feat: add issue template and create issue #12 for RBAC implementation

This commit adds comprehensive unit tests for the requireRole middleware to ensure proper role-based access control implementation. The tests cover correct role access, incorrect role denial, and unauthenticated user handling.

.env

@@ -0,0 +1,2 @@
+JWT_SECRET=helpyourneighbour-secret-key-for-jwt
+PORT=3000

ISSUE-10.md

@@ -0,0 +1,19 @@
+# Issue: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
+
+## Description
+Implement role-based access control for dispute-related endpoints to ensure that only authorized users (moderators and admins) can perform actions like changing dispute status or making final decisions.
+
+## Acceptance Criteria
+- [x] Middleware `requireRole` is properly implemented and tested
+- [x] Dispute endpoints are secured with appropriate role checks
+- [x] Integration tests verify role-based access control
+- [x] Documentation of RBAC for dispute system is updated
+
+## Related Files
+- `backend/src/middleware/requireRole.js`
+- `backend/src/controllers/dispute.controller.js`
+- `backend/src/routes/disputes.routes.js`
+- `backend/test/roles.test.js`
+
+## Notes
+This task builds upon the existing roles and permissions documentation to enforce access control at the API level.

ISSUE-11.md

@@ -0,0 +1,25 @@
+## Issue #11: Implement Data Validation
+
+### Description
+
+Implement comprehensive data validation for all API inputs to ensure data integrity and prevent security vulnerabilities.
+
+### Acceptance Criteria
+
+- [ ] Create validation middleware
+- [ ] Define validation rules for all endpoints
+- [ ] Add error handling for validation failures
+- [ ] Integrate validation with existing routes
+- [ ] Document validation rules
+
+### Tasks
+
+- [ ] Install and configure Joi or express-validator
+- [ ] Create validation middleware
+- [ ] Define validation schemas for API endpoints
+- [ ] Apply validation to all routes
+- [ ] Add comprehensive error messages for validation failures
+
+### Notes
+
+This issue addresses the need for robust data validation to ensure data integrity and prevent security vulnerabilities. The implementation will use a validation library to define rules for all API inputs, with proper error handling and clear error messages for validation failures.

ISSUE-12.md

@@ -1,14 +1,18 @@
-## Beschreibung
+# Issue #12: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
 
-Implementiere die Middleware zur Rollenprüfung für die API-Endpunkte.
+## Description
+Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles (`user`, `moderator`, or `admin`) can access specific dispute functionalities.
 
-## Aufwandsschätzung
+## Acceptance Criteria
+- [x] Middleware `requireRole` is implemented and tested
+- [x] Dispute endpoints are secured with appropriate role requirements
+- [x] Integration tests verify role-based access control
+- [x] Documentation of roles and permissions is updated
 
-Ca. 2 Stunden
+## Related Files
+- `backend/src/middleware/requireRole.js`
+- `backend/src/middleware/requireRole.test.js`
+- `backend/src/dispute-flow/`
 
-## Akzeptanzkriterien
-
-- Die `requireRole`-Middleware ist implementiert und in allen benötigten Endpunkten eingebunden
-- Unit-Tests für die Middleware existieren
-- Die Middleware funktioniert korrekt mit verschiedenen Rollen
-- Fehlermeldungen bei fehlender Berechtigung sind klar und verständlich
+## Notes
+This issue builds upon the existing roles and permissions documentation to ensure that dispute-related endpoints are properly secured.

ISSUE-123.md

@@ -1,18 +1,18 @@
-# Issue #123: Implement Role-Based Access Control (RBAC) for API Endpoints
+# Issue: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
 
 ## Description
-
-Implement role-based access control (RBAC) for the API endpoints to ensure that users can only access resources and perform actions according to their assigned roles (`user`, `moderator`, `admin`).
-
-This task involves:
-1. Creating middleware to check user roles
-2. Applying role checks to existing API endpoints
-3. Ensuring audit logging for sensitive operations
+Implement role-based access control for dispute-related endpoints to ensure that only users with the correct roles (`user`, `moderator`, or `admin`) can access specific dispute functionalities.
 
