undefined
32 | 		const setCookieHeader = await originalCommitSession(session, {
33 | 			...options,
34 | 			expires,
35 | 		})
36 | 		return setCookieHeader
37 | 	},
38 | })
39 | 


--------------------------------------------------------------------------------
/fly.toml:
--------------------------------------------------------------------------------
 1 | app = "epic-stack-template"
 2 | primary_region = "sjc"
 3 | kill_signal = "SIGINT"
 4 | kill_timeout = 5
 5 | processes = [ ]
 6 | swap_size_mb = 512
 7 | 
 8 | [experimental]
 9 | allowed_public_ports = [ ]
10 | auto_rollback = true
11 | 
12 | [mounts]
13 | source = "data"
14 | destination = "/data"
15 | 
16 | [build]
17 | dockerfile = "/other/Dockerfile"
18 | ignorefile = "/other/Dockerfile.dockerignore"
19 | 
20 | [[services]]
21 | internal_port = 8080
22 | processes = [ "app" ]
23 | protocol = "tcp"
24 | script_checks = [ ]
25 | 
26 |   [services.concurrency]
27 |   hard_limit = 100
28 |   soft_limit = 80
29 |   type = "requests"
30 | 
31 |   [[services.ports]]
32 |   handlers = [ "http" ]
33 |   port = 80
34 |   force_https = true
35 | 
36 |   [[services.ports]]
37 |   handlers = [ "tls", "http" ]
38 |   port = 443
39 | 
40 |   [[services.tcp_checks]]
41 |   grace_period = "1s"
42 |   interval = "15s"
43 |   restart_limit = 0
44 |   timeout = "2s"
45 | 
46 |   [[services.http_checks]]
47 |   interval = "10s"
48 |   grace_period = "5s"
49 |   method = "get"
50 |   path = "/resources/healthcheck"
51 |   protocol = "http"
52 |   timeout = "2s"
53 |   tls_skip_verify = false
54 |   headers = { }
55 | 
56 |   [[services.http_checks]]
57 |     grace_period = "10s"
58 |     interval = "30s"
59 |     method = "GET"
60 |     timeout = "5s"
61 |     path = "/litefs/health"
62 | 


--------------------------------------------------------------------------------
/docs/decisions/011-sitemaps.md:
--------------------------------------------------------------------------------
 1 | # Sitemaps
 2 | 
 3 | Date: 2023-06-05
 4 | 
 5 | Status: deprecated
 6 | 
 7 | > Update: The contribution in
 8 | > [#456](https://github.com/epicweb-dev/epic-stack/pull/456) made it quite easy
 9 | > to handle a sitemap so this decision has been reversed.
10 | 
11 | ## Context
12 | 
13 | [Sitemaps](https://developers.google.com/search/docs/crawling-indexing/sitemaps/overview)
14 | are useful to help website crawlers (like search engines) find all the content
15 | on your website. Most of the time they aren't necessary if you're linking
16 | between pages well. However, for large websites with lots of content that are
17 | highly search engine sensitive, they can be useful.
18 | 
19 | It's normally not a big deal to get them wrong if you don't care about it, but
20 | if you really don't care about it, having the code for it can get in the way and
21 | it's kind of annoying.
22 | 
23 | ## Decision
24 | 
25 | Instead of building a sitemap into the template, we'll use
26 | [an example](/docs/examples.md) people can reference to add a sitemap to their
27 | Epic Stack sites if they like.
28 | 
29 | ## Consequences
30 | 
31 | This turns sitemaps into an opt-in for developers using the Epic Stack. Most
32 | people using the Epic Stack probably don't need a sitemap, and those who do will
33 | only need a few minutes of following the example to get it working.
34 | 


--------------------------------------------------------------------------------
/tests/setup/setup-test-env.ts:
--------------------------------------------------------------------------------
 1 | import 'dotenv/config'
 2 | import './db-setup.ts'
 3 | import '#app/utils/env.server.ts'
 4 | // we need these to be imported first 👆
 5 | 
 6 | import { cleanup } from '@testing-library/react'
 7 | import { afterEach, beforeEach, vi, type MockInstance } from 'vitest'
 8 | import { server } from '#tests/mocks/index.ts'
 9 | import './custom-matchers.ts'
10 | 
11 | afterEach(() => server.resetHandlers())
12 | afterEach(() => cleanup())
13 | 
14 | export let consoleError: MockInstance<(typeof console)['error']>
15 | export let consoleWarn: MockInstance<(typeof console)['warn']>
16 | 
17 | beforeEach(() => {
18 | 	const originalConsoleError = console.error
19 | 	consoleError = vi.spyOn(console, 'error')
20 | 	consoleError.mockImplementation(
21 | 		(...args: Parameters<typeof console.error>) => {
22 | 			originalConsoleError(...args)
23 | 			throw new Error(
24 | 				'Console error was called. Call consoleError.mockImplementation(() => {}) if this is expected.',
25 | 			)
26 | 		},
27 | 	)
28 | 
29 | 	const originalConsoleWarn = console.warn
30 | 	consoleWarn = vi.spyOn(console, 'warn')
31 | 	consoleWarn.mockImplementation((...args: Parameters<typeof console.warn>) => {
32 | 		originalConsoleWarn(...args)
33 | 		throw new Error(
34 | 			'Console warn was called. Call consoleWarn.mockImplementation(() => {}) if this is expected.',
35 | 		)
36 | 	})
37 | })
38 | 


--------------------------------------------------------------------------------
/docs/decisions/008-content-security-policy.md:
--------------------------------------------------------------------------------
 1 | # Content Security Policy
 2 | 
 3 | Date: 2023-05-27
 4 | 
 5 | Status: accepted
 6 | 
 7 | Update: [022-report-only-csp.md](./022-report-only-csp.md)
 8 | 
 9 | ## Context
10 | 
11 | A Content Security Policy (CSP) allows a server to inform the browser about the
12 | sources from which it expects to load resources. This helps to prevent
13 | cross-site scripting (XSS) attacks by not allowing the browser to load resources
14 | from any other location than the ones specified in the CSP.
15 | 
16 | CSPs that are overly strict can be a major pain to work with, especially when
17 | using third-party libraries. Still, for the most security, the CSP should be as
18 | strict as possible. Additional sources can be added to the CSP as needed.
19 | 
20 | ## Decision
21 | 
22 | We configure a tight CSP for the default application using
23 | [helmet](https://npm.im/helmet) which is a de-facto standard express middleware
24 | for configuring security headers.
25 | 
26 | ## Consequences
27 | 
28 | Applications using the Epic Stack will start with a safer default configuration
29 | for their CSP. It's pretty simple to add additional sources to the CSP as
30 | needed, but it could definitely be confusing for folks who are unaware of the
31 | CSP to load resources. Documentation will be needed to help people understand
32 | what to do when they get CSP errors.
33 | 


--------------------------------------------------------------------------------
/server/utils/monitoring.ts:
--------------------------------------------------------------------------------
 1 | import { PrismaInstrumentation } from '@prisma/instrumentation'
 2 | import { nodeProfilingIntegration } from '@sentry/profiling-node'
 3 | import * as Sentry from '@sentry/react-router'
 4 | 
 5 | export function init() {
 6 | 	Sentry.init({
 7 | 		dsn: process.env.SENTRY_DSN,
 8 | 		environment: process.env.NODE_ENV,
 9 | 		denyUrls: [
10 | 			/\/resources\/healthcheck/,
11 | 			// TODO: be smarter about the public assets...
12 | 			/\/build\//,
13 | 			/\/favicons\//,
14 | 			/\/img\//,
15 | 			/\/fonts\//,
16 | 			/\/favicon.ico/,
17 | 			/\/site\.webmanifest/,
18 | 		],
19 | 		integrations: [
20 | 			Sentry.prismaIntegration({
21 | 				prismaInstrumentation: new PrismaInstrumentation(),
22 | 			}),
23 | 			Sentry.httpIntegration(),
24 | 			nodeProfilingIntegration(),
25 | 		],
26 | 		tracesSampler(samplingContext) {
27 | 			// ignore healthcheck transactions by other services (consul, etc.)
28 | 			if (samplingContext.request?.url?.includes('/resources/healthcheck')) {
29 | 				return 0
30 | 			}
31 | 			return process.env.NODE_ENV === 'production' ? 1 : 0
32 | 		},
33 | 		beforeSendTransaction(event) {
34 | 			// ignore all healthcheck related transactions
35 | 			//  note that name of header here is case-sensitive
36 | 			if (event.request?.headers?.['x-healthcheck'] === 'true') {
37 | 				return null
38 | 			}
39 | 
40 | 			return event
41 | 		},
42 | 	})
43 | }
44 | 


--------------------------------------------------------------------------------
/app/routes/_auth/reset-password.server.ts:
--------------------------------------------------------------------------------
 1 | import { invariant } from '@epic-web/invariant'
 2 | import { data, redirect } from 'react-router'
 3 | import { prisma } from '#app/utils/db.server.ts'
 4 | import { verifySessionStorage } from '#app/utils/verification.server.ts'
 5 | import { resetPasswordUsernameSessionKey } from './reset-password.tsx'
 6 | import { type VerifyFunctionArgs } from './verify.server.ts'
 7 | 
 8 | export async function handleVerification({ submission }: VerifyFunctionArgs) {
 9 | 	invariant(
10 | 		submission.status === 'success',
11 | 		'Submission should be successful by now',
12 | 	)
13 | 	const target = submission.value.target
14 | 	const user = await prisma.user.findFirst({
15 | 		where: { OR: [{ email: target }, { username: target }] },
16 | 		select: { email: true, username: true },
17 | 	})
18 | 	// we don't want to say the user is not found if the email is not found
19 | 	// because that would allow an attacker to check if an email is registered
20 | 	if (!user) {
21 | 		return data(
22 | 			{ result: submission.reply({ fieldErrors: { code: ['Invalid code'] } }) },
23 | 			{ status: 400 },
24 | 		)
25 | 	}
26 | 
27 | 	const verifySession = await verifySessionStorage.getSession()
28 | 	verifySession.set(resetPasswordUsernameSessionKey, user.username)
29 | 	return redirect('/reset-password', {
30 | 		headers: {
31 | 			'set-cookie': await verifySessionStorage.commitSession(verifySession),
32 | 		},
33 | 	})
34 | }
35 | 


--------------------------------------------------------------------------------
/tests/mocks/index.ts:
--------------------------------------------------------------------------------
 1 | import closeWithGrace from 'close-with-grace'
 2 | import { setupServer } from 'msw/node'
 3 | import { handlers as githubHandlers } from './github.ts'
 4 | import { handlers as pwnedPasswordApiHandlers } from './pwned-passwords.ts'
 5 | import { handlers as resendHandlers } from './resend.ts'
 6 | import { handlers as tigrisHandlers } from './tigris.ts'
 7 | 
 8 | export const server = setupServer(
 9 | 	...resendHandlers,
10 | 	...githubHandlers,
11 | 	...tigrisHandlers,
12 | 	...pwnedPasswordApiHandlers,
13 | )
14 | 
15 | server.listen({
16 | 	onUnhandledRequest(request, print) {
17 | 		// Do not print warnings on unhandled requests to https://<:userId>.ingest.us.sentry.io/api/
18 | 		// Note: a request handler with passthrough is not suited with this type of url
19 | 		//       until there is a more permissible url catching system
20 | 		//       like requested at https://github.com/mswjs/msw/issues/1804
21 | 		if (request.url.includes('.sentry.io')) {
22 | 			return
23 | 		}
24 | 		// React-router-devtools send custom requests internally to handle some functionality, we ignore those
25 | 		if (request.url.includes('__rrdt')) {
26 | 			return
27 | 		}
28 | 		// Print the regular MSW unhandled request warning otherwise.
29 | 		print.warning()
30 | 	},
31 | })
32 | 
33 | if (process.env.NODE_ENV !== 'test') {
34 | 	console.info('🔶 Mock server installed')
35 | 
36 | 	closeWithGrace(() => {
37 | 		server.close()
38 | 	})
39 | }
40 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/eslint.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <!-- Generator: Adobe Illustrator 15.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
 3 | <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 4 | <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 294.825 258.982"
 5 | 	 xml:space="preserve">
 6 | <g>
 7 | 	<path fill="#8080F2" d="M97.021,99.016l48.432-27.962c1.212-0.7,2.706-0.7,3.918,0l48.433,27.962
 8 | 		c1.211,0.7,1.959,1.993,1.959,3.393v55.924c0,1.399-0.748,2.693-1.959,3.394l-48.433,27.962c-1.212,0.7-2.706,0.7-3.918,0
 9 | 		l-48.432-27.962c-1.212-0.7-1.959-1.994-1.959-3.394v-55.924C95.063,101.009,95.81,99.716,97.021,99.016"/>
10 | 	<path fill="#4B32C3" d="M273.336,124.488L215.469,23.816c-2.102-3.64-5.985-6.325-10.188-6.325H89.545
11 | 		c-4.204,0-8.088,2.685-10.19,6.325l-57.867,100.45c-2.102,3.641-2.102,8.236,0,11.877l57.867,99.847
12 | 		c2.102,3.64,5.986,5.501,10.19,5.501h115.735c4.203,0,8.087-1.805,10.188-5.446l57.867-100.01
13 | 		C275.439,132.396,275.439,128.128,273.336,124.488 M225.419,172.898c0,1.48-0.891,2.849-2.174,3.59l-73.71,42.527
14 | 		c-1.282,0.74-2.888,0.74-4.17,0l-73.767-42.527c-1.282-0.741-2.179-2.109-2.179-3.59V87.843c0-1.481,0.884-2.849,2.167-3.59
15 | 		l73.707-42.527c1.282-0.741,2.886-0.741,4.168,0l73.772,42.527c1.283,0.741,2.186,2.109,2.186,3.59V172.898z"/>
16 | </g>
17 | </svg>
18 | 


--------------------------------------------------------------------------------
/docs/decisions/032-csrf.md:
--------------------------------------------------------------------------------
 1 | # Cross-Site Request Forgery
 2 | 
 3 | Date: 2023-10-11
 4 | 
 5 | Status: superseded by [035](./035-remove-csrf.md)
 6 | 
 7 | ## Context
 8 | 
 9 | You can learn all about Cross-Site Request Forgery from
10 | [EpicWeb.dev's forms workshop](https://forms.epicweb.dev/07). The TL;DR idea is
11 | that a malicious adversary can trick a user into making a request to your server
12 | that they did not intend to make. This can be used to make requests to your
13 | server that can do anything that the user can do.
14 | 
15 | To defend against this attack, we need to ensure that the request is coming from
16 | a page that we control. We do this by adding a CSRF token to the page and
17 | checking that the token is present in the request. The token is generated by our
18 | own server and stored in an HTTP-only cookie. This means that it can't be
19 | accessed by third parties, but it will be sent with every request to our server.
20 | We also send that same token within the form submission and then check that the
21 | token in the form matches the token in the cookie.
22 | 
23 | Once set up, this is a fairly straightforward thing to do and there are great
24 | tools to help us do it (`remix-utils` specifically).
25 | 
26 | ## Decision
27 | 
28 | We'll implement CSRF protection to all our authenticated forms.
29 | 
30 | ## Consequences
31 | 
32 | This is a tiny bit invasive to the code, but it doesn't add much complexity.
33 | It's certainly worth the added security.
34 | 


