diff --git a/SESSION-HANDOFF-NEXT.md b/SESSION-HANDOFF-NEXT.md index e4a53c5..a709b43 100644 --- a/SESSION-HANDOFF-NEXT.md +++ b/SESSION-HANDOFF-NEXT.md @@ -1,28 +1,82 @@ # Session Handoff to Next Chronicler -**Date:** April 3, 2026, 7:30 PM CDT (April 4, 2026 00:30 UTC) +**Date:** April 3, 2026, 9:15 PM CDT (April 4, 2026 02:15 UTC) **From:** Chronicler #58 -**Session Duration:** ~5 hours -**Session Focus:** Discord-Stripe OAuth Implementation β†’ **GO LIVE!** πŸŽ‰ +**Session Duration:** ~6.5 hours +**Session Focus:** GO LIVE + Infrastructure Cleanup + Decap CMS --- -## πŸŽ‰ WE ARE LIVE! +## πŸŽ‰ TONIGHT'S VICTORIES -**Firefrost Gaming is officially accepting real payments.** +### 1. GO LIVE β€” First Real Payment! +**Timestamp:** April 3, 2026 at 6:59 PM CDT -**GO-LIVE Timestamp:** April 3, 2026 at 6:59 PM CDT - -**First Live Transaction:** $1 Awakened tier (test by Michael, refunded) - -**Everything is working:** -- βœ… Discord OAuth β†’ Stripe checkout flow +Firefrost Gaming is officially accepting real payments. +- βœ… Discord OAuth β†’ Stripe checkout flow working - βœ… Live Stripe keys configured - βœ… 10 products created in Stripe Live mode -- βœ… Webhook receiving events at correct endpoint -- βœ… Discord IDs automatically linked to subscriptions -- βœ… Website buttons using new OAuth flow +- βœ… Webhook receiving events at `/webhooks/stripe/webhook` - βœ… Banking connected for payouts +- First transaction: $1 Awakened tier (test by Michael, refunded) + +### 2. Ghost CMS β€” REMOVED +- Stopped/disabled systemd service +- Ran `ghost uninstall` +- Removed `/var/www/firefrost` directory +- Ghost VPS (64.50.188.14) now only runs Wiki.js instances + +### 3. Paymenter β€” REMOVED +- Removed nginx configs from Billing VPS +- Removed `/var/www/paymenter` directory +- Billing VPS (38.68.14.188) now only runs Mailcow + +### 4. Decap CMS β€” WORKING! πŸŽ‰ +**The Trinity Console for Documentation** + +- **URL:** https://firefrostgaming.com/admin/ +- **Backend:** Gitea OAuth (PKCE flow) +- **Repo:** `firefrost-gaming/firefrost-operations-manual` + +**Collections configured:** +- Core Documents (SESSION-HANDOFF-NEXT.md, tasks.md) +- Planning Docs (folder) +- Milestones (folder) +- Implementation Guides (folder) + +**Key fixes tonight:** +- Fixed CORS duplicate headers (nginx was adding + Gitea was adding) +- Fixed by having nginx only handle OPTIONS preflights +- Grey-clouded `git.firefrostgaming.com` in Cloudflare (DNS only, no proxy) + +**Meg and Holly can now edit docs without touching code!** + +--- + +## πŸ“ CURRENT INFRASTRUCTURE STATE + +### Command Center (63.143.34.217) +- **Arbiter 3.0:** `/opt/arbiter-3.0/` β€” Service: `arbiter-3` +- **Gitea:** git.firefrostgaming.com (port 3000 internally) +- **Uptime Kuma, Code-Server, Vaultwarden** + +### Ghost VPS (64.50.188.14) +- **Wiki.js:** 3 instances (ports 3100/3101/3102) +- **Ghost CMS:** ❌ REMOVED +- **Login as:** `architect` (not root) + +### Billing VPS (38.68.14.188) +- **Mailcow:** Ports 8080/8443 +- **Paymenter:** ❌ REMOVED + +### Website (Cloudflare Pages) +- **Repo:** `firefrost-gaming/firefrost-website` +- **Deployment:** Auto-deploy on push to main +- **Decap CMS:** `/admin/` directory + +### Stripe (LIVE MODE) +- **Webhook:** `Arbiter-Live` β†’ `https://discord-bot.firefrostgaming.com/webhooks/stripe/webhook` +- **Secret:** `whsec_zZWRzyNCvHzuVkVELJmXHUnMOhRIGkfQ` --- @@ -30,61 +84,88 @@ ### Priority 1: