- Add jwtSecret to runtime config with fallback to sessionSecret
- Enhance email error tracking in portal account creation API
- Fix jsonwebtoken imports and improve type safety
- Include detailed email error information in API responses
Handle masked sensitive fields (passwords/secrets) in reCAPTCHA and SMTP
configuration endpoints. When the frontend sends masked values (bullets),
preserve existing credentials instead of overwriting them. This prevents
accidental credential loss when updating other configuration fields.
- Check for masked placeholder values ('••••••••••••••••')
- Preserve existing secretKey/password when masked
- Add logging to track credential update actions
- Add explicit POST method to portal account creation API call
- Improve error handling with specific messages for different failure cases
- Remove SMTP verification step that was causing issues with some servers
- Make email sending non-critical to portal account creation success
- Add better response data handling for keycloak_id
- Add integration review documentation
- Simplify admin dashboard by consolidating configuration sections
- Fix mobile dropdown display issues in PhoneInputWrapper component
- Add proper flex layout and minimum height for mobile country list
- Update email configuration and testing functionality
- Remove redundant configuration cards in favor of unified portal settings
Convert getEmailService() to async function and update all callers to use await.
Replace synchronous require() with dynamic import() for admin-config module.
Add SMTP config loading to admin configuration dialog.
- Add SMTP configuration UI in admin panel with test functionality
- Implement email verification workflow with tokens and templates
- Add verification success/expired pages for user feedback
- Include nodemailer, handlebars, and JWT dependencies
- Create API endpoints for email config, testing, and verification
- Replaces group-based tiers with proper Keycloak realm roles
- `monaco-user`, `monaco-board`, `monaco-admin` roles
- Backward compatibility with existing group system
#### __2. Advanced User Management__
- Comprehensive user profile synchronization
- Membership data stored in Keycloak user attributes
- Bidirectional sync between NocoDB and Keycloak
#### __3. Session Security & Monitoring__
- Real-time session tracking and management
- Administrative session control capabilities
- Enhanced security analytics foundation
#### __4. Email Workflow System__
- Multiple email types: DUES_REMINDER, MEMBERSHIP_RENEWAL, WELCOME, VERIFICATION
- Customizable email parameters and lifespans
- Advanced email template support
#### __5. Seamless Migration Path__
- All existing functionality continues to work
- New users automatically get realm roles
- Gradual migration from groups to roles
- Zero breaking changes
### 🔧 __What You Can Do Now__
#### __For New Users:__
- Public registrations automatically assign `monaco-user` role
- Portal account creation syncs member data to Keycloak attributes
- Enhanced email verification and welcome workflows
#### __For Administrators:__
- Session management and monitoring capabilities
- Advanced user profile management with member data sync
- Comprehensive role assignment and management
- Enhanced email communication workflows
#### __For Developers:__
- Use `hasRole('monaco-admin')` for role-based checks
- Access `getAllRoles()` for debugging and analytics
- Enhanced `useAuth()` composable with backward compatibility
- Comprehensive TypeScript support throughout
### 🛡️ __Security & Reliability__
- __Backward Compatibility__: Existing users continue to work seamlessly
- __Enhanced Security__: Proper realm role-based authorization
- __Error Handling__: Comprehensive error handling and fallbacks
- __Type Safety__: Full TypeScript support throughout the system
- Add actualCountryCode computed property to handle both 2-letter codes and country names
- Extend parseCountryInput with common country name variations (USA, UK, etc.)
- Import parseCountryInput utility in CountryFlag component
- Update template to use actualCountryCode instead of direct countryCode prop
- Add new admin-config utility for persistent configuration management
- Replace hardcoded runtime config with dynamic configuration retrieval
- Enable admin panel to save and apply NocoDB settings immediately
- Add dynamic table ID resolution with fallback to defaults
- Update configuration endpoints to use new persistence system
- Add NocoDBSettingsDialog component with API endpoints for config management
- Update dashboard navigation routes and menu structure
- Integrate external user management via auth portal
- Add NocoDB settings dialog to admin panel
- Add member CRUD operations with API endpoints
- Implement member list page with card-based layout
- Add member creation and viewing dialogs
- Support multiple nationalities with country flags
- Include phone number input with international formatting
- Integrate NocoDB as backend database
- Add comprehensive member data types and utilities
- Add Keycloak admin credentials configuration to environment variables
- Extract Keycloak admin operations into reusable utility module
- Refactor forgot-password endpoint to use new admin client utility
- Add documentation for Keycloak custom login implementation
- Add password reset fix summary documentation
This improves code organization by separating admin operations from
business logic and provides proper admin credentials for Keycloak
API operations instead of using regular client credentials.
- Replace ref with useState in useAuth for SSR compatibility
- Move navigation logic from top-level to onMounted hooks
- Add guest middleware to login page to prevent auth conflicts
- Simplify dashboard auth checks by relying on middleware
- Add loading state to index page during auth resolution
This prevents infinite redirect loops and hydration mismatches that
occurred during server-side rendering when navigating between
authenticated and unauthenticated states.
Add optional force parameter to checkAuth() to bypass throttling during
critical authentication flows like login, middleware, and initial auth
verification. This prevents iOS Safari login loops while maintaining
throttling for regular session checks.
- Add session check throttling in useAuth to prevent iOS Safari authentication loops
- Simplify admin dashboard by removing complex system metrics and stats
- Remove system-metrics utility and streamline stats API endpoint
- Update admin interface to focus on core user and role management
