feat: Complete NestJS backend scaffold — 22 modules, 39 entities, WebSocket gateway

Full backend rewrite from Rust/Axum to NestJS/TypeScript.
- 22 feature modules (auth, servers, wipes, maps, plugins, players, console,
  chat, team, notifications, settings, schedules, analytics, alerts, status,
  store, webstore, admin, setup, migration, users, licenses)
- 39 TypeORM entities matching PostgreSQL schema (12 migrations)
- Common infrastructure: JWT/RBAC guards, decorators, exception filter
- NATS service with pub/sub/request-reply
- Socket.IO WebSocket gateway with NATS bridge
- Docker: NestJS Dockerfile + updated docker-compose.yml
- Zero compile errors (npx tsc --noEmit clean)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend-nest/src/modules/settings/dto/update-domain.dto.ts

@@ -0,0 +1,25 @@
+import { IsString, IsOptional, Matches } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+
+export class UpdateDomainDto {
+  @ApiProperty({
+    description: 'Subdomain (alphanumeric and hyphens only)',
+    example: 'myserver',
+    required: false,
+  })
+  @IsString()
+  @IsOptional()
+  @Matches(/^[a-z0-9-]+$/, {
+    message: 'Subdomain can only contain lowercase letters, numbers, and hyphens',
+  })
+  subdomain?: string;
+
+  @ApiProperty({
+    description: 'Custom domain',
+    example: 'play.myserver.com',
+    required: false,
+  })
+  @IsString()
+  @IsOptional()
+  custom_domain?: string;
+}

backend-nest/src/modules/settings/dto/update-public-site.dto.ts

@@ -0,0 +1,122 @@
+import { IsBoolean, IsString, IsUrl, IsOptional, IsObject } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+
+export class UpdatePublicSiteDto {
+  @ApiProperty({
+    description: 'Enable public site',
+    example: true,
+    required: false,
+  })
+  @IsBoolean()
+  @IsOptional()
+  site_enabled?: boolean;
+
+  @ApiProperty({
+    description: 'Show server on status page',
+    example: true,
+    required: false,
+  })
+  @IsBoolean()
+  @IsOptional()
+  show_on_status_page?: boolean;
+
+  @ApiProperty({
+    description: 'Steam connect URL',
+    example: 'steam://connect/123.456.789.0:28015',
+    required: false,
+  })
+  @IsString()
+  @IsOptional()
+  steam_connect_url?: string;
+
+  @ApiProperty({
+    description: 'Message of the day',
+    example: 'Welcome to our server!',
+    required: false,
+  })
+  @IsString()
+  @IsOptional()
+  motd?: string;
+
+  @ApiProperty({
+    description: 'Public mods list',
+    example: ['Plugin1', 'Plugin2'],
+    required: false,
+  })
+  @IsOptional()
+  public_mods?: string[];
+
+  @ApiProperty({
+    description: 'Header image URL',
+    example: 'https://example.com/header.jpg',
+    required: false,
+  })
+  @IsUrl()
+  @IsString()
+  @IsOptional()
+  header_image_url?: string;
+
+  @ApiProperty({
+    description: 'Theme color (hex)',
+    example: '#1a1a1a',
+    required: false,
+  })
+  @IsString()
+  @IsOptional()
+  theme_color?: string;
+
+  @ApiProperty({
+    description: 'Discord invite URL',
+    example: 'https://discord.gg/xxxxx',
+    required: false,
+  })
+  @IsUrl()
+  @IsString()
+  @IsOptional()
+  discord_invite_url?: string;
+
+  @ApiProperty({
+    description: 'Show player count on public site',
+    example: true,
+    required: false,
+  })
+  @IsBoolean()
+  @IsOptional()
+  show_player_count?: boolean;
+
+  @ApiProperty({
+    description: 'Show wipe schedule on public site',
+    example: true,
+    required: false,
+  })
+  @IsBoolean()
+  @IsOptional()
+  show_wipe_schedule?: boolean;
+
+  @ApiProperty({
+    description: 'Show wipe countdown on public site',
+    example: true,
+    required: false,
+  })
+  @IsBoolean()
+  @IsOptional()
+  show_wipe_countdown?: boolean;
+
+  @ApiProperty({
+    description: 'Show mod list on public site',
+    example: true,
+    required: false,
+  })
+  @IsBoolean()
+  @IsOptional()
+  show_mod_list?: boolean;
+
+  @ApiProperty({
+    description: 'Status page description',
+    example: 'A friendly Rust server for all skill levels',
+    required: false,
+  })
+  @IsString()
+  @IsOptional()
+  status_page_description?: string;
+}

