DocHub
/
Authentication & Deployment
Authentication & Deployment
Google OAuth SSO, shared sessions between CMS and DocHub, and the production deployment pipeline
Google OAuth Login Flow
1
User visits https://docs.ipnoelp.com — no valid session cookie found
↓
2
Auth middleware redirects to /auth/login — shows "Sign in with Google" button
↓
3
Click triggers /auth/google — Passport redirects to Google's OAuth consent screen
↓
4
Google authenticates the user and returns authorization code to /auth/google/callback
↓
5
Domain check — Passport verifies email ends with @omelasai.com. Rejected if not.
↓
6
Session created in PostgreSQL via connect-pg-simple. Cookie set on .ipnoelp.com domain. Redirect to /
Dev Mode: When no GOOGLE_CLIENT_ID is set, auth is bypassed entirely. All routes are accessible without login.
Shared Session Architecture
CMS and DocHub share a single sign-on via cookie domain and PostgreSQL session store.
CMS
cms.ipnoelp.com
:3000 / :3001
←
Shared Session
PostgreSQL session table
Cookie domain: .ipnoelp.com
Same SESSION_SECRET
Same Google OAuth credentials
→
DocHub
docs.ipnoelp.com
:3002
| Setting |
Value |
Why |
| COOKIE_DOMAIN |
.ipnoelp.com |
Leading dot makes cookie accessible to all subdomains |
| SESSION_SECRET |
Same in both apps |
Both apps must decrypt the same session cookie |
| Session store |
connect-pg-simple |
Shared PostgreSQL table means either app can read sessions |
| trust proxy |
1 |
Express trusts nginx's X-Forwarded-Proto for secure cookie setting |
Deployment Pipeline
From local edit to production in 4 steps.
Local
Edit .ts / .md
src/ and content/
→
Build
npx tsc
src/ → dist/
→
Transfer
rsync
SSH to droplet
→
Restart
pm2 restart
Zero-downtime
Manual Deploy
npx tsc — Compile TypeScript
rsync src/ dist/ content/ to droplet
pm2 restart dochub
Daily Auto-Deploy
Cron at 3:00 AM UTC runs daily-run.sh
Pulls from GitHub, rebuilds, restarts
Runs daily agent validation
Daily Agent Timeline
Automated cron job at 3:00 AM UTC that keeps documentation fresh and validated.
03:00
git pull — Fetch latest content and code from GitHub
03:00
npm ci — Install any new dependencies
03:01
npx tsc — Recompile TypeScript to dist/
03:01
build-site — Pre-render all manifests and raw files to build/
03:02
daily-agent — Scan all manifests, check schema coverage, find broken references
03:03
pm2 restart — Apply changes with zero-downtime restart
Report Output
reports/YYYY-MM-DD.json
Served at /api/report/latest
Checks Performed
Schema coverage gaps
Empty subprojects
Broken cross-references
AI Analysis
Claude Sonnet reviews
all manifest data and
suggests improvements
Production Infrastructure
| Component |
Configuration |
Details |
| Droplet |
178.128.183.166 |
DigitalOcean, shared with CMS |
| nginx |
/etc/nginx/sites-available/docs |
HTTPS termination, proxy to :3002 |
| SSL |
Let's Encrypt via certbot |
Auto-renewal, managed by nginx |
| PM2 |
ecosystem.config.js |
256MB memory limit, auto-restart, startup persistence |
| PostgreSQL |
Docker on port 5433 |
Session storage (shared with CMS) |
| Logs |
/var/log/dochub/ |
out.log and error.log |