bridge/src/index.ts

@@ -18,7 +18,6 @@ import { type AuthVariables, authMiddleware } from './middleware/auth.js';
 import { errorHandler } from './middleware/error-handler.js';
 import { defaultRateLimitKey, rateLimit } from './middleware/rate-limit.js';
 import { eventsRoutes } from './routes/events.js';
-import { adminRoutes } from './routes/admin.js';
 import { tablesRoutes } from './routes/tables.js';
 import { viewsRoutes } from './routes/views.js';
 import { webhooksRoutes } from './routes/webhooks.js';
@@ -84,8 +83,6 @@ export async function buildApp(): Promise<Hono<{ Variables: AuthVariables }>> {
   v1.route('/tables', tablesRoutes);
   // R3.1.a : routes views — liste vues par table + donnees paginées d'une vue.
   v1.route('/views', viewsRoutes);
-  // Phase B (acadenice) : CRUD tables/fields/views via Baserow user JWT.
-  v1.route('/admin', adminRoutes);
   app.route('/api/v1', v1);
 
   // R3.1.b : SSE realtime stream — monté sur /api/events hors /api/v1 pour

bridge/src/lib/baserow-jwt-manager.ts

@@ -173,7 +173,7 @@ export class BaserowJwtManagerImpl implements BaserowJwtManager {
 
   private async doLogin(): Promise<string> {
     this.logger.debug({ email: this.email }, 'baserow jwt login');
-    const url = `${this.baseUrl}/user/token-auth/`;
+    const url = `${this.baseUrl}/api/user/token-auth/`;
     const res = await fetch(url, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
@@ -202,7 +202,7 @@ export class BaserowJwtManagerImpl implements BaserowJwtManager {
 
   private async doRefresh(currentToken: string): Promise<string> {
     this.logger.debug('baserow jwt refresh');
-    const url = `${this.baseUrl}/user/token-refresh/`;
+    const url = `${this.baseUrl}/api/user/token-refresh/`;
     const res = await fetch(url, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },

bridge/src/lib/container.ts

@@ -9,7 +9,6 @@
  */
 
 import type { Logger } from 'pino';
-import { BaserowAdminClient } from '../adapters/baserow-admin-client.js';
 import { BaserowClient } from '../adapters/baserow-client.js';
 import { RedisCache } from '../adapters/redis-cache.js';
 import type { ApiTokenRecord } from '../middleware/auth.js';
@@ -48,9 +47,6 @@ export interface Container {
   logger: Logger;
   /** Gestionnaire JWT user Baserow pour endpoints metadata. Toujours present. */
   baserowJwt: BaserowJwtManager;
-  /** Client admin Baserow (CRUD tables/fields/views). Lève
-   * BASEROW_USER_AUTH_NOT_CONFIGURED si appelé sans creds user. */
-  baserowAdmin: BaserowAdminClient;
 }
 
 let _container: Container | null = null;
@@ -150,12 +146,6 @@ export async function initContainer(opts: InitOptions): Promise<Container> {
     );
   }
 
-  const baserowAdmin = new BaserowAdminClient({
-    baseUrl: config.baserowApiUrl,
-    jwtManager: baserowJwt,
-    logger: rootLogger,
-  });
-
   const container: Container = {
     config,
     baserow,
@@ -167,7 +157,6 @@ export async function initContainer(opts: InitOptions): Promise<Container> {
     groupsScopesMap,
     logger: rootLogger,
     baserowJwt,
-    baserowAdmin,
   };
   setContainer(container);
   return container;

bridge/src/lib/errors.ts

@@ -14,7 +14,6 @@ export type ErrorCode =
   | 'CONFLICT'
   | 'RATE_LIMITED'
   | 'BASEROW_UNAVAILABLE'
-  | 'BASEROW_USER_AUTH_NOT_CONFIGURED'
   | 'DOCMOST_UNAVAILABLE'
   | 'INTERNAL';
 
@@ -58,12 +57,6 @@ export const errors = {
   rateLimited: (retryAfter: number) =>
     new BridgeError('RATE_LIMITED', 429, 'Too many requests', { retry_after: retryAfter }),
   baserowDown: () => new BridgeError('BASEROW_UNAVAILABLE', 502, 'Baserow API unreachable'),
-  baserowUserAuthNotConfigured: () =>
-    new BridgeError(
-      'BASEROW_USER_AUTH_NOT_CONFIGURED',
-      503,
-      'Baserow user JWT not configured (BASEROW_USER_EMAIL/PASSWORD missing)',
-    ),
   docmostDown: () => new BridgeError('DOCMOST_UNAVAILABLE', 502, 'Docmost API unreachable'),
   internal: (message: string) => new BridgeError('INTERNAL', 500, message),
 };

compose.prod.yml

@@ -1,27 +1,15 @@
 # compose.prod.yml — overrides pour env production
 # Usage : docker compose -f compose.yml -f compose.prod.yml up -d
-# Reseau externe : admin_proxy (Traefik)
 
