22 changed files with 170 additions and 708 deletions
--- a/Back/alembic/versions/36ed70229177_add_owner_id_to_group.py
+++ b/Back/alembic/versions/36ed70229177_add_owner_id_to_group.py
@ -1,57 +0,0 @@
 """add owner_id to group
 Revision ID: 36ed70229177
 Revises: b5ace31192c3
 Create Date: 2026-03-28 13:26:31.817104
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision: str = '36ed70229177'
 down_revision: Union[str, Sequence[str], None] = 'b5ace31192c3'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    """Upgrade schema."""
    # 1. Add column as nullable
    op.add_column('groups', sa.Column('owner_id', sa.UUID(), nullable=True))
    op.create_index(op.f('ix_groups_owner_id'), 'groups', ['owner_id'], unique=False)
    op.create_foreign_key(None, 'groups', 'users', ['owner_id'], ['id'], ondelete='CASCADE')
    # 2. Update existing groups with an owner (using the first manager or any member)
    op.execute("""
        UPDATE groups g
        SET owner_id = (
            SELECT user_id 
            FROM group_members 
            WHERE group_id = g.id 
            ORDER BY (CASE WHEN role::text = 'MANAGER' THEN 0 ELSE 1 END), user_id
            LIMIT 1
        )
    """)
    # 3. For any group that still has NULL (unlikely), set to the first user in the system
    op.execute("""
        UPDATE groups
        SET owner_id = (SELECT id FROM users LIMIT 1)
        WHERE owner_id IS NULL
    """)
    # 4. Set NOT NULL constraint
    op.alter_column('groups', 'owner_id', nullable=False)
 def downgrade() -> None:
    """Downgrade schema."""
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_constraint(None, 'groups', type_='foreignkey')
    op.drop_index(op.f('ix_groups_owner_id'), table_name='groups')
    op.drop_column('groups', 'owner_id')
    # ### end Alembic commands ###
--- a/Back/core/config.py
+++ b/Back/core/config.py
@ -10,12 +10,10 @@ class Settings(BaseSettings):
    ACCESS_TOKEN_EXPIRE_DAYS: int = 1
    REFRESH_TOKEN_EXPIRE_WEEKS: int = 12
    ALGORITHM: str = "HS256"
-    SECRET_PASS_LENGTH: int = 4
+    SECRET_PASS_LENGTH: int
    DATABASE_URL: str
    REDIS_URL: str
    REDIS_USERNAME: str
    REDIS_PASSWORD: str
    LIVEKIT_API_KEY: str
    LIVEKIT_API_SECRET: str
--- a/Back/core/logger.py
+++ b/Back/core/logger.py
@ -1,38 +0,0 @@
 import logging
 import os
 from typing import Final
 DEFAULT_LOG_LEVEL: Final[str] = "INFO"
 DEFAULT_LOG_FORMAT: Final[str] = (
    "%(asctime)s | %(levelname)s | %(name)s | %(message)s"
 )
 _configured = False
 def _resolve_log_level() -> int:
    level_name = os.getenv("LOG_LEVEL", DEFAULT_LOG_LEVEL).upper()
    return getattr(logging, level_name, logging.INFO)
 def setup_logging() -> None:
    global _configured
    if _configured:
        return
    root_logger = logging.getLogger()
    root_logger.setLevel(_resolve_log_level())
    if not root_logger.handlers:
        handler = logging.StreamHandler()
        handler.setFormatter(logging.Formatter(DEFAULT_LOG_FORMAT))
        root_logger.addHandler(handler)
    _configured = True
 def get_logger(name: str) -> logging.Logger:
    setup_logging()
    return logging.getLogger(name)
--- a/Back/core/rate_limit.py
+++ b/Back/core/rate_limit.py
@ -1,7 +1,6 @@
 # core/rate_limit.py
-from fastapi import Request, WebSocket, HTTPException, status
+from fastapi import Request, HTTPException, status
 from starlette.requests import HTTPConnection
 from db.redis import redis_client
 class RateLimiter:
@ -15,28 +14,37 @@ class RateLimiter:
        self.window_seconds = window_seconds
        self.scope = scope
-    async def __call__(self, connection: HTTPConnection):
+    async def __call__(self, request: Request):
-        client_ip = connection.client.host if connection.client else "127.0.0.1"
+        # getting client ip
        client_ip = request.client.host if request.client else "127.0.0.1"
-        real_ip = connection.headers.get("x-real-ip", connection.headers.get("x-forwarded-for", client_ip))
