feat: add initial documentation and setup files for YANPM

Reviewed-on: #7

.github/actions/setup-rust/action.yml

@@ -0,0 +1,65 @@
+name: 'Setup Rust environment'
+description: 'Composite action to checkout the repo, restore cargo caches and set up the Rust toolchain. Use this from job steps to keep setup DRY across jobs.'
+inputs:
+  toolchain:
+    description: 'Rust toolchain to install'
+    required: false
+    default: 'stable'
+  override:
+    description: 'Whether to override the default toolchain'
+    required: false
+    default: 'true'
+  components:
+    description: 'Comma-separated list of additional rust components to install'
+    required: false
+    default: 'clippy, rustfmt'
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Cache cargo registry
+      uses: actions/cache@v3
+      with:
+        path: ~/.cargo/registry
+        key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Cache cargo index
+      uses: actions/cache@v3
+      with:
+        path: ~/.cargo/index
+        key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Sanitize components input
+      shell: bash
+      run: echo "SANITIZED_COMPONENTS=${{ inputs.components }}" | sed -E 's/, ?| /-/g' >> $GITHUB_ENV
+
+    - name: Cache Rust toolchain
+      uses: actions/cache@v4
+      with:
+        path: ~/.rustup
+        # Key includes the OS and the toolchain version (e.g., 'stable')
+        key: ${{ runner.os }}-rustup-${{ hashFiles('rust-toolchain.toml') }}-v1-${{ inputs.toolchain }}-${{ env.SANITIZED_COMPONENTS }}
+        restore-keys: |
+          ${{ runner.os }}-rustup-
+
+    - name: Cache cargo build (target)
+      uses: actions/cache@v3
+      with:
+        path: target
+        key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
+    - name: Set up rust toolchain
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        toolchain: ${{ inputs.toolchain }}
+        override: ${{ inputs.override }}
+        components: ${{ inputs.components }}

.github/workflows/test.yml

@@ -0,0 +1,135 @@
+# this workflow runs tests on pull request and push events targeting master branch
+# it also verify the generated code is up to date and valid
+
+name: Test
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+
+jobs:
+  # setup is now handled by a composite action used by downstream jobs to keep
+  # the workflow DRY. The composite action performs checkout, cache restore and
+  # toolchain setup.
+
+  test:
+    needs: frontend-build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Rust, checkout and restore caches
+        uses: ./.github/actions/setup-rust
+
+      - name: Restore frontend build cache
+        uses: actions/cache@v4
+        with:
+          path: apps/frontend/build
+          key: frontend-build-${{ runner.os }}-run-${{ github.run_id }}
+          restore-keys: |
+            frontend-build-${{ runner.os }}-
+
+      - name: Run tests
+        run: cargo test --all-features
+
+  lint:
+    needs: frontend-build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Rust, checkout and restore caches
+        uses: ./.github/actions/setup-rust
+        with:
+          components: clippy, rustfmt
+
+      - name: Restore frontend build cache
+        uses: actions/cache@v4
+        with:
+          path: apps/frontend/build
+          key: frontend-build-${{ runner.os }}-run-${{ github.run_id }}
+          restore-keys: |
+            frontend-build-${{ runner.os }}-
+
+      - name: Run clippy
+        run: cargo clippy --all-features -- -D warnings
+
+      - name: Check code formatting
+        run: cargo fmt --all -- --check
+
+  test-frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          version: 10
+          run_install: false
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'pnpm'
+          cache-dependency-path: apps/frontend/pnpm-lock.yaml
+
+      - name: Install frontend dependencies
+        run: |
+          cd apps/frontend
+          pnpm install
+
+      - name: Run frontend tests
+        run: |
+          cd apps/frontend
+          pnpm test
+
+  frontend-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10
+          run_install: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'pnpm'
+          cache-dependency-path: apps/frontend/pnpm-lock.yaml
+
+      - name: Install frontend dependencies
+        run: |
+          cd apps/frontend
+          pnpm install
+
+      - name: Build frontend
+        run: |
+          cd apps/frontend
+          pnpm build
+
+      - name: Cache frontend build
+        uses: actions/cache@v4
+        with:
+          path: apps/frontend/build
+          key: frontend-build-${{ runner.os }}-run-${{ github.run_id }}
+          restore-keys: |
+            frontend-build-${{ runner.os }}-

.github/workflows/verify.yml

@@ -0,0 +1,195 @@
+# this workflow verifies the generated code is up to date and valid
+
+name: Verify
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+
+jobs:
+  # setup is now handled by a composite action used by downstream jobs to keep
+  # the workflow DRY. The composite action performs checkout, cache restore and
+  # toolchain setup.
+
+  verify-generated-code:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          
+      - name: Setup Rust, checkout and restore caches
+        uses: ./.github/actions/setup-rust
+
+      - name: generate entities from migration files
+        run: |
+          cd apps/cli
+          cargo run -- db:migrate_and_generate --output-path ../../public/database/src/generated/entities
+      - name: Check for uncommitted changes in /generated/
+        run: |
+          if [[ -n $(git status --porcelain | grep '^ M .*\/generated\/') ]]; then
+            echo "Generated code is not up to date. Please run the code generation locally and commit the changes."
+            git status --porcelain | grep '^ M .*\/generated\/'
+            exit 1
+          else
+            echo "Generated code is up to date."
+          fi
+
+  verify-openapi-spec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Check whether apps/api/src/routes changed
+        id: check_changes
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            BASE_SHA=${{ github.event.pull_request.base.sha }}
+            HEAD_SHA=${{ github.event.pull_request.head.sha }}
+          else
+            BASE_SHA=${{ github.event.before }}
+            HEAD_SHA=${{ github.sha }}
+          fi
+
+          # Provide safe fallbacks when GitHub context values are empty (e.g. when using act)
+          if [ -z "$HEAD_SHA" ]; then
+            HEAD_SHA=$(git rev-parse --verify HEAD 2>/dev/null || echo "")
+          fi
+
+          if [ -z "$BASE_SHA" ]; then
+            # Try the parent of HEAD, fall back to HEAD if unavailable
+            PREV=$(git rev-parse --verify "${HEAD_SHA}^" 2>/dev/null || true)
+            if [ -n "$PREV" ]; then
+              BASE_SHA=$PREV
+            else
+              BASE_SHA=$HEAD_SHA
+            fi
+          fi
+
+          echo "Comparing $BASE_SHA..$HEAD_SHA"
+          CHANGED_FILES=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA" || true)
+          echo "$CHANGED_FILES"
+
+          echo "$CHANGED_FILES" | grep -E '^(apps/api/src/routes/?|apps/api/swagger.json)' >/dev/null 2>&1 && echo "changed=true" >> $GITHUB_OUTPUT || echo "changed=false" >> $GITHUB_OUTPUT
+
+      - name: Setup Rust, checkout and restore caches
+        if: steps.check_changes.outputs.changed == 'true'
+        uses: ./.github/actions/setup-rust
+      
+      - name: Generate dummy frontend build (to satisfy dependencies)
+        if: steps.check_changes.outputs.changed == 'true'
+        run: |
+          mkdir -p apps/frontend/build/client
+          echo "dummy file" > apps/frontend/build/client/dummy.txt
+
+      - name: Generate OpenAPI spec
+        if: steps.check_changes.outputs.changed == 'true'
+        run: |
+          cd apps/api
+          cargo run -- generate:openapi --output-path ./swagger.json
+      
+      - name: Check for uncommitted changes in swagger.json
+        if: steps.check_changes.outputs.changed == 'true'
+        run: |
+          if [[ -n $(git status --porcelain | grep '^ M apps/api/swagger.json') ]]; then
+            echo "OpenAPI spec is not up to date. Please run the OpenAPI generation locally and commit the changes."
+            git status --porcelain | grep '^ M apps/api/swagger.json'
+            exit 1
+          else
+            echo "OpenAPI spec is up to date."
+          fi
+
+      - name: Skip OpenAPI generation (no relevant changes)
+        if: steps.check_changes.outputs.changed == 'false'
+        run: echo "No changes in apps/api/src/routes/ nor apps/api/swagger.json, skipping OpenAPI generation verification."
+
+  verify-frontend-api-client:
+    runs-on: ubuntu-latest
+    needs: verify-openapi-spec
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Check whether apps/api/swagger.json or apps/frontend/app/generated/api-client changed
+        id: check_swagger_changes
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            BASE_SHA=${{ github.event.pull_request.base.sha }}
+            HEAD_SHA=${{ github.event.pull_request.head.sha }}
+          else
+            BASE_SHA=${{ github.event.before }}
+            HEAD_SHA=${{ github.sha }}
+          fi
+
+          # Provide safe fallbacks when GitHub context values are empty (e.g. when using act)
+          if [ -z "$HEAD_SHA" ]; then
+            HEAD_SHA=$(git rev-parse --verify HEAD 2>/dev/null || echo "")
+          fi
+
+          if [ -z "$BASE_SHA" ]; then
+            # Try the parent of HEAD, fall back to HEAD if unavailable
+            PREV=$(git rev-parse --verify "${HEAD_SHA}^" 2>/dev/null || true)
+            if [ -n "$PREV" ]; then
+              BASE_SHA=$PREV
+            else
+              BASE_SHA=$HEAD_SHA
+            fi
+          fi
+
+          echo "Comparing $BASE_SHA..$HEAD_SHA"
+          CHANGED_FILES=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA" || true)
+          echo "$CHANGED_FILES"
+
+          echo "$CHANGED_FILES" | grep -E '^(apps/api/swagger.json|apps/frontend/app/generated/api-client)' >/dev/null 2>&1 && echo "changed=true" >> $GITHUB_OUTPUT || echo "changed=false" >> $GITHUB_OUTPUT
+
+      - name: Setup PNPM
+        uses: pnpm/action-setup@v4
+        if: steps.check_swagger_changes.outputs.changed == 'true'
+        with:
+          version: 10
+          run_install: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        if: steps.check_swagger_changes.outputs.changed == 'true'
+        with:
+          node-version: 22
+          cache: 'pnpm'
+          cache-dependency-path: apps/frontend/pnpm-lock.yaml
+      
+      - name: Install frontend dependencies
+        if: steps.check_swagger_changes.outputs.changed == 'true'
+        run: |
+          cd apps/frontend
+          pnpm install
+      
+      - name: Generate frontend API client
+        if: steps.check_swagger_changes.outputs.changed == 'true'
+        run: |
+          cd apps/frontend
+          pnpm generate:openapi
+
+      - name: Check for uncommitted changes in frontend API client
+        if: steps.check_swagger_changes.outputs.changed == 'true'
+        run: |
+          if [[ -n $(git status --porcelain | grep '^ M apps/frontend/app/generated/api-client') ]]; then
+            echo "Frontend API client is not up to date. Please run the API client generation locally and commit the changes."
+            git status --porcelain | grep '^ M apps/frontend/app/generated/api-client'
+            exit 1
+          else
+            echo "Frontend API client is up to date."
+          fi
+      
+      - name: Skip frontend API client generation (no relevant changes)
+        if: steps.check_swagger_changes.outputs.changed == 'false'
+        run: echo "No changes in apps/api/swagger.json nor apps/frontend/app/generated/api-client, skipping frontend API client generation verification."

.gitignore

@@ -21,3 +21,9 @@ target
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
+
+# generated environment variables file
+.env
+.env.generated
+
+generated-config.yaml

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "cSpell.words": ["YANPM"]
+}

Cargo.toml

@@ -1,9 +1,19 @@
 [workspace]
 members = [ 
+    "apps/api",
     "apps/container",
+    "apps/cli",
+    "public/shared",
+    "public/database",
+    "public/migration"
 ]
 
 resolver = "3"
 
 [workspace.lints.clippy]
 module_inception = "allow"
+
+[workspace.dependencies]
+sea-orm = "2.0.0-rc"
+sea-orm-cli = "2.0.0-rc"
+sea-orm-migration = "2.0.0-rc"

LICENSE

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

README.md

@@ -0,0 +1,18 @@
+# Yet Another Nginx Proxy Manager (YANPM)
+
+Yet Another Nginx Proxy Manager (YANPM) is an open-source web application designed to simplify the management of Nginx proxy servers. It targets at small footprint and high performance with plugin support.
+
+## Features
+
+- Easy-to-use web interface for managing Nginx proxies
+- User authentication and access control
+- Plugin architecture for extensibility
+- Lightweight and efficient design
+
+## Installation
+
+TBD
+
+## Development Setup
+
+Refer to the [Development Guide](doc/development.md) for detailed instructions on setting up the development environment, including backend and frontend development.

apps/api/.gitignore

@@ -0,0 +1 @@
+config.yaml

apps/api/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "yet-another-nginx-proxy-manager"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+database = { path = "../../public/database" }
+migration = { path = "../../public/migration" }
+
+axum = { version = "0.8.7", features = ["form", "http1", "http2", "json", "matched-path", "original-uri", "query", "tokio", "tower-log", "tracing", "macros"]}
+async-trait = { version = "0.1.89" }
+chrono = { version = "0.4.42", features = ["clock", "std", "oldtime", "wasmbind", "serde"] }
+config = { version = "0.15.19", features = ["toml", "json", "yaml", "ini", "ron", "json5", "convert-case", "async"] }
+tokio = { version = "1", features = ["fs", "io-util", "io-std", "macros", "net", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "sync", "time", "tracing"] }
+tower = { version = "0.5.2", features = ["tokio", "tracing", "timeout"] }
+tracing = { version = "0.1.41", features = ["std", "attributes"] }
+tracing-subscriber = { version = "0.3.20", features = ["smallvec", "fmt", "ansi", "tracing-log", "std", "chrono", "json", "serde", "serde_json", "time", "tracing"] }
+serde_json = { version = "1.0.145", features = ["std"] }
+serde = { version = "1.0.228", features = ["std", "derive"] }
+sea-orm = { workspace = true }
+include_dir = { version = "0.7.4" }
+mime_guess = { version = "2.0.5" }
+utoipa = { version = "5.4.0", features = ["macros", "axum_extras", "chrono", "decimal", "uuid", "time", "openapi_extensions"] }
+clap = { version = "4.5.53" }
+once_cell = { version = "1.21.3" }

apps/api/src/cmd.rs

@@ -0,0 +1,49 @@
+mod generate_openapi;
+mod start_server;
+
+pub use start_server::start_server;
+
+use std::pin::Pin;
+use std::{future::Future, process::exit};
+
+use clap::{ArgMatches, Command};
+
+pub struct CliCommand {
+    pub command: Command,
+    pub action: fn(&clap::ArgMatches) -> Pin<Box<dyn std::future::Future<Output = ()> + Send>>,
+}
+
+static CLI_COMMANDS: once_cell::sync::Lazy<
+    [CliCommand; 2 /* Update this count when adding new commands */],
+> =
+    once_cell::sync::Lazy::new(|| {
+        [
+            // Add new commands here
+            generate_openapi::get_cli_command(),
+            start_server::get_cli_command(),
+        ]
+    });
+
+pub fn get_command() -> Command {
+    let mut c = Command::new("cmd");
+
+    for cmd in CLI_COMMANDS.iter() {
+        c = c.subcommand(cmd.command.clone());
+    }
+
+    c
+}
+
+pub fn execute(matches: &ArgMatches, help_msg: &str) -> Pin<Box<dyn Future<Output = ()> + Send>> {
+    if let Some((subcommand_name, subcommand_matches)) = matches.subcommand() {
+        for cmd in CLI_COMMANDS.iter() {
+            if cmd.command.get_name() == subcommand_name {
+                return (cmd.action)(subcommand_matches);
+            }
+        }
+    }
+
+    eprintln!("Error: No valid subcommand provided.");
+    eprintln!("{}", help_msg);
+    exit(1);
+}

