monacousa-portal/server/api/admin/registration-config.post.ts

import { createSessionManager } from '~/server/utils/session';

export default defineEventHandler(async (event) => {
  console.log('[api/admin/registration-config.post] =========================');
  console.log('[api/admin/registration-config.post] POST /api/admin/registration-config - Save registration configuration');
  
  try {
    // Validate session and require admin privileges
    const sessionManager = createSessionManager();
    const cookieHeader = getCookie(event, 'monacousa-session') ? getHeader(event, 'cookie') : undefined;
    const session = sessionManager.getSession(cookieHeader);
    
    if (!session?.user) {
      throw createError({
        statusCode: 401,
        statusMessage: 'Authentication required'
      });
    }

    if (session.user.tier !== 'admin') {
      throw createError({
        statusCode: 403,
        statusMessage: 'Admin privileges required'
      });
    }

    console.log('[api/admin/registration-config.post] Authorized admin:', session.user.email);

    // Get and validate request body
    const body = await readBody(event);
    console.log('[api/admin/registration-config.post] Request body fields:', Object.keys(body));

    // Validate required fields
    const membershipFee = Number(body.membershipFee);
    if (!body.membershipFee || isNaN(membershipFee) || membershipFee <= 0) {
      throw createError({
        statusCode: 400,
        statusMessage: 'Valid membership fee is required'
      });
    }

    if (!body.iban || typeof body.iban !== 'string') {
      throw createError({
        statusCode: 400,
        statusMessage: 'IBAN is required'
      });
    }

    if (!body.accountHolder || typeof body.accountHolder !== 'string') {
      throw createError({
        statusCode: 400,
        statusMessage: 'Account holder name is required'
      });
    }

    // Save registration configuration
    const { saveRegistrationConfig } = await import('~/server/utils/admin-config');
    await saveRegistrationConfig({
      membershipFee: membershipFee,
      iban: body.iban.trim(),
      accountHolder: body.accountHolder.trim()
    }, session.user.email);

    console.log('[api/admin/registration-config.post] ✅ Registration configuration saved successfully');

    return {
      success: true,
      message: 'Registration configuration saved successfully'
    };

  } catch (error: any) {
    console.error('[api/admin/registration-config.post] ❌ Error saving registration config:', error);
    throw error;
  }
});
fixes 2025-08-08 21:52:21 +02:00			`import { createSessionManager } from '~/server/utils/session';`

#### __1. Role-Based Security Architecture__ - Replaces group-based tiers with proper Keycloak realm roles - `monaco-user`, `monaco-board`, `monaco-admin` roles - Backward compatibility with existing group system #### __2. Advanced User Management__ - Comprehensive user profile synchronization - Membership data stored in Keycloak user attributes - Bidirectional sync between NocoDB and Keycloak #### __3. Session Security & Monitoring__ - Real-time session tracking and management - Administrative session control capabilities - Enhanced security analytics foundation #### __4. Email Workflow System__ - Multiple email types: DUES_REMINDER, MEMBERSHIP_RENEWAL, WELCOME, VERIFICATION - Customizable email parameters and lifespans - Advanced email template support #### __5. Seamless Migration Path__ - All existing functionality continues to work - New users automatically get realm roles - Gradual migration from groups to roles - Zero breaking changes ### 🔧 __What You Can Do Now__ #### __For New Users:__ - Public registrations automatically assign `monaco-user` role - Portal account creation syncs member data to Keycloak attributes - Enhanced email verification and welcome workflows #### __For Administrators:__ - Session management and monitoring capabilities - Advanced user profile management with member data sync - Comprehensive role assignment and management - Enhanced email communication workflows #### __For Developers:__ - Use `hasRole('monaco-admin')` for role-based checks - Access `getAllRoles()` for debugging and analytics - Enhanced `useAuth()` composable with backward compatibility - Comprehensive TypeScript support throughout ### 🛡️ __Security & Reliability__ - __Backward Compatibility__: Existing users continue to work seamlessly - __Enhanced Security__: Proper realm role-based authorization - __Error Handling__: Comprehensive error handling and fallbacks - __Type Safety__: Full TypeScript support throughout the system 2025-08-08 19:40:13 +02:00			`export default defineEventHandler(async (event) => {`
			`console.log('[api/admin/registration-config.post] =========================');`
			`console.log('[api/admin/registration-config.post] POST /api/admin/registration-config - Save registration configuration');`

			`try {`
			`// Validate session and require admin privileges`
			`const sessionManager = createSessionManager();`
			`const cookieHeader = getCookie(event, 'monacousa-session') ? getHeader(event, 'cookie') : undefined;`
			`const session = sessionManager.getSession(cookieHeader);`

			`if (!session?.user) {`
			`throw createError({`
			`statusCode: 401,`
			`statusMessage: 'Authentication required'`
			`});`
			`}`

			`if (session.user.tier !== 'admin') {`
			`throw createError({`
			`statusCode: 403,`
			`statusMessage: 'Admin privileges required'`
			`});`
			`}`

			`console.log('[api/admin/registration-config.post] Authorized admin:', session.user.email);`

			`// Get and validate request body`
			`const body = await readBody(event);`
			`console.log('[api/admin/registration-config.post] Request body fields:', Object.keys(body));`

