Build Forgejo-backed community prototype

2026-04-12 20:15:33 -04:00 · 2026-04-12 20:15:33 -04:00 · 6671a01d26
commit 6671a01d26
parent 797ae5ea35
16 changed files with 2485 additions and 293 deletions
--- a/README.md
+++ b/README.md
@ -38,17 +38,34 @@ HOST=0.0.0.0 PORT=8800 ./scripts/start.sh
 Optional live Forgejo configuration:

 ```bash
+export APP_BASE_URL="http://kacper-dev-pod:8800"
 export FORGEJO_BASE_URL="https://aksal.cloud"
-export FORGEJO_TOKEN="your-forgejo-api-token"
+export FORGEJO_OAUTH_CLIENT_ID="your-forgejo-oauth-client-id"
+export FORGEJO_OAUTH_CLIENT_SECRET="your-forgejo-oauth-client-secret"
+export FORGEJO_OAUTH_SCOPES="openid profile"
 export CALENDAR_FEED_URLS="webcal://example.com/calendar.ics,https://example.com/other.ics"
 ```

+`APP_BASE_URL` must match the URL you use in the browser. Create the OAuth app in Forgejo with this redirect URI:
+
+```text
+http://kacper-dev-pod:8800/api/auth/forgejo/callback
+```
+
+`FORGEJO_TOKEN` is optional. When set, it is a read fallback for local development. Browser OAuth requests only identity scopes, then the backend uses the signed-in user's Forgejo identity for public repo reads and public issue replies. The backend must verify repositories are public before reading discussion data or writing comments.
+
 Or put those values in `.env`:

 ```bash
 cp .env.example .env
 ```

+Sign in through `/signin` using Forgejo OAuth, or query the API directly with:
+
+```bash
+curl -H "Authorization: token your-forgejo-api-token" http://127.0.0.1:8800/api/prototype
+```
+
 ### Frontend

 ```bash