backend-nest/src/modules/settings/settings.controller.ts

@@ -0,0 +1,73 @@
+import { Controller, Get, Put, Body, UseGuards } from '@nestjs/common';
+import {
+  ApiTags,
+  ApiBearerAuth,
+  ApiOperation,
+  ApiResponse,
+} from '@nestjs/swagger';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
+import { SettingsService } from './settings.service';
+import { UpdatePublicSiteDto } from './dto/update-public-site.dto';
+import { UpdateDomainDto } from './dto/update-domain.dto';
+
+@ApiTags('settings')
+@ApiBearerAuth()
+@UseGuards(JwtAuthGuard)
+@Controller('settings')
+export class SettingsController {
+  constructor(private readonly settingsService: SettingsService) {}
+
+  @Get('public-site')
+  @ApiOperation({
+    summary: 'Get public site configuration',
+    description: 'Returns public site settings for this license',
+  })
+  @ApiResponse({
+    status: 200,
+    description: 'Public site config retrieved successfully',
+  })
+  async getPublicSite(@CurrentTenant() licenseId: string) {
+    return await this.settingsService.getPublicSite(licenseId);
+  }
+
+  @Put('public-site')
+  @ApiOperation({
+    summary: 'Update public site configuration',
+    description: 'Update public site settings for this license',
+  })
+  @ApiResponse({
+    status: 200,
+    description: 'Public site config updated successfully',
+  })
+  async updatePublicSite(
+    @CurrentTenant() licenseId: string,
+    @Body() dto: UpdatePublicSiteDto,
+  ) {
+    return await this.settingsService.updatePublicSite(licenseId, dto);
+  }
+
+  @Put('domain')
+  @ApiOperation({
+    summary: 'Update domain settings',
+    description: 'Update subdomain or custom domain for this license',
+  })
+  @ApiResponse({
+    status: 200,
+    description: 'Domain settings updated successfully',
+  })
+  @ApiResponse({
+    status: 400,
+    description: 'Invalid domain format',
+  })
+  @ApiResponse({
+    status: 409,
+    description: 'Subdomain already taken',
+  })
+  async updateDomain(
+    @CurrentTenant() licenseId: string,
+    @Body() dto: UpdateDomainDto,
+  ) {
+    return await this.settingsService.updateDomain(licenseId, dto);
+  }
+}

backend-nest/src/modules/settings/settings.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { SettingsController } from './settings.controller';
+import { SettingsService } from './settings.service';
+import { PublicSiteConfig } from '../../entities/public-site-config.entity';
+import { License } from '../../entities/license.entity';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([PublicSiteConfig, License])],
+  controllers: [SettingsController],
+  providers: [SettingsService],
+  exports: [SettingsService],
+})
+export class SettingsModule {}

