dcm-api

Family Contributions Management API using Hono + Drizzle + Cloudflare Workers + D1.

Authentication and Authorization (Auth0)

Validation of JWT RS256 access token against Auth0 JWKS.
Mandatory validations: iss (AUTH0_ISSUER) and aud (AUTH0_AUDIENCE).
Master Authorization Document: RBAC.md.
Versioned tenant-facing Auth0 assets for manual operations or export/import reference live in auth0-tenant-config/, including tenant Actions, email HTML, and the versioned reset-email subject text.

Environments (official)

local: development with local D1 (--local) and variables in .dev.vars.
production: canonical single remote Worker dcm-api.

Migrations

The local migration history was consolidated into a single initial base:
- migrations/0000_initial_schema.sql

Local Development

Prerequisites

Node.js: Version 24+.

npm install

Copy .dev.vars.example → .dev.vars and complete the values.

Development Server

npm run dev

npm run dev uses wrangler.dev.jsonc and local D1. It does not hit production.

Worker Bindings Types

npm run types:wrangler

Execute every time you change wrangler.jsonc.

Local D1

# Leaves the local DB clean and applies migrations
npm run d1:reset:local

# Loads idempotent local seed
npm run d1:seed:local

# Shortcut: reset + seed
npm run d1:bootstrap:local

Technical Tools (`tools/`)

The tools/ directory contains automation scripts for data flows:

tools/local/d1/reset.sh: Purges the local database and applies all migrations from scratch.
tools/local/d1/seed.sh: Inserts sample test data for local development.
tools/local/d1/snapshot.sh: Creates a .sql backup of the current state of your local DB in .wrangler/d1-snapshots/.
tools/local/d1/restore.sh: Allows restoring a specific local snapshot.
tools/local/d1/inspect.sh: Inspects the local D1 database only.
tools/production/smoke-rbac.sh: Runs smoke tests against the production API to validate that Auth0 permissions are correctly mapped.

Schema (Drizzle)

# Generates a new migration from the schema
npm run d1:generate

# Checks for conflicts between migrations
npm run d1:check

Apply migration locally:

npm run d1:migrate:local

Production

Required environment variables: CLOUDFLARE_ACCOUNT_ID, CLOUDFLARE_API_TOKEN

Deploy

npm run deploy

Migrations

npx wrangler d1 migrations apply DCM_DB_BINDING --remote

Smoke Tests

# Production RBAC smoke test
./tools/production/smoke-rbac.sh

Name		Name	Last commit message	Last commit date
Latest commit History 47 Commits
auth0-tenant-config		auth0-tenant-config
docs		docs
migrations		migrations
src		src
tools/local/d1		tools/local/d1
.dev.vars.example		.dev.vars.example
.gitignore		.gitignore
.npmrc		.npmrc
.nvmrc		.nvmrc
AGENTS.md		AGENTS.md
README.md		README.md
drizzle.config.ts		drizzle.config.ts
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json
worker-configuration.d.ts		worker-configuration.d.ts
wrangler.dev.jsonc		wrangler.dev.jsonc
wrangler.jsonc		wrangler.jsonc

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

dcm-api

Authentication and Authorization (Auth0)

Environments (official)

Migrations

Local Development

Prerequisites

Development Server

Worker Bindings Types

Local D1

Technical Tools (`tools/`)

Schema (Drizzle)

Production

Deploy

Migrations

Smoke Tests

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

dcm-api

Authentication and Authorization (Auth0)

Environments (official)

Migrations

Local Development

Prerequisites

Development Server

Worker Bindings Types

Local D1

Technical Tools (tools/)

Schema (Drizzle)

Production

Deploy

Migrations

Smoke Tests

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Technical Tools (`tools/`)

Packages