Ryan Kegel
a8d7427a95
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 1m44s
- Added E2E test setup in `auth_api.py` with `/e2e-seed` endpoint for database reset and test user creation. - Integrated Playwright for end-to-end testing in the frontend with necessary dependencies in `package.json` and `package-lock.json`. - Created Playwright configuration in `playwright.config.ts` to manage test execution and server setup. - Developed new skills for Playwright best practices, visual regression, smoke test generation, and self-healing tests. - Implemented new test cases for chore creation in `chores-create.smoke.spec.ts` and `chores-create.spec.ts`. - Added page object models for `ChildEditPage` and `LandingPage` to streamline test interactions. - Updated `.gitignore` to exclude Playwright reports and test results. - Enhanced documentation in `copilot-instructions.md` for testing and E2E setup.
Reward - Chore & Reward Management System
A family-friendly application for managing chores, tasks, and rewards for children.
🏗️ Architecture
- Backend: Flask (Python) with TinyDB for data persistence
- Frontend: Vue 3 (TypeScript) with real-time SSE updates
- Deployment: Docker with nginx reverse proxy
🚀 Getting Started
Backend
cd backend
python -m venv .venv
.venv\Scripts\activate # Windows
source .venv/bin/activate # Linux/Mac
pip install -r requirements.txt
python -m flask run --host=0.0.0.0 --port=5000
Frontend
cd frontend/vue-app
npm install
npm run dev
🔧 Configuration
Environment Variables
| Variable | Description | Default |
|---|---|---|
ACCOUNT_DELETION_THRESHOLD_HOURS |
Hours to wait before deleting marked accounts | 720 (30 days) |
DB_ENV |
Database environment (prod or test) |
prod |
DATA_ENV |
Data directory environment (prod or test) |
prod |
Account Deletion Scheduler
The application includes an automated account deletion scheduler that removes user accounts marked for deletion after a configurable threshold period.
Key Features:
- Runs every hour checking for accounts due for deletion
- Configurable threshold between 24 hours (minimum) and 720 hours (maximum)
- Automatic retry on failure (max 3 attempts)
- Restart-safe: recovers from interruptions during deletion
Deletion Process: When an account is marked for deletion, the scheduler will automatically:
- Remove all pending rewards for the user's children
- Remove all children belonging to the user
- Remove all user-created tasks
- Remove all user-created rewards
- Remove uploaded images from database
- Delete user's image directory from filesystem
- Remove the user account
Configuration: Set the deletion threshold via environment variable:
export ACCOUNT_DELETION_THRESHOLD_HOURS=168 # 7 days
Monitoring:
- Logs are written to
logs/account_deletion.logwith rotation (10MB max, 5 backups) - Check logs for deletion summaries and any errors
🔌 API Endpoints
Admin Endpoints
All admin endpoints require JWT authentication and admin role.
Note: Admin users must be created manually or via the provided script (backend/scripts/create_admin.py). The admin role cannot be assigned through the signup API for security reasons.
Creating an Admin User:
cd backend
python scripts/create_admin.py
Account Deletion Management
GET /api/admin/deletion-queue- View users pending deletionGET /api/admin/deletion-threshold- Get current deletion thresholdPUT /api/admin/deletion-threshold- Update deletion threshold (24-720 hours)POST /api/admin/deletion-queue/trigger- Manually trigger deletion scheduler
User Endpoints
POST /api/user/mark-for-deletion- Mark current user's account for deletionGET /api/me- Get current user infoPOST /api/login- User loginPOST /api/logout- User logout
🧪 Testing
Backend Tests
cd backend
pytest tests/
Frontend Tests
cd frontend/vue-app
npm run test
📝 Features
- ✅ User authentication with JWT tokens
- ✅ Child profile management
- ✅ Task assignment and tracking
- ✅ Reward system
- ✅ Real-time updates via SSE
- ✅ Image upload and management
- ✅ Account deletion with grace period
- ✅ Automated cleanup scheduler
🔒 Security
- JWT tokens stored in HttpOnly, Secure, SameSite=Strict cookies
- Role-Based Access Control (RBAC): Admin endpoints protected by admin role validation
- Admin users can only be created via direct database manipulation or provided script
- Regular users cannot escalate privileges to admin
- Account deletion requires email confirmation
- Marked accounts blocked from login immediately
📁 Project Structure
.
├── backend/
│ ├── api/ # REST API endpoints
│ ├── config/ # Configuration files
│ ├── db/ # TinyDB setup
│ ├── events/ # SSE event system
│ ├── models/ # Data models
│ ├── tests/ # Backend tests
│ └── utils/ # Utilities (scheduler, etc)
├── frontend/
│ └── vue-app/
│ └── src/
│ ├── common/ # Shared utilities
│ ├── components/ # Vue components
│ └── layout/ # Layout components
└── .github/
└── specs/ # Feature specifications
🛠️ Development
For detailed development patterns and conventions, see .github/copilot-instructions.md.
📚 References
- Reset flow (token validation, JWT invalidation, cross-tab logout sync):
docs/reset-password-reference.md
📄 License
Private project - All rights reserved.