@onahhas/hello-dev 1.0.0 → 1.0.1

package/README.md

@@ -1,21 +1,159 @@
-# @OMNahhas/hello-dev
+# DevTasks — Full Stack Task Management Website
 
-A simple Node.js package that greets the user. This package exports a single function, `hello`, which returns a greeting string for the provided name.
+A complete task management system with authentication, authorization,
+public/private tasks, users, board, calendar, dashboard, activity log,
+request limiting, edit requests, SQLite/PostgreSQL support, and light/dark UI.
 
-## Installation
+The UI uses a custom warm workspace theme with plum, charcoal, cream, and
+terracotta accents. It does not use the default blue SaaS theme.
+
+## Tech stack
+
+- Backend: ASP.NET Core 8 Web API
+- Frontend: React + TypeScript + Vite
+- Database: SQLite by default, PostgreSQL optional
+- Auth: JWT + role-based authorization
+- Rate limit: 100 requests per minute per IP
+
+## Default seeded accounts
+
+The database is created automatically on the first backend run.
+
+| Role | Email | Password |
+|---|---|---|
+| Admin | `admin@devtasks.local` | `Admin123!` |
+| User | `programmer@devtasks.local` | `User123!` |
+
+New registered users are inactive by default. The admin must activate them
+from the Users page before they can login.
+
+## Run the backend
+
+```bash
+cd backend
+dotnet restore
+dotnet run
+```
+
+Backend URL:
+
+```text
+http://localhost:5058
+```
+
+The SQLite database will be created here:
+
+```text
+backend/data/devtasks.db
+```
+
+## Run the frontend
+
+Open another terminal:
 
 ```bash
-npm install @OMNahhas/hello-dev
+cd frontend
+npm install
+npm run dev
 ```
 
-## Usage
+Frontend URL:
+
+```text
+http://localhost:5173
+```
+
+The frontend proxies `/api` to `http://localhost:5058`.
+
+## PostgreSQL support
+
+SQLite is used by default in `backend/appsettings.json`:
+
+```json
+"Database": {
+  "Provider": "Sqlite"
+}
+```
+
+To use PostgreSQL, change it to:
+
+```json
+"Database": {
+  "Provider": "Postgres"
+}
+```
+
+Then update this connection string:
+
+```json
+"PostgresConnection": "Host=localhost;Port=5432;Database=devtasks;Username=postgres;Password=postgres"
+```
+
+The backend uses `EnsureCreated()` for this demo project, so create an empty
+PostgreSQL database first, then run the backend.
+
+## Important note when replacing an older copy
+
+Task IDs were changed from GUID values to numeric IDs starting from `1`.
+If you already ran the old SQLite version, delete the old database file before
+running this upgraded version:
+
+```text
+backend/data/devtasks.db
+```
+
+## Main features
+
+- Register / login / logout
+- New accounts require admin activation
+- JWT authentication
+- Admin and normal user roles
+- Admin user management
+- User profile editing
+- Add/edit/delete tasks
+- Numeric task IDs starting from `1`
+- Private/public task visibility
+- Public task edit requests
+- Owner/admin accept or reject edit requests
+- Multiple edit requests to the same task are handled
+- Assigned tasks
+- Statuses: Todo, In Progress, Done, Cancelled
+- Priorities: Low, Medium, High
+- Dashboard statistics with viewable task cards
+- My Tasks table/card view
+- Public Tasks table/card view
+- Board View with drag and drop
+- Calendar View; admin sees all users' tasks
+- Activity log
+- Search and filters
+- Light/dark theme toggle
+- Per-IP request limiting
+- Info logs disabled by default
+
+## Important files
 
