chore: scaffold monorepo for EventSnap

- Rust/Axum backend skeleton with all crates, multi-stage Dockerfile
- SvelteKit + TypeScript frontend with Tailwind CSS v4, adapter-node, Dockerfile
- docker-compose.yml: db (postgres:16) → app → frontend → caddy with healthcheck and named volumes
- Caddyfile: TLS via Let's Encrypt, cache headers, API/media routing to backend
- .env.example: all environment variables documented with defaults
- README.md: project overview, features, stack, deploy guide, roadmap
- .gitignore: excludes secrets, build artifacts, node_modules, media uploads

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.env.example

@@ -0,0 +1,45 @@
+# ── Domain ────────────────────────────────────────────────────────────────────
+# Public domain Caddy will serve and obtain a TLS certificate for.
+DOMAIN=my-event.example.com
+
+# ── App server ────────────────────────────────────────────────────────────────
+APP_PORT=3000
+
+# ── Database ──────────────────────────────────────────────────────────────────
+DATABASE_URL=postgres://eventsnap:secret@db:5432/eventsnap
+POSTGRES_USER=eventsnap
+POSTGRES_PASSWORD=secret
+POSTGRES_DB=eventsnap
+
+# ── Authentication ────────────────────────────────────────────────────────────
+# Generate with: openssl rand -hex 64
+JWT_SECRET=change_me_to_a_random_64_byte_hex_string
+SESSION_EXPIRY_DAYS=30
+
+# Admin dashboard password (bcrypt hash).
+# Generate with: htpasswd -bnBC 12 "" yourpassword | tr -d ':\n'
+ADMIN_PASSWORD_HASH=$2y$12$placeholder_replace_me
+
+# ── Event ─────────────────────────────────────────────────────────────────────
+EVENT_NAME=Max & Maria's Wedding
+EVENT_SLUG=max-maria-2026
+
+# ── Storage ───────────────────────────────────────────────────────────────────
+MEDIA_PATH=/media
+
+# ── Upload limits ─────────────────────────────────────────────────────────────
+DEFAULT_MAX_IMAGE_SIZE_MB=20
+DEFAULT_MAX_VIDEO_SIZE_MB=500
+
+# ── Rate limiting ─────────────────────────────────────────────────────────────
+DEFAULT_UPLOAD_RATE_PER_HOUR=10
+DEFAULT_FEED_RATE_PER_MIN=60
+DEFAULT_EXPORT_RATE_PER_DAY=3
+
+# ── Capacity ──────────────────────────────────────────────────────────────────
+DEFAULT_ESTIMATED_GUEST_COUNT=100
+# Fraction of total storage that triggers the "low storage" warning (0.0–1.0)
+DEFAULT_QUOTA_TOLERANCE=0.75
+
+# ── Workers ───────────────────────────────────────────────────────────────────
+COMPRESSION_WORKER_CONCURRENCY=2

.gitignore

@@ -0,0 +1,17 @@
+# Environment secrets — never commit the real .env
+.env
+
+# Rust
+backend/target/
+
+# Node / SvelteKit
+frontend/node_modules/
+frontend/.svelte-kit/
+frontend/build/
+
+# Media uploads (mounted volume in production)
+media/
+
+# OS
+.DS_Store
+Thumbs.db

Caddyfile

@@ -0,0 +1,26 @@
+{$DOMAIN} {
+    encode zstd gzip
+
+    # SvelteKit frontend — static assets with long-lived cache (content-hashed filenames)
+    @hashed_assets path_regexp hashed /_app/immutable/.*\.[a-f0-9]{8,}\.(js|css|woff2)$
+    header @hashed_assets Cache-Control "public, max-age=31536000, immutable"
+
+    # Media previews and thumbnails
+    @previews path /media/previews/* /media/thumbnails/*
+    header @previews Cache-Control "public, max-age=3600"
+
+    # Original media files (private — only host can download)
+    @originals path /media/originals/*
+    header @originals Cache-Control "private, max-age=86400"
+
+    # API — never cache
+    @api path /api/*
+    header @api Cache-Control "no-store"
+
+    # Route API and media requests to the Rust backend
+    reverse_proxy /api/* app:3000
+    reverse_proxy /media/* app:3000
+
+    # Everything else goes to SvelteKit frontend
+    reverse_proxy frontend:3001
+}

README.md

@@ -0,0 +1,197 @@
+# EventSnap
+
+> A private, QR-code-accessed photo & video sharing platform for weddings, birthdays, and personal events — built for guests, run by you.
+
+---
+
+## What is EventSnap?
+
+At private events, photos and videos are scattered across dozens of guests' phones and never truly shared. Existing solutions (WhatsApp groups, Google Photos) require accounts, expose personal data, and lack event-specific social features.
+
+**EventSnap** gives every guest instant, frictionless access to a shared, living gallery — **no app store, no email, no password.**
+
+A guest scans the QR code on their way in, types their name, and is immediately part of a shared moment. They upload, react, and comment throughout the day. After the event, the host releases the gallery — every guest walks away with a beautiful offline HTML keepsake and the full archive.
+
+**Project type:** Mobile-first PWA — runs in any browser, no installation required.  
+**Scale:** Personal / private use — one event at a time, ~100 guests, ~1,000 files.
+
+---
+
+## Features
+
+### MVP
+
+| Area | Feature |
+|------|---------|
+| **Onboarding** | QR code join flow, name-only registration, persistent JWT + recovery PIN, 30-day sessions |
+| **Uploads** | Photo & video from library or live camera, client-side IndexedDB queue, per-file progress & retry, captions + #hashtags |
+| **Processing** | Lossless server-side compression, feed preview generation, ffmpeg video thumbnails |
+| **Feed** | Chronological grid, real-time SSE updates, hashtag filtering, likes & comments |
+| **Host Dashboard** | Ban/unban guests, delete content, promote to host, lock event, release gallery for export |
+| **Admin Dashboard** | All host permissions + configure limits, rates, quota tolerance, disk usage widget |
+| **Export** | On-demand ZIP (full-quality originals) + self-contained offline `Memories.html` viewer |
+
+### Planned (v1.x)
+
+- Individual file download button
+- Low-disk alert (< 10 GB free)
+- Event banner / cover image
+- Chunked resumable upload for large videos
+- Host-curated story highlights
+- Slideshow / presentation mode
+
+---
+
+## Tech Stack
+
+| Layer | Technology |
+|-------|-----------|
+| Frontend | SvelteKit + TypeScript |
+| Styling | Tailwind CSS v4 |
+| Backend | Rust + Axum |
+| Async | Tokio |
+| Database | PostgreSQL 16 via SQLx (compile-time query checking) |
+| Auth | Custom JWT (`jsonwebtoken`) + bcrypt PINs |
+| Image processing | `image` crate + `oxipng` (lossless compression) |
+| Video processing | ffmpeg via `tokio::process::Command` |
+| File storage | Local disk (`/media/`) |
+| Real-time | Axum SSE + `tokio::sync::broadcast` |
+| Export | `async-zip` (streaming ZIP) + `minijinja` (HTML bundle) |
+| Rate limiting | `tower-governor` (token-bucket, DB-configurable) |
+| Reverse proxy | Caddy 2 (automatic HTTPS via Let's Encrypt) |
+| Containers | Docker + Docker Compose |
+| Infrastructure | Hetzner CX33 (4 vCPU, 8 GB RAM, 80 GB SSD) |
+
+---
+
+## Repository Structure
+
+```
+eventsnap/
+├── backend/          # Rust + Axum API server
+│   ├── src/
+│   ├── Cargo.toml
+│   └── Dockerfile
+├── frontend/         # SvelteKit PWA
+│   ├── src/
+│   ├── svelte.config.js
+│   └── Dockerfile
+├── docker-compose.yml
+├── Caddyfile
+└── .env.example
+```
+
+---
+
+## Getting Started
+
+### Prerequisites
+
+- [Docker](https://docs.docker.com/engine/install/) (includes Compose plugin)
+- A domain name with an A record pointing to your server
+
+### Deploy on a fresh VPS
+
+```bash
+# 1. Clone the repository
+git clone https://git.mc02.dev/fabi/EventSnap.git
+cd EventSnap
+
+# 2. Configure environment
+cp .env.example .env
+nano .env   # set DOMAIN, JWT_SECRET, ADMIN_PASSWORD_HASH, EVENT_NAME, etc.
+
+# 3. Start the stack
+docker compose up -d
+```
+
+Caddy automatically obtains a Let's Encrypt certificate on first start. The app is live at `https://DOMAIN` within ~30 seconds.
+
+### Generate required secrets
+
+```bash
+# JWT secret (64 random bytes)
+openssl rand -hex 64
+
+# Admin password hash (bcrypt, cost 12)
+htpasswd -bnBC 12 "" yourpassword | tr -d ':\n'
+```
+
+### Environment Variables
+
+See [.env.example](.env.example) for the full list with descriptions and defaults. Key variables:
+
+| Variable | Description |
+|----------|-------------|
+| `DOMAIN` | Public domain for TLS (e.g. `my-wedding.example.com`) |
+| `JWT_SECRET` | 64-byte random hex string for signing JWTs |
+| `ADMIN_PASSWORD_HASH` | bcrypt hash of the admin dashboard password |
+| `EVENT_NAME` | Display name shown to guests |
+| `EVENT_SLUG` | URL-safe event identifier |
+| `DATABASE_URL` | PostgreSQL connection string |
+
+---
+
+## Docker Compose Stack
+
+```
+┌─────────────────────────────────────┐
+│  Caddy :80 / :443 (TLS termination) │
+└────────────┬────────────────────────┘
+             │
+    ┌────────┴────────┐
+    │                 │
+┌───▼────┐      ┌─────▼──────┐
+│  app   │      │  frontend  │
+│ :3000  │      │   :3001    │
+│ (Rust) │      │ (SvelteKit)│
+└───┬────┘      └────────────┘
+    │
+┌───▼────┐
+│   db   │
+│ :5432  │
+│(Postgres│
+└────────┘
+```
+
+- `/api/*` and `/media/*` → Rust backend
+- Everything else → SvelteKit frontend
+- Named volumes: `postgres_data`, `media_data`, `caddy_data`
+
+---
+
+## Backup
+
+```bash
+# Database snapshot
+pg_dump $DATABASE_URL | gzip > /media/backups/db_$(date +%Y-%m-%d).sql.gz
+
+# Weekly offsite sync (Hetzner Storage Box or similar)
+rsync -az /opt/eventsnap/media/ user@storagebox.example.com:backup/eventsnap/
+```
+
+The `/media` volume holds originals, previews, thumbnails, exports, and DB backups — a single path to back up.
+
+---
+
+## Development Roadmap
+
+- [x] Project blueprint & architecture
+- [x] Monorepo scaffold (`backend/`, `frontend/`, Docker Compose)
+- [ ] DB schema + SQLx migrations
+- [ ] Auth flow (join, JWT, PIN recovery)
+- [ ] Upload pipeline (multipart → compression worker → SSE broadcast)
+- [ ] Client upload queue (IndexedDB, progress, retry)
+- [ ] Gallery feed (grid, SSE, hashtag filters)
+- [ ] Camera capture (`getUserMedia`)
+- [ ] Host Dashboard
+- [ ] Admin Dashboard
+- [ ] Export engine (ZIP + offline HTML)
+- [ ] Rate limiting middleware
+- [ ] End-to-end test event (10+ real devices)
+
+---
+
+## License
+
+Private project — all rights reserved.

backend/Cargo.toml

@@ -0,0 +1,33 @@
+[package]
+name = "eventsnap-backend"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+axum = { version = "0.8", features = ["multipart"] }
+tokio = { version = "1", features = ["full"] }
+sqlx = { version = "0.8", features = ["runtime-tokio", "postgres", "uuid", "chrono", "macros"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+tower = "0.5"
+tower-http = { version = "0.6", features = ["trace", "cors", "compression-full", "fs"] }
+tower-governor = "0.4"
+jsonwebtoken = "9"
+bcrypt = "0.15"
+uuid = { version = "1", features = ["v4", "serde"] }
+chrono = { version = "0.4", features = ["serde"] }
+anyhow = "1"
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+dotenvy = "0.15"
+sysinfo = "0.32"
+image = "0.25"
+oxipng = "9"
+async-zip = { version = "0.0.17", features = ["tokio", "deflate"] }
+minijinja = "2"
+
+[profile.release]
+opt-level = 3
+lto = true
+codegen-units = 1
+strip = true

backend/Dockerfile

@@ -0,0 +1,25 @@
+# --- Build stage ---
+FROM rust:1.87-alpine AS builder
+
+RUN apk add --no-cache musl-dev pkgconfig openssl-dev
+
+WORKDIR /app
+COPY Cargo.toml Cargo.lock* ./
+# Pre-fetch deps with a dummy build for layer caching
+RUN mkdir src && echo "fn main(){}" > src/main.rs && \
+    cargo build --release && \
+    rm -rf src
+
+COPY src ./src
+RUN touch src/main.rs && cargo build --release
+
+# --- Runtime stage ---
+FROM alpine:3.21
+
+RUN apk add --no-cache ca-certificates ffmpeg
+
+WORKDIR /app
+COPY --from=builder /app/target/release/eventsnap-backend ./
+
+EXPOSE 3000
+CMD ["./eventsnap-backend"]

backend/src/main.rs

@@ -0,0 +1,27 @@
+use anyhow::Result;
+use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    dotenvy::dotenv().ok();
+
+    tracing_subscriber::registry()
+        .with(tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
+            "eventsnap_backend=debug,tower_http=debug".into()
+        }))
+        .with(tracing_subscriber::fmt::layer())
+        .init();
+
+    let port: u16 = std::env::var("APP_PORT")
+        .unwrap_or_else(|_| "3000".to_string())
+        .parse()?;
+
+    let router = axum::Router::new()
+        .route("/health", axum::routing::get(|| async { "ok" }));
+
+    let listener = tokio::net::TcpListener::bind(("0.0.0.0", port)).await?;
+    tracing::info!("listening on {}", listener.local_addr()?);
+    axum::serve(listener, router).await?;
+
+    Ok(())
+}

docker-compose.yml

@@ -0,0 +1,59 @@
+services:
+  db:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    env_file: .env
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+  app:
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+    restart: unless-stopped
+    env_file: .env
+    depends_on:
+      db:
+        condition: service_healthy
+    volumes:
+      - media_data:/media
+    expose:
+      - "3000"
+
+  frontend:
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile
+    restart: unless-stopped
+    env_file: .env
+    depends_on:
+      - app
+    expose:
+      - "3001"
+
+  caddy:
+    image: caddy:2-alpine
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+    depends_on:
+      - app
+      - frontend
+
+volumes:
+  postgres_data:
+  media_data:
+  caddy_data:

frontend/.npmrc

@@ -0,0 +1 @@
+engine-strict=true

frontend/Dockerfile

@@ -0,0 +1,21 @@
+# --- Build stage ---
+FROM node:22-alpine AS builder
+
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm ci
+
+COPY . .
+RUN npm run build
+
+# --- Runtime stage ---
+FROM node:22-alpine
+
+WORKDIR /app
+COPY --from=builder /app/build ./build
+COPY --from=builder /app/package.json ./
+RUN npm install --omit=dev
+
+EXPOSE 3001
+ENV PORT=3001 HOST=0.0.0.0
+CMD ["node", "build"]

frontend/package.json

@@ -0,0 +1,31 @@
+{
+	"name": "frontend",
+	"private": true,
+	"version": "0.0.1",
+	"type": "module",
+	"scripts": {
+		"dev": "vite dev",
+		"build": "vite build",
+		"preview": "vite preview",
+		"prepare": "svelte-kit sync || echo ''",
+		"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+		"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch"
+	},
+	"devDependencies": {
+		"@sveltejs/adapter-auto": "^7.0.0",
+		"@sveltejs/adapter-node": "^5.5.4",
+		"@sveltejs/kit": "^2.50.2",
+		"@sveltejs/vite-plugin-svelte": "^6.2.4",
+		"@tailwindcss/vite": "^4.2.2",
+		"@types/qrcode": "^1.5.6",
+		"svelte": "^5.54.0",
+		"svelte-check": "^4.4.2",
+		"tailwindcss": "^4.2.2",
+		"typescript": "^5.9.3",
+		"vite": "^7.3.1"
+	},
+	"dependencies": {
+		"idb": "^8.0.3",
+		"qrcode": "^1.5.4"
+	}
+}

frontend/src/app.css

@@ -0,0 +1 @@
+@import "tailwindcss";

frontend/src/app.d.ts

@@ -0,0 +1,13 @@
+// See https://svelte.dev/docs/kit/types#app.d.ts
+// for information about these interfaces
+declare global {
+	namespace App {
+		// interface Error {}
+		// interface Locals {}
+		// interface PageData {}
+		// interface PageState {}
+		// interface Platform {}
+	}
+}
+
+export {};

frontend/src/app.html

@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<meta name="viewport" content="width=device-width, initial-scale=1" />
+		<meta name="text-scale" content="scale" />
+		%sveltekit.head%
+	</head>
+	<body data-sveltekit-preload-data="hover">
+		<div style="display: contents">%sveltekit.body%</div>
+	</body>
+</html>

frontend/src/lib/assets/favicon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="107" height="128" viewBox="0 0 107 128"><title>svelte-logo</title><path d="M94.157 22.819c-10.4-14.885-30.94-19.297-45.792-9.835L22.282 29.608A29.92 29.92 0 0 0 8.764 49.65a31.5 31.5 0 0 0 3.108 20.231 30 30 0 0 0-4.477 11.183 31.9 31.9 0 0 0 5.448 24.116c10.402 14.887 30.942 19.297 45.791 9.835l26.083-16.624A29.92 29.92 0 0 0 98.235 78.35a31.53 31.53 0 0 0-3.105-20.232 30 30 0 0 0 4.474-11.182 31.88 31.88 0 0 0-5.447-24.116" style="fill:#ff3e00"/><path d="M45.817 106.582a20.72 20.72 0 0 1-22.237-8.243 19.17 19.17 0 0 1-3.277-14.503 18 18 0 0 1 .624-2.435l.49-1.498 1.337.981a33.6 33.6 0 0 0 10.203 5.098l.97.294-.09.968a5.85 5.85 0 0 0 1.052 3.878 6.24 6.24 0 0 0 6.695 2.485 5.8 5.8 0 0 0 1.603-.704L69.27 76.28a5.43 5.43 0 0 0 2.45-3.631 5.8 5.8 0 0 0-.987-4.371 6.24 6.24 0 0 0-6.698-2.487 5.7 5.7 0 0 0-1.6.704l-9.953 6.345a19 19 0 0 1-5.296 2.326 20.72 20.72 0 0 1-22.237-8.243 19.17 19.17 0 0 1-3.277-14.502 17.99 17.99 0 0 1 8.13-12.052l26.081-16.623a19 19 0 0 1 5.3-2.329 20.72 20.72 0 0 1 22.237 8.243 19.17 19.17 0 0 1 3.277 14.503 18 18 0 0 1-.624 2.435l-.49 1.498-1.337-.98a33.6 33.6 0 0 0-10.203-5.1l-.97-.294.09-.968a5.86 5.86 0 0 0-1.052-3.878 6.24 6.24 0 0 0-6.696-2.485 5.8 5.8 0 0 0-1.602.704L37.73 51.72a5.42 5.42 0 0 0-2.449 3.63 5.79 5.79 0 0 0 .986 4.372 6.24 6.24 0 0 0 6.698 2.486 5.8 5.8 0 0 0 1.602-.704l9.952-6.342a19 19 0 0 1 5.295-2.328 20.72 20.72 0 0 1 22.237 8.242 19.17 19.17 0 0 1 3.277 14.503 18 18 0 0 1-8.13 12.053l-26.081 16.622a19 19 0 0 1-5.3 2.328" style="fill:#fff"/></svg>

frontend/src/lib/index.ts

@@ -0,0 +1 @@
+// place files you want to import through the `$lib` alias in this folder.

frontend/src/routes/+layout.svelte

@@ -0,0 +1,12 @@
+<script lang="ts">
+	import favicon from '$lib/assets/favicon.svg';
+	import '../app.css';
+
+	let { children } = $props();
+</script>
+
+<svelte:head>
+	<link rel="icon" href={favicon} />
+</svelte:head>
+
+{@render children()}

frontend/src/routes/+page.svelte

@@ -0,0 +1,2 @@
+<h1>Welcome to SvelteKit</h1>
+<p>Visit <a href="https://svelte.dev/docs/kit">svelte.dev/docs/kit</a> to read the documentation</p>

frontend/static/robots.txt

@@ -0,0 +1,3 @@
+# allow crawling everything by default
+User-agent: *
+Disallow:

frontend/svelte.config.js

@@ -0,0 +1,13 @@
+import adapter from '@sveltejs/adapter-node';
+
+/** @type {import('@sveltejs/kit').Config} */
+const config = {
+	compilerOptions: {
+		runes: true
+	},
+	kit: {
+		adapter: adapter()
+	}
+};
+
+export default config;

frontend/tsconfig.json

@@ -0,0 +1,20 @@
+{
+	"extends": "./.svelte-kit/tsconfig.json",
+	"compilerOptions": {
+		"rewriteRelativeImportExtensions": true,
+		"allowJs": true,
+		"checkJs": true,
+		"esModuleInterop": true,
+		"forceConsistentCasingInFileNames": true,
+		"resolveJsonModule": true,
+		"skipLibCheck": true,
+		"sourceMap": true,
+		"strict": true,
+		"moduleResolution": "bundler"
+	}
+	// Path aliases are handled by https://svelte.dev/docs/kit/configuration#alias
+	// except $lib which is handled by https://svelte.dev/docs/kit/configuration#files
+	//
+	// To make changes to top-level options such as include and exclude, we recommend extending
+	// the generated config; see https://svelte.dev/docs/kit/configuration#typescript
+}

frontend/vite.config.ts

@@ -0,0 +1,7 @@
+import { sveltekit } from '@sveltejs/kit/vite';
+import tailwindcss from '@tailwindcss/vite';
+import { defineConfig } from 'vite';
+
+export default defineConfig({
+	plugins: [tailwindcss(), sveltekit()]
+});