From 913d685721c8883aa2e510e5158b775d5c4a2121 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Gierwia=C5=82o?= Date: Sun, 30 Nov 2025 20:17:27 +0100 Subject: [PATCH] docs: streamline README and update SESSION_CONTEXT, archive outdated docs - Streamline README.md from 645 to 365 lines (43% reduction) - Remove duplicate content with other documentation files - Focus README on quick start, features overview, and links to detailed docs - Update SESSION_CONTEXT.md with recent changes (342/342 tests, matching runs audit) - Archive outdated documentation: - CONTEXT.md (duplicated in README) - QUICKSTART.md (mentions mock auth, outdated) - QUICK_TEST.md (outdated) - Keep SESSION_CONTEXT.md active for context restoration --- README.md | 829 ++++++++++--------------------- docs/SESSION_CONTEXT.md | 108 +++- docs/{ => archive}/CONTEXT.md | 0 docs/{ => archive}/QUICKSTART.md | 0 docs/{ => archive}/QUICK_TEST.md | 0 5 files changed, 370 insertions(+), 567 deletions(-) rename docs/{ => archive}/CONTEXT.md (100%) rename docs/{ => archive}/QUICKSTART.md (100%) rename docs/{ => archive}/QUICK_TEST.md (100%) diff --git a/README.md b/README.md index 7241bdd..80ba7a4 100644 --- a/README.md +++ b/README.md @@ -1,130 +1,178 @@ # spotlight.cam πŸŽ₯ -Web application (PWA) for the dance community enabling matchmaking, chat, and video file exchange directly via WebRTC (peer-to-peer). +**P2P video exchange app for the dance community** - matchmaking, chat, and WebRTC file transfer directly between users. -## πŸš€ Features +--- -### βœ… Implemented +## 🎯 What is this? -**Authentication & Security:** -- βœ… **JWT Authentication** - real authentication with bcrypt password hashing -- βœ… **Email Verification** - email verification via AWS SES (link + PIN code) -- βœ… **Password Reset** - complete password reset workflow -- βœ… **WSDC Integration** - auto-fill data from worldsdc.com during registration -- βœ… **Event Slugs** - unique alphanumeric identifiers preventing ID enumeration attacks +Web application (PWA) enabling dance event participants to: +- Find recording partners via smart auto-matching +- Exchange competition videos peer-to-peer using WebRTC +- Rate collaborations and track partnership history +- Chat in real-time (event rooms + private 1:1 messages) -**User Profiles:** -- βœ… **User Profiles** - profile editing (first name, last name, WSDC ID) -- βœ… **Social Media Links** - YouTube, Instagram, Facebook, TikTok -- βœ… **Location** - country (dropdown with 195 countries with flags) and city -- βœ… **Public Profiles** - visible to other logged-in users at /@{username} -- βœ… **Profile Statistics** - number of matches, average rating, number of reviews -- βœ… **Clickable Usernames** - usernames in chat are clickable links to public profiles +**Key Feature:** Direct browser-to-browser video file transfer using WebRTC DataChannel - no files stored on server, end-to-end encrypted (DTLS), tested up to 700MB+. -**Events & Chat:** -- βœ… **Event List** - browse dance events from worldsdc.com -- βœ… **Event Participation Tracking** - automatic saving of joined events -- βœ… **Real-time Event Chat** - Socket.IO chat for event participants with country flags -- βœ… **Active Users Sidebar** - list of online users in the event -- βœ… **Message History** - message persistence in database -- βœ… **Infinite Scroll** - loading older messages -- βœ… **Competitor Numbers** - bib number display in event chat +--- -**Matchmaking & Private Chat:** -- βœ… **Match Requests** - send and accept match requests with real-time notifications -- βœ… **Match Management** - view pending/active matches, accept/reject requests -- βœ… **Private 1:1 Chat** - private chat for matched users with Socket.IO and message history -- βœ… **Match Slugs** - secure random slugs (CUID) preventing ID enumeration +## βœ… Core Features -**Ratings & Stats System:** -- βœ… **Partner Ratings** - rate collaboration partners (1-5 stars, comments) -- βœ… **Collaboration Preferences** - "would collaborate again" indicator -- βœ… **Public Rating Display** - ratings visible on public user profiles -- βœ… **Duplicate Prevention** - users can only rate each match once -- βœ… **Auto-completion** - matches auto-complete when both partners have rated -- βœ… **Stats Updates** - atomic recording stats updates (recordingsDone, recordingsReceived) -- βœ… **Source Filtering** - only auto-matches update fairness stats (manual matches excluded) -- βœ… **Race Condition Prevention** - statsApplied flag with atomic check-and-set -- βœ… **Idempotency** - double-rating prevention ensures stats update exactly once +### Authentication & Security +- JWT authentication with bcrypt password hashing +- Email verification via AWS SES (link + PIN code) +- Password reset workflow +- WSDC integration (auto-fill profile data from worldsdc.com) +- Event slugs (alphanumeric IDs preventing enumeration attacks) +- Security: CORS, CSRF, Helmet.js, rate limiting, account lockout -**WebRTC P2P File Transfer:** -- βœ… **WebRTC Signaling** - SDP/ICE exchange via Socket.IO -- βœ… **P2P File Transfer** - RTCDataChannel with 16KB chunking (tested up to 700MB) -- βœ… **WebRTC Detection** - automatic detection of browser capabilities -- βœ… **Fallback UX** - user-friendly warnings when WebRTC blocked -- βœ… **Real-time Progress** - transfer progress monitoring for sender/receiver -- βœ… **E2E Encryption** - DTLS encryption (native WebRTC) -- βœ… **Auto Download** - automatic file download on receiver side +### Events & Chat +- Event list from worldsdc.com +- Real-time event chat (Socket.IO) with active users