Commit graph

15 commits

Author SHA1 Message Date
Tim Stollberg
0c8fa056d2 feat(docker): expose mysql on host loopback for SSH-tunneled DB access
Binds only to 127.0.0.1 on the Coolify host, not 0.0.0.0, so the DB
is reachable via an SSH tunnel (e.g. SequelAce) but never exposed
publicly.
2026-07-18 16:13:34 +07:00
Tim Stollberg
abbd92ef85 fix(auth): return JSON 401 for unauthenticated requests unconditionally
The previous Authenticate::redirectTo() -> null fix was incomplete:
Laravel's default Handler::unauthenticated() still falls back to
route('login') via '$exception->redirectTo() ?? route('login')'
whenever the request isn't detected as expectsJson() (no Accept:
application/json or X-Requested-With header), which throws
RouteNotFoundException since this app has no named login route.

Override unauthenticated() directly so this pure-API backend always
returns a JSON 401, regardless of request headers.
2026-07-18 16:09:04 +07:00
Tim Stollberg
0638d9c143 fix(docker): remove redundant custom network from prod compose
nginx sat on two Docker networks (Coolify's shared per-app network,
where coolify-proxy lives, plus our custom "mandant" bridge). With
no explicit traefik.docker.network label, Traefik's Docker provider
picked one non-deterministically across deploys — when it picked
"mandant", its backend connection went to an unreachable network and
silently hung after completing the TLS/HTTP handshake with clients.

All services already share Coolify's injected network, so the custom
network was redundant. Removing it leaves each container on exactly
one network, eliminating the ambiguity.
2026-07-18 15:58:40 +07:00
Tim Stollberg
837c91019f fix(auth): stop redirecting unauthenticated requests to nonexistent login route
No named 'login' route exists anywhere in this app (it's a pure API
backend for the Nuxt SPA). Authenticate::redirectTo() called
route('login') for any request without an explicit Accept: application/json
header, throwing RouteNotFoundException and surfacing as a 500 instead
of the expected 401.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-18 15:42:33 +07:00
Tim Stollberg
3da50c8967 fix(docker): create required Laravel runtime dirs before composer install
storage/framework/{cache,sessions,views}, storage/logs, and
bootstrap/cache are all gitignored with no tracked placeholder, so a
fresh checkout (as Coolify does) has none of them. composer install's
package:discover post-autoload script writes to bootstrap/cache and
failed with "directory must be present and writable" since it simply
didn't exist yet.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-18 15:34:36 +07:00
Tim Stollberg
a56c22953c fix(backend): regenerate composer.lock after Filament removal
composer.json dropped filament/*, livewire, and openspout in 71730fe,
but composer.lock was never regenerated. The stale lock still pinned
those packages, and a --no-dev install (as used in the prod Docker
build) failed because filament/support requires ext-intl and
openspout requires ext-zip, neither of which are installed in the
prod PHP image.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-18 15:31:19 +07:00
Tim Stollberg
a95fac5c0d feat(docker): add production docker-compose for Coolify deployment
Coolify builds with --project-directory set to the repo root, which broke
the dev compose file's relative paths. Adds a dedicated prod compose stack
(baked-in code, no bind mounts, no hardcoded secrets, static Nuxt build
served by nginx) so local dev and Coolify no longer share fragile path
assumptions.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-18 14:59:06 +07:00
Tim Stollberg
71730fef06 feat: remove Filament, add user account management
- Remove Filament /admin panel completely (AdminPanelProvider, UserResource, routes)
- Update composer.json to remove filament/filament dependency
- Add User model soft deletes with SoftDeletes trait + migration
- Strengthen UserPolicy::delete to prevent deleting last remaining admin
- Build out User module following pattern: CreateUserAction, UpdateUserAction, GetUsersAction,
  UserResource, UserController, Create/UpdateUserRequest, UserData DTO
- Add /api/users routes (index, store, update, destroy), all admin-gated via policy
- Create frontend Settings > Accounts page (settings/accounts.vue) for admin user management
- Add useUsers composable mirroring useClient pattern
- Add "Benutzer" link to settings dropdown in clients/index.vue
- All tests pass; User soft-delete and last-admin protection verified

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-07-13 13:05:40 +07:00
Tim Stollberg
e5e0be57da feat(frontend): scaffold Nuxt 3 CSR SPA with full auth + client/history UI
- Nuxt 3 CSR (ssr:false), @nuxtjs/tailwindcss, dev proxy to backend
- useAuth composable: CSRF cookie, XSRF token, login/logout/fetchUser
- auth middleware: redirects to /login if no session
- Login page, client list with search + create modal
- Client detail with editable name, dynamic notes (JSON), history feed
- History form with type select, inline edit/delete per entry
- Print layout at /clients/:id/print (calls window.print on mount)
- TypeScript interfaces: User, Client, HistoryEntry, PaginatedResponse
- German UI labels throughout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-23 17:33:39 +07:00
Tim Stollberg
b948d51b59 feat(user): User model with role, UserPolicy, Filament admin resource 2026-06-23 17:10:28 +07:00
Tim Stollberg
f31739ed43 feat(auth): Sanctum SPA setup with login/logout/user endpoints 2026-06-23 17:01:53 +07:00
Tim Stollberg
23d1baeb2e feat(db): add clients + history_entries migrations and factories 2026-06-23 16:55:04 +07:00
Tim Stollberg
1a831db2c5 chore(backend): install Laravel 10 with Filament, Pest, static analysis 2026-06-23 16:53:19 +07:00
Tim Stollberg
9f8f256612 chore: init repo with scaffold files 2026-06-23 15:50:10 +07:00
Tim Stollberg
214bf0e5a1 chore: add Docker Compose dev environment 2026-06-23 15:26:59 +07:00