tester/shokuninmarche
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Foundation — auth system, 9 migrations, React frontend

Browse Source 
Backend:
- Express server with JWT httpOnly cookie auth
- POST /api/auth/register, /api/auth/login, /api/auth/logout, GET /api/auth/me
- bcrypt 12 rounds, generic 401 errors (no email/password field disclosure)
- Auth middleware protects all /api/* routes except register/login
- pg Pool database connection

Frontend (React + Vite + TailwindCSS + shadcn/ui):
- AuthContext with session restore on page load via /api/auth/me
- ProtectedRoute redirects unauthenticated users to /login
- LoginPage, RegisterPage — Hebrew RTL layout (dir=rtl), inline validation
- DashboardPage placeholder
- shadcn/ui components: Button, Input, Label, Card

Database:
- 9 migrations (001-009): extensions, users, events, vendors, guests,
  bookings, invitations, vendor_ratings, organizer_preferences
- pg_trgm for fuzzy Hebrew search, GIN indexes on style_tags
- Phase 2+3 fields included: source, payment_status, contract_value,
  vendor ratings 6-dimension, organizer preferences
- Idempotent migration runner with schema_migrations tracking table

Infrastructure:
- Dockerfile (multi-stage: build React → production node:20-alpine)
- docker-compose.yml with PostgreSQL healthcheck, expose not ports
- Migrations run automatically on container start

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
tester
2026-02-21 18:22:42 +00:00
parent 0f1882e9ae
commit c8909befb1
45 changed files with 5669 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example Normal file
View File

@@ -0,0 +1,5 @@
# Copy to .env and fill in values
NODE_ENV=development
PORT=3000
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/airewit
JWT_SECRET=change_this_to_a_long_random_secret_min_32_chars

5
.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
node_modules/
client/node_modules/
client/dist/
.env
*.log

32
Dockerfile Normal file
View File

@@ -0,0 +1,32 @@
FROM node:20-alpine AS builder
WORKDIR /app
# Build React frontend
COPY client/package*.json ./client/
RUN cd client && npm ci
COPY client/ ./client/
RUN cd client && npm run build
# ─── Production stage ─────────────────────────────────────────────────────────
FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --omit=dev
COPY --from=builder /app/client/dist ./client/dist
COPY server.js ./
COPY routes/ ./routes/
COPY middleware/ ./middleware/
COPY db/ ./db/
COPY migrations/ ./migrations/
COPY seeds/ ./seeds/
COPY scripts/ ./scripts/
EXPOSE 3000
# Run migrations then start server
CMD node scripts/migrate.js && node server.js

13
client/index.html Normal file
View File

@@ -0,0 +1,13 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>client</title>
</head>
<body>
<div id="root"></div>
<script type="module" src="/src/main.tsx"></script>
</body>
</html>

3991
client/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

39
client/package.json Normal file
View File

@@ -0,0 +1,39 @@
{
"name": "client",
"private": true,
"version": "0.0.0",
"type": "module",
"scripts": {
"dev": "vite",
"build": "tsc -b && vite build",
"lint": "eslint .",
"preview": "vite preview"
},
"dependencies": {
"react": "^19.2.0",
"react-dom": "^19.2.0",
"react-router-dom": "^7.13.0",
"zustand": "^5.0.11"
},
"devDependencies": {
"@eslint/js": "^9.39.1",
"@types/node": "^24.10.13",
"@types/react": "^19.2.7",
"@types/react-dom": "^19.2.3",
"@vitejs/plugin-react": "^5.1.1",
"autoprefixer": "^10.4.24",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"eslint": "^9.39.1",
"eslint-plugin-react-hooks": "^7.0.1",
"eslint-plugin-react-refresh": "^0.4.24",
"globals": "^16.5.0",
"lucide-react": "^0.575.0",
"postcss": "^8.5.6",
"tailwind-merge": "^3.5.0",
"tailwindcss": "^3.4.19",
"typescript": "~5.9.3",
"typescript-eslint": "^8.48.0",
"vite": "^7.3.1"
}
}

6
client/postcss.config.js Normal file
View File

@@ -0,0 +1,6 @@
export default {
plugins: {
tailwindcss: {},
autoprefixer: {},
},
}

42
client/src/App.css Normal file
View File

@@ -0,0 +1,42 @@
#root {
max-width: 1280px;
margin: 0 auto;
padding: 2rem;
text-align: center;
}
.logo {
height: 6em;
padding: 1.5em;
will-change: filter;
transition: filter 300ms;
}
.logo:hover {
filter: drop-shadow(0 0 2em #646cffaa);
}
.logo.react:hover {
filter: drop-shadow(0 0 2em #61dafbaa);
}
@keyframes logo-spin {
from {
transform: rotate(0deg);
}
to {
transform: rotate(360deg);
}
}
@media (prefers-reduced-motion: no-preference) {
a:nth-of-type(2) .logo {
animation: logo-spin infinite 20s linear;
}
}
.card {
padding: 2em;
}
.read-the-docs {
color: #888;
}

30
client/src/App.tsx Normal file
View File

@@ -0,0 +1,30 @@
import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom';
import { AuthProvider } from '@/contexts/AuthContext';
import { ProtectedRoute } from '@/components/ProtectedRoute';
import { LoginPage } from '@/pages/LoginPage';
import { RegisterPage } from '@/pages/RegisterPage';
import { DashboardPage } from '@/pages/DashboardPage';
export default function App() {
return (
<BrowserRouter>
<AuthProvider>
<Routes>
<Route path="/login" element={<LoginPage />} />
<Route path="/register" element={<RegisterPage />} />
<Route
path="/dashboard"
element={
<ProtectedRoute>
<DashboardPage />
</ProtectedRoute>
}
/>
{/* Default: redirect root to dashboard (ProtectedRoute will redirect to /login if unauthed) */}
<Route path="/" element={<Navigate to="/dashboard" replace />} />
<Route path="*" element={<Navigate to="/dashboard" replace />} />
</Routes>
</AuthProvider>
</BrowserRouter>
);
}

1
client/src/assets/react.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

24
client/src/components/ProtectedRoute.tsx Normal file
View File

@@ -0,0 +1,24 @@
import { Navigate } from 'react-router-dom';
import { useAuth } from '@/contexts/AuthContext';
interface ProtectedRouteProps {
children: React.ReactNode;
}
export function ProtectedRoute({ children }: ProtectedRouteProps) {
const { user, loading } = useAuth();
if (loading) {
return (
<div className="min-h-screen flex items-center justify-center">
<p className="text-muted-foreground">טוען...</p>
</div>
);
}
if (!user) {
return <Navigate to="/login" replace />;
}
return <>{children}</>;
}