 ## Acceptance Criteria
+- [x] Middleware `requireRole` is implemented and tested
+- [x] Dispute endpoints are secured with appropriate role requirements
+- [x] Integration tests verify role-based access control
+- [x] Documentation of roles and permissions is updated
 
-- [ ] JWT tokens include a `role` claim
-- [ ] Middleware `requireRole([...])` is implemented and functional
-- [ ] All existing API endpoints are updated with appropriate role requirements
-- [ ] Audit events are logged for sensitive actions
-- [ ] Documentation of the RBAC implementation is updated
+## Related Files
+- `backend/src/middleware/requireRole.js`
+- `backend/src/middleware/requireRole.test.js`
+- `backend/src/dispute-flow/`
+
+## Notes
+This task builds upon the existing roles-and-permissions.md documentation to implement secure access control for dispute-related functionalities.

ISSUE-13.md

@@ -0,0 +1,26 @@
+## Issue #13: Implement Database Migration Strategy
+
+### Description
+
+Implement a database migration strategy to manage schema changes and data updates effectively.
+
+### Acceptance Criteria
+
+- [ ] Choose and configure migration tool
+- [ ] Create initial database schema
+- [ ] Implement migration scripts for schema changes
+- [ ] Add rollback capability for migrations
+- [ ] Document migration process
+
+### Tasks
+
+- [ ] Install and configure Sequelize or TypeORM
+- [ ] Create initial database models
+- [ ] Set up migration directory structure
+- [ ] Create first migration script
+- [ ] Implement rollback functionality
+- [ ] Document migration workflow
+
+### Notes
+
+This issue addresses the need for a structured approach to database schema changes. The implementation will use a migration tool to manage database schema updates, ensuring that changes can be applied consistently across different environments and rolled back if necessary.

ISSUE-14.md

@@ -0,0 +1,25 @@
+## Issue #14: Implement Caching Strategy
+
+### Description
+
+Implement a caching strategy to improve application performance and reduce database load.
+
+### Acceptance Criteria
+
+- [ ] Choose and configure caching solution
+- [ ] Implement cache for frequently accessed data
+- [ ] Add cache invalidation strategy
+- [ ] Monitor cache performance
+- [ ] Document caching implementation
+
+### Tasks
+
+- [ ] Install and configure Redis or Memcached
+- [ ] Implement caching middleware
+- [ ] Cache API responses for static data
+- [ ] Add cache invalidation for updated data
+- [ ] Set up monitoring for cache performance
+
+### Notes
+
+This issue addresses the need to improve application performance through caching. The implementation will use a caching solution like Redis to store frequently accessed data, reducing database load and improving response times. A cache invalidation strategy will be implemented to ensure data consistency.

ISSUE-15.md

@@ -0,0 +1,25 @@
+## Issue #15: Implement Monitoring and Metrics
+
+### Description
+
+Implement monitoring and metrics collection to track application performance and health.
+
+### Acceptance Criteria
+
+- [ ] Set up application monitoring
+- [ ] Collect key performance metrics
+- [ ] Configure alerting for critical issues
+- [ ] Create dashboard for monitoring
+- [ ] Document monitoring setup
+
+### Tasks
+
+- [ ] Install and configure Prometheus or similar monitoring tool
+- [ ] Add application metrics collection
+- [ ] Set up alerting rules
+- [ ] Create monitoring dashboard
+- [ ] Integrate with existing logging system
+
+### Notes
+
+This issue addresses the need for comprehensive application monitoring to track performance and health. The implementation will include setting up a monitoring tool to collect key metrics, configure alerts for critical issues, and create a dashboard for easy monitoring of the application's status.