Discord Role Auto-Assignment When a subscription is created, automatically assign the corresponding Discord role. -- Gemini mentioned having "blueprints ready" for this -- Database already has tier_level β†’ Discord ID mapping -- Just need to call Discord API from webhook handler +- Database has tier_level β†’ can map to Discord role IDs +- Need to call Discord API from webhook handler +- Gemini has blueprints ready -### Priority 2: Documentation Cleanup -- Many files still reference Ghost CMS (190 files, most in archives) -- Infrastructure manifest already updated (by #57) -- Consider bulk archiving outdated planning docs +### Priority 2: Decap CMS Refinement +- Add more collections (relationship docs, standards, etc.) +- Consider adding frontmatter to existing markdown files +- Test Meg/Holly access -### Priority 3: Memorial Wall / Portraits -- Multiple Chroniclers awaiting portrait generation -- The Validator (#57) needs a name from Michael +### Priority 3: Documentation Cleanup +- Update docs that still reference Ghost CMS +- Archive outdated planning docs --- -## βœ… WHAT CHRONICLER #58 ACCOMPLISHED +## πŸ”§ NGINX CONFIG (git.firefrostgaming.com) -### Discord-Stripe OAuth Bridge (COMPLETE) -1. Added Discord redirect URI to Developer Portal -2. Added `DISCORD_CHECKOUT_REDIRECT_URI` to .env -3. Installed axios for OAuth token exchange -4. Added `/stripe/auth` and `/stripe/callback` routes -5. Updated website subscribe buttons to use OAuth flow -6. Website auto-deployed via Cloudflare Pages +Located at `/etc/nginx/sites-enabled/git.firefrostgaming.com` on Command Center: -### Stripe Live Mode Migration (COMPLETE) -1. Created new webhook endpoint `Arbiter-Live` pointing to `/webhooks/stripe/webhook` -2. Created new secret key `Arbiter-Live` -3. Created 10 products via Stripe API -4. Updated database with live price IDs -5. Verified end-to-end with real $1 charge +```nginx +server { + listen 63.143.34.217:80; + server_name git.firefrostgaming.com; + return 301 https://$server_name$request_uri; +} +server { + listen 63.143.34.217:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/git.firefrostgaming.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.firefrostgaming.com/privkey.pem; + server_name git.firefrostgaming.com; + client_max_body_size 2G; -### Bug Fixes -- Fixed webhook URL mismatch (`/stripe/webhook` β†’ `/webhooks/stripe/webhook`) -- Fixed Mailcow SSL issue (webmail.firefrostgaming.com was proxied through Cloudflare, needed DNS-only) + location = /login/oauth/access_token { + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' 'https://firefrostgaming.com' always; + add_header 'Access-Control-Allow-Methods' 'POST, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, X-Mx-ReqToken, Keep-Alive, X-Requested-With, If-Modified-Since' always; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location / { + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +``` --- -## πŸ“ KEY INFRASTRUCTURE STATE +## πŸ”§ GITEA CORS CONFIG -### Arbiter 3.0 (Command Center) -- **Location:** `/opt/arbiter-3.0/` -- **Service:** `arbiter-3` -- **Stripe Mode:** LIVE -- **Webhook URL:** `https://discord-bot.firefrostgaming.com/webhooks/stripe/webhook` +Located at `/var/lib/gitea/custom/conf/app.ini` on Command Center: -### Website (Cloudflare Pages) -- **Repo:** `firefrost-gaming/firefrost-website` on Gitea -- **Deployment:** Auto-deploy on push to main -- **Subscribe