-```js
-const { hello } = require('@OMNahhas/hello-dev');
-console.log(hello('Omar'));
-// => "Hello, Omar!"
+```text
+backend/Program.cs
+backend/Data/AppDbContext.cs
+backend/Data/DbSeeder.cs
+backend/Controllers/AuthController.cs
+backend/Controllers/UsersController.cs
+backend/Controllers/AccountController.cs
+backend/Controllers/TasksController.cs
+backend/Controllers/ActivityController.cs
+frontend/src/App.tsx
+frontend/src/auth/AuthContext.tsx
+frontend/src/api/http.ts
+frontend/src/pages
+frontend/src/components
+frontend/src/styles.css
 ```
 
-## License
+## Notes
 
-This project is licensed under the MIT License.
+- `DELETE /api/users/{id}` deactivates users instead of physically deleting them.
+- `DELETE /api/tasks/{id}` physically deletes a task and writes to the activity log.
+- Normal users can edit/delete their own tasks only.
+- Other users can request edits to public tasks.
+- Accepting one pending edit request rejects other pending edit requests for the same task.
+- Admin can manage all users and all tasks.

package/backend/Controllers/AccountController.cs

@@ -0,0 +1,100 @@
+using DevTasks.Api.Data;
+using DevTasks.Api.Dtos;
+using DevTasks.Api.Extensions;
+using DevTasks.Api.Models;
+using DevTasks.Api.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DevTasks.Api.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+[Authorize]
+public sealed class AccountController : ControllerBase
+{
+    private readonly AppDbContext _db;
+    private readonly PasswordHasher _passwordHasher;
+    private readonly ActivityService _activity;
+
+    public AccountController(
+        AppDbContext db,
+        PasswordHasher passwordHasher,
+        ActivityService activity)
+    {
+        _db = db;
+        _passwordHasher = passwordHasher;
+        _activity = activity;
+    }
+
+    [HttpGet("me")]
+    public async Task<ActionResult<UserResponse>> GetMe()
+    {
+        var id = User.GetUserId();
+        var user = await _db.Users.AsNoTracking().FirstOrDefaultAsync(x => x.Id == id);
+        return user is null ? NotFound(new { message = "User was not found." }) : Ok(ToResponse(user));
+    }
+
+    [HttpPut("me")]
+    public async Task<ActionResult<UserResponse>> UpdateMe(UpdateProfileRequest request)
+    {
+        var id = User.GetUserId();
+        var user = await _db.Users.FirstOrDefaultAsync(x => x.Id == id);
+        if (user is null)
+        {
+            return NotFound(new { message = "User was not found." });
+        }
+
+        if (!string.IsNullOrWhiteSpace(request.FullName))
+        {
+            user.FullName = request.FullName.Trim();
+        }
+
+        if (!string.IsNullOrWhiteSpace(request.Email))
+        {
+            var email = request.Email.Trim().ToLowerInvariant();
+            var used = await _db.Users.AnyAsync(x => x.Id != id && x.Email == email);
+            if (used)
+            {
+                return Conflict(new { message = "Email is already used." });
+            }
+
+            user.Email = email;
+        }
+
+        if (!string.IsNullOrWhiteSpace(request.NewPassword))
+        {
+            if (string.IsNullOrWhiteSpace(request.CurrentPassword) ||
+                !_passwordHasher.Verify(request.CurrentPassword, user.PasswordHash))
+            {
+                return BadRequest(new { message = "Current password is incorrect." });
+            }
+
+            if (request.NewPassword.Length < 6)
+            {
+                return BadRequest(new { message = "New password must be at least 6 characters." });
+            }
+
+            user.PasswordHash = _passwordHasher.Hash(request.NewPassword);
+        }
+
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync("Profile updated", "User", user.Id.ToString(), user.Id);
+
+        return Ok(ToResponse(user));
+    }
+
+    private static UserResponse ToResponse(AppUser user)
+    {
+        return new UserResponse
+        {
+            Id = user.Id,
+            FullName = user.FullName,
+            Email = user.Email,
+            Role = user.Role,
+            IsActive = user.IsActive,
+            CreatedAt = user.CreatedAt
+        };
+    }
+}

package/backend/Controllers/ActivityController.cs

@@ -0,0 +1,44 @@
+using DevTasks.Api.Data;
+using DevTasks.Api.Dtos;
+using DevTasks.Api.Enums;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DevTasks.Api.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+[Authorize(Roles = nameof(UserRole.Admin))]
+public sealed class ActivityController : ControllerBase
+{
+    private readonly AppDbContext _db;
+
+    public ActivityController(AppDbContext db)
+    {
+        _db = db;
+    }
+
+    [HttpGet]
+    public async Task<ActionResult<IReadOnlyList<ActivityLogResponse>>> GetActivity()
+    {
+        var logs = await _db.ActivityLogs
+            .AsNoTracking()
+            .Include(x => x.User)
+            .OrderByDescending(x => x.CreatedAt)
+            .Take(200)
+            .Select(x => new ActivityLogResponse
+            {
+                Id = x.Id,
+                Action = x.Action,
+                EntityName = x.EntityName,
