added a beta access feature

.gitea/workflows/deploy.yml

@@ -10,40 +10,42 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Build API
-        run: |
-          cd api
-          npm ci
-          npx prisma generate
-          npm run build
-
       - name: Build Web
         run: |
           cd web
           npm ci
           npm run build
 
-      - name: Deploy API
+      - name: Deploy with Docker Compose
         run: |
-          pm2 stop skymoney-api || true
+          # Deploy directory
-          rm -rf /opt/skymoney/api/dist /opt/skymoney/api/node_modules
+          APP_DIR=/opt/skymoney
-          cp -r api/dist /opt/skymoney/api/
+          mkdir -p $APP_DIR
-          cp -r api/node_modules /opt/skymoney/api/
-          cp -r api/prisma /opt/skymoney/api/
-          
-          # Run migrations using the VPS .env
-          cd /opt/skymoney/api
-          set -a
-          source .env
-          set +a
-          npx prisma migrate deploy
-          
-          pm2 start /opt/skymoney/api/dist/server.js --name skymoney-api
 
-      - name: Deploy Web
+          # Sync repo to server (excluding node_modules, dist, etc)
-        run: |
+          rsync -a --delete \
-          rm -rf /var/www/skymoney/dist/*
+            --exclude=node_modules \
+            --exclude=dist \
+            --exclude=.git \
+            --exclude=.gitea \
+            --exclude=backups \
+            --exclude=exporting \
+            ./ $APP_DIR/
+
+          # Copy built web to shared volume
+          mkdir -p /var/www/skymoney/dist
           cp -r web/dist/* /var/www/skymoney/dist/
 
+          cd $APP_DIR
+
+          # Build and start all services
+          sudo docker-compose up -d --build
+
+          # Wait for database to be ready
+          sleep 10
+
+          # Run Prisma migrations inside the API container
+          sudo docker-compose exec -T api npx prisma migrate deploy
+
       - name: Reload Nginx
         run: sudo systemctl reload nginx

docker-compose.yml

@@ -22,10 +22,10 @@ services:
       context: ./api
       dockerfile: Dockerfile
     environment:
-      NODE_ENV: ${NODE_ENV:-development}
+      NODE_ENV: ${NODE_ENV:-production}
       PORT: ${PORT:-8080}
       DATABASE_URL: ${DATABASE_URL:-postgres://app:app@postgres:5432/skymoney}
-      CORS_ORIGIN: ${CORS_ORIGIN:-http://localhost:5173}
+      CORS_ORIGIN: ${CORS_ORIGIN:-https://skymoneybudget.com}
       SEED_DEFAULT_BUDGET: ${SEED_DEFAULT_BUDGET:-0}
       AUTH_DISABLED: ${AUTH_DISABLED:-false}
       JWT_SECRET: ${JWT_SECRET:-dev-jwt-secret-change-me}
@@ -37,29 +37,12 @@ services:
       - "8081:8080"
     restart: unless-stopped
     healthcheck:
-      # runs *inside* the container; port 8080 is the app's internal port
       test: ["CMD-SHELL", "wget -qO- http://localhost:8080/health || exit 1"]
       interval: 5s
       timeout: 3s
       retries: 10
       start_period: 10s
 
-  caddy:
-    image: caddy:2
-    ports:
-      - "8080:80"
-    volumes:
-      - ./Caddyfile.dev:/etc/caddy/Caddyfile:ro
-      - ./web/dist:/srv/site:ro
-    depends_on:
-      - api
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://localhost/ || exit 1"]
-      interval: 10s
-      timeout: 3s
-      retries: 10
-
   scheduler:
     build:
       context: ./api

web/src/components/BetaGate.tsx

@@ -0,0 +1,37 @@
+import { type ReactNode, useEffect, useState } from "react";
+import { Navigate, useLocation } from "react-router-dom";
+
+const STORAGE_KEY = "skymoney_beta_access";
+
+type Props = {
+  children: ReactNode;
+};
+
+export function BetaGate({ children }: Props) {
+  const location = useLocation();
+  const [hasAccess, setHasAccess] = useState<boolean | null>(null);
+
+  useEffect(() => {
+    setHasAccess(localStorage.getItem(STORAGE_KEY) === "true");
+  }, []);
+
+  if (location.pathname === "/beta") {
+    return <>{children}</>;
+  }
+
+  if (hasAccess === null) {
+    return (
+      <div className="flex min-h-[40vh] items-center justify-center text-sm muted">
+        Checking access…
+      </div>
+    );
+  }
+
+  if (!hasAccess) {
+    return <Navigate to="/beta" replace />;
+  }
+
+  return <>{children}</>;
+}
+
+export const betaAccessStorageKey = STORAGE_KEY;

web/src/main.tsx

@@ -10,6 +10,7 @@ import {
 import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
 import { ToastProvider } from "./components/Toast";
 import { RequireAuth } from "./components/RequireAuth";
+import { BetaGate } from "./components/BetaGate";
 import App from "./App";
 import "./styles.css";
 