+        # when project is in docker and behind nginx, the real ip is in the headers
        real_ip = request.headers.get("x-real-ip", request.headers.get("x-forwarded-for", client_ip))
        # if there are multiple ips, take the first ip (the real user ip)
        real_ip = real_ip.split(",")[0].strip()
        # creating redis key based on scope
        if self.scope == "global":
            # key for global limit (e.g., rate_limit:global:192.168.1.5)
            key = f"rate_limit:global:{real_ip}"
        else:
-            path = connection.scope["path"]
+            # key for endpoint limit (e.g., rate_limit:endpoint:192.168.1.5:/admin/login)
            path = request.scope["path"]
            key = f"rate_limit:endpoint:{real_ip}:{path}"
        # adding 1 to the number of requests for this ip in redis
        current_count = await redis_client.incr(key)
        # if this is the first request in this time window, set the expiration time (TTL)
        if current_count == 1:
            await redis_client.expire(key, self.window_seconds)
        # if the number of requests exceeds the limit, access is blocked
        if current_count > self.requests:
            # penalty: if someone spams, the time they are blocked is extended from zero again
            await redis_client.expire(key, self.window_seconds)
            # If it's a WebSocket connection, we might want to raise WebSocketException
            # But Starlette's HTTPException is also handled by FastAPI for WebSockets by closing the connection.
            raise HTTPException(
                status_code=status.HTTP_429_TOO_MANY_REQUESTS,
-                detail="تعداد درخواست‌های شما از حد مجاز گذشته است. لطفاً بعداً دوباره تلاش کنید."
+                detail="Too many requests. Please try again later."
            )
--- a/Back/docker-compose.yml
+++ b/Back/docker-compose.yml
@ -9,10 +9,7 @@ services:
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: always
-    ports:
+
      - "5432:5432"
    networks:
      - internal
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ]
      interval: 5s
@ -25,13 +22,9 @@ services:
    volumes:
      - redis_data:/data
    restart: always
-    command: redis-server --requirepass ${REDIS_PASSWORD}
+
    ports:
      - "6379:6379"
    networks:
      - internal
    healthcheck:
-      test: [ "CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping" ]
+      test: [ "CMD", "redis-cli", "ping" ]
      interval: 5s
      timeout: 3s
      retries: 5
@ -39,20 +32,33 @@ services:
  livekit:
    image: livekit/livekit-server
    container_name: neda_livekit
-    network_mode: "host"
+    ports:
      - "7780:7880"
      - "7781:7881"
      - "50000-50100:50000-50100/udp"
    env_file:
      - .env
    volumes:
      - ./livekit.yaml:/etc/livekit/livekit.yaml
      - /etc/letsencrypt:/etc/letsencrypt:ro  # uncomment when using letsencrypt
    command: [ "--config", "/etc/livekit/livekit.yaml", "--keys", "${LIVEKIT_API_KEY}: ${LIVEKIT_API_SECRET}" ]
    restart: always
-    healthcheck:
+
-      test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7780/health" ]
+  pgadmin:
-      interval: 10s
+    image: dpage/pgadmin4:latest
-      timeout: 5s
+    container_name: neda_pgadmin
-      retries: 3
+    restart: always
-      start_period: 10s
+    ports:
      - "5050:80"
    environment:
      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
      PGADMIN_CONFIG_SERVER_MODE: 'True'
      PGADMIN_CONFIG_UPGRADE_CHECK_ENABLED: 'False'
      PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
    volumes:
      - pgadmin_data:/var/lib/pgadmin
    depends_on:
      - postgres
  pg_backup:
    image: prodrigestivill/postgres-backup-local
@ -69,14 +75,13 @@ services:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      SCHEDULE: '@daily'
      BACKUP_KEEP_DAYS: 7
-    networks:
+      
      - internal
    depends_on:
      postgres:
        condition: service_healthy
  api:
-    image: back-api
+    build: .