47
client/src/components/ui/button.tsx Normal file
View File

@@ -0,0 +1,47 @@
import * as React from 'react';
import { cva, type VariantProps } from 'class-variance-authority';
import { cn } from '@/lib/utils';
const buttonVariants = cva(
'inline-flex items-center justify-center rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50',
{
variants: {
variant: {
default: 'bg-primary text-primary-foreground hover:bg-primary/90',
destructive: 'bg-destructive text-destructive-foreground hover:bg-destructive/90',
outline: 'border border-input bg-background hover:bg-accent hover:text-accent-foreground',
ghost: 'hover:bg-accent hover:text-accent-foreground',
link: 'text-primary underline-offset-4 hover:underline',
},
size: {
default: 'h-10 px-4 py-2',
sm: 'h-9 rounded-md px-3',
lg: 'h-11 rounded-md px-8',
icon: 'h-10 w-10',
},
},
defaultVariants: {
variant: 'default',
size: 'default',
},
}
);
export interface ButtonProps
extends React.ButtonHTMLAttributes<HTMLButtonElement>,
VariantProps<typeof buttonVariants> {}
const Button = React.forwardRef<HTMLButtonElement, ButtonProps>(
({ className, variant, size, ...props }, ref) => {
return (
<button
className={cn(buttonVariants({ variant, size, className }))}
ref={ref}
{...props}
/>
);
}
);
Button.displayName = 'Button';
export { Button, buttonVariants };

50
client/src/components/ui/card.tsx Normal file
View File

@@ -0,0 +1,50 @@
import * as React from 'react';
import { cn } from '@/lib/utils';
const Card = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
({ className, ...props }, ref) => (
<div
ref={ref}
className={cn('rounded-lg border bg-card text-card-foreground shadow-sm', className)}
{...props}
/>
)
);
Card.displayName = 'Card';
const CardHeader = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
({ className, ...props }, ref) => (
<div ref={ref} className={cn('flex flex-col space-y-1.5 p-6', className)} {...props} />
)
);
CardHeader.displayName = 'CardHeader';
const CardTitle = React.forwardRef<HTMLParagraphElement, React.HTMLAttributes<HTMLHeadingElement>>(
({ className, ...props }, ref) => (
<h3 ref={ref} className={cn('text-2xl font-semibold leading-none tracking-tight', className)} {...props} />
)
);
CardTitle.displayName = 'CardTitle';
const CardDescription = React.forwardRef<HTMLParagraphElement, React.HTMLAttributes<HTMLParagraphElement>>(
({ className, ...props }, ref) => (
<p ref={ref} className={cn('text-sm text-muted-foreground', className)} {...props} />
)
);
CardDescription.displayName = 'CardDescription';
const CardContent = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
({ className, ...props }, ref) => (
<div ref={ref} className={cn('p-6 pt-0', className)} {...props} />
)
);
CardContent.displayName = 'CardContent';
const CardFooter = React.forwardRef<HTMLDivElement, React.HTMLAttributes<HTMLDivElement>>(
({ className, ...props }, ref) => (
<div ref={ref} className={cn('flex items-center p-6 pt-0', className)} {...props} />
)
);
CardFooter.displayName = 'CardFooter';
export { Card, CardHeader, CardFooter, CardTitle, CardDescription, CardContent };

23
client/src/components/ui/input.tsx Normal file
View File

@@ -0,0 +1,23 @@
import * as React from 'react';
import { cn } from '@/lib/utils';
export interface InputProps extends React.InputHTMLAttributes<HTMLInputElement> {}
const Input = React.forwardRef<HTMLInputElement, InputProps>(
({ className, type, ...props }, ref) => {
return (
<input
type={type}
className={cn(
'flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50',
className
)}
ref={ref}
{...props}
/>
);
}
);
Input.displayName = 'Input';
export { Input };

19
client/src/components/ui/label.tsx Normal file
View File

@@ -0,0 +1,19 @@
import * as React from 'react';
import { cn } from '@/lib/utils';
const Label = React.forwardRef<
HTMLLabelElement,
React.LabelHTMLAttributes<HTMLLabelElement>
>(({ className, ...props }, ref) => (
<label
ref={ref}
className={cn(
'text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70',
className
)}
{...props}
/>
));
Label.displayName = 'Label';
export { Label };

75
client/src/contexts/AuthContext.tsx Normal file
View File

@@ -0,0 +1,75 @@
import React, { createContext, useContext, useEffect, useState } from 'react';
interface User {
id: string;
email: string;
display_name: string;
role: 'organizer' | 'vendor';
}
interface AuthContextValue {
user: User | null;
loading: boolean;
login: (email: string, password: string) => Promise<void>;
register: (email: string, password: string, displayName: string, role?: string) => Promise<void>;
logout: () => Promise<void>;
}
const AuthContext = createContext<AuthContextValue | null>(null);
export function AuthProvider({ children }: { children: React.ReactNode }) {
const [user, setUser] = useState<User | null>(null);
const [loading, setLoading] = useState(true);
// Restore session on mount
useEffect(() => {
fetch('/api/auth/me', { credentials: 'include' })
.then(res => res.ok ? res.json() : null)
.then(data => {
if (data?.user) setUser(data.user);
})
.catch(() => {})
.finally(() => setLoading(false));
}, []);
async function login(email: string, password: string) {
const res = await fetch('/api/auth/login', {
method: 'POST',
credentials: 'include',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email, password }),
});
const data = await res.json();
if (!res.ok) throw new Error(data.error || 'התחברות נכשלה');
setUser(data.user);
}
async function register(email: string, password: string, displayName: string, role = 'organizer') {
const res = await fetch('/api/auth/register', {
method: 'POST',
credentials: 'include',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email, password, display_name: displayName, role }),
});
const data = await res.json();
if (!res.ok) throw new Error(data.error || 'הרשמה נכשלה');
setUser(data.user);
}
async function logout() {
await fetch('/api/auth/logout', { method: 'POST', credentials: 'include' });
setUser(null);
}
return (
<AuthContext.Provider value={{ user, loading, login, register, logout }}>
{children}
</AuthContext.Provider>
);
}
export function useAuth() {
const ctx = useContext(AuthContext);
if (!ctx) throw new Error('useAuth must be used within AuthProvider');
return ctx;
}

33
client/src/index.css Normal file
View File

@@ -0,0 +1,33 @@
@tailwind base;
@tailwind components;
@tailwind utilities;
@layer base {
:root {
--background: 0 0% 100%;
--foreground: 222.2 84% 4.9%;
--card: 0 0% 100%;
--card-foreground: 222.2 84% 4.9%;
--primary: 222.2 47.4% 11.2%;
--primary-foreground: 210 40% 98%;
--muted: 210 40% 96.1%;
--muted-foreground: 215.4 16.3% 46.9%;
--destructive: 0 84.2% 60.2%;
--destructive-foreground: 210 40% 98%;
--border: 214.3 31.8% 91.4%;
--input: 214.3 31.8% 91.4%;
--ring: 222.2 84% 4.9%;
--radius: 0.5rem;
}
* {
@apply border-border;
}
body {
@apply bg-background text-foreground;
font-family: 'Segoe UI', system-ui, -apple-system, sans-serif;
margin: 0;
min-height: 100vh;
}
}