@@ -52,13 +53,23 @@ const HealthPage = lazy(() => import("./pages/HealthPage"));
 const OnboardingPage = lazy(() => import("./pages/OnboardingPage"));
 const LoginPage = lazy(() => import("./pages/LoginPage"));
 const RegisterPage = lazy(() => import("./pages/RegisterPage"));
+const BetaAccessPage = lazy(() => import("./pages/BetaAccessPage"));
 
 const router = createBrowserRouter(
   createRoutesFromElements(
-    <Route element={<App />}>
+    <>
-      {/* Public */}
+      <Route path="/beta" element={<BetaAccessPage />} />
-      <Route path="/login" element={<LoginPage />} />
+
-      <Route path="/register" element={<RegisterPage />} />
+      <Route
+        element={
+          <BetaGate>
+            <App />
+          </BetaGate>
+        }
+      >
+        {/* Public */}
+        <Route path="/login" element={<LoginPage />} />
+        <Route path="/register" element={<RegisterPage />} />
 
       {/* Protected onboarding */}
       <Route
@@ -160,9 +171,10 @@ const router = createBrowserRouter(
         }
       />
 
-      {/* Fallback */}
+        {/* Fallback */}
-      <Route path="*" element={<Navigate to="/" replace />} />
+        <Route path="*" element={<Navigate to="/" replace />} />
-    </Route>
+      </Route>
+    </>
   )
 );
 

web/src/pages/BetaAccessPage.tsx

@@ -0,0 +1,96 @@
+import { useMemo, useState } from "react";
+import { useNavigate } from "react-router-dom";
+import { betaAccessStorageKey } from "../components/BetaGate";
+
+const ACCESS_CODE = "jodygavemeaccess123";
+
+export default function BetaAccessPage() {
+  const navigate = useNavigate();
+  const [code, setCode] = useState("");
+  const [touched, setTouched] = useState(false);
+
+  const isValid = useMemo(() => code.trim() === ACCESS_CODE, [code]);
+  const isUnlocked = useMemo(
+    () => localStorage.getItem(betaAccessStorageKey) === "true",
+    []
+  );
+
+  const handleSubmit = (event: React.FormEvent) => {
+    event.preventDefault();
+    setTouched(true);
+    if (!isValid) return;
+    localStorage.setItem(betaAccessStorageKey, "true");
+    navigate("/login", { replace: true });
+  };
+
+  return (
+    <div className="min-h-screen bg-[--color-bg] flex items-center justify-center px-4 py-10">
+      <div className="w-full max-w-xl card p-8 sm:p-10">
+        <div className="space-y-3">
+          <div className="text-xs uppercase tracking-[0.2em] muted">
+            Private beta
+          </div>
+          <h1 className="text-3xl sm:text-4xl font-semibold">
+            Welcome to SkyMoney
+          </h1>
+          <p className="muted">
+            This build is private. If you’ve been given access, enter your code
+            below. If not, reach out to{" "}
+            <a
+              href="https://jodyholt.com"
+              target="_blank"
+              rel="noreferrer"
+              className="text-[--color-accent] font-medium hover:underline"
+            >
+              Jody
+            </a>{" "}
+            for access.
+          </p>
+        </div>
+
+        <form onSubmit={handleSubmit} className="mt-6 space-y-4">
+          <label className="block text-sm font-medium">
+            Access code
+            <div className="mt-2">
+              <input
+                type="text"
+                className="input w-full"
+                value={code}
+                onChange={(event) => {
+                  setTouched(true);
+                  setCode(event.target.value);
+                }}
+                placeholder="Enter your code"
+                autoComplete="off"
+              />
+            </div>
+          </label>
+
+          {touched && code.length > 0 && !isValid && (
+            <div className="text-sm text-red-500">
+              That code doesn’t match. Please try again.
+            </div>
+          )}
+
+          <button
+            type="submit"
+            className="btn primary w-full"
+            disabled={!isValid}
+          >
+            Continue
+          </button>
+
+          {isUnlocked && (
+            <button
+              type="button"
+              className="btn w-full"
+              onClick={() => navigate("/login")}
+            >
+              I already have access
+            </button>
+          )}
+        </form>
+      </div>
+    </div>
+  );
+}