    container_name: neda_api
    ports:
      - "8000:8000"
@ -84,9 +89,6 @@ services:
      - "./:/app"
    env_file:
      - .env
    networks:
      - public
      - internal
    depends_on:
      postgres:
        condition: service_healthy
@ -96,13 +98,6 @@ services:
        condition: service_started
    restart: always
 networks:
  public:
    driver: bridge
  internal:
    driver: bridge
    internal: true
 volumes:
  postgres_data:
  redis_data:
--- a/Back/domains/admin/api.py
+++ b/Back/domains/admin/api.py
@ -11,6 +11,9 @@ from domains.admin.schemas import (
    AdminUserResponse
 )
 from domains.groups.schemas import GroupResponse
 from domains.groups.repo import get_all_groups
 from domains.admin.service import (
    admin_create_user,
    admin_reset_user_secret
@ -99,8 +102,12 @@ async def list_users(
    return await get_all_users(db, include_admin=True)
-    return await get_all_users(db, include_admin=True)
+@router.get("/groups", response_model=list[GroupResponse])
-
+async def list_groups(
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    return await get_all_groups(db)
@router.get("/notifications", response_model=list[NotificationResponse])
 async def list_notifications(
--- a/Back/domains/admin/service.py
+++ b/Back/domains/admin/service.py
@ -11,10 +11,12 @@ from domains.users.repo import (
 )
 from core.security import hash_password
-from core.config import settings
+
 def generate_user_secret():
-    return secrets.token_urlsafe(settings.SECRET_PASS_LENGTH)
+    # return secrets.token_urlsafe(16)
    #for test
    return "1234"
 async def admin_create_user(
    db: AsyncSession,
--- a/Back/domains/groups/api/client.py
+++ b/Back/domains/groups/api/client.py
@ -1,69 +1,98 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.ext.asyncio import AsyncSession
 import uuid
 from db.session import get_db
-from core.deps import get_current_user
+from core.deps import get_current_admin, get_current_user
 from domains.groups.schemas import (
    GroupCreate,
    GroupResponse,
    AddMemberRequest,
-    GroupMemberResponse,
+    GroupMemberResponse
 )
 from domains.groups.service import (
-    create_user_group,
+    create_new_group,
    list_user_groups,
    list_all_groups_admin,
    list_group_members_api,
    invite_member_to_group,
    delete_group_service,
    remove_member_from_group
 )
 router = APIRouter(
    prefix="/groups",
    tags=["groups"]
 )
-@router.post("/", response_model=GroupResponse)
+
-async def user_create_group(
+@router.post(
    "/",
    response_model=GroupResponse
 )
 async def create_group(
    payload: GroupCreate,
    db: AsyncSession = Depends(get_db),
    user=Depends(get_current_user)
 ):
    """
-    Regular users always create private groups and become the first manager.
+    Admin creates Public groups, Regular users create Private groups.
    """
-    return await create_user_group(
+    group = await create_new_group(
        db,
-        name=payload.name,
+        payload.name,
-        owner_id=user.id
+        user.id,
        user.is_admin
    )
    return group
@router.get("/my", response_model=list[GroupResponse])
 async def my_groups(
    db: AsyncSession = Depends(get_db),
    user=Depends(get_current_user)
 ):
    """
-    List groups the current user is a member of.
+    List groups the user is a member of.
    """
    return await list_user_groups(db, user.id)
@router.get("/admin/all", response_model=list[GroupResponse])
 async def list_all_groups(
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    """
    Admin can see all groups.
    """
    return await list_all_groups_admin(db)
@router.get("/{group_id}/members", response_model=list[GroupMemberResponse])
-async def list_members(
+async def group_members(
-    group_id: uuid.UUID,
+    group_id: str,
    db: AsyncSession = Depends(get_db),
    user=Depends(get_current_user)
 ):
-    return await list_group_members_api(db, str(group_id))
+    """
    List group members with username and online status.
    """
    return await list_group_members_api(db, group_id)
@router.post("/{group_id}/invite")
 async def invite_member(
-    group_id: uuid.UUID,
+    group_id: str,
    payload: AddMemberRequest,
    db: AsyncSession = Depends(get_db),
    user=Depends(get_current_user)
 ):
    """
    Invite a user by username. Sends a notification.
    """
    try:
        notification = await invite_member_to_group(
            db,
@ -71,39 +100,34 @@ async def invite_member(
            user.id,
            payload.username
        )
-        return {"message": "Invitation sent", "notification_id": str(notification.id)}
+        return {"message": "دعوت ارسال شد", "notification_id": notification.id}
    except ValueError as e:
-        raise HTTPException(status_code=400, detail=str(e))
+        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail=str(e)
        )
@router.delete("/{group_id}")
 async def delete_my_group(
    group_id: uuid.UUID,
    db: AsyncSession = Depends(get_db),
    user=Depends(get_current_user)
 ):
    """
    Only the Group Owner (creator) can delete the group.