--------------------------------------------------------------------------------
/app/routes/users/$username/notes/$noteId_.edit.tsx:
--------------------------------------------------------------------------------
 1 | import { invariantResponse } from '@epic-web/invariant'
 2 | import { GeneralErrorBoundary } from '#app/components/error-boundary.tsx'
 3 | import { requireUserId } from '#app/utils/auth.server.ts'
 4 | import { prisma } from '#app/utils/db.server.ts'
 5 | import { NoteEditor } from './+shared/note-editor.tsx'
 6 | import { type Route } from './+types/$noteId_.edit.ts'
 7 | 
 8 | export { action } from './+shared/note-editor.server.tsx'
 9 | 
10 | export async function loader({ params, request }: Route.LoaderArgs) {
11 | 	const userId = await requireUserId(request)
12 | 	const note = await prisma.note.findFirst({
13 | 		select: {
14 | 			id: true,
15 | 			title: true,
16 | 			content: true,
17 | 			images: {
18 | 				select: {
19 | 					id: true,
20 | 					altText: true,
21 | 					objectKey: true,
22 | 				},
23 | 			},
24 | 		},
25 | 		where: {
26 | 			id: params.noteId,
27 | 			ownerId: userId,
28 | 		},
29 | 	})
30 | 	invariantResponse(note, 'Not found', { status: 404 })
31 | 	return { note }
32 | }
33 | 
34 | export default function NoteEdit({
35 | 	loaderData,
36 | 	actionData,
37 | }: Route.ComponentProps) {
38 | 	return <NoteEditor note={loaderData.note} actionData={actionData} />
39 | }
40 | 
41 | export function ErrorBoundary() {
42 | 	return (
43 | 		<GeneralErrorBoundary
44 | 			statusHandlers={{
45 | 				404: ({ params }) => (
46 | 					<p>No note with the id "{params.noteId}" exists</p>
47 | 				),
48 | 			}}
49 | 		/>
50 | 	)
51 | }
52 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/sentry.svg:
--------------------------------------------------------------------------------
1 | <svg class="css-lfbo6j e10nushx4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 222 66"
2 |   width="400" height="119">
3 |   <path
4 |     d="M29,2.26a4.67,4.67,0,0,0-8,0L14.42,13.53A32.21,32.21,0,0,1,32.17,40.19H27.55A27.68,27.68,0,0,0,12.09,17.47L6,28a15.92,15.92,0,0,1,9.23,12.17H4.62A.76.76,0,0,1,4,39.06l2.94-5a10.74,10.74,0,0,0-3.36-1.9l-2.91,5a4.54,4.54,0,0,0,1.69,6.24A4.66,4.66,0,0,0,4.62,44H19.15a19.4,19.4,0,0,0-8-17.31l2.31-4A23.87,23.87,0,0,1,23.76,44H36.07a35.88,35.88,0,0,0-16.41-31.8l4.67-8a.77.77,0,0,1,1.05-.27c.53.29,20.29,34.77,20.66,35.17a.76.76,0,0,1-.68,1.13H40.6q.09,1.91,0,3.81h4.78A4.59,4.59,0,0,0,50,39.43a4.49,4.49,0,0,0-.62-2.28Z M124.32,28.28,109.56,9.22h-3.68V34.77h3.73V15.19l15.18,19.58h3.26V9.22h-3.73ZM87.15,23.54h13.23V20.22H87.14V12.53h14.93V9.21H83.34V34.77h18.92V31.45H87.14ZM71.59,20.3h0C66.44,19.06,65,18.08,65,15.7c0-2.14,1.89-3.59,4.71-3.59a12.06,12.06,0,0,1,7.07,2.55l2-2.83a14.1,14.1,0,0,0-9-3c-5.06,0-8.59,3-8.59,7.27,0,4.6,3,6.19,8.46,7.52C74.51,24.74,76,25.78,76,28.11s-2,3.77-5.09,3.77a12.34,12.34,0,0,1-8.3-3.26l-2.25,2.69a15.94,15.94,0,0,0,10.42,3.85c5.48,0,9-2.95,9-7.51C79.75,23.79,77.47,21.72,71.59,20.3ZM195.7,9.22l-7.69,12-7.64-12h-4.46L186,24.67V34.78h3.84V24.55L200,9.22Zm-64.63,3.46h8.37v22.1h3.84V12.68h8.37V9.22H131.08ZM169.41,24.8c3.86-1.07,6-3.77,6-7.63,0-4.91-3.59-8-9.38-8H154.67V34.76h3.8V25.58h6.45l6.48,9.2h4.44l-7-9.82Zm-10.95-2.5V12.6h7.17c3.74,0,5.88,1.77,5.88,4.84s-2.29,4.86-5.84,4.86Z"
5 |     transform="translate(11, 11)" fill="#362d59"></path>
6 | </svg>


--------------------------------------------------------------------------------
/app/components/error-boundary.tsx:
--------------------------------------------------------------------------------
 1 | import { captureException } from '@sentry/react-router'
 2 | import { useEffect, type ReactElement } from 'react'
 3 | import {
 4 | 	type ErrorResponse,
 5 | 	isRouteErrorResponse,
 6 | 	useParams,
 7 | 	useRouteError,
 8 | } from 'react-router'
 9 | import { getErrorMessage } from '#app/utils/misc.tsx'
10 | 
11 | type StatusHandler = (info: {
12 | 	error: ErrorResponse
13 | 	params: Record<string, string | undefined>
14 | }) => ReactElement | null
15 | 
16 | export function GeneralErrorBoundary({
17 | 	defaultStatusHandler = ({ error }) => (
18 | 		<p>
19 | 			{error.status} {error.data}
20 | 		</p>
21 | 	),
22 | 	statusHandlers,
23 | 	unexpectedErrorHandler = (error) => <p>{getErrorMessage(error)}</p>,
24 | }: {
25 | 	defaultStatusHandler?: StatusHandler
26 | 	statusHandlers?: Record<number, StatusHandler>
27 | 	unexpectedErrorHandler?: (error: unknown) => ReactElement | null
28 | }) {
29 | 	const error = useRouteError()
30 | 	const params = useParams()
31 | 	const isResponse = isRouteErrorResponse(error)
32 | 
33 | 	if (typeof document !== 'undefined') {
34 | 		console.error(error)
35 | 	}
36 | 
37 | 	useEffect(() => {
38 | 		if (isResponse) return
39 | 
40 | 		captureException(error)
41 | 	}, [error, isResponse])
42 | 
43 | 	return (
44 | 		<div className="text-h2 container flex items-center justify-center p-20">
45 | 			{isResponse
46 | 				? (statusHandlers?.[error.status] ?? defaultStatusHandler)({
47 | 						error,
48 | 						params,
49 | 					})
50 | 				: unexpectedErrorHandler(error)}
51 | 		</div>
52 | 	)
53 | }
54 | 


--------------------------------------------------------------------------------
/docs/decisions/015-monitoring.md:
--------------------------------------------------------------------------------
 1 | # Monitoring
 2 | 
 3 | Date: 2023-06-09
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Unless you want to be watching your metrics and logs 24/7 you probably want to
10 | be notified when users experience errors in your application. There are great
11 | tools for monitoring your application. I've used Sentry for years and it's
12 | great.
13 | 
14 | One of the guiding principles of the project is to avoid services. The nature of
15 | application monitoring requires that the monitor not be part of the application.
16 | So, we necessarily need to use a service for monitoring.
17 | 
18 | One nice thing about Sentry is it is open source so we can run it ourselves if
19 | we like. However, that may be more work than we want to take on at first.
20 | 
21 | ## Decision
22 | 
23 | We'll set up the Epic Stack to use Sentry and document how you could get it
24 | running yourself if you prefer to self-host it.
25 | 
26 | We'll also ensure that we defer the setup requirement to later so you can still
27 | get started with the Epic Stack without monitoring in place which is very useful
28 | for experiments and makes it easier to remove or adapt to a different solution
29 | if you so desire.
30 | 
31 | ## Consequences
32 | 
33 | We tie the Epic Stack to Sentry a bit, but I think that's a solid trade-off for
34 | the benefit of production error monitoring that Sentry provides. People who need
35 | the scale where Sentry starts to cost money (https://sentry.io/pricing/) will
36 | probably be making money at that point and will be grateful for the monitoring.
37 | 


--------------------------------------------------------------------------------
/other/svg-icons/avatar.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/avatar.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M0.877014 7.49988C0.877014 3.84219 3.84216 0.877045 7.49985 0.877045C11.1575 0.877045 14.1227 3.84219 14.1227 7.49988C14.1227 11.1575 11.1575 14.1227 7.49985 14.1227C3.84216 14.1227 0.877014 11.1575 0.877014 7.49988ZM7.49985 1.82704C4.36683 1.82704 1.82701 4.36686 1.82701 7.49988C1.82701 8.97196 2.38774 10.3131 3.30727 11.3213C4.19074 9.94119 5.73818 9.02499 7.50023 9.02499C9.26206 9.02499 10.8093 9.94097 11.6929 11.3208C12.6121 10.3127 13.1727 8.97172 13.1727 7.49988C13.1727 4.36686 10.6328 1.82704 7.49985 1.82704ZM10.9818 11.9787C10.2839 10.7795 8.9857 9.97499 7.50023 9.97499C6.01458 9.97499 4.71624 10.7797 4.01845 11.9791C4.97952 12.7272 6.18765 13.1727 7.49985 13.1727C8.81227 13.1727 10.0206 12.727 10.9818 11.9787ZM5.14999 6.50487C5.14999 5.207 6.20212 4.15487 7.49999 4.15487C8.79786 4.15487 9.84999 5.207 9.84999 6.50487C9.84999 7.80274 8.79786 8.85487 7.49999 8.85487C6.20212 8.85487 5.14999 7.80274 5.14999 6.50487ZM7.49999 5.10487C6.72679 5.10487 6.09999 5.73167 6.09999 6.50487C6.09999 7.27807 6.72679 7.90487 7.49999 7.90487C8.27319 7.90487 8.89999 7.27807 8.89999 6.50487C8.89999 5.73167 8.27319 5.10487 7.49999 5.10487Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/app/components/ui/tooltip.tsx:
--------------------------------------------------------------------------------
 1 | import * as TooltipPrimitive from '@radix-ui/react-tooltip'
 2 | import * as React from 'react'
 3 | 
 4 | import { cn } from '#app/utils/misc.tsx'
 5 | 
 6 | function TooltipProvider(
 7 | 	props: React.ComponentProps<typeof TooltipPrimitive.Provider>,
 8 | ) {
 9 | 	return <TooltipPrimitive.Provider data-slot="tooltip-provider" {...props} />
10 | }
11 | 
12 | function Tooltip(props: React.ComponentProps<typeof TooltipPrimitive.Root>) {
13 | 	return (
14 | 		<TooltipProvider>
15 | 			<TooltipPrimitive.Root data-slot="tooltip" {...props} />
16 | 		</TooltipProvider>
17 | 	)
18 | }
19 | 
20 | function TooltipTrigger(
21 | 	props: React.ComponentProps<typeof TooltipPrimitive.Trigger>,
22 | ) {
23 | 	return <TooltipPrimitive.Trigger data-slot="tooltip-trigger" {...props} />
24 | }
25 | 
26 | const TooltipContent = ({
27 | 	className,
28 | 	sideOffset = 4,
29 | 	...props
30 | }: React.ComponentProps<typeof TooltipPrimitive.Content>) => (
31 | 	<TooltipPrimitive.Content
32 | 		data-slot="tooltip-content"
33 | 		sideOffset={sideOffset}
34 | 		className={cn(
35 | 			'bg-popover text-popover-foreground animate-in fade-in-0 zoom-in-95 data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=closed]:zoom-out-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 overflow-hidden rounded-md border px-3 py-1.5 text-sm shadow-md',
36 | 			className,
37 | 		)}
38 | 		{...props}
39 | 	/>
40 | )
41 | 
42 | export { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider }
43 | 


--------------------------------------------------------------------------------
/docs/decisions/026-path-aliases.md:
--------------------------------------------------------------------------------
 1 | # Path Aliases
 2 | 
 3 | Date: 2023-08-14
 4 | 
 5 | Status: superseded by [031-imports](./031-imports.md)
 6 | 
 7 | ## Context
 8 | 
 9 | It's pretty common to configure TypeScript to have path aliases for imports.
10 | This allows you to avoid relative imports and makes it easier to move files
11 | around without having to update imports.
12 | 
13 | When the Epic Stack started, we used path imports that were similar to those in
14 | the rest of the Remix ecosystem: `#` referenced the `app/` directory. We added
15 | `tests/` to make it easier to import test utils.
16 | 
17 | However, we've found that this is confusing for new developers. It's not clear
18 | what `#` means, and seeing `import { thing } from 'tests/thing'` is confusing. I
19 | floated the idea of adding another alias for `@/` to be the app directory and or
20 | possibly just moving the `#` to the root and having that be the only alias. But
21 | at the end of the day, we're using TypeScript which will prevent us from making
22 | mistakes and modern editors will automatically handle imports for you anyway.
23 | 
24 | At first it may feel like a pain, but less tooling magic is better and editors
25 | can really help reduce the pain. Additionally, we have ESLint configured to sort
26 | imports for us so we don't have to worry about that either. Just let the editor
27 | update the imports and let ESLint sort them.
28 | 
29 | ## Decision
30 | 
31 | Remove the path aliases from the `tsconfig`.
32 | 
33 | ## Consequences
34 | 
35 | This requires updating all the imports that utilized the path aliases to use
36 | relative imports.
37 | 


--------------------------------------------------------------------------------
/docs/decisions/033-honeypot.md:
--------------------------------------------------------------------------------
 1 | # Honeypot Fields
 2 | 
 3 | Date: 2023-10-11
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | You can learn all about Honeypot Fields from
10 | [EpicWeb.dev's forms workshop](https://forms.epicweb.dev/06). The TL;DR idea is
11 | spam bots go around the internet filling in forms all over the place in hopes of
12 | getting their spammy links on your site among other things. This causes extra
13 | load on your server and in some cases can cause you issues. For example, our
14 | onboarding process sends an email to the user. If a spam bot fills out the form
15 | with a random email address, we'll send an email to that address and cause
16 | confusion in the best case or get marked as spam in the worst case.
17 | 
18 | Most of these spam bots are not very sophisticated and will fill in every field
19 | on the form (even if those fields are visually hidden). We can use this to our
20 | advantage by adding a field to the form that is visually hidden and then
21 | checking that it is empty when the form is submitted. If it is not empty, we
22 | know that the form was filled out by a spam bot and we can ignore it.
23 | 
24 | There are great tools to help us accomplish this (`remix-utils` specifically).
25 | 
26 | ## Decision
27 | 
28 | We'll implement Honeypot Fields to all our public-facing forms. Authenticated
29 | forms won't need this because they're not accessible to spam bots anyway.
30 | 
31 | ## Consequences
32 | 
33 | This is a tiny bit invasive to the code, but it doesn't add much complexity.
34 | It's certainly worth the added benefits to our server (and email
35 | deliverability).
36 | 


--------------------------------------------------------------------------------
/app/utils/permissions.server.ts:
--------------------------------------------------------------------------------
 1 | import { data } from 'react-router'
 2 | import { requireUserId } from './auth.server.ts'
 3 | import { prisma } from './db.server.ts'
 4 | import { type PermissionString, parsePermissionString } from './user.ts'
 5 | 
 6 | export async function requireUserWithPermission(
 7 | 	request: Request,
 8 | 	permission: PermissionString,
 9 | ) {
10 | 	const userId = await requireUserId(request)
11 | 	const permissionData = parsePermissionString(permission)
12 | 	const user = await prisma.user.findFirst({
13 | 		select: { id: true },
14 | 		where: {
15 | 			id: userId,
16 | 			roles: {
17 | 				some: {
18 | 					permissions: {
19 | 						some: {
20 | 							...permissionData,
21 | 							access: permissionData.access
22 | 								? { in: permissionData.access }
23 | 								: undefined,
24 | 						},
25 | 					},
26 | 				},
27 | 			},
28 | 		},
29 | 	})
30 | 	if (!user) {
31 | 		throw data(
32 | 			{
33 | 				error: 'Unauthorized',
34 | 				requiredPermission: permissionData,
35 | 				message: `Unauthorized: required permissions: ${permission}`,
36 | 			},
37 | 			{ status: 403 },
38 | 		)
39 | 	}
40 | 	return user.id
41 | }
42 | 
43 | export async function requireUserWithRole(request: Request, name: string) {
44 | 	const userId = await requireUserId(request)
45 | 	const user = await prisma.user.findFirst({
46 | 		select: { id: true },
47 | 		where: { id: userId, roles: { some: { name } } },
48 | 	})
49 | 	if (!user) {
50 | 		throw data(
51 | 			{
52 | 				error: 'Unauthorized',
53 | 				requiredRole: name,
54 | 				message: `Unauthorized: required role: ${name}`,
55 | 			},
56 | 			{ status: 403 },
57 | 		)
58 | 	}
59 | 	return user.id
60 | }
61 | 


