chore: fix file permissions and ownership across project

- Changed ownership of all files to scheianu:scheianu
- Set directories to 755 permissions (rwxr-xr-x)
- Set files to 644 permissions (rw-r--r--)
- Made shell scripts executable (755)
- Allows development without requiring sudo for file modifications
- Improves development workflow and security

old_code_documentation/DATA_DEPLOYMENT.md

@@ -0,0 +1,75 @@
+# Data Folder Deployment Guide
+
+## Overview
+
+The `./data` folder is the **persistent data storage** for the DigiServer deployment. It is **NOT committed to the repository** but contains all necessary files copied from the repo during deployment.
+
+## Structure
+
+```
+data/
+├── app/                  # Complete application code (copied from ./app)
+├── Caddyfile            # Reverse proxy configuration (copied from root)
+├── instance/            # Flask instance folder (database, configs)
+├── uploads/             # User file uploads
+├── caddy-data/          # Caddy SSL certificates and cache
+└── caddy-config/        # Caddy configuration data
+```
+
+## Deployment Process
+
+### Step 1: Initialize Data Folder
+
+Run this script to copy all necessary files from the repository to `./data`:
+
+```bash
+./init-data.sh
+```
+
+This will:
+- Create the `./data` directory structure
+- Copy `./app` folder to `./data/app`
+- Copy `Caddyfile` to `./data/Caddyfile`
+- Set proper permissions for all files and folders
+
+### Step 2: Start Docker Containers
+
+```bash
+docker-compose up -d --build
+```
+
+### Step 3: Run Migrations (First Time Only)
+
+```bash
+sudo bash deploy.sh
+```
+
+## Important Notes
+
+- **./data is NOT in git**: The `./data` folder is listed in `.gitignore` and will not be committed
+- **All persistent data here**: Database files, uploads, certificates, and configurations are stored in `./data`
+- **Easy backups**: To backup the entire deployment, backup the `./data` folder
+- **Easy troubleshooting**: Check the `./data` folder to verify all required files are present
+- **Updates**: When you pull new changes, run `./init-data.sh` to update app files in `./data`
+
+## Deployment Checklist
+
+✓ All volumes in docker-compose.yml point to `./data`
+✓ `./data` folder contains: app/, Caddyfile, instance/, uploads/, caddy-data/, caddy-config/
+✓ Files are copied from repository to `./data` via init-data.sh
+✓ Permissions are correctly set for Docker container user
+
+## Verification
+
+Before starting:
+```bash
+ls -la data/
+# Should show: app/, Caddyfile, instance/, uploads/, caddy-data/, caddy-config/
+```
+
+After deployment check data folder for:
+```bash
+data/instance/*.db           # Database files
+data/uploads/                # User uploads
+data/caddy-data/*.pem        # SSL certificates
+```

