ilia/mirror_match
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mirror_match/README.md
ilia efb6519ffe
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m23s
Details
CI / lint-and-type-check (pull_request) Successful in 1m47s
Details
CI / test (pull_request) Successful in 1m51s
Details
CI / build (pull_request) Successful in 1m52s
Details
CI / secret-scanning (pull_request) Successful in 1m25s
Details
CI / dependency-scan (pull_request) Successful in 1m28s
Details
CI / sast-scan (pull_request) Successful in 2m32s
Details
CI / workflow-summary (pull_request) Successful in 1m22s
Details
# Cleanup Checklist 
This document lists code and features that were added during development/debugging that might be candidates for cleanup or removal in the future.

## Debug/Development Code

### 1. Verbose Logging in Production
**Location:** Multiple files
**Status:** Consider reducing in production

- `lib/auth.ts` - Session callback logging (lines 78-103, 105-113)
  - Logs full session details on every session creation
  - Could be reduced to warnings only or removed in production

- `app/photos/page.tsx` - Page render logging (lines 12-33)
  - Logs auth() calls and session details
  - Useful for debugging but verbose for production

- `app/api/debug/session/route.ts` - Entire debug endpoint
  - Created for debugging session issues
  - Consider removing or protecting with admin-only access
  - Or move to development-only route

### 2. Activity Logging
**Location:** `lib/activity-log.ts`, `proxy.ts`, API routes
**Status:** Keep but consider optimization

- Activity logging is useful for monitoring
- Consider:
  - Moving to structured logging (JSON format)
  - Adding log rotation/retention policies
  - Option to disable in production if not needed
  - Rate limiting logs to prevent spam

### 3. Upload Verification Logging
**Location:** `app/api/photos/upload/route.ts`
**Status:** Keep but reduce verbosity

- Lines 89-91: Directory creation/existence logging
- Lines 101: File save verification logging
- Useful for debugging but could be reduced to errors only

### 4. Middleware Debug Logging
**Location:** `proxy.ts`
**Status:** Keep but consider reducing

- Lines 22-37: Activity logging for all requests
- Useful for monitoring but generates many logs
- Consider: log only important events or add log level filtering

## Unused/Redundant Code

### 5. Legacy Upload Route
**Location:** `app/api/photos/route.ts`
**Status:** Consider deprecating

- Legacy URL-based upload endpoint
- New uploads use `/api/photos/upload`
- Consider:
  - Marking as deprecated
  - Removing if not used
  - Or consolidating with upload route

### 6. Multiple Upload Routes
**Location:** `app/api/photos/upload/route.ts` and `app/api/photos/upload-multiple/route.ts`
**Status:** Keep but document usage

- Two separate upload endpoints
- Consider if both are needed or can be consolidated

### 7. Proxy.ts Cookie Name Variable
**Location:** `proxy.ts` line 15
**Status:** Minor cleanup

- `cookieName` variable defined but could use constant
- Consider moving to shared constant or env var

## Configuration Cleanup

### 8. Next.js Config
**Location:** `next.config.ts`
**Status:** Review

- Image optimization settings (line 19: `unoptimized: false`)
- Consider if all remote patterns are needed
- Review Turbopack configuration if not using

## Documentation Cleanup

### 10. ARCHITECTURE.md References
**Location:** `ARCHITECTURE.md` line 156
**Status:** Update

- Still references `middleware.ts` in some places
- Should reference `proxy.ts` instead
- Update all middleware references

## Testing/Debugging Utilities

### 11. Watch Activity Script
**Location:** `watch-activity.sh` (if created)
**Status:** Keep or document

- Useful utility for monitoring
- Consider adding to README or removing if not needed

## Recommendations

### High Priority (Consider Removing)
1. `app/api/debug/session/route.ts` - Debug endpoint (protect or remove)
2. Verbose logging in `app/photos/page.tsx` - Reduce to errors only
3. Update ARCHITECTURE.md middleware references

### Medium Priority (Optimize)
1. Activity logging - Add log levels or filtering
2. Upload logging - Reduce verbosity
3. Session callback logging - Reduce in production

### Low Priority (Keep)
1. Activity logging utility - Useful for monitoring
2. Multiple upload routes - Document usage
3. Watch activity script - Useful utility

## Notes

- **Consider** adding environment-based log levels (DEBUG, INFO, WARN, ERROR)
- **Consider** moving debug endpoints behind admin authentication
- **Consider** adding log rotation/retention for production

---

Do all these in stages. create new tests and test and docuemtn  as u go.

add DEBUG, INFO, WARN, ERROR flags and only show when asked for. create new branch.
2026-01-04 19:34:21 -05:00

11 KiB
Raw Blame History

MirrorMatch

A photo guessing game where users upload photos and other users guess who is in the picture to earn points. Built with Next.js, PostgreSQL, and NextAuth.

📚 Important: Read Documentation First

Before making code changes, please read:

  • .cursor/rules/mirrormatch.mdc - Project rules and guidelines
  • ARCHITECTURE.md - System design and data flows
  • CONTRIBUTING.md - Coding conventions and workflow
  • SECURITY.md - Security practices
  • This README - Setup and usage

Keep documentation updated: When you modify code that changes behavior or architecture, update the relevant documentation files to keep them in sync.

