ywywadmin/yourwillyourwish
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f85e93c7a63edc902887367344f073585933abdd
yourwillyourwish/update.md
Developer f85e93c7a6 Initial commit
2026-02-06 21:44:04 -06:00

1 line
4.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Please complete following 1) Data model & DB first (foundation) Add/extend tables/collections: User: firstName, lastName, gender, dob, address, avatarUrl, emailVerified, roles (USER/ADMIN) EmailVerificationToken: userId, token, expiresAt, usedAt PasswordResetToken: userId, token, expiresAt, usedAt Webinar: title, description, speaker, startAt, duration, bannerUrl, category, visibility (PUBLIC/PRIVATE), isActive WebinarRegistration: userId, webinarId, status, createdAt AppSetup (single row): googleAuthEnabled, googleClientId, googleClientSecret, socials {twitter, instagram, linkedin, youtube, …} Add indexes on token fields + webinar visibility + registrations (userId, webinarId unique). 2) Phase B — Auth end-to-end A) Registration (real-world) Update register UI to collect: firstName, lastName, gender, dob, address email, password, confirmPassword Add server validation: password strength + confirmPassword match field sanitization + required checks After register: create user as emailVerified = false generate verification token + expiry (ex: 24h) send verification email link B) Email verification flow Routes: GET /auth/verify?token=... Logic: validate token exists, not expired, not used set user.emailVerified = true, set token.usedAt redirect to login with “Verified” message C) Login / Logout Login should block unverified users (show “verify email” message + resend option) Logout clears session/JWT + redirects. D) Reset password flow “Forgot password”: POST /auth/forgot-password (always return success message) generate reset token + expiry (ex: 3060 min), email link “Reset password”: POST /auth/reset-password with token + newPassword + confirmPassword validate token, expiry, usedAt, update password, mark usedAt E) Google OAuth Add Google auth only if enabled in AppSetup. Endpoints: GET /auth/google (redirect) GET /auth/google/callback (create/link user) If new Google user → mark emailVerified true (since Google email is verified). Make UI show/hide Google button based on AppSetup.googleAuthEnabled. F) Settings page Profile update: firstName/lastName/gender/dob/address/avatar upload Change password: oldPassword + newPassword + confirmPassword validate strength + match 3) Navbar “real-world” avatar dropdown Replace “Login/Register” buttons with: Avatar icon (fallback initials) Dropdown: Settings, Logout Avatar should use stored avatarUrl or generated initials. 4) Phase C — Webinar product A) Seed + landing page Add seed script (or migration seed) to create sample webinars across categories. Landing page: show public + active webinars category tabs (like your screenshot) → filter list B) Webinar list + details List page: search + category tabs + card layout Details page: full description + schedule + speaker + “Register Free” button C) Free registration + “My Webinars” Registration: require login create WebinarRegistration (unique per user/webinar) Customer portal: “My webinars” page listing registered webinars show status + join/details link 5) Contact Us page (sanitized) UI: name, email, subject, message Server: sanitize/escape inputs validate email rate-limit + captcha optional store to DB or send email to admin mailbox 6) Admin portal (real dashboard) Restrict all admin routes by role ADMIN. Layout: Left sidebar with Users, Webinars, App Setup Users page: list/search users, verify status, role toggle, disable user (optional) Webinars page: CRUD webinar + toggle visibility (PUBLIC/PRIVATE) + isActive App Setup page (single save button): section 1: Auth toggles (googleAuthEnabled) section 2: Google credentials section 3: Social IDs (twitter/instagram/linkedin/youtube…) section 4: Landing categories config (if needed) One Save button updates whole AppSetup record 7) UI consistency (colors + components) Keep existing project theme/colors. Only match the screenshot for layout behavior (tabs, sidebar), not palette. 8) Final “definition of done” checklist ✅ Register includes extra fields + password confirm + validation ✅ Email verify token + expiry + resend ✅ Forgot/reset password with token expiry ✅ Google OAuth only when enabled in AppSetup ✅ Avatar dropdown (Settings/Logout) ✅ Seed webinars show on landing + categories as tabs ✅ Webinar details + free registration + “My webinars” ✅ Admin dashboard sidebar Users/Webinars/App Setup + CRUD/visibility ✅ Contact us sanitized + validated
Reference in New Issue View Git Blame Copy Permalink