ColivingLiguria

S.r.l. — Startup Innovativa
Apply NowCandidati
HomeHomeTechnical LibraryArchivio tecnico

2 min read

Deployment And Operations

The website runs on Quartz v5 and Cloudflare Pages. The private-area UI is built as Quartz content plus Cloudflare Pages Functions.

Quartz v5 Compatibility

Current requirements:

  • Node.js 22 or newer;
  • npm 10.9.2 or newer;
  • active configuration in Quartz_CL/quartz.config.yaml;
  • compatibility layout bridge in Quartz_CL/quartz.ts;
  • generated plugin source in .quartz/, which must not be committed.

Local build command from Quartz_CL:

npm run build

When using the bundled Node runtime, run npm through that Node executable so Quartz v5 does not fall back to an older system Node.

Cloudflare Pages

Project:

  • colivingliguria

Build output:

  • Quartz_CL/public

Pages Functions:

  • Quartz_CL/functions/api/auth/[[path]].ts

The auth proxy is intentionally same-origin. Browser code calls /api/auth/*; the function forwards the request to the configured Living Register backend.

Environment Variables

Required for live private-area authentication and upload:

  • LROS_AUTH_API_BASE: HTTPS base URL of the Living Register auth API, without trailing slash.

Optional:

  • LROS_AUTH_API_TOKEN: shared token forwarded as X-CL-Internal-Auth.

Backend production requirement:

  • LROS_AUTH_DEV_MODE=0.

If LROS_AUTH_API_BASE is missing, /api/auth/* must return a 503 JSON error. That is the correct failure mode because sensitive uploads must not be silently accepted or redirected to an unsafe channel.

Deployment Commands

From Quartz_CL:

npm run build
npx wrangler pages deploy public --project-name colivingliguria --branch main

Use --branch main only when intentionally publishing a production deployment. Other branches create preview deployments.

Smoke Checks After Deploy

Check these URLs after each deployment:

  • /login
  • /private
  • /System/Software/Private-Area
  • /System/Software/Private-Area/Authentication-And-Sessions
  • /System/Software/Private-Area/Protected-Upload-Channel
  • /System/Software/Private-Area/Privacy-And-Document-Rules
  • /System/Software/Private-Area/Deployment-And-Operations
  • /api/auth/tracks

Expected /api/auth/tracks result:

  • 200 when LROS_AUTH_API_BASE is configured and reachable;
  • 503 with an explicit JSON error when production auth backend configuration is missing;
  • never a static HTML success page.

Performance And Accessibility

Private-area pages must remain lightweight:

  • no public document data export;
  • no third-party upload widget;
  • no client-side preview of sensitive document content;
  • cache disabled on API responses;
  • clear focus styles on forms;
  • mobile-friendly fields and buttons;
  • direct link from login to this technical documentation.

Graph View