+                EntityId = x.EntityId,
+                UserId = x.UserId,
+                UserFullName = x.User == null ? "Unknown" : x.User.FullName,
+                CreatedAt = x.CreatedAt
+            })
+            .ToListAsync();
+
+        return Ok(logs);
+    }
+}

package/backend/Controllers/AuthController.cs

@@ -0,0 +1,127 @@
+using DevTasks.Api.Data;
+using DevTasks.Api.Dtos;
+using DevTasks.Api.Enums;
+using DevTasks.Api.Models;
+using DevTasks.Api.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DevTasks.Api.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+public sealed class AuthController : ControllerBase
+{
+    private readonly AppDbContext _db;
+    private readonly PasswordHasher _passwordHasher;
+    private readonly TokenService _tokenService;
+
+    public AuthController(
+        AppDbContext db,
+        PasswordHasher passwordHasher,
+        TokenService tokenService)
+    {
+        _db = db;
+        _passwordHasher = passwordHasher;
+        _tokenService = tokenService;
+    }
+
+    [HttpPost("register")]
+    [AllowAnonymous]
+    public async Task<ActionResult<RegisterResponse>> Register(RegisterRequest request)
+    {
+        var validation = ValidateRegister(request);
+        if (validation is not null)
+        {
+            return BadRequest(new { message = validation });
+        }
+
+        var email = request.Email.Trim().ToLowerInvariant();
+        var exists = await _db.Users.AnyAsync(x => x.Email == email);
+        if (exists)
+        {
+            return Conflict(new { message = "Email is already registered." });
+        }
+
+        var user = new AppUser
+        {
+            FullName = request.FullName.Trim(),
+            Email = email,
+            PasswordHash = _passwordHasher.Hash(request.Password),
+            Role = UserRole.User,
+            IsActive = false,
+            CreatedAt = DateTime.UtcNow
+        };
+
+        _db.Users.Add(user);
+        await _db.SaveChangesAsync();
+
+        return Ok(new RegisterResponse
+        {
+            Message = "Account created. An admin must activate it before you can login."
+        });
+    }
+
+    [HttpPost("login")]
+    [AllowAnonymous]
+    public async Task<ActionResult<AuthResponse>> Login(LoginRequest request)
+    {
+        var email = request.Email.Trim().ToLowerInvariant();
+        var user = await _db.Users.FirstOrDefaultAsync(x => x.Email == email);
+
+        if (user is null || !_passwordHasher.Verify(request.Password, user.PasswordHash))
+        {
+            return Unauthorized(new { message = "Invalid email or password." });
+        }
+
+        if (!user.IsActive)
+        {
+            return Unauthorized(new { message = "Your account is waiting for admin activation." });
+        }
+
+        return Ok(CreateAuthResponse(user));
+    }
+
+    private AuthResponse CreateAuthResponse(AppUser user)
+    {
+        return new AuthResponse
+        {
+            Token = _tokenService.CreateToken(user),
+            User = ToUserResponse(user)
+        };
+    }
+
+    private static UserResponse ToUserResponse(AppUser user)
+    {
+        return new UserResponse
+        {
+            Id = user.Id,
+            FullName = user.FullName,
+            Email = user.Email,
+            Role = user.Role,
+            IsActive = user.IsActive,
+            CreatedAt = user.CreatedAt
+        };
+    }
+
+    private static string? ValidateRegister(RegisterRequest request)
+    {
+        if (string.IsNullOrWhiteSpace(request.FullName))
+        {
+            return "Full name is required.";
+        }
+
+        if (string.IsNullOrWhiteSpace(request.Email) || !request.Email.Contains('@'))
+        {
+            return "Valid email is required.";
+        }
+
+        if (string.IsNullOrWhiteSpace(request.Password) || request.Password.Length < 6)
+        {
+            return "Password must be at least 6 characters.";
+        }
+
+        return null;
+    }
+}

package/backend/Controllers/LookupController.cs

@@ -0,0 +1,46 @@
+using DevTasks.Api.Data;
+using DevTasks.Api.Dtos;
+using DevTasks.Api.Models;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DevTasks.Api.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+[Authorize]
+public sealed class LookupController : ControllerBase
+{
+    private readonly AppDbContext _db;
+
+    public LookupController(AppDbContext db)
+    {
+        _db = db;
+    }
+
+    [HttpGet("users")]
+    public async Task<ActionResult<IReadOnlyList<UserResponse>>> GetActiveUsers()
+    {
+        var users = await _db.Users
+            .AsNoTracking()
+            .Where(x => x.IsActive)
+            .OrderBy(x => x.FullName)
+            .ToListAsync();
+
+        return Ok(users.Select(ToResponse).ToList());
+    }
+
+    private static UserResponse ToResponse(AppUser user)
+    {
+        return new UserResponse
+        {
+            Id = user.Id,
+            FullName = user.FullName,
+            Email = user.Email,
+            Role = user.Role,
+            IsActive = user.IsActive,
+            CreatedAt = user.CreatedAt
+        };
+    }
+}