sidebar +- Infinite scroll message history +- Clickable usernames (/@{username}) with country flags +- Competitor numbers (bib numbers) display -**Landing Page:** -- βœ… **Homepage** - professional landing page with hero section, features showcase, and CTAs -- βœ… **Public Access** - accessible to non-logged users with links to register/login -- βœ… **Responsive Design** - mobile-friendly with gradient backgrounds +### Auto-matching & Fairness System +- Smart recording assignment for competition heats +- 3-tier account system (BASIC/SUPPORTER/COMFORT) with fairness algorithm +- Karma tracking (recordingsDone vs recordingsReceived) +- Dual buffer system (prep time before + rest time after dancing) +- Collision detection (schedule conflicts, max recordings limit) +- Matching runs audit with origin_run_id tracking +- Incremental matching (preserves accepted/completed suggestions) +- Automated scheduler (cron-based) -**Backend & Infrastructure:** -- βœ… **PostgreSQL Database** - 11 tables with relations (Prisma ORM) -- βœ… **RESTful API** - Express.js backend with validation -- βœ… **WebSocket** - Socket.IO for real-time communication -- βœ… **Docker Compose** - full orchestration (nginx, frontend, backend, PostgreSQL) -- βœ… **Test Coverage** - comprehensive test suite for WebRTC, Auth, Events, Matches -- βœ… **WebRTC Tests** - full Socket.IO signaling and detection tests (7 tests passing) +### Matchmaking & Private Chat +- Manual match requests with real-time notifications +- Private 1:1 chat for matched users +- Match slugs (CUID) preventing ID enumeration -**Dashboard & Real-time:** -- βœ… **Dashboard** - centralized landing page with active events, matches, requests -- βœ… **Online Count** - real-time users in event chat -- βœ… **Unread Count** - unread message badges per match -- βœ… **Mobile-first Design** - responsive chat layout with page titles on mobile +### WebRTC P2P File Transfer +- Browser-to-browser video file exchange (RTCDataChannel) +- 16KB chunking with progress monitoring +- STUN servers for NAT traversal +- E2E encryption (DTLS/SRTP) +- WebRTC capability detection +- User-friendly fallback when WebRTC blocked +- Tested up to 700MB+ file transfers -**Auto-matching & Account Tiers:** -- βœ… **Smart Recording Matching** - auto-assign recorders for competition heats with collision detection -- βœ… **3-Tier Account System** - BASIC (free), SUPPORTER, COMFORT tiers with fairness-based assignment -- βœ… **Fairness Algorithm** - karma tracking (recordingsDone vs recordingsReceived) for balanced workload -- βœ… **Dual Buffer System** - prep time before and rest time after dancing (no buffer for recording) -- βœ… **Tier Penalties** - SUPPORTER (-10 fairness), COMFORT (-50 fairness) for reduced recording frequency -- βœ… **Event-specific Upgrades** - accountTierOverride for temporary tier boosts (e.g., Comfort Pass) -- βœ… **Multi-criteria Sorting** - Location > Fairness > Load balancing priority -- βœ… **Competitor Numbers** - bib number support for events -- βœ… **Matching Runs Audit** - complete audit trail with origin_run_id tracking -- βœ… **Incremental Matching** - preserves accepted/completed suggestions across re-runs -- βœ… **Scheduler Integration** - automated matching with cron-based scheduling -- βœ… **Admin Endpoints** - per-run statistics and suggestion filtering +### Ratings & Stats +- Partner ratings (1-5 stars, comments) +- "Would collaborate again" indicator +- Public rating display on user profiles +- Atomic stats updates (race condition prevention) +- Source filtering (auto vs manual matches) +- Auto-completion when both partners rated -**Security & PWA (All Implemented):** -- βœ… **Security Hardening** - CORS, CSRF, Helmet.js, account lockout, rate limiting -- βœ… **PWA Features** - manifest, service worker, offline support, iOS compatible +### User Profiles +- Public profiles (/@{username}) visible to logged-in users +- Social media links (YouTube, Instagram, Facebook, TikTok) +- Location (country + city with 195 countries) +- Profile statistics (matches, average rating, reviews) -### πŸ”œ Future Extensions -- ⏳ **User Badges** - trust system and reputation badges -- ⏳ **Push Notifications** - real-time alerts for matches and messages -- ⏳ **Video Compression** - client-side compression before transfer +### PWA & Infrastructure +- Progressive Web App (offline support, iOS compatible) +- Docker Compose orchestration (nginx, frontend, backend, PostgreSQL) +- PostgreSQL 15 with Prisma ORM (11 tables) +- Admin CLI with REPL for operations + +--- ## πŸ› οΈ Tech Stack -### Frontend -- **React 18** - UI framework -- **Vite** - build tool and dev server -- **Tailwind CSS v3.4.0** - styling -- **React Router** - routing -- **Lucide React** - icons -- **Context API** - state management (auth) -- **Socket.IO Client** - real-time WebSocket communication -- **WebRTC** - P2P file transfer (RTCPeerConnection, RTCDataChannel) +**Frontend:** React 18 + Vite + Tailwind CSS v3.4.0 + Socket.IO Client + WebRTC +**Backend:** Node.js 20 + Express 4.18 + Socket.IO 4.8 + JWT + bcrypt +**Database:** PostgreSQL 15 + Prisma ORM 5.22 +**Infrastructure:** Docker Compose + Nginx + Alpine Linux +**Testing:** Jest + Supertest (342 tests, 72.5% coverage, 100% passing βœ…) -### Backend -- **Node.js 20** - runtime -- **Express 4.18** - web framework -- **PostgreSQL 15** - relational database -- **Prisma ORM 5.22** - type-safe database client -- **Socket.IO 4.8** - WebSocket server -- **bcrypt** - password hashing -- **JWT** - token-based authentication -- **AWS SES** - email service -- **Jest + Supertest** - testing (342 tests, 72.5% coverage, 100% passing) +--- -### Infrastructure -- **Docker Compose** - container orchestration (dev + prod profiles) -- **Nginx** - reverse proxy & static file serving -- **Alpine Linux** - lightweight container base images +## πŸš€ Quick Start + +### Prerequisites +- Docker and Docker Compose + +### 1. Start the application + +```bash +# Clone repository +git clone +cd spotlightcam + +# Copy environment file +cp backend/.env.example backend/.env + +# Start development mode +docker compose --profile dev up + +# Open browser +http://localhost:8080 +``` + +### 2. Test the application + +Use seeded accounts: +- john@example.com / Dance123! +- sarah@example.com / Swing456! +- mike@example.com / Blues789! + +**Flow:** +1. Login β†’ Select event β†’ Join chat +2. Request match with another user β†’ Accept +3. Send video via WebRTC (P2P transfer) +4. Rate partner after exchange + +### Commands + +```bash +# Stop services +docker compose --profile dev down + +# Rebuild after changes +docker compose --profile dev up --build + +# Run tests +docker compose exec backend npm test + +# Run specific test suite +docker compose exec backend npm test -- matching-algorithm.test.js + +# Coverage report +docker compose exec backend npm run test:coverage + +# Admin CLI +docker compose exec backend npm run cli -- users:list --limit 20 +``` + +--- + +## πŸ“Š Test Coverage + +**Backend: 342/342 tests passing - 100% βœ…** (72.5% overall coverage) + +### Test Suites +- **Matching Algorithm**: 19/19 integration tests + - Fundamentals, collision detection, limits, fairness, edge cases +- **Ratings & Stats Flow**: 9/9 E2E tests + - Atomic updates, race prevention, idempotency +- **Matching Runs Audit**: 6/6 tests + - origin_run_id tracking, sequential runs, filtering +- **Incremental Matching**: 5/5 tests +- **Recording Stats Integration**: 6/6 tests +- **WebRTC Signaling**: 12/12 tests +- **Socket.IO**: 12/12 tests +- **API Routes**: Full CRUD coverage (auth, events, matches, dashboard) + +### Code Coverage Highlights +- matching.js: 94.71% statements, 91.5% branches +- routes/matches.js: 76.11% statements +- routes/events.js: 78.2% statements + +**Comprehensive test documentation:** See `docs/TESTING_MATCHING_RATINGS.md` for detailed breakdown of all 45 matching/ratings tests. + +--- ## πŸ“ Project Structure @@ -132,506 +180,180 @@ Web application (PWA) for the dance community enabling matchmaking, chat, and vi spotlightcam/ β”œβ”€β”€ docker-compose.yml # Container orchestration (dev + prod profiles) β”œβ”€β”€ nginx/ # Nginx reverse proxy config -β”‚ β”œβ”€β”€ nginx.conf -β”‚ └── conf.d/default.conf # Proxy /api & /socket.io to backend β”œβ”€β”€ frontend/ # React PWA β”‚ β”œβ”€β”€ src/ β”‚ β”‚ β”œβ”€β”€ components/ # React components -β”‚ β”‚ β”‚ β”œβ”€β”€ common/ # Shared components, PasswordStrength, VerificationBanner -β”‚ β”‚ β”‚ β”œβ”€β”€ chat/ # Chat components -β”‚ β”‚ β”‚ β”œβ”€β”€ video/ # WebRTC components (WebRTCWarning) -β”‚ β”‚ β”‚ β”œβ”€β”€ layout/ # Navbar, Layout -β”‚ β”‚ β”‚ └── __tests__/ # Component tests (WebRTCWarning) β”‚ β”‚ β”œβ”€β”€ pages/ # Application pages -β”‚ β”‚ β”‚ β”œβ”€β”€ HomePage.jsx # Landing page with hero & features -β”‚ β”‚ β”‚ β”œβ”€β”€ LoginPage.jsx -β”‚ β”‚ β”‚ β”œβ”€β”€ RegisterPage.jsx # Two-step registration with WSDC lookup -β”‚ β”‚ β”‚ β”œβ”€β”€ VerifyEmailPage.jsx # Email verification (link + PIN) -β”‚ β”‚ β”‚ β”œβ”€β”€ ForgotPasswordPage.jsx # Request password reset -β”‚ β”‚ β”‚ β”œβ”€β”€ ResetPasswordPage.jsx # Reset password with token -β”‚ β”‚ β”‚ β”œβ”€β”€ ProfilePage.jsx # Edit profile (social media, location) -β”‚ β”‚ β”‚ β”œβ”€β”€ PublicProfilePage.jsx # View other user's profile -β”‚ β”‚ β”‚ β”œβ”€β”€ EventsPage.jsx # Event list with real API -β”‚ β”‚ β”‚ β”œβ”€β”€ EventChatPage.jsx # Real-time event chat -β”‚ β”‚ β”‚ β”œβ”€β”€ MatchChatPage.jsx # Private chat + WebRTC P2P transfer -β”‚ β”‚ β”‚ β”œβ”€β”€ RatePartnerPage.jsx # Rate partner after collaboration -β”‚ β”‚ β”‚ └── HistoryPage.jsx # Match history β”‚ β”‚ β”œβ”€β”€ hooks/ # Custom hooks (useWebRTC) -β”‚ β”‚ β”œβ”€β”€ utils/ # Utilities (webrtcDetection) -β”‚ β”‚ β”‚ └── __tests__/ # Utility tests (webrtcDetection) -β”‚ β”‚ β”œβ”€β”€ contexts/ # AuthContext (JWT integration) +β”‚ β”‚ β”œβ”€β”€ contexts/ # AuthContext β”‚ β”‚ β”œβ”€β”€ services/ # API client, Socket.IO client -β”‚ β”‚ β”œβ”€β”€ data/ # Static data (countries list) -β”‚ β”‚ └── mocks/ # Mock data (for UI development) +β”‚ β”‚ └── constants/ # Status constants β”‚ β”œβ”€β”€ Dockerfile # Development container -β”‚ β”œβ”€β”€ Dockerfile.prod # Production build -β”‚ └── package.json +β”‚ └── Dockerfile.prod # Production build β”œβ”€β”€ backend/ # Node.js + Express API β”‚ β”œβ”€β”€ src/ β”‚ β”‚ β”œβ”€β”€ controllers/ # Auth, users, events, WSDC -β”‚ β”‚ β”œβ”€β”€ middleware/ # Auth, validation, error handling -β”‚ β”‚ β”œβ”€β”€ routes/ # API routes -β”‚ β”‚ β”œβ”€β”€ socket/ # Socket.IO server (event/match rooms, WebRTC signaling) -β”‚ β”‚ β”œβ”€β”€ utils/ # Auth utils, DB, email service (AWS SES) -β”‚ β”‚ └── __tests__/ # Jest unit tests -β”‚ β”‚ β”‚ β”œβ”€β”€ socket-webrtc.test.js # WebRTC signaling tests (7 tests) -β”‚ β”‚ β”‚ β”œβ”€β”€ auth.test.js # Authentication tests -β”‚ β”‚ β”‚ β”œβ”€β”€ events.test.js # Events API tests -β”‚ β”‚ β”‚ β”œβ”€β”€ matches.test.js # Matches API tests -β”‚ β”‚ β”‚ └── ... # Other test suites +β”‚ β”‚ β”œβ”€β”€ routes/ # API routes (events, matches, admin) +β”‚ β”‚ β”œβ”€β”€ services/ # Matching algorithm +β”‚ β”‚ β”œβ”€β”€ socket/ # Socket.IO handlers (chat, WebRTC signaling) +β”‚ β”‚ └── __tests__/ # Jest tests (342 tests) β”‚ β”œβ”€β”€ prisma/ -β”‚ β”‚ β”œβ”€β”€ schema.prisma # Database schema (7 tables) -β”‚ β”‚ β”œβ”€β”€ migrations/ # Database migrations -β”‚ β”‚ └── seed.js # Seed data +β”‚ β”‚ β”œβ”€β”€ schema.prisma # Database schema (11 tables) +β”‚ β”‚ └── migrations/ # Database migrations β”‚ β”œβ”€β”€ Dockerfile # Development container -β”‚ β”œβ”€β”€ Dockerfile.prod # Production build -β”‚ └── package.json +β”‚ └── Dockerfile.prod # Production build └── docs/ # Documentation - β”œβ”€β”€ SESSION_CONTEXT.md # Quick session context (minimal tokens) - β”œβ”€β”€ CONTEXT.md # Full project description - β”œβ”€β”€ TODO.md # Task list & roadmap - β”œβ”€β”€ ARCHITECTURE.md # Technical details - β”œβ”€β”€ DEPLOYMENT.md # Deployment guide - β”œβ”€β”€ MONITORING.md # Monitoring & operations - β”œβ”€β”€ QUICKSTART.md # Quick start guide - β”œβ”€β”€ QUICK_TEST.md # Quick test instructions - β”œβ”€β”€ WEBRTC_TESTING_GUIDE.md # WebRTC testing guide + β”œβ”€β”€ SESSION_CONTEXT.md # Quick session context (for resuming work) + β”œβ”€β”€ TODO.md # Active tasks & roadmap + β”œβ”€β”€ ARCHITECTURE.md # Technical implementation details + β”œβ”€β”€ DEPLOYMENT.md # Production deployment guide + β”œβ”€β”€ MONITORING.md # Operations & monitoring + β”œβ”€β”€ TESTING_MATCHING_RATINGS.md # Comprehensive test documentation + β”œβ”€β”€ WEBRTC_TESTING_GUIDE.md # WebRTC testing guide └── archive/ # Archived documentation - β”œβ”€β”€ COMPLETED.md # Completed tasks archive - β”œβ”€β”€ PHASE_1.5.md # Phase 1.5 documentation - β”œβ”€β”€ SECURITY_AUDIT.md # Security audit & fixes - β”œβ”€β”€ RESOURCES.md # Learning resources - └── ADMIN_CLI.md # Admin CLI documentation ``` -## πŸš€ Getting Started - -### Requirements -- Docker and Docker Compose -- (Optional) Node.js 20+ for development without Docker - -### Development Mode - -1. Clone the repository: -```bash -git clone -cd spotlightcam -``` - -2. Copy example .env file: -```bash -cp backend/.env.example backend/.env -``` - -3. Start Docker Compose with dev profile: -```bash -docker compose --profile dev up -``` - -4. Open browser: -``` -http://localhost:8080 -``` - -### Production Mode - -```bash -docker compose --profile prod up -d -``` - -### Service Access - -**Development:** -- Frontend: http://localhost:8080 -- Backend API: http://localhost:8080/api -- WebSocket: ws://localhost:8080/socket.io -- Health check: http://localhost:8080/api/health -- PostgreSQL: localhost:5432 (exposed for dev tools) - -**Production:** -- Application: http://localhost (port 80) -- HTTPS: https://localhost (port 443, requires SSL certificates) -- PostgreSQL: internal only (not exposed) - -### Stopping Services - -```bash -# Development -docker compose --profile dev down - -# Production -docker compose --profile prod down -``` - -### Rebuild After Changes - -```bash -docker compose --profile dev down -docker compose --profile dev up --build -``` +--- ## πŸ—„οΈ Database Schema 11 tables with relations (Prisma ORM): -1. **users** - users - - Base: id, username, email, password_hash, avatar, created_at, updated_at - - WSDC: first_name, last_name, wsdc_id - - Email: email_verified, verification_token, verification_code, verification_token_expiry - - Password Reset: reset_token, reset_token_expiry - - Social: youtube_url, instagram_url, facebook_url, tiktok_url - - Location: country, city - - Account Tiers: account_tier (BASIC/SUPPORTER/COMFORT), recordings_done, recordings_received +**Core Tables:** +- `users` - Authentication, profile, social links, location, account tiers +- `events` - Dance events with unique slugs +- `event_participants` - User-event relationship, competitor numbers +- `matches` - User pairings with CUID slugs +- `ratings` - 1-5 stars, comments, statsApplied flag +- `chat_rooms` / `messages` - Real-time chat persistence -2. **events** - dance events - - id, slug (unique), name, location, start_date, end_date, description, worldsdc_id, participants_count +**Matching System:** +- `divisions` / `competition_types` / `event_user_heats` - Competition heats +- `recording_suggestions` - Auto-matching results with collision detection, originRunId +- `matching_runs` - Audit trail (manual/scheduler, status, stats) -3. **event_participants** - event participants (many-to-many) - - id, user_id, event_id, joined_at, recorder_opt_out, competitor_number - - account_tier_override (optional event-specific tier upgrade) +**Other:** +- `event_checkin_tokens` - QR code check-in -4. **chat_rooms** - chat rooms - - id, event_id, type (event/private), created_at +See `docs/ARCHITECTURE.md` for detailed schema documentation. -5. **messages** - messages - - id, room_id, user_id, content, type (text/link/video), created_at - -6. **matches** - user pairs - - id, slug (unique cuid), user1_id, user2_id, event_id, room_id, status (pending/accepted/completed), created_at - -7. **ratings** - ratings - - id, match_id, rater_id, rated_id, score (1-5), comment, would_collaborate_again, created_at - - Unique constraint: (match_id, rater_id, rated_id) - prevents duplicate ratings - -8. **event_checkin_tokens** - QR code tokens for event access - - id, event_id, token (cuid), created_at - -9. **divisions** - competition divisions (Newcomer, Novice, Intermediate, etc.) - - id, name, abbreviation, display_order - -10. **competition_types** - competition types (Jack & Jill, Strictly, etc.) - - id, name, abbreviation - -11. **event_user_heats** - user's declared heats for matchmaking - - id, user_id, event_id, division_id, competition_type_id, heat_number (1-9), role (Leader/Follower), created_at, updated_at - - Unique constraint: (user_id, event_id, division_id, competition_type_id, role) - -### Migrations - -```bash -# Development (inside backend container) -docker compose exec backend npx prisma migrate dev - -# Production -docker compose exec backend-prod npx prisma migrate deploy - -# Generate Prisma Client -docker compose exec backend npx prisma generate -``` - -### Seed Data - -```bash -docker compose exec backend npx prisma db seed -``` - -Adds: -- 3 events (Warsaw, Barcelona, HerrΓ€ng) -- 2 users (john_doe, jane_smith) -- Event chat rooms - -## πŸ§ͺ Testing the Application - -### Test Flow: - -1. **Landing Page** (http://localhost:8080/) - - View professional landing page with hero section - - Explore features showcase and how-it-works section - - Click "Get Started" to register or "Sign in" to login - -2. **Registration with WSDC** (http://localhost:8080/register) - - Optional: provide WSDC ID (e.g., 12345) for auto-fill - - Complete registration form - - You'll receive verification email (check AWS SES sandbox) - -3. **Email Verification** (http://localhost:8080/verify-email) - - Click link from email OR enter 6-digit PIN code - - Email will be verified - -4. **Login** (http://localhost:8080/login) - - Email: john@example.com - - Password: password123 - -5. **Profile Editing** (http://localhost:8080/profile) - - Add social media links (Instagram, YouTube, etc.) - - Select country from list of 195 countries - - Enter city - - Edit WSDC ID, first name, last name - -6. **Event Selection** (http://localhost:8080/events) - - View event list (joined events appear at top) - - Select event (e.g., "Warsaw Dance Festival 2025") - - Click "Join chat" or "Open chat" (if already joined) - -7. **Event Chat** - - Real-time chat with Socket.IO - - Active users list on the right side - - Click "+" icon next to user to connect - - You'll be redirected to private 1:1 chat - -8. **1:1 Chat - WebRTC P2P File Transfer** πŸ”₯ - - See partner's profile at top (click username to view public profile) - - WebRTC connection status (disconnected/connecting/connected) - - **Sending video via WebRTC:** - - Click "Send video (WebRTC)" - - Select video file from disk - - Real P2P transfer via RTCDataChannel with STUN servers for NAT traversal - - Supports files up to 700MB+ tested successfully - - See real-time progress bar (16KB chunking) - - Receiver automatically downloads the file - - End-to-end encryption via DTLS (native WebRTC) - - **WebRTC Detection:** - - Automatic detection if WebRTC is blocked - - User-friendly warning with fix suggestions - - Button disabled when WebRTC unavailable - - **Fallback - link sharing:** - - Click "Link" - - Paste video URL (Google Drive, Dropbox, etc.) - - Alternative when WebRTC blocked (Opera, VPNs, privacy settings) - -9. **Rate Partner** - - Click "Finish and rate" - - Select rating (1-5 stars) - - Add comment - - Mark if you want to collaborate again - -10. **Collaboration History** (http://localhost:8080/history) - - See list of matches - - See received ratings - - See statistics - -11. **Public Profiles** - - Click on another user's username - - View profile: avatar, location, social media, statistics +--- ## 🧰 Admin CLI -Use an in-container admin console for quick maintenance. - -- Start REPL (default): `docker compose exec backend npm run cli` -- Explicit REPL: `docker compose exec backend npm run cli -- repl` -- List users: `docker compose exec backend npm run cli -- users:list --limit 20` -- Create user: `docker compose exec backend npm run cli -- users:create --email admin@example.com --username admin --password 'Secret123!'` -- Verify email: `docker compose exec backend npm run cli -- users:verify --email admin@example.com` -- List events: `docker compose exec backend npm run cli -- events:list --limit 10` -- Import WSDC (calendar/list) dry-run: `docker compose exec backend npm run cli -- events:import:wsdc --dry-run --since 2024-01-01 --until 2024-12-31` -- Import with location from list: `docker compose exec backend npm run cli -- events:import:wsdc --source list --limit 50` -- Enrich missing location: `docker compose exec backend npm run cli -- events:import:wsdc --source list --update-missing-location` -- Event details by slug: `docker compose exec backend npm run cli -- events:details --slug warsaw-dance-2025 [--participants 25]` -- Event participants: `docker compose exec backend npm run cli -- events:participants --slug warsaw-dance-2025 --limit 100` -- Event participants CSV: `docker compose exec backend npm run cli -- events:participants --slug warsaw-dance-2025 --limit 200 --csv > participants.csv` -- List matches: `docker compose exec backend npm run cli -- matches:list --limit 20 [--status accepted|pending|completed]` -- Check-in user to event (simulate QR): `docker compose exec backend npm run cli -- events:checkin --username john_doe --slug warsaw-dance-2025` -- App logs (if LOG_FILE configured): `docker compose exec backend npm run cli -- logs:app --lines 200` -- Recent chat messages: `docker compose exec backend npm run cli -- logs:messages --limit 50` - -Production equivalents use `backend-prod` instead of `backend`. - -REPL specifics: -- Inside REPL use `run('users:list --limit 20')` or `.cli users:list --limit 20`. -- Top-level await works for Prisma: `await prisma.user.findMany({ take: 5 })`. -- CLI errors in REPL do not exit the session; the error is printed so you can correct and retry. - -## πŸ” Security - -### Implemented Security Features: - -βœ… **Authentication:** -- bcrypt password hashing (10 salt rounds) -- JWT tokens (httpOnly cookies in production) -- Protected routes with auth middleware -- Email verification required - -βœ… **Input Validation:** -- express-validator for all inputs -- Custom validators for URLs (domain checking) -- SQL injection prevention (Prisma parameterized queries) -- XSS protection (input sanitization) - -βœ… **Rate Limiting:** -- Login attempts: 5 per 15 minutes -- Registration: 3 per hour -- Email sending: 3 per hour - -βœ… **Database:** -- Unique constraints on emails, usernames -- Indexed fields for performance -- Cascading deletes for data integrity - -βœ… **Event Security:** -- Unique alphanumeric slugs (12 chars, MD5-based) -- Prevents ID enumeration attacks -- URLs: /events/{slug}/chat instead of /events/{id}/chat - -βœ… **Socket.IO:** -- JWT authentication for WebSocket connections -- Room-based access control -- User verification before joining rooms - -### Additional Security (Phase 3 - Implemented): - -βœ… CORS configuration -βœ… CSRF protection (cookies) -βœ… Helmet.js security headers -βœ… Account lockout (after failed attempts) -βœ… Content Security Policy -⏳ HTTPS enforcement (requires production SSL setup) - -## πŸ“Š Test Coverage - -**Backend: 72.5% overall coverage** (342/342 tests passing - 100% βœ…) -- **Matching Algorithm**: 19/19 integration tests passing - - Phase 1: Fundamentals (TC1-3) - basic flow, NOT_FOUND scenarios - - Phase 2: Collision Detection (TC4-9) - buffers, slot mapping, schedule conflicts - - Phase 3: Limits & Workload (TC10-11) - MAX_RECORDINGS, recording-recording collisions - - Phase 4: Fairness & Tiers (TC12-16) - debt calculation, tier penalties - - Phase 5: Edge Cases (TC17-19) - multiple heats, incremental matching -- **Ratings & Stats Flow**: 9/9 E2E tests passing - - Double-rating completion flow - - Atomic stats updates (recordingsDone, recordingsReceived) - - Race condition prevention (statsApplied flag) - - Manual vs auto match differentiation - - Idempotency testing -- **Matching Runs Audit**: 6/6 tests passing - - origin_run_id assignment and tracking - - Sequential runs with separate IDs - - Accepted suggestions preservation - - Filter parameters (onlyAssigned, includeNotFound) - - Manual vs scheduler trigger differentiation -- **Incremental Matching**: 5/5 tests passing -- **Recording Stats Integration**: 6/6 tests passing -- **WebRTC Signaling**: 12/12 tests passing (offer/answer/ICE relay, authorization) -- **Auth Controllers**: Comprehensive coverage -- **Events API**: Full test suite -- **Matches API**: Full CRUD tests -- **Dashboard API**: 12 tests passing -- **Socket.IO**: Full WebRTC + chat coverage (12/12 passing) -- **Test Isolation**: Fixed with unique test data per suite -- **Code Coverage Highlights**: - - matching.js: 94.71% statements, 91.5% branches - - routes/matches.js: 76.11% statements - - routes/events.js: 78.2% statements - -**Frontend: Test files ready** (requires test runner setup) -- WebRTC detection utility tests -- WebRTC warning component tests +Quick operations via REPL or command mode: ```bash -# Run all backend tests -docker compose exec backend npm test +# Start REPL +docker compose exec backend npm run cli -# Run specific test suite -docker compose exec backend npm test -- socket-webrtc.test.js +# List users +docker compose exec backend npm run cli -- users:list --limit 20 -# Coverage report -docker compose exec backend npm run test:coverage +# Create user +docker compose exec backend npm run cli -- users:create --email admin@example.com --username admin --password 'Secret123!' + +# Verify email +docker compose exec backend npm run cli -- users:verify --email admin@example.com + +# List events +docker compose exec backend npm run cli -- events:list --limit 10 + +# Import WSDC events +docker compose exec backend npm run cli -- events:import:wsdc --dry-run --since 2024-01-01 --until 2024-12-31 + +# Event details +docker compose exec backend npm run cli -- events:details --slug warsaw-dance-2025 + +# Check-in user to event +docker compose exec backend npm run cli -- events:checkin --username john_doe --slug warsaw-dance-2025 + +# List matches +docker compose exec backend npm run cli -- matches:list --limit 20 --status accepted ``` -## 🎯 Roadmap +**REPL mode:** Top-level await works for Prisma queries, e.g., `await prisma.user.findMany({ take: 5 })` -### βœ… Phase 0: Frontend Mockup (COMPLETED) -- All views with mock data -- WebRTC UI mockup -- Routing & navigation +--- -### βœ… Phase 1: Backend Foundation (COMPLETED) -- Node.js + Express + PostgreSQL -- JWT authentication -- Socket.IO real-time chat -- Test coverage 81%+ +## πŸ” Security Features -### βœ… Phase 1.5: Email & WSDC Integration (COMPLETED) -- Email verification (AWS SES) -- Password reset workflow -- WSDC API integration -- User profiles with social media & location -- Public profiles -- Event participation tracking -- Event security (slugs) +**Implemented:** +- bcrypt password hashing (10 salt rounds) +- JWT authentication (httpOnly cookies in production) +- Email verification required +- Input validation (express-validator) +- SQL injection prevention (Prisma parameterized queries) +- XSS protection (input sanitization) +- Rate limiting (login: 5/15min, registration: 3/hour, email: 3/hour) +- CORS configuration +- CSRF protection +- Helmet.js security headers +- Account lockout after failed attempts +- Content Security Policy +- Unique slugs preventing ID enumeration -### βœ… Phase 2: Matches & Ratings API (COMPLETED) -- Matches API (create/accept match requests with slugs) -- Real-time match notifications via Socket.IO -- Ratings API (1-5 