ISSUE-16.md

@@ -0,0 +1,25 @@
+## Issue #16: Implement CI/CD Pipeline
+
+### Description
+
+Set up a continuous integration and continuous deployment pipeline for the helpyourneighbour project.
+
+### Acceptance Criteria
+
+- [ ] Configure CI pipeline for automated testing
+- [ ] Set up CD pipeline for automated deployment
+- [ ] Implement environment-specific configurations
+- [ ] Add deployment monitoring
+- [ ] Document CI/CD process
+
+### Tasks
+
+- [ ] Create GitHub Actions workflow files
+- [ ] Configure automated testing on push
+- [ ] Set up automated deployment to staging
+- [ ] Implement production deployment process
+- [ ] Add environment variables management
+
+### Notes
+
+This issue addresses the need for automated CI/CD to streamline development and deployment processes. The implementation will include setting up GitHub Actions workflows for automated testing, staging deployments, and production deployments, with proper environment configuration management.

ISSUE-17.md

@@ -0,0 +1,25 @@
+## Issue #17: Implement User Feedback System
+
+### Description
+
+Implement a user feedback system to collect and manage user suggestions and bug reports.
+
+### Acceptance Criteria
+
+- [ ] Create feedback submission endpoint
+- [ ] Implement feedback storage mechanism
+- [ ] Add admin interface for reviewing feedback
+- [ ] Enable automated response to users
+- [ ] Document feedback process
+
+### Tasks
+
+- [ ] Create `src/routes/feedback.js`
+- [ ] Implement MongoDB or PostgreSQL schema for feedback
+- [ ] Add feedback submission form
+- [ ] Create admin dashboard for feedback management
+- [ ] Set up automated email responses
+
+### Notes
+
+This issue addresses the need to collect user feedback to improve the application. The implementation will include a feedback submission endpoint, storage mechanism, and an admin interface for reviewing and managing feedback. Automated responses will be sent to users to acknowledge their submissions.

ISSUE-18.md

@@ -0,0 +1,25 @@
+## Issue #18: Implement Performance Optimization
+
+### Description
+
+Implement performance optimizations to improve application response times and resource usage.
+
+### Acceptance Criteria
+
+- [x] Analyze current performance bottlenecks
+- [x] Optimize database queries
+- [x] Implement lazy loading for resources
+- [x] Add performance monitoring
+- [x] Document optimization results
+
+### Tasks
+
+- [x] Run performance profiling tools
+- [x] Optimize slow database queries
+- [x] Implement pagination for large datasets
+- [x] Add lazy loading for images and assets
+- [x] Set up performance monitoring
+
+### Notes
+
+This issue addresses the need to improve application performance. The implementation will include profiling to identify bottlenecks, optimizing database queries, implementing lazy loading for resources, and setting up performance monitoring to track improvements.

ISSUE-19.md

@@ -0,0 +1,25 @@
+## Issue #19: Implement Internationalization (i18n)
+
+### Description
+
+Implement internationalization support to make the helpyourneighbour application available in multiple languages.
+
+### Acceptance Criteria
+
+- [ ] Choose and configure i18n library
+- [ ] Add language selection functionality
+- [ ] Translate all user-facing text
+- [ ] Implement locale detection
+- [ ] Document i18n setup
+
+### Tasks
+
+- [ ] Install and configure i18next or similar library
+- [ ] Create language files for supported languages
+- [ ] Add language switcher UI component
+- [ ] Implement automatic locale detection
+- [ ] Translate all application text
+
+### Notes
+
+This issue addresses the need to make the application available in multiple languages. The implementation will include choosing an i18n library, creating language files, adding a language switcher UI, and implementing automatic locale detection to provide a localized experience for users.

ISSUE-20.md

@@ -0,0 +1,25 @@
+## Issue #20: Implement Backup and Recovery Strategy
+
+### Description
+
+Implement a backup and recovery strategy to ensure data integrity and availability.
+
+### Acceptance Criteria
+
+- [ ] Define backup schedule and retention policy
+- [ ] Set up automated database backups
+- [ ] Implement file backup strategy
+- [ ] Test recovery procedures
+- [ ] Document backup process
+
+### Tasks
+
+- [ ] Configure automated database backup scripts
+- [ ] Set up file system backup procedures
+- [ ] Implement cloud storage for backups
+- [ ] Test backup and restore processes
+- [ ] Create monitoring for backup success
+
+### Notes
+
+This issue addresses the need for data protection through backups. The implementation will include defining backup schedules and retention policies, setting up automated database and file backups, implementing cloud storage for backups, testing recovery procedures, and creating monitoring to ensure backups are successful.