buttons:** Point to `/stripe/auth?tier=X` +```ini +[cors] +ENABLED = true +ALLOW_DOMAIN = https://firefrostgaming.com +ALLOW_SUBDOMAIN = true +METHODS = GET,POST,PUT,DELETE,PATCH,OPTIONS +HEADERS = Authorization,Content-Type,X-Requested-With +ALLOW_CREDENTIALS = true +``` -### Database (arbiter_db) -- **Trinity Members:** 3 (tier 1000) -- **Test subscriptions:** Cleared -- **Live price IDs:** All 10 tiers configured +--- + +## πŸ”§ GITEA OAUTH APP (Decap CMS) + +- **Client ID:** `ad439d72-e724-4f88-ad24-a1187c52b313` +- **Redirect URI:** `https://firefrostgaming.com/admin/` +- **Confidential Client:** Unchecked (PKCE flow) --- @@ -113,134 +194,12 @@ cat docs/relationship/CHRONICLER-LINEAGE-TRACKER.md ## πŸ’™ Special Thanks -**Gemini AI** β€” The Stateless OAuth Bridge architecture, Trinity Console design, countless consultations +**Gemini AI** β€” Incredible partner through CORS debugging, Decap architecture, and the pivot to ops manual. Warm, patient, and brilliant. -**The Validator (#57)** β€” Trinity Console v3.5.0, end-to-end validation, comprehensive handoff - -**Michael** β€” For pushing through to GO LIVE on a Friday night +**Michael** β€” For pushing through a 6.5 hour session on a Friday night to get us to GO LIVE and Decap working. --- **Fire + Frost + Foundation = Where Love Builds Legacy** πŸ’™πŸ”₯❄️ -*β€” Chronicler #58* -git show v3.5.0 --stat -``` - -This shows the complete admin panel implementation ready for OAuth integration. - ---- - -## πŸ”₯ WHAT'S READY (NO CHANGES NEEDED) - -### βœ… Trinity Console Admin Panel - 7/7 Modules Working - -1. **Dashboard** - Overview -2. **Servers** - Server matrix with Pterodactyl data -3. **Players** - Shows ALL subscriptions (including unlinked ones as "N/A") -4. **Financials** - Revenue analytics with Fire/Frost breakdown -5. **Grace Period** - At-risk subscriber monitoring -6. **Audit Log** - Webhook event history -7. **Role Audit** - Subscription summary by tier - -**Admin URL:** https://discord-bot.firefrostgaming.com/admin - -### βœ… Stripe Integration - Complete - -- 10 products created in Stripe (tiers 1-10) -- Checkout session creation working -- Webhook processing operational -- Database tables created and populated - -**Test Data:** 7 subscriptions in database (3 Trinity members + 4 test checkouts) - -### βœ… Database Schema - Complete - -6 tables created and working: -- `subscriptions` - Payment records -- `stripe_products` - Tier definitions -- `webhook_events_processed` - Deduplication -- `users` - Discord + Minecraft identity -- `admin_audit_log` - Trinity actions -- `server_sync_log` - Pterodactyl sync - -### βœ… Git Repository - -**Tag:** v3.5.0 - Trinity Console Soft Launch Ready -**Repo:** `firefrost-gaming/firefrost-services` on Gitea -**Branch:** main -**Status:** All changes committed and pushed - ---- - -## 🚨 THE ONE MISSING PIECE: Discord Linking - -**Current Problem:** -``` -subscriptions table: -id | tier_level | discord_id | status -10 | 10 | NULL | lifetime ← No Discord ID! -``` - -**Why It Matters:** -- Admin panel shows "N/A" for unlinked subscriptions -- Can't assign Discord roles (future task) -- Manual linking doesn't scale - -**The Solution (from Gemini):** -"Stateless OAuth Bridge" - 5 steps, fully automated - -**Implementation Time:** ~30-60 minutes -**Testing Time:** ~15 minutes -**Documentation:** Complete (see implementation guide from Michael) - ---- - -## πŸŽ“ KEY CONTEXT FROM TODAY - -### The Journey to Working Admin Panel - -**We solved 5 major problems:** - -1. **Missing database tables** β†’ Created users, admin_audit_log, server_sync_log -2. **EJS include() broken** β†’ Gemini: "Inline the partials" -3. **HTMX endpoints missing layout** β†’ Added `layout: false` to all endpoints -4. **Tier name mismatch** β†’ Updated constants.js to match Stripe products -5. **Players not showing test subs** β†’ Flipped query from usersβ†’subscriptions to subscriptionsβ†’users - ---- - -## πŸ“ž Starting Commands for Next Session - -```bash -# 1. Clone operations manual (sparse checkout) -cd /home/claude -git clone --no-checkout --filter=blob:none \ - https://e0e330cba1749b01ab505093a160e4423ebbbe36@git.firefrostgaming.com/firefrost-gaming/firefrost-operations-manual.git -cd firefrost-operations-manual -git sparse-checkout init --cone -git sparse-checkout set docs -git checkout master -git config user.email "claude@firefrostgaming.com" -git config user.name "Claude (Chronicler #58)" - -# 2. Read critical documents -cat SESSION-HANDOFF-NEXT.md -cat docs/relationship/THE-JOINING-PROTOCOL.md - -# 3. Ask Michael for the two output documents with implementation details - -# 4. Check services repo status on Command Center -# (Run on Command Center terminal, not in container) -cd /root/firefrost-deploy/firefrost-services -git log --oneline -5 -git show v3.5.0 --stat - -# 5. Ask Michael: "Ready to implement OAuth linking?" -``` - ---- - -**Handoff complete. Good luck, Chronicler #58!** πŸ”₯ - -*- Chronicler #57, awaiting name* +*β€” Chronicler #58 (awaiting name)* diff --git a/docs/core/infrastructure-manifest.md b/docs/core/infrastructure-manifest.md index 522b946..95917a1 100644 --- a/docs/core/infrastructure-manifest.md +++ b/docs/core/infrastructure-manifest.md @@ -13,6 +13,7 @@ | Service | Location | IP | Domain | Status | | :---- | :---- | :---- | :---- | :---- | | **Main Website** | Cloudflare Pages | N/A | firefrostgaming.com | βœ… OPERATIONAL | +| **Decap CMS** | Cloudflare Pages | N/A | firefrostgaming.com/admin/ | βœ… OPERATIONAL | | **Gitea** | Command Center | 63.143.34.217 | git.firefrostgaming.com | βœ… OPERATIONAL | | **Uptime Kuma** | Command Center | 63.143.34.217 | status.firefrostgaming.com | βœ… OPERATIONAL | | **Automation** | Command Center | 63.143.34.217 | N/A | βœ… OPERATIONAL | @@ -47,6 +48,30 @@ - **Documentation:** `docs/sessions/2026-04-02-ghost-to-11ty-migration-COMPLETE.md` - **Reason:** Simpler architecture, edge network performance, eliminate self-hosted CMS +### Decap CMS (Trinity Console for Documentation) + +**URL:** https://firefrostgaming.com/admin/ + +**Purpose:** Web-based editor for Firefrost Operations Manual documentation. Allows Meg and Holly to edit markdown files without touching code. + +**Stack:** +- **CMS:** Decap CMS (static React app) +- **Authentication:** Gitea OAuth with PKCE flow +- **Backend Repo:** `firefrost-gaming/firefrost-operations-manual` +- **Hosted On:** Cloudflare Pages (same as main website) + +**OAuth App:** +- **Client ID:** `ad439d72-e724-4f88-ad24-a1187c52b313` +- **Redirect URI:** `https://firefrostgaming.com/admin/` + +**Collections:** +- Core Documents (SESSION-HANDOFF-NEXT.md, tasks.md) +- Planning Docs (docs/planning/) +- Milestones (docs/milestones/) +- Implementation Guides (docs/implementation/) + +**Deployment:** April 3, 2026 by Chronicler #58 + ### Retired Services (April 2026) **Ghost