๐ข Toto Backoffice (toto-bo) Setup Guide
๐ Overviewโ
A comprehensive administrative interface for the Toto ecosystem, providing powerful tools for managing rescue cases, users, donations, and platform operations.
๐ General Setup: For general ecosystem setup and prerequisites, see the Development Setup Guide.
๐ Quick Startโ
Prerequisitesโ
- Node.js 18+
- Firebase project access
- Service account credentials
Installationโ
# Clone the repository
git clone <repository-url>
cd toto-bo
# Install dependencies
npm install
# Set up environment variables
cp .env.example .env.local
# Edit .env.local with your Firebase credentials
# Run the development server
npm run dev
Sample Data Populationโ
# Start the development server first
npm run dev
# Then seed the staging database via API endpoint
# PowerShell
Invoke-WebRequest -Uri "http://localhost:5000/api/init-staging-complete" -Method POST -ContentType "application/json"
# Or using cURL
curl -X POST http://localhost:5000/api/init-staging-complete -H "Content-Type: application/json"
This will create:
- 50 rescue cases (10 active with images, 40 completed)
- 200 users including 25 guardians
- 500 donations with realistic patterns
- 150 case updates and progress reports
- 300 user follows and engagements
- Complete backoffice data (tickets, notifications, audit logs)
๐๏ธ Architectureโ
Firebase Integrationโ
- Main Project:
toto-f9d2f(read-only access) - Backoffice Project:
toto-bo(read/write access) - Collections: Separated by access level and purpose
Deployment Configurationโ
- Staging: Uses Traditional Firebase Hosting (bypasses organization policy issues)
- Production: Uses Traditional Firebase Hosting (proven working pattern)
- Build Output: Next.js build to
.next/directory for optimal hosting performance - Status: โ Successfully deployed and working in staging environment
Data Flowโ
Main App (toto-f9d2f) โโ Backoffice (toto-bo)
โโโ Cases, Users, Donations (read-only)
โโโ Admin data, logs, settings (read/write)
๐ง Development Scriptsโ
Core Scriptsโ
# Development
npm run dev # Start development server
npm run build # Build for production
npm run start # Start production server
npm run lint # Run ESLint
# Testing
npm run test # Run Jest tests
npm run test:watch # Run tests in watch mode
npm run test:coverage # Generate coverage report
npm run test:e2e # Run Playwright E2E tests
npm run test:e2e:ui # Run E2E tests with UI
npm run test:all # Run all test suites
Specialized Testingโ
npm run test:api # Test API endpoints
npm run test:components # Test React components
npm run test:utils # Test utility functions
npm run test:integration # Test integration scenarios
npm run test:unit # Test unit functions
npm run test:auth # Test authentication
npm run test:security # Test security features
Firebase Setupโ
npm run setup:firebase # Setup Firebase configs
npm run setup:firebase:staging # Setup staging Firebase
npm run setup:firebase:production # Setup production Firebase
npm run setup # Setup connections
npm run check-connections # Check Firebase connections
npm run verify # Verify setup
Deploymentโ
npm run deploy # Deploy hosting only
npm run deploy:functions # Deploy functions only
npm run deploy:all # Deploy everything
npm run deploy:preview # Deploy preview channel
npm run deploy:staging # Deploy to staging
npm run deploy:production # Deploy to production
npm run deploy:blue-green # Blue-green deployment
Backup & Maintenanceโ
npm run backup # Backup Firestore
npm run backup:staging # Backup staging
npm run backup:production # Backup production
npm run backup:incremental # Incremental backup
npm run backup:cleanup # Cleanup old backups
npm run backup:list # List backups
Analysis & Utilitiesโ
npm run analyze # Analyze bundle
npm run build:analyze # Build with analysis
npm run capture:ui # Capture UI screenshots
npm run capture:ui:local # Capture local UI
npm run migrate # Migrate to Firebase
๐ฏ Key Featuresโ
Administrative Toolsโ
- Case Management: Complete case lifecycle management
- User Management: User accounts, roles, and permissions