Features

  • User Management: Admin can create users with email/password authentication
  • Photo Upload: Users can upload photos with answer names
  • Guessing Game: Users guess who is in photos to earn points
  • Email Notifications: Users receive emails when new photos are uploaded
  • Leaderboard: Track user points and rankings
  • Profile Management: Users can view their points and change passwords

Tech Stack

  • Framework: Next.js 16 (App Router)
  • Language: TypeScript
  • Database: PostgreSQL
  • ORM: Prisma
  • Authentication: NextAuth.js (Credentials Provider)
  • Styling: Tailwind CSS
  • Email: Nodemailer (Ethereal in dev, SMTP in production)

Prerequisites

  • Node.js 18+ and npm
  • PostgreSQL database (local or remote)
  • For production: SMTP email server credentials

Installation

  1. Clone the repository (if applicable) or navigate to the project directory:

    cd mirrormatch

  2. Install dependencies:

    npm install

  3. Set up environment variables: Create a .env file in the root directory with the following variables:

    # Database
DATABASE_URL="postgresql://user:password@localhost:5432/mirrormatch?schema=public"

# NextAuth
NEXTAUTH_URL="http://localhost:3000"
NEXTAUTH_SECRET="your-secret-key-here-generate-with-openssl-rand-base64-32"

# Email Configuration (for production)
SMTP_HOST="smtp.example.com"
SMTP_PORT="587"
SMTP_USER="your-email@example.com"
SMTP_PASSWORD="your-email-password"
SMTP_FROM="MirrorMatch <noreply@mirrormatch.com>"

    Generate NEXTAUTH_SECRET:

    openssl rand -base64 32

    Note: In development, emails will use Ethereal (test emails) or console logging. No SMTP config is needed for dev mode.

  4. Set up the database:

    # Generate Prisma Client
npm run db:generate

# Run migrations
npm run db:migrate

# Or push schema directly (for development)
npm run db:push

  5. Seed the database (creates default admin user):

    npm run db:seed

    This creates an admin user with:

    • Email: admin@mirrormatch.com
    • Password: admin123
    • ⚠️ Important: Change this password after first login!

Basic Usage

Workflow Overview

  1. Admin creates users:

    • Admin logs in and navigates to /admin
    • Creates new users with email, password, and role
    • Users receive temporary passwords

  2. Users log in:

    • Users navigate to /login
    • Enter email and password
    • Access the main application

  3. Users upload photos:

    • Navigate to /upload
    • Enter photo URL and answer name (the correct name to guess)
    • Photo is saved and emails are sent to all other users

  4. Users guess photos:

    • View photos on /photos page
    • Click a photo to view details
    • Submit guesses for who is in the photo
    • Earn points for correct guesses (case-insensitive matching)

  5. Leaderboard:

    • View rankings on /leaderboard page
    • See all users sorted by points
    • Track your own position

Key Features

  • Admin Panel: Create and manage users, reset passwords
  • Photo Upload: Upload photos with answer names
  • Guessing System: Submit guesses and earn points
  • Email Notifications: Get notified when new photos are uploaded
  • Leaderboard: Track user rankings by points
  • Profile Management: View points and change password

Running the Application

Development

npm run dev

Open http://localhost:3000 in your browser.

Production

npm run build
npm start

Deployment Notes

Important Configuration:

  • Ensure NODE_ENV=production is set in production
  • Set NEXTAUTH_URL to your production domain (e.g., https://yourdomain.com)
  • Set AUTH_TRUST_HOST=true if using reverse proxy
  • Ensure DATABASE_URL points to your production database
  • Files are stored in public/uploads/ directory - ensure this directory persists across deployments

File Uploads:

  • Photos are uploaded to public/uploads/ directory
  • Files are served via /api/uploads/[filename] API route
  • Ensure the uploads directory has proper write permissions

Upload Endpoints:

  • POST /api/photos/upload - Single photo upload (supports both file and URL uploads)
  • POST /api/photos/upload-multiple - Multiple photo uploads in batch (used by upload page)
  • Files are stored on the filesystem (not in database)

Monitoring Activity:

  • User activity is logged to console/systemd logs
  • Watch logs in real-time: sudo journalctl -u app-backend -f | grep -E "\[ACTIVITY\]|\[PHOTO_UPLOAD\]|\[GUESS_SUBMIT\]"
  • Activity logs include: page visits, photo uploads, guess submissions
  • Note: For local development, use ./watch-activity.sh script (if systemd/journalctl is not available, check application logs directly)

Database Commands

  • npm run db:generate - Generate Prisma Client
  • npm run db:migrate - Run database migrations
  • npm run db:push - Push schema changes to database (dev only)
  • npm run db:studio - Open Prisma Studio (database GUI)
  • npm run db:seed - Seed database with initial admin user

Querying the Database

Get all photo answers:

psql "postgresql://user:password@host:5432/database" -c "SELECT \"answerName\" FROM \"Photo\" ORDER BY \"createdAt\" DESC;"

