inital

2026-02-23 17:08:58 +01:00
commit f09748f4a1
97 changed files with 17729 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,410 @@
+# Feuerwehr Dashboard
+
+A modern, secure web application for managing fire department operations with integrated Authentik SSO authentication.
+
+## Overview
+
+The Feuerwehr Dashboard is a full-stack web application designed specifically for fire departments (Feuerwehr) to manage operations, personnel, and administrative tasks. Built with modern technologies and security best practices, it provides a robust platform for fire service management.
+
+## Features
+
+### Authentication & Security
+- OAuth 2.0 / OpenID Connect integration with Authentik
+- Secure JWT-based session management
+- Role-based access control (RBAC)
+- Automatic token refresh
+- Rate limiting and security headers (Helmet.js)
+- CORS protection
+
+### Dashboard & User Management
+- Modern, responsive Material-UI interface
+- Real-time user profile management
+- Secure user session handling
+- Multi-device support
+- Dark mode ready
+
+### Service Management
+- Extensible service architecture
+- Database-backed operations
+- RESTful API design
+- Health monitoring endpoints
+
+## Tech Stack
+
+### Frontend
+- **React 18** - Modern UI library
+- **TypeScript** - Type-safe development
+- **Material-UI (MUI)** - Component library
+- **React Router** - Client-side routing
+- **Axios** - HTTP client
+- **Vite** - Build tool and dev server
+- **Nginx** - Production web server
+
+### Backend
+- **Node.js 18+** - Runtime environment
+- **Express 5** - Web framework
+- **TypeScript** - Type-safe development
+- **PostgreSQL 16** - Database
+- **jsonwebtoken** - JWT handling
+- **Helmet** - Security middleware
+- **Winston** - Logging
+- **Zod** - Schema validation
+
+### Infrastructure
+- **Docker & Docker Compose** - Containerization
+- **PostgreSQL 16 Alpine** - Production database
+- **Nginx Alpine** - Frontend serving
+- **Health checks** - Service monitoring
+
+## Prerequisites
+
+- **Docker** 20.10+ and **Docker Compose** 2.0+
+- **Authentik** instance (self-hosted or cloud)
+- **Node.js 18+** (for local development)
+- **Git**
+
+## Quick Start
+
+Get the dashboard running in 3 simple steps:
+
+### 1. Clone and Configure
+
+```bash
+git clone <your-repository-url>
+cd feuerwehr_dashboard
+cp .env.example .env
+```
+
+Edit `.env` with your configuration (see [Environment Variables](#environment-variables) section).
+
+### 2. Configure Authentik
+
+Follow the [Authentik Setup Guide](AUTHENTIK_SETUP.md) to create and configure your OAuth application.
+
+### 3. Deploy
+
+```bash
+make prod
+# or
+./deploy.sh production
+```
+
+The dashboard will be available at `http://localhost` (or your configured domain).
+
+## Project Structure
+
+```
+feuerwehr_dashboard/
+├── backend/                    # Node.js/Express backend
+│   ├── src/
+│   │   ├── config/            # Configuration files
+│   │   ├── controllers/       # Request handlers
+│   │   ├── database/          # Database setup and migrations
+│   │   ├── middleware/        # Express middleware
+│   │   ├── models/            # Data models
+│   │   ├── routes/            # API routes
+│   │   ├── services/          # Business logic
+│   │   ├── types/             # TypeScript types
+│   │   ├── utils/             # Utility functions
+│   │   ├── app.ts             # Express app setup
+│   │   └── server.ts          # Server entry point
+│   ├── Dockerfile             # Backend container
+│   └── package.json
+├── frontend/                   # React/TypeScript frontend
+│   ├── src/
+│   │   ├── components/        # Reusable components
+│   │   ├── contexts/          # React contexts
+│   │   ├── pages/             # Page components
+│   │   ├── services/          # API services
+│   │   ├── theme/             # MUI theme
+│   │   ├── types/             # TypeScript types
+│   │   ├── utils/             # Utility functions
+│   │   ├── App.tsx            # Main app component
+│   │   └── main.tsx           # Entry point
+│   ├── Dockerfile             # Frontend container
+│   ├── nginx.conf             # Nginx configuration
+│   └── package.json
+├── docker-compose.yml          # Production deployment
+├── docker-compose.dev.yml      # Development database
+├── .env.example               # Environment template
+├── deploy.sh                  # Deployment script
+├── Makefile                   # Make commands
+├── README.md                  # This file
+├── DEPLOYMENT.md              # Deployment guide
+├── DEVELOPMENT.md             # Developer guide
+├── AUTHENTIK_SETUP.md         # Authentik configuration
+├── API_DOCUMENTATION.md       # API reference
+├── ARCHITECTURE.md            # System architecture
+├── SECURITY.md                # Security guidelines
+├── CONTRIBUTING.md            # Contribution guide
+└── CHANGELOG.md               # Version history
+```
+
+## Development Setup
+
+For local development without Docker, follow these steps:
+
+### 1. Start Development Database
+
+```bash
+make dev
+# or
+./deploy.sh local
+```
+
+This starts a PostgreSQL container with development credentials.