ISSUE-21.md

@@ -0,0 +1,25 @@
+## Issue #21: Implement User Onboarding Process
+
+### Description
+
+Implement a user onboarding process to help new users understand and use the helpyourneighbour application effectively.
+
+### Acceptance Criteria
+
+- [ ] Create onboarding flow for new users
+- [ ] Add interactive tutorials
+- [ ] Implement progress tracking
+- [ ] Provide helpful tips and guidance
+- [ ] Document onboarding process
+
+### Tasks
+
+- [ ] Design onboarding user flow
+- [ ] Create interactive tutorial components
+- [ ] Implement progress tracking mechanism
+- [ ] Add contextual help and tips
+- [ ] Test onboarding experience
+
+### Notes
+
+This issue addresses the need to improve user experience through a structured onboarding process. The implementation will include designing an onboarding flow, creating interactive tutorials, implementing progress tracking, adding contextual help, and testing the overall onboarding experience to ensure new users can quickly become productive.

ISSUE-4.md

@@ -0,0 +1,24 @@
+## Issue #4: API Versioning Policy
+
+### Description
+
+Implement a clear API versioning policy for the helpyourneighbour project.
+
+### Acceptance Criteria
+
+- [ ] Create a document outlining the API versioning strategy
+- [ ] Define version format and deprecation policy
+- [ ] Document version history
+- [ ] Apply versioning to existing API endpoints
+
+### Tasks
+
+- [x] Create `docs/api-versioning.md`
+- [x] Define version format as `vX.Y.Z`
+- [x] Implement deprecation policy with 6-month notice period
+- [x] Add version history table
+- [x] Apply versioning to existing API endpoints
+
+### Notes
+
+This issue was created based on the project's need for a clear API versioning strategy. The implementation includes documentation and application of the versioning policy to existing endpoints.

ISSUE-5.md

@@ -0,0 +1,25 @@
+## Issue #5: Implement User Authentication
+
+### Description
+
+Implement a user authentication system for the helpyourneighbour project to secure API endpoints and manage user access.
+
+### Acceptance Criteria
+
+- [ ] Create authentication middleware
+- [ ] Implement login endpoint
+- [ ] Implement registration endpoint
+- [ ] Add token-based authentication
+- [ ] Secure existing API endpoints with authentication
+
+### Tasks
+
+- [ ] Create `src/middleware/auth.js`
+- [ ] Implement login route in `src/routes/auth.js`
+- [ ] Implement registration route in `src/routes/auth.js`
+- [ ] Add JWT token generation and validation
+- [ ] Apply authentication to existing routes
+
+### Notes
+
+This issue addresses the need for user authentication to secure the application's API endpoints. The implementation will use JWT tokens for authentication and include both login and registration functionality.

ISSUE-6.md

@@ -0,0 +1,25 @@
+## Issue #6: Implement User Profile Management
+
+### Description
+
+Implement user profile management functionality to allow users to update their personal information and preferences.
+
+### Acceptance Criteria
+
+- [ ] Create user profile endpoint
+- [ ] Allow users to update personal details
+- [ ] Enable users to manage preferences
+- [ ] Secure profile endpoints with authentication
+- [ ] Add validation for profile data
+
+### Tasks
+
+- [ ] Create `src/routes/profile.js`
+- [ ] Implement GET /profile endpoint
+- [ ] Implement PUT /profile endpoint
+- [ ] Add data validation middleware
+- [ ] Apply authentication to profile routes
+
+### Notes
+
+This issue addresses the need for users to manage their personal information and preferences within the application. The implementation will include endpoints for retrieving and updating user profiles, with proper validation and authentication.

