diff --git a/README.md b/README.md index 3ac7904..fc010cd 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,9 @@ Web application (PWA) enabling dance event participants to: - Password reset workflow - WSDC integration (auto-fill profile data from worldsdc.com) - Event slugs (alphanumeric IDs preventing enumeration attacks) +- Cloudflare Turnstile CAPTCHA (bot protection on registration & contact form) - Security: CORS, CSRF, Helmet.js, rate limiting, account lockout +- Trust proxy for correct client IP detection behind nginx ### Events & Chat - Event list from worldsdc.com @@ -55,7 +57,8 @@ Web application (PWA) enabling dance event participants to: ### WebRTC P2P File Transfer - Browser-to-browser video file exchange (RTCDataChannel) - 16KB chunking with progress monitoring -- STUN servers for NAT traversal +- Cloudflare TURN/STUN servers for reliable NAT traversal +- Dynamic ICE server configuration with fallback to public STUN - E2E encryption (DTLS/SRTP) - WebRTC capability detection - User-friendly fallback when WebRTC blocked @@ -69,11 +72,15 @@ Web application (PWA) enabling dance event participants to: - Source filtering (auto vs manual matches) - Auto-completion when both partners rated -### User Profiles -- Public profiles (/@{username}) visible to logged-in users +### User Profiles & Public Pages +- Public profiles (/u/{username}) accessible without authentication +- Clickable usernames in navbar linking to profile - Social media links (YouTube, Instagram, Facebook, TikTok) - Location (country + city with 195 countries) -- Profile statistics (matches, average rating, reviews) +- Profile statistics (average rating, reviews) +- Responsive mobile layout +- 404 page with activity logging for invalid routes +- About Us and How It Works pages (markdown-based static content) ### Admin & Monitoring - Activity Log System with real-time streaming dashboard @@ -82,6 +89,8 @@ Web application (PWA) enabling dance event participants to: - Real-time Socket.IO streaming (like `tail -f`) - Admin-only access with requireAdmin middleware - Statistics dashboard (total logs, failures, 24h activity) +- Contact form submissions with admin panel +- Admin dropdown menu in navbar (Activity Logs, Contact Messages) ### PWA & Infrastructure - Progressive Web App (offline support, iOS compatible) @@ -97,7 +106,8 @@ Web application (PWA) enabling dance event participants to: **Backend:** Node.js 20 + Express 4.18 + Socket.IO 4.8 + JWT + bcrypt **Database:** PostgreSQL 15 + Prisma ORM 5.22 **Infrastructure:** Docker Compose + Nginx + Alpine Linux -**Testing:** Jest + Supertest (342 tests, 72.5% coverage, 100% passing ✅) +**Testing:** Jest + Supertest (351 tests, 73% coverage, 100% passing ✅) +**External Services:** AWS SES (email), Cloudflare Turnstile (CAPTCHA), Cloudflare TURN (WebRTC) --- @@ -162,7 +172,7 @@ docker compose exec backend npm run cli -- users:list --limit 20 ## 📊 Test Coverage -**Backend: 342/342 tests passing - 100% ✅** (72.5% overall coverage) +**Backend: 351/351 tests passing - 100% ✅** (73% overall coverage) ### Test Suites - **Matching Algorithm**: 19/19 integration tests @@ -174,13 +184,15 @@ docker compose exec backend npm run cli -- users:list --limit 20 - **Incremental Matching**: 5/5 tests - **Recording Stats Integration**: 6/6 tests - **WebRTC Signaling**: 12/12 tests +- **WebRTC API**: 9/9 tests (Cloudflare TURN integration, fallbacks, authentication) - **Socket.IO**: 