stars, comments, collaboration preferences) -- Public profile ratings display -- Profile links from chat and matches pages -- Message history for matches -- Duplicate rating prevention - -### βœ… Phase 2.5: WebRTC P2P File Transfer (COMPLETED) -- WebRTC signaling (SDP/ICE exchange via Socket.IO) -- P2P file transfer via RTCDataChannel (16KB chunking) -- STUN servers for NAT traversal (production-ready) -- WebRTC capability detection (browser/network compatibility) -- User-friendly fallback UX when WebRTC blocked -- Tested up to 700MB file transfers -- E2E encryption (DTLS) -- Comprehensive test suite (7 backend tests passing) -- Professional landing page with hero section - -### βœ… Phase 3: MVP Finalization (COMPLETED) -- βœ… Landing page -- βœ… Dashboard with online/unread counts -- βœ… Recording matching system (auto-assign recorders) -- βœ… Security hardening (CSRF, account lockout, rate limiting) -- βœ… PWA features (manifest, service worker, iOS support) -- βœ… All backend tests passing (286/286 - 100%) -- βœ… Production operations scripts (backup, restore, health check) -- βœ… Documentation cleanup and reorganization - -### ⏳ Phase 4: Extensions (FUTURE) -- User badges & trust system -- Block users -- Push notifications -- Video compression -- Multi-file transfer +--- ## πŸ“– Documentation -**Quick Start:** -- `docs/SESSION_CONTEXT.md` - Quick context for resuming sessions (minimal tokens) +**For quick start:** +- `docs/SESSION_CONTEXT.md` - Quick context for resuming sessions (recommended for AI assistants) -**Main Documentation:** -- `docs/CONTEXT.md` - Main project description and assumptions -- `docs/TODO.md` - Active tasks and roadmap -- `docs/ARCHITECTURE.md` - Technical details and implementation -- `docs/DEPLOYMENT.md` - Deployment and production setup guide -- `docs/MONITORING.md` - Monitoring and operations guide +**Main documentation:** +- `docs/TODO.md` - Active tasks, security audit, roadmap +- `docs/ARCHITECTURE.md` - Technical details, WebRTC flow, API endpoints +- `docs/TESTING_MATCHING_RATINGS.md` - Comprehensive test documentation (45 tests) +- `docs/DEPLOYMENT.md` - Production deployment guide +- `docs/MONITORING.md` - Operations and monitoring -**Quick Guides:** -- `docs/QUICKSTART.md` - Quick start guide (2 minutes) -- `docs/QUICK_TEST.md` - Quick testing instructions -- `docs/WEBRTC_TESTING_GUIDE.md` - WebRTC testing guide +**Testing guides:** +- `docs/WEBRTC_TESTING_GUIDE.md` - WebRTC P2P testing -**Archived Documentation:** -- `docs/archive/PHASE_1.5.md` - Phase 1.5 documentation (Email & WSDC) +**Archived:** +- `docs/archive/COMPLETED.md` - Full history of completed features +- `docs/archive/PHASE_1.5.md` - Phase 1.5 documentation - `docs/archive/SECURITY_AUDIT.md` - Security audit & fixes -- `docs/archive/ADMIN_CLI.md` - Admin CLI & REPL usage -- `docs/archive/COMPLETED.md` - Completed tasks archive -- `docs/archive/RESOURCES.md` - Links to documentation and learning resources + +--- + +## 🎯 Roadmap + +### βœ… Completed Phases + +**Phase 0:** Frontend mockup with routing +**Phase 1:** Backend foundation (Node.js, Express, PostgreSQL, Socket.IO) +**Phase 1.5:** Email verification (AWS SES), WSDC integration, profiles +**Phase 2:** Matches & ratings API, message history +**Phase 2.5:** WebRTC P2P file transfer with fallback UX +**Phase 3:** MVP finalization (landing page, dashboard, security hardening, PWA, auto-matching) + +### ⏳ Future Extensions (Phase 4) +- User badges & trust system +- Push notifications +- Video compression +- Multi-file transfer +- Block users + +--- ## 🀝 Contributing -Project is in development phase. Currently implementing Phase 2 (Matches & Ratings API, WebRTC P2P transfer). +**Development Guidelines:** +- **Code language:** All code, strings, comments in ENGLISH +- **Communication:** POLISH with team +- **Git commits:** Standard format WITHOUT AI mentions +- **Port:** 8080 (not 80 in dev) +- **Tailwind:** v3.4.0 (NOT v4 - breaking changes) -### Git workflow: +**Git workflow:** ```bash git status git add . git commit -m "feat: description" ``` -**Note:** Commit messages without mentions of AI/automatic generation. +--- ## πŸ“„ License @@ -639,6 +361,5 @@ TBD --- -**Current Status:** MVP Complete βœ… | 285/286 tests passing (99.7%) | Ready for Production Deployment - -**Last Updated:** 2025-11-29 +**Status:** MVP Complete βœ… | 342/342 tests passing (100%) | Production Ready +**Last Updated:** 2025-11-30 diff --git a/docs/SESSION_CONTEXT.md b/docs/SESSION_CONTEXT.md index 559ffda..a045345 100644 --- a/docs/SESSION_CONTEXT.md +++ b/docs/SESSION_CONTEXT.md @@ -15,9 +15,9 @@ ## Current Status -**Phase:** MVP Complete - Ready for Production Deployment -**Tests:** 285/286 backend tests passing - 99.7% (73% coverage) -**Next Goal:** Infrastructure setup (server, domain, SSL) +**Phase:** MVP Complete - Production Ready +**Tests:** 342/342 backend tests passing - 100% βœ… (72.5% coverage) +**Recent Work:** Matching runs audit, ratings & stats system, comprehensive test suite ### Core Features (All Implemented) - JWT authentication with email verification (AWS SES) @@ -27,6 +27,10 @@ - Recording matching system with 3-tier account system (BASIC/SUPPORTER/COMFORT) - Fairness algorithm (karma tracking: recordingsDone vs recordingsReceived) - Dual buffer system (prep before + rest after dancing) +- Matching runs audit with origin_run_id tracking +- Incremental matching (preserves accepted/completed suggestions) +- Scheduler integration (automated matching with cron) +- Atomic stats updates with race condition prevention - Clickable usernames with @ prefix, country flags - Matches & ratings API - QR code event check-in @@ -49,16 +53,26 @@ β”‚ β”œβ”€β”€ hooks/ # useWebRTC.js β”‚ └── constants/ # MATCH_STATUS, SUGGESTION_STATUS, etc. β”œβ”€β”€ backend/src/ -β”‚ β”œβ”€β”€ routes/ # API endpoints +β”‚ β”œβ”€β”€ routes/ # API endpoints (events.js, matches.js, admin.js) β”‚ β”œβ”€β”€ controllers/ # Business logic β”‚ β”œβ”€β”€ services/ # matching.js (auto-matching algorithm) β”‚ β”œβ”€β”€ socket/ # Socket.IO handlers β”‚ β”œβ”€β”€ constants/ # Status constants -β”‚ └── __tests__/ # Jest tests +β”‚ └── __tests__/ # Jest tests (342 tests - 100% passing) +β”‚ β”œβ”€β”€ matching-algorithm.test.js # 19 tests +β”‚ β”œβ”€β”€ ratings-stats-flow.test.js # 9 tests +β”‚ β”œβ”€β”€ matching-runs-audit.test.js # 6 tests +β”‚ β”œβ”€β”€ matching-incremental.test.js # 5 tests +β”‚ └── socket.test.js # 12 tests └── docs/ - β”œβ”€β”€ TODO.md # Current tasks & security audit + β”œβ”€β”€ SESSION_CONTEXT.md # This file - quick context + β”œβ”€β”€ TODO.md # Current tasks & roadmap β”œβ”€β”€ ARCHITECTURE.md # Technical details - └── archive/COMPLETED.md # Historical reference + β”œβ”€β”€ DEPLOYMENT.md # Deployment guide + β”œβ”€β”€ MONITORING.md # Operations guide + β”œβ”€β”€ TESTING_MATCHING_RATINGS.md # Comprehensive test documentation (45 tests) + β”œβ”€β”€ WEBRTC_TESTING_GUIDE.md # WebRTC testing guide + └── archive/ # Archived documentation ``` --- @@ -72,21 +86,58 @@ Key models: - `event_participants` - User-event relationship, competitorNumber, recorderOptOut, `accountTierOverride` - `divisions` / `competition_types` / `event_user_heats` - Competition system - `matches` - User pairings with CUID slugs -- `ratings` - 1-5 stars, comments -- `recording_suggestions` - Auto-matching results with collision detection +- `ratings` - 1-5 stars, comments, `statsApplied` flag +- `recording_suggestions` - Auto-matching results with collision detection, `originRunId` tracking +- `matching_runs` - Audit trail (manual/scheduler, status, stats) - `chat_rooms` / `messages` - Real-time chat persistence --- +## Recent Changes (Last 2 Days) + +### Matching Runs Audit System +- **File:** `backend/src/__tests__/matching-runs-audit.test.js` (6 tests) +- **Features:** + - origin_run_id assignment and tracking + - Sequential runs create separate audit records + - Accepted suggestions preserve origin_run_id across re-runs + - Admin endpoints with filtering (onlyAssigned, includeNotFound) + - Manual vs scheduler trigger differentiation + +### Ratings & Stats Integration +- **File:** `backend/src/__tests__/ratings-stats-flow.test.js` (9 tests) +- **Features:** + - Atomic stats updates (recordingsDone, recordingsReceived) + - Race condition prevention with `statsApplied` flag + - Source filtering (only auto matches update stats) + - Idempotency (double-rating prevention) + - E2E double-rating completion flow + +### Documentation +- **Updated:** README.md with current test statistics (342/342) +- **New:** docs/TESTING_MATCHING_RATINGS.md (comprehensive 45-test overview) +- **Archived:** Outdated quick start guides + +--- + ## Quick Commands ```bash # Start development -docker compose up --build +docker compose --profile dev up -# Run backend tests +# Run all backend tests docker compose exec backend npm test +# Run specific test suite +docker compose exec backend npm test -- matching-runs-audit.test.js + +# Coverage report +docker compose exec backend npm run test:coverage + +# Admin CLI +docker compose exec backend npm run cli -- users:list --limit 20 + # Access # Frontend: http://localhost:8080 # API: http://localhost:8080/api @@ -117,6 +168,11 @@ ACCOUNT_TIER: BASIC | SUPPORTER | COMFORT // Tier fairness penalties FAIRNESS_SUPPORTER_PENALTY: 10 FAIRNESS_COMFORT_PENALTY: 50 + +// Matching config +MAX_RECORDINGS_PER_PERSON: 3 +PREP_BUFFER_MINUTES: 30 +REST_BUFFER_MINUTES: 60 ``` --- @@ -131,12 +187,38 @@ FAIRNESS_COMFORT_PENALTY: 50 --- +## Test Coverage Summary + +**Total:** 342/342 tests passing (100% βœ…) + +- **Matching Algorithm:** 19 tests (TC1-TC19) + - Fundamentals, collision detection, limits, fairness, edge cases +- **Ratings & Stats:** 9 tests + - Atomic updates, race prevention, idempotency +- **Matching Runs Audit:** 6 tests + - origin_run_id tracking, sequential runs, filtering +- **Incremental Matching:** 5 tests +- **Recording Stats Integration:** 6 tests +- **WebRTC Signaling:** 12 tests +- **Socket.IO:** 12 tests +- **API Routes:** Full CRUD coverage (auth, events, matches, dashboard) + +**Code Coverage:** +- matching.js: 94.71% statements, 91.5% branches +- routes/matches.js: 76.11% statements +- routes/events.js: 78.2% statements + +--- + ## For More Details -- `docs/TODO.md` - Security audit, future improvements +- `docs/TODO.md` - Active tasks, security audit, future improvements - `docs/ARCHITECTURE.md` - Technical implementation details +- `docs/TESTING_MATCHING_RATINGS.md` - Comprehensive test documentation +- `docs/DEPLOYMENT.md` - Production deployment guide +- `docs/MONITORING.md` - Operations and monitoring - `docs/archive/COMPLETED.md` - Full history of completed features --- -**Last Updated:** 2025-11-29 +**Last Updated:** 2025-11-30 diff --git a/docs/CONTEXT.md b/docs/archive/CONTEXT.md similarity index 100% rename from docs/CONTEXT.md rename to docs/archive/CONTEXT.md diff --git a/docs/QUICKSTART.md b/docs/archive/QUICKSTART.md similarity index 100% rename from docs/QUICKSTART.md rename to docs/archive/QUICKSTART.md diff --git a/docs/QUICK_TEST.md b/docs/archive/QUICK_TEST.md similarity index 100% rename from docs/QUICK_TEST.md rename to docs/archive/QUICK_TEST.md