feat: initial HELIX scaffold — R&D showcase platform

SvelteKit 2 + Svelte 5 + TypeScript site. SQLite via Drizzle. Gitea OAuth for authoring (RnD org-gated). Pure SVG + CSS DNA helix on landing. What lands - Landing hero with animated two-strand SVG helix + tagline - /projects + /projects/[slug] (markdown body, dashboard embed allowlist) - /posts + /posts/[slug] - Auth-gated /projects/new + /posts/new forms - Gitea OAuth flow (state, code exchange, org-membership check, sessions) - Sliding-window cookie sessions (SHA-256 hashed token storage) - Dockerfile + docker-compose with named-volume SQLite - Idempotent seed (EVOLV + HELIX projects, welcome post) Stack notes - Tailwind v3 (Node 18 compat; v4 needs Node 20+) - drizzle-orm 0.45+ (patched, no SQL-identifier escape vuln) - marked for markdown; iframe embeds gated by DASHBOARD_ALLOWED_HOSTS Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 11:01:12 +02:00
commit c3d978a7eb
59 changed files with 8140 additions and 0 deletions
--- a/src/routes/auth/gitea/+server.ts
+++ b/src/routes/auth/gitea/+server.ts
@@ -0,0 +1,19 @@
+import { redirect } from '@sveltejs/kit';
+import { dev } from '$app/environment';
+import { buildAuthorizationURL, generateState } from '$lib/server/gitea';
+import { OAUTH_STATE_COOKIE } from '$lib/server/auth';
+
+export const GET = async ({ cookies }) => {
+  const state = generateState();
+  const url = buildAuthorizationURL(state);
+
+  cookies.set(OAUTH_STATE_COOKIE, state, {
+    path: '/',
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: !dev,
+    maxAge: 60 * 10
+  });
+
+  redirect(302, url);
+};