Production deployment with Docker and full system fixes

- Added Docker support (Dockerfiles, docker-compose.yml)
- Fixed authentication and authorization (token storage, CORS, permissions)
- Fixed API response transformations for all modules
- Added production deployment scripts and guides
- Fixed frontend permission checks and module access
- Added database seeding script for production
- Complete documentation for deployment and configuration

Co-authored-by: Cursor <cursoragent@cursor.com>

DEPLOYMENT_GUIDE.md

@@ -0,0 +1,250 @@
+# Z.CRM Deployment Guide
+
+## Server Information
+- **IP**: 37.60.249.71
+- **SSH User**: root
+- **Domain**: zerp.atmata-group.com
+
+## Deployment Steps
+
+### Step 1: Connect to Server
+```bash
+ssh root@37.60.249.71
+```
+
+### Step 2: Install Prerequisites (if not already installed)
+```bash
+# Install Docker
+curl -fsSL https://get.docker.com -o get-docker.sh
+sh get-docker.sh
+systemctl enable docker
+systemctl start docker
+
+# Install Docker Compose
+curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+chmod +x /usr/local/bin/docker-compose
+```
+
+### Step 3: Create Application Directory
+```bash
+mkdir -p /opt/zerp
+cd /opt/zerp
+```
+
+### Step 4: Upload Project Files
+From your LOCAL machine, run:
+```bash
+# Navigate to project directory
+cd /Users/talalsharabi/z_crm
+
+# Copy files to server (exclude node_modules and build artifacts)
+rsync -avz --exclude 'node_modules' \
+  --exclude '.git' \
+  --exclude 'frontend/.next' \
+  --exclude 'backend/dist' \
+  --exclude 'backend/node_modules' \
+  --exclude 'frontend/node_modules' \
+  ./ root@37.60.249.71:/opt/zerp/
+```
+
+### Step 5: Create Production Environment File
+On the SERVER, create `/opt/zerp/.env`:
+```bash
+cat > /opt/zerp/.env << 'EOF'
+# PostgreSQL
+POSTGRES_PASSWORD=YourSecurePassword123!
+
+# Backend JWT - CHANGE THIS!
+JWT_SECRET=your-super-secure-jwt-secret-change-this-now-2024-$(openssl rand -hex 32)
+
+# Domain
+DOMAIN=zerp.atmata-group.com
+EOF
+```
+
+### Step 6: Build and Start Services
+```bash
+cd /opt/zerp
+
+# Build and start all services
+docker-compose up -d --build
+
+# Check logs
+docker-compose logs -f
+```
+
+### Step 7: Run Database Migrations
+```bash
+# The migrations run automatically on backend startup
+# But you can also run them manually:
+docker-compose exec backend npx prisma migrate deploy
+
+# Seed initial data (optional)
+docker-compose exec backend npx prisma db seed
+```
+
+### Step 8: Configure Nginx Proxy Manager
+
+Access your Nginx Proxy Manager and add a new Proxy Host:
+
+**Details Tab:**
+- Domain Names: `zerp.atmata-group.com`
+- Scheme: `http`
+- Forward Hostname/IP: `localhost` (or your server IP)
+- Forward Port: `3000`
+- Cache Assets: ✓ (enabled)
+- Block Common Exploits: ✓ (enabled)
+- Websockets Support: ✓ (enabled)
+
+**SSL Tab:**
+- SSL Certificate: Request a new SSL certificate (Let's Encrypt)
+- Force SSL: ✓ (enabled)
+- HTTP/2 Support: ✓ (enabled)
+- HSTS Enabled: ✓ (enabled)
+
+**Advanced Tab (optional):**
+```nginx
+# API Proxy Configuration
+location /api {
+    proxy_pass http://localhost:5001;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header Host $host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+```
+
+## Port Configuration
+
+The application uses the following ports:
+
+| Service    | Internal Port | Exposed Port | Description |
+|------------|---------------|--------------|-------------|
+| Frontend   | 3000          | 3000         | Next.js frontend application |
+| Backend    | 5001          | 5001         | Express backend API |
+| PostgreSQL | 5432          | 5432         | Database server |
+
+**For Nginx Proxy Manager:**
+- Point your domain `zerp.atmata-group.com` to port **3000** (Frontend)
+- The frontend will automatically proxy API requests to the backend on port 5001
+
+## Useful Commands
+
+### View Logs
+```bash
+# All services
+docker-compose logs -f
+
+# Specific service
+docker-compose logs -f frontend
+docker-compose logs -f backend
+docker-compose logs -f postgres
+```
+
+### Restart Services
+```bash
+# Restart all
+docker-compose restart
+
+# Restart specific service
+docker-compose restart backend
+```
+
+### Stop Services
+```bash
+docker-compose down
+```
+
+### Update Application
+```bash
+# From local machine, upload new files
+rsync -avz --exclude 'node_modules' --exclude '.git' \
+  ./ root@37.60.249.71:/opt/zerp/
+
+# On server, rebuild and restart
+cd /opt/zerp
+docker-compose down
+docker-compose up -d --build
+```
+
+### Database Backup
+```bash
+# Backup database
+docker-compose exec postgres pg_dump -U postgres mind14_crm > backup_$(date +%Y%m%d).sql
+
+# Restore database
+docker-compose exec -T postgres psql -U postgres mind14_crm < backup_20240101.sql
+```
+
+### Access Database
+```bash
+docker-compose exec postgres psql -U postgres mind14_crm
+```
+
+## Monitoring
+
+### Check Service Status
+```bash
+docker-compose ps
+```
+
+### Check Resource Usage
+```bash
+docker stats
+```
+
+### Check Disk Space
+```bash
+df -h
+docker system df
+```
+
+## Troubleshooting
+
+### Frontend Can't Connect to Backend
+1. Check backend logs: `docker-compose logs backend`
+2. Verify CORS configuration in backend
+3. Check frontend environment variable `NEXT_PUBLIC_API_URL`
+
+### Database Connection Issues
+1. Check postgres logs: `docker-compose logs postgres`
+2. Verify DATABASE_URL in backend container
+3. Ensure postgres is healthy: `docker-compose ps`
+
+### Port Already in Use
+```bash
+# Find process using port
+netstat -tulpn | grep :3000
+
+# Kill process
+kill -9 <PID>
+```
+
+### Reset Everything
+```bash
+cd /opt/zerp
+docker-compose down -v
+docker-compose up -d --build
+```
+
+## Security Recommendations
+
+1. **Change default passwords** in `.env` file
+2. **Configure firewall** to only allow ports 80, 443, and 22
+   ```bash
+   ufw allow 22/tcp
+   ufw allow 80/tcp
+   ufw allow 443/tcp
+   ufw enable
+   ```
+3. **Enable automatic updates**
+4. **Regular backups** of database and uploads
+5. **Monitor logs** for suspicious activity
+
+## Support
+
+For issues or questions, refer to the project documentation or contact support.