--------------------------------------------------------------------------------
/other/litefs.yml:
--------------------------------------------------------------------------------
 1 | # Documented example: https://github.com/superfly/litefs/blob/dec5a7353292068b830001bd2df4830e646f6a2f/cmd/litefs/etc/litefs.yml
 2 | fuse:
 3 |   # Required. This is the mount directory that applications will
 4 |   # use to access their SQLite databases.
 5 |   dir: '${LITEFS_DIR}'
 6 | 
 7 | data:
 8 |   # Path to internal data storage.
 9 |   dir: '/data/litefs'
10 | 
11 | proxy:
12 |   # matches the internal_port in fly.toml
13 |   addr: ':${INTERNAL_PORT}'
14 |   target: 'localhost:${PORT}'
15 |   db: '${DATABASE_FILENAME}'
16 | 
17 | # The lease section specifies how the cluster will be managed. We're using the
18 | # "consul" lease type so that our application can dynamically change the primary.
19 | #
20 | # These environment variables will be available in your Fly.io application.
21 | lease:
22 |   type: 'consul'
23 |   candidate: ${FLY_REGION == PRIMARY_REGION}
24 |   promote: true
25 |   advertise-url: 'http://${HOSTNAME}.vm.${FLY_APP_NAME}.internal:20202'
26 | 
27 |   consul:
28 |     url: '${FLY_CONSUL_URL}'
29 |     key: 'epic-stack-litefs_20250222/${FLY_APP_NAME}'
30 | 
31 | exec:
32 |   - cmd: npx prisma migrate deploy
33 |     if-candidate: true
34 | 
35 |   # Set the journal mode for the database to WAL. This reduces concurrency deadlock issues
36 |   - cmd: sqlite3 $DATABASE_PATH "PRAGMA journal_mode = WAL;"
37 |     if-candidate: true
38 | 
39 |   # Set the journal mode for the cache to WAL. This reduces concurrency deadlock issues
40 |   - cmd: sqlite3 $CACHE_DATABASE_PATH "PRAGMA journal_mode = WAL;"
41 |     if-candidate: true
42 | 
43 |   # Generate Typed SQL files
44 |   - cmd: npx prisma generate --sql
45 | 
46 |   - cmd: npm start
47 | 


--------------------------------------------------------------------------------
/app/routes/$.tsx:
--------------------------------------------------------------------------------
 1 | // This is called a "splat route" and as it's in the root `/app/routes/`
 2 | // directory, it's a catchall. If no other routes match, this one will and we
 3 | // can know that the user is hitting a URL that doesn't exist. By throwing a
 4 | // 404 from the loader, we can force the error boundary to render which will
 5 | // ensure the user gets the right status code and we can display a nicer error
 6 | // message for them than the Remix and/or browser default.
 7 | 
 8 | import { Link, useLocation } from 'react-router'
 9 | import { GeneralErrorBoundary } from '#app/components/error-boundary.tsx'
10 | import { Icon } from '#app/components/ui/icon.tsx'
11 | 
12 | export function loader() {
13 | 	throw new Response('Not found', { status: 404 })
14 | }
15 | 
16 | export function action() {
17 | 	throw new Response('Not found', { status: 404 })
18 | }
19 | 
20 | export default function NotFound() {
21 | 	// due to the loader, this component will never be rendered, but we'll return
22 | 	// the error boundary just in case.
23 | 	return <ErrorBoundary />
24 | }
25 | 
26 | export function ErrorBoundary() {
27 | 	const location = useLocation()
28 | 	return (
29 | 		<GeneralErrorBoundary
30 | 			statusHandlers={{
31 | 				404: () => (
32 | 					<div className="flex flex-col gap-6">
33 | 						<div className="flex flex-col gap-3">
34 | 							<h1>We can't find this page:</h1>
35 | 							<pre className="text-body-lg break-all whitespace-pre-wrap">
36 | 								{location.pathname}
37 | 							</pre>
38 | 						</div>
39 | 						<Link to="/" className="text-body-md underline">
40 | 							<Icon name="arrow-left">Back to home</Icon>
41 | 						</Link>
42 | 					</div>
43 | 				),
44 | 			}}
45 | 		/>
46 | 	)
47 | }
48 | 


--------------------------------------------------------------------------------
/other/svg-icons/github-logo.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/github-logo.svg -->
 4 | <!-- @radix-ui/icons -->
 5 | <!-- https://github.com/radix-ui/icons/blob/master/LICENSE -->
 6 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 7 |   <path
 8 |     fill-rule="evenodd"
 9 |     clip-rule="evenodd"
10 |     d="M7.49933 0.25C3.49635 0.25 0.25 3.49593 0.25 7.50024C0.25 10.703 2.32715 13.4206 5.2081 14.3797C5.57084 14.446 5.70302 14.2222 5.70302 14.0299C5.70302 13.8576 5.69679 13.4019 5.69323 12.797C3.67661 13.235 3.25112 11.825 3.25112 11.825C2.92132 10.9874 2.44599 10.7644 2.44599 10.7644C1.78773 10.3149 2.49584 10.3238 2.49584 10.3238C3.22353 10.375 3.60629 11.0711 3.60629 11.0711C4.25298 12.1788 5.30335 11.8588 5.71638 11.6732C5.78225 11.205 5.96962 10.8854 6.17658 10.7043C4.56675 10.5209 2.87415 9.89918 2.87415 7.12104C2.87415 6.32925 3.15677 5.68257 3.62053 5.17563C3.54576 4.99226 3.29697 4.25521 3.69174 3.25691C3.69174 3.25691 4.30015 3.06196 5.68522 3.99973C6.26337 3.83906 6.8838 3.75895 7.50022 3.75583C8.1162 3.75895 8.73619 3.83906 9.31523 3.99973C10.6994 3.06196 11.3069 3.25691 11.3069 3.25691C11.7026 4.25521 11.4538 4.99226 11.3795 5.17563C11.8441 5.68257 12.1245 6.32925 12.1245 7.12104C12.1245 9.9063 10.4292 10.5192 8.81452 10.6985C9.07444 10.9224 9.30633 11.3648 9.30633 12.0413C9.30633 13.0102 9.29742 13.7922 9.29742 14.0299C9.29742 14.2239 9.42828 14.4496 9.79591 14.3788C12.6746 13.4179 14.75 10.7025 14.75 7.50024C14.75 3.49593 11.5036 0.25 7.49933 0.25Z"
11 |     fill="currentColor"
12 |   />
13 | </svg>
14 | 


--------------------------------------------------------------------------------
/docs/decisions/006-native-esm.md:
--------------------------------------------------------------------------------
 1 | # Native ESM
 2 | 
 3 | Date: 2023-05-18
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Oh boy, where do I start? The history of JavaScript modules is long and
10 | complicated. I discuss this a bit in my talk
11 | [More than you want to know about ES6 Modules](https://kentcdodds.com/talks/more-than-you-want-to-know-about-es-6-modules).
12 | Many modern packages on npm are now publishing esm-only versions of their
13 | packages. This is fine, but it does mean that using them from a CommonJS module
14 | system requires dynamic imports which is limiting.
15 | 
16 | In Remix v2, ESM will be the default behavior. Everywhere you look, ESM is
17 | becoming more and more the standard module option. CommonJS modules aren't going
18 | anywhere, but it's a good idea to stay on top of the latest.
19 | 
20 | Sadly, this is a bit of a "who moved my cheese" situation. Developers who are
21 | familiar with CommonJS modules will be annoyed by things they were used to doing
22 | in CJS that they can't do the same way in ESM. The biggest is dynamic (and
23 | synchronous) requires. Another is the way that module resolution changes. There
24 | are some packages which aren't quite prepared for ESM and therefore you end up
25 | having to import their exports directly from the files (like radix for example).
26 | This is hopefully a temporary problem.
27 | 
28 | ## Decision
29 | 
30 | We're adopting ESM as the default module system for the Epic Stack.
31 | 
32 | ## Consequences
33 | 
34 | Experienced developers will hit a couple bumps along the way as they change
35 | their mental model for modules. But it's time to do this.
36 | 
37 | Some tools aren't very ergonomic with ESM. This will hopefully improve over
38 | time.
39 | 


--------------------------------------------------------------------------------
/docs/permissions.md:
--------------------------------------------------------------------------------
 1 | # Permissions
 2 | 
 3 | The Epic Stack's Permissions model takes after
 4 | [Role-Based Access Control (RBAC)](https://auth0.com/intro-to-iam/what-is-role-based-access-control-rbac).
 5 | Each user has a set of roles, and each role has a set of permissions. A user's
 6 | permissions are the union of the permissions of all their roles (with the more
 7 | permissive permission taking precedence).
 8 | 
 9 | The default development seed creates fine-grained permissions that include
10 | `create`, `read`, `update`, and `delete` permissions for `user` and `note` with
11 | the access of `own` and `any`. The default seed also creates `user` and `admin`
12 | roles with the sensible permissions for those roles.
13 | 
14 | You can combine these permissions in different ways to support different roles
15 | for different personas of users of your application.
16 | 
17 | The Epic Stack comes with built-in utilities for working with these permissions.
18 | Here are some examples to give you an idea:
19 | 
20 | ```ts
21 | // server-side only utilities
22 | const userCanDeleteAnyUser = await requireUserWithPermission(
23 | 	request,
24 | 	'delete:user:any',
25 | )
26 | const userIsAdmin = await requireUserWithRole(request, 'admin')
27 | ```
28 | 
29 | ```ts
30 | // UI utilities
31 | const user = useUser()
32 | const userCanCreateTheirOwnNotes = userHasPermission(user, 'create:note:own')
33 | const userIsUser = userHasRole(user, 'user')
34 | ```
35 | 
36 | There is currently no UI for managing permissions, but you can use prisma studio
37 | for establishing these.
38 | 
39 | ## Seeding the production database
40 | 
41 | Check [the deployment docs](./deployment.md) for instructions on how to seed the
42 | production database with the roles you want.
43 | 


--------------------------------------------------------------------------------
/app/utils/client-hints.tsx:
--------------------------------------------------------------------------------
 1 | /**
 2 |  * This file contains utilities for using client hints for user preference which
 3 |  * are needed by the server, but are only known by the browser.
 4 |  */
 5 | import { getHintUtils } from '@epic-web/client-hints'
 6 | import {
 7 | 	clientHint as colorSchemeHint,
 8 | 	subscribeToSchemeChange,
 9 | } from '@epic-web/client-hints/color-scheme'
10 | import { clientHint as timeZoneHint } from '@epic-web/client-hints/time-zone'
11 | import * as React from 'react'
12 | import { useRevalidator } from 'react-router'
13 | import { useOptionalRequestInfo, useRequestInfo } from './request-info.ts'
14 | 
15 | const hintsUtils = getHintUtils({
16 | 	theme: colorSchemeHint,
17 | 	timeZone: timeZoneHint,
18 | 	// add other hints here
19 | })
20 | 
21 | export const { getHints } = hintsUtils
22 | 
23 | /**
24 |  * @returns an object with the client hints and their values
25 |  */
26 | export function useHints() {
27 | 	const requestInfo = useRequestInfo()
28 | 	return requestInfo.hints
29 | }
30 | 
31 | export function useOptionalHints() {
32 | 	const requestInfo = useOptionalRequestInfo()
33 | 	return requestInfo?.hints
34 | }
35 | 
36 | /**
37 |  * @returns inline script element that checks for client hints and sets cookies
38 |  * if they are not set then reloads the page if any cookie was set to an
39 |  * inaccurate value.
40 |  */
41 | export function ClientHintCheck({ nonce }: { nonce: string }) {
42 | 	const { revalidate } = useRevalidator()
43 | 	React.useEffect(
44 | 		() => subscribeToSchemeChange(() => revalidate()),
45 | 		[revalidate],
46 | 	)
47 | 
48 | 	return (
49 | 		<script
50 | 			nonce={nonce}
51 | 			dangerouslySetInnerHTML={{
52 | 				__html: hintsUtils.getClientHintCheckScript(),
53 | 			}}
54 | 		/>
55 | 	)
56 | }
57 | 


--------------------------------------------------------------------------------
/docs/decisions/045-rr-auto-routes.md:
--------------------------------------------------------------------------------
 1 | # React Router Auto Routes
 2 | 
 3 | Date: 2025-10-15
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Epic Stack has relied on `remix-flat-routes` to turn the `app/routes` directory
10 | into the route manifest React Router consumes at build time. The library helped
11 | us introduce file-system routing with predictable conventions and has served the
12 | project well. However, its hybrid convention with `+` suffix treats colocation
13 | as the default pattern, which can lead to less organized route structures as
14 | applications grow.
15 | 
16 | We now have
17 | [`react-router-auto-routes`](https://github.com/kenn/react-router-auto-routes),
18 | designed to align with React Router's native conventions and APIs. It keeps the
19 | project close to upstream conventions, lowers the surface of custom tooling we
20 | need to maintain, and gives us a clearer migration path as React Router evolves.
21 | 
22 | ## Decision
23 | 
24 | We will replace `remix-flat-routes` with `react-router-auto-routes` for
25 | generating the application's route manifest. The new tool will become part of
26 | the build and dev pipelines, and any previous configuration specific to
27 | `remix-flat-routes` will be ported to the new conventions.
28 | 
29 | ## Consequences
30 | 
31 | - Auto route generation follows React Router's conventions, reducing the risk of
32 |   breakage when we upgrade React Router in the future.
33 | - Contributors adopt the naming and organization rules defined by
34 |   `react-router-auto-routes`, so we also updated documentation and examples to
35 |   reflect the new folder semantics.
36 | - All existing functionality has been validated with `npm run validate` and
37 |   works correctly with the new routing system.
38 | 


--------------------------------------------------------------------------------
/docs/decisions/013-email-code.md:
--------------------------------------------------------------------------------
 1 | # Email Verification Code
 2 | 
 3 | Date: 2023-06-05
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | When a new user registers, we need to collect their email address so we can send
10 | them a password reset link if they forget their password. Applications may also
11 | need the email for other reasons, but whatever the case may be, we need their
12 | email address, and to reduce spam and user error, we want to verify the email as
13 | well.
14 | 
15 | Currently, the Epic Stack will send the email with a link which the user can
16 | then click and start the onboarding process. This works fine, but it often means
17 | the user is left with a previous dead-end tab open which is kind of annoying
18 | (especially if they are on mobile and the email client opens the link in a
19 | different browser).
20 | 
21 | An alternative to this is to include a verification code in the email and have
22 | the user enter that code into the application. This is a little more work for
23 | the user, but it's not too bad and it means that the user can continue their
24 | work from the same tab they started in.
25 | 
26 | This also has implications if people want to add email verification for
27 | sensitive operations like password resets. If a code system is in place, it
28 | becomes much easier to add that verification to the password reset process as
29 | well.
30 | 
31 | ## Decision
32 | 
33 | We will support both options. The email will include a code and a link, giving
34 | the user the option between the two so they can select the one that works best
35 | for them in the situation.
36 | 
37 | ## Consequences
38 | 
39 | This requires a bit more work, but will ultimately be a better UX and will pave
40 | the way for other features in the future.
41 | 


