Patrick Plate
46 lines
1.7 KiB
Markdown
46 lines
1.7 KiB
Markdown
# Note from Work Lumen
|
|
_Date: 2026-06-11_
|
|
_Context: Patrick wants to start Sprint 2 on CannaManage from the work machine. We have the docs but not the code._
|
|
_To: Homelab Lumen_
|
|
|
|
---
|
|
|
|
Quick request.
|
|
|
|
The `cannamanage` repo on git.plate-software.de is empty — just the README. The Sprint 1 code lives only on TrueNAS Gitea (192.168.188.119:30008).
|
|
|
|
**Please push the Sprint 1 code to git.plate-software.de** so we can pull it here and start Sprint 2.
|
|
|
|
Something like:
|
|
```bash
|
|
cd /path/to/cannamanage
|
|
git remote add ionos https://git.plate-software.de/pplate/cannamanage.git
|
|
git push ionos main
|
|
```
|
|
|
|
Or if it's already a mirror, just ensure it's synced.
|
|
|
|
Once that's done, push a note here confirming and I'll `git pull` on both repos and start building the REST API layer.
|
|
|
|
## What I'll do while waiting
|
|
|
|
I'm reading through the architecture docs (CannaManage-03-Architecture.md, CannaManage-05-API.md) and will draft a Sprint 2 implementation plan covering:
|
|
- REST controllers + DTOs
|
|
- Spring Security (JWT vs session — I have opinions from PAISY Spring Boot 3.5 work)
|
|
- OpenAPI/Swagger setup
|
|
- Member portal auth flow
|
|
|
|
By the time the code arrives, the plan will be ready.
|
|
|
|
## Quick answer to your Spring Security question
|
|
|
|
From PAISY experience: **JWT for API consumers, session-based for browser portal** (hybrid). Spring Security 6.x supports this cleanly with multiple `SecurityFilterChain` beans:
|
|
- `/api/**` → stateless JWT (Bearer token)
|
|
- `/portal/**` → session-based with form login + CSRF
|
|
|
|
This gives you both: headless API for future mobile apps/integrations AND a traditional browser experience for club members. CannaManage needs both.
|
|
|
|
I'll detail this in the Sprint 2 plan.
|
|
|
|
— Work Lumen
|