12/12 tests -- **API Routes**: Full CRUD coverage (auth, events, matches, dashboard) +- **API Routes**: Full CRUD coverage (auth, events, matches, dashboard, webrtc) ### Code Coverage Highlights - matching.js: 94.71% statements, 91.5% branches - routes/matches.js: 76.11% statements - routes/events.js: 78.2% statements +- routes/webrtc.js: 100% coverage (9 comprehensive tests) **Comprehensive test documentation:** See `docs/TESTING_MATCHING_RATINGS.md` for detailed breakdown of all 45 matching/ratings tests. @@ -193,24 +205,25 @@ spotlightcam/ ├── docker-compose.yml # Container orchestration (dev + prod profiles) ├── nginx/ # Nginx reverse proxy config ├── frontend/ # React PWA +│ ├── public/content/ # Static markdown content (About Us, How It Works) │ ├── src/ │ │ ├── components/ # React components -│ │ ├── pages/ # Application pages -│ │ │ └── admin/ # Admin pages (ActivityLogsPage) -│ │ ├── hooks/ # Custom hooks (useWebRTC) +│ │ ├── pages/ # Application pages (Home, Profile, Contact, 404) +│ │ │ └── admin/ # Admin pages (ActivityLogsPage, ContactMessages) +│ │ ├── hooks/ # Custom hooks (useWebRTC with Cloudflare TURN) │ │ ├── contexts/ # AuthContext -│ │ ├── services/ # API client, Socket.IO client +│ │ ├── services/ # API client, Socket.IO client, WebRTC API │ │ └── constants/ # Status constants │ ├── Dockerfile # Development container │ └── Dockerfile.prod # Production build ├── backend/ # Node.js + Express API │ ├── src/ │ │ ├── controllers/ # Auth, users, events, WSDC -│ │ ├── routes/ # API routes (events, matches, admin) +│ │ ├── routes/ # API routes (events, matches, admin, webrtc, public) │ │ ├── services/ # Matching algorithm, activity logging │ │ ├── middleware/ # Auth, admin access, message validation (spam protection) │ │ ├── socket/ # Socket.IO handlers (chat, WebRTC signaling, admin logs) -│ │ └── __tests__/ # Jest tests (342 tests) +│ │ └── __tests__/ # Jest tests (351 tests, 100% passing) │ ├── prisma/ │ │ ├── schema.prisma # Database schema (12 tables) │ │ └── migrations/ # Database migrations @@ -345,6 +358,7 @@ docker compose exec backend npm run cli -- matches:list --limit 20 --status acce **Phase 2.5:** WebRTC P2P file transfer with fallback UX **Phase 3:** MVP finalization (landing page, dashboard, security hardening, PWA, auto-matching) **Phase 3.5:** Activity Log System (admin monitoring, real-time streaming dashboard, 18 action types) +**Phase 3.6:** Public enhancements (Cloudflare CAPTCHA, public profiles, static pages, responsive design, Cloudflare TURN) ### ⏳ Future Extensions (Phase 4) - User badges & trust system @@ -379,5 +393,5 @@ TBD --- -**Status:** MVP Complete ✅ | 342/342 tests passing (100%) | Production Ready -**Last Updated:** 2025-12-03 +**Status:** MVP Complete ✅ | 351/351 tests passing (100%) | Production Ready +**Last Updated:** 2025-12-05 diff --git a/docs/SESSION_CONTEXT.md b/docs/SESSION_CONTEXT.md index 0e3d751..cd4aaad 100644 --- a/docs/SESSION_CONTEXT.md +++ b/docs/SESSION_CONTEXT.md @@ -15,17 +15,20 @@ ## Current Status -**Phase:** MVP Complete - Production Ready -**Tests:** 342/342 backend tests passing - 100% ✅ (72.5% coverage) -**Recent Work:** Activity Log System with real-time admin dashboard (Phase 3.5 complete) +**Phase:** MVP Complete - Production Ready (Phase 3.6 complete) +**Tests:** 351/351 backend tests passing - 100% ✅ (73% coverage) +**Recent Work:** Cloudflare integrations (CAPTCHA, TURN/STUN), public pages, responsive