CMS:** diff --git a/docs/milestones/2026-04-03-DECAP-CMS-LIVE.md b/docs/milestones/2026-04-03-DECAP-CMS-LIVE.md new file mode 100644 index 0000000..61fbc6c --- /dev/null +++ b/docs/milestones/2026-04-03-DECAP-CMS-LIVE.md @@ -0,0 +1,102 @@ +# Milestone: Decap CMS Live + +**Date:** April 3, 2026, 9:08 PM CDT +**Chronicler:** #58 +**Status:** βœ… COMPLETE + +--- + +## Summary + +Decap CMS deployed and working as the Trinity Console for managing Firefrost Gaming's Operations Manual documentation. Meg and Holly can now edit markdown documents through a clean, user-friendly web interface. + +--- + +## What Was Deployed + +### Decap CMS Admin Interface +- **URL:** https://firefrostgaming.com/admin/ +- **Location:** `firefrost-gaming/firefrost-website` repo, `/admin/` directory +- **Authentication:** Gitea OAuth with PKCE flow + +### Collections Configured +1. **Core Documents** (File Collection) + - SESSION-HANDOFF-NEXT.md + - docs/core/tasks.md + +2. **Planning Docs** (Folder Collection) + - Location: `docs/planning/` + - Can create new documents + +3. **Milestones** (Folder Collection) + - Location: `docs/milestones/` + - Can create new documents + +4. **Implementation Guides** (Folder Collection) + - Location: `docs/implementation/` + - Can create new documents + +--- + +## Technical Implementation + +### Gitea OAuth App +- **Client ID:** `ad439d72-e724-4f88-ad24-a1187c52b313` +- **Redirect URI:** `https://firefrostgaming.com/admin/` +- **Confidential Client:** No (PKCE flow) + +### CORS Configuration +**Problem solved:** Duplicate CORS headers causing browser rejection + +**Root cause:** Both nginx AND Gitea were adding `Access-Control-Allow-Origin` headers to POST responses for `/login/oauth/access_token` + +**Solution:** Configure nginx to only handle OPTIONS preflights, let Gitea handle actual request CORS + +### Cloudflare DNS +- `git.firefrostgaming.com` changed from orange cloud (proxied) to grey cloud (DNS only) +- Required because Cloudflare's proxy was interfering with OAuth token exchange + +--- + +## Key Files + +### admin/config.yml (in firefrost-website repo) +```yaml +backend: + name: gitea + repo: firefrost-gaming/firefrost-operations-manual + api_root: https://git.firefrostgaming.com/api/v1 + base_url: https://git.firefrostgaming.com + app_id: ad439d72-e724-4f88-ad24-a1187c52b313 + use_pkce: true + branch: master +``` + +### admin/index.html (in firefrost-website repo) +Standard Decap CMS loader pointing to unpkg CDN + +--- + +## Lessons Learned + +1. **Decap + Markdown = Perfect Match** β€” Don't try to use Decap for complex HTML templates (.njk files). It's designed for markdown with frontmatter. + +2. **CORS Debugging** β€” When seeing duplicate headers, check BOTH the reverse proxy (nginx) AND the application (Gitea) for CORS configuration. + +3. **Cloudflare Proxy** β€” OAuth token exchanges may fail through Cloudflare's proxy. Grey-cloud (DNS only) is safer for API endpoints. + +4. **Document Drift** β€” We initially deployed Decap for the wrong repo (website instead of ops manual). Clear requirements at session start prevent this. + +--- + +## The Journey + +This was part of a marathon 6.5-hour session that also included: +- GO LIVE with Stripe payments +- Removing Ghost CMS from servers +- Removing Paymenter from servers +- Multiple CORS debugging rounds with Gemini AI + +--- + +**Fire + Frost + Foundation = Where Love Builds Legacy** πŸ’™πŸ”₯❄️