--------------------------------------------------------------------------------
/docs/secrets.md:
--------------------------------------------------------------------------------
 1 | # Secrets
 2 | 
 3 | Managing secrets in the Epic Stack is done using environment variables and the
 4 | `fly secrets` command.
 5 | 
 6 | > **Warning**: It is very important that you do NOT hard code any secrets in the
 7 | > source code. Even if your app source is not public, there are a lot of reasons
 8 | > this is dangerous and in the epic stack we default to creating source maps
 9 | > which will reveal your hard coded secrets to the public. Read more about this
10 | > in [the source map decision document](./decisions/016-source-maps.md).
11 | 
12 | ## Local development
13 | 
14 | When you need to create a new secret, it's best to add a line to your
15 | `.env.example` file so folks know that secret is necessary. The value you put in
16 | here should be not real because this file is committed to the repository.
17 | 
18 | To keep everything in line with the [guiding principle](./guiding-principles.md)
19 | of "Offline Development," you should also strive make it so whatever service
20 | you're interacting with can be mocked out using MSW in the `test/mocks`
21 | directory.
22 | 
23 | You can also put the real value of the secret in `.env` which is `.gitignore`d
24 | so you can interact with the real service if you need to during development.
25 | 
26 | ## Production secrets
27 | 
28 | To publish a secret to your production and staging applications, you can use the
29 | `fly secrets set` command. For example, if you were integrating with the `tito`
30 | API, to set the `TITO_API_SECRET` secret, you would run the following command:
31 | 
32 | ```sh
33 | fly secrets set TITO_API_SECRET=some_secret_value
34 | fly secrets set TITO_API_SECRET=some_secret_value --app [YOUR_STAGING_APP_NAME]
35 | ```
36 | 
37 | This will redeploy your app with that environment variable set.
38 | 


--------------------------------------------------------------------------------
/docs/decisions/001-typescript-only.md:
--------------------------------------------------------------------------------
 1 | # TypeScript Only
 2 | 
 3 | Date: 2023-05-08
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | The `create-remix` CLI allows users to select whether they want to use
10 | JavaScript instead of TypeScript. This will auto-convert everything to
11 | JavaScript.
12 | 
13 | There is (currently) no way to control this behavior.
14 | 
15 | Teams and individuals building modern web applications have many great reasons
16 | to build them with TypeScript.
17 | 
18 | One of the challenges with TypeScript is getting it configured properly. This is
19 | not an issue with a stack which starts you off on the right foot without needing
20 | to configure anything.
21 | 
22 | Another challenge with TypeScript is handling dependencies that are not written
23 | in TypeScript. This is increasingly becoming less of an issue with more and more
24 | dependencies being written in TypeScript.
25 | 
26 | ## Decision
27 | 
28 | We strongly advise the use of TypeScript even for simple projects and those
29 | worked on by single developers. So instead of working on making this project
30 | work with the JavaScript option of the `create-remix` CLI, we've decided to
31 | throw an error informing the user to try again and select the TypeScript option.
32 | 
33 | We've also made the example script in the `README.md` provide a selected option
34 | of `--typescript` so folks shouldn't even be asked unless they leave off that
35 | flag in which case our error will be thrown.
36 | 
37 | ## Consequences
38 | 
39 | This makes the initial experience not great for folks using JavaScript.
40 | Hopefully the Remix CLI will eventually allow us to have more control over
41 | whether that question is asked.
42 | 
43 | This also may anger some folks who really don't like TypeScript. For those
44 | folks, feel free to fork the starter.
45 | 


--------------------------------------------------------------------------------
/docs/decisions/046-remove-path-aliases.md:
--------------------------------------------------------------------------------
 1 | # Remove Path Aliases
 2 | 
 3 | Date: 2025-10-23
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | In [031-imports](./031-imports.md), we implemented path aliases using both the
10 | `"imports"` field in `package.json` and the `paths` field in `tsconfig.json`.
11 | This was done as a temporary solution because TypeScript didn't natively support
12 | the `"imports"` field, requiring us to maintain both configurations to get
13 | autocomplete and type checking.
14 | 
15 | However, TypeScript has now added native support for the `"imports"` field in
16 | `package.json` (as referenced in the original decision's "yet" link). This means
17 | we no longer need the `paths` configuration in `tsconfig.json` to get proper
18 | TypeScript support for our imports.
19 | 
20 | ## Decision
21 | 
22 | We're removing the path aliases configuration from `tsconfig.json` and relying
23 | solely on the `"imports"` field in `package.json`. This simplifies our
24 | configuration and aligns with the standard Node.js approach.
25 | 
26 | The `"imports"` field will continue to work as before, providing the same import
27 | resolution functionality, but now with full TypeScript support without requiring
28 | duplicate configuration.
29 | 
30 | ## Consequences
31 | 
32 | - **Simplified configuration**: We no longer need to maintain both
33 |   `package.json` imports and `tsconfig.json` paths
34 | - **Standard compliance**: We're now using the standard Node.js approach without
35 |   TypeScript-specific workarounds
36 | - **Reduced maintenance**: One less configuration to keep in sync
37 | - **Better tooling support**: TypeScript now natively understands the
38 |   `"imports"` field, providing better IDE support
39 | 
40 | This supersedes [031-imports](./031-imports.md) as the current approach for
41 | handling imports in the Epic Stack.
42 | 


--------------------------------------------------------------------------------
/docs/decisions/037-generated-internal-command.md:
--------------------------------------------------------------------------------
 1 | # Generated Internal Command Env Var
 2 | 
 3 | Date: 2024-06-19
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | There are use cases where your application needs to talk to itself over HTTP.
10 | One example of this is when a read-replica instance needs to trigger an update
11 | to the cache in the primary instance. This can be done by making an HTTP request
12 | to the primary instance.
13 | 
14 | To secure this communication, we can use a secret token that is shared between
15 | the instances. This token can be stored in the environment variables of the
16 | instances.
17 | 
18 | Originally, this token was manually generated once and set as a secret in the
19 | Fly app. This token was then used in the application code to authenticate the
20 | requests.
21 | 
22 | However, this manual process is error-prone and can lead to security issues if
23 | the token is leaked.
24 | 
25 | An alternative is to generate the token in the Dockerfile and set it as an
26 | environment variable in the Fly app. This way, the token is generated
27 | automatically and is unique for each deployment.
28 | 
29 | One drawback to this is during the deployment process, an old replica might
30 | still be running with the old token. This can cause issues if the new replica is
31 | expecting the new token. However, this should be short-lived and it's also
32 | possible the read replica is running out-of-date code anyway so it may be to our
33 | benefit anyway.
34 | 
35 | ## Decision
36 | 
37 | We will generate the internal command token in the Dockerfile and set it as an
38 | environment variable in the Fly app.
39 | 
40 | ## Consequences
41 | 
42 | We'll need to remove the steps during initial setup and the documentation
43 | instructions. This will simplify the setup process and reduce the risk of
44 | security issues due to leaked tokens.
45 | 


--------------------------------------------------------------------------------
/docs/decisions/042-node-sqlite.md:
--------------------------------------------------------------------------------
 1 | # Node's Built-in SQLite Support
 2 | 
 3 | Date: 2025-03-22
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | The Epic Stack previously used `better-sqlite3` as the SQLite driver for
10 | Node.js. While `better-sqlite3` is a mature and feature-rich library, Node.js
11 | has recently added built-in SQLite support through the `node:sqlite3` module.
12 | This built-in support provides a simpler, more maintainable solution that
13 | doesn't require additional dependencies.
14 | 
15 | The built-in SQLite support in Node.js is based on the same underlying SQLite
16 | engine, ensuring compatibility with our existing database schema and queries. It
17 | also provides a Promise-based API that aligns well with modern JavaScript
18 | practices.
19 | 
20 | ## Decision
21 | 
22 | We will switch from `better-sqlite3` to Node's built-in SQLite support
23 | (`node:sqlite3`) for the following reasons:
24 | 
25 | 1. Reduced dependencies - one less package to maintain and update
26 | 2. Native integration with Node.js - better long-term support and compatibility
27 | 3. Simpler setup - no need to handle native module compilation
28 | 4. Official Node.js support - better reliability and future-proofing
29 | 
30 | ## Consequences
31 | 
32 | This change will require:
33 | 
34 | 1. Updating database connection code to use the new API
35 | 2. Removing `better-sqlite3` from package.json and lockfile
36 | 
37 | The migration should be relatively straightforward since both libraries use the
38 | same underlying SQLite engine. The main changes will be in the API usage
39 | patterns rather than the database functionality itself.
40 | 
41 | This change aligns with our goal of simplifying the stack while maintaining
42 | robust functionality. The built-in SQLite support provides all the features we
43 | need without the overhead of an additional dependency.
44 | 


--------------------------------------------------------------------------------
/docs/testing.md:
--------------------------------------------------------------------------------
 1 | # Testing
 2 | 
 3 | ## Playwright
 4 | 
 5 | We use Playwright for our End-to-End tests in this project. You'll find those in
 6 | the `tests` directory. As you make changes, add to an existing file or create a
 7 | new file in the `tests` directory to test your changes.
 8 | 
 9 | To run these tests in development, run `npm run test:e2e:dev` which will start
10 | the dev server for the app and run Playwright on it.
11 | 
12 | We have a fixture for testing authenticated features without having to go
13 | through the login flow:
14 | 
15 | ```ts
16 | test('my test', async ({ page, login }) => {
17 | 	const user = await login()
18 | 	// you are now logged in
19 | })
20 | ```
21 | 
22 | We also auto-delete the user at the end of your test. That way, we can keep your
23 | local db clean and keep your tests isolated from one another.
24 | 
25 | ## Vitest
26 | 
27 | For lower level tests of utilities and individual components, we use `vitest`.
28 | We have DOM-specific assertion helpers via
29 | [`@testing-library/jest-dom`](https://testing-library.com/jest-dom).
30 | 
31 | ## Type Checking
32 | 
33 | This project uses TypeScript. It's recommended to get TypeScript set up for your
34 | editor to get a really great in-editor experience with type checking and
35 | auto-complete. To run type checking across the whole project, run
36 | `npm run typecheck`.
37 | 
38 | ## Linting
39 | 
40 | This project uses ESLint for linting. That is configured in `.eslintrc.js`.
41 | 
42 | ## Formatting
43 | 
44 | We use [Prettier](https://prettier.io/) for auto-formatting in this project.
45 | It's recommended to install an editor plugin (like the
46 | [VSCode Prettier plugin](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode))
47 | to get auto-formatting on save. There's also a `npm run format` script you can
48 | run to format all files in the project.
49 | 


--------------------------------------------------------------------------------
/app/utils/connections.tsx:
--------------------------------------------------------------------------------
 1 | import { Form } from 'react-router'
 2 | import { z } from 'zod'
 3 | import { Icon } from '#app/components/ui/icon.tsx'
 4 | import { StatusButton } from '#app/components/ui/status-button.tsx'
 5 | import { useIsPending } from './misc.tsx'
 6 | 
 7 | export const GITHUB_PROVIDER_NAME = 'github'
 8 | // to add another provider, set their name here and add it to the providerNames below
 9 | 
10 | export const providerNames = [GITHUB_PROVIDER_NAME] as const
11 | export const ProviderNameSchema = z.enum(providerNames)
12 | export type ProviderName = z.infer<typeof ProviderNameSchema>
13 | 
14 | export const providerLabels: Record<ProviderName, string> = {
15 | 	[GITHUB_PROVIDER_NAME]: 'GitHub',
16 | } as const
17 | 
18 | export const providerIcons: Record<ProviderName, React.ReactNode> = {
19 | 	[GITHUB_PROVIDER_NAME]: <Icon name="github-logo" />,
20 | } as const
21 | 
22 | export function ProviderConnectionForm({
23 | 	redirectTo,
24 | 	type,
25 | 	providerName,
26 | }: {
27 | 	redirectTo?: string | null
28 | 	type: 'Connect' | 'Login' | 'Signup'
29 | 	providerName: ProviderName
30 | }) {
31 | 	const label = providerLabels[providerName]
32 | 	const formAction = `/auth/${providerName}`
33 | 	const isPending = useIsPending({ formAction })
34 | 	return (
35 | 		<Form
36 | 			className="flex items-center justify-center gap-2"
37 | 			action={formAction}
38 | 			method="POST"
39 | 		>
40 | 			{redirectTo ? (
41 | 				<input type="hidden" name="redirectTo" value={redirectTo} />
42 | 			) : null}
43 | 			<StatusButton
44 | 				type="submit"
45 | 				className="w-full"
46 | 				status={isPending ? 'pending' : 'idle'}
47 | 			>
48 | 				<span className="inline-flex items-center gap-1.5">
49 | 					{providerIcons[providerName]}
50 | 					<span>
51 | 						{type} with {label}
52 | 					</span>
53 | 				</span>
54 | 			</StatusButton>
55 | 		</Form>
56 | 	)
57 | }
58 | 


--------------------------------------------------------------------------------
/app/components/search-bar.tsx:
--------------------------------------------------------------------------------
 1 | import { useId } from 'react'
 2 | import { Form, useSearchParams, useSubmit } from 'react-router'
 3 | import { useDebounce, useIsPending } from '#app/utils/misc.tsx'
 4 | import { Icon } from './ui/icon.tsx'
 5 | import { Input } from './ui/input.tsx'
 6 | import { Label } from './ui/label.tsx'
 7 | import { StatusButton } from './ui/status-button.tsx'
 8 | 
 9 | export function SearchBar({
10 | 	status,
11 | 	autoFocus = false,
12 | 	autoSubmit = false,
13 | }: {
14 | 	status: 'idle' | 'pending' | 'success' | 'error'
15 | 	autoFocus?: boolean
16 | 	autoSubmit?: boolean
17 | }) {
18 | 	const id = useId()
19 | 	const [searchParams] = useSearchParams()
20 | 	const submit = useSubmit()
21 | 	const isSubmitting = useIsPending({
22 | 		formMethod: 'GET',
23 | 		formAction: '/users',
24 | 	})
25 | 
26 | 	const handleFormChange = useDebounce(async (form: HTMLFormElement) => {
27 | 		await submit(form)
28 | 	}, 400)
29 | 
30 | 	return (
31 | 		<Form
32 | 			method="GET"
33 | 			action="/users"
34 | 			className="flex flex-wrap items-center justify-center gap-2"
35 | 			onChange={(e) => autoSubmit && handleFormChange(e.currentTarget)}
36 | 		>
37 | 			<div className="flex-1">
38 | 				<Label htmlFor={id} className="sr-only">
39 | 					Search
40 | 				</Label>
41 | 				<Input
42 | 					type="search"
43 | 					name="search"
44 | 					id={id}
45 | 					defaultValue={searchParams.get('search') ?? ''}
46 | 					placeholder="Search"
47 | 					className="w-full"
48 | 					autoFocus={autoFocus}
49 | 				/>
50 | 			</div>
51 | 			<div>
52 | 				<StatusButton
53 | 					type="submit"
54 | 					status={isSubmitting ? 'pending' : status}
55 | 					className="flex w-full items-center justify-center"
56 | 				>
57 | 					<Icon name="magnifying-glass" size="md" />
58 | 					<span className="sr-only">Search</span>
59 | 				</StatusButton>
60 | 			</div>
61 | 		</Form>
62 | 	)
63 | }
64 | 


--------------------------------------------------------------------------------
/app/routes/resources/download-user-data.tsx:
--------------------------------------------------------------------------------
 1 | import { requireUserId } from '#app/utils/auth.server.ts'
 2 | import { prisma } from '#app/utils/db.server.ts'
 3 | import { getDomainUrl, getNoteImgSrc, getUserImgSrc } from '#app/utils/misc.tsx'
 4 | import { type Route } from './+types/download-user-data.ts'
 5 | 
 6 | export async function loader({ request }: Route.LoaderArgs) {
 7 | 	const userId = await requireUserId(request)
 8 | 	const user = await prisma.user.findUniqueOrThrow({
 9 | 		where: { id: userId },
10 | 		// this is one of the *few* instances where you can use "include" because
11 | 		// the goal is to literally get *everything*. Normally you should be
12 | 		// explicit with "select". We're using select for images because we don't
13 | 		// want to send back the entire blob of the image. We'll send a URL they can
14 | 		// use to download it instead.
15 | 		include: {
16 | 			image: {
17 | 				select: {
18 | 					id: true,
19 | 					createdAt: true,
20 | 					updatedAt: true,
21 | 					objectKey: true,
22 | 				},
23 | 			},
24 | 			notes: {
25 | 				include: {
26 | 					images: {
27 | 						select: {
28 | 							id: true,
29 | 							createdAt: true,
30 | 							updatedAt: true,
31 | 							objectKey: true,
32 | 						},
33 | 					},
34 | 				},
35 | 			},
36 | 			password: false, // <-- intentionally omit password
37 | 			sessions: true,
38 | 			roles: true,
39 | 		},
40 | 	})
41 | 
42 | 	const domain = getDomainUrl(request)
43 | 
44 | 	return Response.json({
45 | 		user: {
46 | 			...user,
47 | 			image: user.image
48 | 				? {
49 | 						...user.image,
50 | 						url: domain + getUserImgSrc(user.image.objectKey),
51 | 					}
52 | 				: null,
53 | 			notes: user.notes.map((note) => ({
54 | 				...note,
55 | 				images: note.images.map((image) => ({
56 | 					...image,
57 | 					url: domain + getNoteImgSrc(image.objectKey),
58 | 				})),
59 | 			})),
60 | 		},
61 | 	})
62 | }
63 | 