    """
    try:
        await delete_group_service(db, group_id, user)
        return {"message": "Group deleted successfully"}
    except ValueError as e:
        raise HTTPException(status_code=403, detail=str(e))
@router.delete("/{group_id}/members/{user_id}")
 async def remove_member(
-    group_id: uuid.UUID,
+    group_id: str,
-    user_id: uuid.UUID,
+    user_id: str,
    db: AsyncSession = Depends(get_db),
    user=Depends(get_current_user)
 ):
    """
-    A group manager can remove members from their own group.
+    Admin or Group Manager can remove a member.
    """
    try:
-        await remove_member_from_group(db, group_id, user_id, user)
+        await remove_member_from_group(
-        return {"message": "Member removed successfully"}
+            db,
-    except PermissionError as e:
+            group_id,
-        raise HTTPException(status_code=403, detail=str(e))
+            user_id,
            user
        )
        return {"message": "عضو با موفقیت حذف شد"}
    except ValueError as e:
-        raise HTTPException(status_code=400, detail=str(e))
+        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail=str(e)
        )
--- a/Back/domains/groups/api/init.py
+++ b/Back/domains/groups/api/init.py
@ -1,6 +0,0 @@
 from fastapi import APIRouter
 from domains.groups.api.admin import router as admin_router
 from domains.groups.api.client import router as client_router
 # The API is split into two specialized routers
 # This will be included in main.py
--- a/Back/domains/groups/api/admin.py
+++ b/Back/domains/groups/api/admin.py
@ -1,111 +0,0 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.ext.asyncio import AsyncSession
 import uuid
 from db.session import get_db
 from core.deps import get_current_admin
 from domains.groups.schemas import (
    AdminGroupCreate,
    GroupResponse,
    AdminAddMemberRequest,
    GroupMemberResponse
 )
 from domains.groups.service import (
    create_admin_group,
    list_all_groups_admin,
    add_member_to_group,
    list_group_members_api,
    remove_member_from_group,
    delete_group_service
 )
 router = APIRouter(
    prefix="/admin/groups",
    tags=["admin-groups"]
 )
@router.post("/", response_model=GroupResponse)
 async def admin_create_group(
    payload: AdminGroupCreate,
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    """
    Admin always creates public groups and is not auto-added as a member.
    """
    return await create_admin_group(
        db,
        name=payload.name,
        owner_id=admin.id
    )
@router.get("/", response_model=list[GroupResponse])
 async def list_all_groups(
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    """
    List all groups in the system.
    """
    return await list_all_groups_admin(db)
@router.get("/{group_id}/members", response_model=list[GroupMemberResponse])
 async def admin_list_members(
    group_id: uuid.UUID,
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    return await list_group_members_api(db, group_id)
@router.post("/{group_id}/members", response_model=None)
 async def force_add_member(
    group_id: uuid.UUID,
    payload: AdminAddMemberRequest,
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    """
    Force add a user to a group with a specific role. Bypasses invitation.
    """
    from domains.users.repo import get_user_by_username
    target_user = await get_user_by_username(db, payload.username)
    if not target_user:
        raise HTTPException(status_code=404, detail="User not found")
    try:
        await add_member_to_group(db, group_id, target_user.id, payload.role)
        return {"message": f"User {payload.username} added successfully"}
    except ValueError as e:
        raise HTTPException(status_code=400, detail=str(e))
@router.delete("/{group_id}/members/{user_id}")
 async def admin_remove_member(
    group_id: uuid.UUID,
    user_id: uuid.UUID,
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    """
    Admin can remove any user from any group.
    """
    try:
        await remove_member_from_group(db, group_id, user_id, admin)
        return {"message": "Member removed successfully"}
    except ValueError as e:
        raise HTTPException(status_code=400, detail=str(e))
@router.delete("/{group_id}")
 async def admin_delete_group(
    group_id: uuid.UUID,
    db: AsyncSession = Depends(get_db),
    admin=Depends(get_current_admin)
 ):
    """
    Admin can delete any group.