apps/api/src/cmd/generate_openapi.rs

@@ -0,0 +1,44 @@
+use clap::{Arg, Command};
+use tracing::info;
+use utoipa::OpenApi;
+
+use crate::{cmd::CliCommand, log, routes::ApiDoc};
+
+pub fn get_cli_command() -> CliCommand {
+    CliCommand {
+        command: command(),
+        action,
+    }
+}
+
+fn command() -> Command {
+    Command::new("generate:openapi")
+        .arg(
+            Arg::new("output_path")
+                .short('o')
+                .long("output-path")
+                .value_name("PATH")
+                .help("Path to output the generated OpenAPI documentation")
+                .required(true),
+        )
+        .about("Generate OpenAPI documentation")
+}
+
+fn action(
+    _matches: &clap::ArgMatches,
+) -> std::pin::Pin<Box<dyn std::future::Future<Output = ()> + Send>> {
+    let output_path = _matches.get_one::<String>("output_path");
+    let output_path = output_path.unwrap().to_string();
+
+    Box::pin(async move {
+        tracing::subscriber::with_default(log::make_temporary_subscriber(), || {
+            info!("Generating OpenAPI documentation...");
+            let doc = ApiDoc::openapi();
+            let json = doc
+                .to_pretty_json()
+                .expect("Failed to serialize OpenAPI doc to JSON");
+            std::fs::write(&output_path, json).expect("Failed to write OpenAPI doc to file");
+            info!("OpenAPI documentation generated at {}", output_path);
+        })
+    })
+}

apps/api/src/cmd/start_server.rs

@@ -0,0 +1,142 @@
+use std::sync::Arc;
+
+use axum::Router;
+use clap::Command;
+use database::get_connection;
+use sea_orm::ConnectOptions;
+use tracing::{debug, info};
+use tracing_subscriber::fmt::format::{DefaultFields, Format};
+
+use crate::{
+    cmd::CliCommand,
+    configs::{ProgramSettings, get_program_settings, logging::LoggingSettings},
+    log,
+    routes::{self, AppService, AppState},
+    services::settings::SettingsService,
+    tasks,
+};
+
+pub fn get_cli_command() -> CliCommand {
+    CliCommand {
+        command: command(),
+        action,
+    }
+}
+
+fn command() -> Command {
+    Command::new("start").about("Start the server")
+}
+
+fn action(
+    _matches: &clap::ArgMatches,
+) -> std::pin::Pin<Box<dyn std::future::Future<Output = ()> + Send>> {
+    Box::pin(async move {})
+}
+
+pub async fn start_server() {
+    let settings = tracing::subscriber::with_default(
+        log::make_temporary_subscriber(),
+        || -> ProgramSettings {
+            debug!("Temporary subscriber installed.");
+            info!("Reading configuration...");
+            let settings = get_program_settings();
+            info!("Configuration read successfully.");
+            debug!("Resetting global subscriber...");
+
+            let subscriber = get_global_tracing_subscriber_builder(&settings.logging).finish();
+            tracing::subscriber::set_global_default(subscriber)
+                .expect("Failed to set global default subscriber");
+
+            debug!(
+                "Global subscriber set with logging level: {:?}",
+                settings.logging.level
+            );
+
+            settings
+        },
+    );
+
+    tasks::startup::run_startup_tasks(&settings)
+        .await
+        .expect("Failed to run startup tasks");
+
+    // setup database connection pool
+    info!("Establishing database connection...");
+    debug!("Database URL: {}", settings.database.url);
+
+    let db_options = |options: &mut ConnectOptions| {
+        options.max_connections(settings.database.max_connections);
+    };
+
+    let db_connection = Arc::new(
+        get_connection(&settings.database.url, Some(db_options))
+            .await
+            .expect("Failed to establish database connection"),
+    );
+
+    info!("Database connection established.");
+
+    // build the axum app and run the server...
+    info!("Starting application...");
+    let app: Router = routes::get_root_router(Arc::new(get_app_state(&db_connection)));
+
+    let address = format!("{}:{}", settings.server.address, settings.server.port);
+    info!("Starting server at http://{}", address);
+
+    let listener = tokio::net::TcpListener::bind(address)
+        .await
+        .expect("Failed to bind to address");
+
+    axum::serve(listener, app)
+        .await
+        .expect("Failed to run the server");
+}
+
+fn get_global_tracing_subscriber_builder(
+    settings: &LoggingSettings,
+) -> tracing_subscriber::fmt::SubscriberBuilder<
+    DefaultFields,
+    Format<tracing_subscriber::fmt::format::Full, BoxedTimer>,
+> {
+    // After configuration is read, install the global subscriber
+    let builder = tracing_subscriber::fmt()
+        .with_max_level(settings.level)
+        .with_target(false)
+        .with_level(true);
+
+    if settings.utc {
+        builder.with_timer(BoxedTimer(Box::new(
+            tracing_subscriber::fmt::time::UtcTime::rfc_3339(),
+        )))
+    } else {
+        builder.with_timer(BoxedTimer(Box::new(
+            tracing_subscriber::fmt::time::ChronoLocal::rfc_3339(),
+        )))
+    }
+}
+
+fn get_app_state(db_connection: &Arc<sea_orm::DatabaseConnection>) -> AppState {
+    AppState {
+        database_connection: db_connection.clone(),
+        service: Arc::new(AppService {
+            settings: Arc::new(SettingsService::new(db_connection.clone())),
+        }),
+    }
+}
+
+// A small wrapper that holds a boxed `FormatTime` trait object and itself
+// implements `FormatTime`, allowing us to use it as a concrete type with
+// `builder.with_timer` while still picking the concrete timer implementation
+// at runtime.
+// wrapper type to hold boxed timers and implement the `FormatTime` trait for
+// a concrete type so `with_timer` may be called once outside the conditional.
+struct BoxedTimer(Box<dyn tracing_subscriber::fmt::time::FormatTime + Send + Sync + 'static>);
+
+impl tracing_subscriber::fmt::time::FormatTime for BoxedTimer {
+    fn format_time(
+        &self,
+        w: &mut tracing_subscriber::fmt::format::Writer<'_>,
+    ) -> std::result::Result<(), std::fmt::Error> {
+        self.0.format_time(w)
+    }
+}

apps/api/src/configs.rs

@@ -0,0 +1,76 @@
+pub mod database;
+pub mod logging;
+pub mod server;
+
+mod key;
+
+use config::Config;
+use tracing::{debug, error};
+
+pub trait FromConfig: Sized {
+    fn from_config(config: &Config) -> Result<Self, String>;
+    fn validate(&self) -> Result<(), String>;
+}
+
+#[derive(Debug, Clone)]
+pub struct ProgramSettings {
+    pub logging: logging::LoggingSettings,
+    pub database: database::DatabaseSettings,
+    pub server: server::ServerSettings,
+}
+
+impl FromConfig for ProgramSettings {
+    fn from_config(_config: &Config) -> Result<Self, String> {
+        let config = ProgramSettings {
+            logging: logging::LoggingSettings::from_config(_config)?,
+            database: database::DatabaseSettings::from_config(_config)?,
+            server: server::ServerSettings::from_config(_config)?,
+        };
+        config.validate()?;
+        Ok(config)
+    }
+
+    fn validate(&self) -> Result<(), String> {
+        self.logging.validate()?;
+        self.database.validate()?;
+        self.server.validate()?;
+        Ok(())
+    }
+}
+
+pub fn get_program_settings() -> ProgramSettings {
+    debug!("Loading program settings from configuration sources");
+    let settings = Config::builder()
+        // dev / generated config has the highest priority (Overwrite by user config files)
+        .add_source(config::File::with_name("generated-config.yaml").required(false))
+        // user config files
+        .add_source(
+            config::File::with_name("/etc/yet-another-nginx-proxy-manager/config").required(false),
+        )
+        .add_source(
+            config::File::with_name("$HOME/.config/yet-another-nginx-proxy-manager/config")
+                .required(false),
+        )
+        .add_source(config::File::with_name("config.yaml").required(false))
+        // environment variables have the highest priority (Overwrite all config files)
+        .add_source(
+            config::Environment::with_prefix("YANPM")
+                .separator("__")
+                .prefix_separator("_"),
+        )
+        .build()
+        .expect("Failed to build configuration");
+
+    debug!("Configuration sources loaded successfully");
+    debug!("Parsing program settings from configuration");
+
+    ProgramSettings::from_config(&settings)
+        .inspect_err(|err| {
+            error!("Configuration error: {}", err);
+            debug!("Current configurations: {:#?}", settings);
+        })
+        .inspect(|_| {
+            debug!("Program settings parsed successfully");
+        })
+        .expect("Failed to load program settings from configuration")
+}

apps/api/src/configs/database.rs

@@ -0,0 +1,53 @@
+use config::{Config, ConfigError};
+use tracing::warn;
+
+use super::{
+    FromConfig,
+    key::{DATABASE_MAX_CONNECTIONS_KEY, DATABASE_MIGRATE_ON_STARTUP_KEY},
+};
+
+#[derive(Debug, Clone)]
+pub struct DatabaseSettings {
+    pub url: String,
+    pub max_connections: u32,
+    pub migrate_on_startup: bool,
+}
+
+impl FromConfig for DatabaseSettings {
+    fn from_config(_config: &Config) -> Result<Self, String> {
+        Ok(DatabaseSettings {
+            url: _config
+                .get_string(super::key::DATABASE_URL_KEY)
+                .map_err(|op| match op {
+                    ConfigError::NotFound(_) => "Database URL not found in configuration".into(),
+                    err => {
+                        format!("Failed to read Database URL from configuration {err}")
+                    }
+                })?,
+            max_connections: _config
+                .get_int(DATABASE_MAX_CONNECTIONS_KEY)
+                .unwrap_or_else(|err| {
+                    const DEFAULT_MAX_CONNECTIONS: i64 = 10;
+                    warn!(
+                        "{} not set or invalid in configuration, defaulting to {}. Error: {}",
+                        DATABASE_MAX_CONNECTIONS_KEY, DEFAULT_MAX_CONNECTIONS, err
+                    );
+                    DEFAULT_MAX_CONNECTIONS
+                }) as u32,
+            migrate_on_startup: _config
+                .get_bool(DATABASE_MIGRATE_ON_STARTUP_KEY)
+                .unwrap_or_else(|err| {
+                    const DEFAULT_MIGRATE_ON_STARTUP: bool = true;
+                    warn!(
+                        "{} not set or invalid in configuration, defaulting to {}. Error: {}",
+                        DATABASE_MIGRATE_ON_STARTUP_KEY, DEFAULT_MIGRATE_ON_STARTUP, err
+                    );
+                    DEFAULT_MIGRATE_ON_STARTUP
+                }),
+        })
+    }
+
+    fn validate(&self) -> Result<(), String> {
+        Ok(())
+    }
+}

apps/api/src/configs/key.rs

@@ -0,0 +1,9 @@
+pub(crate) const LOGGING_LEVEL_KEY: &str = "LOGGING.LEVEL";
+pub(crate) const LOGGING_UTC_KEY: &str = "LOGGING.UTC";
+//
+pub(crate) const SERVER_ADDRESS_KEY: &str = "SERVER.ADDRESS";
+pub(crate) const SERVER_PORT_KEY: &str = "SERVER.PORT";
+//
+pub(crate) const DATABASE_URL_KEY: &str = "DATABASE.URL";
+pub(crate) const DATABASE_MAX_CONNECTIONS_KEY: &str = "DATABASE.MAX_CONNECTIONS";
+pub(crate) const DATABASE_MIGRATE_ON_STARTUP_KEY: &str = "DATABASE.MIGRATION.MIGRATE_ON_STARTUP";

apps/api/src/configs/logging.rs

@@ -0,0 +1,52 @@
+use config::{Config, ConfigError};
+use tracing::{Level, warn};
+
+use super::{
+    FromConfig,
+    key::{LOGGING_LEVEL_KEY, LOGGING_UTC_KEY},
+};
+
+#[derive(Debug, Clone)]
+pub struct LoggingSettings {
+    pub level: Level,
+    pub utc: bool,
+}
+
+impl FromConfig for LoggingSettings {
+    fn from_config(_config: &Config) -> Result<Self, String> {
+        const DEFAULT_LOGGING_LEVEL: Level = Level::INFO;
+        Ok(LoggingSettings {
+            level: _config
+                .get_string(LOGGING_LEVEL_KEY)
+                .unwrap_or_else(|err| {
+                    warn!(
+                        "Failed to read {} from configuration, defaulting to {}. Error: {}",
+                        LOGGING_LEVEL_KEY, DEFAULT_LOGGING_LEVEL, err
+                    );
+                    DEFAULT_LOGGING_LEVEL.to_string()
+                })
+                .parse()
+                .unwrap_or_else(|err| {
+                    warn!(
+                        "Invalid logging level in configuration, defaulting to {}. Error: {}",
+                        DEFAULT_LOGGING_LEVEL, err
+                    );
+                    DEFAULT_LOGGING_LEVEL
+                }),
+            utc: _config
+                .get_bool(LOGGING_UTC_KEY)
+                .unwrap_or_else(|err: ConfigError| {
+                    const DEFAULT_UTC: bool = false;
+                    warn!(
+                        "Invalid UTC setting in configuration, defaulting to {}. Error: {}",
+                        DEFAULT_UTC, err
+                    );
+                    DEFAULT_UTC
+                }),
+        })
+    }
+
+    fn validate(&self) -> Result<(), String> {
+        Ok(())
+    }
+}

apps/api/src/configs/server.rs

@@ -0,0 +1,56 @@
+use std::net::IpAddr;
+
+use config::{Config, ConfigError};
+use tracing::warn;
+
+use super::{
+    FromConfig,
+    key::{SERVER_ADDRESS_KEY, SERVER_PORT_KEY},
+};
+
+#[derive(Debug, Clone)]
+pub struct ServerSettings {
+    pub address: IpAddr,
+    pub port: u16,
+}
+
+impl FromConfig for ServerSettings {
+    fn from_config(_config: &Config) -> Result<Self, String> {
+        Ok(ServerSettings {
+            address: _config
+                .get_string(SERVER_ADDRESS_KEY)
+                .unwrap_or_else(|err| {
+                    const DEFAULT_ADDRESS: &str = "0.0.0.0";
+                    match err {
+                        ConfigError::NotFound(_) => {}
+                        _ => {
+                            warn!(
+                                "Failed to read {} from configuration, defaulting to {}. Error: {}",
+                                SERVER_ADDRESS_KEY, DEFAULT_ADDRESS, err
+                            );
+                        }
+                    };
+                    DEFAULT_ADDRESS.to_string()
+                })
+                .parse()
+                .map_err(|e| format!("Invalid {} in configuration: {}", SERVER_ADDRESS_KEY, e))?,
+
+            port: _config.get_int(SERVER_PORT_KEY).unwrap_or_else(|err| {
+                const DEFAULT_PORT: i64 = 8080;
+                warn!(
+                    "{} not set or invalid in configuration, defaulting to {}. Error: {}",
+                    SERVER_PORT_KEY, DEFAULT_PORT, err
+                );
+                DEFAULT_PORT
+            }) as u16,
+        })
+    }
+
+    fn validate(&self) -> Result<(), String> {
+        #[allow(clippy::absurd_extreme_comparisons, unused_comparisons)]
+        if self.port == 0 || self.port > 65535 {
+            return Err("Server port must be between 1 and 65535".into());
+        }
+        Ok(())
+    }
+}

