#### __1. Role-Based Security Architecture__

- Replaces group-based tiers with proper Keycloak realm roles - `monaco-user`, `monaco-board`, `monaco-admin` roles - Backward compatibility with existing group system #### __2. Advanced User Management__ - Comprehensive user profile synchronization - Membership data stored in Keycloak user attributes - Bidirectional sync between NocoDB and Keycloak #### __3. Session Security & Monitoring__ - Real-time session tracking and management - Administrative session control capabilities - Enhanced security analytics foundation #### __4. Email Workflow System__ - Multiple email types: DUES_REMINDER, MEMBERSHIP_RENEWAL, WELCOME, VERIFICATION - Customizable email parameters and lifespans - Advanced email template support #### __5. Seamless Migration Path__ - All existing functionality continues to work - New users automatically get realm roles - Gradual migration from groups to roles - Zero breaking changes ### 🔧 __What You Can Do Now__ #### __For New Users:__ - Public registrations automatically assign `monaco-user` role - Portal account creation syncs member data to Keycloak attributes - Enhanced email verification and welcome workflows #### __For Administrators:__ - Session management and monitoring capabilities - Advanced user profile management with member data sync - Comprehensive role assignment and management - Enhanced email communication workflows #### __For Developers:__ - Use `hasRole('monaco-admin')` for role-based checks - Access `getAllRoles()` for debugging and analytics - Enhanced `useAuth()` composable with backward compatibility - Comprehensive TypeScript support throughout ### 🛡️ __Security & Reliability__ - __Backward Compatibility__: Existing users continue to work seamlessly - __Enhanced Security__: Proper realm role-based authorization - __Error Handling__: Comprehensive error handling and fallbacks - __Type Safety__: Full TypeScript support throughout the system
2025-08-08 19:40:13 +02:00
parent b308b8272c
commit 5535b7905d
16 changed files with 3381 additions and 15 deletions
--- a/utils/types.ts
+++ b/utils/types.ts
@@ -130,6 +130,8 @@ export interface Member {
  membership_status: string;
  address: string;
  member_since: string;
+  keycloak_id?: string; // New field for linking to Keycloak user
+  registration_date?: string; // New field for tracking registration date
  
  // Computed fields (added by processing)
  FullName?: string;
@@ -163,3 +165,216 @@ export interface MemberFilters {
  duesPaid?: boolean;
  memberSince?: string;
 }
+
+// Registration System Types
+export interface RegistrationFormData {
+  first_name: string;
+  last_name: string;
+  email: string;
+  phone: string;
+  date_of_birth: string;
+  address: string;
+  nationality: string;
+  recaptcha_token: string;
+}
+
+export interface RecaptchaConfig {
+  siteKey: string;
+  secretKey: string;
+}
+
+export interface RegistrationConfig {
+  membershipFee: number;
+  iban: string;
+  accountHolder: string;
+}
+
+// Enhanced Keycloak Admin API Types
+export interface KeycloakUserRepresentation {
+  id?: string;
+  username?: string;
+  enabled?: boolean;
+  firstName?: string;
+  lastName?: string;
+  email?: string;
+  emailVerified?: boolean;
+  attributes?: Record<string, string[]>;
+  groups?: string[];
+  realmRoles?: string[];
+  clientRoles?: Record<string, string[]>;
+  createdTimestamp?: number;
+  requiredActions?: string[];
+}
+
+export interface KeycloakRoleRepresentation {
+  id?: string;
+  name?: string;
+  description?: string;
+  composite?: boolean;
+  clientRole?: boolean;
+  containerId?: string;
+  attributes?: Record<string, string[]>;
+}
+
+export interface KeycloakGroupRepresentation {
+  id?: string;
+  name?: string;
+  path?: string;
+  attributes?: Record<string, string[]>;
