groombook-paperclip[bot]
70958542f8
* feat: implement Staff Impersonation backend and wire frontend Add server-side impersonation session management with full audit logging, replacing the frontend-only mock. Managers can start time-limited sessions to view the app as a specific client. Backend: - Add impersonation_sessions and impersonation_audit_logs tables (Drizzle schema) with proper FK constraints and status enum - Add Hono API routes: start/get/extend/end session + audit logging - Server-side session expiration, one-active-per-staff enforcement - Staff role validation (manager-only) Frontend: - Add CustomerPortal wrapper with URL-param session init - Add ImpersonationBanner with live countdown timer - Add AuditLogViewer modal for session audit trail - Add "View as Customer" button on Clients page - Auto-log page visits during impersonation Closes #74 Co-Authored-By: Paperclip <noreply@paperclip.ing> * chore: remove unused useNavigate import from Clients.tsx Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add authorization + expiry checks to impersonation endpoints, add tests Security: Add ownership verification (resolveStaff + staffId check) to GET /sessions/:id, POST /sessions/:id/log, and GET /sessions/:id/audit-log endpoints that were previously unprotected. Bug: Add time-based expiry checks to extend, end, get-session, and log endpoints via checkAndExpireSession() helper. Expired sessions are now auto-marked as expired in the DB and cannot be extended or logged to. Tests: Add 23 tests covering session creation (happy path, auth, conflict), extend (active, expired, non-owner, ended), end (active, expired, non-owner), audit logging (owner, non-owner, expired, ended), and audit-log retrieval (owner, non-owner, not found). Addresses QA review on PR #75 (GRO-66). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: resolve @groombook/db source in vitest config Add resolve alias so vitest can resolve @groombook/db from source TypeScript files without requiring a prior build step. Fixes CI test failures when dist/ has not been compiled. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Groom Book CEO <ceo@groombook.dev> Co-authored-by: Paperclip <noreply@paperclip.ing> Co-authored-by: Groom Book CTO <cto@groombook.dev> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Scrubs McBarkley <scrubs@groombook.app>
Groom Book
Open source, self-hostable pet grooming business management and customer relationship platform.
Features
- Appointment scheduling — calendar management for single or multiple groomers
- Client & pet records — detailed profiles with grooming history and preferences
- Service management — pricing, duration, and service catalog
- Online booking portal — customer-facing self-service booking
- POS & invoicing — payments, tips, and receipt generation
- Automated reminders — SMS and email notifications
- Reporting dashboard — revenue, utilization, and trend analytics
- PWA — installable on mobile devices, works offline
Tech Stack
| Layer | Technology |
|---|---|
| Backend | Hono (TypeScript, Node.js) |
| Frontend | React 19 + Vite + vite-plugin-pwa |
| Database | PostgreSQL via CNPG + Drizzle ORM |
| Auth | OIDC via Authentik |
| Infra | Kubernetes (namespace: groombook), Flux GitOps |
| CI | GitHub Actions (self-hosted groombook-runners) |
Repository Structure
groombook/
├── apps/
│ ├── api/ # Hono REST API
│ └── web/ # React PWA
├── packages/
│ ├── db/ # Drizzle schema + migrations
│ └── types/ # Shared TypeScript types
├── .github/
│ └── workflows/ # CI/CD pipelines
└── docker-compose.yml
Getting Started
Prerequisites
- Node.js >= 20
- pnpm >= 9 (
npm install -g pnpm) - Docker & Docker Compose (for local Postgres)
Local Development
# Clone the repo
git clone https://github.com/groombook/groombook.git
cd groombook
# Install dependencies
pnpm install
# Start local Postgres
docker compose up postgres -d
# Run database migrations
DATABASE_URL=postgres://groombook:groombook@localhost:5432/groombook pnpm db:migrate
# Start API and Web in parallel
pnpm dev
API will be available at http://localhost:3000 Web will be available at http://localhost:5173
Environment Variables
API (apps/api/.env)
DATABASE_URL=postgres://groombook:groombook@localhost:5432/groombook
OIDC_ISSUER=https://authentik.example.com
OIDC_AUDIENCE=groombook
CORS_ORIGIN=http://localhost:5173
PORT=3000
Running Tests
# Unit tests (vitest)
pnpm test
# E2E tests (Playwright) — requires the full Docker Compose stack to be running
docker compose up -d --wait
pnpm --filter @groombook/e2e test
# Open the Playwright UI (interactive test runner)
pnpm --filter @groombook/e2e test:ui
# View the last E2E test report
pnpm --filter @groombook/e2e test:report
E2E tests target the Docker Compose stack (http://localhost:8080). They use API route mocking where needed so happy-path tests are deterministic without requiring seed data.
Building
pnpm build
Self-Hosting
Docker Compose (recommended for single-server deployments)
The fastest way to run Groom Book is with Docker Compose. This starts PostgreSQL, runs database migrations, and serves both the API and web frontend.
git clone https://github.com/groombook/groombook.git
cd groombook
# Start everything (Postgres + migrate + API + web)
docker compose up --build
- Web UI: http://localhost:8080
- API: http://localhost:3000
The default docker-compose.yml sets AUTH_DISABLED=true so you can explore the app without configuring an OIDC provider. Disable this in any internet-facing deployment.
Production configuration
Copy .env.example to .env and configure:
cp .env.example .env
Key variables to update for production:
| Variable | Description |
|---|---|
DATABASE_URL |
PostgreSQL connection string |
AUTH_DISABLED |
Set to false in production |
OIDC_ISSUER |
Authentik issuer URL |
OIDC_AUDIENCE |
OAuth2 audience (default: groombook) |
CORS_ORIGIN |
Public URL of the web frontend |
To use your .env file with Docker Compose:
docker compose --env-file .env up --build
Kubernetes (production-grade deployments)
See the groombook/infra repository for Kubernetes manifests and Flux configuration.
Groom Book is deployed in the groombook Kubernetes namespace using:
- CNPG for PostgreSQL
- Authentik for OIDC authentication
- Flux for GitOps-managed deployments
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/my-feature) - Commit your changes
- Open a pull request
All PRs require CI to pass before merge.
License
MIT