apps/api/src/errors.rs

@@ -0,0 +1 @@
+pub mod service_error;

apps/api/src/errors/service_error.rs

@@ -0,0 +1,15 @@
+pub type ServiceError = Box<dyn std::error::Error + Send + Sync>;
+
+#[allow(dead_code)] // TODO: remove when used
+pub trait IntoServiceError {
+    fn into_service_error(self) -> ServiceError;
+}
+
+impl<T> IntoServiceError for T
+where
+    T: std::error::Error + Send + Sync + 'static,
+{
+    fn into_service_error(self) -> ServiceError {
+        Box::new(self)
+    }
+}

apps/api/src/log.rs

@@ -0,0 +1,7 @@
+pub fn make_temporary_subscriber() -> tracing_subscriber::fmt::Subscriber {
+    tracing_subscriber::fmt()
+        .with_max_level(tracing::Level::DEBUG)
+        .with_target(false)
+        .with_level(true)
+        .finish()
+}

apps/api/src/main.rs

@@ -0,0 +1,39 @@
+mod cmd;
+mod configs;
+mod errors;
+mod log;
+mod middlewares;
+mod routes;
+mod services;
+mod tasks;
+
+#[tokio::main]
+async fn main() {
+    // If there are command-line arguments, treat it as a CLI command
+    if std::env::args().len() > 1 {
+        tracing::subscriber::with_default(log::make_temporary_subscriber(), || {
+            use clap::error::ErrorKind;
+            //
+            let mut command = cmd::get_command();
+            let help_output = format!("{}", command.render_help());
+            let matches = command
+                .try_get_matches()
+                .unwrap_or_else(|err| match err.kind() {
+                    ErrorKind::DisplayHelp | ErrorKind::DisplayVersion => {
+                        err.print().expect("Error writing Error");
+                        std::process::exit(0);
+                    }
+                    _ => {
+                        err.print().expect("Error writing Error");
+                        std::process::exit(1);
+                    }
+                });
+            cmd::execute(&matches, &help_output)
+        })
+        .await;
+        return;
+    }
+
+    // No command-line arguments, start the server normally
+    cmd::start_server().await;
+}

apps/api/src/middlewares.rs

@@ -0,0 +1,34 @@
+use axum::{
+    BoxError, Router,
+    error_handling::HandleErrorLayer,
+    http::{Method, StatusCode, Uri},
+};
+use std::time::Duration;
+use tower::{ServiceBuilder, timeout::TimeoutLayer};
+
+use tracing::warn;
+
+pub const TIMEOUT_DURATION_SECS: u64 = 30;
+
+pub fn apply_root_middleware(router: Router) -> Router {
+    let timeout_layer = TimeoutLayer::new(Duration::from_secs(TIMEOUT_DURATION_SECS));
+
+    let service_builder = ServiceBuilder::new()
+        .layer(HandleErrorLayer::new(handle_timeout_error))
+        .layer(timeout_layer);
+
+    router.layer(service_builder)
+}
+
+pub async fn handle_timeout_error(
+    method: Method,
+    uri: Uri,
+    //
+    err: BoxError,
+) -> (StatusCode, String) {
+    warn!("`{method} {uri}` failed with {err}");
+    (
+        StatusCode::INTERNAL_SERVER_ERROR,
+        "Internal server error".to_string(),
+    )
+}

apps/api/src/routes.rs

@@ -0,0 +1,53 @@
+mod api;
+mod view;
+
+pub use self::api::ApiDoc;
+
+use std::sync::Arc;
+
+use axum::{Extension, Router};
+use migration::sea_orm::DatabaseConnection;
+
+use crate::{middlewares, services::settings::SettingsStore};
+
+#[derive(Clone)]
+pub struct AppState {
+    // TODO: remove dead_code allowances when fields are used
+    #[allow(dead_code)]
+    pub database_connection: Arc<DatabaseConnection>,
+    // TODO: remove dead_code allowances when fields are used
+    #[allow(dead_code)]
+    pub service: Arc<AppService>,
+}
+
+pub type ServiceState<T> = Arc<T>;
+
+pub struct AppService {
+    #[allow(dead_code)] // TODO: remove when used
+    pub settings: ServiceState<dyn SettingsStore>,
+}
+
+pub fn get_root_router(state: impl Into<Arc<AppState>>) -> Router {
+    let mut router = Router::new();
+
+    router = router
+        .nest("/api", api::get_api_router())
+        .merge(view::get_view_router());
+
+    router = middlewares::apply_root_middleware(router);
+
+    router = router.layer(Extension(state.into()));
+
+    router
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn ensure_state_send_sync() {
+        fn assert_send_sync<T: Send + Sync>() {}
+        assert_send_sync::<AppState>();
+    }
+}

apps/api/src/routes/api.rs

@@ -0,0 +1,17 @@
+mod health;
+mod openapi;
+
+pub use self::openapi::ApiDoc;
+
+use axum::{Router, response::IntoResponse, routing::any};
+
+pub fn get_api_router() -> Router {
+    Router::new()
+        .nest("/health", health::get_health_router())
+        // explicit fallback for unmatched API routes
+        .route("/{*wildcard}", any(api_fallback_handler))
+}
+
+async fn api_fallback_handler() -> impl IntoResponse {
+    (axum::http::StatusCode::NOT_FOUND, "API route not found").into_response()
+}

apps/api/src/routes/api/health.rs

@@ -0,0 +1,12 @@
+pub mod info;
+mod state;
+
+use std::sync::Arc;
+
+use axum::{Router, routing::get};
+
+pub fn get_health_router() -> Router {
+    Router::new()
+        .route("/info", get(info::get_health_info))
+        .with_state(Arc::new(state::HealthState::default()))
+}

apps/api/src/routes/api/health/info.rs

@@ -0,0 +1,94 @@
+use std::sync::Arc;
+
+use axum::{Json, extract::State, http::StatusCode};
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+
+use crate::routes::api::{health::state::HealthState, openapi::tag::HEALTH_TAG};
+
+const STATUS_HEALTHY: &str = "healthy";
+const STATUS_UNHEALTHY: &str = "unhealthy";
+
+/// System health information
+#[derive(Serialize, Deserialize, utoipa::ToSchema)]
+pub struct HealthInfo {
+    /// Health status: "healthy" or "unhealthy"
+    pub status: String,
+    /// Application version
+    pub version: String,
+    /// RFC 3339 formatted timestamp
+    pub up_since: DateTime<Utc>,
+    /// List of error messages if unhealthy
+    pub errors: Option<Vec<String>>,
+}
+
+/// Health check endpoint
+///
+/// Returns the health status, version, uptime, and any errors if unhealthy.
+#[utoipa::path(
+        get,
+        path = "/api/health/info",
+        responses(
+            (status = 200, description = "Health information retrieved successfully", body = HealthInfo),
+            (status = NOT_FOUND, description = "Health information not found")
+        ),
+        tag = HEALTH_TAG,
+    )]
+pub async fn get_health_info(
+    State(state): State<Arc<HealthState>>,
+) -> (StatusCode, Json<HealthInfo>) {
+    #[allow(unused_mut)]
+    let mut errors = vec![];
+
+    let is_healthy = errors.is_empty();
+
+    (
+        if is_healthy {
+            StatusCode::OK
+        } else {
+            StatusCode::SERVICE_UNAVAILABLE
+        },
+        Json(HealthInfo {
+            status: if is_healthy {
+                STATUS_HEALTHY.into()
+            } else {
+                STATUS_UNHEALTHY.into()
+            },
+            version: env!("CARGO_PKG_VERSION").into(),
+            up_since: *state.get_start_at(),
+            errors: if is_healthy { None } else { Some(errors) },
+        }),
+    )
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use axum::body::to_bytes;
+    use axum::{
+        Router,
+        body::Body,
+        http::{Request, StatusCode},
+    };
+    use tower::ServiceExt;
+
+    #[tokio::test]
+    async fn test_get_health_info() {
+        let health_state = Arc::new(HealthState::default());
+        let app = Router::new()
+            .route("/info", axum::routing::get(get_health_info))
+            .with_state(health_state);
+
+        let response = app
+            .oneshot(Request::builder().uri("/info").body(Body::empty()).unwrap())
+            .await
+            .unwrap();
+
+        assert_eq!(response.status(), StatusCode::OK);
+        let body = to_bytes(response.into_body(), 1024 * 1024).await.unwrap(); // Set limit to 1 MB
+        let health_info: HealthInfo = serde_json::from_slice(&body).unwrap();
+        assert_eq!(health_info.status, STATUS_HEALTHY);
+        assert_eq!(health_info.version, env!("CARGO_PKG_VERSION"));
+        assert!(health_info.errors.is_none());
+    }
+}

apps/api/src/routes/api/health/state.rs

@@ -0,0 +1,19 @@
+use chrono::{DateTime, Utc};
+
+pub struct HealthState {
+    start_at: DateTime<Utc>,
+}
+
+impl Default for HealthState {
+    fn default() -> Self {
+        Self {
+            start_at: Utc::now(),
+        }
+    }
+}
+
+impl HealthState {
+    pub fn get_start_at(&self) -> &DateTime<Utc> {
+        &self.start_at
+    }
+}

apps/api/src/routes/api/openapi.rs

@@ -0,0 +1,18 @@
+pub mod tag {
+    /// Health tag constant
+    pub const HEALTH_TAG: &str = "Health";
+}
+
+#[derive(utoipa::OpenApi)]
+#[openapi(
+  paths(
+    crate::routes::api::health::info::get_health_info
+  ),
+  components(
+      schemas(crate::routes::api::health::info::HealthInfo) // Register any schemas used in your paths
+  ),
+  tags(
+      (name = tag::HEALTH_TAG, description = "Health information API")
+  )
+)]
+pub struct ApiDoc;

apps/api/src/routes/view.rs

@@ -0,0 +1,71 @@
+use axum::{
+    Router,
+    body::Bytes,
+    extract::Path,
+    http::{StatusCode, header},
+    response::IntoResponse,
+    routing::{MethodRouter, get},
+};
+use include_dir::{Dir, include_dir};
+use mime_guess::from_path;
+
+static DIST_DIR: Dir = include_dir!("$CARGO_MANIFEST_DIR/../frontend/build/client");
+const INDEX_HTML_PATH: &str = "index.html";
+const INDEX_FILE_NOT_FOUND_HTML: &str = r#"
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>404 Not Found</title>
+</head>
+<body>
+    <h1>404 Not Found</h1>
+    <p>The requested resource was not found on this server. Possibly the frontend build is missing or corrupted.</p>
+</body>
+</html>
+"#;
+
+pub fn get_view_router() -> Router {
+    Router::new()
+        // Serve the root index.html
+        .route("/", get(root_view_handler))
+        .route(
+            "/{*wildcard}",
+            MethodRouter::new()
+                .get(|Path(path): Path<String>| async move { view_handler(Some(path)).await }),
+        )
+}
+
+async fn root_view_handler() -> impl IntoResponse {
+    view_handler(None).await
+}
+
+async fn view_handler(path: Option<String>) -> impl IntoResponse {
+    // If path is empty, serve index.html
+    let incoming_path = if let Some(p) = path {
+        p.trim_start_matches('/').to_string()
+    } else {
+        INDEX_HTML_PATH.to_string()
+    };
+
+    let path = match DIST_DIR.get_file(&incoming_path) {
+        Some(_) => incoming_path,
+        None => INDEX_HTML_PATH.to_string(),
+    };
+
+    match DIST_DIR.get_file(&path) {
+        Some(file) => {
+            let mime = from_path(&path).first_or_octet_stream();
+            let body: Bytes = Bytes::copy_from_slice(file.contents());
+            ([(header::CONTENT_TYPE, mime.as_ref())], body).into_response()
+        }
+        // This should never happen, but just in case...
+        None => (
+            StatusCode::NOT_FOUND,
+            [(header::CONTENT_TYPE, "text/plain")],
+            Bytes::from(INDEX_FILE_NOT_FOUND_HTML),
+        )
+            .into_response(),
+    }
+}

apps/api/src/services.rs

@@ -0,0 +1 @@
+pub mod settings;

apps/api/src/services/settings.rs

@@ -0,0 +1,92 @@
+use std::sync::Arc;
+
+use database::generated::entities::config::{self, ActiveModel as ConfigActiveModel};
+
+use sea_orm::{
+    ActiveModelTrait, ActiveValue, ColumnTrait, DatabaseConnection, DbErr, EntityTrait,
+    IntoActiveModel, QueryFilter,
+};
+
+use crate::errors::service_error::{IntoServiceError, ServiceError};
+
+#[async_trait::async_trait]
+pub trait SettingsStore: Send + Sync {
+    #[allow(dead_code)] // TODO: remove when used
+    async fn get_setting(&self, key: &str) -> Result<String, ServiceError>;
+    #[allow(dead_code)] // TODO: remove when used
+    async fn set_setting(&self, key: &str, value: String) -> Result<(), ServiceError>;
+}
+
+pub struct SettingsService {
+    #[allow(dead_code)] // TODO: remove when used
+    connection: Arc<DatabaseConnection>,
+}
+
+impl SettingsService {
+    pub fn new(connection: Arc<DatabaseConnection>) -> Self {
+        Self { connection }
+    }
+}
+
+#[async_trait::async_trait]
+impl SettingsStore for SettingsService {
+    async fn get_setting(&self, key: &str) -> Result<String, ServiceError> {
+        let setting = config::Entity::find()
+            .filter(config::Column::Key.eq(key))
+            .one(&*self.connection)
+            .await;
+
+        match setting {
+            Err(err) => Err(err.into_service_error()),
+            Ok(None) => Err(
+                DbErr::RecordNotFound(format!("Setting with key '{}' not found", key))
+                    .into_service_error(),
+            ),
+            Ok(Some(record)) => Ok(record.value),
+        }
+    }
+
+    async fn set_setting(&self, key: &str, value: String) -> Result<(), ServiceError> {
+        let existing = config::Entity::find()
+            .filter(config::Column::Key.eq(key))
+            .one(&*self.connection)
+            .await;
+
+        let handle_not_found = async |key: String, value: String| {
+            let new_record = ConfigActiveModel {
+                key: ActiveValue::Set(key),
+                value: ActiveValue::Set(value),
+                created_at: ActiveValue::Set(chrono::Utc::now()),
+                updated_at: ActiveValue::Set(chrono::Utc::now()),
+            };
+            new_record
+                .insert(&*self.connection)
+                .await
+                .map_err(|err| err.into_service_error())
+        };
+
+        match existing {
+            Err(err) => match err {
+                DbErr::RecordNotFound(_) => {
+                    handle_not_found(key.to_string(), value).await?;
+                }
+                _ => {
+                    return Err(Box::new(err));
+                }
+            },
+            Ok(None) => {
+                handle_not_found(key.to_string(), value).await?;
+            }
+            Ok(Some(mut record)) => {
+                record.value = value;
+                record
+                    .into_active_model()
+                    .update(&*self.connection)
+                    .await
+                    .map_err(|err| err.into_service_error())?;
+            }
+        }
+
+        Ok(())
+    }
+}