--------------------------------------------------------------------------------
/docs/image-optimization.md:
--------------------------------------------------------------------------------
 1 | # Image Optimization
 2 | 
 3 | The Epic Stack uses [openimg](https://github.com/andrelandgraf/openimg) to
 4 | optimize images on demand, introduced via
 5 | [this decision doc](./decisions/041-image-optimization.md).
 6 | 
 7 | ## Server Part
 8 | 
 9 | The [/resources/images](../app/routes/resources/images.tsx) endpoint accepts the
10 | search parameters `src`, `w` (width), `h` (height), `format`, and `fit` to
11 | perform image transformations and serve optimized variants. The transformations
12 | are performed with `sharp`, and the optimized images are cached in
13 | `./data/images` on the filesystem and via HTTP caching. All transformations
14 | happen via stream processing, so images are never loaded fully into memory at
15 | once.
16 | 
17 | ## Client Part
18 | 
19 | On the client side, the `Img` React component from openimg/react is used to
20 | query the [/resources/images](../app/routes/resources/images.tsx) endpoint with
21 | the appropriate query parameters, including the source image string. The
22 | component renders a picture element that requests modern formats and sets
23 | attributes such as `fetchpriority`, `loading`, and `decoding` to optimize image
24 | loading. It also computes `srcset` and `sizes` based on the provided `width` and
25 | `height` props. Use the `isAboveFold` prop on the `Img` component to priotize
26 | images that should load immediately.
27 | 
28 | ## Image Sources
29 | 
30 | If you want to add a new image storage location, update the
31 | [/resources/images](../app/routes/resources/images.tsx) endpoint and modify
32 | `getSource` and `allowlistedOrigins` to instruct openimg on how to retrieve the
33 | source images from the new location. Currently, the endpoint uses fetch requests
34 | to retrieve user images from the resource route endpoints and the filesystem to
35 | retrieve static application assets from the public and assets folders.
36 | 


--------------------------------------------------------------------------------
/other/svg-icons/update.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/update.svg -->
 4 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 5 |   <path
 6 |     fill-rule="evenodd"
 7 |     clip-rule="evenodd"
 8 |     d="M1.90321 7.29677C1.90321 10.341 4.11041 12.4147 6.58893 12.8439C6.87255 12.893 7.06266 13.1627 7.01355 13.4464C6.96444 13.73 6.69471 13.9201 6.41109 13.871C3.49942 13.3668 0.86084 10.9127 0.86084 7.29677C0.860839 5.76009 1.55996 4.55245 2.37639 3.63377C2.96124 2.97568 3.63034 2.44135 4.16846 2.03202L2.53205 2.03202C2.25591 2.03202 2.03205 1.80816 2.03205 1.53202C2.03205 1.25588 2.25591 1.03202 2.53205 1.03202L5.53205 1.03202C5.80819 1.03202 6.03205 1.25588 6.03205 1.53202L6.03205 4.53202C6.03205 4.80816 5.80819 5.03202 5.53205 5.03202C5.25591 5.03202 5.03205 4.80816 5.03205 4.53202L5.03205 2.68645L5.03054 2.68759L5.03045 2.68766L5.03044 2.68767L5.03043 2.68767C4.45896 3.11868 3.76059 3.64538 3.15554 4.3262C2.44102 5.13021 1.90321 6.10154 1.90321 7.29677ZM13.0109 7.70321C13.0109 4.69115 10.8505 2.6296 8.40384 2.17029C8.12093 2.11718 7.93465 1.84479 7.98776 1.56188C8.04087 1.27898 8.31326 1.0927 8.59616 1.14581C11.4704 1.68541 14.0532 4.12605 14.0532 7.70321C14.0532 9.23988 13.3541 10.4475 12.5377 11.3662C11.9528 12.0243 11.2837 12.5586 10.7456 12.968L12.3821 12.968C12.6582 12.968 12.8821 13.1918 12.8821 13.468C12.8821 13.7441 12.6582 13.968 12.3821 13.968L9.38205 13.968C9.10591 13.968 8.88205 13.7441 8.88205 13.468L8.88205 10.468C8.88205 10.1918 9.10591 9.96796 9.38205 9.96796C9.65819 9.96796 9.88205 10.1918 9.88205 10.468L9.88205 12.3135L9.88362 12.3123C10.4551 11.8813 11.1535 11.3546 11.7585 10.6738C12.4731 9.86976 13.0109 8.89844 13.0109 7.70321Z"
 9 |     fill="currentColor"
10 |   />
11 | </svg>
12 | 


--------------------------------------------------------------------------------
/docs/decisions/020-icons.md:
--------------------------------------------------------------------------------
 1 | # Icons
 2 | 
 3 | Date: 2023-06-28
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Icons are a critical part to every application. It helps users quickly identify
10 | different actions they can take and the meaning of different elements on the
11 | page. It's pretty well accepted that SVGs are the way to go with icons, but
12 | there are a few different options for how to go about doing this.
13 | 
14 | Because the Epic Stack is using React, it may feel obvious to just use a
15 | component per icon and inline the SVG in the component. This is fine, but it's
16 | sub-optimal. I'm not going to spend time explaining why, because
17 | [this article does a great job of that](https://benadam.me/thoughts/react-svg-sprites/).
18 | 
19 | SVG sprites are no less ergonomic than inline SVGs in React because in either
20 | case you need to do some sort of transformation of the SVG to make it useable in
21 | the application. If you inline SVGs, you have [SVGR](https://react-svgr.com/) to
22 | automate this process. So if we can automate the process of creating and
23 | consuming a sprite, we're in a fine place.
24 | 
25 | And [rmx-cli](https://github.com/kiliman/rmx-cli) has support for automating the
26 | creation of an SVG sprite.
27 | 
28 | One drawback to sprites is you don't typically install a library of icons and
29 | then use them like regular components. You do need to have a process for adding
30 | these to the sprite. And you wouldn't want to add every possible icon as there's
31 | no "tree-shaking" for sprites.
32 | 
33 | ## Decision
34 | 
35 | Setup the project to use SVG sprites with `rmx-cli`.
36 | 
37 | ## Consequences
38 | 
39 | We'll need to document the process of adding SVGs. It's still possible to simply
40 | install a library of icons and use them as components if you're ok with the
41 | trade-offs of that approach. But the default in the starter will be to use
42 | sprites.
43 | 


--------------------------------------------------------------------------------
/docs/getting-started.md:
--------------------------------------------------------------------------------
 1 | # Getting Started with the Epic Stack
 2 | 
 3 | The Epic Stack is a [Remix Stack](https://remix.run/stacks). To start your Epic
 4 | Stack, run the following [`npx`](https://docs.npmjs.com/cli/v9/commands/npx)
 5 | command using the current LTS version of Node.js:
 6 | 
 7 | ```sh
 8 | npx epicli new <project-name>
 9 | ```
10 | 
11 | This will prompt you for a project name (the name of the directory to put your
12 | project). Once you've selected that, the CLI will start the setup process.
13 | 
14 | Once the setup is complete, go ahead and `cd` into the new project directory and
15 | run `npm run dev` to get the app started.
16 | 
17 | Check the project README.md for instructions on getting the app deployed. You'll
18 | want to get this done early in the process to make sure you're all set up
19 | properly.
20 | 
21 | If you'd like to skip some of the setup steps, you can set the following
22 | environment variables when you run the script:
23 | 
24 | - `SKIP_SETUP` - skips running `npm run setup`
25 | - `SKIP_FORMAT` - skips running `npm run format`
26 | - `SKIP_DEPLOYMENT` - skips deployment setup
27 | 
28 | So, if you enabled all of these it would be:
29 | 
30 | ```sh
31 | SKIP_SETUP=true SKIP_FORMAT=true SKIP_DEPLOYMENT=true npx epicli new
32 | ```
33 | 
34 | Or, on windows:
35 | 
36 | ```
37 | set SKIP_SETUP=true && set SKIP_FORMAT=true && set SKIP_DEPLOYMENT=true && npx epicli new
38 | ```
39 | 
40 | ## Development
41 | 
42 | - Initial setup:
43 | 
44 |   ```sh
45 |   npm run setup
46 |   ```
47 | 
48 | - Seed database:
49 | 
50 |   ```sh
51 |   npx prisma@6 db seed
52 |   ```
53 | 
54 | - Start dev server:
55 | 
56 |   ```sh
57 |   npm run dev
58 |   ```
59 | 
60 | This starts your app in development mode, rebuilding assets on file changes.
61 | 
62 | The database seed script creates a new user with some data you can use to get
63 | started:
64 | 
65 | - Username: `kody`
66 | - Password: `kodylovesyou`
67 | 


--------------------------------------------------------------------------------
/app/components/ui/button.tsx:
--------------------------------------------------------------------------------
 1 | import { Slot } from '@radix-ui/react-slot'
 2 | import { cva, type VariantProps } from 'class-variance-authority'
 3 | import * as React from 'react'
 4 | 
 5 | import { cn } from '#app/utils/misc.tsx'
 6 | 
 7 | const buttonVariants = cva(
 8 | 	'ring-ring ring-offset-background inline-flex items-center justify-center rounded-md text-sm font-medium ring-offset-2 outline-hidden transition-colors focus-within:ring-2 focus-visible:ring-2 disabled:pointer-events-none disabled:opacity-50',
 9 | 	{
10 | 		variants: {
11 | 			variant: {
12 | 				default: 'bg-primary text-primary-foreground hover:bg-primary/80',
13 | 				destructive:
14 | 					'bg-destructive text-destructive-foreground hover:bg-destructive/80',
15 | 				outline:
16 | 					'border-input bg-background hover:bg-accent hover:text-accent-foreground border',
17 | 				secondary:
18 | 					'bg-secondary text-secondary-foreground hover:bg-secondary/80',
19 | 				ghost: 'hover:bg-accent hover:text-accent-foreground',
20 | 				link: 'text-primary underline-offset-4 hover:underline',
21 | 			},
22 | 			size: {
23 | 				default: 'h-10 px-4 py-2',
24 | 				wide: 'px-24 py-5',
25 | 				sm: 'h-9 rounded-md px-3',
26 | 				lg: 'h-11 rounded-md px-8',
27 | 				pill: 'px-12 py-3 leading-3',
28 | 				icon: 'size-10',
29 | 			},
30 | 		},
31 | 		defaultVariants: {
32 | 			variant: 'default',
33 | 			size: 'default',
34 | 		},
35 | 	},
36 | )
37 | 
38 | export type ButtonVariant = VariantProps<typeof buttonVariants>
39 | 
40 | const Button = ({
41 | 	className,
42 | 	variant,
43 | 	size,
44 | 	asChild = false,
45 | 	...props
46 | }: React.ComponentProps<'button'> &
47 | 	ButtonVariant & {
48 | 		asChild?: boolean
49 | 	}) => {
50 | 	const Comp = asChild ? Slot : 'button'
51 | 	return (
52 | 		<Comp
53 | 			data-slot="button"
54 | 			className={cn(buttonVariants({ variant, size, className }))}
55 | 			{...props}
56 | 		/>
57 | 	)
58 | }
59 | 
60 | export { Button, buttonVariants }
61 | 


--------------------------------------------------------------------------------
/docs/decisions/035-remove-csrf.md:
--------------------------------------------------------------------------------
 1 | # Remove CSRF
 2 | 
 3 | Date: 2024-01-29
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Read more about the original CSRF decision in [032-csrf.md](./032-csrf.md).
10 | 
11 | Modern browser support for `SameSite: Lax` and our use of that for all cookies
12 | means that cookies are not sent on cross-site requests. This means that CSRF
13 | protection is not needed for our cookies.
14 | 
15 | There are however a few exceptions which motivated the original inclusion of
16 | CSRF:
17 | 
18 | - GET requests are not protected by `SameSite: Lax` and so are vulnerable to
19 |   CSRF attacks. However, we do not have any GET endpoints that perform mutations
20 |   on the server. The only GET endpoints we have are for fetching data and so
21 |   there is no meaningful CSRF attack that could be performed.
22 | - The `POST /login` endpoint does not require cookies at all and so is
23 |   technically vulnerable to CSRF attacks. But anyone who could exploit this
24 |   endpoint would have to know the user's username and password anyway in which
25 |   case they could just log in as the user directly.
26 | 
27 | With the addition of the honeypot field to prevent bots from submitting the
28 | login form, the lack of vulnerability due to the cookie configuration, and the
29 | fact that CSRF adds a bit of complexity to the code, it just doesn't seem worth
30 | it to keep CSRF tokens around.
31 | 
32 | ## Decision
33 | 
34 | Remove CSRF tokens from the codebase.
35 | 
36 | ## Consequences
37 | 
38 | If someone adds a GET request which does mutate state, then this could be an
39 | issue. However, a CSRF token could be added back for that specific mutation.
40 | Also, if the cookie configuration is changed from `Lax` to `None` (useful in
41 | various contexts, but certainly not a good default), then CSRF tokens would need
42 | to be added back. So we'll add a comment to the code for configuring the cookie
43 | mentioning this.
44 | 


--------------------------------------------------------------------------------
/other/svg-icons/question-mark-circled.svg:
--------------------------------------------------------------------------------
 1 | <!-- Downloaded from @radix-ui/icons -->
 2 | <!-- License https://github.com/radix-ui/icons/blob/master/LICENSE -->
 3 | <!-- https://github.com/radix-ui/icons/blob/master/packages/radix-icons/icons/question-mark-circled.svg -->
 4 | <!-- @radix-ui/icons -->
 5 | <!-- https://github.com/radix-ui/icons/blob/master/LICENSE -->
 6 | <svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">
 7 |   <path
 8 |     fill-rule="evenodd"
 9 |     clip-rule="evenodd"
10 |     d="M0.877075 7.49972C0.877075 3.84204 3.84222 0.876892 7.49991 0.876892C11.1576 0.876892 14.1227 3.84204 14.1227 7.49972C14.1227 11.1574 11.1576 14.1226 7.49991 14.1226C3.84222 14.1226 0.877075 11.1574 0.877075 7.49972ZM7.49991 1.82689C4.36689 1.82689 1.82708 4.36671 1.82708 7.49972C1.82708 10.6327 4.36689 13.1726 7.49991 13.1726C10.6329 13.1726 13.1727 10.6327 13.1727 7.49972C13.1727 4.36671 10.6329 1.82689 7.49991 1.82689ZM8.24993 10.5C8.24993 10.9142 7.91414 11.25 7.49993 11.25C7.08571 11.25 6.74993 10.9142 6.74993 10.5C6.74993 10.0858 7.08571 9.75 7.49993 9.75C7.91414 9.75 8.24993 10.0858 8.24993 10.5ZM6.05003 6.25C6.05003 5.57211 6.63511 4.925 7.50003 4.925C8.36496 4.925 8.95003 5.57211 8.95003 6.25C8.95003 6.74118 8.68002 6.99212 8.21447 7.27494C8.16251 7.30651 8.10258 7.34131 8.03847 7.37854L8.03841 7.37858C7.85521 7.48497 7.63788 7.61119 7.47449 7.73849C7.23214 7.92732 6.95003 8.23198 6.95003 8.7C6.95004 9.00376 7.19628 9.25 7.50004 9.25C7.8024 9.25 8.04778 9.00601 8.05002 8.70417L8.05056 8.7033C8.05924 8.6896 8.08493 8.65735 8.15058 8.6062C8.25207 8.52712 8.36508 8.46163 8.51567 8.37436L8.51571 8.37433C8.59422 8.32883 8.68296 8.27741 8.78559 8.21506C9.32004 7.89038 10.05 7.35382 10.05 6.25C10.05 4.92789 8.93511 3.825 7.50003 3.825C6.06496 3.825 4.95003 4.92789 4.95003 6.25C4.95003 6.55376 5.19628 6.8 5.50003 6.8C5.80379 6.8 6.05003 6.55376 6.05003 6.25Z"
11 |     fill="currentColor"
12 |   />
13 | </svg>
14 | 


