# Canaccom Travel Group Platform

A comprehensive SaaS platform for streamlined group travel logistics, specifically designed for sports teams and events. This system replaces spreadsheet/email-based workflows with a secure, web-based portal accessible by Canaccom staff, clients (team organizers), and hotels.

## 🌟 Features

### Core Functionality
- **Booking Management**: Complete booking lifecycle from creation to completion
- **Hotel Confirmation System**: Automated hotel confirmation requests and responses
- **Rooming List Management**: Secure guest information handling with encryption
- **Stay Verification**: Post-stay confirmation and commission invoicing
- **Email Automation**: Integrated email system with AWS SES
- **Document Management**: Secure file uploads and document distribution

### User Roles
- **Admin (Canaccom Staff)**: Full system access with booking management
- **Client (Team Organizers)**: Access to bookings and rooming list submission
- **Hotel**: Confirmation interface and stay verification

### Technical Features
- **Responsive Design**: Mobile-first approach with Bootstrap 5
- **Security**: Role-based access control and encrypted data transmission
- **Performance**: Optimized database queries and caching
- **Scalability**: AWS-ready architecture with cloud services integration

## 🚀 Current Workflow

This project now uses Git as the source of truth for production deployments.

### Local Development

From `d:\Canaccom`:

1. Start the DB tunnel:
   ```powershell
   .\start-db-tunnel.ps1
   ```
2. Start the local PHP app:
   ```powershell
   .\start-dev.ps1
   ```
3. Open the admin app:
   ```text
   http://localhost:8000/admin/index.php
   ```

### Local Checks

Run the smoke check before deploying:

```powershell
php scripts/smoke-check.php
```

Expected local result:
- `APP_ENV=development`
- DB values point at the intended dev/runtime database
- `SMOKE_CHECK=OK`

### Git Workflow

1. Make changes locally.
2. Test in dev.
3. Commit and push to GitHub:
   ```powershell
   git status
   git add -A
   git commit -m "your message"
   git push origin main
   ```

### Production Deployment

From `d:\Canaccom`:

```powershell
.\deploy.bat prod
```

What that does:

1. Verifies you are on `main`
2. Verifies the working tree is clean
3. Pushes `main` to GitHub
4. Uploads the remote deploy helper to the server
5. Updates the full production checkout at `/var/www/html/canaccom`
6. Runs `composer install --no-dev`
7. Runs the production smoke check

Linux/macOS equivalent:

```bash
./sync-to-server.sh prod
```

### Environment Files

- Local development uses `.env.dev`
- `start-dev.ps1` copies `.env.dev` to `.env` for local runtime
- Production uses `/var/www/html/canaccom/.env`
- Do not commit real `.env` files to Git

If production environment values change, update the server `.env` directly instead of Git.

#### Safely updating production `.env`

Use this workflow when you need to change production secrets/config values:

1. SSH to the server:
   ```bash
   ssh -i "canaccom-key.pem" ec2-user@52.60.53.55
   ```
2. Create a timestamped backup outside web root:
   ```bash
   sudo cp /var/www/html/canaccom/.env /home/ec2-user/.env.backup.$(date +%Y%m%d-%H%M%S)
   ```
3. Edit the live file:
   ```bash
   sudo nano /var/www/html/canaccom/.env
   ```
4. Lock permissions:
   ```bash
   sudo chown ec2-user:ec2-user /var/www/html/canaccom/.env
   sudo chmod 600 /var/www/html/canaccom/.env
   ```
5. Validate the changed feature (upload/email/etc.) and run smoke check if needed.

Security guardrails:
- Do not commit real `.env` values to Git.
- Do not keep backup env files in web root (`/var/www/html/...`).
- Rotate key+secret pairs together when rotating credentials.
- Ensure dotfiles are blocked by web server rules (`/.env`, `/.git/*`, etc.).

