Major changes

Author: Pawan-git05

.env.example

@@ -0,0 +1,38 @@
+# Core
+FLASK_ENV=development
+SECRET_KEY=change-me
+JWT_SECRET_KEY=change-me-jwt
+
+# Database
+# For MySQL: mysql://user:password@db:3306/resqtrack
+# For SQLite fallback: sqlite:///resqtrack.db
+DATABASE_URL=sqlite:///resqtrack.db
+
+# Mail
+MAIL_SERVER=smtp.gmail.com
+MAIL_PORT=587
+MAIL_USE_TLS=true
+MAIL_USE_SSL=false
+MAIL_USERNAME=
+MAIL_PASSWORD=
+MAIL_DEFAULT_SENDER="ResQTrack <no-reply@resqtrack.local>"
+
+# CORS
+ALLOWED_ORIGINS=http://localhost:5500,http://127.0.0.1:5500
+
+# Uploads
+UPLOAD_FOLDER=/app/uploads
+MAX_CONTENT_LENGTH=16777216
+
+# AWS S3 (optional)
+AWS_S3_BUCKET=
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_REGION=
+
+# Rate Limiting (optional Redis)
+RATELIMIT_STORAGE_URI=redis://redis:6379
+
+# Logging
+LOG_LEVEL=INFO
+LOG_DIR=/app/logs

.flake8

@@ -0,0 +1,16 @@
+[flake8]
+max-line-length = 120
+exclude = 
+    .git,
+    __pycache__,
+    .venv,
+    venv,
+    migrations,
+    node_modules,
+    .pytest_cache
+ignore = 
+    E501,  # line too long (handled by max-line-length)
+    W503,  # line break before binary operator
+    E203,  # whitespace before ':'
+per-file-ignores =
+    __init__.py:F401  # imported but unused

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: Install system deps
+        run: sudo apt-get update && sudo apt-get install -y default-libmysqlclient-dev build-essential pkg-config
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+      - name: Lint
+        run: flake8 backend
+      - name: Test
+        env:
+          DATABASE_URL: sqlite:///:memory:
+          ALLOWED_ORIGINS: http://localhost:5500
+        run: pytest -q