+  realmRoles?: string[];
+  clientRoles?: Record<string, string[]>;
+  subGroups?: KeycloakGroupRepresentation[];
+}
+
+export interface UserSessionRepresentation {
+  id?: string;
+  username?: string;
+  userId?: string;
+  ipAddress?: string;
+  start?: number;
+  lastAccess?: number;
+  clients?: Record<string, string>;
+}
+
+export interface EmailWorkflowData {
+  emailType: 'DUES_REMINDER' | 'MEMBERSHIP_RENEWAL' | 'WELCOME' | 'ADMIN_NOTIFICATION' | 'VERIFICATION';
+  customData?: {
+    dueAmount?: string;
+    dueDate?: string;
+    memberSince?: string;
+    renewalDate?: string;
+    welcomeMessage?: string;
+    adminNote?: string;
+  };
+  lifespan?: number; // Email validity in seconds
+  redirectUri?: string;
+}
+
+export interface MembershipProfileData {
+  membershipStatus?: string;
+  duesStatus?: 'paid' | 'unpaid' | 'overdue';
+  memberSince?: string;
+  nationality?: string;
+  phone?: string;
+  address?: string;
+  registrationDate?: string;
+  paymentDueDate?: string;
+  lastLoginDate?: string;
+  membershipTier?: 'user' | 'board' | 'admin';
+  nocodbMemberId?: string;
+}
+
+// Enhanced User interface with role support
+export interface EnhancedUser extends User {
+  realmRoles?: string[];
+  clientRoles?: Record<string, string[]>;
+  attributes?: Record<string, string[]>;
+  sessions?: UserSessionRepresentation[];
+  memberProfile?: MembershipProfileData;
+}
+
+// Role management types
+export interface RoleAssignmentRequest {
+  userId: string;
+  roleName: string;
+  roleType: 'realm' | 'client';
+  clientId?: string;
+}
+
+export interface RoleManagementResponse {
+  success: boolean;
+  assignedRoles?: string[];
+  removedRoles?: string[];
+  message?: string;
+}
+
+// Group management types
+export interface GroupCreationRequest {
+  name: string;
+  path: string;
+  parentPath?: string;
+  attributes?: Record<string, string>;
+}
+
+export interface GroupAssignmentRequest {
+  userId: string;
+  groupId: string;
+  groupPath: string;
+}
+
+// Session management types
+export interface SessionManagementRequest {
+  userId: string;
+  sessionId?: string;
+  action: 'get' | 'logout' | 'logoutAll';
+}
+
+export interface SessionAnalytics {
+  totalSessions: number;
+  activeSessions: number;
+  uniqueUsers: number;
+  sessionsToday: number;
+  averageSessionDuration: number;
+  topClientApplications: Array<{
+    clientId: string;
+    sessionCount: number;
+  }>;
+}
+
+// Enhanced authentication state with role support
+export interface EnhancedAuthState extends AuthState {
+  realmRoles: string[];
+  clientRoles: Record<string, string[]>;
+  hasRole: (roleName: string) => boolean;
+  isUser: boolean;
+  isBoard: boolean;
+  isAdmin: boolean;
+}
+
+// Member synchronization types
+export interface MemberKeycloakSync {
+  memberId: string;
+  keycloakUserId: string;
+  syncDirection: 'nocodb-to-keycloak' | 'keycloak-to-nocodb' | 'bidirectional';
+  syncFields: string[];
+  lastSyncTimestamp: string;
+}
+
+export interface SyncResult {
+  success: boolean;
+  syncedFields: string[];
+  conflictFields?: string[];
+  errors?: string[];
+  timestamp: string;
+}
+
+// Admin dashboard types
+export interface AdminUserManagement {
+  userId: string;
+  email: string;
+  firstName?: string;
+  lastName?: string;
+  enabled: boolean;
+  emailVerified: boolean;
+  realmRoles: string[];
+  groups: string[];
+  activeSessions: number;
+  lastLogin?: string;
+  memberProfile?: MembershipProfileData;
+}
+
+export interface AdminDashboardStats {
+  totalUsers: number;
+  activeUsers: number;
+  newRegistrationsToday: number;
+  totalSessions: number;
+  membershipStats: {
+    totalMembers: number;
+    paidMembers: number;
+    unpaidMembers: number;
+    overdueMembers: number;
+  };
+  roleDistribution: {
+    [roleName: string]: number;
+  };
+}