Major Enhancement: NestJS Migration + CASL Authorization + Error Handling

Complete rewrite from Express to NestJS with enterprise-grade features: ## Backend Improvements - Migrated from Express to NestJS 11.0.1 with TypeScript - Implemented Prisma ORM 7.3.0 for type-safe database access - Added CASL authorization system replacing role-based guards - Created global exception filters with structured logging - Implemented Auth0 JWT authentication with Passport.js - Added vehicle management with conflict detection - Enhanced event scheduling with driver/vehicle assignment - Comprehensive error handling and logging ## Frontend Improvements - Upgraded to React 19.2.0 with Vite 7.2.4 - Implemented CASL-based permission system - Added AbilityContext for declarative permissions - Created ErrorHandler utility for consistent error messages - Enhanced API client with request/response logging - Added War Room (Command Center) dashboard - Created VIP Schedule view with complete itineraries - Implemented Vehicle Management UI - Added mock data generators for testing (288 events across 20 VIPs) ## New Features - Vehicle fleet management (types, capacity, status tracking) - Complete 3-day Jamboree schedule generation - Individual VIP schedule pages with PDF export (planned) - Real-time War Room dashboard with auto-refresh - Permission-based navigation filtering - First user auto-approval as administrator ## Documentation - Created CASL_AUTHORIZATION.md (comprehensive guide) - Created ERROR_HANDLING.md (error handling patterns) - Updated CLAUDE.md with new architecture - Added migration guides and best practices ## Technical Debt Resolved - Removed custom authentication in favor of Auth0 - Replaced role checks with CASL abilities - Standardized error responses across API - Implemented proper TypeScript typing - Added comprehensive logging Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-31 08:50:25 +01:00
parent 8ace1ab2c1
commit 868f7efc23
351 changed files with 44997 additions and 6276 deletions
--- a/KEYCLOAK_SETUP.md
+++ b/KEYCLOAK_SETUP.md
@@ -0,0 +1,61 @@
+# Keycloak Authentication Setup
+
+## Quick Start
+
+### 1. Start Services
+```bash
+docker compose -f docker-compose.dev.yml up -d
+```
+
+### 2. Access Keycloak Admin Console
+- URL: http://localhost:8080
+- Username: `admin`
+- Password: `admin`
+
+### 3. Create Realm
+1. Click "Create Realm"
+2. Name: `vip-coordinator`
+3. Click "Create"
+
+### 4. Create Client (for your app)
+1. Go to **Clients** → **Create client**
+2. Client ID: `vip-coordinator-frontend`
+3. Client type: `OpenID Connect`
+4. Click **Next**
+5. **Capability config:**
+   - ✅ Client authentication: OFF (public client)
+   - ✅ Authorization: OFF
+   - ✅ Standard flow: ON
+   - ✅ Direct access grants: ON
+6. Click **Next**
+7. **Login settings:**
+   - Valid redirect URIs: `http://localhost:5173/*`
+   - Web origins: `http://localhost:5173`
+   - Valid post logout redirect URIs: `http://localhost:5173/*`
+8. Click **Save**
+
+### 5. Enable Google Social Login (Optional)
+1. Go to **Identity providers** → **Add provider** → **Google**
+2. Client ID: (your Google OAuth client ID)
+3. Client Secret: (your Google OAuth secret)
+4. Click **Save**
+
+### 6. Get Configuration
+After setup, Keycloak provides:
+- **Realm URL**: `http://localhost:8080/realms/vip-coordinator`
+- **Client ID**: `vip-coordinator-frontend`
+- **Discovery URL**: `http://localhost:8080/realms/vip-coordinator/.well-known/openid-configuration`
+
+## Next Steps
+1. Update backend to use Keycloak JWT validation
+2. Update frontend to use Keycloak React SDK
+3. Test login flow
+
+## Benefits
+- ✅ Self-hosted in Docker
+- ✅ No external dependencies
+- ✅ Full control over users and roles
+- ✅ Social login support
+- ✅ JWT tokens
+- ✅ User management UI
+- ✅ Role-based access control