Initial commit: Port Nimara CRM (Layers 0-4)

Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/app/api/portal/auth/verify/route.ts

@@ -0,0 +1,38 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+import { verifyPortalToken, PORTAL_COOKIE } from '@/lib/portal/auth';
+import { env } from '@/lib/env';
+import { logger } from '@/lib/logger';
+
+export async function GET(req: NextRequest): Promise<NextResponse> {
+  try {
+    const token = req.nextUrl.searchParams.get('token');
+
+    if (!token) {
+      return NextResponse.redirect(new URL('/portal/login?error=missing_token', env.APP_URL));
+    }
+
+    const session = await verifyPortalToken(token);
+
+    if (!session) {
+      return NextResponse.redirect(new URL('/portal/login?error=invalid_token', env.APP_URL));
+    }
+
+    const response = NextResponse.redirect(new URL('/portal/dashboard', env.APP_URL));
+
+    response.cookies.set(PORTAL_COOKIE, token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      path: '/',
+      maxAge: 60 * 60 * 24, // 24 hours
+    });
+
+    logger.info({ clientId: session.clientId }, 'Portal session created');
+
+    return response;
+  } catch (error) {
+    logger.error({ error }, 'Portal token verification failed');
+    return NextResponse.redirect(new URL('/portal/login?error=server_error', env.APP_URL));
+  }
+}