+
+### 2. Install Dependencies
+
+```bash
+make install
+# or manually:
+cd backend && npm install
+cd ../frontend && npm install
+```
+
+### 3. Configure Environment
+
+Backend `.env` (in `backend/.env`):
+```bash
+DATABASE_URL=postgresql://dev_user:dev_password@localhost:5432/feuerwehr_dev
+JWT_SECRET=your_development_secret
+NODE_ENV=development
+PORT=3000
+```
+
+Frontend `.env` (in `frontend/.env`):
+```bash
+VITE_API_URL=http://localhost:3000
+```
+
+### 4. Run Services
+
+Terminal 1 - Backend:
+```bash
+cd backend
+npm run dev
+```
+
+Terminal 2 - Frontend:
+```bash
+cd frontend
+npm run dev
+```
+
+Access the app at `http://localhost:5173` (Vite dev server).
+
+For more details, see [DEVELOPMENT.md](DEVELOPMENT.md).
+
+## Production Deployment
+
+For complete production deployment instructions, see [DEPLOYMENT.md](DEPLOYMENT.md).
+
+### Quick Production Setup
+
+1. **Configure environment variables** in `.env`:
+   - Set strong `POSTGRES_PASSWORD`
+   - Generate secure `JWT_SECRET` (use `openssl rand -base64 32`)
+   - Configure `CORS_ORIGIN` to match your frontend URL
+   - Set Authentik credentials
+
+2. **Deploy all services**:
+   ```bash
+   make prod
+   ```
+
+3. **Verify deployment**:
+   ```bash
+   docker-compose ps
+   make logs-prod
+   ```
+
+## Environment Variables
+
+### Required Variables
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `POSTGRES_PASSWORD` | Database password (production) | `SecureP@ssw0rd!` |
+| `JWT_SECRET` | JWT signing secret | `openssl rand -base64 32` |
+| `AUTHENTIK_CLIENT_ID` | OAuth client ID from Authentik | `abc123...` |
+| `AUTHENTIK_CLIENT_SECRET` | OAuth client secret | `xyz789...` |
+| `AUTHENTIK_ISSUER` | Authentik issuer URL | `https://auth.example.com/application/o/feuerwehr/` |
+
+### Optional Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `POSTGRES_DB` | Database name | `feuerwehr_prod` |
+| `POSTGRES_USER` | Database user | `prod_user` |
+| `POSTGRES_PORT` | Database port | `5432` |
+| `BACKEND_PORT` | Backend API port | `3000` |
+| `FRONTEND_PORT` | Frontend port | `80` |
+| `NODE_ENV` | Node environment | `production` |
+| `CORS_ORIGIN` | Allowed frontend origin | `http://localhost:80` |
+| `VITE_API_URL` | Frontend API URL | `http://localhost:3000` |
+
+For complete documentation, see [.env.example](.env.example).
