Fix and cleanup for Events.WebApi

Events-WebApi/README.md

@@ -1,121 +1,192 @@
 ## Solution Overview
 
+`Events-WebApi` currently contains these projects:
 
+- `Events.ClientApp` - Vue 3 + Vite single-page application
+- `Events.WebAPI` - main ASP.NET Core REST API for CRUD and lookup operations
+- `Events.FilesAPI` - ASP.NET Core API for certificate and Excel export downloads
+- `Events.Auth` - shared authentication project for JWT and policy configuration
+- `Events.WebAPI.Contract` - DTO, command, query, and message contracts
+- `Events.WebAPI.Handlers.EF` - EF Core models, `DbContext`, and handlers
 
-Swagger UI is exposed at:
+The typical runtime setup is:
 
-```text
-https://localhost:7290/docs
-```
+- `Events.ClientApp` calls `Events.WebAPI`
+- `Events.ClientApp` downloads files from `Events.FilesAPI`
+- `Events.WebAPI` publishes registration events to RabbitMQ
+- `Events.FilesAPI` consumes those events and synchronizes generated files
+- both APIs use PostgreSQL and the same Auth0 authority/audience
 
-The exact port may vary depending on your local launch profile.
+## Default Local URLs
+
+According to the current `launchSettings.json` files:
+
+- `Events.WebAPI` -> `https://localhost:7295`
+- `Events.FilesAPI` -> `https://localhost:7296`
+- Swagger for `Events.WebAPI` -> `https://localhost:7295/docs`
+- the Vite dev server for `Events.ClientApp` is typically `http://localhost:5173`
+
+Ports may differ if you change the launch profile or run the projects with a different profile.
 
 ## Prerequisites
 
 - .NET SDK 10.0
-- Docker Desktop
-- PostgreSQL, usually via [docker-definitions](docker-definitions/README.md)
-- RabbitMQ if you want to run the full API with its real MassTransit transport
-- Node.js 20+ for the client app
-- An Auth0 tenant if you want to run real bearer-token and browser-login flows outside the test suite
+- Node.js 20+
+- PostgreSQL
+- RabbitMQ
+- An Auth0 tenant if you want real login and bearer-token flows
+
+## Authentication Setup Options
+
+To use the solution as-is, you need working Auth0 configuration for both:
+
+- an API application using the configured audience
+- a SPA application used by `Events.ClientApp`
+
+In practice, that means you either:
+
+1. create and configure the required applications in Auth0, then keep the current `Authorize` attributes and SPA login flow
+2. simplify the solution for local/demo usage by removing `Authorize` attributes from the APIs and removing Auth0-based authorization from the SPA
+
+If you choose the second option, remember that:
+
+- `Events.WebAPI` and `Events.FilesAPI` currently expect bearer tokens on protected endpoints
+- `Events.ClientApp` is wired to request Auth0 access tokens before calling protected APIs
+- removing authorization from only one layer usually is not enough; the APIs and SPA should be adjusted together
 
 ## Configuration
 
-`Events.WebAPI` reads settings from:
+### WebAPI and FilesAPI
 
-- [Events.WebAPI/appsettings.json](Topic2/Events.WebAPI/appsettings.json)
-- [Events.WebAPI/appsettings.Development.json](Topic2/Events.WebAPI/appsettings.Development.json)
-- the shared .NET user secrets store with id `Erasmus-STA-2026`
+Both APIs use:
 
-Important configuration sections:
-
-- `ConnectionStrings:EventDB`
 - `RabbitMq:Host`
 - `RabbitMq:Username`
 - `RabbitMq:Password`
 - `Auth:Authority`
 - `Auth:Audience`
-- `Paths:Certificates`
 
-The current Auth configuration in [Events.WebAPI/appsettings.json](Topic2/Events.WebAPI/appsettings.json) is:
+`Events.FilesAPI` additionally uses:
 
-- `Auth:Authority=https://fer-web2.eu.auth0.com/`
-- `Auth:Audience=https://erasmus-sta-2026/events-api`
+- `Paths:OutputPath`
 
-Set the PostgreSQL connection string:
+Authentication settings are now applied through the shared `Events.Auth` project, but each API still reads its own values from configuration and passes them into the shared setup.
+
+### Connection String Note
+
+The current `Program.cs` files for both APIs read the connection string from:
+
+- `ConnectionStrings:EventsPostgres`
+
+Examples:
 
 ```powershell
-dotnet user-secrets set "ConnectionStrings:EventDB" "Host=localhost;Port=5432;Database=events;Username=sport;Password=your-password;Persist Security Info=True;" --project Topic2\Events.WebAPI\Events.WebAPI.csproj
+dotnet user-secrets set "ConnectionStrings:EventsPostgres" "Host=localhost;Port=5432;Database=events;Username=sport;Password=your-password;Persist Security Info=True;" --project Events.WebAPI\Events.WebAPI.csproj
+dotnet user-secrets set "ConnectionStrings:EventsPostgres" "Host=localhost;Port=5432;Database=events;Username=sport;Password=your-password;Persist Security Info=True;" --project Events.FilesAPI\Events.FilesAPI.csproj
 ```
 
-You can also override RabbitMQ and Auth settings with user secrets if you do not want to keep local values in `appsettings.json`.
+If needed, you can also override the Auth values with user secrets:
 