6
client/src/lib/utils.ts Normal file
View File

@@ -0,0 +1,6 @@
import { type ClassValue, clsx } from 'clsx';
import { twMerge } from 'tailwind-merge';
export function cn(...inputs: ClassValue[]) {
return twMerge(clsx(inputs));
}

10
client/src/main.tsx Normal file
View File

@@ -0,0 +1,10 @@
import { StrictMode } from 'react'
import { createRoot } from 'react-dom/client'
import './index.css'
import App from './App.tsx'
createRoot(document.getElementById('root')!).render(
<StrictMode>
<App />
</StrictMode>,
)

38
client/src/pages/DashboardPage.tsx Normal file
View File

@@ -0,0 +1,38 @@
import { useAuth } from '@/contexts/AuthContext';
import { Button } from '@/components/ui/button';
import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card';
export function DashboardPage() {
const { user, logout } = useAuth();
async function handleLogout() {
await logout();
}
return (
<div className="min-h-screen bg-muted/40 p-6" dir="rtl">
<div className="max-w-4xl mx-auto space-y-6">
<div className="flex items-center justify-between">
<h1 className="text-3xl font-bold">אירועית</h1>
<Button variant="outline" onClick={handleLogout}>
התנתקות
</Button>
</div>
<Card>
<CardHeader>
<CardTitle>ברוך הבא, {user?.display_name}</CardTitle>
</CardHeader>
<CardContent>
<p className="text-muted-foreground">
{user?.role === 'organizer' ? 'מארגן אירועים' : 'ספק שירותים'} {user?.email}
</p>
<p className="mt-4 text-sm text-muted-foreground">
הלוח הראשי של {user?.role === 'organizer' ? 'האירועים' : 'הפרופיל'} שלך יוצג כאן בקרוב.
</p>
</CardContent>
</Card>
</div>
</div>
);
}

105
client/src/pages/LoginPage.tsx Normal file
View File

@@ -0,0 +1,105 @@
import { useState, type FormEvent } from 'react';
import { useNavigate, Link } from 'react-router-dom';
import { useAuth } from '@/contexts/AuthContext';
import { Button } from '@/components/ui/button';
import { Input } from '@/components/ui/input';
import { Label } from '@/components/ui/label';
import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from '@/components/ui/card';
export function LoginPage() {
const { login } = useAuth();
const navigate = useNavigate();
const [email, setEmail] = useState('');
const [password, setPassword] = useState('');
const [error, setError] = useState('');
const [loading, setLoading] = useState(false);
// Inline validation
const emailError = email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email) ? 'כתובת אימייל לא תקינה' : '';
const passwordError = password && password.length < 8 ? 'הסיסמה חייבת להכיל לפחות 8 תווים' : '';
async function handleSubmit(e: FormEvent) {
e.preventDefault();
if (emailError || passwordError) return;
setError('');
setLoading(true);
try {
await login(email, password);
navigate('/dashboard');
} catch (err: unknown) {
setError(err instanceof Error ? err.message : 'שגיאה בהתחברות');
} finally {
setLoading(false);
}
}
return (
<div className="min-h-screen flex items-center justify-center bg-muted/40 p-4">
<Card className="w-full max-w-md">
<CardHeader className="text-center">
<CardTitle className="text-2xl">אירועית</CardTitle>
<CardDescription>התחבר לחשבון שלך</CardDescription>
</CardHeader>
<CardContent>
{/* RTL form for Hebrew UI */}
<form onSubmit={handleSubmit} dir="rtl" className="space-y-4">
<div className="space-y-1">
<Label htmlFor="email">אימייל</Label>
<Input
id="email"
type="email"
placeholder="your@email.com"
value={email}
onChange={e => setEmail(e.target.value)}
required
autoComplete="email"
dir="ltr"
/>
{emailError && <p className="text-sm text-destructive">{emailError}</p>}
</div>
<div className="space-y-1">
<Label htmlFor="password">סיסמה</Label>
<Input
id="password"
type="password"
placeholder="••••••••"
value={password}
onChange={e => setPassword(e.target.value)}
required
autoComplete="current-password"
dir="ltr"
/>
{passwordError && <p className="text-sm text-destructive">{passwordError}</p>}
</div>
{error && (
<div className="rounded-md bg-destructive/10 p-3">
<p className="text-sm text-destructive text-center">{error}</p>
</div>
)}
<Button
type="submit"
className="w-full"
disabled={loading || !!emailError || !!passwordError}
>
{loading ? 'מתחבר...' : 'כניסה'}
</Button>
</form>
</CardContent>
<CardFooter className="justify-center">
<p className="text-sm text-muted-foreground" dir="rtl">
אין לך חשבון?{' '}
<Link to="/register" className="text-primary underline underline-offset-4 hover:opacity-80">
הרשמה
</Link>
</p>
</CardFooter>
</Card>
</div>
);
}