apps/api/src/tasks.rs

@@ -0,0 +1 @@
+pub mod startup;

apps/api/src/tasks/startup.rs

@@ -0,0 +1,25 @@
+use migration::migrate_database;
+use tracing::{debug, info};
+
+use crate::configs::ProgramSettings;
+
+pub async fn run_startup_tasks(config: &ProgramSettings) -> Result<(), Box<dyn std::error::Error>> {
+    // Here you can add any startup tasks you want to run when the application starts.
+    info!("Running startup tasks...");
+    if config.database.migrate_on_startup {
+        run_database_migrations(&config.database.url).await?;
+    } else {
+        info!("Database migration on startup is disabled. Skipping migration.");
+    }
+
+    Ok(())
+}
+
+async fn run_database_migrations(db_url: &str) -> Result<(), Box<dyn std::error::Error>> {
+    // Logic to run database migrations
+    info!("Running database migrations...");
+    debug!("Database URL: {}", db_url);
+    migrate_database(db_url).await.map_err(Box::new)?;
+    info!("Database migrations completed.");
+    Ok(())
+}

apps/api/swagger.json

@@ -0,0 +1,82 @@
+{
+  "openapi": "3.1.0",
+  "info": {
+    "title": "yet-another-nginx-proxy-manager",
+    "description": "",
+    "license": {
+      "name": ""
+    },
+    "version": "0.1.0"
+  },
+  "paths": {
+    "/api/health/info": {
+      "get": {
+        "tags": [
+          "Health"
+        ],
+        "summary": "Health check endpoint",
+        "description": "Returns the health status, version, uptime, and any errors if unhealthy.",
+        "operationId": "get_health_info",
+        "responses": {
+          "200": {
+            "description": "Health information retrieved successfully",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/HealthInfo"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "Health information not found"
+          }
+        }
+      }
+    }
+  },
+  "components": {
+    "schemas": {
+      "HealthInfo": {
+        "type": "object",
+        "description": "System health information",
+        "required": [
+          "status",
+          "version",
+          "up_since"
+        ],
+        "properties": {
+          "errors": {
+            "type": [
+              "array",
+              "null"
+            ],
+            "items": {
+              "type": "string"
+            },
+            "description": "List of error messages if unhealthy"
+          },
+          "status": {
+            "type": "string",
+            "description": "Health status: \"healthy\" or \"unhealthy\""
+          },
+          "up_since": {
+            "type": "string",
+            "format": "date-time",
+            "description": "RFC 3339 formatted timestamp"
+          },
+          "version": {
+            "type": "string",
+            "description": "Application version"
+          }
+        }
+      }
+    }
+  },
+  "tags": [
+    {
+      "name": "Health",
+      "description": "Health information API"
+    }
+  ]
+}

apps/cli/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "cli"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+async-trait = "0.1.89"
+container-simulate = { path = "../container" }
+migration = {path = "../../public/migration"}
+shared = {path = "../../public/shared"}
+testcontainers = "0.24.0"
+tokio = { version = "1.47.0", features = ["full"] }
+url = "2.5.7"
+clap = { version = "4.5.48", features = ["derive", "env"] }
+path-clean = "1.0.1"
+once_cell = "1.21.3"

apps/cli/src/cmd.rs

@@ -0,0 +1,45 @@
+use std::pin::Pin;
+use std::{future::Future, process::exit};
+
+use clap::{ArgMatches, Command};
+
+pub mod db_migrate_and_generate;
+
+pub struct CliCommand {
+    pub command: Command,
+    pub action: fn(&clap::ArgMatches) -> Pin<Box<dyn std::future::Future<Output = ()> + Send>>,
+}
+
+static CLI_COMMANDS: once_cell::sync::Lazy<
+    [CliCommand; 1 /* Update this count when adding new commands */],
+> =
+    once_cell::sync::Lazy::new(|| {
+        [
+            // Add new commands here
+            db_migrate_and_generate::get_cli_command(),
+        ]
+    });
+
+pub fn get_command() -> Command {
+    let mut c = Command::new("cmd");
+
+    for cmd in CLI_COMMANDS.iter() {
+        c = c.subcommand(cmd.command.clone());
+    }
+
+    c
+}
+
+pub fn execute(matches: &ArgMatches, help_msg: &str) -> Pin<Box<dyn Future<Output = ()> + Send>> {
+    if let Some((subcommand_name, subcommand_matches)) = matches.subcommand() {
+        for cmd in CLI_COMMANDS.iter() {
+            if cmd.command.get_name() == subcommand_name {
+                return (cmd.action)(subcommand_matches);
+            }
+        }
+    }
+
+    eprintln!("Error: No valid subcommand provided.");
+    eprintln!("{}", help_msg);
+    exit(1);
+}

apps/cli/src/cmd/db_migrate_and_generate.rs

@@ -0,0 +1,169 @@
+use clap::{Arg, Command};
+use container::{
+    db::{DBInfo, sqlite::SQLiteContainer},
+    types::ConfigInfoType,
+};
+use migration::{generate_entity, migrate_database};
+use shared::db_type::DBType;
+
+use crate::cmd::CliCommand;
+
+const MAX_DB_READY_ATTEMPTS: u8 = 10;
+const DB_READY_CHECK_INTERVAL_SECS: u64 = 2;
+const DB_READY_STRING: [&str; 1] = ["ready to accept connections"];
+
+pub fn get_cli_command() -> CliCommand {
+    CliCommand {
+        command: command(),
+        action,
+    }
+}
+
+fn command() -> Command {
+    Command::new("db:migrate_and_generate")
+        .arg(
+            Arg::new("output_path")
+                .short('o')
+                .long("output-path")
+                .value_name("PATH")
+                .help("Path to output the generated entity schema")
+                .required(true),
+        )
+        .about("Migrate database and generate entity schema")
+}
+
+fn action(
+    _matches: &clap::ArgMatches,
+) -> std::pin::Pin<Box<dyn std::future::Future<Output = ()> + Send>> {
+    let output_path = _matches.get_one::<String>("output_path");
+    let output_path = output_path.unwrap().to_string();
+    Box::pin(async move {
+        let mut error_occurred = false;
+        let database_configs = vec![
+            SQLiteContainer::new(None)
+                .await
+                .get_db_container_config_info()
+                .await,
+            // only sqlite is required to generate entities when using Seaorm
+            // PostgreSQLContainer::new(None)
+            //     .await
+            //     .get_db_container_config_info()
+            //     .await,
+        ];
+
+        for db_config in database_configs {
+            let config = container::Config {
+                database: db_config,
+            };
+            let mut detached_handler = container::start_detached(&config).await;
+            match migrate_and_generate_entity(&config, &output_path).await {
+                Ok(_) => println!("Migration and entity generation succeeded."),
+                Err(_) => {
+                    eprintln!("Migration and entity generation failed.");
+                    error_occurred = true;
+                    break;
+                }
+            }
+            detached_handler.stop().await;
+        }
+
+        if error_occurred {
+            std::process::exit(1);
+        } else {
+            std::process::exit(0);
+        }
+    })
+}
+
+async fn migrate_and_generate_entity(
+    config: &container::Config,
+    output_path: &str,
+) -> Result<(), ()> {
+    let ready_result = await_database_ready(config).await;
+    if ready_result.is_err() {
+        eprintln!("Database did not become ready in time.");
+        return Err(());
+    }
+
+    let db_url = match &config.database {
+        ConfigInfoType::Containerized(container_info) => &container_info.url,
+        ConfigInfoType::PreExisting(pre_existing_info) => &pre_existing_info.url,
+    };
+
+    let db_type = get_database_type(config);
+    match migrate_database(db_url).await {
+        Ok(_) => {
+            println!("Database migrated successfully for {:?}", db_type);
+        }
+        Err(e) => {
+            eprintln!("Failed to migrate database for {}: {:#?}", db_type, e);
+            return Err(());
+        }
+    }
+
+    match generate_entity(db_url, output_path).await {
+        Ok(_) => {
+            println!(
+                "Database entity schema generated successfully for {:?}",
+                db_type
+            );
+        }
+        Err(e) => {
+            eprintln!(
+                "Failed to generate database entity schema for {}: {:#?}",
+                db_type, e
+            );
+            return Err(());
+        }
+    }
+
+    Ok(())
+}
+
+fn get_database_type(config: &container::Config) -> DBType {
+    match config.database {
+        ConfigInfoType::Containerized(ref container_info) => container_info.db_type.clone(),
+        ConfigInfoType::PreExisting(ref pre_existing_info) => pre_existing_info.db_type.clone(),
+    }
+}
+
+async fn await_database_ready(config: &container::Config) -> Result<(), ()> {
+    match config.database {
+        ConfigInfoType::Containerized(ref container_info) => {
+            let container_type = &container_info.db_type;
+            for attempt in 1..=MAX_DB_READY_ATTEMPTS {
+                println!(
+                    "Checking if database container {} is ready (attempt {}/{})...",
+                    container_info.db_type, attempt, MAX_DB_READY_ATTEMPTS
+                );
+                let logs = match container_info.container.stdout_to_vec().await {
+                    Ok(logs) => logs,
+                    Err(e) => {
+                        eprintln!("Failed to get container logs: {}", e);
+                        return Err(());
+                    }
+                };
+                let log_output = String::from_utf8_lossy(&logs);
+                if DB_READY_STRING.iter().any(|&s| log_output.contains(s)) {
+                    println!("Database container {} is ready.", container_info.db_type);
+                    return Ok(());
+                }
+                tokio::time::sleep(std::time::Duration::from_secs(DB_READY_CHECK_INTERVAL_SECS))
+                    .await;
+            }
+            eprintln!(
+                "Database container {} did not become ready after {} attempts.",
+                container_type, MAX_DB_READY_ATTEMPTS
+            );
+            Err(())
+        }
+
+        ConfigInfoType::PreExisting(ref pre_existing_info) => {
+            println!(
+                "Pre-existing database of type {} assumed to be ready.",
+                pre_existing_info.db_type
+            );
+            Ok(())
+        }
+    }
+}

apps/cli/src/main.rs

@@ -0,0 +1,22 @@
+mod cmd;
+
+use clap::error::ErrorKind;
+
+#[tokio::main]
+async fn main() {
+    let mut command = cmd::get_command();
+    let help_output = format!("{}", command.render_help());
+    let matches = command
+        .try_get_matches()
+        .unwrap_or_else(|err| match err.kind() {
+            ErrorKind::DisplayHelp | ErrorKind::DisplayVersion => {
+                err.print().expect("Error writing Error");
+                std::process::exit(0);
+            }
+            _ => {
+                err.print().expect("Error writing Error");
+                std::process::exit(1);
+            }
+        });
+    cmd::execute(&matches, &help_output).await;
+}

apps/container/Cargo.toml

@@ -15,3 +15,4 @@ tokio = { version = "1.47.0", features = ["full"] }
 url = "2.5.7"
 clap = { version = "4.5.48", features = ["derive", "env"] }
 path-clean = "1.0.1"
+serde_json = "1.0.145"

apps/container/src/db.rs

@@ -4,6 +4,7 @@ pub mod sqlite;
 
 use async_trait::async_trait;
 use shared::db_type::DBType;
+use std::error::Error;
 use std::future::Future;
 use std::{pin::Pin, sync::Arc};
 use url::Host;
@@ -55,5 +56,5 @@ pub trait DBInfo<T> {
     where
         Self: Sized;
     async fn get_db_container_config_info(&self) -> DBConfigInfoType;
-    fn get_unstarted_container(&self) -> Result<UnStartedContainer, ()>;
+    fn get_unstarted_container(&self) -> Result<UnStartedContainer, Box<dyn Error>>;
 }

apps/container/src/db/config.rs

@@ -1,3 +1,4 @@
+#[derive(Default)]
 pub struct OptionalContainerConfig {
     pub image: Option<String>,
     pub tag: Option<String>,
@@ -38,16 +39,3 @@ impl OptionalContainerConfig {
         }
     }
 }
-
-impl Default for OptionalContainerConfig {
-    fn default() -> Self {
-        Self {
-            image: None,
-            tag: None,
-            container_name: None,
-            database_name: None,
-            user: None,
-            password: None,
-        }
-    }
-}

apps/container/src/db/postgresql.rs

@@ -1,4 +1,4 @@
-use std::sync::Arc;
+use std::{error::Error, sync::Arc};
 
 use async_trait::async_trait;
 use testcontainers::{
@@ -79,7 +79,7 @@ impl DBInfo<OptionalContainerConfig> for PostgreSQLContainer {
         }
     }
 
-    fn get_unstarted_container(&self) -> Result<UnStartedContainer, ()> {
+    fn get_unstarted_container(&self) -> Result<UnStartedContainer, Box<dyn Error>> {
         Ok(
             GenericImage::new(self.config.image.clone(), self.config.tag.clone())
                 .with_exposed_port(5432.tcp())

apps/container/src/db/sqlite.rs

@@ -1,4 +1,4 @@
-use std::{path::PathBuf, sync::Arc};
+use std::{error::Error, path::PathBuf, sync::Arc};
 
 use async_trait::async_trait;
 
@@ -15,6 +15,7 @@ pub struct ContainerConfig {
     pub absolute_dir_path: PathBuf,
 }
 
+#[derive(Default)]
 pub struct OptionalContainerConfig {
     // Add any optional configuration fields here
     pub database_name: Option<String>,
@@ -36,15 +37,6 @@ impl OptionalContainerConfig {
     }
 }
 
-impl Default for OptionalContainerConfig {
-    fn default() -> Self {
-        Self {
-            database_name: None,
-            absolute_path: None,
-        }
-    }
-}
-
 pub fn get_default_config() -> ContainerConfig {
     ContainerConfig {
         database_name: "sqlite".to_string(),
@@ -69,7 +61,7 @@ impl SQLiteContainer {
 impl DBInfo<OptionalContainerConfig> for SQLiteContainer {
     async fn get_db_container_config_info(&self) -> DBConfigInfoType {
         // sqlite filepath url does not include the "sqlite://" prefix
-        let sqlite_url = format!("{}", self.get_db_absolute_path().to_string_lossy());
+        let sqlite_url = format!("sqlite://{}", self.get_db_absolute_path().to_string_lossy());
         // create the file
         std::fs::create_dir_all(&self.config.absolute_dir_path)
             .expect("Failed to create directories for SQLite database");
@@ -83,11 +75,11 @@ impl DBInfo<OptionalContainerConfig> for SQLiteContainer {
                 let db_path = self.get_db_absolute_path();
                 Arc::new(move || {
                     // delete the sqlite database file
-                    if db_path.exists() {
-                        if let Err(e) = std::fs::remove_file(&db_path) {
+                    if db_path.exists()
+                        && let Err(e) = std::fs::remove_file(&db_path)
+                    {
                         eprintln!("Failed to delete SQLite database file: {}", e);
                     }
-                    }
                 })
             },
         })
@@ -107,7 +99,9 @@ impl DBInfo<OptionalContainerConfig> for SQLiteContainer {
         }
     }
 