backend-nest/src/modules/settings/settings.service.ts

@@ -0,0 +1,145 @@
+import {
+  Injectable,
+  NotFoundException,
+  BadRequestException,
+  ConflictException,
+} from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { PublicSiteConfig } from '../../entities/public-site-config.entity';
+import { License } from '../../entities/license.entity';
+import { UpdatePublicSiteDto } from './dto/update-public-site.dto';
+import { UpdateDomainDto } from './dto/update-domain.dto';
+
+@Injectable()
+export class SettingsService {
+  constructor(
+    @InjectRepository(PublicSiteConfig)
+    private publicSiteConfigRepository: Repository<PublicSiteConfig>,
+    @InjectRepository(License)
+    private licenseRepository: Repository<License>,
+  ) {}
+
+  async getPublicSite(licenseId: string): Promise<PublicSiteConfig> {
+    let config = await this.publicSiteConfigRepository.findOne({
+      where: { license_id: licenseId },
+    });
+
+    // Create default config if not exists
+    if (!config) {
+      config = this.publicSiteConfigRepository.create({
+        license_id: licenseId,
+        site_enabled: false,
+        show_on_status_page: false,
+        steam_connect_url: null,
+        motd: null,
+        public_mods: [],
+        header_image_url: null,
+        theme_color: '#1a1a1a',
+        discord_invite_url: null,
+        show_player_count: true,
+        show_wipe_schedule: true,
+        show_wipe_countdown: true,
+        show_mod_list: true,
+        status_page_description: null,
+      });
+
+      config = await this.publicSiteConfigRepository.save(config);
+    }
+
+    return config;
+  }
+
+  async updatePublicSite(
+    licenseId: string,
+    dto: UpdatePublicSiteDto,
+  ): Promise<PublicSiteConfig> {
+    // Ensure config exists first
+    let config = await this.getPublicSite(licenseId);
+
+    // Update fields
+    Object.assign(config, dto);
+
+    return await this.publicSiteConfigRepository.save(config);
+  }
+
+  async updateDomain(licenseId: string, dto: UpdateDomainDto) {
+    const license = await this.licenseRepository.findOne({
+      where: { id: licenseId },
+    });
+
+    if (!license) {
+      throw new NotFoundException(`License ${licenseId} not found`);
+    }
+
+    // Check if subdomain is already taken (if changing subdomain)
+    if (dto.subdomain && dto.subdomain !== license.subdomain) {
+      const existingSubdomain = await this.licenseRepository.findOne({
+        where: { subdomain: dto.subdomain },
+      });
+
+      if (existingSubdomain) {
+        throw new ConflictException(
+          `Subdomain "${dto.subdomain}" is already taken`,
+        );
+      }
+
+      // Validate subdomain format
+      if (dto.subdomain.length < 3 || dto.subdomain.length > 63) {
+        throw new BadRequestException(
+          'Subdomain must be between 3 and 63 characters',
+        );
+      }
+
+      if (dto.subdomain.startsWith('-') || dto.subdomain.endsWith('-')) {
+        throw new BadRequestException(
+          'Subdomain cannot start or end with a hyphen',
+        );
+      }
+
+      // TODO: Stub Cloudflare DNS provisioning
+      // In production, this would:
+      // 1. Create DNS CNAME record: {subdomain}.corrosionmgmt.com → panel.corrosionmgmt.com
+      // 2. Wait for DNS propagation
+      // 3. Verify SSL certificate provisioning
+      // For now, we just update the database
+      license.subdomain = dto.subdomain;
+    }
+
+    // Update custom domain if provided
+    if (dto.custom_domain !== undefined) {
+      if (dto.custom_domain && dto.custom_domain !== license.custom_domain) {
+        // Validate domain format (basic check)
+        const domainRegex = /^([a-z0-9-]+\.)+[a-z]{2,}$/i;
+        if (!domainRegex.test(dto.custom_domain)) {
+          throw new BadRequestException('Invalid custom domain format');
+        }
+
+        // TODO: Stub Cloudflare DNS verification
+        // In production, this would:
+        // 1. Instruct user to create CNAME pointing to panel.corrosionmgmt.com
+        // 2. Verify DNS record exists
+        // 3. Provision SSL certificate via Cloudflare
+        // 4. Mark domain as verified
+        // For now, we just update the database
+        license.custom_domain = dto.custom_domain;
+      } else if (dto.custom_domain === null || dto.custom_domain === '') {
+        // Allow clearing custom domain
+        license.custom_domain = null;
+      }
+    }
+
+    const updated = await this.licenseRepository.save(license);
+
+    return {
+      subdomain: updated.subdomain,
+      custom_domain: updated.custom_domain,
+      subdomain_url: updated.subdomain
+        ? `https://${updated.subdomain}.corrosionmgmt.com`
+        : null,
+      custom_domain_url: updated.custom_domain
+        ? `https://${updated.custom_domain}`
+        : null,
+    };
+  }
+}