Get answers with uploader info:

psql "postgresql://user:password@host:5432/database" -c "SELECT p.\"answerName\", p.url, u.name as uploader, p.\"createdAt\" FROM \"Photo\" p JOIN \"User\" u ON p.\"uploaderId\" = u.id ORDER BY p.\"createdAt\" DESC;"

Creating the First Admin User

The seed script automatically creates an admin user. If you need to create one manually:

  1. Run the seed script: npm run db:seed
  2. Or use Prisma Studio: npm run db:studio and create a user with role: "ADMIN"

Project Structure

mirrormatch/
├── app/                    # Next.js App Router pages
│   ├── api/               # API routes
│   │   ├── admin/        # Admin API routes
│   │   ├── auth/         # NextAuth routes
│   │   ├── photos/       # Photo-related API routes
│   │   └── profile/      # Profile API routes
│   ├── admin/            # Admin panel page
│   ├── leaderboard/      # Leaderboard page
│   ├── login/            # Login page
│   ├── photos/           # Photos listing and detail pages
│   ├── profile/          # User profile page
│   └── upload/           # Photo upload page
├── components/            # React components
├── lib/                   # Utility libraries
│   ├── auth.ts           # NextAuth configuration
│   ├── email.ts          # Email sending utilities
│   ├── prisma.ts         # Prisma client instance
│   └── utils.ts          # Helper functions
├── prisma/                # Prisma schema and migrations
│   ├── schema.prisma     # Database schema
│   └── seed.ts           # Database seed script
└── types/                 # TypeScript type definitions

Features Overview

Authentication

  • Email/password login via NextAuth
  • Protected routes with middleware
  • Role-based access control (ADMIN/USER)

Admin Panel (/admin)

  • View all users
  • Create new users
  • Reset user passwords
  • View user points and roles

Photo Upload (/upload)

  • Upload photos via file upload or URL
  • Files are stored in public/uploads/ directory
  • Files are served via /api/uploads/[filename] API route
  • Set answer name for guessing
  • Automatically sends email notifications to all other users
  • Duplicate file detection (SHA256 hash)

Photo Guessing (/photos/[id])

  • View photo and uploader info
  • Submit guesses
  • Get instant feedback (correct/wrong)
  • Earn points for correct guesses
  • Case-insensitive matching

Leaderboard (/leaderboard)

  • View all users ranked by points
  • See your own ranking highlighted

Profile (/profile)

  • View your points and account info
  • Change password (requires current password)

Email Configuration

Development

In development mode, the app uses:

  • Ethereal Email (if available) - provides test email accounts with preview URLs
  • Console transport (fallback) - logs emails to console

Check the console for email preview URLs when using Ethereal.

Production

Set up SMTP credentials in .env:

  • SMTP_HOST - Your SMTP server hostname
  • SMTP_PORT - SMTP port (usually 587 for TLS, 465 for SSL)
  • SMTP_USER - SMTP username
  • SMTP_PASSWORD - SMTP password
  • SMTP_FROM - From address for emails

Security Notes

  • Passwords are hashed using bcrypt
  • NextAuth handles session management
  • Middleware protects routes
  • Admin routes are restricted to ADMIN role
  • SQL injection protection via Prisma

Troubleshooting

Database Connection Issues

  • Verify DATABASE_URL is correct
  • Ensure PostgreSQL is running
  • Check database exists and user has permissions

Email Not Sending

  • In dev: Check console for Ethereal preview URLs
  • In production: Verify SMTP credentials
  • Check email service logs

Authentication Issues

  • Verify NEXTAUTH_SECRET is set
  • Check NEXTAUTH_URL matches your app URL
  • Set AUTH_TRUST_HOST=true if using reverse proxy
  • Clear browser cookies if needed
  • Check middleware logs: sudo journalctl -u app-backend | grep "Middleware"

Photo Upload Issues

  • Verify public/uploads/ directory exists and has write permissions
  • Check file upload logs: sudo journalctl -u app-backend | grep "UPLOAD"
  • Ensure files are being saved: check public/uploads/ directory
  • Files are served via /api/uploads/[filename] - verify API route is accessible

Build Issues

  • If build fails with DATABASE_URL not set, this is expected - Prisma initialization is lazy
  • Ensure all environment variables are set in production
  • Check for TypeScript errors: npm run type-check

Documentation

This project maintains comprehensive documentation:

  • README.md (this file) - Setup, installation, and basic usage
  • ARCHITECTURE.md - System architecture, data models, and application flows
  • CONTRIBUTING.md - Coding conventions and development workflow
  • SECURITY.md - Security practices and vulnerability reporting
  • .cursor/rules/mirrormatch.mdc - Project rules for AI tools and developers

For Developers and AI Tools:

⚠️ Important: Before making code changes, read .cursor/rules/mirrormatch.mdc, ARCHITECTURE.md, CONTRIBUTING.md, SECURITY.md, and this README. Keep them updated when behavior or architecture changes.

  • Always read the relevant documentation before making changes
  • Update documentation when behavior or architecture changes
  • Keep all documentation files in sync with code changes
  • Follow the guidelines in each document

License

MIT