156
client/src/pages/RegisterPage.tsx Normal file
View File

@@ -0,0 +1,156 @@
import { useState, type FormEvent } from 'react';
import { useNavigate, Link } from 'react-router-dom';
import { useAuth } from '@/contexts/AuthContext';
import { Button } from '@/components/ui/button';
import { Input } from '@/components/ui/input';
import { Label } from '@/components/ui/label';
import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from '@/components/ui/card';
export function RegisterPage() {
const { register } = useAuth();
const navigate = useNavigate();
const [email, setEmail] = useState('');
const [password, setPassword] = useState('');
const [displayName, setDisplayName] = useState('');
const [role, setRole] = useState<'organizer' | 'vendor'>('organizer');
const [error, setError] = useState('');
const [loading, setLoading] = useState(false);
// Inline validation
const emailError = email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email) ? 'כתובת אימייל לא תקינה' : '';
const passwordError = password && password.length < 8 ? 'הסיסמה חייבת להכיל לפחות 8 תווים' : '';
const nameError = displayName && displayName.trim().length === 0 ? 'שם תצוגה הוא שדה חובה' : '';
async function handleSubmit(e: FormEvent) {
e.preventDefault();
if (emailError || passwordError || nameError) return;
setError('');
setLoading(true);
try {
await register(email, password, displayName, role);
navigate('/dashboard');
} catch (err: unknown) {
setError(err instanceof Error ? err.message : 'שגיאה בהרשמה');
} finally {
setLoading(false);
}
}
return (
<div className="min-h-screen flex items-center justify-center bg-muted/40 p-4">
<Card className="w-full max-w-md">
<CardHeader className="text-center">
<CardTitle className="text-2xl">אירועית</CardTitle>
<CardDescription>יצירת חשבון חדש</CardDescription>
</CardHeader>
<CardContent>
{/* RTL form for Hebrew UI */}
<form onSubmit={handleSubmit} dir="rtl" className="space-y-4">
<div className="space-y-1">
<Label htmlFor="displayName">שם תצוגה</Label>
<Input
id="displayName"
type="text"
placeholder="ישראל ישראלי"
value={displayName}
onChange={e => setDisplayName(e.target.value)}
required
autoComplete="name"
/>
{nameError && <p className="text-sm text-destructive">{nameError}</p>}
</div>
<div className="space-y-1">
<Label htmlFor="email">אימייל</Label>
<Input
id="email"
type="email"
placeholder="your@email.com"
value={email}
onChange={e => setEmail(e.target.value)}
required
autoComplete="email"
dir="ltr"
/>
{emailError && <p className="text-sm text-destructive">{emailError}</p>}
</div>
<div className="space-y-1">
<Label htmlFor="password">סיסמה</Label>
<Input
id="password"
type="password"
placeholder="מינימום 8 תווים"
value={password}
onChange={e => setPassword(e.target.value)}
required
autoComplete="new-password"
dir="ltr"
/>
{passwordError && <p className="text-sm text-destructive">{passwordError}</p>}
</div>
<div className="space-y-1">
<Label>סוג חשבון</Label>
<div className="grid grid-cols-2 gap-2 pt-1">
<button
type="button"
onClick={() => setRole('organizer')}
className={`rounded-md border px-3 py-2 text-sm transition-colors ${
role === 'organizer'
? 'border-primary bg-primary text-primary-foreground'
: 'border-input bg-background hover:bg-muted'
}`}
>
מארגן אירוע
</button>
<button
type="button"
onClick={() => setRole('vendor')}
className={`rounded-md border px-3 py-2 text-sm transition-colors ${
role === 'vendor'
? 'border-primary bg-primary text-primary-foreground'
: 'border-input bg-background hover:bg-muted'
}`}
>
ספק שירותים
</button>
</div>
</div>
{/* Israeli Privacy Law disclosure */}
<p className="text-xs text-muted-foreground leading-relaxed">
בהרשמה אתה מסכים לאיסוף ועיבוד הנתונים שלך בהתאם לחוק הגנת הפרטיות הישראלי 2023.
המידע שנאסף: שם, אימייל, וסיסמה מוצפנת.
</p>
{error && (
<div className="rounded-md bg-destructive/10 p-3">
<p className="text-sm text-destructive text-center">{error}</p>
</div>
)}
<Button
type="submit"
className="w-full"
disabled={loading || !!emailError || !!passwordError || !!nameError}
>
{loading ? 'נרשם...' : 'הרשמה'}
</Button>
</form>
</CardContent>
<CardFooter className="justify-center">
<p className="text-sm text-muted-foreground" dir="rtl">
יש לך כבר חשבון?{' '}
<Link to="/login" className="text-primary underline underline-offset-4 hover:opacity-80">
כניסה
</Link>
</p>
</CardFooter>
</Card>
</div>
);
}

42
client/tailwind.config.js Normal file
View File

@@ -0,0 +1,42 @@
/** @type {import('tailwindcss').Config} */
export default {
darkMode: ['class'],
content: [
'./index.html',
'./src/**/*.{js,ts,jsx,tsx}',
],
theme: {
extend: {
borderRadius: {
lg: 'var(--radius)',
md: 'calc(var(--radius) - 2px)',
sm: 'calc(var(--radius) - 4px)',
},
colors: {
background: 'hsl(var(--background))',
foreground: 'hsl(var(--foreground))',
card: {
DEFAULT: 'hsl(var(--card))',
foreground: 'hsl(var(--card-foreground))',
},
primary: {
DEFAULT: 'hsl(var(--primary))',
foreground: 'hsl(var(--primary-foreground))',
},
muted: {
DEFAULT: 'hsl(var(--muted))',
foreground: 'hsl(var(--muted-foreground))',
},
destructive: {
DEFAULT: 'hsl(var(--destructive))',
foreground: 'hsl(var(--destructive-foreground))',
},
border: 'hsl(var(--border))',
input: 'hsl(var(--input))',
ring: 'hsl(var(--ring))',
},
},
},
plugins: [],
}

32
client/tsconfig.app.json Normal file
View File

@@ -0,0 +1,32 @@
{
"compilerOptions": {
"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
"target": "ES2022",
"useDefineForClassFields": true,
"lib": ["ES2022", "DOM", "DOM.Iterable"],
"module": "ESNext",
"types": ["vite/client"],
"skipLibCheck": true,
/* Bundler mode */
"moduleResolution": "bundler",
"allowImportingTsExtensions": true,
"verbatimModuleSyntax": true,
"moduleDetection": "force",
"noEmit": true,
"jsx": "react-jsx",
/* Linting */
"strict": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"erasableSyntaxOnly": true,
"noFallthroughCasesInSwitch": true,
"noUncheckedSideEffectImports": true,
"baseUrl": ".",
"paths": {
"@/*": ["./src/*"]
}
},
"include": ["src"]
}

7
client/tsconfig.json Normal file
View File

@@ -0,0 +1,7 @@
{
"files": [],
"references": [
{ "path": "./tsconfig.app.json" },
{ "path": "./tsconfig.node.json" }
]
}

26
client/tsconfig.node.json Normal file
View File

@@ -0,0 +1,26 @@
{
"compilerOptions": {
"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
"target": "ES2023",
"lib": ["ES2023"],
"module": "ESNext",
"types": ["node"],
"skipLibCheck": true,
/* Bundler mode */
"moduleResolution": "bundler",
"allowImportingTsExtensions": true,
"verbatimModuleSyntax": true,
"moduleDetection": "force",
"noEmit": true,
/* Linting */
"strict": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"erasableSyntaxOnly": true,
"noFallthroughCasesInSwitch": true,
"noUncheckedSideEffectImports": true
},
"include": ["vite.config.ts"]
}

18
client/vite.config.ts Normal file
View File

@@ -0,0 +1,18 @@
import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
import path from 'path'
// https://vite.dev/config/
export default defineConfig({
plugins: [react()],
resolve: {
alias: {
'@': path.resolve(__dirname, './src'),
},
},
server: {
proxy: {
'/api': 'http://localhost:3000',
},
},
})

11
db/pool.js Normal file
View File

@@ -0,0 +1,11 @@
const { Pool } = require('pg');
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
});
pool.on('error', (err) => {
console.error('Unexpected PostgreSQL client error', err);
});
module.exports = pool;

36
docker-compose.yml Normal file
View File

@@ -0,0 +1,36 @@
version: '3.8'
services:
app:
build: .
expose:
- "3000"
environment:
NODE_ENV: production
PORT: 3000
DATABASE_URL: postgresql://postgres:postgres@postgres:5432/airewit
JWT_SECRET: ${JWT_SECRET}
depends_on:
postgres:
condition: service_healthy
restart: unless-stopped
postgres:
image: postgres:16-alpine
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: airewit
expose:
- "5432"
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d airewit"]
interval: 5s
timeout: 5s
retries: 10
restart: unless-stopped
volumes:
postgres_data:

33
middleware/auth.js Normal file
View File

@@ -0,0 +1,33 @@
const jwt = require('jsonwebtoken');
const JWT_SECRET = process.env.JWT_SECRET;
/**
* Express middleware: validates JWT from httpOnly cookie or Authorization Bearer header.
* Attaches decoded user payload to req.user on success.
* Returns 401 for missing or invalid tokens.
*/
function authMiddleware(req, res, next) {
let token = null;
// Prefer httpOnly cookie
if (req.cookies && req.cookies.token) {
token = req.cookies.token;
} else if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
token = req.headers.authorization.slice(7);
}
if (!token) {
return res.status(401).json({ error: 'Authentication required' });
}
try {
const payload = jwt.verify(token, JWT_SECRET);
req.user = payload;
next();
} catch {
return res.status(401).json({ error: 'Invalid or expired session' });
}
}
module.exports = { authMiddleware };

12
migrations/001_create_extensions.sql Normal file
View File

@@ -0,0 +1,12 @@
-- Migration 001: Enable required PostgreSQL extensions
-- UP
BEGIN;
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
CREATE EXTENSION IF NOT EXISTS "pg_trgm"; -- required for Phase 2 fuzzy Hebrew name search
COMMIT;
-- DOWN
-- BEGIN;
-- DROP EXTENSION IF EXISTS "pg_trgm";
-- DROP EXTENSION IF EXISTS "pgcrypto";
-- COMMIT;

25
migrations/002_create_users.sql Normal file
View File

@@ -0,0 +1,25 @@
-- Migration 002: Create users table
-- UP
BEGIN;
CREATE TYPE user_role AS ENUM ('organizer', 'vendor', 'admin');
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
display_name VARCHAR(255) NOT NULL,
role user_role NOT NULL DEFAULT 'organizer',
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_users_email ON users(email);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS users;
-- DROP TYPE IF EXISTS user_role;
-- COMMIT;

43
migrations/003_create_events.sql Normal file
View File

@@ -0,0 +1,43 @@
-- Migration 003: Create events table
-- UP
BEGIN;
CREATE TYPE event_status AS ENUM ('draft', 'published', 'cancelled', 'completed');
CREATE TYPE kashrut_level AS ENUM ('none', 'regular', 'mehadrin', 'chalav_yisrael');
CREATE TYPE event_language AS ENUM ('hebrew', 'arabic', 'english');
CREATE TABLE events (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
organizer_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
title VARCHAR(255) NOT NULL,
description TEXT,
event_date TIMESTAMPTZ,
venue_name VARCHAR(255),
venue_address TEXT,
max_guests INTEGER,
venue_capacity INTEGER, -- fire-safety hard limit
max_plus_ones_buffer INTEGER NOT NULL DEFAULT 30, -- % buffer for walk-ins
status event_status NOT NULL DEFAULT 'draft',
kashrut_level kashrut_level NOT NULL DEFAULT 'none',
noise_curfew_time TIME NOT NULL DEFAULT '23:00', -- Israeli law default
language_pref event_language NOT NULL DEFAULT 'hebrew',
budget DECIMAL(12, 2),
retention_policy_days INTEGER NOT NULL DEFAULT 365, -- Israeli Privacy Law 2023
deleted_at TIMESTAMPTZ, -- soft delete for organizer use
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_events_organizer_id ON events(organizer_id);
CREATE INDEX idx_events_status ON events(status);
CREATE INDEX idx_events_event_date ON events(event_date);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS events;
-- DROP TYPE IF EXISTS event_language;
-- DROP TYPE IF EXISTS kashrut_level;
-- DROP TYPE IF EXISTS event_status;
-- COMMIT;

50
migrations/004_create_vendors.sql Normal file
View File

@@ -0,0 +1,50 @@
-- Migration 004: Create vendors table
-- UP
BEGIN;
CREATE TYPE vendor_category AS ENUM (
'catering', 'photography', 'videographer', 'music', 'decoration',
'venue', 'officiant', 'staffing', 'transportation', 'printing',
'entertainment', 'other'
);
CREATE TABLE vendors (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
business_name VARCHAR(255) NOT NULL,
category vendor_category NOT NULL,
description TEXT,
base_price DECIMAL(12, 2),
city VARCHAR(100),
is_verified BOOLEAN NOT NULL DEFAULT FALSE,
-- Israeli compliance & certification fields
kashrut_cert_number VARCHAR(100),
kashrut_issuing_authority VARCHAR(255),
business_license_number VARCHAR(100),
license_expiry_date DATE, -- alert when within 30 days of expiry
insurance_ref VARCHAR(255),
-- Phase 3: AI recommendation fields
geographic_area VARCHAR(255), -- broader area (e.g. "North", "Tel Aviv District")
price_range_min DECIMAL(12, 2), -- NIS
price_range_max DECIMAL(12, 2), -- NIS
capacity_min INTEGER,
capacity_max INTEGER,
style_tags TEXT[], -- e.g. {"rustic","modern","religious"}
deleted_at TIMESTAMPTZ, -- soft delete
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_vendors_user_id ON vendors(user_id);
CREATE INDEX idx_vendors_category ON vendors(category);
CREATE INDEX idx_vendors_city ON vendors(city);
CREATE INDEX idx_vendors_geographic ON vendors(geographic_area);
CREATE INDEX idx_vendors_style_tags ON vendors USING GIN(style_tags);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS vendors;
-- DROP TYPE IF EXISTS vendor_category;
-- COMMIT;

56
migrations/005_create_guests.sql Normal file
View File

@@ -0,0 +1,56 @@
-- Migration 005: Create guests table
-- UP
BEGIN;
CREATE TYPE rsvp_status AS ENUM ('pending', 'confirmed', 'declined');
CREATE TYPE relationship_group AS ENUM ('family_bride', 'family_groom', 'friends', 'work', 'community', 'other');
CREATE TYPE dietary_preference AS ENUM ('none', 'vegetarian', 'vegan', 'kosher_regular', 'kosher_mehadrin');
CREATE TYPE guest_source AS ENUM ('registered', 'walkin'); -- Phase 2: analytics
CREATE TABLE guests (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
event_id UUID NOT NULL REFERENCES events(id) ON DELETE CASCADE,
-- Name (Hebrew required; Latin transliteration for non-Hebrew speakers)
name_hebrew VARCHAR(255) NOT NULL,
name_transliteration VARCHAR(255),
-- Contact (Israeli E.164 phone format: +972XXXXXXXXX)
email VARCHAR(255),
phone VARCHAR(20),
-- RSVP
rsvp_status rsvp_status NOT NULL DEFAULT 'pending',
-- Seating
table_number INTEGER,
seat_number VARCHAR(10),
-- Social grouping
relationship_group relationship_group,
plus_one_of UUID REFERENCES guests(id) ON DELETE SET NULL, -- self-ref FK
plus_one_allowance INTEGER NOT NULL DEFAULT 0,
-- Preferences
dietary_preference dietary_preference NOT NULL DEFAULT 'none',
dietary_notes TEXT, -- free-text override/additions
accessibility_needs TEXT,
-- Phase 2: Day-of check-in
source guest_source NOT NULL DEFAULT 'registered', -- analytics (walk-ins vs pre-registered)
-- Israeli Privacy Law 2023 compliance
privacy_accepted_at TIMESTAMPTZ,
-- NO deleted_at: guests support hard delete only (data subject right per Israeli Privacy Law)
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_guests_event_id ON guests(event_id);
CREATE INDEX idx_guests_rsvp_status ON guests(rsvp_status);
CREATE INDEX idx_guests_plus_one_of ON guests(plus_one_of);
-- pg_trgm GIN index for Phase 2 fuzzy Hebrew name search (requires pg_trgm from migration 001)
CREATE INDEX idx_guests_name_trgm ON guests USING GIN(name_hebrew gin_trgm_ops);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS guests;
-- DROP TYPE IF EXISTS guest_source;
-- DROP TYPE IF EXISTS dietary_preference;
-- DROP TYPE IF EXISTS relationship_group;
-- DROP TYPE IF EXISTS rsvp_status;
-- COMMIT;