    """
    try:
        await delete_group_service(db, group_id, admin)
        return {"message": "Group deleted successfully"}
    except ValueError as e:
        raise HTTPException(status_code=403, detail=str(e))
--- a/Back/domains/groups/models.py
+++ b/Back/domains/groups/models.py
@ -39,12 +39,6 @@ class Group(Base):
        index=True
    )
    owner_id: Mapped[uuid.UUID] = mapped_column(
        ForeignKey("users.id", ondelete="CASCADE"),
        nullable=False,
        index=True
    )
    # Relationship to members
    members: Mapped[list["GroupMember"]] = relationship(back_populates="group", cascade="all, delete-orphan")
--- a/Back/domains/groups/repo.py
+++ b/Back/domains/groups/repo.py
@ -72,11 +72,3 @@ async def delete_group_member(db: AsyncSession, group_id: uuid.UUID, user_id: uu
        .where(GroupMember.user_id == user_id)
    )
    await db.commit()
 async def delete_group(db: AsyncSession, group_id: uuid.UUID):
    from sqlalchemy import delete
    await db.execute(
        delete(Group)
        .where(Group.id == group_id)
    )
    await db.commit()
--- a/Back/domains/groups/schemas.py
+++ b/Back/domains/groups/schemas.py
@ -6,15 +6,10 @@ from domains.groups.models import GroupType, GroupMemberRole
 class GroupCreate(BaseModel):
    name: str = Field(..., max_length=50, description='name of the group')
 class AdminGroupCreate(BaseModel):
    name: str = Field(..., max_length=50, description='name of the group')
 class GroupResponse(BaseModel):
    id: uuid.UUID = Field(...)
    name: str = Field(..., max_length=50, description='name of the group')
    type: GroupType = Field(..., description='type of the group')
    owner_id: uuid.UUID = Field(...)
    is_active: bool = Field(..., description='is active')
    class Config:
@ -23,11 +18,6 @@ class GroupResponse(BaseModel):
 class AddMemberRequest(BaseModel):
    username: str = Field(..., max_length=20, description='username of the user')
 class AdminAddMemberRequest(BaseModel):
    username: str = Field(..., max_length=20, description='username of the user')
    role: GroupMemberRole = Field(GroupMemberRole.MEMBER, description='role of the user in the group')
 class GroupMemberResponse(BaseModel):
    user_id: uuid.UUID = Field(...)
    username: str = Field(..., max_length=20, description='username of the user')
--- a/Back/domains/groups/service.py
+++ b/Back/domains/groups/service.py
@ -11,7 +11,6 @@ from domains.groups.repo import (
    get_user_groups,
    get_group_members_with_details,
    delete_group_member,
    delete_group,
    get_group_member,
    get_all_groups as repo_get_all_groups
 )
@ -19,24 +18,25 @@ from domains.realtime.presence_service import list_online_users
 from domains.users.repo import get_user_by_username
 from domains.notifications.service import send_join_request
-
+async def create_new_group(
 async def create_user_group(
    db: AsyncSession,
    name: str,
-    owner_id: uuid.UUID,
+    creator_id: uuid.UUID,
    is_admin: bool
 ):
    group_type = GroupType.PUBLIC if is_admin else GroupType.PRIVATE
    group = Group(
        name=name,
-        type=GroupType.PRIVATE,
+        type=group_type
        owner_id=owner_id
    )
    await create_group(db, group)
-    # Owner becomes Manager
+    # Creator becomes Manager
    membership = GroupMember(
        group_id=group.id,
-        user_id=owner_id,
+        user_id=creator_id,
        role=GroupMemberRole.MANAGER
    )
    await add_group_member(db, membership)
@ -44,21 +44,6 @@ async def create_user_group(
    return group
 async def create_admin_group(
    db: AsyncSession,
    name: str,
    owner_id: uuid.UUID,
 ):
    group = Group(
        name=name,
        type=GroupType.PUBLIC,
        owner_id=owner_id
    )
    await create_group(db, group)
    return group
 async def invite_member_to_group(
    db: AsyncSession,
    group_id: str | uuid.UUID,
@ -131,10 +116,10 @@ async def list_all_groups_admin(db: AsyncSession):
