A Next.js frontend for Cerberus IAM β the centralized Identity & Access Management and user directory platform. This app provides the web UI for authentication flows, user self-service, and admin user management.
Cerberus IAM Frontend is the UI client for Cerberus IAM, serving as the primary interface for identity and access management operations. It provides a modern, responsive web application for authentication, user management, and administrative functions.
This application never performs authentication logic on its own; all auth and directory operations are delegated to the Cerberus IAM API (ExpressJS backend). The frontend focuses on providing an excellent user experience while maintaining security through proper API integration.
-
Authentication Pages
- User login with secure credential handling
- User registration and account creation
- Password reset and forgot password flows
- Secure logout with session cleanup
-
User Self-Service
- View and update user profile information
- Change password functionality
- Manage user preferences and settings
-
Admin Features
- Search and browse user directory
- View and edit user details
- Manage user roles and permissions
- Monitor user status and activity
- Advanced data table with sorting, filtering, and pagination
-
API Integration
- RESTful API calls to Cerberus IAM backend
- Session-based authentication with secure cookie handling
- Comprehensive error handling and user feedback
- Type-safe API client with Result pattern
- Framework: Next.js 16 (Pages Router)
- Language: TypeScript 5
- UI Library: React 19
- Styling: Tailwind CSS 4
- Component Library: Radix UI + shadcn/ui
- Data Tables: TanStack Table
- Icons: Lucide Icons, Tabler Icons
- Theme: next-themes for dark mode support
- Validation: Zod
- HTTP Client: Custom API client with fetch
- Testing: Jest + React Testing Library + Playwright
Before you begin, ensure you have the following installed:
- Node.js: Version 20.x LTS or higher
- npm: Version 10.x or higher (comes with Node.js)
- Cerberus IAM API: Access to a running instance (development, staging, or production)
git clone https://github.com/cerberus-iam/app.git
cd appnpm installCreate a .env.local file in the root directory:
cp .env.example .env.localEdit .env.local and configure the required variables (see Environment Variables section below).
npm run devThe application will start at http://localhost:3000.
Open your browser and navigate to the URL. You should be redirected to the login page.
The following environment variables are required for the application to function properly:
| Variable | Required | Description | Example |
|---|---|---|---|
NEXT_PUBLIC_API_BASE_URL |
Yes | Base URL of the Cerberus IAM API (public, client-side) | http://localhost:4000 or https://iam-api.example.com |
API_BASE_URL |
Yes | Base URL of the Cerberus IAM API (server-side only) | http://localhost:4000 or https://iam-api.example.com |
NEXT_PUBLIC_APP_URL |
Yes | Base URL of this frontend application | http://localhost:3000 or https://iam.example.com |
NEXT_PUBLIC_ORG_SLUG |
No | Organization slug for multi-tenant setups | acme-corp |
-
Copy
.env.exampleto.env.local:cp .env.example .env.local
-
Update the values in
.env.localwith your configuration. -
Important: Never commit
.env.localor any file containing secrets to version control.
All authentication and user management operations are delegated to the Cerberus IAM API. The frontend acts as a client, making HTTP requests to the backend.
