create-githat-app 1.8.8 → 1.8.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +2 -2
- package/package.json +1 -1
- package/templates/base/README.md.hbs +106 -0
package/dist/cli.js
CHANGED
|
@@ -21,7 +21,7 @@ var DEPS = {
|
|
|
21
21
|
next: "^16.0.0",
|
|
22
22
|
react: "^19.0.0",
|
|
23
23
|
"react-dom": "^19.0.0",
|
|
24
|
-
"@githat/nextjs": "^0.13.
|
|
24
|
+
"@githat/nextjs": "^0.13.7",
|
|
25
25
|
"@githat/ui": "^1.0.0"
|
|
26
26
|
},
|
|
27
27
|
devDependencies: {
|
|
@@ -36,7 +36,7 @@ var DEPS = {
|
|
|
36
36
|
react: "^19.0.0",
|
|
37
37
|
"react-dom": "^19.0.0",
|
|
38
38
|
"react-router-dom": "^7.0.0",
|
|
39
|
-
"@githat/nextjs": "^0.13.
|
|
39
|
+
"@githat/nextjs": "^0.13.7",
|
|
40
40
|
"@githat/ui": "^1.0.0"
|
|
41
41
|
},
|
|
42
42
|
devDependencies: {
|
package/package.json
CHANGED
|
@@ -175,6 +175,112 @@ your site, never elsewhere, even if a user has the same passkey
|
|
|
175
175
|
"saved" in their password manager. This is the correct security
|
|
176
176
|
model.
|
|
177
177
|
|
|
178
|
+
## Realtime subscriptions
|
|
179
|
+
|
|
180
|
+
`useRealtime()` gives you a live WebSocket connection to GitHat's realtime
|
|
181
|
+
API. Any event GitHat records (sign-in, MFA toggle, file upload, webhook
|
|
182
|
+
delivery) is pushed to subscribed clients instantly — no polling required.
|
|
183
|
+
|
|
184
|
+
A common use: keep `/account/activity` up-to-date without a page reload.
|
|
185
|
+
|
|
186
|
+
```tsx
|
|
187
|
+
'use client';
|
|
188
|
+
|
|
189
|
+
import { useEffect, useState } from 'react';
|
|
190
|
+
import { useAuth, useRealtime, useAuditLog } from '@githat/nextjs';
|
|
191
|
+
import type { AuditEvent } from '@githat/nextjs';
|
|
192
|
+
|
|
193
|
+
export default function ActivityFeedPage() {
|
|
194
|
+
const { user } = useAuth();
|
|
195
|
+
const { subscribe, status } = useRealtime();
|
|
196
|
+
const { list } = useAuditLog();
|
|
197
|
+
const [events, setEvents] = useState<AuditEvent[]>([]);
|
|
198
|
+
|
|
199
|
+
// Initial load
|
|
200
|
+
useEffect(() => {
|
|
201
|
+
list({ limit: 50 }).then(({ events }) => setEvents(events));
|
|
202
|
+
}, [list]);
|
|
203
|
+
|
|
204
|
+
// Live updates via WebSocket
|
|
205
|
+
useEffect(() => {
|
|
206
|
+
if (!user?.id) return;
|
|
207
|
+
|
|
208
|
+
const unsub = subscribe(`audit.${user.id}`, () => {
|
|
209
|
+
// Refresh the list whenever a new audit event arrives
|
|
210
|
+
list({ limit: 50 }).then(({ events }) => setEvents(events));
|
|
211
|
+
});
|
|
212
|
+
|
|
213
|
+
return unsub; // unsubscribes on unmount
|
|
214
|
+
}, [user?.id, subscribe, list]);
|
|
215
|
+
|
|
216
|
+
return (
|
|
217
|
+
<div>
|
|
218
|
+
<p>Connection: {status}</p>
|
|
219
|
+
<ul>
|
|
220
|
+
{events.map((e) => (
|
|
221
|
+
<li key={e.sk}>{e.action} — {e.created_at}</li>
|
|
222
|
+
))}
|
|
223
|
+
</ul>
|
|
224
|
+
</div>
|
|
225
|
+
);
|
|
226
|
+
}
|
|
227
|
+
```
|
|
228
|
+
|
|
229
|
+
**Topic conventions:**
|
|
230
|
+
|
|
231
|
+
| Topic | Events pushed |
|
|
232
|
+
|---|---|
|
|
233
|
+
| `audit.{userId}` | Sign-in, MFA changes, passkey changes |
|
|
234
|
+
| `webhook.{webhookId}` | Webhook delivery results |
|
|
235
|
+
| `storage.{appId}` | File uploads finalized in your app |
|
|
236
|
+
| `users.{userId}` | MFA enabled, passkey added |
|
|
237
|
+
|
|
238
|
+
Resource-level wildcards are supported: `audit.*` receives every audit event
|
|
239
|
+
for every user in your app. The connection auto-reconnects with exponential
|
|
240
|
+
back-off (1 s → 2 s → 4 s → 8 s → 30 s cap).
|
|
241
|
+
|
|
242
|
+
## Row-Level Security
|
|
243
|
+
|
|
244
|
+
GitHat RLS lets you define per-collection policies that gate which rows each user
|
|
245
|
+
can read or write — without writing any backend code. Policies are evaluated on
|
|
246
|
+
every `useData()` call and stored in the GitHat dashboard.
|
|
247
|
+
|
|
248
|
+
### Quick example
|
|
249
|
+
|
|
250
|
+
```tsx
|
|
251
|
+
import { useRLS } from '@githat/nextjs';
|
|
252
|
+
|
|
253
|
+
const { setPolicy, testPolicy } = useRLS();
|
|
254
|
+
|
|
255
|
+
// Ensure users can only read/write their own rows in "documents"
|
|
256
|
+
await setPolicy('documents', {
|
|
257
|
+
readPolicy: { type: 'fieldEquals', field: 'userId', context: 'callerUserId' },
|
|
258
|
+
writePolicy: { type: 'fieldEquals', field: 'userId', context: 'callerUserId' },
|
|
259
|
+
});
|
|
260
|
+
|
|
261
|
+
// Dry-run before shipping
|
|
262
|
+
const { allowed, reasons } = await testPolicy({
|
|
263
|
+
collection: 'documents',
|
|
264
|
+
row: { userId: 'user-abc', title: 'My doc' },
|
|
265
|
+
operation: 'read',
|
|
266
|
+
context: { userId: 'user-abc' },
|
|
267
|
+
});
|
|
268
|
+
// → { allowed: true, reasons: ['policy satisfied'] }
|
|
269
|
+
```
|
|
270
|
+
|
|
271
|
+
### Predicate types
|
|
272
|
+
|
|
273
|
+
| Type | Description |
|
|
274
|
+
|------|-------------|
|
|
275
|
+
| `public` | Matches everything — no restriction |
|
|
276
|
+
| `fieldEquals` | `row[field]` must equal `callerUserId` or `callerOrgId` |
|
|
277
|
+
| `fieldIn` | `row[field]` must be in caller's org list |
|
|
278
|
+
| `orgRoleAtLeast` | Caller must hold `owner`, `admin`, or `member` in the row's org |
|
|
279
|
+
| `and` / `or` / `not` | Compose any of the above |
|
|
280
|
+
|
|
281
|
+
Manage policies visually at **Dashboard → Row-Level Security** or via `useRLS()`.
|
|
282
|
+
If no policy is set, all authenticated users have access (backwards-compatible default).
|
|
283
|
+
|
|
178
284
|
## Learn More
|
|
179
285
|
|
|
180
286
|
- [GitHat Documentation](https://githat.io/docs)
|