# School ERP System

Enterprise Resource Planning System for Schools built with modern stack.

## Tech Stack

### Backend
- **Rust** + **Axum** + **Tokio** - High-performance async web framework
- **MongoDB** - Primary database for flexible document storage
- **PostgreSQL** - For Finance module (ACID compliance)
- **Redis** - Caching and session management
- **REST API** + **WebSockets** - Real-time communication

### Frontend
- **Next.js 14** - React framework with App Router
- **TypeScript** - Type safety
- **Tailwind CSS** - Utility-first styling

### Mobile
- **Flutter** - Cross-platform mobile app (to be implemented)

### Security
- **Keycloak/OAuth2** - Identity and access management
- **JWT** - Short-lived access tokens (15 min)
- **Refresh Tokens** - Long-lived refresh tokens (7 days)
- **RBAC** - Role-Based Access Control
- **Audit Logs** - Track all system actions

### Operations
- **Prometheus** - Metrics collection
- **Grafana** - Visualization
- **Loki** - Log aggregation
- **Docker/Kubernetes** - Containerization and orchestration
- **Cloudflare WAF** - Web application firewall

## User Roles

### Core Roles (Required)
1. **Super Admin** - System root administrator (us)
2. **School Admin** - School ERP administrator
3. **Principal** - High-level authority and approvals
4. **Teacher** - Daily academic operations
5. **Student** - End user of academic services
6. **Parent/Guardian** - Transparency and communication

### Optional Roles
- Accountant/Fees Manager
- Librarian
- Transport Staff
- Hostel Warden
- Receptionist
- HOD/Coordinator
- Vice Principal
- Nurse/Medical Staff

## Project Structure

```
erp_codearya/
├── backend/              # Rust backend
│   ├── src/
│   │   ├── auth/        # Authentication & authorization
│   │   ├── modules/      # User-specific modules
│   │   │   ├── admin/
│   │   │   ├── principal/
│   │   │   ├── teacher/
│   │   │   ├── student/
│   │   │   ├── parent/
│   │   │   └── [optional roles]/
│   │   ├── common/      # Shared utilities
│   │   ├── api/         # API routes
│   │   └── websocket/   # WebSocket handlers
│   └── Cargo.toml
├── frontend/            # Next.js frontend
│   ├── src/
│   │   ├── app/         # Next.js app router
│   │   ├── components/  # React components
│   │   ├── lib/         # Utilities & API client
│   │   └── types/       # TypeScript types
│   └── package.json
├── mobile/              # Flutter mobile app (future)
├── shared/              # Shared types and configs
├── ops/                 # Operations configs
│   ├── docker/
│   ├── monitoring/
│   └── k8s/
├── scripts/             # Deployment and utility scripts
│   ├── setup.sh         # Initial setup
│   ├── START_SERVERS.sh # Start servers
│   └── [other scripts]
├── docs/                # Documentation and guides
│   ├── DEPLOYMENT_GUIDE.md
│   └── [other docs]
└── logs/                 # Application logs
```

## Quick Start

For quick setup and deployment, see the scripts in the `scripts/` directory:

```bash
# Initial setup
./scripts/setup.sh

# Start servers
./scripts/START_SERVERS.sh

# Complete setup (Apache + SSL)
./scripts/COMPLETE_SETUP.sh
```

For detailed documentation, see the `docs/` directory:
- `docs/DEPLOYMENT_GUIDE.md` - Full deployment guide
- `docs/QUICK_DEPLOY.md` - Quick deployment reference
- `docs/QUICK_START.md` - Quick start guide

## Setup Instructions

### Prerequisites

Ensure you have the following installed:
- ✅ Rust (1.92.0+)
- ✅ Node.js (20.19.6+)
- ✅ MongoDB (7.0.28+)
- ✅ PostgreSQL (16.11+)
- ✅ Redis (7.0.15+)
- ⚠️ Keycloak (to be installed)

### Backend Setup

1. Navigate to backend directory:
```bash
cd backend
```

2. Create `.env` file from `.env.example`:
```bash
cp .env.example .env
```

3. Update `.env` with your configuration:
```env
MONGODB_URI=mongodb://localhost:27017
MONGODB_DB=erp_school
DATABASE_URL=postgresql://localhost/erp_school
REDIS_URL=redis://localhost:6379
JWT_SECRET=your-super-secret-jwt-key
JWT_REFRESH_SECRET=your-super-secret-refresh-key
```

4. Build and run:
```bash
cargo build
cargo run
```

Backend will run on `http://localhost:3000`

### Frontend Setup

1. Navigate to frontend directory:
```bash
cd frontend
```

2. Install dependencies:
```bash
npm install
```

3. Create `.env.local` file:
```bash
NEXT_PUBLIC_API_URL=http://localhost:3000
```

4. Run development server:
```bash
npm run dev
```

Frontend will run on `http://localhost:3001`

### Database Setup

1. **MongoDB**: Ensure MongoDB is running
```bash
sudo systemctl start mongod
```

2. **PostgreSQL**: Create database
```bash
sudo -u postgres psql
CREATE DATABASE erp_school;
```

3. **Redis**: Ensure Redis is running
```bash
sudo systemctl start redis
```

### Initial User Creation

You'll need to create a super admin user in MongoDB. Use a script or MongoDB shell:

```javascript
// Connect to MongoDB
use erp_school

// Create super admin user (password: admin123 - CHANGE IN PRODUCTION)
// Password hash should be generated using bcrypt
db.users.insertOne({
  user_code: "SUPER_ADMIN_001",
  email: "admin@erp.local",
  password_hash: "$2b$12$...", // Use bcrypt to hash password
  role: "SUPER_ADMIN",
  permissions: [],
  is_active: true,
  created_at: new Date(),
  updated_at: new Date()
})
```

## Development

### Backend Development
- Run with hot reload: `cargo watch -x run`
- Run tests: `cargo test`
- Check linting: `cargo clippy`

### Frontend Development
- Development server: `npm run dev`
- Build: `npm run build`
- Production: `npm start`

## API Endpoints

### Authentication
- `POST /api/auth/login` - User login
- `POST /api/auth/refresh` - Refresh access token
- `POST /api/auth/logout` - User logout

### Health Check
- `GET /health` - Server health check

## Security Notes

⚠️ **IMPORTANT**: 
- Change all default secrets in production
- Use strong JWT secrets (min 32 characters)
- Enable HTTPS in production
- Configure Keycloak for production OAuth2
- Set up proper firewall rules
- Enable Cloudflare WAF

## Permissions Setup

You may need to set permissions for:
- `/var/www/html/erp_codearya` - Project directory
- `/etc/apache2/sites-available` - Apache configuration (if using Apache)

```bash
sudo chown -R $USER:$USER /var/www/html/erp_codearya
sudo chmod -R 755 /var/www/html/erp_codearya
```

## Next Steps

1. ✅ Project structure created
2. ✅ Backend authentication setup
3. ✅ Frontend login page
4. ⏳ Create initial super admin user
5. ⏳ Set up Keycloak
6. ⏳ Implement user-specific modules
7. ⏳ Set up monitoring (Prometheus/Grafana)
8. ⏳ Docker containerization
9. ⏳ Flutter mobile app

## License

Proprietary - All rights reserved