# EduManage SMS — Deploying on cPanel

This guide covers deploying both the backend (Node/Express API) and the
frontend (React, built with Create React App) on a typical cPanel host
that offers **"Setup Node.js App"** (CloudLinux + Passenger). Most
shared-hosting cPanel accounts support this; if yours doesn't, ask your
host to enable the "Node.js Selector" / "Setup Node.js App" feature.

Database: cPanel does not provide MongoDB, so use **MongoDB Atlas**
(free tier is enough to start).

---

## 0. Before you start

- A cPanel account with **Setup Node.js App** available
- A MongoDB Atlas cluster + connection string
- (Recommended) a subdomain for the API, e.g. `api.yourschool.edu.np`,
  pointing at the same cPanel account
- Your main domain (or another subdomain) for the frontend, e.g.
  `sms.yourschool.edu.np`

---

## 1. MongoDB Atlas

1. Create a free cluster at https://cloud.mongodb.com
2. **Database Access** → add a user (e.g. `edumanage_user`) with a strong password
3. **Network Access** → add `0.0.0.0/0` (cPanel IPs are not static on shared
   hosting, so you generally must allow all — Atlas auth still protects the DB)
4. **Connect → Drivers** → copy the connection string:
   ```
   mongodb+srv://edumanage_user:<password>@cluster0.xxxxx.mongodb.net/edumanage?retryWrites=true&w=majority
   ```

---

## 2. Backend — Setup Node.js App

1. **Upload the `backend/` folder** to your account, e.g. to
   `~/edumanage-api` (NOT inside `public_html` — Node apps don't need
   to be web-root, Passenger proxies requests to them).

2. In cPanel, open **Setup Node.js App** → **Create Application**:
   - **Node.js version**: 18.x or newer
   - **Application mode**: Production
   - **Application root**: `edumanage-api` (the folder you uploaded)
   - **Application URL**: the subdomain you created, e.g. `api.yourschool.edu.np`
   - **Application startup file**: `server.js`

3. Click **Create**. cPanel will create a virtual environment and show a
   command like:
   ```
   source /home/youruser/nodevenv/edumanage-api/18/bin/activate && cd /home/youruser/edumanage-api
   ```

4. **Set environment variables** in the Node.js App UI (under "Environment
   Variables") — fill these in based on `backend/.env.example`:
   ```
   NODE_ENV            = production
   MONGO_URI           = mongodb+srv://edumanage_user:...@cluster0.xxxxx.mongodb.net/edumanage
   JWT_SECRET          = <openssl rand -base64 32>
   JWT_EXPIRE          = 7d
   JWT_REFRESH_SECRET  = <openssl rand -base64 32>
   JWT_REFRESH_EXPIRE  = 30d
   CLIENT_URL          = https://sms.yourschool.edu.np
   SMTP_HOST           = smtp.yourprovider.com
   SMTP_PORT           = 587
   SMTP_USER           = ...
   SMTP_PASS           = ...
   FROM_EMAIL          = noreply@yourschool.edu.np
   FROM_NAME           = EduManage SMS
   UPLOAD_PATH         = ./uploads
   MAX_FILE_SIZE       = 52428800
   RATE_LIMIT_WINDOW_MS = 900000
   RATE_LIMIT_MAX      = 100
   ```
   Do **not** set `PORT` manually — cPanel/Passenger assigns this
   automatically and injects it as `process.env.PORT`, which `server.js`
   already reads.

5. **Install dependencies**: use the "Run NPM Install" button in the
   Node.js App UI (this runs `npm install` inside the app's virtual env).

6. **Seed the database** (one-time, optional demo data): open the
   "Run JS Script" / terminal option for the app (or SSH in, `source` the
   venv activate command shown in step 3, `cd` to the app root, then run):
   ```bash
   node utils/seeder.js
   ```

7. Click **Restart** in the Node.js App UI. Visit
   `https://api.yourschool.edu.np/api/health` — you should see
   `{"status":"ok", ...}`.