-    fn get_unstarted_container(&self) -> Result<UnStartedContainer, ()> {
-        Err(())
+    fn get_unstarted_container(&self) -> Result<UnStartedContainer, Box<dyn Error>> {
+        Err(Box::new(std::io::Error::other(
+            "SQLite does not use a container",
+        )))
     }
 }

apps/container/src/env.rs

@@ -13,24 +13,151 @@ pub struct EnvFile {
     pub file_type: EnvFileType,
     pub db_type: DBType,
     pub db_url: String,
+    //
+    buffer: serde_json::Value,
 }
 
 impl EnvFile {
-    pub fn write(self, path: impl AsRef<std::path::Path>) {
-        let path_ref = path.as_ref();
-        println!("Config file path: {}", path_ref.display());
-        let mut config_file =
-            std::fs::File::create(path_ref).expect("Failed to create config file");
-        //
-        self._write_line(&mut config_file, "DB_TYPE", &self.db_type.to_string());
-        self._write_line(&mut config_file, "DATABASE_URL", &self.db_url.to_string())
+    pub fn new(file_type: EnvFileType, db_type: DBType, db_url: String) -> Self {
+        let mut env_file = EnvFile {
+            file_type,
+            db_type,
+            db_url,
+            buffer: serde_json::Value::Object(serde_json::Map::new()),
+        };
+
+        env_file._write_line_buffer("DATABASE__TYPE", &env_file.db_type.to_string());
+        env_file._write_line_buffer("DATABASE__URL", &env_file.db_url.to_string());
+
+        env_file
     }
 
-    fn _write_line(&self, file: &mut std::fs::File, key: &str, value: &str) {
-        match self.file_type {
-            EnvFileType::DotEnv => writeln!(file, "{}={}", key, value),
-            EnvFileType::Yaml => writeln!(file, "{}: \"{}\"", key, value),
+    pub fn write(&mut self, stream: &mut dyn Write, with_prefix: bool) {
+        self._write_buffer(stream, with_prefix);
     }
-        .expect("Failed to write to config file");
+
+    fn key_into_buffer_key(&self, key: &str) -> Vec<String> {
+        key.split("__").map(String::from).collect()
+    }
+
+    fn _write_line_buffer(&mut self, key: &str, value: &str) {
+        let buffer_key = self.key_into_buffer_key(key);
+        let mut current = &mut self.buffer;
+        for k in &buffer_key[0..(buffer_key.len() - 1)] {
+            if current.get(k).is_none() {
+                current[k] = serde_json::Value::Object(serde_json::Map::new());
+            }
+            current = &mut current[k];
+        }
+        current[buffer_key.last().unwrap()] = serde_json::Value::String(value.to_string());
+    }
+
+    fn _write_buffer(&self, file: &mut dyn Write, with_prefix: bool) {
+        match self.file_type {
+            EnvFileType::DotEnv => self._write_buffer_env(file, with_prefix),
+            EnvFileType::Yaml => self._write_buffer_yaml(file),
+        }
+    }
+
+    fn _write_buffer_env(&self, file: &mut dyn Write, with_prefix: bool) {
+        fn _write_buffer_env_layer(
+            file: &mut dyn Write,
+            buffer: &serde_json::Value,
+            prefix: String,
+            with_root_prefix: bool,
+        ) {
+            if let serde_json::Value::Object(map) = buffer {
+                for (key, value) in map {
+                    let current_key = if prefix.is_empty() {
+                        if with_root_prefix {
+                            format!("YANPM__{}", key)
+                        } else {
+                            key.to_string()
+                        }
+                    } else {
+                        format!("{}__{}", prefix, key)
+                    };
+                    match value {
+                        serde_json::Value::Object(_) => {
+                            _write_buffer_env_layer(file, value, current_key, with_root_prefix);
+                        }
+                        _ => {
+                            writeln!(file, "{}={}", current_key, value).unwrap();
+                        }
+                    }
+                }
+            }
+        }
+
+        _write_buffer_env_layer(file, &self.buffer, String::new(), with_prefix);
+    }
+
+    fn _write_buffer_yaml(&self, file: &mut dyn Write) {
+        let mut layer = 0;
+        fn _write_buffer_yaml_layer(
+            file: &mut dyn Write,
+            buffer: &serde_json::Value,
+            layer: &mut usize,
+        ) {
+            if let serde_json::Value::Object(map) = buffer {
+                for (key, value) in map {
+                    let indent = "  ".repeat(*layer);
+                    match value {
+                        serde_json::Value::Object(_) => {
+                            writeln!(file, "{}{}:", indent, key).unwrap();
+                            *layer += 1;
+                            _write_buffer_yaml_layer(file, value, layer);
+                            *layer -= 1;
+                        }
+                        _ => {
+                            writeln!(file, "{}{}: {}", indent, key, value).unwrap();
+                        }
+                    }
+                }
+            }
+        }
+
+        _write_buffer_yaml_layer(file, &self.buffer, &mut layer);
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_env_file_write_yaml() {
+        let mut env_file_nested = EnvFile::new(
+            EnvFileType::Yaml,
+            DBType::SQLite,
+            "mysql://user:pass@localhost/db".to_string(),
+        );
+
+        let mut output_stream = Vec::new();
+        env_file_nested.write(&mut output_stream, false);
+        let output_string = String::from_utf8(output_stream).unwrap();
+        let expected_output = "\
+DATABASE:
+  TYPE: \"SQLite\"
+  URL: \"mysql://user:pass@localhost/db\"
+";
+        assert_eq!(output_string, expected_output);
+    }
+
+    #[test]
+    fn test_env_file_write_env() {
+        let mut env_file_nested = EnvFile::new(
+            EnvFileType::DotEnv,
+            DBType::PostgreSQL,
+            "postgres://user:pass@localhost/db".to_string(),
+        );
+        let mut output_stream = Vec::new();
+        env_file_nested.write(&mut output_stream, true);
+        let output_string = String::from_utf8(output_stream).unwrap();
+        let expected_output = "\
+YANPM__DATABASE__TYPE=\"PostgreSQL\"
+YANPM__DATABASE__URL=\"postgres://user:pass@localhost/db\"
+";
+        assert_eq!(output_string, expected_output);
     }
 }

apps/container/src/lib.rs

@@ -60,7 +60,7 @@ async fn start(config: &Config) {
     //
     // write the config files for the api server and database client
     println!("Writing config files...");
-    write_env_files(&db_config);
+    write_env_files(db_config);
     println!("Config files written to:");
     println!("  - {}", to_absolute_path(API_CONFIG_PATH).display());
     println!("  - {}", to_absolute_path(DB_CONFIG_PATH).display());

apps/container/src/util.rs

@@ -29,17 +29,18 @@ pub fn write_env_files(db_config: &DBConfigInfoType) {
         DBConfigInfoType::PreExisting(config) => (config.db_type.clone(), config.url.clone()),
     };
 
-    let api_env_file = EnvFile {
-        file_type: env::EnvFileType::Yaml,
-        db_type: db_type,
-        db_url: db_url,
-    };
+    let mut api_env = EnvFile::new(env::EnvFileType::Yaml, db_type, db_url);
+    let mut db_env = api_env.clone();
+    db_env.file_type = env::EnvFileType::DotEnv;
 
-    let mut db_env_file = api_env_file.clone();
-    db_env_file.file_type = env::EnvFileType::DotEnv;
+    let mut api_file =
+        std::fs::File::create(&api_config_path_absolute).expect("Failed to create API config file");
 
-    api_env_file.write(&api_config_path_absolute);
-    db_env_file.write(&db_config_path_absolute);
+    let mut db_file =
+        std::fs::File::create(&db_config_path_absolute).expect("Failed to create DB config file");
+
+    api_env.write(&mut api_file, true);
+    db_env.write(&mut db_file, false);
 }
 
 pub async fn stop_container(

apps/frontend/.dockerignore

@@ -0,0 +1,4 @@
+.react-router
+build
+node_modules
+README.md

apps/frontend/.env.example

@@ -0,0 +1 @@
+VITE_API_BASE_URL=<optional_api_base_url>

apps/frontend/.gitignore

@@ -0,0 +1,7 @@
+.DS_Store
+.env
+/node_modules/
+
+# React Router
+/.react-router/
+/build/

apps/frontend/app/app.css

@@ -0,0 +1,15 @@
+@import "tailwindcss";
+
+@theme {
+  --font-sans: "Inter", ui-sans-serif, system-ui, sans-serif,
+    "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+}
+
+html,
+body {
+  @apply bg-white dark:bg-gray-950;
+
+  @media (prefers-color-scheme: dark) {
+    color-scheme: dark;
+  }
+}