--------------------------------------------------------------------------------
/app/utils/user-validation.ts:
--------------------------------------------------------------------------------
 1 | import { z } from 'zod'
 2 | 
 3 | export const USERNAME_MIN_LENGTH = 3
 4 | export const USERNAME_MAX_LENGTH = 20
 5 | 
 6 | export const UsernameSchema = z
 7 | 	.string({ required_error: 'Username is required' })
 8 | 	.min(USERNAME_MIN_LENGTH, { message: 'Username is too short' })
 9 | 	.max(USERNAME_MAX_LENGTH, { message: 'Username is too long' })
10 | 	.regex(/^[a-zA-Z0-9_]+$/, {
11 | 		message: 'Username can only include letters, numbers, and underscores',
12 | 	})
13 | 	// users can type the username in any case, but we store it in lowercase
14 | 	.transform((value) => value.toLowerCase())
15 | 
16 | export const PasswordSchema = z
17 | 	.string({ required_error: 'Password is required' })
18 | 	.min(6, { message: 'Password is too short' })
19 | 	// NOTE: bcrypt has a limit of 72 bytes (which should be plenty long)
20 | 	// https://github.com/epicweb-dev/epic-stack/issues/918
21 | 	.refine((val) => new TextEncoder().encode(val).length <= 72, {
22 | 		message: 'Password is too long',
23 | 	})
24 | 
25 | export const NameSchema = z
26 | 	.string({ required_error: 'Name is required' })
27 | 	.min(3, { message: 'Name is too short' })
28 | 	.max(40, { message: 'Name is too long' })
29 | 
30 | export const EmailSchema = z
31 | 	.string({ required_error: 'Email is required' })
32 | 	.email({ message: 'Email is invalid' })
33 | 	.min(3, { message: 'Email is too short' })
34 | 	.max(100, { message: 'Email is too long' })
35 | 	// users can type the email in any case, but we store it in lowercase
36 | 	.transform((value) => value.toLowerCase())
37 | 
38 | export const PasswordAndConfirmPasswordSchema = z
39 | 	.object({ password: PasswordSchema, confirmPassword: PasswordSchema })
40 | 	.superRefine(({ confirmPassword, password }, ctx) => {
41 | 		if (confirmPassword !== password) {
42 | 			ctx.addIssue({
43 | 				path: ['confirmPassword'],
44 | 				code: 'custom',
45 | 				message: 'The passwords must match',
46 | 			})
47 | 		}
48 | 	})
49 | 


--------------------------------------------------------------------------------
/docs/icons.md:
--------------------------------------------------------------------------------
 1 | # Icons
 2 | 
 3 | The Epic Stack uses SVG sprites for
 4 | [optimal icon performance](https://benadam.me/thoughts/react-svg-sprites/).
 5 | You'll find raw SVGs in the `./other/svg-icons` directory. These are then
 6 | compiled into a sprite using the
 7 | [`vite-plugin-icons-spritesheet`](https://github.com/jacobparis-insiders/vite-plugin-icons-spritesheet)
 8 | plugin which generates the `app/components/ui/icons/sprite.svg` file and the
 9 | accompanying `types.ts` file that allows Typescript to pick up the names of the
10 | icons.
11 | 
12 | You can use [Sly](https://github.com/jacobparis-insiders/sly/tree/main/cli) to
13 | add new icons from the command line.
14 | 
15 | To add the `trash`, `pencil-1`, and `avatar` icons, run:
16 | 
17 | ```sh
18 | npx sly add @radix-ui/icons trash pencil-1 avatar
19 | ```
20 | 
21 | If you don't specify the icons, Sly will show an interactive list of all the
22 | icons available in the `@radix-ui/icons` collection and let you select the ones
23 | you want to add.
24 | 
25 | Sly has been configured in the Epic Stack to automatically add the icons to the
26 | `./other/svg-icons` directory, so there are no extra steps to take. You can see
27 | the configuration in the `./other/sly/sly.json` file.
28 | 
29 | The SVGs used by default in the Epic Stack come from
30 | [icons.radix-ui.com](https://icons.radix-ui.com/). You can download additional
31 | SVG icons from there, or provide your own. Once you've added new files in the
32 | directory, run `npm run build` and you can then use the `Icon` component to
33 | render it. The `icon` prop is the name of the file without the `.svg` extension.
34 | We recommend using `kebab-case` filenames rather than `PascalCase` to avoid
35 | casing issues with different operating systems.
36 | 
37 | By default, all the icons will have a height and width of `1em` so they should
38 | match the font-size of the text they're next to. You can also customize the size
39 | using the `size` prop.
40 | 


--------------------------------------------------------------------------------
/.cursor/rules/avoid-use-effect.mdc:
--------------------------------------------------------------------------------
 1 | ---
 2 | description: 
 3 | globs: *.tsx,*.jsx
 4 | alwaysApply: false
 5 | ---
 6 | ### Avoid useEffect
 7 | 
 8 | [You Might Not Need `useEffect`](https://react.dev/learn/you-might-not-need-an-effect)
 9 | 
10 | Instead of using `useEffect`, use ref callbacks, event handlers with
11 | `flushSync`, css, `useSyncExternalStore`, etc.
12 | 
13 | ```tsx
14 | // This example was ripped from the docs:
15 | // ✅ Good
16 | function ProductPage({ product, addToCart }) {
17 | 	function buyProduct() {
18 | 		addToCart(product)
19 | 		showNotification(`Added ${product.name} to the shopping cart!`)
20 | 	}
21 | 
22 | 	function handleBuyClick() {
23 | 		buyProduct()
24 | 	}
25 | 
26 | 	function handleCheckoutClick() {
27 | 		buyProduct()
28 | 		navigateTo('/checkout')
29 | 	}
30 | 	// ...
31 | }
32 | 
33 | useEffect(() => {
34 | 	setCount(count + 1)
35 | }, [count])
36 | 
37 | // ❌ Avoid
38 | function ProductPage({ product, addToCart }) {
39 | 	useEffect(() => {
40 | 		if (product.isInCart) {
41 | 			showNotification(`Added ${product.name} to the shopping cart!`)
42 | 		}
43 | 	}, [product])
44 | 
45 | 	function handleBuyClick() {
46 | 		addToCart(product)
47 | 	}
48 | 
49 | 	function handleCheckoutClick() {
50 | 		addToCart(product)
51 | 		navigateTo('/checkout')
52 | 	}
53 | 	// ...
54 | }
55 | ```
56 | 
57 | There are a lot more examples in the docs. `useEffect` is not banned or
58 | anything. There are just better ways to handle most cases.
59 | 
60 | Here's an example of a situation where `useEffect` is appropriate:
61 | 
62 | ```tsx
63 | // ✅ Good
64 | useEffect(() => {
65 | 	const controller = new AbortController()
66 | 
67 | 	window.addEventListener(
68 | 		'keydown',
69 | 		(event: KeyboardEvent) => {
70 | 			if (event.key !== 'Escape') return
71 | 
72 | 			// do something based on escape key being pressed
73 | 		},
74 | 		{ signal: controller.signal },
75 | 	)
76 | 
77 | 	return () => {
78 | 		controller.abort()
79 | 	}
80 | }, [])
81 | ```
82 | 


--------------------------------------------------------------------------------
/docs/decisions/038-remove-cleanup-db.md:
--------------------------------------------------------------------------------
 1 | # Remove Cleanup DB
 2 | 
 3 | Date: 2024-10-28
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | We have a utility called `cleanupDb` that removes all tables from the database
10 | except for prisma migration tables. The reference to prisma migration tables is
11 | unfortunate because those are an implementation detail that we should not have
12 | to think about.
13 | 
14 | The goal of `cleanupDb` was to make it easy for tests to reset the database
15 | without having to run `prisma migrate reset` which is too slow for lower level
16 | tests.
17 | 
18 | We also used `cleanupDb` in the seed file to reset the database before seeding
19 | it.
20 | 
21 | However, after a lot of work on the tests, we found a much simpler solution to
22 | resetting the database between tests: simply copy/paste the `base.db` file
23 | (which is a fresh database) to `test.db` before each test. We were already doing
24 | this before all the tests. It takes nanoseconds and is much simpler.
25 | 
26 | For the seed script, it's nice to have the database be completely reset when
27 | running `prisma db seed` (in fact, our seed expects the database to be empty),
28 | but you can get the same behavior as our current `seed` with a fresh database by
29 | running `prisma migrate reset` (which runs the seed script after resetting the
30 | database).
31 | 
32 | It would be nice to ditch the implementation detail of prisma's tables, so we'd
33 | like to remove this utility.
34 | 
35 | ## Decision
36 | 
37 | Remove the `cleanupDb` utility and update our CI to run `prisma migrate reset`
38 | instead of `prisma db seed`.
39 | 
40 | ## Consequences
41 | 
42 | Running `prisma db seed` will fail because the seed script expects the database
43 | to be empty. We could address this by using upsert or something, but really
44 | people should just run `prisma migrate reset` to seed the database (which is
45 | effectively what we used to do before removing `cleanupDb`).
46 | 


--------------------------------------------------------------------------------
/tests/mocks/utils.ts:
--------------------------------------------------------------------------------
 1 | import path from 'node:path'
 2 | import { fileURLToPath } from 'node:url'
 3 | import fsExtra from 'fs-extra'
 4 | import { z } from 'zod'
 5 | 
 6 | const __dirname = path.dirname(fileURLToPath(import.meta.url))
 7 | const fixturesDirPath = path.join(__dirname, '..', 'fixtures')
 8 | 
 9 | export async function readFixture(subdir: string, name: string) {
10 | 	return fsExtra.readJSON(path.join(fixturesDirPath, subdir, `${name}.json`))
11 | }
12 | 
13 | export async function createFixture(
14 | 	subdir: string,
15 | 	name: string,
16 | 	data: unknown,
17 | ) {
18 | 	const dir = path.join(fixturesDirPath, subdir)
19 | 	await fsExtra.ensureDir(dir)
20 | 	return fsExtra.writeJSON(path.join(dir, `./${name}.json`), data)
21 | }
22 | 
23 | export const EmailSchema = z.object({
24 | 	to: z.string(),
25 | 	from: z.string(),
26 | 	subject: z.string(),
27 | 	text: z.string(),
28 | 	html: z.string(),
29 | })
30 | 
31 | export async function writeEmail(rawEmail: unknown) {
32 | 	const email = EmailSchema.parse(rawEmail)
33 | 	await createFixture('email', email.to, email)
34 | 	return email
35 | }
36 | 
37 | export async function requireEmail(recipient: string) {
38 | 	const email = await readEmail(recipient)
39 | 	if (!email) throw new Error(`Email to ${recipient} not found`)
40 | 	return email
41 | }
42 | 
43 | export async function readEmail(recipient: string) {
44 | 	try {
45 | 		const email = await readFixture('email', recipient)
46 | 		return EmailSchema.parse(email)
47 | 	} catch (error) {
48 | 		console.error(`Error reading email`, error)
49 | 		return null
50 | 	}
51 | }
52 | 
53 | export function requireHeader(headers: Headers, header: string) {
54 | 	if (!headers.has(header)) {
55 | 		const headersString = JSON.stringify(
56 | 			Object.fromEntries(headers.entries()),
57 | 			null,
58 | 			2,
59 | 		)
60 | 		throw new Error(
61 | 			`Header "${header}" required, but not found in ${headersString}`,
62 | 		)
63 | 	}
64 | 	return headers.get(header)
65 | }
66 | 


--------------------------------------------------------------------------------
/docs/README.md:
--------------------------------------------------------------------------------
 1 | # Epic Stack Documentation
 2 | 
 3 | The goal of The Epic Stack is to provide solid opinions for teams to hit the
 4 | ground running on their web applications.
 5 | 
 6 | We recommend you watch Kent's introduction to the Epic Stack to get an
 7 | understanding of the "why" behind the Stack:
 8 | 
 9 | [![Epic Stack Talk slide showing Flynn Rider with knives, the text "I've been around and I've got opinions" and Kent speaking in the corner](https://github-production-user-asset-6210df.s3.amazonaws.com/1500684/277818553-47158e68-4efc-43ae-a477-9d1670d4217d.png)](https://www.epicweb.dev/talks/the-epic-stack)
10 | 
11 | More of a reader? Read [the announcement post](https://epicweb.dev/epic-stack)
12 | or
13 | [an AI generated summary of the video](https://www.summarize.tech/www.youtube.com/watch?v=yMK5SVRASxM).
14 | 
15 | This stack is still under active development. Documentation will rapidly improve
16 | in the coming weeks. Stay tuned!
17 | 
18 | # Top Pages
19 | 
20 | - [Getting Started](./getting-started.md) - Instructions for how to get started
21 |   with the Epic Stack.
22 | - [Features](./features.md) - List of features the Epic Stack provides out of
23 |   the box.
24 | - [Deployment](./deployment.md) - If you skip the deployment step when starting
25 |   your app, these are the manual steps you can follow to get things up and
26 |   running.
27 | - [Decisions](./decisions/README.md) - The reasoning behind various decisions
28 |   made for the Epic Stack. A good historical record.
29 | - [Guiding Principles](./guiding-principles.md) - The guiding principles behind
30 |   the Epic Stack.
31 | - [Examples](./examples.md) - Examples of the Epic Stack with various tools.
32 |   Most new feature requests people have for the Epic Stack start as examples
33 |   before being integrated into the framework.
34 | - [Managing Updates](./managing-updates.md) - How to manage updates to the Epic
35 |   Stack for both the generated stack code as well as npm dependencies.
36 | 


--------------------------------------------------------------------------------
/docs/toasts.md:
--------------------------------------------------------------------------------
 1 | # Toasts
 2 | 
 3 | Toast messages are great ways to temporarily call someone's attention to
 4 | something. They are often used to notify users of a successful or failed action.
 5 | 
 6 | ![toasts](https://github.com/epicweb-dev/epic-stack/assets/1500684/715d754a-9e9f-4b61-814f-881121f2fa48)
 7 | 
 8 | There are utilities in the Epic Stack for toast notifications.
 9 | 
10 | This is managed by a special session using a concept called "flash data" which
11 | is a temporary session value that is only available for the next request. This
12 | is a great way to pass data to the next request without having to worry about
13 | the data persisting in the session. And you don't have to worry about managing
14 | state either. It all just lives in the cookie.
15 | 
16 | The primary utility you'll use for redirecting with toast notifications is
17 | `redirectWithToast` from `app/utils/toast.server.ts`. Here's a simple example of
18 | using this:
19 | 
20 | ```tsx
21 | return redirectWithToast(`/users/${note.owner.username}/notes/${note.id}`, {
22 | 	description: id ? 'Note updated' : 'Note created',
23 | })
24 | ```
25 | 
26 | This accepts an additional argument for other `ResponseInit` options so you can
27 | set other headers, etc.
28 | 
29 | If you don't wish to redirect, you could use the underlying `createToastHeaders`
30 | directly:
31 | 
32 | ```tsx
33 | return json(
34 | 	{ success: true },
35 | 	{
36 | 		headers: await createToastHeaders({
37 | 			description: 'Note updated',
38 | 			type: 'success',
39 | 		}),
40 | 	},
41 | )
42 | ```
43 | 
44 | And if you need to set multiple headers, you can use the `combineHeaders`
45 | utility from `app/utils/misc.tsx`:
46 | 
47 | ```tsx
48 | return json(
49 | 	{ success: true },
50 | 	{
51 | 		headers: combineHeaders(
52 | 			await createToastHeaders({
53 | 				toast: {
54 | 					description: 'Note updated',
55 | 					type: 'success',
56 | 				},
57 | 			}),
58 | 			{ 'x-foo': 'bar' },
59 | 		),
60 | 	},
61 | )
62 | ```
63 | 