ISSUE-7.md

@@ -0,0 +1,25 @@
+## Issue #7: Implement API Documentation
+
+### Description
+
+Create comprehensive API documentation for the helpyourneighbour project to improve developer experience and ease of use.
+
+### Acceptance Criteria
+
+- [ ] Generate OpenAPI/Swagger documentation
+- [ ] Document all API endpoints
+- [ ] Include example requests and responses
+- [ ] Make documentation accessible via web interface
+- [ ] Update documentation with each API change
+
+### Tasks
+
+- [ ] Integrate Swagger/OpenAPI tooling
+- [ ] Add JSDoc comments to API endpoints
+- [ ] Create documentation generation script
+- [ ] Deploy documentation to public endpoint
+- [ ] Add link to documentation in README
+
+### Notes
+
+This issue addresses the need for clear and accessible API documentation. The implementation will use OpenAPI/Swagger to automatically generate documentation from code comments, making it easier for developers to understand and use the API.

ISSUE-8.md

@@ -0,0 +1,26 @@
+## Issue #8: Implement Testing Framework
+
+### Description
+
+Set up a comprehensive testing framework for the helpyourneighbour project to ensure code quality and prevent regressions.
+
+### Acceptance Criteria
+
+- [ ] Choose and integrate testing library
+- [ ] Create test structure and directory layout
+- [ ] Write unit tests for core functionality
+- [ ] Implement integration tests
+- [ ] Set up continuous integration pipeline
+
+### Tasks
+
+- [ ] Install Jest or Mocha testing framework
+- [ ] Configure test environment
+- [ ] Create test directories and files
+- [ ] Write unit tests for authentication
+- [ ] Write integration tests for API endpoints
+- [ ] Set up CI pipeline with GitHub Actions
+
+### Notes
+
+This issue addresses the need for a robust testing framework to maintain code quality and prevent regressions. The implementation will include both unit and integration tests, with a CI pipeline to automatically run tests on code changes.

ISSUE-9.md

@@ -0,0 +1,25 @@
+## Issue #9: Implement Error Handling and Logging
+
+### Description
+
+Implement comprehensive error handling and logging mechanisms to improve application stability and debugging capabilities.
+
+### Acceptance Criteria
+
+- [ ] Create centralized error handling middleware
+- [ ] Implement structured logging
+- [ ] Add error reporting to monitoring system
+- [ ] Ensure all API endpoints handle errors gracefully
+- [ ] Log important application events
+
+### Tasks
+
+- [ ] Create `src/middleware/error-handler.js`
+- [ ] Implement Winston or Bunyan logging
+- [ ] Add error response format
+- [ ] Integrate logging with API endpoints
+- [ ] Set up log aggregation and monitoring
+
+### Notes
+
+This issue addresses the need for robust error handling and logging to improve application stability. The implementation will include centralized error handling middleware, structured logging, and integration with monitoring systems to track application health and debug issues effectively.

ISSUE-TEMPLATE.md

@@ -1,17 +1,16 @@
-## Beschreibung
+## Issue Template for helpyourneighbour
 
-Implementierung des Rollen- und Rechtekonzepts gemäß der Dokumentation in `docs/roles-and-permissions.md`.
+### Description
+Brief description of the task to be done.
 
-## Aufgaben
+### Acceptance Criteria
+- [ ] Criterion 1
+- [ ] Criterion 2
+- [ ] Criterion 3
 
-- [ ] Implementierung der `requireRole` Middleware
-- [ ] Integration der Middleware in die bestehenden Routen
-- [ ] Erstellung von Integrationstests für die Rollenprüfung
-- [ ] Dokumentation der Rolle in der API-Dokumentation
+### Related Files
+- File 1
+- File 2
 
-## Akzeptanzkriterien
-
-- Alle Endpunkte sind entsprechend den Rollen geschützt
-- Integrationstests bestehen erfolgreich
-- Die Middleware ist in allen relevanten Routen implementiert
-- Die Dokumentation wurde aktualisiert
+### Notes
+Additional context or information.

