xiaomai
07e5d42005
Extract shared auth logic and validation rules to shared/auth.ts Introduce utility functions for HTTP errors and user input parsing Standardize error messages and date formatting across the app
Dinner Ticket System
Nuxt 4 app with:
- Public dinner ticket booking page
- Staff login with password and passkey support
- PostgreSQL-backed users and passkeys
- Redis-backed sessions and WebAuthn challenge storage
- Seeded
xiaomaisuper-admin account - Super-admin user creation and password reset flow
- First-login enforcement: temporary password change plus passkey enrollment
Environment
Create .env from .env.example and set:
NUXT_DATABASE_URL=postgresql://postgres:postgres@127.0.0.1:5432/dinner_ticket_system
NUXT_REDIS_URL=redis://127.0.0.1:6379
NUXT_PUBLIC_APP_URL=http://localhost:20013
NUXT_PUBLIC_APP_URL should be your final HTTPS origin in production. Passkeys rely on the RP origin being stable and correct.
Setup
Install dependencies:
pnpm install
Development
Start the app:
pnpm dev
The backend bootstraps its schema automatically on startup and seeds this initial super-admin account if it does not already exist:
- Username:
xiaomai - Temporary password:
123456
On first login, the user is forced to change that temporary password and register a passkey before accessing the protected area.
Production
Build:
pnpm build
Preview the built server:
node .output/server/index.mjs
Docker
The repo now includes a production-ready container stack:
Bring up the full environment:
docker compose up --build
This starts:
- Nuxt/Nitro app on
http://localhost:20013 - PostgreSQL only on the internal Docker network
- Redis only on the internal Docker network
The app container waits on PostgreSQL and Redis health checks, and exposes:
GET /api/healthfor container/runtime health
Stop the stack:
docker compose down
Stop and remove persisted database/cache volumes:
docker compose down -v
For passkey testing in Docker, set NUXT_PUBLIC_APP_URL to the exact origin you open in the browser. In production, this should be your final HTTPS URL.
Protected Areas
/login/security/management/users
User Flows
- Password login with Redis-backed session cookie
- Passkey login using WebAuthn discoverable credentials
- Super admin creates users with default password
123456 - Users must change password and set a passkey after first login
- Users can change their own password from Security
- Super admin can reset a user's password back to
123456
Verification
The codebase currently verifies cleanly with:
pnpm build