Initial commit

2026-02-06 21:44:04 -06:00
commit f85e93c7a6
151 changed files with 22916 additions and 0 deletions
--- a/update.md
+++ b/update.md
@@ -0,0 +1 @@
+Please complete following 1) Data model & DB first (foundation) Add/extend tables/collections: User: firstName, lastName, gender, dob, address, avatarUrl, emailVerified, roles (USER/ADMIN) EmailVerificationToken: userId, token, expiresAt, usedAt PasswordResetToken: userId, token, expiresAt, usedAt Webinar: title, description, speaker, startAt, duration, bannerUrl, category, visibility (PUBLIC/PRIVATE), isActive WebinarRegistration: userId, webinarId, status, createdAt AppSetup (single row): googleAuthEnabled, googleClientId, googleClientSecret, socials {twitter, instagram, linkedin, youtube, …} Add indexes on token fields + webinar visibility + registrations (userId, webinarId unique). 2) Phase B — Auth end-to-end A) Registration (real-world) Update register UI to collect: firstName, lastName, gender, dob, address email, password, confirmPassword Add server validation: password strength + confirmPassword match field sanitization + required checks After register: create user as emailVerified = false generate verification token + expiry (ex: 24h) send verification email link B) Email verification flow Routes: GET /auth/verify?token=... Logic: validate token exists, not expired, not used set user.emailVerified = true, set token.usedAt redirect to login with “Verified” message C) Login / Logout Login should block unverified users (show “verify email” message + resend option) Logout clears session/JWT + redirects. D) Reset password flow “Forgot password”: POST /auth/forgot-password (always return success message) generate reset token + expiry (ex: 30–60 min), email link “Reset password”: POST /auth/reset-password with token + newPassword + confirmPassword validate token, expiry, usedAt, update password, mark usedAt E) Google OAuth Add Google auth only if enabled in AppSetup. Endpoints: GET /auth/google (redirect) GET /auth/google/callback (create/link user) If new Google user → mark emailVerified true (since Google email is verified). Make UI show/hide Google button based on AppSetup.googleAuthEnabled. F) Settings page Profile update: firstName/lastName/gender/dob/address/avatar upload Change password: oldPassword + newPassword + confirmPassword validate strength + match 3) Navbar “real-world” avatar dropdown Replace “Login/Register” buttons with: Avatar icon (fallback initials) Dropdown: Settings, Logout Avatar should use stored avatarUrl or generated initials. 4) Phase C — Webinar product A) Seed + landing page Add seed script (or migration seed) to create sample webinars across categories. Landing page: show public + active webinars category tabs (like your screenshot) → filter list B) Webinar list + details List page: search + category tabs + card layout Details page: full description + schedule + speaker + “Register Free” button C) Free registration + “My Webinars” Registration: require login create WebinarRegistration (unique per user/webinar) Customer portal: “My webinars” page listing registered webinars show status + join/details link 5) Contact Us page (sanitized) UI: name, email, subject, message Server: sanitize/escape inputs validate email rate-limit + captcha optional store to DB or send email to admin mailbox 6) Admin portal (real dashboard) Restrict all admin routes by role ADMIN. Layout: Left sidebar with Users, Webinars, App Setup Users page: list/search users, verify status, role toggle, disable user (optional) Webinars page: CRUD webinar + toggle visibility (PUBLIC/PRIVATE) + isActive App Setup page (single save button): section 1: Auth toggles (googleAuthEnabled) section 2: Google credentials section 3: Social IDs (twitter/instagram/linkedin/youtube…) section 4: Landing categories config (if needed) One Save button updates whole AppSetup record 7) UI consistency (colors + components) Keep existing project theme/colors. Only match the screenshot for layout behavior (tabs, sidebar), not palette. 8) Final “definition of done” checklist ✅ Register includes extra fields + password confirm + validation ✅ Email verify token + expiry + resend ✅ Forgot/reset password with token expiry ✅ Google OAuth only when enabled in AppSetup ✅ Avatar dropdown (Settings/Logout) ✅ Seed webinars show on landing + categories as tabs ✅ Webinar details + free registration + “My webinars” ✅ Admin dashboard sidebar Users/Webinars/App Setup + CRUD/visibility ✅ Contact us sanitized + validated
