Kingsmai/dticket.tootaio.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dticket.tootaio.com/README.md
xiaomai 06165f80db feat(auth): make passkey enrollment optional on first login 
Remove passkey requirement from user onboarding flow
Update UI badges to show passkeys as optional rather than pending
Update documentation to reflect the new behavior
2026-04-27 13:25:05 +08:00

151 lines
4.0 KiB
Markdown
Raw Permalink Blame History

# Dinner Ticket System
Nuxt 4 app with:
- Public dinner ticket booking page
- Staff login with password and passkey support
- PostgreSQL-backed users and passkeys
- Redis-backed sessions and WebAuthn challenge storage
- Seeded `xiaomai` super-admin account
- Super-admin user creation and password reset flow
- First-login enforcement: temporary password change
## Environment
Create `.env` from `.env.example` and set:
```bash
NUXT_DATABASE_URL=postgresql://postgres:postgres@127.0.0.1:5432/dinner_ticket_system
NUXT_REDIS_URL=redis://127.0.0.1:6379
NUXT_WHATSAPP_ACCESS_TOKEN=
NUXT_WHATSAPP_PHONE_NUMBER_ID=
NUXT_WHATSAPP_API_VERSION=v23.0
NUXT_PUBLIC_APP_URL=http://localhost:20013
```
`NUXT_PUBLIC_APP_URL` should be your final HTTPS origin in production. Passkeys rely on the RP origin being stable and correct.
Set the WhatsApp variables to enable automatic ticket receipt delivery after PIC confirmation. Without them, confirmation still succeeds and the UI reports that WhatsApp delivery was skipped.
## Setup
Install dependencies:
```bash
pnpm install
```
## Development
Start the app:
```bash
pnpm dev
```
The backend bootstraps its schema automatically on startup and seeds this initial super-admin account if it does not already exist:
- Username: `xiaomai`
- Temporary password: `123456`
On first login, the user is forced to change that temporary password before accessing the protected area. Passkey enrollment is available from Security, but optional.
## Production
Build:
```bash
pnpm build
```
Preview the built server:
```bash
node .output/server/index.mjs
```
## Docker
The repo now includes a production-ready container stack:
- [Dockerfile](/mnt/d/SourceCode/tootaio/dinner-ticket-system/Dockerfile)
- [docker-compose.yml](/mnt/d/SourceCode/tootaio/dinner-ticket-system/docker-compose.yml)
- [docker-compose.dev.yml](/mnt/d/SourceCode/tootaio/dinner-ticket-system/docker-compose.dev.yml)
- [.dockerignore](/mnt/d/SourceCode/tootaio/dinner-ticket-system/.dockerignore)
Bring up the full environment:
```bash
docker compose up --build
```
This starts:
- Nuxt/Nitro app on `http://localhost:20013`
- PostgreSQL only on the internal Docker network
- Redis only on the internal Docker network
The app container waits on PostgreSQL and Redis health checks, and exposes:
- `GET /api/health` for container/runtime health
Stop the stack:
```bash
docker compose down
```
Stop and remove persisted database/cache volumes:
```bash
docker compose down -v
```
For passkey testing in Docker, set `NUXT_PUBLIC_APP_URL` to the exact origin you open in the browser. In production, this should be your final HTTPS URL.
### Docker Development With Hot Reload
Use the dev override when you want live reload instead of rebuilding the image after every code change:
```bash
docker compose -f docker-compose.yml -f docker-compose.dev.yml up --build
```
This keeps PostgreSQL and Redis in Docker, but runs the app container in Nuxt dev mode with:
- the project directory bind-mounted into `/app`
- a persistent `/app/node_modules` volume so dependencies stay inside Docker
- an automatic `pnpm install --frozen-lockfile` during app container startup
- polling-based file watching for reliable reloads on mounted filesystems
After the first start, code changes on the host should reload automatically without rebuilding the image.
When you change dependencies, restart the app container so it reruns `pnpm install` against the current lockfile:
```bash
docker compose -f docker-compose.yml -f docker-compose.dev.yml restart app
```
## Protected Areas
- `/login`
- `/security`
- `/management/users`
## User Flows
- Password login with Redis-backed session cookie
- Passkey login using WebAuthn discoverable credentials
- Super admin creates users with default password `123456`
- Users must change password after first login
- Users can optionally register a passkey from Security
- Users can change their own password from Security
- Super admin can reset a user's password back to `123456`
## Verification
The codebase currently verifies cleanly with:
```bash
pnpm build
```
Reference in New Issue View Git Blame Copy Permalink