---

## 3. Frontend — Build & upload as static files

CRA produces static HTML/CSS/JS that does **not** need Node.js to serve —
just upload it to a normal cPanel document root.

1. On your own machine (or anywhere with Node):
   ```bash
   cd frontend
   npm install
   ```

2. Create `frontend/.env.production`:
   ```
   REACT_APP_API_URL=https://api.yourschool.edu.np/api
   ```

3. Build:
   ```bash
   npm run build
   ```
   This creates a `build/` folder (CRA — **not** `dist/`).

4. Upload the **contents** of `build/` (including the `.htaccess` file
   already included in `public/.htaccess`, which CRA copies into `build/`)
   into the document root for your frontend domain/subdomain — e.g.
   `public_html/` for the main domain, or `public_html/sms/` for a
   subdomain pointing there.

5. Visit `https://sms.yourschool.edu.np` — the React app should load. The
   `.htaccess` file makes client-side routes like `/students` or
   `/reset-password/:token` work on refresh instead of returning a 404.

---

## 4. CORS check

The backend only allows requests from `CLIENT_URL` (set in step 2.4).
Make sure it **exactly** matches the frontend's origin, including
`https://` and no trailing slash, e.g.:
```
CLIENT_URL=https://sms.yourschool.edu.np
```
If you need both `https://yourschool.edu.np` and
`https://www.yourschool.edu.np` to work, pick one as canonical and
redirect the other to it at the DNS/Apache level, or extend the CORS
config in `server.js` to accept an array of origins.

---

## 5. File uploads

Uploaded files (student photos, documents, notices attachments) are
stored on disk under `UPLOAD_PATH` (default `./uploads`, relative to the
backend app root) and served at `/uploads/...` from the API domain. This
works out of the box on cPanel as long as the Node app's user has write
permission to that folder (it does, by default).

**Caveat**: shared hosting filesystems are not always persistent across
redeploys/restarts on some providers, and disk space is limited. For
heavier usage, swap the multer disk storage in
`backend/controllers/upload.controller.js` for S3-compatible storage —
see the original S3 snippet later in `DEPLOYMENT.md`.

---

## 6. Updating the app later

- **Backend**: upload changed files, then click **Restart** in Setup
  Node.js App (or run `touch tmp/restart.txt` if your cPanel uses
  Passenger's restart file convention).
- **Frontend**: rebuild locally (`npm run build`) and re-upload the
  contents of `build/`, overwriting the old files.

---

## 7. Local development (unchanged)

```bash
# Backend
cd backend
npm install
cp .env.example .env    # fill in your values
node utils/seeder.js    # seed demo data
npm run dev              # http://localhost:5000

# Frontend (new terminal)
cd frontend
npm install
cp .env.example .env.local   # REACT_APP_API_URL=http://localhost:5000/api
npm start                     # http://localhost:3000
```

### Demo Login Credentials (after seeding)
```
Admin:   admin@janajyoti.edu.np      / Admin@1234
Teacher: ram.khatri@janajyoti.edu.np / Teacher@1234
Student: aarav.karmacharya0@student.janajyoti.edu.np / Student@1234
```
On first login, enter the School ID printed by the seeder script.

---

## 8. Production checklist

- [ ] Rotate `JWT_SECRET` / `JWT_REFRESH_SECRET` (don't reuse dev values)
- [ ] `NODE_ENV=production`
- [ ] `CLIENT_URL` matches the frontend origin exactly
- [ ] MongoDB Atlas user has a strong, unique password
- [ ] SMTP uses an app password, not your real email password
- [ ] HTTPS enabled for both domains (cPanel AutoSSL / Let's Encrypt)
- [ ] `.htaccess` uploaded alongside the React build for SPA routing
- [ ] Run the seeder once, then change/remove the demo admin password