README.md

# b0esche.cloud

A self-hosted, SaaS-style cloud storage and document platform with a Go backend and Flutter web frontend.

🌐 **Live:** [b0esche.cloud](https://b0esche.cloud)

## Architecture

```
┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│  Flutter Web    │────▶│   Go Backend    │────▶│   PostgreSQL    │
│  (b0esche_cloud)│     │   (go_cloud)    │     │                 │
└─────────────────┘     └────────┬────────┘     └─────────────────┘
                                 │
                    ┌────────────┼────────────┐
                    ▼            ▼            ▼
             ┌──────────┐ ┌──────────┐ ┌──────────┐
             │Nextcloud │ │Collabora │ │  Traefik │
             │(Storage) │ │ (Office) │ │ (Proxy)  │
             └──────────┘ └──────────┘ └──────────┘
```

## Project Structure

```
b0esche_cloud/
├── b0esche_cloud/          # Flutter web frontend
│   ├── lib/
│   │   ├── blocs/          # BLoC state management
│   │   ├── models/         # Data models
│   │   ├── pages/          # UI pages
│   │   ├── repositories/   # Data repositories
│   │   ├── services/       # API services
│   │   ├── theme/          # App theming
│   │   └── widgets/        # Reusable widgets
│   └── web/                # Web assets
├── go_cloud/               # Go backend
│   ├── cmd/api/            # Main entry point
│   ├── internal/
│   │   ├── auth/           # Authentication (OIDC, Passkeys)
│   │   ├── files/          # File management
│   │   ├── org/            # Organization management
│   │   ├── storage/        # Nextcloud/WebDAV integration
│   │   ├── http/           # HTTP handlers & WOPI
│   │   └── ...
│   ├── migrations/         # Database migrations
│   └── pkg/jwt/            # JWT utilities
├── scripts/                # Deployment & operations scripts
└── docs/                   # Documentation
    └── AUTH.md             # Authentication system docs
```

## Features

- 🔐 **Authentication**: OIDC via Nextcloud + WebAuthn Passkeys
- 📁 **File Management**: Upload, download, organize files
- 👥 **Organizations**: Multi-tenant with roles (Owner, Admin, Member)
- 📝 **Document Viewing**: PDF viewer, Office document preview
- 🔄 **Real-time Sync**: Nextcloud/WebDAV backend storage
- 🚀 **Auto-deployment**: Daily 3AM deployments via GitLab webhooks

## Prerequisites

- Go 1.21+
- Flutter 3.10+
- Docker & Docker Compose
- PostgreSQL 15+

## Local Development

### Quick Start

```bash
# Start everything
./scripts/dev-all.sh
```

### Manual Setup

**Backend:**
```bash
cd go_cloud
cp .env.example .env
# Edit .env with your configuration
go run ./cmd/api
```

**Frontend:**
```bash
cd b0esche_cloud
flutter pub get
flutter run -d chrome
```

## Configuration

### Backend Environment Variables

| Variable | Description |
|----------|-------------|
| `SERVER_ADDR` | Server address (default: `:8080`) |
| `DATABASE_URL` | PostgreSQL connection string |
| `JWT_SECRET` | Secret for JWT signing |
| `OIDC_ISSUER_URL` | OIDC provider URL |
| `OIDC_CLIENT_ID` | OIDC client ID |
| `OIDC_CLIENT_SECRET` | OIDC client secret |
| `NEXTCLOUD_URL` | Nextcloud instance URL |
| `NEXTCLOUD_USERNAME` | Nextcloud admin username |
| `NEXTCLOUD_PASSWORD` | Nextcloud admin password |
| `COLLABORA_URL` | Collabora Online URL |

## Production Deployment

The project runs on a VPS with Docker containers behind Traefik reverse proxy.

### Services & Domains

| Domain | Service |
|--------|---------|
| `www.b0esche.cloud` | Flutter Web (Nginx) |
| `go.b0esche.cloud` | Go API Backend |
| `storage.b0esche.cloud` | Nextcloud (Storage + OIDC) |
| `of.b0esche.cloud` | Collabora Online (Office) |

### Server Directory Structure

```
/opt/
├── traefik/          # Reverse proxy + SSL
├── go/               # Go backend + PostgreSQL
├── flutter/          # Flutter web build + Nginx
├── scripts/          # Operations scripts
└── auto-deploy/      # Auto-deployment workspace
```

### Server Scripts

| Script | Description |
|--------|-------------|
| `auto-deploy.sh` | Daily automated deployment (runs at 3AM) |
| `deploy-now.sh` | Trigger immediate deployment |
| `backup.sh` | Full backup (DB, configs, volumes) |
| `monitor.sh` | Health monitoring & alerts |
| `webhook-server.py` | GitLab webhook receiver |