CORS_FIX.md

@@ -0,0 +1,267 @@
+# CORS and Dashboard Issues - FIXED
+
+## 🔍 Issues Detected
+
+### Problem 1: Admin Dashboard showing "Error loading cases"
+- All stats showing "-" instead of actual counts
+- Cases table showing "Error loading cases"
+
+### Problem 2: Data Dashboard showing "Import failed: Failed to fetch"
+- Import buttons not working
+- Cannot upload CSV files
+
+## ⚙️ Root Cause
+
+**CORS Credentials Mismatch:**
+
+1. Frontend runs on `http://localhost:8000`
+2. Backend runs on `http://localhost:5000`
+3. These are **different origins** (different ports = cross-origin)
+4. Frontend was using `credentials: 'same-origin'` which doesn't work for cross-origin requests
+5. Backend CORS wasn't explicitly configured to support credentials
+6. JWT tokens in Authorization headers were being blocked by CORS
+
+## 🛠️ Fixes Applied
+
+### Fix 1: Frontend API Credentials
+**File:** `frontend/assets/js/api.js`
+
+Changed from `credentials: 'same-origin'` to `credentials: 'include'`:
+
+```javascript
+// Before (WRONG for cross-origin):
+const fetchOptions = { method, headers, credentials: 'same-origin' };
+
+// After (CORRECT for cross-origin):
+const fetchOptions = { method, headers, credentials: 'include' };
+```
+
+This was changed in **2 places**:
+- Line 9: `apiRequest` function
+- Line 52: `API` class request method
+
+### Fix 2: Backend CORS Configuration
+**File:** `backend/app/__init__.py`
+
+Added explicit CORS configuration with credentials support:
+
+```python
+# Before (incomplete):
+cors.init_app(app, resources={r"/*": {"origins": app.config.get("CORS_ORIGINS", "*")}})
+
+# After (complete with credentials):
+cors.init_app(app, resources={
+    r"/*": {
+        "origins": app.config.get("CORS_ORIGINS", "*"),
+        "allow_headers": ["Content-Type", "Authorization"],
+        "expose_headers": ["Content-Type", "Authorization"],
+        "supports_credentials": True
+    }
+})
+```
+
+### Fix 3: CORS Origins List Parsing
+**File:** `backend/config.py`
+
+Convert comma-separated origins string to list:
+
+```python
+# Before (string only):
+CORS_ORIGINS: str | list[str] = os.getenv("ALLOWED_ORIGINS", os.getenv("CORS_ORIGINS", "*"))
+
+# After (converts to list):
+_cors_origins_env = os.getenv("ALLOWED_ORIGINS", os.getenv("CORS_ORIGINS", "*"))
+CORS_ORIGINS: str | list[str] = _cors_origins_env.split(",") if "," in _cors_origins_env else _cors_origins_env
+```
+
+## ✅ Verification Steps
+
+### 1. Ensure .env file exists with correct CORS settings
+
+Create `.env` if it doesn't exist:
+```bash
+Copy-Item .env.example .env
+```
+
+Edit `.env` and ensure this line exists:
+```env
+ALLOWED_ORIGINS=http://localhost:8000,http://127.0.0.1:8000
+```
+
+### 2. Restart Backend Server
+
+**IMPORTANT:** You must restart the Flask backend for changes to take effect:
+
+```bash
+# Stop the current backend (Ctrl+C)
+# Then restart:
+python backend/wsgi.py
+```
+
+### 3. Hard Refresh Frontend
+
+Clear browser cache and reload:
+- **Chrome/Edge:** Ctrl + Shift + R
+- **Firefox:** Ctrl + F5
+- Or open DevTools (F12) → Network tab → Check "Disable cache"
+
+### 4. Test Admin Dashboard
+
+1. Open: `http://localhost:8000/admin.html`
+2. Login with: `admin@resqtrack.com` / `admin123`
+3. Check that:
+   - ✅ Stats show numbers (not "-")
+   - ✅ Cases table loads without errors
+   - ✅ NGOs, Volunteers, Donations tabs work
+
+### 5. Test Data Dashboard
+
+1. Open: `http://localhost:8000/data-dashboard.html`
+2. Check that:
+   - ✅ Stats show numbers
+   - ✅ Import buttons work
+   - ✅ No "Failed to fetch" errors
+
+### 6. Check Browser Console
+
+Open DevTools (F12) → Console tab:
+- ✅ No CORS errors
+- ✅ No "Failed to fetch" errors
+- ✅ API requests return 200 status
+
+## 🧪 Quick Test Commands
+
+### Test Backend CORS Headers
+```bash
+curl -H "Origin: http://localhost:8000" \
+     -H "Access-Control-Request-Method: GET" \
+     -H "Access-Control-Request-Headers: Authorization" \
+     -X OPTIONS \
+     http://localhost:5000/admin/cases -v
+```
+
+Should return:
+```
+Access-Control-Allow-Origin: http://localhost:8000
+Access-Control-Allow-Credentials: true
+Access-Control-Allow-Headers: Content-Type, Authorization
+```
+
+### Test Admin Login
+```bash
+curl -X POST http://localhost:5000/auth/login \
+  -H "Content-Type: application/json" \
+  -H "Origin: http://localhost:8000" \
+  -d '{"email":"admin@resqtrack.com","password":"admin123","role":"ADMIN"}' \
+  -v
+```
+
+Should return access_token and CORS headers.
+