			`// Validate required fields`
fully functional, production-ready member registration system that works flawlessly across all platforms and provides a professional user experience 2025-08-08 22:04:53 +02:00			`const membershipFee = Number(body.membershipFee);`
			`if (!body.membershipFee \|\| isNaN(membershipFee) \|\| membershipFee <= 0) {`
#### __1. Role-Based Security Architecture__ - Replaces group-based tiers with proper Keycloak realm roles - `monaco-user`, `monaco-board`, `monaco-admin` roles - Backward compatibility with existing group system #### __2. Advanced User Management__ - Comprehensive user profile synchronization - Membership data stored in Keycloak user attributes - Bidirectional sync between NocoDB and Keycloak #### __3. Session Security & Monitoring__ - Real-time session tracking and management - Administrative session control capabilities - Enhanced security analytics foundation #### __4. Email Workflow System__ - Multiple email types: DUES_REMINDER, MEMBERSHIP_RENEWAL, WELCOME, VERIFICATION - Customizable email parameters and lifespans - Advanced email template support #### __5. Seamless Migration Path__ - All existing functionality continues to work - New users automatically get realm roles - Gradual migration from groups to roles - Zero breaking changes ### 🔧 __What You Can Do Now__ #### __For New Users:__ - Public registrations automatically assign `monaco-user` role - Portal account creation syncs member data to Keycloak attributes - Enhanced email verification and welcome workflows #### __For Administrators:__ - Session management and monitoring capabilities - Advanced user profile management with member data sync - Comprehensive role assignment and management - Enhanced email communication workflows #### __For Developers:__ - Use `hasRole('monaco-admin')` for role-based checks - Access `getAllRoles()` for debugging and analytics - Enhanced `useAuth()` composable with backward compatibility - Comprehensive TypeScript support throughout ### 🛡️ __Security & Reliability__ - __Backward Compatibility__: Existing users continue to work seamlessly - __Enhanced Security__: Proper realm role-based authorization - __Error Handling__: Comprehensive error handling and fallbacks - __Type Safety__: Full TypeScript support throughout the system 2025-08-08 19:40:13 +02:00			`throw createError({`
			`statusCode: 400,`
			`statusMessage: 'Valid membership fee is required'`
			`});`
			`}`

			`if (!body.iban \|\| typeof body.iban !== 'string') {`
			`throw createError({`
			`statusCode: 400,`
			`statusMessage: 'IBAN is required'`
			`});`
			`}`

			`if (!body.accountHolder \|\| typeof body.accountHolder !== 'string') {`
			`throw createError({`
			`statusCode: 400,`
			`statusMessage: 'Account holder name is required'`
			`});`
			`}`

			`// Save registration configuration`
			`const { saveRegistrationConfig } = await import('~/server/utils/admin-config');`
			`await saveRegistrationConfig({`
fully functional, production-ready member registration system that works flawlessly across all platforms and provides a professional user experience 2025-08-08 22:04:53 +02:00			`membershipFee: membershipFee,`
#### __1. Role-Based Security Architecture__ - Replaces group-based tiers with proper Keycloak realm roles - `monaco-user`, `monaco-board`, `monaco-admin` roles - Backward compatibility with existing group system #### __2. Advanced User Management__ - Comprehensive user profile synchronization - Membership data stored in Keycloak user attributes - Bidirectional sync between NocoDB and Keycloak #### __3. Session Security & Monitoring__ - Real-time session tracking and management - Administrative session control capabilities - Enhanced security analytics foundation #### __4. Email Workflow System__ - Multiple email types: DUES_REMINDER, MEMBERSHIP_RENEWAL, WELCOME, VERIFICATION - Customizable email parameters and lifespans - Advanced email template support #### __5. Seamless Migration Path__ - All existing functionality continues to work - New users automatically get realm roles - Gradual migration from groups to roles - Zero breaking changes ### 🔧 __What You Can Do Now__ #### __For New Users:__ - Public registrations automatically assign `monaco-user` role - Portal account creation syncs member data to Keycloak attributes - Enhanced email verification and welcome workflows #### __For Administrators:__ - Session management and monitoring capabilities - Advanced user profile management with member data sync - Comprehensive role assignment and management - Enhanced email communication workflows #### __For Developers:__ - Use `hasRole('monaco-admin')` for role-based checks - Access `getAllRoles()` for debugging and analytics - Enhanced `useAuth()` composable with backward compatibility - Comprehensive TypeScript support throughout ### 🛡️ __Security & Reliability__ - __Backward Compatibility__: Existing users continue to work seamlessly - __Enhanced Security__: Proper realm role-based authorization - __Error Handling__: Comprehensive error handling and fallbacks - __Type Safety__: Full TypeScript support throughout the system 2025-08-08 19:40:13 +02:00			`iban: body.iban.trim(),`
			`accountHolder: body.accountHolder.trim()`
			`}, session.user.email);`

			`console.log('[api/admin/registration-config.post] ✅ Registration configuration saved successfully');`

			`return {`
			`success: true,`
			`message: 'Registration configuration saved successfully'`
			`};`

			`} catch (error: any) {`
			`console.error('[api/admin/registration-config.post] ❌ Error saving registration config:', error);`
			`throw error;`
			`}`
			`});`