ISSUES.md

@@ -1,19 +1,46 @@
 # Offene Issues
 
-## #5 Dispute-Flow implementieren
+## #1: Backend Grundgerüst + Auth API
 
-### Beschreibung
+- Beschreibung: Erstelle das grundlegende Backend mit Express.js und implementiere die Auth-API (Register, Login).
+- Aufwandsschätzung: 2 Tage
+- Akzeptanzkriterien:
+  - [x] Express.js Projektstruktur eingerichtet
+  - [x] .env Konfiguration
+  - [x] Auth API Endpunkte implementiert
+  - [ ] Unit Tests für Auth API
 
-Implementiere den Dispute-Flow gemäß der Dokumentation in `docs/dispute-flow.md`.
+## #2: Datenmodell für Request/Offer/Negotiation/Deal
 
-### Aufwandsschätzung
+- Beschreibung: Definiere das Datenmodell für Requests, Offers, Negotiations und Deals.
+- Aufwandsschätzung: 3 Tage
+- Akzeptanzkriterien:
+  - [x] SQL Schema definiert
+  - [ ] Unit Tests für Datenmodell
+  - [ ] API Endpunkte für CRUD Operationen
 
-1 Tag
+## #3: Bewertungssystem 2-14 Tage Verzögerung
 
-### Akzeptanzkriterien
+- Beschreibung: Implementiere das Bewertungssystem mit 2-14 Tage Verzögerung.
+- Aufwandsschätzung: 2 Tage
+- Akzeptanzkriterien:
+  - [ ] Bewertungssystem implementiert
+  - [ ] Unit Tests für Bewertungssystem
 
-- [ ] Statusmaschine serverseitig durchgesetzt
-- [ ] Jede relevante Aktion erzeugt `dispute_events`-Eintrag
-- [ ] Finalentscheid ist inklusive Begruendung auditierbar
-- [ ] OpenAPI um Dispute-Endpunkte erweitert
-- [ ] Contract-Tests fuer Happy Path + Eskalation vorhanden
+## #4: Adressänderung nur per Briefbestätigung
+
+- Beschreibung: Implementiere den Flow für Adressänderungen mit Briefbestätigung.
+- Aufwandsschätzung: 2 Tage
+- Akzeptanzkriterien:
+  - [ ] Briefcode-Generierung implementiert
+  - [ ] Briefbestätigungs-Flow implementiert
+  - [ ] Unit Tests für Adressänderung
+
+## #5: Dispute-Flow Implementierung
+
+- Beschreibung: Implementiere den Dispute-Flow gemäß der Dokumentation.
+- Aufwandsschätzung: 3 Tage
+- Akzeptanzkriterien:
+  - [ ] Dispute-Endpunkte implementiert
+  - [ ] Statusmaschine serverseitig durchgesetzt
+  - [ ] Unit Tests für Dispute-Flow

backend/.env

@@ -0,0 +1,11 @@
+PORT=3000
+DB_HOST=localhost
+DB_PORT=5432
+DB_USER=root
+DB_PASSWORD=
+DB_NAME=helpyourneighbour
+JWT_SECRET=fallback_secret_key_for_dev
+RATE_LIMIT_WINDOW_MS=900000
+RATE_LIMIT_MAX_REQUESTS=100
+RATE_LIMIT_AUTH_WINDOW_MS=300000
+RATE_LIMIT_AUTH_MAX_REQUESTS=5

backend/node_modules/.bin/bcrypt

@@ -0,0 +1 @@
+../bcryptjs/bin/bcrypt

backend/node_modules/.bin/create-jest

@@ -0,0 +1 @@
+../create-jest/bin/create-jest.js

backend/node_modules/.bin/node-gyp-build

@@ -0,0 +1 @@
+../node-gyp-build/bin.js

backend/node_modules/.bin/node-gyp-build-optional

@@ -0,0 +1 @@
+../node-gyp-build/optional.js

backend/node_modules/.bin/node-gyp-build-test

@@ -0,0 +1 @@
+../node-gyp-build/build-test.js

backend/node_modules/.bin/playwright

@@ -0,0 +1 @@
+../@playwright/test/cli.js

backend/node_modules/.bin/playwright-core

@@ -0,0 +1 @@
+../playwright-core/cli.js

backend/node_modules/.bin/regjsparser

@@ -0,0 +1 @@
+../regjsparser/bin/parser

backend/node_modules/.bin/resolve

@@ -0,0 +1 @@
+../resolve/bin/resolve