Major Enhancement: NestJS Migration + CASL Authorization + Error Handling

Complete rewrite from Express to NestJS with enterprise-grade features: ## Backend Improvements - Migrated from Express to NestJS 11.0.1 with TypeScript - Implemented Prisma ORM 7.3.0 for type-safe database access - Added CASL authorization system replacing role-based guards - Created global exception filters with structured logging - Implemented Auth0 JWT authentication with Passport.js - Added vehicle management with conflict detection - Enhanced event scheduling with driver/vehicle assignment - Comprehensive error handling and logging ## Frontend Improvements - Upgraded to React 19.2.0 with Vite 7.2.4 - Implemented CASL-based permission system - Added AbilityContext for declarative permissions - Created ErrorHandler utility for consistent error messages - Enhanced API client with request/response logging - Added War Room (Command Center) dashboard - Created VIP Schedule view with complete itineraries - Implemented Vehicle Management UI - Added mock data generators for testing (288 events across 20 VIPs) ## New Features - Vehicle fleet management (types, capacity, status tracking) - Complete 3-day Jamboree schedule generation - Individual VIP schedule pages with PDF export (planned) - Real-time War Room dashboard with auto-refresh - Permission-based navigation filtering - First user auto-approval as administrator ## Documentation - Created CASL_AUTHORIZATION.md (comprehensive guide) - Created ERROR_HANDLING.md (error handling patterns) - Updated CLAUDE.md with new architecture - Added migration guides and best practices ## Technical Debt Resolved - Removed custom authentication in favor of Auth0 - Replaced role checks with CASL abilities - Standardized error responses across API - Implemented proper TypeScript typing - Added comprehensive logging Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-31 08:50:25 +01:00
parent 8ace1ab2c1
commit 868f7efc23
351 changed files with 44997 additions and 6276 deletions
--- a/frontend-old-20260125/src/api/auth0Client.ts
+++ b/frontend-old-20260125/src/api/auth0Client.ts
@@ -0,0 +1,41 @@
+// Auth0-aware API client wrapper
+// This file provides helper functions that automatically inject Auth0 tokens
+
+import { api } from './client';
+
+// Token provider function - will be set by App.tsx
+let tokenProvider: (() => Promise<string>) | null = null;
+
+export function setTokenProvider(provider: () => Promise<string>) {
+  tokenProvider = provider;
+}
+
+// Wrapper that automatically adds Auth0 token to requests
+async function makeAuthenticatedRequest<T>(
+  requestFn: (headers: HeadersInit) => Promise<T>
+): Promise<T> {
+  if (!tokenProvider) {
+    // Fallback to localStorage for non-Auth0 flows (shouldn't happen)
+    const token = localStorage.getItem('authToken');
+    const headers = token ? { Authorization: `Bearer ${token}` } : {};
+    return requestFn(headers);
+  }
+
+  try {
+    const token = await tokenProvider();
+    return requestFn({ Authorization: `Bearer ${token}` });
+  } catch (error) {
+    console.error('Failed to get access token:', error);
+    throw error;
+  }
+}
+
+// Re-export all API methods (they already handle authorization headers)
+export { api, vipApi, driverApi, scheduleApi, authApi } from './client';
+
+// Note: The original ApiClient in client.ts already reads from localStorage
+// and adds the Authorization header. Auth0 SDK stores tokens in localStorage
+// by default (cacheLocation: "localstorage"), so everything should work seamlessly.
+//
+// For more advanced use cases (e.g., using Auth0's memory cache or handling
+// token refresh explicitly), you would use the tokenProvider approach above.