-For the SPA client, copy `Topic2/Events.ClientApp/.env.example` to `.env.local`. The example file already contains the current Auth0 values used by this repository:
+```powershell
+dotnet user-secrets set "Auth:Authority" "https://fer-web2.eu.auth0.com/" --project Events.WebAPI\Events.WebAPI.csproj
+dotnet user-secrets set "Auth:Audience" "https://erasmus-sta-2026/events-api" --project Events.WebAPI\Events.WebAPI.csproj
+
+dotnet user-secrets set "Auth:Authority" "https://fer-web2.eu.auth0.com/" --project Events.FilesAPI\Events.FilesAPI.csproj
+dotnet user-secrets set "Auth:Audience" "https://erasmus-sta-2026/events-api" --project Events.FilesAPI\Events.FilesAPI.csproj
+```
+
+### ClientApp
+
+For the SPA client, copy `Events.ClientApp/.env.example` to `.env.local`:
+
+```powershell
+Copy-Item Events.ClientApp\.env.example Events.ClientApp\.env.local
+```
+
+The current example includes:
 
 - `VITE_AUTH0_DOMAIN=fer-web2.eu.auth0.com`
 - `VITE_AUTH0_CLIENT_ID=whed5Hdb8l1b1fGyyAz7Qrdsb2oKcSh3`
 - `VITE_AUTH0_AUDIENCE=https://erasmus-sta-2026/events-api`
-
-`Paths:Certificates` points to the directory where generated certificates and Excel files are stored. By default it is:
-
-```text
-./Certificates
-```
+- `VITE_AUTH0_SCOPE=openid profile email events:read events:write`
+- `VITE_API_BASE_URL=https://localhost:7295`
+- `VITE_FILES_API_BASE_URL=https://localhost:7296`
 
 ## Running Required Infrastructure
 
 Start PostgreSQL using the repository Docker definitions:
 
 ```powershell
-docker compose -f docker-definitions\postgres-eventsdb\docker-compose.yml up -d
+docker compose -f ..\docker-definitions\postgres-eventsdb\docker-compose.yml up -d
 ```
 
-Start RabbitMQ if you want the API to use its real MassTransit transport:
+Start RabbitMQ:
 
 ```powershell
-docker run -d --name rabbitmq-erasmus-sta -p 5672:5672 -p 15672:15672 rabbitmq:4-management
+docker run -d --name rabbitmq-for-events -p 5672:5672 -p 15672:15672 rabbitmq:4-management
 ```
 
-The RabbitMQ management UI is usually available at:
+The RabbitMQ management UI is typically available at:
 
 ```text
 http://localhost:15672
 ```
 
-## Running The Web API
+## Running The APIs
+
+Restore and build the full solution:
 
 ```powershell
-dotnet restore Topic2\Topic2.sln
-dotnet build Topic2\Topic2.sln
-dotnet run --project Topic2\Events.WebAPI\Events.WebAPI.csproj
+dotnet restore Events-WebApi.slnx
+dotnet build Events-WebApi.slnx
 ```
 
-Once the API is running:
+Run `Events.WebAPI`:
 
-- open Swagger at `/docs`
-- test anonymous lookup endpoints
-- test secured endpoints with a valid bearer token if your Auth0 configuration is set
+```powershell
+dotnet run --project Events.WebAPI\Events.WebAPI.csproj
+```
+
+Run `Events.FilesAPI`:
+
+```powershell
+dotnet run --project Events.FilesAPI\Events.FilesAPI.csproj
+```
+
+Once the APIs are running:
+
+- open Swagger for `Events.WebAPI` at `/docs`
+- most `WebAPI` endpoints require a bearer token
+- `FilesAPI` download endpoints are also protected and require the `events:read` scope
 
 ## Running The Client App
 
-See [Events.ClientApp/README.md](Topic2/Events.ClientApp/README.md) for full details.
+See [Events.ClientApp/README.md](/C:/GitRepos/FPMOZ-PI/predavanja/Events-WebApi/Events.ClientApp/README.md:1) for more details.
 
 Typical local flow:
 
 ```powershell
-cd Topic2\Events.ClientApp
+cd Events.ClientApp
 npm install
 npm run dev
 ```
 
-The client expects:
+## Generated Files
 
-- `VITE_API_BASE_URL` pointing to the running API
-- Auth0 SPA settings if login is enabled
+`Events.FilesAPI` stores generated files in the directory configured by:
+
+- `Paths:OutputPath`
+
+According to the current `appsettings.json`, the default is:
+
+```text
+./Certificates
+```
 
 ## Troubleshooting
 
-- If the API fails at startup, verify `ConnectionStrings:EventDB`, RabbitMQ connectivity, and `Paths:Certificates`
-- If Swagger opens but secured requests fail, verify `Auth:Authority`, `Auth:Audience`, and the token scopes
-- If the client loads but cannot authenticate, verify the values in `.env.local`
-- If generated certificates or Excel exports are missing, verify that the output directory exists and is writable
+- If an API cannot connect to the database, first verify `ConnectionStrings:EventsPostgres`
+- If Swagger opens but secured requests return 401 or 403, verify `Auth:Authority`, `Auth:Audience`, and scope claims
+- If `ClientApp` cannot download files, verify `VITE_FILES_API_BASE_URL`
+- If PDF or XLSX files are not generated, verify `Paths:OutputPath` and filesystem permissions
+- If `dotnet build` reports locked DLLs, one of the API processes is probably still running in the background