This repo now contains:
apps/web: TanStack Start frontend with Better Auth.apps/cms: Payload CMS with role-based content access.packages/shared: shared role/visibility/access types.
pnpm install- Prepare env files:
- copy
apps/cms/.env.exampletoapps/cms/.env - copy
apps/web/.env.exampletoapps/web/.env - keep
DATABASE_URLandPAYLOAD_SERVICE_TOKENconsistent in both apps
- Start CMS:
pnpm dev:cms- Migrate old markdown posts into CMS:
pnpm migrate:content- Start web:
pnpm dev:web- Start both apps in parallel:
pnpm dev:new- auth provider: Better Auth (
email/password+GitHub OAuth) - roles:
member | vip | admin - post visibility:
public | member | vip | admin | password - password posts require
/unlock/:slugwith signed HttpOnly cookie (24h)
GET /api/web/postsGET /api/web/posts/:slugPOST /api/web/posts/:slug/verify-password
All requests must include x-service-token and should be sent only from the web server.
GET /rss.xml- includes only
published + publicposts
apps/webdeploy to Vercelapps/cms+ Postgres deploy to Railway
Required env keys:
DATABASE_URLBETTER_AUTH_SECRETGITHUB_CLIENT_IDGITHUB_CLIENT_SECRETPAYLOAD_SECRETPAYLOAD_PUBLIC_URLPAYLOAD_SERVICE_TOKENCOOKIE_DOMAINAPPS_WEB_URLADMIN_EMAIL_ALLOWLIST