    return await repo_get_all_groups(db)
-async def list_group_members_api(db: AsyncSession, group_id: str | uuid.UUID):
+async def list_group_members_api(db: AsyncSession, group_id: str):
-    group_id_uuid = group_id if isinstance(group_id, uuid.UUID) else uuid.UUID(group_id)
+    group_id_uuid = uuid.UUID(group_id)
    members_data = await get_group_members_with_details(db, group_id_uuid)
-    online_users = await list_online_users(str(group_id_uuid))
+    online_users = await list_online_users(str(group_id))
    result = []
    for member_info in members_data:
@ -157,42 +142,10 @@ async def remove_member_from_group(
    group_id_uuid = group_id if isinstance(group_id, uuid.UUID) else uuid.UUID(group_id)
    target_user_id_uuid = target_user_id if isinstance(target_user_id, uuid.UUID) else uuid.UUID(target_user_id)
    group = await get_group_by_id(db, group_id_uuid)
    if not group:
        raise ValueError("گروهی یافت نشد")
    # Admin can remove anyone
    if not requesting_user.is_admin:
        membership = await get_group_member(db, group_id_uuid, requesting_user.id)
        if not membership or membership.role != GroupMemberRole.MANAGER:
-            raise PermissionError("دسترسی لازم را ندارید")
+            raise ValueError("دسترسی لازم را ندارید")
    if group.owner_id == target_user_id_uuid:
        raise ValueError("حذف سازنده گروه مجاز نیست")
    target_membership = await get_group_member(db, group_id_uuid, target_user_id_uuid)
    if not target_membership:
        raise ValueError("کاربر عضو این گروه نیست")
    if not requesting_user.is_admin and target_membership.role != GroupMemberRole.MEMBER:
        raise ValueError("حذف مدیر گروه مجاز نیست")
    await delete_group_member(db, group_id_uuid, target_user_id_uuid)
 async def delete_group_service(
    db: AsyncSession,
    group_id: str | uuid.UUID,
    requesting_user
 ):
    group_id_uuid = group_id if isinstance(group_id, uuid.UUID) else uuid.UUID(group_id)
    group = await get_group_by_id(db, group_id_uuid)
    if not group:
        raise ValueError("گروهی یافت نشد")
    # Permission check: System Admin or Group Owner
    if not requesting_user.is_admin and group.owner_id != requesting_user.id:
        raise ValueError("شما دسترسی لازم برای حذف گروه را ندارید (فقط سازنده گروه یا ادمین سیستم)")
    await delete_group(db, group_id_uuid)
--- a/Back/domains/realtime/speaker_service.py
+++ b/Back/domains/realtime/speaker_service.py
@ -1,8 +1,6 @@
 import uuid
 from livekit import api
 from livekit.api.twirp_client import TwirpError
 from sqlalchemy.ext.asyncio import AsyncSession
 from core.logger import get_logger
 from integrations.livekit.client import get_livekit_api
 from db.redis import (
    acquire_speaker,
@ -10,8 +8,7 @@ from db.redis import (
    get_active_speaker
 )
-logger = get_logger(__name__)
+from domains.groups.repo import get_group_by_id
 async def request_speak(
    group_id: str | uuid.UUID,
@ -46,21 +43,13 @@ async def current_speaker(group_id: str | uuid.UUID):
 async def grant_publish_permission(room_name: str, identity: str, can_publish: bool):
    lk_api = get_livekit_api()
-    try:
+    await lk_api.room.update_participant(
-        await lk_api.room.update_participant(
+        api.UpdateParticipantRequest(
-            api.UpdateParticipantRequest(
+            room=room_name,
-                room=room_name,
+            identity=identity,
-                identity=identity,
+            permission=api.ParticipantPermission(
-                permission=api.ParticipantPermission(
+                can_publish=can_publish,
-                    can_publish=can_publish,
+                can_subscribe=True
                    can_subscribe=True
                )
            )
        )
-    except TwirpError as e:
+    )
        if "not_found" in str(e).lower() or "exist" in str(e).lower():
            logger.warning(f"Participant {identity} already left the room.")