				`@@ -0,0 +1 @@`
				Please complete following 1) Data model & DB first (foundation) Add/extend tables/collections: User: firstName, lastName, gender, dob, address, avatarUrl, emailVerified, roles (USER/ADMIN) EmailVerificationToken: userId, token, expiresAt, usedAt PasswordResetToken: userId, token, expiresAt, usedAt Webinar: title, description, speaker, startAt, duration, bannerUrl, category, visibility (PUBLIC/PRIVATE), isActive WebinarRegistration: userId, webinarId, status, createdAt AppSetup (single row): googleAuthEnabled, googleClientId, googleClientSecret, socials {twitter, instagram, linkedin, youtube, …} Add indexes on token fields + webinar visibility + registrations (userId, webinarId unique). 2) Phase B — Auth end-to-end A) Registration (real-world) Update register UI to collect: firstName, lastName, gender, dob, address email, password, confirmPassword Add server validation: password strength + confirmPassword match field sanitization + required checks After register: create user as emailVerified = false generate verification token + expiry (ex: 24h) send verification email link B) Email verification flow Routes: GET /auth/verify?token=... Logic: validate token exists, not expired, not used set user.emailVerified = true, set token.usedAt redirect to login with “Verified” message C) Login / Logout Login should block unverified users (show “verify email” message + resend option) Logout clears session/JWT + redirects. D) Reset password flow “Forgot password”: POST /auth/forgot-password (always return success message) generate reset token + expiry (ex: 30–60 min), email link “Reset password”: POST /auth/reset-password with token + newPassword + confirmPassword validate token, expiry, usedAt, update password, mark usedAt E) Google OAuth Add Google auth only if enabled in AppSetup. Endpoints: GET /auth/google (redirect) GET /auth/google/callback (create/link user) If new Google user → mark emailVerified true (since Google email is verified). Make UI show/hide Google button based on AppSetup.googleAuthEnabled. F) Settings page Profile update: firstName/lastName/gender/dob/address/avatar upload Change password: oldPassword + newPassword + confirmPassword validate strength + match 3) Navbar “real-world” avatar dropdown Replace “Login/Register” buttons with: Avatar icon (fallback initials) Dropdown: Settings, Logout Avatar should use stored avatarUrl or generated initials. 4) Phase C — Webinar product A) Seed + landing page Add seed script (or migration seed) to create sample webinars across categories. Landing page: show public + active webinars category tabs (like your screenshot) → filter list B) Webinar list + details List page: search + category tabs + card layout Details page: full description + schedule + speaker + “Register Free” button C) Free registration + “My Webinars” Registration: require login create WebinarRegistration (unique per user/webinar) Customer portal: “My webinars” page listing registered webinars show status + join/details link 5) Contact Us page (sanitized) UI: name, email, subject, message Server: sanitize/escape inputs validate email rate-limit + captcha optional store to DB or send email to admin mailbox 6) Admin portal (real dashboard) Restrict all admin routes by role ADMIN. Layout: Left sidebar with Users, Webinars, App Setup Users page: list/search users, verify status, role toggle, disable user (optional) Webinars page: CRUD webinar + toggle visibility (PUBLIC/PRIVATE) + isActive App Setup page (single save button): section 1: Auth toggles (googleAuthEnabled) section 2: Google credentials section 3: Social IDs (twitter/instagram/linkedin/youtube…) section 4: Landing categories config (if needed) One Save button updates whole AppSetup record 7) UI consistency (colors + components) Keep existing project theme/colors. Only match the screenshot for layout behavior (tabs, sidebar), not palette. 8) Final “definition of done” checklist ✅ Register includes extra fields + password confirm + validation ✅ Email verify token + expiry + resend ✅ Forgot/reset password with token expiry ✅ Google OAuth only when enabled in AppSetup ✅ Avatar dropdown (Settings/Logout) ✅ Seed webinars show on landing + categories as tabs ✅ Webinar details + free registration + “My webinars” ✅ Admin dashboard sidebar Users/Webinars/App Setup + CRUD/visibility ✅ Contact us sanitized + validated