kyle
868f7efc23
Some checks failed
CI/CD Pipeline / Backend Tests (push) Has been cancelled
CI/CD Pipeline / Frontend Tests (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (push) Has been cancelled
CI/CD Pipeline / Security Scan (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Complete rewrite from Express to NestJS with enterprise-grade features: ## Backend Improvements - Migrated from Express to NestJS 11.0.1 with TypeScript - Implemented Prisma ORM 7.3.0 for type-safe database access - Added CASL authorization system replacing role-based guards - Created global exception filters with structured logging - Implemented Auth0 JWT authentication with Passport.js - Added vehicle management with conflict detection - Enhanced event scheduling with driver/vehicle assignment - Comprehensive error handling and logging ## Frontend Improvements - Upgraded to React 19.2.0 with Vite 7.2.4 - Implemented CASL-based permission system - Added AbilityContext for declarative permissions - Created ErrorHandler utility for consistent error messages - Enhanced API client with request/response logging - Added War Room (Command Center) dashboard - Created VIP Schedule view with complete itineraries - Implemented Vehicle Management UI - Added mock data generators for testing (288 events across 20 VIPs) ## New Features - Vehicle fleet management (types, capacity, status tracking) - Complete 3-day Jamboree schedule generation - Individual VIP schedule pages with PDF export (planned) - Real-time War Room dashboard with auto-refresh - Permission-based navigation filtering - First user auto-approval as administrator ## Documentation - Created CASL_AUTHORIZATION.md (comprehensive guide) - Created ERROR_HANDLING.md (error handling patterns) - Updated CLAUDE.md with new architecture - Added migration guides and best practices ## Technical Debt Resolved - Removed custom authentication in favor of Auth0 - Replaced role checks with CASL abilities - Standardized error responses across API - Implemented proper TypeScript typing - Added comprehensive logging Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1.7 KiB
1.7 KiB
Keycloak Authentication Setup
Quick Start
1. Start Services
docker compose -f docker-compose.dev.yml up -d
2. Access Keycloak Admin Console
- URL: http://localhost:8080
- Username:
admin - Password:
admin
3. Create Realm
- Click "Create Realm"
- Name:
vip-coordinator - Click "Create"
4. Create Client (for your app)
- Go to Clients → Create client
- Client ID:
vip-coordinator-frontend - Client type:
OpenID Connect - Click Next
- Capability config:
- ✅ Client authentication: OFF (public client)
- ✅ Authorization: OFF
- ✅ Standard flow: ON
- ✅ Direct access grants: ON
- Click Next
- Login settings:
- Valid redirect URIs:
http://localhost:5173/* - Web origins:
http://localhost:5173 - Valid post logout redirect URIs:
http://localhost:5173/*
- Valid redirect URIs:
- Click Save
5. Enable Google Social Login (Optional)
- Go to Identity providers → Add provider → Google
- Client ID: (your Google OAuth client ID)
- Client Secret: (your Google OAuth secret)
- Click Save
6. Get Configuration
After setup, Keycloak provides:
- Realm URL:
http://localhost:8080/realms/vip-coordinator - Client ID:
vip-coordinator-frontend - Discovery URL:
http://localhost:8080/realms/vip-coordinator/.well-known/openid-configuration
Next Steps
- Update backend to use Keycloak JWT validation
- Update frontend to use Keycloak React SDK
- Test login flow
Benefits
- ✅ Self-hosted in Docker
- ✅ No external dependencies
- ✅ Full control over users and roles
- ✅ Social login support
- ✅ JWT tokens
- ✅ User management UI
- ✅ Role-based access control