monacousa-portal/server/api/admin/registration-config.get.ts

export default defineEventHandler(async (event) => {
  console.log('[api/admin/registration-config.get] =========================');
  console.log('[api/admin/registration-config.get] GET /api/admin/registration-config - Get registration configuration');
  
  try {
    // Validate session and require admin privileges
    const sessionManager = createSessionManager();
    const cookieHeader = getCookie(event, 'monacousa-session') ? getHeader(event, 'cookie') : undefined;
    const session = sessionManager.getSession(cookieHeader);
    
    if (!session?.user) {
      throw createError({
        statusCode: 401,
        statusMessage: 'Authentication required'
      });
    }

    if (session.user.tier !== 'admin') {
      throw createError({
        statusCode: 403,
        statusMessage: 'Admin privileges required'
      });
    }

    console.log('[api/admin/registration-config.get] Authorized admin:', session.user.email);

    // Force reload and get registration configuration
    const { getRegistrationConfig, reloadAdminConfig } = await import('~/server/utils/admin-config');
    
    // Force reload configuration to ensure we have the latest settings
    try {
      await reloadAdminConfig();
    } catch (error) {
      console.warn('[api/admin/registration-config.get] Failed to reload config, using cached version:', error);
    }
    
    const config = getRegistrationConfig();
    
    return {
      success: true,
      data: config
    };

  } catch (error: any) {
    console.error('[api/admin/registration-config.get] ❌ Error getting registration config:', error);
    throw error;
  }
});
#### __1. Role-Based Security Architecture__ - Replaces group-based tiers with proper Keycloak realm roles - `monaco-user`, `monaco-board`, `monaco-admin` roles - Backward compatibility with existing group system #### __2. Advanced User Management__ - Comprehensive user profile synchronization - Membership data stored in Keycloak user attributes - Bidirectional sync between NocoDB and Keycloak #### __3. Session Security & Monitoring__ - Real-time session tracking and management - Administrative session control capabilities - Enhanced security analytics foundation #### __4. Email Workflow System__ - Multiple email types: DUES_REMINDER, MEMBERSHIP_RENEWAL, WELCOME, VERIFICATION - Customizable email parameters and lifespans - Advanced email template support #### __5. Seamless Migration Path__ - All existing functionality continues to work - New users automatically get realm roles - Gradual migration from groups to roles - Zero breaking changes ### 🔧 __What You Can Do Now__ #### __For New Users:__ - Public registrations automatically assign `monaco-user` role - Portal account creation syncs member data to Keycloak attributes - Enhanced email verification and welcome workflows #### __For Administrators:__ - Session management and monitoring capabilities - Advanced user profile management with member data sync - Comprehensive role assignment and management - Enhanced email communication workflows #### __For Developers:__ - Use `hasRole('monaco-admin')` for role-based checks - Access `getAllRoles()` for debugging and analytics - Enhanced `useAuth()` composable with backward compatibility - Comprehensive TypeScript support throughout ### 🛡️ __Security & Reliability__ - __Backward Compatibility__: Existing users continue to work seamlessly - __Enhanced Security__: Proper realm role-based authorization - __Error Handling__: Comprehensive error handling and fallbacks - __Type Safety__: Full TypeScript support throughout the system 2025-08-08 19:40:13 +02:00			`export default defineEventHandler(async (event) => {`
			`console.log('[api/admin/registration-config.get] =========================');`
			`console.log('[api/admin/registration-config.get] GET /api/admin/registration-config - Get registration configuration');`

			`try {`
			`// Validate session and require admin privileges`
			`const sessionManager = createSessionManager();`
			`const cookieHeader = getCookie(event, 'monacousa-session') ? getHeader(event, 'cookie') : undefined;`
			`const session = sessionManager.getSession(cookieHeader);`

			`if (!session?.user) {`
			`throw createError({`
			`statusCode: 401,`
			`statusMessage: 'Authentication required'`
			`});`
			`}`

			`if (session.user.tier !== 'admin') {`
			`throw createError({`
			`statusCode: 403,`
			`statusMessage: 'Admin privileges required'`
			`});`
			`}`

			`console.log('[api/admin/registration-config.get] Authorized admin:', session.user.email);`

Add Keycloak group management for member portal access control - Add portal access control section to EditMemberDialog for admins - Implement API endpoints for managing member Keycloak groups - Add group selection UI with user/board/admin access levels - Enhance admin config with reload functionality - Support real-time group synchronization and status feedback 2025-08-13 16:31:54 +02:00			`// Force reload and get registration configuration`
			`const { getRegistrationConfig, reloadAdminConfig } = await import('~/server/utils/admin-config');`

			`// Force reload configuration to ensure we have the latest settings`
			`try {`
			`await reloadAdminConfig();`
			`} catch (error) {`
			`console.warn('[api/admin/registration-config.get] Failed to reload config, using cached version:', error);`
			`}`

#### __1. Role-Based Security Architecture__ - Replaces group-based tiers with proper Keycloak realm roles - `monaco-user`, `monaco-board`, `monaco-admin` roles - Backward compatibility with existing group system #### __2. Advanced User Management__ - Comprehensive user profile synchronization - Membership data stored in Keycloak user attributes - Bidirectional sync between NocoDB and Keycloak #### __3. Session Security & Monitoring__ - Real-time session tracking and management - Administrative session control capabilities - Enhanced security analytics foundation #### __4. Email Workflow System__ - Multiple email types: DUES_REMINDER, MEMBERSHIP_RENEWAL, WELCOME, VERIFICATION - Customizable email parameters and lifespans - Advanced email template support #### __5. Seamless Migration Path__ - All existing functionality continues to work - New users automatically get realm roles - Gradual migration from groups to roles - Zero breaking changes ### 🔧 __What You Can Do Now__ #### __For New Users:__ - Public registrations automatically assign `monaco-user` role - Portal account creation syncs member data to Keycloak attributes - Enhanced email verification and welcome workflows #### __For Administrators:__ - Session management and monitoring capabilities - Advanced user profile management with member data sync - Comprehensive role assignment and management - Enhanced email communication workflows #### __For Developers:__ - Use `hasRole('monaco-admin')` for role-based checks - Access `getAllRoles()` for debugging and analytics - Enhanced `useAuth()` composable with backward compatibility - Comprehensive TypeScript support throughout ### 🛡️ __Security & Reliability__ - __Backward Compatibility__: Existing users continue to work seamlessly - __Enhanced Security__: Proper realm role-based authorization - __Error Handling__: Comprehensive error handling and fallbacks - __Type Safety__: Full TypeScript support throughout the system 2025-08-08 19:40:13 +02:00			`const config = getRegistrationConfig();`

			`return {`
			`success: true,`
			`data: config`
			`};`

			`} catch (error: any) {`
			`console.error('[api/admin/registration-config.get] ❌ Error getting registration config:', error);`
			`throw error;`
			`}`
			`});`