spotlightcam/docs/TODO.md

# TODO - spotlight.cam

**Active tasks and roadmap - optimized for quick reference**

---

## 🎯 CURRENT STATUS

**Phase:** 1.5 (Email & WSDC & Profiles & Security) - ✅ COMPLETED
**Next Phase:** 2 (Core Features) - ⏳ PENDING
**Progress:** ~65% complete

### ✅ Completed
- Phase 0: Frontend mockup with all views
- Phase 1: Backend Foundation
  - Node.js + Express API
  - PostgreSQL database with Prisma ORM
  - JWT authentication (register, login)
  - Socket.IO real-time chat (event & match rooms)
  - Comprehensive test coverage (81%+)
- Phase 1.5: Email & WSDC & Profiles & Security
  - Email verification (AWS SES with link + PIN)
  - Password reset workflow
  - WSDC API integration (auto-fill registration)
  - User profiles (social media links, location)
  - Public profiles (/{username})
  - Event participation tracking (auto-save joined events)
  - Event security (unique slugs, prevent ID enumeration)
  - **QR code event check-in system** (physical presence required at venue)

### ⏳ Next Priority
**Core Features** - Matches API + Ratings + WebRTC Signaling

**See:** `docs/COMPLETED.md` for full list of completed tasks

---

## 📌 Phase 1: Backend Foundation - ✅ COMPLETED

**Completed:** 2025-11-12
**Time Spent:** ~14 hours

### ✅ Step 1: Backend Setup (COMPLETED)
- [x] Add `backend` service to docker-compose.yml
- [x] Initialize Node.js + Express project
- [x] Create folder structure (routes, controllers, middleware, etc.)
- [x] Add healthcheck endpoint: `GET /api/health`
- [x] Update nginx config to proxy `/api/*` to backend
- [x] Unit tests (7 tests passing)

### ✅ Step 2: PostgreSQL Setup (COMPLETED)
- [x] Add `db` service (PostgreSQL 15) to docker-compose.yml
- [x] Configure volumes for data persistence
- [x] Prisma ORM implementation
- [x] Create database schema (6 tables with relations)
- [x] Add indexes for performance
- [x] Create seed data (3 events, 2 users, chat rooms)
- [x] Fix OpenSSL compatibility issue for Prisma

### ✅ Step 3: Authentication API (COMPLETED)
- [x] Install dependencies: bcrypt, jsonwebtoken, express-validator
- [x] Implement password hashing with bcrypt (10 salt rounds)
- [x] Implement JWT token generation and verification
- [x] Create endpoints: register, login, /users/me
- [x] Create auth middleware for protected routes
- [x] Update frontend AuthContext to use real API
- [x] Unit tests (30 tests, 78%+ coverage)

### ✅ Step 4: WebSocket Chat (COMPLETED)
- [x] Install Socket.IO 4.8.1 on backend
- [x] Setup Socket.IO server with Express integration
- [x] JWT authentication for socket connections
- [x] Event rooms (join/leave/messages/active users)
- [x] Match rooms (private 1:1 chat)
- [x] Install socket.io-client on frontend
- [x] Update EventChatPage with real-time messaging
- [x] Update MatchChatPage with real-time chat
- [x] Unit tests (12 tests, 89% coverage for Socket.IO module)

---

## 📌 NEXT STEPS - Phase 2: Core Features

**Estimated Time:** 12-15 hours
**Priority:** HIGH

### Step 1: Matches API (3-4h) ⏳
- [ ] Create Match controller and routes
- [ ] `POST /api/matches` - Create match request
- [ ] `POST /api/matches/:id/accept` - Accept match request
- [ ] `GET /api/matches` - List user's matches (active, pending, completed)
- [ ] `GET /api/matches/:id` - Get match details
- [ ] Frontend integration:
  - Match request button in EventChatPage
  - Match notification handling
  - Match acceptance flow
- [ ] Unit tests (match creation, acceptance, validation)

### Step 2: Ratings API (2-3h) ⏳
- [ ] Create Rating controller and routes
- [ ] `POST /api/ratings` - Submit rating after collaboration
- [ ] `GET /api/users/:id/ratings` - Get user's ratings & average
- [ ] `GET /api/matches/:id/rating` - Check if match already rated
- [ ] Frontend integration:
  - Update RateMatchPage to use real API
  - Display user ratings on profile/active users
- [ ] Validation (1-5 stars, comment length)
- [ ] Unit tests (rating submission, retrieval, validation)

### Step 3: WebRTC Signaling (3-4h) ⏳
- [ ] Add Socket.IO signaling events:
  - `webrtc_offer` - Send SDP offer
  - `webrtc_answer` - Send SDP answer
  - `webrtc_ice_candidate` - Exchange ICE candidates
- [ ] Frontend WebRTC setup:
  - RTCPeerConnection initialization
  - STUN server configuration
  - Signaling flow implementation
- [ ] Connection state monitoring
- [ ] Unit tests (signaling message exchange)

### Step 4: WebRTC File Transfer (4-5h) ⏳
- [ ] RTCDataChannel setup (ordered, reliable)
- [ ] File metadata exchange (name, size, type)
- [ ] File chunking implementation (16KB chunks)
- [ ] Progress monitoring (sender & receiver)
- [ ] Error handling & reconnection logic
- [ ] Complete P2P video transfer flow:
  - Select video file
  - Establish P2P connection
  - Transfer file via DataChannel
  - Save file on receiver side
- [ ] Test with various file sizes
- [ ] Fallback: Link sharing (already implemented in UI)

---

## 🎯 Future Phases (Reference)

### Phase 3: MVP Finalization (2-3 weeks)
- [ ] Security hardening:
  - Rate limiting (express-rate-limit)
  - Input validation & sanitization
  - CORS configuration
  - SQL injection prevention
  - XSS protection
- [ ] Testing:
  - Integration tests (API endpoints)
  - E2E tests (Playwright/Cypress)
  - WebRTC connection tests
- [ ] PWA features:
  - Web app manifest
  - Service worker (offline support)
  - App icons & splash screens
  - Install prompt
- [ ] Deployment:
  - Production Docker images
  - Environment configuration
  - Database backups
  - Monitoring & logging
  - CI/CD pipeline

### Phase 5: Optional Extensions
- [ ] User badges & trust system
- [ ] Block users
- [ ] Public profiles
- [ ] Push notifications
- [ ] Video compression
- [ ] Multi-file transfer

---

## 📝 Active Development Tasks

### Documentation
- [x] ✅ README.md
- [x] ✅ QUICKSTART.md
- [x] ✅ CONTEXT.md
- [x] ✅ TODO.md
- [x] ✅ SESSION_CONTEXT.md
- [x] ✅ ARCHITECTURE.md
- [x] ✅ COMPLETED.md
- [x] ✅ RESOURCES.md
- [ ] ⏳ API documentation (Swagger/OpenAPI) - after backend
- [ ] ⏳ Architecture diagrams - after backend
- [ ] ⏳ WebRTC flow diagram - after WebRTC implementation

### Infrastructure
- [x] ✅ Docker Compose (nginx, frontend)
- [ ] ⏳ Docker Compose (backend, db)
- [ ] ⏳ Production Dockerfile optimization (multi-stage builds)
- [ ] ⏳ CI/CD pipeline (GitHub Actions)
- [ ] ⏳ HTTPS setup (Let's Encrypt)

### Testing
- [ ] ⏳ Backend tests (Jest + Supertest)
- [ ] ⏳ Frontend tests (Vitest + React Testing Library)
- [ ] ⏳ E2E tests (Playwright / Cypress)
- [ ] ⏳ WebRTC manual testing (different devices)

---

## 🚀 Quick Commands

**Start development:**
```bash
docker compose up --build
```

**Rebuild after changes:**
```bash
docker compose down && docker compose up --build
```

**Access:**
- Frontend: http://localhost:8080
- Backend (future): http://localhost:8080/api

**Git workflow:**
```bash
git status
git add .
git commit -m "feat: description"
```

---

## 📊 Progress Tracking

| Phase | Status | Progress | Estimated Time |
|-------|--------|----------|----------------|
| Phase 0: Frontend Mockup | ✅ Done | 100% | ~8h (completed) |
| Phase 1: Backend Foundation | ✅ Done | 100% | ~14h (completed) |
| Phase 1.5: Email & WSDC & Profiles | ✅ Done | 100% | ~12h (completed) |
| Phase 2: Core Features | ⏳ Next | 0% | ~15-20h |
| Phase 3: MVP Finalization | ⏳ Pending | 0% | ~15-20h |
| Phase 4: Extensions | ⏳ Pending | 0% | TBD |

**Overall Progress:** ~65% (Phase 0, 1, 1.5 completed)

---

## 📝 Notes

- Frontend mockup is presentation-ready
- All views work with mock data - easy to connect real API
- WebRTC P2P mockup in MatchChatPage - needs real implementation
- Focus on Phase 1 next (backend foundation)
- Update task status: ⏳ → 🔄 → ✅

---

**For detailed task history:** See `docs/COMPLETED.md`
**For learning resources:** See `docs/RESOURCES.md`
**For quick session context:** See `docs/SESSION_CONTEXT.md`
**For technical details:** See `docs/ARCHITECTURE.md`

---

**Last Updated:** 2025-11-14