old_code_documentation/NGINX_SETUP_QUICK.md

@@ -0,0 +1,84 @@
+# Quick Start: Nginx Setup for DigiServer v2
+
+## Pre-requisites
+- SSL certificates in `./data/nginx-ssl/cert.pem` and `./data/nginx-ssl/key.pem`
+- Docker and Docker Compose installed
+- Port 80 and 443 available
+
+## Quick Setup (3 steps)
+
+### 1. Generate Self-Signed Certificates
+```bash
+./generate_nginx_certs.sh localhost 365
+```
+
+### 2. Update Nginx Configuration
+- Edit `nginx.conf` to set your domain:
+  ```nginx
+  server_name localhost;  # Change to your domain
+  ```
+
+### 3. Start Docker Compose
+```bash
+docker-compose up -d
+```
+
+## Verification
+
+### Check if Nginx is running
+```bash
+docker ps | grep nginx
+```
+
+### Test HTTP → HTTPS redirect
+```bash
+curl -L http://localhost
+```
+
+### Test HTTPS (with self-signed cert)
+```bash
+curl -k https://localhost
+```
+
+### View logs
+```bash
+docker logs digiserver-nginx
+docker exec digiserver-nginx tail -f /var/log/nginx/access.log
+```
+
+## Using Production Certificates
+
+### Option A: Let's Encrypt (Free)
+1. Install certbot: `apt-get install certbot`
+2. Generate cert: `certbot certonly --standalone -d your-domain.com`
+3. Copy cert: `cp /etc/letsencrypt/live/your-domain.com/fullchain.pem ./data/nginx-ssl/cert.pem`
+4. Copy key: `cp /etc/letsencrypt/live/your-domain.com/privkey.pem ./data/nginx-ssl/key.pem`
+5. Fix permissions: `sudo chown 101:101 ./data/nginx-ssl/*`
+6. Reload: `docker exec digiserver-nginx nginx -s reload`
+
+### Option B: Commercial Certificate
+1. Place your certificate files in `./data/nginx-ssl/cert.pem` and `./data/nginx-ssl/key.pem`
+2. Fix permissions: `sudo chown 101:101 ./data/nginx-ssl/*`
+3. Reload: `docker exec digiserver-nginx nginx -s reload`
+
+## Troubleshooting
+
+| Issue | Solution |
+|-------|----------|
+| Port 80/443 in use | `sudo netstat -tlnp \| grep :80` or `:443` |
+| Certificate permission denied | `sudo chown 101:101 ./data/nginx-ssl/*` |
+| Nginx won't start | `docker logs digiserver-nginx` |
+| Connection refused | Check firewall: `sudo ufw allow 80/tcp && sudo ufw allow 443/tcp` |
+
+## File Locations
+- Main config: `./nginx.conf`
+- SSL certs: `./data/nginx-ssl/`
+- Logs: `./data/nginx-logs/`
+- Custom domains: `./nginx-custom-domains.conf` (auto-generated)
+
+## Next: Production Setup
+1. Update `.env` with your DOMAIN and EMAIL
+2. Configure HTTPS settings in admin panel
+3. Run: `python nginx_manager.py generate`
+4. Test: `docker exec digiserver-nginx nginx -t`
+5. Reload: `docker exec digiserver-nginx nginx -s reload`

old_code_documentation/PROXY_FIX_SETUP.md

@@ -0,0 +1,56 @@
+# ProxyFix Middleware Setup - DigiServer v2
+
+## Overview
+ProxyFix middleware is now properly configured in the Flask app to handle reverse proxy headers from Nginx (or Caddy). This ensures correct handling of:
+- **X-Real-IP**: Client's real IP address
+- **X-Forwarded-For**: List of IPs in the proxy chain
+- **X-Forwarded-Proto**: Original protocol (http/https)
+- **X-Forwarded-Host**: Original hostname
+
+## Configuration Details
+
+### Flask App (app/app.py)
+```python
+from werkzeug.middleware.proxy_fix import ProxyFix
+
+app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)
+```
+
+**Parameters:**
+- `x_for=1`: Trust one proxy for X-Forwarded-For header
+- `x_proto=1`: Trust proxy for X-Forwarded-Proto header
+- `x_host=1`: Trust proxy for X-Forwarded-Host header
+- `x_port=1`: Trust proxy for X-Forwarded-Port header
+
+### Config Settings (app/config.py)
+
+```python
+# Reverse proxy trust (for Nginx/Caddy with ProxyFix middleware)
+TRUSTED_PROXIES = os.getenv('TRUSTED_PROXIES', '127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16')
+PREFERRED_URL_SCHEME = os.getenv('PREFERRED_URL_SCHEME', 'https')
+```
+
+## Testing ProxyFix
+
+### 1. Test Real Client IP
+```bash
+docker exec digiserver-app flask shell
+>>> from flask import request
+>>> request.remote_addr  # Should show client IP
+```
+
+### 2. Test URL Scheme
+```bash
+docker exec digiserver-app flask shell
+>>> from flask import url_for
+>>> url_for('auth.login', _external=True)  # Should use https://
+```
+
+## Verification Checklist
+
+- [x] ProxyFix imported in app.py
+- [x] app.wsgi_app wrapped with ProxyFix
+- [x] TRUSTED_PROXIES configured
+- [x] PREFERRED_URL_SCHEME set to 'https'
+- [x] SESSION_COOKIE_SECURE=True in ProductionConfig
+- [x] Nginx headers configured correctly