design improvements ### Core Features (All Implemented) - JWT authentication with email verification (AWS SES) +- Cloudflare Turnstile CAPTCHA (bot protection on registration & contact form) - Real-time chat (Socket.IO) - event rooms + private 1:1 - Real-time active users with instant updates - Message validation (2000 char limit with visual counter) - Spam protection (rate limiting, duplicate detection, profanity filter) - WebRTC P2P file transfer (RTCDataChannel, up to 700MB tested) + - Cloudflare TURN/STUN servers with dynamic configuration + - Fallback to public STUN servers - Competition heats system for matchmaking - Recording matching system with 3-tier account system (BASIC/SUPPORTER/COMFORT) - Fairness algorithm (karma tracking: recordingsDone vs recordingsReceived) @@ -34,11 +37,16 @@ - Incremental matching (preserves accepted/completed suggestions) - Scheduler integration (automated matching with cron) - Atomic stats updates with race condition prevention -- Clickable usernames with @ prefix, country flags +- Clickable usernames in navbar, country flags +- Public profiles (/u/{username}) - accessible without authentication +- Static content pages (About Us, How It Works) - markdown-based +- Contact form with admin panel +- 404 page with activity logging - Matches & ratings API - QR code event check-in - PWA (offline support, iOS compatible) -- Security: CSRF, rate limiting, account lockout +- Responsive mobile design +- Security: CSRF, rate limiting, account lockout, trust proxy - Test bot for automated testing - Activity Log System - admin monitoring dashboard with real-time streaming (18 action types) @@ -49,27 +57,30 @@ ``` /spotlightcam ├── docker-compose.yml # nginx:8080 + frontend + backend + db -├── frontend/src/ -│ ├── pages/ # React pages -│ │ └── admin/ # Admin pages (ActivityLogsPage.jsx) -│ ├── components/ # Reusable components -│ ├── contexts/ # AuthContext -│ ├── services/ # api.js, socket.js -│ ├── hooks/ # useWebRTC.js -│ └── constants/ # MATCH_STATUS, SUGGESTION_STATUS, etc. +├── frontend/ +│ ├── public/content/ # Static markdown content (about-us.md, how-it-works.md) +│ └── src/ +│ ├── pages/ # React pages (Home, Profile, Contact, 404, AboutUs, HowItWorks) +│ │ └── admin/ # Admin pages (ActivityLogsPage.jsx, ContactMessagesPage.jsx) +│ ├── components/ # Reusable components +│ ├── contexts/ # AuthContext +│ ├── services/ # api.js, socket.js, webrtcAPI +│ ├── hooks/ # useWebRTC.js (Cloudflare TURN) +│ └── constants/ # MATCH_STATUS, SUGGESTION_STATUS, etc. ├── backend/src/ -│ ├── routes/ # API endpoints (events.js, matches.js, admin.js) +│ ├── routes/ # API endpoints (events.js, matches.js, admin.js, webrtc.js, public.js) │ ├── controllers/ # Business logic │ ├── services/ # matching.js (auto-matching), activityLog.js (audit trail) │ ├── middleware/ # auth.js, admin.js (requireAdmin) │ ├── socket/ # Socket.IO handlers (chat, WebRTC, admin logs) │ ├── utils/ # request.js (IP extraction) │ ├── constants/ # Status constants -│ └── __tests__/ # Jest tests (342 tests - 100% passing) +│ └── __tests__/ # Jest tests (351 tests - 100% passing) │ ├── matching-algorithm.test.js # 19 tests │ ├── ratings-stats-flow.test.js # 9 tests │ ├── matching-runs-audit.test.js # 6 tests │ ├── matching-incremental.test.js # 5 tests +│ ├── webrtc-api.test.js # 9 tests (Cloudflare TURN) │ └── socket.test.js # 12 tests └── docs/ ├── SESSION_CONTEXT.md # This file - quick context