firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
1,563 Commits 1 Branch 0 Tags
f170dbe02cc71cd64dfd5be97ee9c504b1f6fcdb
Commit Graph

5 Commits

Author SHA1 Message Date
Claude
a5658440ed feat: Add .env.template to Discord Bot Admin Panel guide - DEPLOYMENT PACKAGE COMPLETE 
ADDED: Complete .env.template file to Part 4 Step 2

.env.template Features:
- Clear section headers (Server Config, Discord Bot, OAuth2, Security)
- Detailed comments explaining each variable
- Example values showing format
- Instructions on where to find each value
- Security reminder: DO NOT commit .env to version control

Two-Option Approach:
- Option A (Recommended): Create .env.template first, then copy to .env
- Option B (Alternative): Create .env directly

Variables Included (11 total):
1. NODE_ENV (production/development)
2. PORT (internal port for Node app)
3. SESSION_SECRET (random string for cookie encryption)
4. DISCORD_TOKEN (bot token from Developer Portal)
5. GUILD_ID (Discord server ID)
6. DISCORD_CLIENT_ID (OAuth2 client ID)
7. DISCORD_CLIENT_SECRET (OAuth2 client secret)
8. CALLBACK_URL (OAuth2 redirect URL)
9. ALLOWED_ADMINS (Holly + Michael Discord user IDs)
10. AUDIT_CHANNEL_ID (#bot-audit-logs channel ID)

Security Notes:
- Template shows format without exposing secrets
- Actual .env must be chmod 600
- Actual .env owned by firefrost-bot user
- DO NOT commit .env to git

Template provided by: Gemini (Google AI) - March 23, 2026

STATUS: DEPLOYMENT PACKAGE 100% COMPLETE

All code files ready:
 bot.js (350+ lines)
 index.html (Fire/Frost branded)
 style.css (mobile-responsive)
 app.js (frontend logic)
 .env.template (complete)

All configuration ready:
 Systemd service file
 Nginx reverse proxy config
 Let's Encrypt SSL commands
 Environment variable template

All documentation ready:
 Complete deployment guide (2400+ lines)
 Step-by-step walkthrough
 Troubleshooting guide
 Holly's usage guide

READY FOR PRODUCTION DEPLOYMENT (March 24, 2026)

Chronicler #40
 2026-03-22 13:48:02 +00:00
Claude
1aa64f45d4 feat: Add complete production-ready bot.js to Discord Bot Admin Panel guide 
ADDED: Part 4 complete implementation (7 comprehensive steps)

Complete Backend Code (by Gemini/Google AI):
- 350+ lines of production-ready Node.js/Express/Discord.js code
- 8 logical sections for easy understanding and maintenance
- Fully integrated: OAuth2, validation, atomic saves, audit logs, webhooks

Step 1: Install Dependencies
- Listed all required npm packages with explanations
- express, express-session, passport, passport-discord
- write-file-atomic, dotenv, discord.js

Step 2: Create Environment Variables File
- Complete .env template with all required variables
- Detailed instructions for obtaining each value
- DISCORD_TOKEN, CLIENT_ID, CLIENT_SECRET, GUILD_ID
- CALLBACK_URL, SESSION_SECRET, ALLOWED_ADMINS
- AUDIT_CHANNEL_ID (new for audit logging)
- NODE_ENV, PORT

Step 3: Set Environment File Permissions
- Critical security step (chmod 600, chown firefrost-bot)
- Prevents unauthorized access to secrets

Step 4: Deploy Complete bot.js (THE BIG ONE)
- 8 sections with clear separation:
  1. Imports and Environment Setup
  2. Constants and In-Memory State
  3. Helper Functions (saveConfig, roleExists)
  4. Audit Log Generator (Fire/Frost dynamic colors)
  5. Passport & Middleware Setup
  6. Authentication & UI Routes
  7. API Routes (config, logs, save)
  8. Webhook Receiver & Initialization
- Product name dictionary (for audit log embeds)
- Circular buffer webhook logging (max 50 events)
- Discord OAuth2 with whitelist
- In-memory config with atomic disk writes
- Regex + Discord API validation
- Fire/Frost dynamic embed colors (#FF6B35 / #4ECDC4)

Step 5: Set File Permissions
- Ensure firefrost-bot user owns bot.js

Step 6: Create Discord Audit Log Channel
- Instructions for creating #bot-audit-logs
- Set to private (Michael, Holly, bot only)
- Copy channel ID for .env

Step 7: Restart Bot Service
- systemctl restart commands
- Expected log output for verification

Backend Features Documented:
- Security (dedicated user, OAuth2, whitelist, sessions)
- Config management (in-memory, atomic writes, backups)
- Validation (regex + Discord API verification)
- Audit logging (Discord embeds, Fire/Frost colors, user attribution)
- Webhook logging (circular buffer, accessible via API)

Dynamic Fire/Frost Logic:
- Fire products → #FF6B35 (Fire Orange) embeds
- Frost products → #4ECDC4 (Frost Blue) embeds
- Based on product name (isFrost = name.includes('Frost'))

Expected Log Output Examples:
- Bot startup: "Bot logged in as Firefrost Subscription Manager#1234"
- Express server: "Firefrost Command Center running on port 3100"

Security Highlights:
- Runs as firefrost-bot user (NOT root)
- .env file chmod 600 (secrets protected)
- Session cookies secure in production
- Whitelist authorization (only Holly + Michael)

Status: Backend code COMPLETE and ready to deploy
Architecture credit: Gemini (Google AI) - March 23, 2026