--------------------------------------------------------------------------------
/docs/guiding-principles.md:
--------------------------------------------------------------------------------
 1 | # Epic Stack Guiding Principles
 2 | 
 3 | Decisions about the Epic Stack should be guided by the following guiding
 4 | principles:
 5 | 
 6 | - **Limit Services:** If we can reasonably build, deploy, maintain it ourselves,
 7 |   do it. Additionally, if we can reasonably run it within our app instance, do
 8 |   it. This saves on cost and reduces complexity.
 9 | - **Include Only Most Common Use Cases:** As a project generator, it is expected
10 |   that some code will necessarily be deleted, but implementing support for every
11 |   possible type of feature is literally impossible. _The starter app is not
12 |   docs_, so to demonstrate a feature or give an example, put that in the docs
13 |   instead of in the starter app.
14 | - **Minimize Setup Friction:** Try to keep the amount of time it takes to get an
15 |   app to production as small as possible. If a service is necessary, see if we
16 |   can defer signup for that service until its services are actually required.
17 |   Additionally, while the target audience for this stack is apps that need scale
18 |   you have to pay for, we try to fit within the free tier of any services used
19 |   during the exploration phase.
20 | - **Optimize for Adaptability:** While we feel great about our opinions,
21 |   ever-changing product requirements sometimes necessitate swapping trade-offs.
22 |   So while we try to keep things simple, we want to ensure teams using the Epic
23 |   Stack are able to adapt by switching between third party services to
24 |   custom-built services and vice-versa.
25 | - **Only one way:** Avoid providing more than one way to do the same thing. This
26 |   applies to both the pre-configured code and the documentation.
27 | - **Offline Development:** We want to enable offline development as much as
28 |   possible. Naturally we need to use third party services for some things (like
29 |   email), but for those we'll strive to provide a way to mock them out for local
30 |   development.
31 | 


--------------------------------------------------------------------------------
/app/utils/toast.server.ts:
--------------------------------------------------------------------------------
 1 | import { createId as cuid } from '@paralleldrive/cuid2'
 2 | import { createCookieSessionStorage, redirect } from 'react-router'
 3 | import { z } from 'zod'
 4 | import { combineHeaders } from './misc.tsx'
 5 | 
 6 | export const toastKey = 'toast'
 7 | 
 8 | const ToastSchema = z.object({
 9 | 	description: z.string(),
10 | 	id: z.string().default(() => cuid()),
11 | 	title: z.string().optional(),
12 | 	type: z.enum(['message', 'success', 'error']).default('message'),
13 | })
14 | 
15 | export type Toast = z.infer<typeof ToastSchema>
16 | export type ToastInput = z.input<typeof ToastSchema>
17 | 
18 | export const toastSessionStorage = createCookieSessionStorage({
19 | 	cookie: {
20 | 		name: 'en_toast',
21 | 		sameSite: 'lax',
22 | 		path: '/',
23 | 		httpOnly: true,
24 | 		secrets: process.env.SESSION_SECRET.split(','),
25 | 		secure: process.env.NODE_ENV === 'production',
26 | 	},
27 | })
28 | 
29 | export async function redirectWithToast(
30 | 	url: string,
31 | 	toast: ToastInput,
32 | 	init?: ResponseInit,
33 | ) {
34 | 	return redirect(url, {
35 | 		...init,
36 | 		headers: combineHeaders(init?.headers, await createToastHeaders(toast)),
37 | 	})
38 | }
39 | 
40 | export async function createToastHeaders(toastInput: ToastInput) {
41 | 	const session = await toastSessionStorage.getSession()
42 | 	const toast = ToastSchema.parse(toastInput)
43 | 	session.flash(toastKey, toast)
44 | 	const cookie = await toastSessionStorage.commitSession(session)
45 | 	return new Headers({ 'set-cookie': cookie })
46 | }
47 | 
48 | export async function getToast(request: Request) {
49 | 	const session = await toastSessionStorage.getSession(
50 | 		request.headers.get('cookie'),
51 | 	)
52 | 	const result = ToastSchema.safeParse(session.get(toastKey))
53 | 	const toast = result.success ? result.data : null
54 | 	return {
55 | 		toast,
56 | 		headers: toast
57 | 			? new Headers({
58 | 					'set-cookie': await toastSessionStorage.destroySession(session),
59 | 				})
60 | 			: null,
61 | 	}
62 | }
63 | 


--------------------------------------------------------------------------------
/docs/decisions/002-email-service.md:
--------------------------------------------------------------------------------
 1 | # Email Service
 2 | 
 3 | Date: 2023-05-08
 4 | 
 5 | Status: superseded by [017](017-resend-email.md)
 6 | 
 7 | ## Context
 8 | 
 9 | When you're building a web application, you almost always need to send emails
10 | for various reasons. Packages like `nodemailer` make it quite easy to send your
11 | own emails through your own mailserver or a third party's SMTP server as well.
12 | 
13 | Unfortunately,
14 | [deliverability will suffer if you're not using a service](https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html).
15 | The TL;DR is you either dedicate your company's complete resources to "play the
16 | game" of email deliverability, or you use a service that does. Otherwise, your
17 | emails won't reliably make it through spam filters (and in some cases it can
18 | just get deleted altogether).
19 | 
20 | [The guiding principles](https://github.com/epicweb-dev/epic-stack/blob/main/docs/guiding-principles.md)
21 | discourage services and encourage quick setup.
22 | 
23 | ## Decision
24 | 
25 | We will use a service for sending email. If emails don't get delivered then it
26 | defeats the whole purpose of sending email.
27 | 
28 | We selected [Mailgun](https://www.mailgun.com/) because it has a generous free
29 | tier and has proven itself in production. However, to help with quick setup, we
30 | will allow deploying to production without the Mailgun environment variables set
31 | and will instead log the email to the console so during the experimentation
32 | phase, developers can still read the emails that would have been sent.
33 | 
34 | During local development, the Mailgun APIs are mocked and logged in the terminal
35 | as well as saved to the fixtures directory for tests to reference.
36 | 
37 | ## Consequences
38 | 
39 | Developers will need to either sign up for Mailgun or update the email code to
40 | use another service if they prefer. Emails will actually reach their
41 | destination.
42 | 


--------------------------------------------------------------------------------
/docs/decisions/010-memory-swap.md:
--------------------------------------------------------------------------------
 1 | # Memory Swap
 2 | 
 3 | Date: 2023-06-02
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Node.js based apps can use a lot of memory. And while we can scale up the memory
10 | on the instances that run your app, we can't scale it up infinitely. Especially
11 | when we want to be cost sensitive. So we need to be able to handle the case
12 | where your app uses more memory than is available on the instance. A solution to
13 | this is to use swap memory.
14 | 
15 | Swap memory is a way to use disk space as memory. It's not as fast as real
16 | memory, but it's better than crashing. And it's a lot cheaper than scaling up
17 | the memory on your instances. It makes sense for many types of apps (even at
18 | scale) to use swap memory. Especially for apps just getting off the ground,
19 | making use of swap memory can be a great way to keep costs down.
20 | 
21 | Because our app is running in a container with a mounted volume, we can't use
22 | the normal swap memory mechanisms. Instead, we need to use a swap file. This
23 | means we need to create a file on the mounted volume and then use that file as
24 | swap memory using `fallocate`, `mkswap`, and `swapon`.
25 | 
26 | Size of the swap file is pretty subjective to the application and situation. The
27 | Epic Stack app memory starts at 256MB on Fly. Based on that amount of memory, a
28 | good rule of thumb for the size of the swap file is 2-4x the size of memory,
29 | which would put the swap file at 512MB-1GB (for a 2GB+ RAM system, you typically
30 | want the swap file to be the same size as the memory). Considering our volumes
31 | are set to 1GB for starters, we'll start with a 512MB swap file.
32 | 
33 | ## Decision
34 | 
35 | During app startup, we'll create a swap file on the mounted volume and then use
36 | that file as swap memory for the application.
37 | 
38 | ## Consequences
39 | 
40 | In high utilization situations, we will have degraded performance instead of a
41 | crash. This is a good tradeoff for most apps.
42 | 


--------------------------------------------------------------------------------
/app/components/progress-bar.tsx:
--------------------------------------------------------------------------------
 1 | import { useEffect, useRef, useState } from 'react'
 2 | import { useNavigation } from 'react-router'
 3 | import { useSpinDelay } from 'spin-delay'
 4 | import { cn } from '#app/utils/misc.tsx'
 5 | import { Icon } from './ui/icon.tsx'
 6 | 
 7 | function EpicProgress() {
 8 | 	const transition = useNavigation()
 9 | 	const busy = transition.state !== 'idle'
10 | 	const delayedPending = useSpinDelay(busy, {
11 | 		delay: 600,
12 | 		minDuration: 400,
13 | 	})
14 | 	const ref = useRef<HTMLDivElement>(null)
15 | 	const [animationComplete, setAnimationComplete] = useState(true)
16 | 
17 | 	useEffect(() => {
18 | 		if (!ref.current) return
19 | 		if (delayedPending) setAnimationComplete(false)
20 | 
21 | 		const animationPromises = ref.current
22 | 			.getAnimations()
23 | 			.map(({ finished }) => finished)
24 | 
25 | 		void Promise.allSettled(animationPromises).then(() => {
26 | 			if (!delayedPending) setAnimationComplete(true)
27 | 		})
28 | 	}, [delayedPending])
29 | 
30 | 	return (
31 | 		<div
32 | 			role="progressbar"
33 | 			aria-hidden={delayedPending ? undefined : true}
34 | 			aria-valuetext={delayedPending ? 'Loading' : undefined}
35 | 			className="fixed inset-x-0 top-0 z-50 h-[0.20rem] animate-pulse"
36 | 		>
37 | 			<div
38 | 				ref={ref}
39 | 				className={cn(
40 | 					'bg-foreground h-full w-0 duration-500 ease-in-out',
41 | 					transition.state === 'idle' &&
42 | 						(animationComplete
43 | 							? 'transition-none'
44 | 							: 'w-full opacity-0 transition-all'),
45 | 					delayedPending && transition.state === 'submitting' && 'w-5/12',
46 | 					delayedPending && transition.state === 'loading' && 'w-8/12',
47 | 				)}
48 | 			/>
49 | 			{delayedPending && (
50 | 				<div className="absolute flex items-center justify-center">
51 | 					<Icon
52 | 						name="update"
53 | 						size="md"
54 | 						className="text-foreground m-1 animate-spin"
55 | 						aria-hidden
56 | 					/>
57 | 				</div>
58 | 			)}
59 | 		</div>
60 | 	)
61 | }
62 | 
63 | export { EpicProgress }
64 | 


--------------------------------------------------------------------------------
/docs/decisions/041-image-optimization.md:
--------------------------------------------------------------------------------
 1 | # Introduce Image Optimization
 2 | 
 3 | Date: 2025-02-19
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | As documented in [018-images.md](./018-images.md), the Epic Stack previously
10 | didn't implement image optimization. Both static app images and dynamic user
11 | images were served as is. However, optimizing images significantly improves web
12 | performance by reducing both the browser load time and the byte size of each
13 | image. On the other hand, one of the guiding principles of the Epic Stack is to
14 | limit services (including the self-managed variety). A great middle ground is to
15 | integrate a simple image optimization solution directly into the web server.
16 | This allows each Epic Stack app to immediately utilize image optimization and
17 | serve better web experiences without prescribing a service.
18 | 
19 | On-demand image optimization with a image optimization endpoint should be
20 | sufficient for most applications and provide value right out of the gate.
21 | However, it is also important that upgrading to a dedicated service shouldn't be
22 | overly complicated and require a ton of changes.
23 | 
24 | ### Using openimg
25 | 
26 | The goal of openimg is to be easy to use but also highly configurable, so you
27 | can reconfigure it (or replace it) as your app grows. We can start simple by
28 | introducing a new image optimization endpoint and replace `img` elements with
29 | the `Img` component.
30 | 
31 | ## Decision
32 | 
33 | Introduce an image optimization endpoint using the
34 | [openimg package](https://github.com/andrelandgraf/openimg). We can then use the
35 | `Img` component to query for optimized images and iterate from there.
36 | 
37 | ## Consequences
38 | 
39 | Serving newly added images will now lead to an image optimization step whenever
40 | a cache miss happens. This increases the image laod time but greatly reduces the
41 | images sizes. On further requests, the load time should also be improved due to
42 | the decreased image sizes.
43 | 


--------------------------------------------------------------------------------
/app/routes/admin/cache/sqlite.server.ts:
--------------------------------------------------------------------------------
 1 | import { redirect } from 'react-router'
 2 | import { z } from 'zod'
 3 | import { cache } from '#app/utils/cache.server.ts'
 4 | import {
 5 | 	getInstanceInfo,
 6 | 	getInternalInstanceDomain,
 7 | } from '#app/utils/litefs.server.ts'
 8 | import { type Route } from './+types/sqlite.ts'
 9 | 
10 | export async function updatePrimaryCacheValue({
11 | 	key,
12 | 	cacheValue,
13 | }: {
14 | 	key: string
15 | 	cacheValue: any
16 | }) {
17 | 	const { currentIsPrimary, primaryInstance } = await getInstanceInfo()
18 | 	if (currentIsPrimary) {
19 | 		throw new Error(
20 | 			`updatePrimaryCacheValue should not be called on the primary instance (${primaryInstance})}`,
21 | 		)
22 | 	}
23 | 	const domain = getInternalInstanceDomain(primaryInstance)
24 | 	const token = process.env.INTERNAL_COMMAND_TOKEN
25 | 	return fetch(`${domain}/admin/cache/sqlite`, {
26 | 		method: 'POST',
27 | 		headers: {
28 | 			Authorization: `Bearer ${token}`,
29 | 			'Content-Type': 'application/json',
30 | 		},
31 | 		body: JSON.stringify({ key, cacheValue }),
32 | 	})
33 | }
34 | 
35 | export async function action({ request }: Route.ActionArgs) {
36 | 	const { currentIsPrimary, primaryInstance } = await getInstanceInfo()
37 | 	if (!currentIsPrimary) {
38 | 		throw new Error(
39 | 			`${request.url} should only be called on the primary instance (${primaryInstance})}`,
40 | 		)
41 | 	}
42 | 	const token = process.env.INTERNAL_COMMAND_TOKEN
43 | 	const isAuthorized =
44 | 		request.headers.get('Authorization') === `Bearer ${token}`
45 | 	if (!isAuthorized) {
46 | 		// nah, you can't be here...
47 | 		return redirect('https://www.youtube.com/watch?v=dQw4w9WgXcQ')
48 | 	}
49 | 	const { key, cacheValue } = z
50 | 		.object({ key: z.string(), cacheValue: z.unknown().optional() })
51 | 		.parse(await request.json())
52 | 	if (cacheValue === undefined) {
53 | 		await cache.delete(key)
54 | 	} else {
55 | 		// @ts-expect-error - we don't reliably know the type of cacheValue
56 | 		await cache.set(key, cacheValue)
57 | 	}
58 | 	return { success: true }
59 | }
60 | 


