ramadhan sjamsani
a7a2a32d27
- Backend: Fastify with two listeners (public + internal), routes, services, DB migration + seed - client_app: Flutter with BLoC, all auth screens (welcome, display name, register, OTP, force-register) - mitra_app: Flutter with BLoC, OTP-only login - control_center: React + Vite, email/password login, mitra/user management, anonymity settings - Docs: phase1 plan, API contract, client app mockup - CLAUDE.md and shared memory for all subprojects Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3.6 KiB
3.6 KiB
Phase 1 Plan — Authentication
Overview
Three separate auth flows across three apps, backed by one Fastify backend, Firebase Auth, and PostgreSQL.
Database Schema
customers
| Column | Type | Notes |
|---|---|---|
id |
UUID PK | |
firebase_uid |
VARCHAR | null if anonymous |
phone |
VARCHAR | null if anonymous |
display_name |
VARCHAR | user-chosen, never from social |
is_anonymous |
BOOLEAN | true until phone/social linked |
created_at |
TIMESTAMP |
mitras
| Column | Type | Notes |
|---|---|---|
id |
UUID PK | |
firebase_uid |
VARCHAR | set on first login |
phone |
VARCHAR | primary identifier |
display_name |
VARCHAR | |
is_active |
BOOLEAN | toggled by control center |
created_at |
TIMESTAMP |
control_center_users
| Column | Type | Notes |
|---|---|---|
id |
UUID PK | |
firebase_uid |
VARCHAR | |
email |
VARCHAR | |
display_name |
VARCHAR | |
role_id |
FK → roles |
|
created_at |
TIMESTAMP |
roles
| Column | Type | Notes |
|---|---|---|
id |
UUID PK | |
name |
VARCHAR | e.g. super_admin, operator |
permissions |
JSONB | flexible permissions object |
created_at |
TIMESTAMP |
Backend (/backend)
Public routes (port 3000)
POST /api/shared/customer/anonymous— create anonymous customer with display namePOST /api/shared/customer/link— link phone/social to existing anonymous customerPOST /api/client/auth/verify— verify Firebase JWT, return customer profilePOST /api/mitra/auth/verify— verify Firebase JWT, return mitra profile
Internal routes (port 3001)
POST /internal/mitras— create mitra recordPATCH /internal/mitras/:id/status— activate/deactivate mitraPOST /internal/control-center-users— create control center userGET /internal/control-center-users— list usersPOST /internal/auth/verify— verify Firebase JWT, return CC user + role + permissionsGET /internal/config/anonymity— get anonymity settingPATCH /internal/config/anonymity— toggle anonymity on/off
client_app (/client_app)
Screens:
- Welcome — "Continue as Guest" or "Register"
- Pick Display Name — shown to all users (anonymous and registering)
- Register — phone OTP or social login (Google/Apple)
- Force Register Wall — shown after session ends if anonymity is disabled; display name pre-filled
Firebase Auth flows:
- Phone OTP via
firebase_auth - Google Sign-In via
google_sign_in - Apple Sign-In via
sign_in_with_apple
mitra_app (/mitra_app)
Screens:
- Login — phone number input
- OTP Verification
- Home (post-login, Phase 1 placeholder)
Notes:
- No self-register screen — login only
- If phone not found in
mitrastable → show error "Account not found. Contact your administrator." - If mitra
is_active = false→ show error "Account is inactive. Contact your administrator."
control_center (/control_center)
Screens:
- Login — email + password (Firebase Auth)
- Mitra Management — create mitra, toggle active/inactive
- Control Center User Management — create users, assign roles
- Settings — toggle anonymity on/off
Seed Script
- Creates first
super_adminrole with full permissions - Creates first control center user (email + password via Firebase Auth + DB record)
Out of Scope for Phase 1
- Mitra onboarding flow (documents, verification)
- Chat / session features
- Payment / trial period
- Real-time features
- Specific role definitions (RBAC scaffolded, roles defined later)