### Production Smoke Check

You can verify the deployed app on the server with:

```bash
cd /var/www/html/canaccom
php scripts/smoke-check.php --expect-env=production
```

### Important Notes

- Deploys publish the full app defined by the latest pushed Git commit, not just selected files.
- Uncommitted local changes are not deployed.
- Untracked local files are not deployed unless added to Git.
- If deploy fails because of server-side local drift, back up those server changes before forcing the checkout to `origin/main`.

### Temporary Room Hold Card Workflow (No CVV)

- Card capture for rooming lists now stores **PAN + expiry only** in an encrypted vault.
- **CVV is never collected or stored**.
- Hotels receive:
  - one email with a short-lived secure link, and
  - a separate email with a one-time access code.
- Sensitive data controls:
  - encrypted at application layer using `CARD_DATA_MASTER_KEY`
  - access events are audited
  - token access is expiring and limited-view
  - public/token pages use `Cache-Control: no-store`
  - email logs redact PAN-like values

#### Required environment variables

```text
CARD_DATA_MASTER_KEY=<strong-random-secret-or-base64:...>
ROOMING_CARD_RETENTION_DAYS=14
```

#### Scheduled cleanup

Run daily in production:

```powershell
php scripts/purge-rooming-card-data.php
```

This is a temporary model until a hosted tokenized solution replaces internal storage.

---

## 📧 Automated Booking Reminder Emails

When a booking is set to **Confirmed** status, four scheduled "Good Luck & Safe Travels" emails are automatically queued for the primary team contact. The admin can toggle any email on/off from the **Change Booking Status** modal.

| Email          | Fires                   | Subject                                   |
|----------------|-------------------------|-------------------------------------------|
| 14 Day         | 14 days before arrival  | GOOD LUCK and SAFE TRAVELS - {Team Name}  |
| 7 Day          | 7 days before arrival   | GOOD LUCK and SAFE TRAVELS - {Team Name}  |
| 72 Hour        | 3 days before arrival   | GOOD LUCK and SAFE TRAVELS - {Team Name}  |
| 48 Hour        | 2 days before arrival   | GOOD LUCK and SAFE TRAVELS - {Team Name}  |

All emails are sent at **12:00 PM MST** via the cron script below. Sent reminders are logged in the **Communication** tab on the booking page.

### Cron setup (server)

```bash
# 19:00 UTC = 12:00 PM MST (UTC-7) / 13:00 MDT (UTC-6)
0 19 * * * php /var/www/html/scripts/send-booking-reminders.php >> /var/log/booking-reminders.log 2>&1
```

### One-time migration

```bash
php admin/migrate-booking-reminders.php
```

(The table is also created automatically on first use.)

## 📁 Project Structure

```
canaccom-platform/
├── admin/                 # Admin portal pages
├── client/               # Client portal pages
├── hotel/                # Hotel portal pages
├── assets/               # Static assets
│   ├── css/             # Stylesheets
│   ├── js/              # JavaScript files
│   └── images/          # Images and icons
├── config/               # Configuration files
├── includes/             # Shared includes
├── src/                  # PHP source code
│   ├── Controllers/      # Controller classes
│   ├── Models/          # Database models
│   ├── Services/        # Business logic
│   └── Helpers/         # Utility functions
├── uploads/              # File uploads
├── logs/                 # Application logs
├── database/             # Database files
├── tests/                # Unit tests
├── docs/                 # Documentation
└── vendor/               # Composer dependencies
```

## 🔧 Configuration

### Environment Variables

Key configuration options in `.env`:

```env
# Database
DB_HOST=localhost
DB_NAME=canaccom_db
DB_USER=root
DB_PASS=your_password

# Email (AWS SES)
AWS_SES_REGION=us-east-1
AWS_SES_ACCESS_KEY_ID=your_key
AWS_SES_SECRET_ACCESS_KEY=your_secret
AWS_SES_FROM_EMAIL=noreply@canaccom.com

# Application
APP_ENV=production
APP_DEBUG=false
APP_URL=https://your-domain.com
```

### Email Configuration

The platform supports multiple email providers:

1. **AWS SES** (Recommended for production)
2. **SMTP** (Gmail, Outlook, etc.)
3. **SendGrid** (via SMTP)

### File Uploads

Configure upload settings in `.env`:
```env
UPLOAD_MAX_SIZE=10485760  # 10MB
ALLOWED_FILE_TYPES=pdf,doc,docx,xls,xlsx,jpg,jpeg,png
UPLOAD_PATH=uploads/
```

## 🗄️ Database Schema

### Core Tables
- `users` - System users and authentication
- `bookings` - Main booking records
- `hotels` - Hotel information and templates
- `clients` - Team organizer information
- `guests` - Individual guest assignments
- `email_logs` - Communication tracking
- `documents` - File storage and management
- `stay_confirmations` - Post-stay verification

### Sample Data
```sql
-- Create sample admin user
INSERT INTO users (name, email, password, role, created_at) 
VALUES ('Admin User', 'admin@canaccom.com', '$2y$10$...', 'admin', NOW());

-- Create sample hotel
INSERT INTO hotels (name, address, contact_email, province, created_at)
VALUES ('Sample Hotel', '123 Main St, City, Province', 'hotel@example.com', 'ON', NOW());
```

## 🎨 Customization

### Styling
The platform uses CSS custom properties for easy theming:

```css
:root {
    --primary-color: #1e3a8a;
    --secondary-color: #f59e0b;
    --accent-color: #10b981;
}
```

### Branding
Update the following files for custom branding:
- `assets/images/canaccom-logo.png`
- `includes/header.php` (logo and company name)
- `assets/css/global.css` (colors and fonts)

## 🔒 Security

### Authentication
- Session-based authentication
- Password hashing with bcrypt
- CSRF protection on all forms
- Rate limiting on login attempts

### Data Protection
- Encrypted sensitive data (credit cards, personal info)
- Secure file uploads with validation
- HTTPS enforcement in production
- Input sanitization and validation

### Access Control
- Role-based permissions
- Route protection
- API rate limiting
- Audit logging

## 📧 Email Templates

The platform includes automated email templates for:
- Booking confirmations
- Hotel confirmation requests
- Rooming list submissions
- Stay verification forms
- Invoice generation

Templates are located in `templates/emails/` and can be customized.

## 🧪 Testing

Run the test suite:
```bash
composer test
```

Generate coverage report:
```bash
composer test-coverage
```

## 📊 Monitoring

### Logs
Application logs are stored in `logs/`:
- `app.log` - General application logs
- `error.log` - Error logs
- `email.log` - Email delivery logs
- `security.log` - Security events

### Performance
Monitor key metrics:
- Page load times
- Database query performance
- Email delivery rates
- User activity

## 🚀 Deployment

### Production Checklist
- [ ] Set `APP_ENV=production`
- [ ] Configure HTTPS
- [ ] Set up database backups
- [ ] Configure email service
- [ ] Set file permissions
- [ ] Enable error logging
- [ ] Set up monitoring

### AWS Deployment
1. Launch EC2 instance
2. Install LAMP stack
3. Configure RDS database
4. Set up SES for email
5. Configure CloudFront (optional)
6. Set up SSL certificate

## 🤝 Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests
5. Submit a pull request

## 📄 License

This project is proprietary software owned by Canaccom Travel Group.

## 🆘 Support

For support and questions:
- Email: support@canaccom.com
- Documentation: [docs.canaccom.com](https://docs.canaccom.com)
- Issues: [GitHub Issues](https://github.com/canaccom/travel-platform/issues)

## 📈 Roadmap

### Version 1.1
- [ ] Mobile app development
- [ ] Advanced reporting dashboard
- [ ] Payment processing integration
- [ ] API for third-party integrations

### Version 1.2
- [ ] Multi-language support
- [ ] Advanced automation features
- [ ] AI-powered booking optimization
- [ ] Integration with travel industry APIs

---

**Built with ❤️ by the Canaccom Travel Group Team**