Chronicler #40
 2026-03-22 13:45:28 +00:00
Claude
9e81ba7b2e feat: Add complete deployment commands to Discord Bot Admin Panel guide 
UPDATED: Part 2 (Create Dedicated Bot User)
- Added complete systemd service configuration from Gemini
- Explained what each configuration option does
- After=network.target (wait for network)
- Restart=on-failure (auto-restart on crash)
- RestartSec=10 (10 second delay before restart)
- NODE_ENV=production (production mode)

UPDATED: Part 6 (Configure Nginx & SSL) - COMPLETE REWRITE
- 9 comprehensive steps with detailed explanations
- Step 1: Create Nginx config (proxy headers explained)
- Step 2: Enable site (symlink + test + reload)
- Step 3: Verify HTTP access (before SSL)
- Step 4: Install Certbot (if needed)
- Step 5: Obtain SSL certificate (detailed Certbot walkthrough)
- Step 6: Verify HTTPS access (test redirect)
- Step 7: Verify auto-renewal (90-day renewal timer)
- Step 8: View final Nginx config (Certbot modifications)
- Step 9: Security headers (optional hardening)

Key Additions:
- Explained ALL proxy headers (X-Real-IP, X-Forwarded-For, etc.)
- Step-by-step Certbot prompts (what to expect)
- Verification steps at each stage
- Auto-renewal testing (dry-run)
- Security headers with explanations
- Troubleshooting: Check logs, verify DNS, test bot status

What Certbot Does Automatically:
- Validates domain ownership
- Obtains SSL certificate
- Modifies Nginx config for HTTPS
- Adds HTTP → HTTPS redirect
- Sets up auto-renewal systemd timer

Example Outputs Included:
- nginx -t success message
- Certbot success message
- certbot.timer status
- Final Nginx config structure (2 server blocks)

Security Hardening:
- X-Frame-Options (prevent clickjacking)
- X-Content-Type-Options (prevent MIME sniffing)
- X-XSS-Protection (enable browser XSS filter)
- Referrer-Policy (control referer header)

Status: Deployment guide COMPLETE
- Part 2:  Complete (systemd service)
- Part 6:  Complete (Nginx + SSL)
- Ready for production deployment

Commands provided by: Gemini (Google AI) - March 23, 2026

Chronicler #40
 2026-03-22 13:36:42 +00:00
Claude
745b2fb2ca feat: Add complete frontend code to Discord Bot Admin Panel guide 
ADDED: Part 5 complete implementation (9 steps, production-ready)

Frontend Files (by Gemini/Google AI):
- index.html (login + dashboard views, Fire/Frost branding)
- style.css (mobile-responsive, CSS variables for theming)
- app.js (vanilla JavaScript, fetch API, per-row save logic)

Key Features Implemented:
- Discord OAuth login flow
- 10 product → role ID input fields (Awakened through Sovereign)
- Per-row save buttons with validation feedback
- Inline error messages (shows under specific failed field)
- Bot status indicator (Online/Offline)
- Recent webhook logs table (manual refresh, last 50 events)
- Mobile-responsive design (flexbox, touch-friendly)

UI/UX Decisions (Gemini's recommendations):
- Save per row (not Save All) - prevents one error blocking all saves
- Validate on save (not on blur) - prevents API spam
- Inline errors - Holly knows exactly what to fix
- Manual log refresh - prevents layout shifting, lower memory

Technical Details:
- No frameworks (vanilla JS, fast loading)
- CSS variables for Fire (#FF6B35) / Frost (#4ECDC4) theming
- Monospace font for role ID inputs (easier to verify 18-digit IDs)
- Button state changes: Save → Saving... → Saved! → Save
- Color-coded status: green = success, red = error

Added Backend Requirements:
- app.use(express.static('public')); - serve static files
- GET /api/logs endpoint - return webhookLogs array
- Webhook logging in POST /webhook/paymenter - populate logs array
- Circular buffer (max 50 logs, shift oldest when full)

File Permissions:
- chown firefrost-bot:firefrost-bot public/
- chmod 644 public/* - read-only for security

Status: Frontend code COMPLETE and ready to deploy
Next: Nginx + SSL configuration (Part 6)

Code credit: Gemini (Google AI) - March 23, 2026

Chronicler #40
 2026-03-22 13:33:20 +00:00
Claude
2d3e9f9300 docs: Create Discord Bot Admin Panel guide + update Subscription Automation Guide 
CREATED: docs/guides/discord-bot-admin-panel.md (new comprehensive guide)
- Complete implementation guide for web-based admin panel
- Architecture section (credits Gemini for design decisions)
- Security-first approach (dedicated firefrost-bot user, Discord OAuth2)
- Zero-downtime config updates (in-memory + atomic disk writes)
- Holly's usage guide (how to update role IDs via web interface)
- Full troubleshooting section
- Maintenance procedures

Key Features Documented:
- Discord OAuth2 authentication (no passwords)
- Whitelist authorization (Holly + Michael only)
- Role ID validation (regex + Discord API verification)
- Atomic file writes with backup strategy
- In-memory config updates (no bot restart needed)
- Audit logging to Discord channel
- HTTPS via Nginx + Let's Encrypt

Status: Awaiting backend/frontend code from Gemini

UPDATED: docs/guides/subscription-automation-guide.md
- Task 9 rewritten to reference new admin panel guide
- Added Option A (admin panel) vs Option B (manual SSH) paths
- Removed SSH instructions for Holly (she won't have access)
- Removed bot token from credentials file (security)
- Updated Holly's tasks section with admin panel option
- Preserved manual method as fallback

Why These Changes:
- Admin panel gives Holly independence (no waiting for Michael)
- Cleaner separation of concerns (setup vs usage)
- Security improvement (no SSH access needed for Holly)
- Better documentation structure (1000+ line guide split logically)

Architecture Credit: Gemini (Google AI) consultation on March 23, 2026

Chronicler #40
 2026-03-22 13:28:57 +00:00