## Tech Stack

| Component | Technology |
|-----------|------------|
| Frontend | Flutter Web, BLoC |
| Backend | Go, Chi Router |
| Database | PostgreSQL |
| Storage | Nextcloud (WebDAV) |
| Office | Collabora Online |
| Auth | OIDC, WebAuthn |
| Proxy | Traefik |
| CI/CD | GitLab + Webhooks |

## Documentation

| Document | Description |
|----------|-------------|
| [ARCHITECTURE.md](docs/ARCHITECTURE.md) | System architecture, components, data flows |
| [API.md](docs/API.md) | Complete API endpoint reference |
| [AUTH.md](docs/AUTH.md) | Authentication system (Passkeys, OIDC, roles) |
| [SECURITY.md](docs/SECURITY.md) | Security architecture, hardening, best practices |
| [DEVELOPMENT.md](docs/DEVELOPMENT.md) | Local setup, coding conventions, testing |
| [DEPLOYMENT.md](docs/DEPLOYMENT.md) | Production deployment, operations, troubleshooting |

## License

Private project - All rights reserved
full stack second commit 2025-12-18 00:11:30 +01:00			`# b0esche.cloud`

Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`A self-hosted, SaaS-style cloud storage and document platform with a Go backend and Flutter web frontend.`

			`🌐 Live: [b0esche.cloud](https://b0esche.cloud)`

			`## Architecture`

			```
			`┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐`
			`│ Flutter Web │────▶│ Go Backend │────▶│ PostgreSQL │`
			`│ (b0esche_cloud)│ │ (go_cloud) │ │ │`
			`└─────────────────┘ └────────┬────────┘ └─────────────────┘`
			`│`
			`┌────────────┼────────────┐`
			`▼ ▼ ▼`
			`┌──────────┐ ┌──────────┐ ┌──────────┐`
			`│Nextcloud │ │Collabora │ │ Traefik │`
			`│(Storage) │ │ (Office) │ │ (Proxy) │`
			`└──────────┘ └──────────┘ └──────────┘`
			```
full stack second commit 2025-12-18 00:11:30 +01:00
			`## Project Structure`

Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			```
			`b0esche_cloud/`
			`├── b0esche_cloud/ # Flutter web frontend`
			`│ ├── lib/`
			`│ │ ├── blocs/ # BLoC state management`
			`│ │ ├── models/ # Data models`
			`│ │ ├── pages/ # UI pages`
			`│ │ ├── repositories/ # Data repositories`
			`│ │ ├── services/ # API services`
			`│ │ ├── theme/ # App theming`
			`│ │ └── widgets/ # Reusable widgets`
			`│ └── web/ # Web assets`
			`├── go_cloud/ # Go backend`
			`│ ├── cmd/api/ # Main entry point`
			`│ ├── internal/`
			`│ │ ├── auth/ # Authentication (OIDC, Passkeys)`
			`│ │ ├── files/ # File management`
			`│ │ ├── org/ # Organization management`
			`│ │ ├── storage/ # Nextcloud/WebDAV integration`
			`│ │ ├── http/ # HTTP handlers & WOPI`
			`│ │ └── ...`
			`│ ├── migrations/ # Database migrations`
			`│ └── pkg/jwt/ # JWT utilities`
			`├── scripts/ # Deployment & operations scripts`
			`└── docs/ # Documentation`
			`└── AUTH.md # Authentication system docs`
			```

			`## Features`

			`- 🔐 Authentication: OIDC via Nextcloud + WebAuthn Passkeys`
			`- 📁 File Management: Upload, download, organize files`
			`- 👥 Organizations: Multi-tenant with roles (Owner, Admin, Member)`
			`- 📝 Document Viewing: PDF viewer, Office document preview`
			`- 🔄 Real-time Sync: Nextcloud/WebDAV backend storage`
			`- 🚀 Auto-deployment: Daily 3AM deployments via GitLab webhooks`
full stack second commit 2025-12-18 00:11:30 +01:00
			`## Prerequisites`

			`- Go 1.21+`
			`- Flutter 3.10+`
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`- Docker & Docker Compose`
			`- PostgreSQL 15+`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`## Local Development`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`### Quick Start`
full stack second commit 2025-12-18 00:11:30 +01:00
			```bash
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`# Start everything`
			`./scripts/dev-all.sh`
full stack second commit 2025-12-18 00:11:30 +01:00			```

Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`### Manual Setup`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`Backend:`
full stack second commit 2025-12-18 00:11:30 +01:00			```bash
			`cd go_cloud`
			`cp .env.example .env`
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`# Edit .env with your configuration`
full stack second commit 2025-12-18 00:11:30 +01:00			`go run ./cmd/api`
			```

Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`Frontend:`
full stack second commit 2025-12-18 00:11:30 +01:00			```bash
			`cd b0esche_cloud`
			`flutter pub get`
			`flutter run -d chrome`
			```

Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`## Configuration`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`### Backend Environment Variables`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`\| Variable \| Description \|`
			`\|----------\|-------------\|`
			\| `SERVER_ADDR` \| Server address (default: `:8080`) \|
			\| `DATABASE_URL` \| PostgreSQL connection string \|
			\| `JWT_SECRET` \| Secret for JWT signing \|
			\| `OIDC_ISSUER_URL` \| OIDC provider URL \|
			\| `OIDC_CLIENT_ID` \| OIDC client ID \|
			\| `OIDC_CLIENT_SECRET` \| OIDC client secret \|
			\| `NEXTCLOUD_URL` \| Nextcloud instance URL \|
			\| `NEXTCLOUD_USERNAME` \| Nextcloud admin username \|
			\| `NEXTCLOUD_PASSWORD` \| Nextcloud admin password \|
			\| `COLLABORA_URL` \| Collabora Online URL \|
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`## Production Deployment`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`The project runs on a VPS with Docker containers behind Traefik reverse proxy.`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`### Services & Domains`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`\| Domain \| Service \|`
			`\|--------\|---------\|`
			\| `www.b0esche.cloud` \| Flutter Web (Nginx) \|
			\| `go.b0esche.cloud` \| Go API Backend \|
			\| `storage.b0esche.cloud` \| Nextcloud (Storage + OIDC) \|
			\| `of.b0esche.cloud` \| Collabora Online (Office) \|
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`### Server Directory Structure`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			```
			`/opt/`
			`├── traefik/ # Reverse proxy + SSL`
			`├── go/ # Go backend + PostgreSQL`
			`├── flutter/ # Flutter web build + Nginx`
			`├── scripts/ # Operations scripts`
			`└── auto-deploy/ # Auto-deployment workspace`
			```
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`### Server Scripts`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`\| Script \| Description \|`
			`\|--------\|-------------\|`
			\| `auto-deploy.sh` \| Daily automated deployment (runs at 3AM) \|
			\| `deploy-now.sh` \| Trigger immediate deployment \|
			\| `backup.sh` \| Full backup (DB, configs, volumes) \|
			\| `monitor.sh` \| Health monitoring & alerts \|
			\| `webhook-server.py` \| GitLab webhook receiver \|
full stack second commit 2025-12-18 00:11:30 +01:00

Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`## Tech Stack`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`\| Component \| Technology \|`
			`\|-----------\|------------\|`
			`\| Frontend \| Flutter Web, BLoC \|`
			`\| Backend \| Go, Chi Router \|`
			`\| Database \| PostgreSQL \|`
			`\| Storage \| Nextcloud (WebDAV) \|`
			`\| Office \| Collabora Online \|`
			`\| Auth \| OIDC, WebAuthn \|`
			`\| Proxy \| Traefik \|`
			`\| CI/CD \| GitLab + Webhooks \|`
full stack second commit 2025-12-18 00:11:30 +01:00
Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`## Documentation`
full stack second commit 2025-12-18 00:11:30 +01:00
Add architecture, deployment, and development documentation for b0esche.cloud 2026-01-13 19:34:46 +01:00			`\| Document \| Description \|`
			`\|----------\|-------------\|`
			`\| [ARCHITECTURE.md](docs/ARCHITECTURE.md) \| System architecture, components, data flows \|`
			`\| [API.md](docs/API.md) \| Complete API endpoint reference \|`
			`\| [AUTH.md](docs/AUTH.md) \| Authentication system (Passkeys, OIDC, roles) \|`
Refactor viewmodels and enhance security documentation; remove unused viewmodels, add path sanitization, and implement rate limiting 2026-01-13 22:11:02 +01:00			`\| [SECURITY.md](docs/SECURITY.md) \| Security architecture, hardening, best practices \|`
Add architecture, deployment, and development documentation for b0esche.cloud 2026-01-13 19:34:46 +01:00			`\| [DEVELOPMENT.md](docs/DEVELOPMENT.md) \| Local setup, coding conventions, testing \|`
			`\| [DEPLOYMENT.md](docs/DEPLOYMENT.md) \| Production deployment, operations, troubleshooting \|`
full stack second commit 2025-12-18 00:11:30 +01:00
			`## License`

Add docs, scripts, and update README - Added docs/AUTH.md with authentication system documentation - Added server scripts (auto-deploy, backup, monitor, webhook-server) - Updated README with deployment info and project structure - Added gitignore for backup archives 2026-01-13 19:23:33 +01:00			`Private project - All rights reserved`