| Endpoint | Method | Purpose |
|---|---|---|
/v1/auth/login |
POST | Authenticate user and create session |
/v1/auth/logout |
POST | Terminate user session |
/v1/auth/register |
POST | Create new user account |
/v1/auth/me |
GET | Get current authenticated user |
/v1/auth/forgot-password |
POST | Initiate password reset flow |
/v1/users |
GET | List and search users (admin) |
/v1/users/:id |
GET | Get user details by ID |
/v1/users/:id |
PUT | Update user information |
- Authentication: Cookie-based sessions managed by the backend
- Credentials: HttpOnly cookies for security (not accessible via JavaScript)
- CSRF Protection: Implemented at the API level
- API Client: Custom fetch-based client in
src/lib/api/client.ts
app/
βββ src/
β βββ pages/ # Next.js Pages Router
β β βββ index.tsx # Home page (redirects to login)
β β βββ login.tsx # Login page
β β βββ register.tsx # Registration page
β β βββ forgot-password.tsx # Password reset
β β βββ dashboard.tsx # Main dashboard
β β βββ users/ # User management pages
β β β βββ index.tsx # User list with data table
β β βββ api/ # API routes (if any)
β β βββ _app.tsx # App wrapper component
β β βββ _document.tsx # HTML document wrapper
β βββ components/ # Reusable React components
β β βββ ui/ # shadcn/ui components
β βββ layouts/ # Layout components
β βββ lib/ # Utility libraries
β β βββ api/ # API client and utilities
β β β βββ client.ts # HTTP client configuration
β β βββ auth/ # Authentication utilities
β β βββ result.ts # Result type for error handling
β β βββ utils.ts # General utility functions
β βββ hooks/ # Custom React hooks
β βββ types/ # TypeScript type definitions
β βββ config/ # Application configuration
β βββ content/ # Static content and data
β βββ styles/ # Global styles and CSS
β βββ globals.css # Tailwind CSS + CSS variables
βββ e2e/ # Playwright E2E tests
βββ public/ # Static assets
βββ .github/ # GitHub workflows and templates
βββ [config files] # Configuration files
The following npm scripts are available:
| Script | Command | Description |
|---|---|---|
dev |
npm run dev |
Start development server at http://localhost:3000 |
build |
npm run build |
Create optimized production build |
start |
npm run start |
Start production server (requires npm run build first) |
lint |
npm run lint |
Run ESLint to check for code issues |
format |
npm run format |
Format code with Prettier |
format:check |
npm run format:check |
Check if code is formatted correctly |
test |
npm test |
Run unit tests with Jest |
test:watch |
npm run test:watch |
Run tests in watch mode |
test:coverage |
npm run test:coverage |
Generate test coverage report |
test:e2e |
npm run test:e2e |
Run end-to-end tests with Playwright |
test:e2e:ui |
npm run test:e2e:ui |
Run E2E tests with Playwright UI |
prepare |
npm run prepare |
Set up Git hooks (runs automatically after install) |
Unit tests focus on testing individual components and utility functions in isolation.
Run unit tests:
npm testRun in watch mode:
npm run test:watchGenerate coverage report:
npm run test:coverageTest files are located in:
src/components/**/__tests__/*.test.tsxsrc/lib/**/*.test.ts
E2E tests verify critical user flows across the entire application.
Run E2E tests:
npm run test:e2eRun with UI mode:
npm run test:e2e:uiCritical flows covered:
- User authentication (login, logout, registration)
- Password reset flow
- Protected route access
- User management operations
- Dashboard navigation
E2E test files are located in e2e/ directory.
This application is configured for deployment to Railway.
Deployment Steps:
-
Connect Repository: Link your GitHub repository to Railway
-
Set Environment Variables: Configure all required environment variables in Railway dashboard:
NEXT_PUBLIC_API_BASE_URLAPI_BASE_URLNEXT_PUBLIC_APP_URLNEXT_PUBLIC_ORG_SLUG(if applicable)
-
Build Settings:
- Build Command:
npm run build - Start Command:
npm run start
- Build Command:
-
Deploy: Railway will automatically deploy on push to the main branch
GitHub Actions workflows handle automated testing and deployment:
- CI Pipeline: Runs linting, type-checking, and tests on every PR
- E2E Tests: Executes Playwright tests on PR creation
- Deploy: Automatically deploys to Railway on merge to main
- PR Checks: Validates commit messages and code quality
All checks must pass before merging a pull request.
We welcome contributions! Please read our CONTRIBUTING.md for details on:
- Development workflow and branching strategy
- Code style and linting requirements
- Commit message conventions (Conventional Commits)
- Testing requirements
- Pull request process
- Fork the repository
- Create a feature branch:
git checkout -b feat/your-feature-name - Make your changes and commit:
git commit -m "feat: add new feature" - Push to your fork:
git push origin feat/your-feature-name - Open a pull request
Before submitting a PR:
npm run lint # Check for linting errors
npm run format # Format code with Prettier
npm test # Run unit tests
npm run test:e2e # Run E2E testsAll commits must follow Conventional Commits format. Pre-commit hooks will enforce this automatically.
This project is proprietary software. All rights reserved.
See LICENSE for more information.
Need Help? Check out our DEVELOPMENT.md for detailed development documentation or open an issue on GitHub.