Installation & Setup
Estimated time: ~2 hours from purchase to a fully running local instance.
Prerequisites
Before you start, make sure the following tools are installed on your machine:
- Docker & Docker Compose — v24 or later (get Docker)
- Node.js — v20 LTS or later (needed only for local UI development)
- .NET SDK 10 — only if you intend to run the API outside Docker
- Git — to clone the repository after purchase
Step 1 — Clone your repository
After completing your purchase you will receive a private repository invitation. Accept it and clone the repo:
git clone https://github.com/harosoft-com/<your-project>.git
cd <your-project>Step 2 — Configure environment variables
Copy the provided example environment file and fill in your values:
cp .env.example .env
# Open .env in your editor and set:
# DB_PASSWORD, JWT_SECRET, APP_URL, etc.Step 3 — Start the application
A single Docker Compose command starts the database, backend API, and frontend together:
docker compose up --buildOnce all containers are healthy (usually 60–90 seconds), open http://localhost:4200 in your browser.
Step 4 — Seed the database & create the first admin
On first launch the database is automatically migrated. Run the seed command to create the default roles and an initial admin account:
docker compose exec api dotnet run --seedYour admin credentials are printed to the console. Change them immediately after first login.
Step 5 — Verify
Navigate to http://localhost:4200/login, log in with the seeded admin account, and confirm you can see the dashboard. That's it — you're running!
Admin Panel
The Admin Panel is the control center of your HaroFlow platform. It is accessible only to users who have been assigned the Admin or SuperAdmin role.
Accessing the Admin Panel
Log in with an admin account and click the Admin entry in the left-hand navigation menu. Non-admin users will not see this menu item — it is hidden by the role-based access control (RBAC) system.
Dashboard Overview
The main dashboard surface gives you a real-time snapshot of your platform:
- Active users and new registrations
- Revenue and subscription metrics (when billing is enabled)
- System health indicators
- Recent activity feed
User Management
Under Admin → Users you can create, edit, disable, or delete user accounts. You can also:
- Assign or revoke roles per user
- Send invitation emails directly from the panel
- Filter and search across all accounts
- Export user data to CSV for reporting
Roles & Permissions
HaroFlow ships with three built-in roles: User, Admin, and SuperAdmin. You can define additional roles and assign fine-grained permissions through Admin → Roles. Permissions are enforced on both the API (middleware) and the UI (route guards).
Settings
Admin → Settings exposes application-level configuration such as branding (logo, colours), email provider, feature flags, and third-party integrations. Changes take effect without a restart.
Audit Log
Every significant action performed by any user is logged under Admin → Audit Log. Entries include the actor, action, affected resource, and timestamp — giving you a clear trail for compliance and debugging.
User Management
HaroFlow provides a full user lifecycle out of the box — registration, email verification, profile management, and account deletion.
Self-service Registration
Public registration can be enabled or disabled from Admin → Settings. When enabled, visitors can create an account at /register. Email verification is sent automatically.
Invite-only Mode
Set REGISTRATION_MODE=invite in your .env to restrict sign-ups. Admins can then send invitation links from the Admin Panel — only users with a valid invite token can register.
Profile & Preferences
Each user has a profile page at /account where they can update their display name, avatar, notification preferences, and change their password.
Authentication & Security
Security is built into the foundation, not bolted on afterwards.
JWT + Refresh Tokens
Access tokens are short-lived (15 minutes by default). Refresh tokens are HTTP-only cookies that rotate on each use, preventing token theft from client-side JavaScript.
Role-Based Access Control (RBAC)
Every API endpoint is decorated with [Authorize(Roles = "...")] attributes. The Angular frontend enforces the same rules via route guards — unauthenticated or under-privileged users are redirected automatically.
Password Policy
Passwords are hashed with bcrypt (cost factor 12). You can configure minimum length and complexity rules in Admin → Settings.
Environment Secrets
Never commit your .env file. In production, inject secrets via your cloud provider's secret manager or Docker Swarm secrets.
Deployment
Local Development
Use docker compose up as described in the Installation section. Hot-reload is enabled for both the Angular frontend and the .NET API in development mode.
Production on a Linux VPS
The recommended setup is a Linux server (Ubuntu 22.04+) with Docker installed. Point your domain at the server, configure an HTTPS reverse proxy (Nginx or Caddy), and run:
docker compose -f docker-compose.prod.yml up -d A production-ready docker-compose.prod.yml with Nginx and Let's Encrypt is included in the repository.
Cloud Providers
HaroFlow runs on any cloud that supports Docker: AWS EC2/ECS, GCP Compute/Cloud Run, Azure Container Instances, DigitalOcean Droplets, Hetzner, and more. No vendor lock-in — if it runs Docker, it runs HaroFlow.
Scaling
The API is stateless — scale horizontally by adding replicas behind a load balancer. The PostgreSQL database can be promoted to a managed service (RDS, Cloud SQL, etc.) by updating the connection string in .env.
Customisation
The codebase is structured to be extended with AI tools like Cursor and GitHub Copilot. Every module follows consistent patterns so the AI has enough context to generate correct code on the first try.
Frontend (Angular)
Pages live in src/app/pages/. Each page is a standalone component — add a new folder, create the component, and register the route in app.routes.ts. The Material Design system and Tabler Icons are pre-configured.
Backend (.NET 10)
Follow the Controller → Service → Repository pattern used throughout. Add a new entity, create a migration with EF Core, and expose it via a new controller. The auto-generated Swagger UI at /swagger documents the API as you build.
Theming
Global design tokens (colours, spacing, typography) are defined in src/styles.scss. Override the Material palette variables to match your brand without touching component styles.
Need help?
If you get stuck, our team is happy to jump in. Reach us via the Contact page or [email protected]. Customisation services are also available — we can build new features for you directly.