apps/frontend/app/generated/api-client/api-client.ts

@@ -0,0 +1,422 @@
+export namespace Schemas {
+  // <Schemas>
+  export type HealthInfo = {
+    errors?: (Array<string> | null) | undefined;
+    status: string;
+    up_since: string;
+    version: string;
+  };
+
+  // </Schemas>
+}
+
+export namespace Endpoints {
+  // <Endpoints>
+
+  export type get_Get_health_info = {
+    method: "GET";
+    path: "/api/health/info";
+    requestFormat: "json";
+    parameters: never;
+    responses: { 200: Schemas.HealthInfo; 404: unknown };
+  };
+
+  // </Endpoints>
+}
+
+// <EndpointByMethod>
+export type EndpointByMethod = {
+  get: {
+    "/api/health/info": Endpoints.get_Get_health_info;
+  };
+};
+
+// </EndpointByMethod>
+
+// <EndpointByMethod.Shorthands>
+export type GetEndpoints = EndpointByMethod["get"];
+// </EndpointByMethod.Shorthands>
+
+// <ApiClientTypes>
+export type EndpointParameters = {
+  body?: unknown;
+  query?: Record<string, unknown>;
+  header?: Record<string, unknown>;
+  path?: Record<string, unknown>;
+};
+
+export type MutationMethod = "post" | "put" | "patch" | "delete";
+export type Method = "get" | "head" | "options" | MutationMethod;
+
+type RequestFormat = "json" | "form-data" | "form-url" | "binary" | "text";
+
+export type DefaultEndpoint = {
+  parameters?: EndpointParameters | undefined;
+  responses?: Record<string, unknown>;
+  responseHeaders?: Record<string, unknown>;
+};
+
+export type Endpoint<TConfig extends DefaultEndpoint = DefaultEndpoint> = {
+  operationId: string;
+  method: Method;
+  path: string;
+  requestFormat: RequestFormat;
+  parameters?: TConfig["parameters"];
+  meta: {
+    alias: string;
+    hasParameters: boolean;
+    areParametersRequired: boolean;
+  };
+  responses?: TConfig["responses"];
+  responseHeaders?: TConfig["responseHeaders"];
+};
+
+export interface Fetcher {
+  decodePathParams?: (path: string, pathParams: Record<string, string>) => string;
+  encodeSearchParams?: (searchParams: Record<string, unknown> | undefined) => URLSearchParams;
+  //
+  fetch: (input: {
+    method: Method;
+    url: URL;
+    urlSearchParams?: URLSearchParams | undefined;
+    parameters?: EndpointParameters | undefined;
+    path: string;
+    overrides?: RequestInit;
+    throwOnStatusError?: boolean;
+  }) => Promise<Response>;
+  parseResponseData?: (response: Response) => Promise<unknown>;
+}
+
+export const successStatusCodes = [
+  200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308,
+] as const;
+export type SuccessStatusCode = (typeof successStatusCodes)[number];
+
+export const errorStatusCodes = [
+  400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 421, 422, 423, 424,
+  425, 426, 428, 429, 431, 451, 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, 511,
+] as const;
+export type ErrorStatusCode = (typeof errorStatusCodes)[number];
+
+// Taken from https://github.com/unjs/fetchdts/blob/ec4eaeab5d287116171fc1efd61f4a1ad34e4609/src/fetch.ts#L3
+export interface TypedHeaders<TypedHeaderValues extends Record<string, string> | unknown>
+  extends Omit<Headers, "append" | "delete" | "get" | "getSetCookie" | "has" | "set" | "forEach"> {
+  /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Headers/append) */
+  append: <Name extends Extract<keyof TypedHeaderValues, string> | (string & {})>(
+    name: Name,
+    value: Lowercase<Name> extends keyof TypedHeaderValues ? TypedHeaderValues[Lowercase<Name>] : string,
+  ) => void;
+  /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Headers/delete) */
+  delete: <Name extends Extract<keyof TypedHeaderValues, string> | (string & {})>(name: Name) => void;
+  /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Headers/get) */
+  get: <Name extends Extract<keyof TypedHeaderValues, string> | (string & {})>(
+    name: Name,
+  ) => (Lowercase<Name> extends keyof TypedHeaderValues ? TypedHeaderValues[Lowercase<Name>] : string) | null;
+  /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Headers/getSetCookie) */
+  getSetCookie: () => string[];
+  /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Headers/has) */
+  has: <Name extends Extract<keyof TypedHeaderValues, string> | (string & {})>(name: Name) => boolean;
+  /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Headers/set) */
+  set: <Name extends Extract<keyof TypedHeaderValues, string> | (string & {})>(
+    name: Name,
+    value: Lowercase<Name> extends keyof TypedHeaderValues ? TypedHeaderValues[Lowercase<Name>] : string,
+  ) => void;
+  forEach: (
+    callbackfn: (
+      value: TypedHeaderValues[keyof TypedHeaderValues] | (string & {}),
+      key: Extract<keyof TypedHeaderValues, string> | (string & {}),
+      parent: TypedHeaders<TypedHeaderValues>,
+    ) => void,
+    thisArg?: any,
+  ) => void;
+}
+
+/** @see https://developer.mozilla.org/en-US/docs/Web/API/Response */
+export interface TypedSuccessResponse<TSuccess, TStatusCode, THeaders>
+  extends Omit<Response, "ok" | "status" | "json" | "headers"> {
+  ok: true;
+  status: TStatusCode;
+  headers: never extends THeaders ? Headers : TypedHeaders<THeaders>;
+  data: TSuccess;
+  /** [MDN Reference](https://developer.mozilla.org/en-US/docs/Web/API/Response/json) */
+  json: () => Promise<TSuccess>;
+}
+
+/** @see https://developer.mozilla.org/en-US/docs/Web/API/Response */
+export interface TypedErrorResponse<TData, TStatusCode, THeaders>
+  extends Omit<Response, "ok" | "status" | "json" | "headers"> {
+  ok: false;
+  status: TStatusCode;
+  headers: never extends THeaders ? Headers : TypedHeaders<THeaders>;
+  data: TData;
+  /** [MDN Reference](https://developer.mozilla.org/en-US/docs/Web/API/Response/json) */
+  json: () => Promise<TData>;
+}
+
+export type TypedApiResponse<TAllResponses extends Record<string | number, unknown> = {}, THeaders = {}> = {
+  [K in keyof TAllResponses]: K extends string
+    ? K extends `${infer TStatusCode extends number}`
+      ? TStatusCode extends SuccessStatusCode
+        ? TypedSuccessResponse<TAllResponses[K], TStatusCode, K extends keyof THeaders ? THeaders[K] : never>
+        : TypedErrorResponse<TAllResponses[K], TStatusCode, K extends keyof THeaders ? THeaders[K] : never>
+      : never
+    : K extends number
+      ? K extends SuccessStatusCode
+        ? TypedSuccessResponse<TAllResponses[K], K, K extends keyof THeaders ? THeaders[K] : never>
+        : TypedErrorResponse<TAllResponses[K], K, K extends keyof THeaders ? THeaders[K] : never>
+      : never;
+}[keyof TAllResponses];
+
+export type SafeApiResponse<TEndpoint> = TEndpoint extends { responses: infer TResponses }
+  ? TResponses extends Record<string, unknown>
+    ? TypedApiResponse<TResponses, TEndpoint extends { responseHeaders: infer THeaders } ? THeaders : never>
+    : never
+  : never;
+
+export type InferResponseByStatus<TEndpoint, TStatusCode> = Extract<
+  SafeApiResponse<TEndpoint>,
+  { status: TStatusCode }
+>;
+
+type RequiredKeys<T> = {
+  [P in keyof T]-?: undefined extends T[P] ? never : P;
+}[keyof T];
+
+type MaybeOptionalArg<T> = RequiredKeys<T> extends never ? [config?: T] : [config: T];
+type NotNever<T> = [T] extends [never] ? false : true;
+
+// </ApiClientTypes>
+
+// <TypedStatusError>
+export class TypedStatusError<TData = unknown> extends Error {
+  response: TypedErrorResponse<TData, ErrorStatusCode, unknown>;
+  status: number;
+  constructor(response: TypedErrorResponse<TData, ErrorStatusCode, unknown>) {
+    super(`HTTP ${response.status}: ${response.statusText}`);
+    this.name = "TypedStatusError";
+    this.response = response;
+    this.status = response.status;
+  }
+}
+// </TypedStatusError>
+
+// <ApiClient>
+export class ApiClient {
+  baseUrl: string = "";
+  successStatusCodes = successStatusCodes;
+  errorStatusCodes = errorStatusCodes;
+
+  constructor(public fetcher: Fetcher) {}
+
+  setBaseUrl(baseUrl: string) {
+    this.baseUrl = baseUrl;
+    return this;
+  }
+
+  /**
+   * Replace path parameters in URL
+   * Supports both OpenAPI format {param} and Express format :param
+   */
+  defaultDecodePathParams = (url: string, params: Record<string, string>): string => {
+    return url
+      .replace(/{(\w+)}/g, (_, key: string) => params[key] || `{${key}}`)
+      .replace(/:([a-zA-Z0-9_]+)/g, (_, key: string) => params[key] || `:${key}`);
+  };
+
+  /** Uses URLSearchParams, skips null/undefined values */
+  defaultEncodeSearchParams = (queryParams: Record<string, unknown> | undefined): URLSearchParams | undefined => {
+    if (!queryParams) return;
+
+    const searchParams = new URLSearchParams();
+    Object.entries(queryParams).forEach(([key, value]) => {
+      if (value != null) {
+        // Skip null/undefined values
+        if (Array.isArray(value)) {
+          value.forEach((val) => val != null && searchParams.append(key, String(val)));
+        } else {
+          searchParams.append(key, String(value));
+        }
+      }
+    });
+
+    return searchParams;
+  };
+
+  defaultParseResponseData = async (response: Response): Promise<unknown> => {
+    const contentType = response.headers.get("content-type") ?? "";
+    if (contentType.startsWith("text/")) {
+      return await response.text();
+    }
+
+    if (contentType === "application/octet-stream") {
+      return await response.arrayBuffer();
+    }
+
+    if (
+      contentType.includes("application/json") ||
+      (contentType.includes("application/") && contentType.includes("json")) ||
+      contentType === "*/*"
+    ) {
+      try {
+        return await response.json();
+      } catch {
+        return undefined;
+      }
+    }
+
+    return;
+  };
+
+  // <ApiClient.get>
+  get<Path extends keyof GetEndpoints, TEndpoint extends GetEndpoints[Path]>(
+    path: Path,
+    ...params: MaybeOptionalArg<
+      TEndpoint extends { parameters: infer UParams }
+        ? NotNever<UParams> extends true
+          ? UParams & { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
+          : { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
+        : { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
+    >
+  ): Promise<Extract<InferResponseByStatus<TEndpoint, SuccessStatusCode>, { data: {} }>["data"]>;
+
+  get<Path extends keyof GetEndpoints, TEndpoint extends GetEndpoints[Path]>(
+    path: Path,
+    ...params: MaybeOptionalArg<
+      TEndpoint extends { parameters: infer UParams }
+        ? NotNever<UParams> extends true
+          ? UParams & { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
+          : { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
+        : { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
+    >
+  ): Promise<SafeApiResponse<TEndpoint>>;
+
+  get<Path extends keyof GetEndpoints, _TEndpoint extends GetEndpoints[Path]>(
+    path: Path,
+    ...params: MaybeOptionalArg<any>
+  ): Promise<any> {
+    return this.request("get", path, ...params);
+  }
+  // </ApiClient.get>
+
+  // <ApiClient.request>
+  /**
+   * Generic request method with full type-safety for any endpoint
+   */
+  request<
+    TMethod extends keyof EndpointByMethod,
+    TPath extends keyof EndpointByMethod[TMethod],
+    TEndpoint extends EndpointByMethod[TMethod][TPath],
+  >(
+    method: TMethod,
+    path: TPath,
+    ...params: MaybeOptionalArg<
+      TEndpoint extends { parameters: infer UParams }
+        ? NotNever<UParams> extends true
+          ? UParams & { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
+          : { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
+        : { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
+    >
+  ): Promise<Extract<InferResponseByStatus<TEndpoint, SuccessStatusCode>, { data: {} }>["data"]>;
+
+  request<
+    TMethod extends keyof EndpointByMethod,
+    TPath extends keyof EndpointByMethod[TMethod],
+    TEndpoint extends EndpointByMethod[TMethod][TPath],
+  >(
+    method: TMethod,
+    path: TPath,
+    ...params: MaybeOptionalArg<
+      TEndpoint extends { parameters: infer UParams }
+        ? NotNever<UParams> extends true
+          ? UParams & { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
+          : { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
+        : { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
+    >
+  ): Promise<SafeApiResponse<TEndpoint>>;
+
+  request<
+    TMethod extends keyof EndpointByMethod,
+    TPath extends keyof EndpointByMethod[TMethod],
+    TEndpoint extends EndpointByMethod[TMethod][TPath],
+  >(method: TMethod, path: TPath, ...params: MaybeOptionalArg<any>): Promise<any> {
+    const requestParams = params[0];
+    const withResponse = requestParams?.withResponse;
+    const {
+      withResponse: _,
+      throwOnStatusError = withResponse ? false : true,
+      overrides,
+      ...fetchParams
+    } = requestParams || {};
+
+    const parametersToSend: EndpointParameters = {};
+    if (requestParams?.body !== undefined) (parametersToSend as any).body = requestParams.body;
+    if (requestParams?.query !== undefined) (parametersToSend as any).query = requestParams.query;
+    if (requestParams?.header !== undefined) (parametersToSend as any).header = requestParams.header;
+    if (requestParams?.path !== undefined) (parametersToSend as any).path = requestParams.path;
+
+    const resolvedPath = (this.fetcher.decodePathParams ?? this.defaultDecodePathParams)(
+      this.baseUrl + (path as string),
+      (parametersToSend.path ?? {}) as Record<string, string>,
+    );
+    const url = new URL(resolvedPath);
+    const urlSearchParams = (this.fetcher.encodeSearchParams ?? this.defaultEncodeSearchParams)(parametersToSend.query);
+
+    const promise = this.fetcher
+      .fetch({
+        method: method,
+        path: path as string,
+        url,
+        urlSearchParams,
+        parameters: Object.keys(fetchParams).length ? fetchParams : undefined,
+        overrides,
+        throwOnStatusError,
+      })
+      .then(async (response) => {
+        const data = await (this.fetcher.parseResponseData ?? this.defaultParseResponseData)(response);
+        const typedResponse = Object.assign(response, {
+          data: data,
+          json: () => Promise.resolve(data),
+        }) as SafeApiResponse<TEndpoint>;
+
+        if (throwOnStatusError && errorStatusCodes.includes(response.status as never)) {
+          throw new TypedStatusError(typedResponse as never);
+        }
+
+        return withResponse ? typedResponse : data;
+      });
+
+    return promise as Extract<InferResponseByStatus<TEndpoint, SuccessStatusCode>, { data: {} }>["data"];
+  }
+  // </ApiClient.request>
+}
+
+export function createApiClient(fetcher: Fetcher, baseUrl?: string) {
+  return new ApiClient(fetcher).setBaseUrl(baseUrl ?? "");
+}
+
+/**
+ Example usage:
+ const api = createApiClient((method, url, params) =>
+   fetch(url, { method, body: JSON.stringify(params) }).then((res) => res.json()),
+ );
+ api.get("/users").then((users) => console.log(users));
+ api.post("/users", { body: { name: "John" } }).then((user) => console.log(user));
+ api.put("/users/:id", { path: { id: 1 }, body: { name: "John" } }).then((user) => console.log(user));
+
+ // With error handling
+ const result = await api.get("/users/{id}", { path: { id: "123" }, withResponse: true });
+ if (result.ok) {
+   // Access data directly
+   const user = result.data;
+   console.log(user);
+
+   // Or use the json() method for compatibility
+   const userFromJson = await result.json();
+   console.log(userFromJson);
+ } else {
+   const error = result.data;
+   console.error(`Error ${result.status}:`, error);
+ }
+*/
+
+// </ApiClient>

apps/frontend/app/generated/api-client/tanstack-client.ts

@@ -0,0 +1,185 @@
+import { queryOptions } from "@tanstack/react-query";
+import type {
+  EndpointByMethod,
+  ApiClient,
+  SuccessStatusCode,
+  ErrorStatusCode,
+  InferResponseByStatus,
+  TypedSuccessResponse,
+} from "./api-client.ts";
+import { errorStatusCodes, TypedStatusError } from "./api-client.ts";
+
+type EndpointQueryKey<TOptions extends EndpointParameters> = [
+  TOptions & {
+    _id: string;
+    _infinite?: boolean;
+  },
+];
+
+const createQueryKey = <TOptions extends EndpointParameters>(
+  id: string,
+  options?: TOptions,
+  infinite?: boolean,
+): [EndpointQueryKey<TOptions>[0]] => {
+  const params: EndpointQueryKey<TOptions>[0] = { _id: id } as EndpointQueryKey<TOptions>[0];
+  if (infinite) {
+    params._infinite = infinite;
+  }
+  if (options?.body) {
+    params.body = options.body;
+  }
+  if (options?.header) {
+    params.header = options.header;
+  }
+  if (options?.path) {
+    params.path = options.path;
+  }
+  if (options?.query) {
+    params.query = options.query;
+  }
+  return [params];
+};
+
+// <EndpointByMethod.Shorthands>
+export type GetEndpoints = EndpointByMethod["get"];
+// </EndpointByMethod.Shorthands>
+
+// <ApiClientTypes>
+export type EndpointParameters = {
+  body?: unknown;
+  query?: Record<string, unknown>;
+  header?: Record<string, unknown>;
+  path?: Record<string, unknown>;
+};
+
+type RequiredKeys<T> = {
+  [P in keyof T]-?: undefined extends T[P] ? never : P;
+}[keyof T];
+
+type MaybeOptionalArg<T> = RequiredKeys<T> extends never ? [config?: T] : [config: T];
+
+type InferResponseData<TEndpoint, TStatusCode> =
+  TypedSuccessResponse<any, any, any> extends InferResponseByStatus<TEndpoint, TStatusCode>
+    ? Extract<InferResponseByStatus<TEndpoint, TStatusCode>, { data: {} }>["data"]
+    : Extract<InferResponseByStatus<TEndpoint, TStatusCode>["data"], {}>;
+
+// </ApiClientTypes>
+
+// <ApiClient>
+export class TanstackQueryApiClient {
+  constructor(public client: ApiClient) {}
+
+  // <ApiClient.get>
+  get<Path extends keyof GetEndpoints, TEndpoint extends GetEndpoints[Path]>(
+    path: Path,
+    ...params: MaybeOptionalArg<TEndpoint["parameters"]>
+  ) {
+    const queryKey = createQueryKey(path as string, params[0]);
+    const query = {
+      /** type-only property if you need easy access to the endpoint params */
+      "~endpoint": {} as TEndpoint,
+      queryKey,
+      queryFn: {} as "You need to pass .queryOptions to the useQuery hook",
+      queryOptions: queryOptions({
+        queryFn: async ({ queryKey, signal }) => {
+          const requestParams = {
+            ...(params[0] || {}),
+            ...(queryKey[0] || {}),
+            overrides: { signal },
+            withResponse: false as const,
+          };
+          const res = await this.client.get(path, requestParams as never);
+          return res as InferResponseData<TEndpoint, SuccessStatusCode>;
+        },
+        queryKey: queryKey,
+      }),
+    };
+
+    return query;
+  }
+  // </ApiClient.get>
+
+  // <ApiClient.request>
+  /**
+   * Generic mutation method with full type-safety for any endpoint; it doesnt require parameters to be passed initially
+   * but instead will require them to be passed when calling the mutation.mutate() method
+   */
+  mutation<
+    TMethod extends keyof EndpointByMethod,
+    TPath extends keyof EndpointByMethod[TMethod],
+    TEndpoint extends EndpointByMethod[TMethod][TPath],
+    TWithResponse extends boolean = false,
+    TSelection = TWithResponse extends true
+      ? InferResponseByStatus<TEndpoint, SuccessStatusCode>
+      : InferResponseData<TEndpoint, SuccessStatusCode>,
+    TError = TEndpoint extends { responses: infer TResponses }
+      ? TResponses extends Record<string | number, unknown>
+        ? TypedStatusError<InferResponseData<TEndpoint, ErrorStatusCode>>
+        : Error
+      : Error,
+  >(
+    method: TMethod,
+    path: TPath,
+    options?: {
+      withResponse?: TWithResponse;
+      selectFn?: (
+        res: TWithResponse extends true
+          ? InferResponseByStatus<TEndpoint, SuccessStatusCode>
+          : InferResponseData<TEndpoint, SuccessStatusCode>,
+      ) => TSelection;
+      throwOnStatusError?: boolean;
+      throwOnError?: boolean | ((error: TError) => boolean);
+    },
+  ) {
+    const mutationKey = [{ method, path }] as const;
+    const mutationFn = async (
+      params: (TEndpoint extends { parameters: infer Parameters } ? Parameters : {}) & {
+        throwOnStatusError?: boolean;
+        overrides?: RequestInit;
+      },
+    ): Promise<TSelection> => {
+      const withResponse = options?.withResponse ?? false;
+      const throwOnStatusError =
+        params.throwOnStatusError ?? options?.throwOnStatusError ?? (withResponse ? false : true);
+      const selectFn = options?.selectFn;
+      const response = await (this.client as any)[method](path, {
+        ...(params as any),
+        withResponse: true,
+        throwOnStatusError: false,
+      });
+
+      if (throwOnStatusError && errorStatusCodes.includes(response.status as never)) {
+        throw new TypedStatusError(response as never);
+      }
+
+      // Return just the data if withResponse is false, otherwise return the full response
+      const finalResponse = withResponse ? response : response.data;
+      const res = selectFn ? selectFn(finalResponse as any) : finalResponse;
+      return res as never;
+    };
+    return {
+      /** type-only property if you need easy access to the endpoint params */
+      "~endpoint": {} as TEndpoint,
+      mutationKey: mutationKey,
+      mutationFn: {} as "You need to pass .mutationOptions to the useMutation hook",
+      mutationOptions: {
+        throwOnError: options?.throwOnError as boolean | ((error: TError) => boolean),
+        mutationKey: mutationKey,
+        mutationFn: mutationFn,
+      } as Omit<
+        import("@tanstack/react-query").UseMutationOptions<
+          TSelection,
+          TError,
+          (TEndpoint extends { parameters: infer Parameters } ? Parameters : {}) & {
+            withResponse?: boolean;
+            throwOnStatusError?: boolean;
+          }
+        >,
+        "mutationFn"
+      > & {
+        mutationFn: typeof mutationFn;
+      },
+    };
+  }
+  // </ApiClient.request>
+}

