feat: transform to frontend-only app with external API integration

[konard]

Summary

This pull request completely transforms the TaskMateFrontend application from a full-stack Laravel application into a pure frontend application that connects to the external TaskMate Telegram Bot API. All authentication and business logic is now handled by the external API, with Laravel serving only as a view renderer.

Changes Overview

🔥 Backend Removal (Complete)

Removed all local authentication infrastructure:

• ❌ User model (app/Models/User.php)
• ❌ Setting model (app/Models/Setting.php)
• ❌ User migration (database/migrations/0001_01_01_000000_create_users_table.php)
• ❌ Settings migration (database/migrations/2025_10_24_192717_create_settings_table.php)
• ❌ UserFactory (database/factories/UserFactory.php)

Removed all authentication controllers:

• ❌ app/Http/Controllers/Auth/ (entire directory)
  • LoginController
  • RegistrationController
  • PasswordResetLinkController
  • NewPasswordController
  • ConfirmationController
  • VerificationController
• ❌ app/Http/Controllers/Settings/ (entire directory)
  • ProfileController
  • PasswordController
  • AppearanceController
  • BotApiController
• ❌ ApiProxyController (no longer needed)

Removed backend routes and tests:

• ❌ routes/auth.php (entire file)
• ❌ tests/Feature/Auth/ (all auth tests)
• ❌ tests/Feature/Settings/ (all settings tests)

Removed unnecessary auth views:

• ❌ resources/views/auth/confirm-password.blade.php
• ❌ resources/views/auth/forgot-password.blade.php
• ❌ resources/views/auth/reset-password.blade.php
• ❌ resources/views/auth/verify-email.blade.php

✨ Frontend API Integration (New)

1. API Client Rewrite (resources/js/api-client.js)

• ✅ Direct connection to external API (no proxy)
• ✅ API URL configured via VITE_API_URL environment variable
• ✅ Bearer token authentication with localStorage
• ✅ Automatic token storage and retrieval
• ✅ 401 handling with automatic redirect to login
• ✅ User data caching in localStorage
• ✅ Complete API endpoint coverage:
  • Authentication (login, logout, register)
  • Users management
  • Dealerships
  • Shifts
  • Tasks
  • Dashboard
  • Settings

2. Frontend Auth Guard (resources/js/auth-guard.js)

• ✅ Client-side route protection
• ✅ Automatic redirect to login for unauthenticated users
• ✅ Intended URL preservation for post-login redirect
• ✅ Redirect authenticated users away from login/register pages
• ✅ Runs on every page load

3. Updated Authentication Views

Login (resources/views/auth/login.blade.php)

• ✅ Alpine.js integration for form handling
• ✅ Direct API login via apiClient.login()
• ✅ Token and user data storage
• ✅ Error and success message display
• ✅ Loading state management
• ✅ Session expiry message support

Register (resources/views/auth/register.blade.php)

• ✅ Alpine.js integration for form handling
• ✅ Direct API registration via apiClient.register()
• ✅ Client-side password confirmation
• ✅ Token and user data storage
• ✅ Error and success message display

Header (resources/views/components/layouts/app/header.blade.php)

• ✅ Load user data from localStorage
• ✅ Display user name and initials
• ✅ Frontend logout via apiClient.logout()
• ✅ Automatic redirect after logout

🔧 Configuration

Environment Variables (.env.example)

# TaskMate Telegram Bot API Configuration
# URL of the external API (without /api/v1 suffix)
VITE_API_URL=http://localhost:8007/api/v1

📝 Routes Simplification (routes/web.php)

Before: Complex routes with auth middleware, CSRF protection, controllers
After: Simple view-only routes - no middleware, no controllers

All routes now just serve views:

• Public pages: /, /login, /register
• Protected pages (guarded by frontend): /dashboard, /tasks, /dealerships, /users, /settings

🎯 How It Works

1. Initial Load: User visits any page → auth-guard.js checks localStorage for token
2. Protected Route: No token → redirect to /login
3. Login: User submits form → API login → store token/user → redirect to dashboard
4. Authenticated Request: api-client.js adds Bearer {token} header automatically
5. API 401 Response: Clear localStorage → redirect to /login?expired=1
6. Logout: Call API logout → clear localStorage → redirect to /login

📊 Statistics

• Files Changed: 37
• Lines Removed: 2,024 (backend code)
• Lines Added: 981 (frontend integration)
• Net Reduction: 1,043 lines (simpler, more focused codebase)

🔗 Related

• Issue: Frontend update #28
• External API: TaskMateTelegramBot
• API Spec: swagger.yaml

✅ Testing Checklist

• Configure VITE_API_URL in .env
• Run npm run build or npm run dev
• Visit /login - should see login form
• Test login with external API credentials
• Verify token stored in localStorage
• Navigate to /dashboard - should be accessible
• Refresh page - should remain authenticated
• Test logout - should clear token and redirect
• Try accessing /dashboard without token - should redirect to login

📦 Deployment Notes

1. Set VITE_API_URL to production API endpoint
2. Run npm run build to compile assets
3. Deploy Laravel app (only serves views now)
4. No database migrations needed
5. No backend authentication setup required

---

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

Fixes #28

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

📎 Log file uploaded as GitHub Gist (328KB)
🔗 View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.