- Donation Tracking: Donation management and analytics
- Content Moderation: Content review and approval
- Analytics Dashboard: Comprehensive platform analytics
Security Featuresโ
- Multi-Factor Authentication: TOTP-based MFA
- Role-Based Access Control: Admin and user role separation
- Rate Limiting: IP and user-based rate limiting
- Security Monitoring: Real-time threat detection
- GDPR Compliance: Complete data subject rights
Monitoring & Analyticsโ
- Real-time Monitoring: Performance and security monitoring
- Health Checks: Comprehensive health monitoring
- Performance Analytics: Performance metrics and optimization
- Security Analytics: Security event monitoring
- Audit Logging: Complete audit trail
๐ Security Implementationโ
Authenticationโ
- NextAuth.js: Session-based authentication
- Google OAuth: Google provider integration
- MFA Support: TOTP-based multi-factor authentication
- Session Security: Secure session management
Authorizationโ
- Role-Based Access: Admin and user role separation
- API Protection: Admin-only endpoint protection
- Permission Validation: Granular permission checks
Security Headersโ
- HSTS: HTTP Strict Transport Security
- CSP: Content Security Policy with nonce support
- X-Frame-Options: Clickjacking protection
- Permissions Policy: Comprehensive feature restrictions
Rate Limitingโ
- IP-based Limiting: IP-based rate limiting
- User-based Limiting: User-based rate limiting
- Endpoint-specific: Different limits per endpoint
- Brute Force Protection: Failed login attempt monitoring
๐ Performance Featuresโ
CDN Integrationโ
- Intelligent Caching: Static assets (1 year), dynamic content (1 hour)
- Compression: Gzip and Brotli compression
- Image Optimization: WebP/AVIF formats, responsive images
- Preloading: Critical resource preloading
Performance Monitoringโ
- Real-time Metrics: Page load, API response, database query tracking
- Performance Alerts: Automated alerting for slow responses
- Performance Reports: Comprehensive analytics with trends
- Bundle Optimization: Code splitting and lazy loading
๐งช Testing Strategyโ
Test Coverageโ
- Unit Tests: 95%+ coverage across all components
- Integration Tests: 45+ test cases for all APIs
- Security Tests: Authentication, authorization, and vulnerability testing
- Performance Tests: Load testing and benchmarking
- E2E Tests: Playwright-based end-to-end testing
Test Categoriesโ
- API Testing: All API endpoint testing
- Component Testing: React component testing
- Security Testing: Authentication and authorization testing
- Performance Testing: Performance benchmarking
- Integration Testing: Cross-component testing
๐ Deploymentโ
Environment Setupโ
- Staging:
toto-bo-stgproject - Production:
toto-boproject - Domain:
stg.bo.betoto.pet(staging),bo.betoto.pet(production)
Deployment Processโ
- Build: Next.js build process
- Test: Automated testing suite
- Deploy: Firebase hosting deployment
- Health Check: Post-deployment health verification
- Monitor: Real-time monitoring activation
Blue-Green Deployment (Future)โ
- Zero Downtime: Instant traffic switching
- Safe Testing: Test new version in production-like environment
- Quick Rollback: Instant rollback if issues detected
- Comprehensive Monitoring: Full deployment monitoring
๐ Documentationโ
API Documentationโ
- RESTful APIs: Complete API endpoint documentation
- Authentication: Authentication and authorization guides
- Rate Limiting: Rate limiting configuration
- Error Handling: Error response documentation
User Guidesโ
- Admin Guide: Complete administrative interface guide
- Security Guide: Security features and best practices
- Performance Guide: Performance optimization guide
- Deployment Guide: Deployment procedures and troubleshooting
๐ Related Projectsโ
- toto-app: Main application
- toto-ai-hub: AI conversational system
- toto-wallet: Payment processing system
๐ Licenseโ
MIT License - see project repository for license details.
For detailed documentation, architecture guides, and deployment instructions, please visit the toto-docs repository.