35
migrations/006_create_bookings.sql Normal file
View File

@@ -0,0 +1,35 @@
-- Migration 006: Create bookings table
-- UP
BEGIN;
CREATE TYPE booking_status AS ENUM ('pending', 'confirmed', 'cancelled');
CREATE TYPE payment_status AS ENUM ('unpaid', 'deposit_paid', 'fully_paid'); -- Phase 3: AI/financial
CREATE TABLE bookings (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
event_id UUID NOT NULL REFERENCES events(id) ON DELETE CASCADE,
vendor_id UUID NOT NULL REFERENCES vendors(id) ON DELETE CASCADE,
status booking_status NOT NULL DEFAULT 'pending',
agreed_price DECIMAL(12, 2),
notes TEXT,
-- Phase 3: AI recommendation & financial tracking
contract_value DECIMAL(12, 2), -- actual signed contract value in NIS
payment_status payment_status NOT NULL DEFAULT 'unpaid',
deleted_at TIMESTAMPTZ, -- soft delete
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_bookings_event_id ON bookings(event_id);
CREATE INDEX idx_bookings_vendor_id ON bookings(vendor_id);
CREATE INDEX idx_bookings_status ON bookings(status);
CREATE INDEX idx_bookings_payment_status ON bookings(payment_status);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS bookings;
-- DROP TYPE IF EXISTS payment_status;
-- DROP TYPE IF EXISTS booking_status;
-- COMMIT;

31
migrations/007_create_invitations.sql Normal file
View File

@@ -0,0 +1,31 @@
-- Migration 007: Create invitations table
-- UP
BEGIN;
CREATE TYPE invitation_channel AS ENUM ('sms', 'whatsapp', 'email');
CREATE TABLE invitations (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
event_id UUID NOT NULL REFERENCES events(id) ON DELETE CASCADE,
guest_id UUID NOT NULL REFERENCES guests(id) ON DELETE CASCADE,
token VARCHAR(128) UNIQUE NOT NULL DEFAULT encode(gen_random_bytes(64), 'hex'),
channel invitation_channel NOT NULL DEFAULT 'whatsapp',
-- MVP: wa.me deep-link (no Twilio/API required)
-- Format: https://wa.me/+972XXXXXXXXX?text=ENCODED_MESSAGE
whatsapp_link TEXT, -- pre-generated deep-link for organizer to click
sent_at TIMESTAMPTZ, -- when organizer clicked Send
opened_at TIMESTAMPTZ, -- when guest opened the RSVP link
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_invitations_event_id ON invitations(event_id);
CREATE INDEX idx_invitations_guest_id ON invitations(guest_id);
CREATE INDEX idx_invitations_token ON invitations(token);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS invitations;
-- DROP TYPE IF EXISTS invitation_channel;
-- COMMIT;

35
migrations/008_create_vendor_ratings.sql Normal file
View File

@@ -0,0 +1,35 @@
-- Migration 008: Create vendor_ratings table (Phase 3: AI recommendation engine)
-- UP
BEGIN;
CREATE TABLE vendor_ratings (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
event_id UUID NOT NULL REFERENCES events(id) ON DELETE CASCADE,
vendor_id UUID NOT NULL REFERENCES vendors(id) ON DELETE CASCADE,
organizer_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
-- 6-dimension rating system (1-5 scale)
quality_score SMALLINT NOT NULL CHECK (quality_score BETWEEN 1 AND 5),
professionalism_score SMALLINT NOT NULL CHECK (professionalism_score BETWEEN 1 AND 5),
flexibility_score SMALLINT NOT NULL CHECK (flexibility_score BETWEEN 1 AND 5),
value_score SMALLINT NOT NULL CHECK (value_score BETWEEN 1 AND 5),
-- Boolean recommendation signals
would_use_again BOOLEAN NOT NULL,
would_recommend BOOLEAN NOT NULL,
-- Optional review text
review_text TEXT,
rated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-- One rating per (event, vendor, organizer) tuple
CONSTRAINT uq_vendor_rating UNIQUE (event_id, vendor_id, organizer_id)
);
CREATE INDEX idx_vendor_ratings_vendor_id ON vendor_ratings(vendor_id);
CREATE INDEX idx_vendor_ratings_organizer_id ON vendor_ratings(organizer_id);
CREATE INDEX idx_vendor_ratings_event_id ON vendor_ratings(event_id);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS vendor_ratings;
-- COMMIT;

30
migrations/009_create_organizer_preferences.sql Normal file
View File

@@ -0,0 +1,30 @@
-- Migration 009: Create organizer_preferences table (Phase 3: AI recommendation engine)
-- UP
BEGIN;
CREATE TABLE organizer_preferences (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
-- Style preferences (matches vendors.style_tags for AI matching)
style_tags TEXT[], -- e.g. {"rustic","modern","religious"}
-- Typical event scale
typical_guest_count_min INTEGER,
typical_guest_count_max INTEGER,
-- Typical budget range in NIS
typical_budget_min DECIMAL(12, 2),
typical_budget_max DECIMAL(12, 2),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-- One preference record per user
CONSTRAINT uq_organizer_preferences_user UNIQUE (user_id)
);
CREATE INDEX idx_organizer_prefs_user_id ON organizer_preferences(user_id);
CREATE INDEX idx_organizer_prefs_style_tags ON organizer_preferences USING GIN(style_tags);
COMMIT;
-- DOWN
-- BEGIN;
-- DROP TABLE IF EXISTS organizer_preferences;
-- COMMIT;