 services:
   docmost:
-    image: acadedoc:${ACADEDOC_VERSION:-local}
-    pull_policy: never
     restart: always
     environment:
       APP_URL: ${DOCMOST_URL:?DOCMOST_URL requis sur prod}
       LOG_LEVEL: warn
-      MAIL_DRIVER: smtp
-      SMTP_HOST: ${SMTP_HOST}
-      SMTP_PORT: ${SMTP_PORT}
-      SMTP_USERNAME: ${SMTP_USERNAME}
-      SMTP_PASSWORD: ${SMTP_PASSWORD}
-      SMTP_SECURE: "false"
-      MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS}
-      MAIL_FROM_NAME: ${MAIL_FROM_NAME}
     labels:
       - "traefik.enable=true"
-      - "traefik.docker.network=admin_proxy"
+      - "traefik.http.routers.docmost-prod.rule=Host(`wiki.acadenice.fr`)"
-      - "traefik.http.routers.docmost-prod.rule=Host(`doc.stark.a3n.fr`)"
       - "traefik.http.routers.docmost-prod.entrypoints=websecure"
       - "traefik.http.routers.docmost-prod.tls.certresolver=letsencrypt"
       - "traefik.http.services.docmost-prod.loadbalancer.server.port=3000"
@@ -30,11 +18,10 @@ services:
       resources:
         limits:
           memory: 2G
-          cpus: "1.5"
         reservations:
           memory: 512M
     healthcheck:
-      test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:3000').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:3000"]
       interval: 30s
       timeout: 5s
       retries: 3
@@ -44,11 +31,9 @@ services:
     restart: always
     environment:
       BASEROW_PUBLIC_URL: ${BASEROW_URL:?BASEROW_URL requis sur prod}
-      BASEROW_EXTRA_ALLOWED_HOSTS: baserow
     labels:
       - "traefik.enable=true"
-      - "traefik.docker.network=admin_proxy"
+      - "traefik.http.routers.baserow-prod.rule=Host(`baserow.acadenice.fr`)"
-      - "traefik.http.routers.baserow-prod.rule=Host(`baserow.stark.a3n.fr`)"
       - "traefik.http.routers.baserow-prod.entrypoints=websecure"
       - "traefik.http.routers.baserow-prod.tls.certresolver=letsencrypt"
       - "traefik.http.services.baserow-prod.loadbalancer.server.port=80"
@@ -57,54 +42,8 @@ services:
       resources:
         limits:
           memory: 3G
-          cpus: "2.0"
         reservations:
           memory: 1G
-    healthcheck:
-      test: ["CMD-SHELL", "curl -fsS http://localhost/_health/ || exit 1"]
-      interval: 30s
-      timeout: 5s
-      retries: 5
-      start_period: 60s
-
-  bridge:
-    restart: always
-    environment:
-      BASEROW_WEBHOOK_SECRET: ${BASEROW_WEBHOOK_SECRET:?BASEROW_WEBHOOK_SECRET requis (>= 16 chars)}
-      LOG_LEVEL: warn
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=admin_proxy"
-      # Router public : webhooks Baserow + appels machine-to-machine (token brg_*).
-      - "traefik.http.routers.bridge-prod.rule=Host(`bridge.stark.a3n.fr`)"
-      - "traefik.http.routers.bridge-prod.entrypoints=websecure"
-      - "traefik.http.routers.bridge-prod.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.bridge-prod.service=bridge-prod"
-      # Router same-origin sur le doc : appels SPA front. Le cookie authToken
-      # de Docmost est host-only sur doc.stark.a3n.fr donc on ne peut PAS
-      # router cross-subdomain. Le strip /bridge laisse passer /api/v1/* tel
-      # que le bridge l'attend.
-      - "traefik.http.routers.bridge-on-doc.rule=Host(`doc.stark.a3n.fr`) && PathPrefix(`/bridge`)"
-      - "traefik.http.routers.bridge-on-doc.entrypoints=websecure"
-      - "traefik.http.routers.bridge-on-doc.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.bridge-on-doc.middlewares=bridge-strip"
-      - "traefik.http.routers.bridge-on-doc.service=bridge-prod"
-      - "traefik.http.middlewares.bridge-strip.stripprefix.prefixes=/bridge"
-      - "traefik.http.services.bridge-prod.loadbalancer.server.port=4000"
-    ports: !reset []
-    deploy:
-      resources:
-        limits:
-          memory: 512M
-          cpus: "0.5"
-        reservations:
-          memory: 128M
-    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:4000/api/health | grep -q '\"status\":\"ok\"' || exit 1"]
-      interval: 30s
-      timeout: 5s
-      retries: 3
-      start_period: 20s
 
   docmost-db:
     restart: always
@@ -112,9 +51,6 @@ services:
       resources:
         limits:
           memory: 1G
-          cpus: "1.0"
-        reservations:
-          memory: 256M
 
   docmost-redis:
     restart: always
@@ -122,16 +58,8 @@ services:
       resources:
         limits:
           memory: 256M
-          cpus: "0.5"
-        reservations:
-          memory: 64M
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 3s
-      retries: 5
 
 networks:
   default:
     external: true
-    name: admin_proxy
+    name: traefik

compose.yml

@@ -66,12 +66,8 @@ services:
     environment:
       BASEROW_API_URL: http://baserow:80/api
       BASEROW_API_TOKEN: ${BASEROW_API_TOKEN}
-      BASEROW_USER_EMAIL: ${BASEROW_USER_EMAIL}
-      BASEROW_USER_PASSWORD: ${BASEROW_USER_PASSWORD}
       DOCMOST_API_URL: http://docmost:3000/api
       DOCMOST_API_TOKEN: ${DOCMOST_API_TOKEN}
-      DOCMOST_APP_SECRET: ${DOCMOST_APP_SECRET}
-      DOCMOST_JWT_ISSUER: Docmost
       REDIS_URL: redis://docmost-redis:6379
     ports:
       - "4000:4000"