apps/frontend/app/lib/api.ts

@@ -0,0 +1,94 @@
+import type { AxiosInstance, AxiosResponse } from 'axios';
+import { type Fetcher, type Method, createApiClient } from '../generated/api-client/api-client';
+import { TanstackQueryApiClient } from '../generated/api-client/tanstack-client';
+
+const API_BASE_URL: string | undefined = import.meta.env.VITE_API_BASE_URL;
+
+const get_fetch: (axios: AxiosInstance) => Fetcher['fetch'] =
+  (axios) =>
+  async ({ method, url: incomingUrl, parameters: params }) => {
+    // Use a plain object for Axios headers
+    const headers: Record<string, string> = {};
+
+    // Replace path parameters (supports both {param} and :param formats)
+    const actualUrl = replacePathParams(incomingUrl.toString(), (params?.path ?? {}) as Record<string, string>);
+    const url = new URL(actualUrl);
+
+    // Handle query parameters
+    if (params?.query) {
+      const searchParams = new URLSearchParams();
+      Object.entries(params.query).forEach(([key, value]) => {
+        if (value != null) {
+          // Skip null/undefined values
+          if (Array.isArray(value)) {
+            value.forEach((val) => val != null && searchParams.append(key, String(val)));
+          } else {
+            searchParams.append(key, String(value));
+          }
+        }
+      });
+      url.search = searchParams.toString();
+    }
+
+    // Handle request body for mutation methods (use Axios `data`)
+    const data = (['post', 'put', 'patch', 'delete'] satisfies Method[] as string[]).includes(method.toLowerCase()) ? params?.body : undefined;
+
+    if (data != null) {
+      headers['Content-Type'] = 'application/json';
+    }
+
+    // Add custom headers
+    if (params?.header) {
+      Object.entries(params.header).forEach(([key, value]) => {
+        if (value != null) {
+          headers[key] = String(value);
+        }
+      });
+    }
+
+    const response = await axios(url.toString(), {
+      method: method.toUpperCase(),
+      ...(data !== undefined && { data }),
+      headers: headers,
+    });
+
+    return axiosResponseToFetchResponse(response);
+  };
+
+function axiosResponseToFetchResponse(response: AxiosResponse): Response {
+  const headers = new Headers();
+  Object.entries(response.headers).forEach(([key, value]) => {
+    if (Array.isArray(value)) {
+      value.forEach((val) => headers.append(key, val));
+    } else {
+      headers.append(key, value);
+    }
+  });
+
+  return new Response(response.data, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: headers,
+  });
+}
+
+/**
+ * Replace path parameters in URL
+ * Supports both OpenAPI format {param} and Express format :param
+ */
+function replacePathParams(url: string, params: Record<string, string>): string {
+  return url.replace(/{(\w+)}/g, (_, key: string) => params[key] || `{${key}}`).replace(/:([a-zA-Z0-9_]+)/g, (_, key: string) => params[key] || `:${key}`);
+}
+
+export function createApi(axios: AxiosInstance) {
+  return createApiClient(
+    {
+      fetch: get_fetch(axios),
+    },
+    API_BASE_URL ?? window.location.origin
+  );
+}
+
+export function createTanstackApi(axios: AxiosInstance) {
+  return new TanstackQueryApiClient(createApi(axios));
+}

apps/frontend/app/providers/ApiProvider.tsx

@@ -0,0 +1,59 @@
+import { createContext, use, useContext, type PropsWithChildren } from 'react';
+import { createTanstackApi, createApi } from '../lib/api';
+import axios from 'axios';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+
+type ApiProviderProps = PropsWithChildren<{}>;
+type ApiContextType = {
+  apiClient: ReturnType<typeof createApi>;
+  tanstackApiClient: ReturnType<typeof createTanstackApi>;
+};
+
+const ApiContext = createContext<ApiContextType | null>(null);
+
+const queryClient = new QueryClient();
+
+/**
+ * Example usage:
+ * ```ts
+ * const { tanstackApiClient } = useApi();
+ * const { queryOptions } = tanstackApiClient.get('/api/health/info');
+ * useQuery({
+ *   ...queryOptions,
+ *   queryFn: async (...args) => {
+ *     console.log('Fetching health info...');
+ *     const data = await queryOptions.queryFn!(...args);
+ *     console.log('Health Info:', data);
+ *     return data;
+ *   },
+ * });
+ * ```
+ */
+
+export const ApiProvider: React.FC<ApiProviderProps> = ({ children }) => {
+  const axiosInstance = axios.create({
+    withCredentials: true,
+  });
+  const apiClient = createApi(axiosInstance);
+  const tanstackApiClient = createTanstackApi(axiosInstance);
+  return (
+    <QueryClientProvider client={queryClient}>
+      <ApiContext
+        value={{
+          apiClient,
+          tanstackApiClient,
+        }}
+      >
+        {children}
+      </ApiContext>
+    </QueryClientProvider>
+  );
+};
+
+export function useApi() {
+  const context = use(ApiContext);
+  if (!context) {
+    throw new Error('useApi must be used within an ApiProvider');
+  }
+  return context;
+}

apps/frontend/app/root.tsx

@@ -0,0 +1,61 @@
+import { isRouteErrorResponse, Links, Meta, Outlet, Scripts, ScrollRestoration } from 'react-router';
+import type { Route } from './+types/root';
+import './app.css';
+import { Theme } from '@radix-ui/themes';
+import { ApiProvider } from './providers/ApiProvider';
+
+export const links: Route.LinksFunction = () => [];
+
+export function Layout({ children }: { children: React.ReactNode }) {
+  return (
+    <html lang="en">
+      <head>
+        <meta charSet="utf-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1" />
+        <Meta />
+        <Links />
+      </head>
+      <body>
+        {children}
+        <ScrollRestoration />
+        <Scripts />
+      </body>
+    </html>
+  );
+}
+
+export default function App() {
+  return (
+    <Theme>
+      <ApiProvider>
+        <Outlet />
+      </ApiProvider>
+    </Theme>
+  );
+}
+
+export function ErrorBoundary({ error }: Route.ErrorBoundaryProps) {
+  let message = 'Oops!';
+  let details = 'An unexpected error occurred.';
+  let stack: string | undefined;
+
+  if (isRouteErrorResponse(error)) {
+    message = error.status === 404 ? '404' : 'Error';
+    details = error.status === 404 ? 'The requested page could not be found.' : error.statusText || details;
+  } else if (import.meta.env.DEV && error && error instanceof Error) {
+    details = error.message;
+    stack = error.stack;
+  }
+
+  return (
+    <main className="pt-16 p-4 container mx-auto">
+      <h1>{message}</h1>
+      <p>{details}</p>
+      {stack && (
+        <pre className="w-full p-4 overflow-x-auto">
+          <code>{stack}</code>
+        </pre>
+      )}
+    </main>
+  );
+}

apps/frontend/app/routes.ts

@@ -0,0 +1,7 @@
+import { type RouteConfig, index, route } from '@react-router/dev/routes';
+
+export default [
+  index('routes/home.tsx'),
+  // catch-all 404 route
+  route('*', 'routes/404.tsx'),
+] satisfies RouteConfig;

apps/frontend/app/routes/404.tsx

@@ -0,0 +1,3 @@
+export default function NotFound() {
+  return <h1>404 - Not Found</h1>;
+}

apps/frontend/app/routes/home.tsx

@@ -0,0 +1,13 @@
+import { Text } from '@radix-ui/themes';
+import type { Route } from './+types/home';
+import { useContext } from 'react';
+import { useApi } from '../providers/ApiProvider';
+import { useQuery } from '@tanstack/react-query';
+
+export function meta({}: Route.MetaArgs) {
+  return [{ title: 'YANPM' }, { name: 'description', content: 'Welcome to Yet Another Nginx Proxy Manager!' }];
+}
+
+export default function Home() {
+  return <Text>Welcome to Yet Another Nginx Proxy Manager!</Text>;
+}

apps/frontend/app/vite-env.d.ts

@@ -0,0 +1,13 @@
+interface ViteTypeOptions {
+  // By adding this line, you can make the type of ImportMetaEnv strict
+  // to disallow unknown keys.
+  // strictImportMetaEnv: unknown
+}
+
+interface ImportMetaEnv {
+  readonly VITE_API_BASE_URL: string | undefined;
+}
+
+interface ImportMeta {
+  readonly env: ImportMetaEnv;
+}

apps/frontend/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "frontend",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "build": "react-router build",
+    "dev": "react-router dev",
+    "start": "react-router-serve ./build/server/index.js",
+    "typecheck": "react-router typegen && tsc",
+    "test": "echo \"No tests specified\" && exit 0",
+    "generate:openapi": "typed-openapi ../api/swagger.json --tanstack tanstack-client.ts -o ./app/generated/api-client/api-client.ts"
+  },
+  "dependencies": {
+    "@radix-ui/themes": "^3.2.1",
+    "@react-router/node": "^7.9.2",
+    "@react-router/serve": "^7.9.2",
+    "@tanstack/react-query": "^5.90.12",
+    "axios": "^1.13.2",
+    "isbot": "^5.1.31",
+    "radix-ui": "^1.4.3",
+    "react": "^19.1.1",
+    "react-dom": "^19.1.1",
+    "react-router": "^7.9.2"
+  },
+  "devDependencies": {
+    "@react-router/dev": "^7.9.2",
+    "@tailwindcss/vite": "^4.1.13",
+    "@types/node": "^22",
+    "@types/react": "^19.1.13",
+    "@types/react-dom": "^19.1.9",
+    "dotenv": "^17.2.3",
+    "tailwindcss": "^4.1.13",
+    "typed-openapi": "^2.2.3",
+    "typescript": "^5.9.2",
+    "vite": "^7.1.7",
+    "vite-tsconfig-paths": "^5.1.4"
+  }
+}

apps/frontend/react-router.config.ts

@@ -0,0 +1,5 @@
+import type { Config } from '@react-router/dev/config';
+
+export default {
+  ssr: false,
+} satisfies Config;

apps/frontend/tsconfig.json

@@ -0,0 +1,23 @@
+{
+  "include": ["**/*", "**/.server/**/*", "**/.client/**/*", ".react-router/types/**/*"],
+  "compilerOptions": {
+    "lib": ["DOM", "DOM.Iterable", "ES2022"],
+    "types": ["node", "vite/client"],
+    "target": "ES2022",
+    "module": "ES2022",
+    "moduleResolution": "bundler",
+    "jsx": "react-jsx",
+    "rootDirs": [".", "./.react-router/types"],
+    "baseUrl": ".",
+    "paths": {
+      "~/*": ["./app/*"]
+    },
+    "allowImportingTsExtensions": true,
+    "esModuleInterop": true,
+    "verbatimModuleSyntax": true,
+    "noEmit": true,
+    "resolveJsonModule": true,
+    "skipLibCheck": true,
+    "strict": true
+  }
+}

apps/frontend/vite.config.ts

@@ -0,0 +1,9 @@
+import { reactRouter } from '@react-router/dev/vite';
+import tailwindcss from '@tailwindcss/vite';
+import { defineConfig } from 'vite';
+import tsconfigPaths from 'vite-tsconfig-paths';
+
+export default defineConfig({
+  plugins: [tailwindcss(), reactRouter(), tsconfigPaths()],
+  appType: 'spa',
+});

doc/development.md

@@ -0,0 +1,87 @@
+# Development
+
+## Dependency
+
+YANPM requires the following dependencies to be installed on your development machine:
+
+- Node.js (version 20.x or later)
+- pnpm (version 10.x or later)
+- Docker (for running backend dependencies like databases)
+- Rust-toolchain (for building the backend)
+- Just (for task automation) (optional but recommended)
+
+## Setting Up the Development Environment
+
+To set up the development environment for Yet Another Nginx Proxy Manager (YANPM), follow these steps:
+
+1. **Clone the Repository**:
+
+   ```bash
+   git clone <repository-url>
+   cd yet-another-nginx-proxy-manager
+   ```
+
+2. **Install Dependencies**:
+   Use pnpm to install the project dependencies:
+
+   ```bash
+   pnpm install
+   cargo install sea-orm-cli
+   ```
+
+3. **Set Up Environment Variables**:
+   Create a `.env` file in the root directory and configure the necessary environment variables. You can use the provided `.env.example` as a template.
+
+## Backend Development
+
+1. **Run Backend Dependencies**:
+   Use Docker to run any required backend services, such as databases. You can use the provided cli crate for initializing the dependencies:
+
+   ```bash
+   just simulate
+   ```
+
+   This command will start the necessary services in Docker containers using test-containers.
+
+2. **Start the API Server**:
+   In a separate terminal, navigate to the `apps/api` directory and start the backend server:
+
+   ```bash
+   cd apps/api
+   cargo run
+   ```
+
+## Frontend Development
+
+If backend API interactions are required, ensure they are running before starting the frontend.
+
+1. **Set Up Frontend Environment Variables**:
+   Create a `.env` file in the `apps/frontend` directory and configure the necessary environment variables. You can follow the `.env.example` file as a guide.
+
+2. **Start the Frontend Development Server**:
+   In another terminal, navigate to the `apps/frontend` directory and start the frontend development server:
+
+   ```bash
+   cd apps/frontend
+   pnpm dev
+   ```
+
+## Generate Artifacts After Modifications
+
+After making changes to the below components, you need to regenerate the corresponding artifacts to keep the frontend and backend in sync.
+
+### Database Entities
+
+After modifying or adding new database entities, you need to regenerate the entity artifacts to keep the frontend in sync with the backend database schema.
+
+```bash
+just generate-entity
+```
+
+### Backend API routes
+
+After modifying or adding new backend API routes, you need to regenerate the API client artifacts to ensure the frontend can interact with the updated backend.
+
+```bash
+just generate-openapi
+```