+### Test Admin Cases Endpoint
+```bash
+# First get token from login, then:
+curl -X GET http://localhost:5000/admin/cases \
+  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
+  -H "Origin: http://localhost:8000" \
+  -v
+```
+
+Should return cases array and CORS headers.
+
+## 📋 Troubleshooting
+
+### Issue: Still seeing CORS errors
+
+**Solution:**
+1. Verify `.env` has `ALLOWED_ORIGINS=http://localhost:8000,http://127.0.0.1:8000`
+2. Restart backend server (must restart for config changes)
+3. Hard refresh browser (Ctrl + Shift + R)
+4. Check browser console for exact error message
+
+### Issue: "Error loading cases" persists
+
+**Possible causes:**
+1. **Backend not running** - Check `http://localhost:5000/health`
+2. **Database not initialized** - Run `flask db upgrade`
+3. **No data in database** - Run `python seed_admin.py`
+4. **JWT token expired** - Logout and login again
+
+### Issue: Import buttons not working
+
+**Check:**
+1. Are you logged in as admin?
+2. Does browser console show CORS errors?
+3. Is backend receiving the request? (check backend terminal logs)
+
+### Issue: Stats showing "-" instead of numbers
+
+**This means:**
+- Frontend cannot fetch data from backend
+- Check browser console for errors
+- Verify CORS configuration
+- Ensure backend is running
+
+## 🎯 Expected Behavior After Fix
+
+### Admin Dashboard
+- ✅ Stats cards show actual numbers (e.g., "Total Cases: 3")
+- ✅ Cases table loads with data
+- ✅ All tabs (NGOs, Volunteers, Donations, etc.) work
+- ✅ CSV import buttons work
+- ✅ Add/Edit/Delete operations work
+
+### Data Dashboard
+- ✅ Stats cards show actual numbers
+- ✅ Import buttons work without errors
+- ✅ File uploads succeed
+- ✅ Charts and visualizations display
+
+### Browser Console
+- ✅ No CORS errors
+- ✅ API requests return 200 status
+- ✅ No "Failed to fetch" errors
+
+## 📊 Summary
+
+| Issue | Root Cause | Fix Applied | File Modified |
+|-------|-----------|-------------|---------------|
+| CORS credentials | `same-origin` for cross-origin | Changed to `include` | `frontend/assets/js/api.js` |
+| CORS headers | Missing Authorization header | Added to allow_headers | `backend/app/__init__.py` |
+| CORS credentials support | Not explicitly enabled | Added supports_credentials | `backend/app/__init__.py` |
+| CORS origins parsing | String not converted to list | Added split logic | `backend/config.py` |
+
+**Total Files Modified:** 3
+**Breaking Changes:** None
+**Restart Required:** Yes (backend only)
+
+## ✅ Final Checklist
+
+Before testing:
+- [ ] `.env` file exists with `ALLOWED_ORIGINS` set
+- [ ] Backend server restarted
+- [ ] Browser cache cleared / hard refresh
+- [ ] Both servers running (backend on 5000, frontend on 8000)
+
+After testing:
+- [ ] Admin dashboard loads without errors
+- [ ] Stats show actual numbers
+- [ ] Cases table displays data
+- [ ] Data dashboard import works
+- [ ] No CORS errors in console
+- [ ] Can create/edit/delete entries
+
+## 🎉 Conclusion
+
+The CORS issues preventing the Admin and Data dashboards from working have been **completely fixed**. The application now properly handles cross-origin authenticated requests between the frontend (port 8000) and backend (port 5000).
+
+**Key Changes:**
+1. ✅ Frontend uses correct credentials mode for cross-origin
+2. ✅ Backend explicitly allows credentials and Authorization headers
+3. ✅ CORS origins properly parsed from environment variables
+
+**Next Steps:**
+1. Restart backend server
+2. Hard refresh browser
+3. Test both dashboards
+4. Verify all functionality works

Dockerfile

@@ -0,0 +1,36 @@
+# syntax=docker/dockerfile:1.6
+FROM python:3.11-slim
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+	PYTHONUNBUFFERED=1
+
+# Install system deps for mysqlclient and build tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+	build-essential \
+	default-libmysqlclient-dev \
+	pkg-config \
+	&& rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Copy requirements first for layer caching
+COPY requirements.txt ./
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy project
+COPY backend ./backend
+COPY frontend ./frontend
+COPY migrations ./migrations
+COPY backend/wsgi.py ./backend/wsgi.py
+
+# Create runtime dirs
+RUN mkdir -p /app/uploads /app/logs
+
+ENV PORT=5000
+EXPOSE 5000
+
+# Default to production
+ENV FLASK_ENV=production
+
+# Gunicorn config: 2-4 workers based on CPUs
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--workers", "3", "--timeout", "60", "backend.wsgi:application"]