--------------------------------------------------------------------------------
/docs/seo.md:
--------------------------------------------------------------------------------
 1 | # SEO
 2 | 
 3 | Remix has built-in support for setting up `meta` tags on a per-route basis which
 4 | you can read about
 5 | [in the Remix Metadata docs](https://remix.run/docs/en/main/route/meta).
 6 | 
 7 | The Epic Stack also has built-in support for `/robots.txt` and `/sitemap.xml`
 8 | via [resource routes](https://remix.run/docs/en/main/guides/resource-routes)
 9 | using [`@nasa-gcn/remix-seo`](https://github.com/nasa-gcn/remix-seo). By
10 | default, all routes are included in the `sitemap.xml` file, but you can
11 | configure which routes are included using the `handle` export in the route. Only
12 | public-facing pages should be included in the `sitemap.xml` file.
13 | 
14 | Here are two quick examples of how to customize the sitemap on a per-route basis
15 | from the `@nasa-gcn/remix-seo` docs:
16 | 
17 | ```tsx
18 | // routes/blog/_layout.tsx
19 | import { type SEOHandle } from '@nasa-gcn/remix-seo'
20 | import { serverOnly$ } from 'vite-env-only/macros'
21 | 
22 | export const handle: SEOHandle = {
23 | 	getSitemapEntries: serverOnly$(async (request) => {
24 | 		const blogs = await db.blog.findMany()
25 | 		return blogs.map((blog) => {
26 | 			return { route: `/blog/${blog.slug}`, priority: 0.7 }
27 | 		})
28 | 	}),
29 | }
30 | ```
31 | 
32 | Note the use of
33 | [`vite-env-only/macros`](https://github.com/pcattori/vite-env-only). This is
34 | because `handle` is a route export object that goes in both the client as well
35 | as the server, but our sitemap function should only be run on the server. So we
36 | use `vite-env-only/macros` to make sure the function is removed for the client
37 | build. Support for this is pre-configured in the `vite.config.ts` file.
38 | 
39 | ```tsx
40 | // in your routes/url-that-doesnt-need-sitemap
41 | import { type SEOHandle } from '@nasa-gcn/remix-seo'
42 | import { type Route } from './+types/sitemap[.]xml.ts'
43 | 
44 | export async function loader({ request }: Route.LoaderArgs) {
45 | 	/**/
46 | }
47 | 
48 | export const handle: SEOHandle = {
49 | 	getSitemapEntries: () => null,
50 | }
51 | ```
52 | 


--------------------------------------------------------------------------------
/app/routes/_marketing/+logos/remix.svg:
--------------------------------------------------------------------------------
 1 | <svg width="800" height="800" viewBox="0 0 800 800" fill="none" xmlns="http://www.w3.org/2000/svg">
 2 | <rect width="800" height="800" fill="#212121"/>
 3 | <g filter="url(#filter0_dd_126_53)">
 4 | <path fill-rule="evenodd" clip-rule="evenodd" d="M587.947 527.768C592.201 582.418 592.201 608.036 592.201 636H465.756C465.756 629.909 465.865 624.337 465.975 618.687C466.317 601.123 466.674 582.807 463.828 545.819C460.067 491.667 436.748 479.634 393.871 479.634H355.883H195V381.109H399.889C454.049 381.109 481.13 364.633 481.13 321.011C481.13 282.654 454.049 259.41 399.889 259.41H195V163H422.456C545.069 163 606 220.912 606 313.42C606 382.613 563.123 427.739 505.201 435.26C554.096 445.037 582.681 472.865 587.947 527.768Z" fill="#E8F2FF"/>
 5 | <path d="M195 636V562.553H328.697C351.029 562.553 355.878 579.116 355.878 588.994V636H195Z" fill="#E8F2FF"/>
 6 | </g>
 7 | <defs>
 8 | <filter id="filter0_dd_126_53" x="131" y="99" width="539" height="601" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
 9 | <feFlood flood-opacity="0" result="BackgroundImageFix"/>
10 | <feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
11 | <feOffset/>
12 | <feGaussianBlur stdDeviation="28"/>
13 | <feComposite in2="hardAlpha" operator="out"/>
14 | <feColorMatrix type="matrix" values="0 0 0 0 0.223529 0 0 0 0 0.572549 0 0 0 0 1 0 0 0 1 0"/>
15 | <feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_126_53"/>
16 | <feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
17 | <feOffset/>
18 | <feGaussianBlur stdDeviation="32"/>
19 | <feComposite in2="hardAlpha" operator="out"/>
20 | <feColorMatrix type="matrix" values="0 0 0 0 0.223529 0 0 0 0 0.572549 0 0 0 0 1 0 0 0 0.9 0"/>
21 | <feBlend mode="normal" in2="effect1_dropShadow_126_53" result="effect2_dropShadow_126_53"/>
22 | <feBlend mode="normal" in="SourceGraphic" in2="effect2_dropShadow_126_53" result="shape"/>
23 | </filter>
24 | </defs>
25 | </svg>
26 | 


--------------------------------------------------------------------------------
/docs/timezone.md:
--------------------------------------------------------------------------------
 1 | # Timezones
 2 | 
 3 | Server rendering timezones has always been a pain. This is because the server
 4 | doesn't know the user's timezone. It only knows the timezone of the server. So
 5 | lots of people will take the easy way out and do one of the following
 6 | workarounds:
 7 | 
 8 | - Just render in UTC: Not great because it's not the user's timezone
 9 | - Render in the server's timezone: Not great because it's not the user's
10 |   timezone
11 | - Render in the server's timezone, and hydrate in the client's timezone: Not
12 |   great because it causes a flash of incorrect content (and a hydration error
13 |   unless you add `suppressHydrationWarning={true}` to the element)
14 | - Don't render the time on the server at all: Not great because it's a flash of
15 |   incomplete content (and no, fading it in does not count).
16 | - Only render the time from user interaction: Sometimes this is fine, but often
17 |   you're just compromising on UX and you know it.
18 | 
19 | Thanks to the Epic Stack's built-in support for
20 | [client hints](./client-hints.md), we can do better! We have a client hint set
21 | up for the user's timezone. This means you can render the time on the server in
22 | the user's timezone, and hydrate it in the user's timezone, without any flash of
23 | incorrect content or hydration errors.
24 | 
25 | You can use this in a few ways. In server-side only code,
26 | `getHints(request).timeZone` will be what you're looking for. In UI code, you
27 | can use `useHints().timeZone` to get the user's timezone.
28 | 
29 | For the server-side code, we have a `getDateTimeFormat` utility uses to give you
30 | a
31 | [`DateTimeFormat`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Intl/DateTimeFormat)
32 | object that is in the user's timezone (it also uses the standard
33 | `accept-language` header to determine the user's preferred locale).
34 | 
35 | If you'd prefer to use a library for formatting dates and times, feel free to
36 | simply access the timezone from the hints and use it with your library of
37 | choice.
38 | 


--------------------------------------------------------------------------------
/app/components/ui/input-otp.tsx:
--------------------------------------------------------------------------------
 1 | import { OTPInput, OTPInputContext } from 'input-otp'
 2 | import * as React from 'react'
 3 | 
 4 | import { cn } from '#app/utils/misc.tsx'
 5 | 
 6 | const InputOTP = ({
 7 | 	className,
 8 | 	containerClassName,
 9 | 	...props
10 | }: React.ComponentProps<typeof OTPInput>) => (
11 | 	<OTPInput
12 | 		inputMode="text"
13 | 		data-slot="input-otp"
14 | 		containerClassName={cn(
15 | 			'flex items-center gap-2 has-disabled:opacity-50',
16 | 			containerClassName,
17 | 		)}
18 | 		className={cn('disabled:cursor-not-allowed', className)}
19 | 		{...props}
20 | 	/>
21 | )
22 | 
23 | const InputOTPGroup = ({
24 | 	className,
25 | 	...props
26 | }: React.ComponentProps<'div'>) => (
27 | 	<div
28 | 		data-slot="input-otp-group"
29 | 		className={cn('flex items-center', className)}
30 | 		{...props}
31 | 	/>
32 | )
33 | 
34 | const InputOTPSlot = ({
35 | 	index,
36 | 	className,
37 | 	...props
38 | }: React.ComponentProps<'div'> & {
39 | 	index: number
40 | }) => {
41 | 	const inputOTPContext = React.useContext(OTPInputContext)
42 | 	const slot = inputOTPContext.slots[index]
43 | 	if (!slot) throw new Error('Invalid slot index')
44 | 	const { char, hasFakeCaret, isActive } = slot
45 | 
46 | 	return (
47 | 		<div
48 | 			data-slot="input-otp-slot"
49 | 			className={cn(
50 | 				'border-input relative flex size-10 items-center justify-center border-y border-r text-base transition-all first:rounded-l-md first:border-l last:rounded-r-md md:text-sm',
51 | 				isActive && 'ring-ring ring-offset-background z-10 ring-2',
52 | 				className,
53 | 			)}
54 | 			{...props}
55 | 		>
56 | 			{char}
57 | 			{hasFakeCaret && (
58 | 				<div className="pointer-events-none absolute inset-0 flex items-center justify-center">
59 | 					<div className="animate-caret-blink bg-foreground h-4 w-px duration-1000" />
60 | 				</div>
61 | 			)}
62 | 		</div>
63 | 	)
64 | }
65 | 
66 | const InputOTPSeparator = (props: React.ComponentProps<'div'>) => (
67 | 	<div data-slot="input-otp-separator" className="flex-1" {...props}></div>
68 | )
69 | 
70 | export { InputOTP, InputOTPGroup, InputOTPSlot, InputOTPSeparator }
71 | 


--------------------------------------------------------------------------------
/app/components/ui/status-button.tsx:
--------------------------------------------------------------------------------
 1 | import { useSpinDelay } from 'spin-delay'
 2 | import { cn } from '#app/utils/misc.tsx'
 3 | import { Button, type ButtonVariant } from './button.tsx'
 4 | import { Icon } from './icon.tsx'
 5 | import {
 6 | 	Tooltip,
 7 | 	TooltipContent,
 8 | 	TooltipProvider,
 9 | 	TooltipTrigger,
10 | } from './tooltip.tsx'
11 | 
12 | export const StatusButton = ({
13 | 	message,
14 | 	status,
15 | 	className,
16 | 	children,
17 | 	spinDelay,
18 | 	...props
19 | }: React.ComponentProps<'button'> &
20 | 	ButtonVariant & {
21 | 		status: 'pending' | 'success' | 'error' | 'idle'
22 | 		message?: string | null
23 | 		spinDelay?: Parameters<typeof useSpinDelay>[1]
24 | 	}) => {
25 | 	const delayedPending = useSpinDelay(status === 'pending', {
26 | 		delay: 400,
27 | 		minDuration: 300,
28 | 		...spinDelay,
29 | 	})
30 | 	const companion = {
31 | 		pending: delayedPending ? (
32 | 			<div
33 | 				role="status"
34 | 				className="inline-flex size-6 items-center justify-center"
35 | 			>
36 | 				<Icon name="update" className="animate-spin" title="loading" />
37 | 			</div>
38 | 		) : null,
39 | 		success: (
40 | 			<div
41 | 				role="status"
42 | 				className="inline-flex size-6 items-center justify-center"
43 | 			>
44 | 				<Icon name="check" title="success" />
45 | 			</div>
46 | 		),
47 | 		error: (
48 | 			<div
49 | 				role="status"
50 | 				className="bg-destructive inline-flex size-6 items-center justify-center rounded-full"
51 | 			>
52 | 				<Icon
53 | 					name="cross-1"
54 | 					className="text-destructive-foreground"
55 | 					title="error"
56 | 				/>
57 | 			</div>
58 | 		),
59 | 		idle: null,
60 | 	}[status]
61 | 
62 | 	return (
63 | 		<Button className={cn('flex justify-center gap-4', className)} {...props}>
64 | 			<div>{children}</div>
65 | 			{message ? (
66 | 				<TooltipProvider>
67 | 					<Tooltip>
68 | 						<TooltipTrigger>{companion}</TooltipTrigger>
69 | 						<TooltipContent>{message}</TooltipContent>
70 | 					</Tooltip>
71 | 				</TooltipProvider>
72 | 			) : (
73 | 				companion
74 | 			)}
75 | 		</Button>
76 | 	)
77 | }
78 | StatusButton.displayName = 'Button'
79 | 


--------------------------------------------------------------------------------
/docs/decisions/023-route-based-dialogs.md:
--------------------------------------------------------------------------------
 1 | # Route-based Dialogs (aka Modals)
 2 | 
 3 | Date: 2023-07-14
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | Dialogs (also known as modals) are often a crutch for poor UX design. They are
10 | often used when you haven't thought through the design of the page within the
11 | context of the user's intentions.
12 | 
13 | They aren't always bad though. Sometimes they are useful to provide a
14 | confirmation step before a destructive action. For this we already have the
15 | `useDoubleCheck` hook which makes it easier to help the user confirm their
16 | action, but using a dialog gives you the opportunity to explain to the user a
17 | bit more before the action is completed.
18 | 
19 | However, using Dialogs for routes is problematic. Dialogs without animations are
20 | poor UX. But server rendering animations is problematic because it means the
21 | user has to wait for the animation code to load before they see the content they
22 | came for.
23 | 
24 | Unsplash solves this problem by using dialogs for images when you click on them,
25 | but when you refresh the page you see that image's page. This is an intentional
26 | decision by them and I'm sure they weighed the pros and cons for this UX.
27 | However, it's not often this is a good user experience.
28 | 
29 | Until today, the Epic Stack used route-based dialogs for the 2FA flow and the
30 | avatar edit experience. I like using routes for these so it's easy to link the
31 | user directly to these pages and makes it easier to navigate in and out of them.
32 | 
33 | These are definitely not a good use of route-based dialogs. It certainly doesn't
34 | make sense to render it as a dialog for a client-navigation but something else
35 | for landing on that page like unsplash does for its images.
36 | 
37 | ## Decision
38 | 
39 | Remove route-based dialogs from the Epic Stack.
40 | 
41 | ## Consequences
42 | 
43 | A better UX. What used to be dialogs will now simply be pages. To help with
44 | navigation, we'll need to use breadcrumbs to help the user orient themselves and
45 | find a way back to where they came from.
46 | 


--------------------------------------------------------------------------------
/docs/decisions/036-vite.md:
--------------------------------------------------------------------------------
 1 | # Adopting Vite
 2 | 
 3 | Date: 2024-02-22
 4 | 
 5 | Status: accepted
 6 | 
 7 | ## Context
 8 | 
 9 | [The Remix Team has created a Vite Plugin](https://remix.run/blog/remix-vite-stable)
10 | and it is now stable. It can be used to replace the existing remix compiler. In
11 | Remix v3 the plugin will be the only supported way to build remix applications.
12 | 
13 | Using vite also means we get better hot module replacement, a thriving ecosystem
14 | of tools, and shared efforts with other projects using vite.
15 | 
16 | If we don't adopt vite, we'll be stuck on Remix v2 forever 🙃 Now that the vite
17 | plugin is stable, adopting vite is really the only way forward.
18 | 
19 | That said, we currently have a few route modules that mix server-only utilities
20 | with server/client code. In vite, you cannot have any exported functions which
21 | use server-only code, so those utilities will need to be moved. Luckily, the
22 | vite plugin will fail the build if it finds any issues so if it builds, it
23 | works. Additionally, this will help us make a cleaner separation between server
24 | and server/client code which is a good thing.
25 | 
26 | The simple rule is this: if it's a Remix export (like `loader`, or `action`)
27 | then it can be in the route. If it's our own utility export (like
28 | `requireRecentVerification` we had in the `/verify` route) then it needs to go
29 | in a `.server` file. To be clear, if you don't export it, then it's fine.
30 | Server-only utility functions are fine in routes. It just becomes a problem for
31 | remix when they are exported.
32 | 
33 | An interesting exception to this is sever-only code in the `handle` export like
34 | the [`getSitemapEntries` function](https://github.com/nasa-gcn/remix-seo). For
35 | this, you need to use
36 | [`vite-env-only`](https://github.com/pcattori/vite-env-only).
37 | 
38 | ## Decision
39 | 
40 | Adopt vite.
41 | 
42 | ## Consequences
43 | 
44 | Almost everything is better. We have slightly more complicated rules around the
45 | server/client code separation, but for the most part that's better and there are
46 | fewer surprises.
47 | 


--------------------------------------------------------------------------------