justfile

@@ -1,7 +1,72 @@
+set dotenv-load := true
+# development environment file
+set dotenv-filename := "./public/database/.env.generated"
+
+cli *args:
+  cd apps/cli && \
+  if [ -n "{{args}}" ]; then \
+    cargo run -- {{args}}; \
+  else \
+    cargo run; \
+  fi
+
 simulate *args:
-  cd src/container && \
+  cd apps/container && \
   if [ -n "{{args}}" ]; then \
     cargo run --bin container-simulate -- --db-type={{args}}; \
   else \
     cargo run --bin container-simulate; \
   fi
+
+# Usage: (following SeaORM migration commands)
+# init: Initialize migration directory
+# generate: Generate a new migration file
+# up: Apply all pending migrations
+# up -n 10: Apply 10 pending migrations
+# down: Rollback last applied migration
+# down -n 10: Rollback last 10 applied migrations
+# status: Check the status of all migrations
+# fresh: Drop all tables from the database, then reapply all migrations
+# refresh: Rollback all applied migrations, then reapply all migrations
+# reset: Rollback all applied migrations
+migrate *args:
+  cd public/migration && \
+  if [ -n "{{args}}" ]; then \
+    cargo run -- {{args}}; \
+  else \
+    cargo run; \
+  fi
+
+generate-entity:
+  # delegate to cli
+  just cli db:migrate_and_generate --output-path ../../public/database/src/generated/entities
+
+generate-openapi:
+  # Generate OpenAPI spec
+  cd apps/api && \
+  cargo run -- generate:openapi --output-path ./swagger.json
+  # Generate API client for frontend
+  cd apps/frontend && \
+  pnpm generate:openapi
+
+generate-all: generate-entity generate-openapi
+
+build-frontend:
+  # build frontend assets
+  cd apps/frontend && \
+  pnpm build
+
+build-backend:
+  # build backend server
+  cd apps/api && \
+  cargo build --release
+
+build-apps: build-frontend build-backend
+
+act *args:
+  if [ -n "{{args}}" ]; then \
+    act {{args}} --artifact-server-path /tmp/artifacts; \
+  else \
+    act; \
+  fi
+

public/database/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "database"
+version = "0.1.0"
+edition = "2024"
+
+[lib]
+path = "src/lib.rs"
+
+[dependencies]
+shared = { path = "../shared" }
+migration = { path = "../migration" }
+chrono = { version = "0.4", features = ["serde"] }
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+tokio = { version = "1.47.0", features = ["full"] }
+sea-orm = { workspace = true, features = [ "sqlx-postgres", "sqlx-mysql", "sqlx-sqlite", "runtime-tokio-rustls", "macros", "mock", "with-chrono", "with-json", "with-uuid", "sqlite-use-returning-for-3_35", "mariadb-use-returning" ] }
+log = "0.4.28"
+
+[lints]
+workspace = true

public/database/src/generated.rs

@@ -0,0 +1 @@
+pub mod entities;

public/database/src/generated/entities/config.rs

@@ -0,0 +1,17 @@
+//! `SeaORM` Entity, @generated by sea-orm-codegen 2.0.0-rc.18
+
+use sea_orm::entity::prelude::*;
+use serde::{Deserialize, Serialize};
+
+#[sea_orm::model]
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, Serialize, Deserialize)]
+#[sea_orm(table_name = "config")]
+pub struct Model {
+    #[sea_orm(primary_key, auto_increment = false)]
+    pub key: String,
+    pub value: String,
+    pub created_at: DateTimeUtc,
+    pub updated_at: DateTimeUtc,
+}
+
+impl ActiveModelBehavior for ActiveModel {}

public/database/src/generated/entities/mod.rs

@@ -0,0 +1,6 @@
+//! `SeaORM` Entity, @generated by sea-orm-codegen 2.0.0-rc.18
+
+pub mod prelude;
+
+pub mod config;
+pub mod user;

public/database/src/generated/entities/prelude.rs

@@ -0,0 +1,4 @@
+//! `SeaORM` Entity, @generated by sea-orm-codegen 2.0.0-rc.18
+
+pub use super::config::Entity as Config;
+pub use super::user::Entity as User;

public/database/src/generated/entities/user.rs

@@ -0,0 +1,21 @@
+//! `SeaORM` Entity, @generated by sea-orm-codegen 2.0.0-rc.18
+
+use sea_orm::entity::prelude::*;
+use serde::{Deserialize, Serialize};
+
+#[sea_orm::model]
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, Serialize, Deserialize)]
+#[sea_orm(table_name = "user")]
+pub struct Model {
+    #[sea_orm(primary_key, auto_increment = false)]
+    pub id: Uuid,
+    #[sea_orm(unique)]
+    pub name: String,
+    pub is_admin: bool,
+    pub password_hash: String,
+    pub salt: String,
+    pub created_at: DateTimeUtc,
+    pub updated_at: DateTimeUtc,
+}
+
+impl ActiveModelBehavior for ActiveModel {}

public/database/src/lib.rs

@@ -0,0 +1,25 @@
+use log::LevelFilter;
+use sea_orm::ConnectOptions;
+pub mod generated;
+
+pub async fn get_connection<T: FnOnce(&mut ConnectOptions)>(
+    connection_string: &str,
+    option_fn: Option<T>,
+) -> Result<sea_orm::DatabaseConnection, sea_orm::DbErr> {
+    use sea_orm::Database;
+
+    let mut opt = ConnectOptions::new(connection_string.to_string());
+    opt.max_connections(10)
+        .min_connections(0)
+        .connect_timeout(std::time::Duration::from_secs(8))
+        .idle_timeout(std::time::Duration::from_secs(8))
+        .test_before_acquire(true)
+        .sqlx_logging(true)
+        .sqlx_logging_level(LevelFilter::Debug);
+
+    if let Some(option_fn) = option_fn {
+        option_fn(&mut opt);
+    }
+
+    Database::connect(opt).await
+}

public/migration/Cargo.toml

@@ -0,0 +1,22 @@
+[package]
+name = "migration"
+version = "0.1.0"
+edition = "2024"
+rust-version = "1.85.0"
+publish = false
+
+[lib]
+name = "migration"
+path = "src/lib.rs"
+
+[dependencies]
+tokio = { version = "1", features = ["macros", "rt", "rt-multi-thread"] }
+sea-orm-cli = { workspace = true, features = ["sqlx-postgres", "sqlx-mysql", "sqlx-sqlite", "runtime-tokio"] }
+log = "0.4.28"
+
+[dependencies.sea-orm-migration]
+workspace = true
+features = [
+  "runtime-tokio-rustls",  # `ASYNC_RUNTIME` feature
+  "sqlx-postgres", "sqlx-mysql", "sqlx-sqlite"  # `DATABASE_DRIVER` features
+]

public/migration/README.md

@@ -0,0 +1,59 @@
+# Running Migrator CLI
+
+- Generate a new migration file
+
+    ```sh
+    cargo run -- generate MIGRATION_NAME
+    ```
+
+- Apply all pending migrations
+
+    ```sh
+    cargo run
+    ```
+
+    ```sh
+    cargo run -- up
+    ```
+
+- Apply first 10 pending migrations
+
+    ```sh
+    cargo run -- up -n 10
+    ```
+
+- Rollback last applied migrations
+
+    ```sh
+    cargo run -- down
+    ```
+
+- Rollback last 10 applied migrations
+
+    ```sh
+    cargo run -- down -n 10
+    ```
+
+- Drop all tables from the database, then reapply all migrations
+
+    ```sh
+    cargo run -- fresh
+    ```
+
+- Rollback all applied migrations, then reapply all migrations
+
+    ```sh
+    cargo run -- refresh
+    ```
+
+- Rollback all applied migrations
+
+    ```sh
+    cargo run -- reset
+    ```
+
+- Check the status of all migrations
+
+    ```sh
+    cargo run -- status
+    ```

public/migration/src/lib.rs

@@ -0,0 +1,72 @@
+pub use sea_orm_migration::prelude::*;
+
+mod migrations;
+use migrations::*;
+use sea_orm_migration::sea_orm::{ConnectOptions, Database};
+
+pub struct Migrator;
+
+#[async_trait::async_trait]
+impl MigratorTrait for Migrator {
+    fn migrations() -> Vec<Box<dyn MigrationTrait>> {
+        vec![
+            Box::new(m20251011_000001_create_user_table::Migration),
+            Box::new(m20251011_000002_create_config_table::Migration),
+        ]
+    }
+}
+
+pub async fn migrate_database(db_url: &str) -> Result<(), DbErr> {
+    let mut opt = ConnectOptions::new(db_url);
+    opt.max_connections(10)
+        .min_connections(0)
+        .connect_timeout(std::time::Duration::from_secs(8))
+        .idle_timeout(std::time::Duration::from_secs(8))
+        .test_before_acquire(true)
+        .sqlx_logging(true)
+        .sqlx_logging_level(log::LevelFilter::Debug);
+    let db = Database::connect(opt).await?;
+
+    Migrator::up(&db, None).await
+}
+
+pub async fn generate_entity(
+    db_url: &str,
+    output_dir: &str,
+) -> Result<(), Box<dyn std::error::Error>> {
+    use sea_orm_cli::commands::generate::run_generate_command;
+    run_generate_command(
+        sea_orm_cli::GenerateSubcommands::Entity {
+            compact_format: true,
+            expanded_format: false,
+            frontend_format: false,
+            include_hidden_tables: false,
+            tables: vec![],
+            ignore_tables: vec!["seaql_migrations".to_string()],
+            max_connections: 1,
+            acquire_timeout: 30,
+            output_dir: output_dir.to_string(),
+            database_schema: Some("public".to_string()),
+            database_url: db_url.to_string(),
+            with_prelude: "all".to_string(),
+            with_serde: "both".to_string(),
+            serde_skip_deserializing_primary_key: false,
+            serde_skip_hidden_column: false,
+            with_copy_enums: true,
+            date_time_crate: sea_orm_cli::DateTimeCrate::Chrono,
+            lib: false,
+            model_extra_derives: vec![],
+            model_extra_attributes: vec![],
+            enum_extra_derives: vec![],
+            enum_extra_attributes: vec![],
+            seaography: false,
+            impl_active_model_behavior: true,
+            big_integer_type: sea_orm_cli::BigIntegerType::I64,
+            column_extra_derives: vec![],
+            entity_format: Some("dense".to_string()),
+            preserve_user_modifications: false,
+        },
+        false,
+    )
+    .await
+}

public/migration/src/main.rs

@@ -0,0 +1,6 @@
+use sea_orm_migration::prelude::*;
+
+#[tokio::main]
+async fn main() {
+    cli::run_cli(migration::Migrator).await;
+}

public/migration/src/migrations.rs

@@ -0,0 +1,2 @@
+pub mod m20251011_000001_create_user_table;
+pub mod m20251011_000002_create_config_table;

public/migration/src/migrations/m20251011_000001_create_user_table.rs

@@ -0,0 +1,60 @@
+use sea_orm_migration::{prelude::*, schema::*};
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[derive(DeriveIden)]
+enum User {
+    Table,
+    Id,
+    //
+    Name,
+    IsAdmin,
+    PasswordHash,
+    Salt,
+    //
+    CreatedAt,
+    UpdatedAt,
+}
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .create_table(
+                Table::create()
+                    .table(User::Table)
+                    .if_not_exists()
+                    .col(pk_uuid(User::Id))
+                    .col(ColumnDef::new(User::Name).string().not_null().unique_key())
+                    .col(
+                        ColumnDef::new(User::IsAdmin)
+                            .boolean()
+                            .default(false)
+                            .not_null(),
+                    )
+                    .col(ColumnDef::new(User::PasswordHash).string().not_null())
+                    .col(ColumnDef::new(User::Salt).string().not_null())
+                    .col(
+                        ColumnDef::new(User::CreatedAt)
+                            .timestamp()
+                            .default(SimpleExpr::Keyword(Keyword::CurrentTimestamp))
+                            .not_null(),
+                    )
+                    .col(
+                        ColumnDef::new(User::UpdatedAt)
+                            .timestamp()
+                            .default(SimpleExpr::Keyword(Keyword::CurrentTimestamp))
+                            .not_null(),
+                    )
+                    .to_owned(),
+            )
+            .await
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .drop_table(Table::drop().table(User::Table).to_owned())
+            .await
+    }
+}

public/migration/src/migrations/m20251011_000002_create_config_table.rs

@@ -0,0 +1,54 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[derive(DeriveIden)]
+enum Config {
+    Table,
+    //
+    Key,
+    Value,
+    //
+    CreatedAt,
+    UpdatedAt,
+}
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .create_table(
+                Table::create()
+                    .table(Config::Table)
+                    .if_not_exists()
+                    .col(
+                        ColumnDef::new(Config::Key)
+                            .string()
+                            .not_null()
+                            .primary_key(),
+                    )
+                    .col(ColumnDef::new(Config::Value).string().not_null())
+                    .col(
+                        ColumnDef::new(Config::CreatedAt)
+                            .timestamp()
+                            .default(SimpleExpr::Keyword(Keyword::CurrentTimestamp))
+                            .not_null(),
+                    )
+                    .col(
+                        ColumnDef::new(Config::UpdatedAt)
+                            .timestamp()
+                            .default(SimpleExpr::Keyword(Keyword::CurrentTimestamp))
+                            .not_null(),
+                    )
+                    .to_owned(),
+            )
+            .await
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .drop_table(Table::drop().table(Config::Table).to_owned())
+            .await
+    }
+}

public/shared/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "shared"
+version = "0.1.0"
+edition = "2024"
+
+[lib]
+path = "src/lib.rs"
+
+[lints]
+workspace = true

public/shared/src/db_type.rs

@@ -0,0 +1,28 @@
+use std::str::FromStr;
+
+#[derive(Debug, Clone)]
+pub enum DBType {
+    PostgreSQL,
+    SQLite,
+}
+
+impl std::fmt::Display for DBType {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            DBType::PostgreSQL => write!(f, "PostgreSQL"),
+            DBType::SQLite => write!(f, "SQLite"),
+        }
+    }
+}
+
+impl FromStr for DBType {
+    type Err = String;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        match s.to_lowercase().as_str() {
+            "postgresql" | "postgres" => Ok(DBType::PostgreSQL),
+            "sqlite" => Ok(DBType::SQLite),
+            _ => Err(format!("Unknown DBType: {}", s)),
+        }
+    }
+}

public/shared/src/lib.rs

@@ -0,0 +1 @@
+pub mod db_type;