feat: implement auth system, passkeys, and user management

Add PostgreSQL and Redis integration for users and sessions
Implement password and WebAuthn passkey login flows
Add Docker stack, super-admin seeding, and protected routes

README.md

@@ -1,75 +1,121 @@
-# Nuxt Minimal Starter
+# Dinner Ticket System
 
-Look at the [Nuxt documentation](https://nuxt.com/docs/getting-started/introduction) to learn more.
+Nuxt 4 app with:
+
+- Public dinner ticket booking page
+- Staff login with password and passkey support
+- PostgreSQL-backed users and passkeys
+- Redis-backed sessions and WebAuthn challenge storage
+- Seeded `xiaomai` super-admin account
+- Super-admin user creation and password reset flow
+- First-login enforcement: temporary password change plus passkey enrollment
+
+## Environment
+
+Create `.env` from `.env.example` and set:
+
+```bash
+NUXT_DATABASE_URL=postgresql://postgres:postgres@127.0.0.1:5432/dinner_ticket_system
+NUXT_REDIS_URL=redis://127.0.0.1:6379
+NUXT_PUBLIC_APP_URL=http://localhost:20013
+```
+
+`NUXT_PUBLIC_APP_URL` should be your final HTTPS origin in production. Passkeys rely on the RP origin being stable and correct.
 
 ## Setup
 
-Make sure to install dependencies:
+Install dependencies:
 
 ```bash
-# npm
-npm install
-
-# pnpm
 pnpm install
-
-# yarn
-yarn install
-
-# bun
-bun install
 ```
 
-## Development Server
+## Development
 
-Start the development server on `http://localhost:3000`:
+Start the app:
 
 ```bash
-# npm
-npm run dev
-
-# pnpm
 pnpm dev
-
-# yarn
-yarn dev
-
-# bun
-bun run dev
 ```
 
+The backend bootstraps its schema automatically on startup and seeds this initial super-admin account if it does not already exist:
+
+- Username: `xiaomai`
+- Temporary password: `123456`
+
+On first login, the user is forced to change that temporary password and register a passkey before accessing the protected area.
+
 ## Production
 
-Build the application for production:
+Build:
 
 ```bash
-# npm
-npm run build
-
-# pnpm
 pnpm build
-
-# yarn
-yarn build
-
-# bun
-bun run build
 ```
 
-Locally preview production build:
+Preview the built server:
 
 ```bash
-# npm
-npm run preview
-
-# pnpm
-pnpm preview
-
-# yarn
-yarn preview
-
-# bun
-bun run preview
+node .output/server/index.mjs
 ```
 
-Check out the [deployment documentation](https://nuxt.com/docs/getting-started/deployment) for more information.
+## Docker
+
+The repo now includes a production-ready container stack:
+
+- [Dockerfile](/mnt/d/SourceCode/tootaio/dinner-ticket-system/Dockerfile)
+- [docker-compose.yml](/mnt/d/SourceCode/tootaio/dinner-ticket-system/docker-compose.yml)
+- [.dockerignore](/mnt/d/SourceCode/tootaio/dinner-ticket-system/.dockerignore)
+
+Bring up the full environment:
+
+```bash
+docker compose up --build
+```
+
+This starts:
+
+- Nuxt/Nitro app on `http://localhost:20013`
+- PostgreSQL only on the internal Docker network
+- Redis only on the internal Docker network
+
+The app container waits on PostgreSQL and Redis health checks, and exposes:
+
+- `GET /api/health` for container/runtime health
+
+Stop the stack:
+
+```bash
+docker compose down
+```
+
+Stop and remove persisted database/cache volumes:
+
+```bash
+docker compose down -v
+```
+
+For passkey testing in Docker, set `NUXT_PUBLIC_APP_URL` to the exact origin you open in the browser. In production, this should be your final HTTPS URL.
+
+## Protected Areas
+
+- `/login`
+- `/security`
+- `/management/users`
+
+## User Flows
+
+- Password login with Redis-backed session cookie
+- Passkey login using WebAuthn discoverable credentials
+- Super admin creates users with default password `123456`
+- Users must change password and set a passkey after first login
+- Users can change their own password from Security
+- Super admin can reset a user's password back to `123456`
+
+## Verification
+
+The codebase currently verifies cleanly with:
+
+```bash
+pnpm build
+```