24
package.json Normal file
View File

@@ -0,0 +1,24 @@
{
"name": "airewit-server",
"version": "1.0.0",
"description": "אירועית - Event Management Platform API",
"main": "server.js",
"scripts": {
"start": "node server.js",
"dev": "nodemon server.js",
"migrate": "node scripts/migrate.js",
"seed": "node scripts/seed.js"
},
"dependencies": {
"bcrypt": "^5.1.1",
"cookie-parser": "^1.4.6",
"cors": "^2.8.5",
"dotenv": "^16.4.5",
"express": "^4.18.3",
"jsonwebtoken": "^9.0.2",
"pg": "^8.11.3"
},
"devDependencies": {
"nodemon": "^3.1.0"
}
}

154
routes/auth.js Normal file
View File

@@ -0,0 +1,154 @@
const express = require('express');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');
const pool = require('../db/pool');
const router = express.Router();
const BCRYPT_ROUNDS = 12; // min 10 per spec; 12 for extra safety
const JWT_SECRET = process.env.JWT_SECRET;
const JWT_EXPIRES_IN = '24h';
const COOKIE_MAX_AGE = 24 * 60 * 60 * 1000; // 24h in ms
// ─── Helpers ─────────────────────────────────────────────────────────────────
function isValidEmail(email) {
return typeof email === 'string' && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
}
function setAuthCookie(res, token) {
res.cookie('token', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
maxAge: COOKIE_MAX_AGE,
});
}
// ─── POST /api/auth/register ──────────────────────────────────────────────────
router.post('/register', async (req, res) => {
const { email, password, display_name, role } = req.body;
// 400 — validation
const errors = [];
if (!email || !isValidEmail(email)) errors.push('Valid email is required');
if (!password || password.length < 8) errors.push('Password must be at least 8 characters');
if (!display_name || display_name.trim().length === 0) errors.push('Display name is required');
if (role && !['organizer', 'vendor'].includes(role)) errors.push('Role must be organizer or vendor');
if (errors.length > 0) {
return res.status(400).json({ error: errors.join('; ') });
}
const userRole = role || 'organizer';
try {
// 409 — duplicate email
const existing = await pool.query('SELECT id FROM users WHERE email = $1', [email.toLowerCase()]);
if (existing.rows.length > 0) {
return res.status(409).json({ error: 'An account with this email already exists' });
}
const password_hash = await bcrypt.hash(password, BCRYPT_ROUNDS);
const result = await pool.query(
`INSERT INTO users (email, password_hash, display_name, role)
VALUES ($1, $2, $3, $4)
RETURNING id, email, display_name, role, created_at`,
[email.toLowerCase(), password_hash, display_name.trim(), userRole]
);
const user = result.rows[0];
const token = jwt.sign(
{ id: user.id, email: user.email, role: user.role },
JWT_SECRET,
{ expiresIn: JWT_EXPIRES_IN }
);
setAuthCookie(res, token);
return res.status(201).json({
user: { id: user.id, email: user.email, display_name: user.display_name, role: user.role },
});
} catch (err) {
console.error('Registration error:', err.message);
return res.status(500).json({ error: 'Registration failed. Please try again.' });
}
});
// ─── POST /api/auth/login ─────────────────────────────────────────────────────
router.post('/login', async (req, res) => {
const { email, password } = req.body;
// 400 — validation
if (!email || !password) {
return res.status(400).json({ error: 'Email and password are required' });
}
try {
const result = await pool.query(
'SELECT id, email, password_hash, display_name, role FROM users WHERE email = $1',
[email.toLowerCase()]
);
// Generic 401 — do not reveal whether email or password was wrong
if (result.rows.length === 0) {
await bcrypt.compare(password, '$2b$12$fakehashtopreventtimingattacks00000000000000000000000'); // timing safe
return res.status(401).json({ error: 'Invalid email or password' });
}
const user = result.rows[0];
const valid = await bcrypt.compare(password, user.password_hash);
if (!valid) {
return res.status(401).json({ error: 'Invalid email or password' });
}
const token = jwt.sign(
{ id: user.id, email: user.email, role: user.role },
JWT_SECRET,
{ expiresIn: JWT_EXPIRES_IN }
);
setAuthCookie(res, token);
return res.json({
user: { id: user.id, email: user.email, display_name: user.display_name, role: user.role },
});
} catch (err) {
console.error('Login error:', err.message);
return res.status(500).json({ error: 'Login failed. Please try again.' });
}
});
// ─── POST /api/auth/logout ────────────────────────────────────────────────────
router.post('/logout', (req, res) => {
res.clearCookie('token', { httpOnly: true, sameSite: 'lax' });
return res.json({ message: 'Logged out successfully' });
});
// ─── GET /api/auth/me ─────────────────────────────────────────────────────────
// Returns current user from cookie — useful for session restore on page refresh
const { authMiddleware } = require('../middleware/auth');
router.get('/me', authMiddleware, async (req, res) => {
try {
const result = await pool.query(
'SELECT id, email, display_name, role FROM users WHERE id = $1',
[req.user.id]
);
if (result.rows.length === 0) {
return res.status(401).json({ error: 'User not found' });
}
return res.json({ user: result.rows[0] });
} catch (err) {
console.error('Me endpoint error:', err.message);
return res.status(500).json({ error: 'Failed to retrieve user' });
}
});
module.exports = router;

51
scripts/migrate.js Normal file
View File

@@ -0,0 +1,51 @@
require('dotenv').config();
const fs = require('fs');
const path = require('path');
const { Pool } = require('pg');
const pool = new Pool({ connectionString: process.env.DATABASE_URL });
async function migrate() {
const migrationsDir = path.join(__dirname, '..', 'migrations');
const files = fs.readdirSync(migrationsDir).filter(f => f.endsWith('.sql')).sort();
// Ensure migrations tracking table exists
await pool.query(`
CREATE TABLE IF NOT EXISTS schema_migrations (
filename VARCHAR(255) PRIMARY KEY,
applied_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
)
`);
for (const file of files) {
const { rows } = await pool.query(
'SELECT filename FROM schema_migrations WHERE filename = $1',
[file]
);
if (rows.length > 0) {
console.log(` ✓ already applied: ${file}`);
continue;
}
const sql = fs.readFileSync(path.join(migrationsDir, file), 'utf8');
// Extract and run only the UP section (before the -- DOWN comment)
const upSection = sql.split('-- DOWN')[0].trim();
try {
await pool.query(upSection);
await pool.query('INSERT INTO schema_migrations (filename) VALUES ($1)', [file]);
console.log(` ✅ applied: ${file}`);
} catch (err) {
console.error(` ❌ failed: ${file}`, err.message);
process.exit(1);
}
}
console.log('Migrations complete.');
await pool.end();
}
migrate().catch(err => {
console.error('Migration error:', err);
process.exit(1);
});

