server

command
v4.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 5, 2026 License: MIT Imports: 28 Imported by: 0

README

Atlas Server

Go 1.26+ Atlas native server with SSR rendering, hydration bootstrap, and sqlite-backed mutation endpoints.

What it does now:

  • opens sqlite using a pure-Go driver
  • applies numbered startup migrations from examples/server/atlas-commerce-os/server/data/migrations/
  • seeds public and internal Atlas data, including comments, transfers, and receiving sessions
  • serves public read and write APIs for catalog, product questions, quote requests, and restock requests
  • serves public JSON parity for product comments and related products
  • serves internal read and write APIs for bootstrap, inventory, threshold history, transfer recommendations, warehouses, preferences, saved views, moderation, transfers, receiving, purchase orders, and SKU thresholds behind a mock session
  • renders Atlas pages through the shared shared/atlas package on the server
  • hydrates the same Atlas page tree in the browser through examples/server/atlas-commerce-os/client
  • exposes Atlas static assets from the shared examples static directory
  • issues a double-submit CSRF cookie during SSR/bootstrap responses and enforces same-origin plus token validation on all public and internal mutation routes

Run from the repo root:

New-Item -ItemType Directory -Path ./bin/examples -Force | Out-Null
go build -o ./bin/examples/atlas-commerce-os.wasm ./examples/server/atlas-commerce-os/client
go run ./examples/server/atlas-commerce-os/server

Useful endpoints:

  • GET /healthz
  • GET /auth/mock-sign-in
  • GET /shop, GET /shop/{slug}, GET /warehouses, GET /app, GET /app/dashboard, GET /app/inventory, GET /app/inventory/{sku}
  • GET /app/warehouses, GET /app/warehouses/{warehouseId}
  • GET /app/transfers, GET /app/transfers/{id}
  • GET /app/purchase-orders, GET /app/purchase-orders/{id}
  • GET /app/receiving, GET /app/receiving/{id}
  • GET /app/comments, GET /app/settings
  • GET /api/public/products/{slug}/comments
  • GET /api/public/products/{slug}/related-products
  • GET /api/app/preferences, GET /api/app/saved-views
  • GET /api/app/inventory/{sku}/threshold-history, GET /api/app/inventory/{sku}/transfer-recommendations
  • GET /api/app/warehouses, GET /api/app/warehouses/{warehouseId}
  • GET /api/app/transfers/{id}, GET /api/app/receiving/{id}
  • GET /api/app/purchase-orders, GET /api/app/purchase-orders/{id}
  • POST /api/public/products/{slug}/comments
  • POST /api/public/products/{slug}/quote-requests
  • POST /api/public/products/{slug}/restock-requests
  • POST /api/app/preferences
  • POST /api/app/saved-views
  • POST /api/app/comments/{id}/moderate
  • POST /api/app/inventory/{sku}/threshold
  • POST /api/app/transfers
  • POST /api/app/receiving/{id}/reconcile
  • POST /api/app/purchase-orders/{id}/status
  • POST /auth/mock-sign-in
  • POST /auth/mock-sign-out

Mutation notes:

  • SSR forms now include a hidden csrf_token field sourced from the bootstrap payload.
  • JSON or imperative mutation clients must echo the same token in the X-CSRF-Token header.
  • Mutation requests without a matching CSRF cookie/token pair or without a same-origin Origin or Referer are rejected with 403 Forbidden.
  • Validation failures return JSON with error, message, and field-keyed fields entries so clients can map issues back to individual controls.

Mock auth notes:

  • Internal SSR routes redirect missing browser sessions to GET /auth/mock-sign-in?next=....
  • Internal API routes without a mock session return 401 JSON with error=mock_sign_in_required and a recovery URL.
  • Mock sign-in currently offers the seeded roles inventory_manager, warehouse_supervisor, and ops_lead.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL