Vikings Event Management API - Development Guide

A comprehensive guide for working with the Vikings Event Management API codebase - a Node.js Express backend that serves as an OAuth proxy for Online Scout Manager (OSM) API integration.

Overview

This skill provides guidance for development, testing, deployment, and troubleshooting of the Vikings Event Management API. The backend uses **auto-deployment** where code merged to `main` automatically deploys to production on Railway.

Architecture

**Core Components:**

`server.js` - Express app with CORS, OAuth callbacks, Sentry integration, rate limiting

`controllers/auth.js` - OAuth token management and logout

`controllers/osm.js` - Refactored OSM API proxy endpoints (86% code reduction)

`controllers/osm-legacy.js` - Legacy functions with complex business logic

`middleware/rateLimiting.js` - Dual-layer rate limiting (backend + OSM API tracking)

`config/sentry.js` - Error monitoring and structured logging

`utils/` - Utility modules for API handling, validation, responses, and server helpers

**Key Features:**

Dual-layer rate limiting (100 req/min backend + OSM API tracking)

Dynamic frontend URL detection for OAuth with multiple fallback mechanisms

Comprehensive Sentry structured logging

In-memory token storage with expiration tracking

Refactored architecture using factory patterns (86% code reduction)

Development Commands

Running the Application

```bash

npm start # Production server

npm run dev # Development with auto-restart (nodemon)

npm run build # No build step (echo message)

```

Code Quality

```bash

npm run lint # ESLint checks

```

Testing

```bash

npm test # Run all tests

npm run test:watch # Watch mode for development

npm run test:coverage # With coverage report

npm run test:ci # CI mode (no watch, with coverage)

```

**Test Coverage:** 53 tests covering all endpoints, rate limiting, CORS, OAuth flow, frontend URL detection, health checks, documentation, error handling, and security edge cases.

Auto-Deployment Workflow

Standard Feature Development

**Step 1: Feature Development**

```bash

git checkout -b feature/my-feature

Develop and test locally

npm run lint && npm test && npm run build # Verify before PR

```

**Step 2: Version Management (BEFORE merge)**

```bash

Update version in PR if this will be a new release

npm run version:patch # Updates package.json only (--no-git-tag-version)

git add package.json package-lock.json

git commit -m "chore: bump version to v1.x.x for production deployment"

```

**Step 3: PR Review & Merge**

Create PR → Review → Merge to main

⚠️ Auto-deployment triggers immediately after merge

**Step 4: Post-Merge Release Finalization**

```bash

git checkout main && git pull origin main # Sync with merged changes

git tag -a v1.x.x -m "Release v1.x.x: Description of changes"

git push origin v1.x.x

npm run release:finalize # Finalize Sentry release

```

Production Hotfix Workflow

**When fixing critical production errors:**

**Step 1: Create Hotfix Branch**

```bash

git checkout -b feature/hotfix-critical-issue

```

**Step 2: Implement Fix**

Add structured logging and error context

Include Sentry integration for monitoring

**Step 3: Update Version BEFORE Merge (Critical!)**

```bash

npm run version:patch

git add package.json package-lock.json

git commit -m "chore: bump to v1.x.x for critical production fix"

```

**Step 4: PR with Detailed Context**

Include Sentry issue IDs and error descriptions

Reference production monitoring and logs

**Step 5: Post-Merge Release Tag**

```bash

git checkout main && git pull origin main

git tag -a v1.x.x -m "Release v1.x.x: Critical fixes for [issue description]"

git push origin v1.x.x

npm run release:finalize

```

Release Commands

**Development Releases:**

```bash

./scripts/release.sh patch # Automated version bump + Sentry integration

```

**Version Management:**

```bash

npm run version:patch # Bump patch version (no git operations)

npm run version:minor # Bump minor version (no git operations)

npm run version:major # Bump major version (no git operations)

```

**Manual Release Process (Fallback):**

```bash

npm run release:patch # Test + bump patch version

npm run release:minor # Test + bump minor version

npm run release:major # Test + bump major version

```

**Sentry Integration:**

```bash

npm run release:create # Create new Sentry release

npm run release:finalize # Finalize release for deployment tracking

npm run release:deploy # Mark deployment with commit info

```

OAuth Configuration & Troubleshooting

Frontend URL Detection Priority

1. `frontend_url` query parameter (highest priority)

2. Embedded URL in state: `state=prod&frontend_url=https://pr-123-vikings-eventmgmt.onrender.com`

3. Referer header detection for `.onrender.com` domains

4. Legacy state-based detection (`state=dev` → `https://localhost:3000`)

5. Default: `https://vikings-eventmgmt.onrender.com`

OAuth Redirect URI Troubleshooting

**Critical Requirement:** The `redirect_uri` must match exactly between:

1. Initial OAuth authorization request (frontend)

2. Token exchange request (backend)

**Common Issues:**

Environment variable mismatch between frontend and backend

Copy-paste errors when deploying to new platforms

Protocol mismatches (HTTP vs HTTPS)

**Debugging Steps:**

1. Check `/oauth/debug` endpoint to verify `backendUrl` and `authUrl`

2. Verify `VITE_API_URL` (frontend) matches `BACKEND_URL` (backend)

3. Test OAuth flow locally to isolate environment vs code issues

4. Compare browser network requests for exact redirect URI mismatches

**Example Valid Configuration:**

```env

Backend (.env)

BACKEND_URL=https://vikingeventmgmtapi-production.up.railway.app

Frontend (.env)

VITE_API_URL=https://vikingeventmgmtapi-production.up.railway.app

```

Environment Variables

```env

OAUTH_CLIENT_ID=your_osm_client_id

OAUTH_CLIENT_SECRET=your_osm_client_secret

NODE_ENV=development|production|test

PORT=3000

SENTRY_DSN=optional_sentry_dsn

BACKEND_URL=backend_base_url

```

Sentry Structured Logging

**Import Pattern:**

```javascript

const Sentry = require('../config/sentry');

const { logger } = Sentry;

```

**Logging Patterns:**

All logs include `endpoint`, `sessionId`, and relevant parameters

Log levels: `logger.info()`, `logger.error()`, `logger.warn()`, `logger.debug()`

Use `logger.fmt` for dynamic values in log messages

**Example:**

```javascript

logger.info('Processing request', { endpoint, sessionId, params });

logger.error('Request failed', { endpoint, sessionId, error: err.message });

```

API Endpoints

**Authentication:**

`/token` - OAuth token exchange

`/logout` - Token revocation

`/oauth/callback` - OAuth callback handler

`/oauth/debug` - Debug OAuth configuration

**OSM Proxy (require Authorization header):**

GET: `/get-terms`, `/get-section-config`, `/get-user-roles`, `/get-events`, `/get-flexi-records`, `/get-single-flexi-record`, `/get-flexi-structure`, `/get-startup-data`

POST: `/update-flexi-record`, `/get-members-grid`

**Utility:**

`/rate-limit-status` - Check current rate limits

Refactored Architecture

**Benefits:**

86% reduction in controller code (1,140 → 160 lines)

Factory pattern for rapid endpoint creation

Centralized validation, error handling, and response processing

Single source of truth for common operations

**Key Utilities:**

`createOSMApiHandler()` - Generic handler with built-in validation

`osmEndpoints.*()` - Pre-configured endpoint factories

`validateRequiredParams()` - Centralized parameter validation

`sendOSMResponse()` - Standardized response processing

`createEndpointLogger()` - Structured logging with consistent format

Post-Deployment Monitoring

1. Monitor Sentry for error patterns and rate limit issues

2. Check Railway deployment logs for startup errors

3. Verify API endpoints are responding correctly

4. Monitor OAuth callback functionality

5. Review rate limit metrics and OSM API integration

Constraints

Auto-deployment requires careful version management

Always bump version BEFORE merging to main

Test thoroughly (all 53 tests) before merge

Version bumps distinguish new releases from problematic ones

In-memory token storage (not persistent across restarts)

Single worker test configuration to prevent port conflicts

When to Use This Skill

Use this skill when:

Setting up local development environment

Creating new feature branches

Preparing releases or hotfixes

Troubleshooting OAuth configuration issues

Adding new OSM API endpoints

Implementing structured logging

Debugging rate limiting issues

Preparing for deployment to Railway

Investigating production errors via Sentry

Vikings Event Management API - Development Guide

Vikings Event Management API - Development Guide

Overview

Architecture

Development Commands

Running the Application

Code Quality

Testing

Auto-Deployment Workflow

Standard Feature Development

Develop and test locally

Update version in PR if this will be a new release

Production Hotfix Workflow

Release Commands

OAuth Configuration & Troubleshooting

Frontend URL Detection Priority

OAuth Redirect URI Troubleshooting

Backend (.env)

Frontend (.env)

Environment Variables

Sentry Structured Logging

API Endpoints

Refactored Architecture

Post-Deployment Monitoring

Constraints

When to Use This Skill

Reviews (0)