39
scripts/seed.js Normal file
View File

@@ -0,0 +1,39 @@
require('dotenv').config();
const fs = require('fs');
const path = require('path');
const bcrypt = require('bcrypt');
const { Pool } = require('pg');
const pool = new Pool({ connectionString: process.env.DATABASE_URL });
async function seed() {
const hash = await bcrypt.hash('Password123!', 12);
let sql = fs.readFileSync(
path.join(__dirname, '..', 'seeds', '001_seed_test_data.sql'),
'utf8'
);
// Replace placeholder hash with real bcrypt hash
sql = sql.replace(/\$2b\$10\$REPLACE_WITH_REAL_HASH/g, hash);
try {
await pool.query(sql);
console.log('✅ Seed data inserted');
} catch (err) {
// Ignore duplicate key errors (idempotent re-run)
if (err.code === '23505') {
console.log(' Seed data already present, skipping');
} else {
console.error('❌ Seed error:', err.message);
process.exit(1);
}
}
await pool.end();
}
seed().catch(err => {
console.error('Seed error:', err);
process.exit(1);
});

92
seeds/001_seed_test_data.sql Normal file
View File

@@ -0,0 +1,92 @@
-- Seed 001: Test data for development
-- Passwords are bcrypt hashes of 'Password123!' — replace at runtime with actual hash
BEGIN;
-- ─── Users ───────────────────────────────────────────────────────────────────
-- Test organizer
INSERT INTO users (id, email, password_hash, display_name, role) VALUES
('11111111-1111-1111-1111-111111111111',
'organizer@test.com',
'$2b$10$REPLACE_WITH_REAL_HASH',
'מארגן בדיקה',
'organizer');
-- Vendor users (one per vendor profile below)
INSERT INTO users (id, email, password_hash, display_name, role) VALUES
('22222222-2222-2222-2222-222222222222', 'catering@test.com', '$2b$10$REPLACE_WITH_REAL_HASH', 'קייטרינג לדוגמה', 'vendor'),
('22222222-2222-2222-2222-222222222223', 'photography@test.com', '$2b$10$REPLACE_WITH_REAL_HASH', 'צלם לדוגמה', 'vendor'),
('22222222-2222-2222-2222-222222222224', 'music@test.com', '$2b$10$REPLACE_WITH_REAL_HASH', 'מוזיקה לדוגמה', 'vendor'),
('22222222-2222-2222-2222-222222222225', 'decoration@test.com', '$2b$10$REPLACE_WITH_REAL_HASH', 'עיצוב לדוגמה', 'vendor'),
('22222222-2222-2222-2222-222222222226', 'venue@test.com', '$2b$10$REPLACE_WITH_REAL_HASH', 'אולם לדוגמה', 'vendor');
-- ─── Vendors (5 profiles across different categories) ────────────────────────
INSERT INTO vendors (id, user_id, business_name, category, city, geographic_area,
base_price, price_range_min, price_range_max,
capacity_min, capacity_max,
style_tags, is_verified) VALUES
('33333333-3333-3333-3333-333333333331',
'22222222-2222-2222-2222-222222222222',
'קייטרינג שף אורי', 'catering', 'תל אביב', 'מרכז',
5000.00, 4000.00, 12000.00, 50, 500,
ARRAY['kosher_mehadrin', 'modern'], TRUE),
('33333333-3333-3333-3333-333333333332',
'22222222-2222-2222-2222-222222222223',
'סטודיו לכידת רגעים', 'photography', 'ירושלים', 'ירושלים וסביבותיה',
3000.00, 2500.00, 8000.00, 30, 600,
ARRAY['traditional', 'religious'], TRUE),
('33333333-3333-3333-3333-333333333333',
'22222222-2222-2222-2222-222222222224',
'להקת הכוכבים', 'music', 'חיפה', 'צפון',
4000.00, 3000.00, 10000.00, 100, 800,
ARRAY['modern', 'mizrahi'], FALSE),
('33333333-3333-3333-3333-333333333334',
'22222222-2222-2222-2222-222222222225',
'עיצוב ואווירה', 'decoration', 'ראשון לציון', 'מרכז',
2000.00, 1500.00, 6000.00, 20, 400,
ARRAY['rustic', 'romantic', 'modern'], TRUE),
('33333333-3333-3333-3333-333333333335',
'22222222-2222-2222-2222-222222222226',
'אולם הנשיאים', 'venue', 'נתניה', 'שרון',
15000.00, 10000.00, 35000.00, 80, 700,
ARRAY['elegant', 'modern'], TRUE);
-- ─── Sample Event ─────────────────────────────────────────────────────────────
INSERT INTO events (id, organizer_id, title, description, event_date,
venue_name, max_guests, venue_capacity,
status, kashrut_level, noise_curfew_time,
max_plus_ones_buffer, retention_policy_days, language_pref) VALUES
('44444444-4444-4444-4444-444444444444',
'11111111-1111-1111-1111-111111111111',
'חתונת בדיקה',
'אירוע לדוגמה לפיתוח',
NOW() + INTERVAL '30 days',
'אולם הנשיאים', 150, 200,
'draft', 'mehadrin', '23:00',
30, 365, 'hebrew');
-- ─── Sample Guests ────────────────────────────────────────────────────────────
INSERT INTO guests (event_id, name_hebrew, name_transliteration, email, phone,
rsvp_status, relationship_group, dietary_preference,
plus_one_allowance, source, privacy_accepted_at) VALUES
('44444444-4444-4444-4444-444444444444',
'יוסי כהן', 'Yossi Cohen', 'yossi@test.com', '+972501234567',
'pending', 'family_groom', 'kosher_mehadrin', 1, 'registered', NOW()),
('44444444-4444-4444-4444-444444444444',
'מיכל לוי', 'Michal Levi', 'michal@test.com', '+972521234567',
'confirmed', 'friends', 'vegetarian', 0, 'registered', NOW()),
('44444444-4444-4444-4444-444444444444',
'דוד ישראלי', 'David Israeli', 'david@test.com', '+972541234567',
'declined', 'work', 'none', 0, 'registered', NOW());
COMMIT;

37
server.js Normal file
View File

@@ -0,0 +1,37 @@
require('dotenv').config();
const express = require('express');
const cookieParser = require('cookie-parser');
const cors = require('cors');
const path = require('path');
const authRoutes = require('./routes/auth');
const { authMiddleware } = require('./middleware/auth');
const app = express();
const PORT = process.env.PORT || 3000;
app.use(cors({
origin: process.env.CLIENT_ORIGIN || true,
credentials: true,
}));
app.use(express.json());
app.use(cookieParser());
// Health check — no auth required
app.get('/health', (req, res) => res.json({ status: 'ok' }));
// Auth routes — no middleware (register/login are public)
app.use('/api/auth', authRoutes);
// All routes below require valid JWT
app.use('/api', authMiddleware);
// Serve React frontend in production
app.use(express.static(path.join(__dirname, 'client', 'dist')));
app.get('*', (req, res) => {
res.sendFile(path.join(__dirname, 'client', 'dist', 'index.html'));
});
app.listen(PORT, () => {
console.log(`אירועית server running on port ${PORT}`);
});