+
+## Available Commands
+
+### Using Make (Recommended)
+
+```bash
+# Development
+make dev          # Start local development database
+make logs-dev     # Show development logs
+make rebuild-dev  # Rebuild development services
+
+# Production
+make prod         # Deploy production environment
+make logs-prod    # Show production logs
+make rebuild      # Rebuild production services
+
+# General
+make stop         # Stop all services
+make clean        # Remove all containers, volumes, and images
+make install      # Install all dependencies
+make test         # Run tests
+make help         # Show all available commands
+```
+
+### Using Deploy Script
+
+```bash
+./deploy.sh production    # Deploy production
+./deploy.sh local         # Start local dev database
+./deploy.sh stop          # Stop all services
+./deploy.sh logs          # Show production logs
+./deploy.sh rebuild       # Rebuild services
+./deploy.sh clean         # Clean up everything
+```
+
+## Troubleshooting
+
+### Database Connection Failed
+
+**Symptoms**: Backend logs show database connection errors
+
+**Solutions**:
+```bash
+# Check if database is running
+docker-compose ps
+
+# View database logs
+make logs-dev  # or logs-prod
+
+# Restart database
+docker-compose restart postgres
+
+# Verify credentials in .env match docker-compose.yml
+```
+
+### Authentication Not Working
+
+**Symptoms**: Login redirects fail or return errors
+
+**Solutions**:
+1. Verify Authentik configuration (see [AUTHENTIK_SETUP.md](AUTHENTIK_SETUP.md))
+2. Check redirect URIs match exactly
+3. Verify `AUTHENTIK_CLIENT_ID` and `AUTHENTIK_CLIENT_SECRET` in `.env`
+4. Check browser console for CORS errors
+5. Ensure `CORS_ORIGIN` matches your frontend URL
+
+### Port Already in Use
+
+**Symptoms**: Docker fails to start with "port already allocated"
+
+**Solutions**:
+```bash
+# Find what's using the port
+lsof -i :3000  # or :80, :5432
+
+# Change ports in .env
+BACKEND_PORT=3001
+FRONTEND_PORT=8080
+POSTGRES_PORT=5433
+```
+
+### Frontend Can't Reach Backend
+
+**Symptoms**: API calls fail with network errors
+
+**Solutions**:
+1. Verify `VITE_API_URL` in `.env` matches backend URL
+2. Check `CORS_ORIGIN` in backend allows frontend URL
+3. Ensure backend is running: `curl http://localhost:3000/health`
+4. Check network connectivity between containers
+
+### Complete Reset
+
+If all else fails:
+```bash
+make clean  # Removes everything
+make prod   # Fresh deployment
+```
+
+For more issues, see [DEVELOPMENT.md](DEVELOPMENT.md#common-issues).
+
+## API Documentation
+
+See [API_DOCUMENTATION.md](API_DOCUMENTATION.md) for complete API reference.
+
+### Quick API Overview
+
+- `POST /api/auth/callback` - Handle OAuth callback
+- `POST /api/auth/refresh` - Refresh access token
+- `POST /api/auth/logout` - Logout user
+- `GET /api/user/me` - Get current user
+- `GET /health` - Health check endpoint
+
+## Security
+
+This application implements security best practices:
+
+- OAuth 2.0 / OpenID Connect authentication
+- JWT-based stateless sessions
+- HTTP security headers (Helmet.js)
+- CORS protection
+- Rate limiting
+- SQL injection protection (parameterized queries)
+- XSS protection
+- Secure password handling (delegated to Authentik)
+
+For security guidelines and reporting vulnerabilities, see [SECURITY.md](SECURITY.md).
+
+## Contributing
+
+We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for:
+
+- Code style guidelines
+- Development workflow
+- Pull request process
+- Issue reporting
+
+## Architecture
+
+For system architecture, component diagrams, and data flow, see [ARCHITECTURE.md](ARCHITECTURE.md).
+
+## Changelog
+
+See [CHANGELOG.md](CHANGELOG.md) for version history and release notes.
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## Support
+
+For questions or issues:
+
+1. Check [Troubleshooting](#troubleshooting) section
+2. Review relevant documentation files
+3. Search existing issues
+4. Create a new issue with detailed information
+
+## Acknowledgments
+
+- Built with modern open-source technologies
+- Designed for fire department operations management
+- Inspired by the need for secure, user-friendly emergency services software