        else:
            logger.error(f"Error updating participant: {e}")
    except Exception as e:
        logger.error(f"Unexpected error in grant_permission: {e}")
--- a/Back/domains/realtime/ws.py
+++ b/Back/domains/realtime/ws.py
@ -124,7 +124,7 @@ async def group_ws(websocket: WebSocket, group_id: str):
            # anti spam
            current_time = time.time()
-            if current_time - last_action_time < 0.1:
+            if current_time - last_action_time < 0.5:
                continue
            last_action_time = current_time
--- a/Back/integrations/livekit/token_service.py
+++ b/Back/integrations/livekit/token_service.py
@ -1,7 +1,7 @@
 from livekit import api
 from core.config import settings
-from datetime import timedelta
+
 def generate_join_token(
    user_id: str,
@ -15,7 +15,6 @@ def generate_join_token(
    )
    token.with_identity(user_id)
    token.with_ttl(timedelta(hours=2))
    token.with_grants(
        api.VideoGrants(
--- a/Back/livekit.yaml
+++ b/Back/livekit.yaml
@ -1,25 +1,11 @@
-port: 7780
+port: 7880
 rtc:
-  tcp_port: 7781
+  tcp_port: 7881
-  port_range_start: 51000
+  port_range_start: 50000
-  port_range_end: 52000
+  port_range_end: 50100
  use_external_ip: false
-  node_ip: "188.213.199.211" # uncomment when using server ip
+  # node_ip: "94.183.170.121"
 # room:
 #   empty_timeout: 600
 #   departure_timeout: 600
 ##### uncomment when using letsencrypt in server #######
 turn:
  cert_file: "/etc/letsencrypt/live/pathfinder.wikm.ir/fullchain.pem"
  key_file: "/etc/letsencrypt/live/pathfinder.wikm.ir/privkey.pem"
  tls_port: 5349
  udp_port: 3478
  external_tls: false
  domain: "pathfinder.wikm.ir"
 #######################################################
 logging:
  level: info
--- a/Back/main.py
+++ b/Back/main.py
@ -1,13 +1,12 @@
 from contextlib import asynccontextmanager
-from fastapi import FastAPI, Depends, Request
+from fastapi import FastAPI, Depends
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi_swagger import patch_fastapi
 from domains.auth.api import router as auth_router
 from domains.users.api import router as users_router
 from domains.admin.api import router as admin_router
-from domains.groups.api.admin import router as groups_admin_router
+from domains.groups.api import router as groups_router
 from domains.groups.api.client import router as groups_client_router
 from domains.realtime.ws import router as realtime_router
 from domains.notifications.api import router as notifications_router
 from integrations.livekit.client import close_livekit_api
@ -54,21 +53,21 @@ patch_fastapi(app,docs_url="/swagger")
 app.add_middleware(
    CORSMiddleware,
-    allow_origins=[
+    allow_origins=["*"],
        "https://pathfinder.wikm.ir",
        "http://localhost:8000",
    ],
    allow_credentials=True,
-    allow_methods=["GET", "POST", "PUT", "DELETE", "*"], # محدود کردن متدها
+    allow_methods=["*"],
-    allow_headers=["Authorization", "Content-Type"], # محدود کردن هدرها
+    allow_headers=["*"],
 )
-
+# app.add_middleware(
-@app.middleware("http")
+#     CORSMiddleware,
-async def add_security_headers(request: Request, call_next):
+#     allow_origins=[
-    response = await call_next(request)
+#         "https://app.neda.com",
-    response.headers["X-Content-Type-Options"] = "nosniff"
+#         "http://localhost:3000" # فقط برای تست برنامه‌نویس فرانت‌اند
-    response.headers["X-Frame-Options"] = "DENY"
+#     ],
-    return response
+#     allow_credentials=True,
 #     allow_methods=["GET", "POST", "PUT", "DELETE"], # محدود کردن متدها
 #     allow_headers=["Authorization", "Content-Type"], # محدود کردن هدرها
 # )
 # -------------------------
 # Routers
@ -77,7 +76,6 @@ async def add_security_headers(request: Request, call_next):
 app.include_router(auth_router)
 app.include_router(users_router)
 app.include_router(admin_router)
-app.include_router(groups_client_router)
+app.include_router(groups_router)
 app.include_router(groups_admin_router)
 app.include_router(realtime_router)
 app.include_router(notifications_router)
--- a/Back/scripts/create_admin.py
+++ b/Back/scripts/create_admin.py
@ -4,12 +4,12 @@ import secrets
 from db.session import AsyncSessionLocal
 from domains.users.models import User
 from core.security import hash_password
 from core.config import settings
 async def create_admin() -> None:
    username = input("Admin username: ").strip()
    phone_number = input("Phone number (optional, 11 digits): ").strip() or None
-    secret = secrets.token_urlsafe(settings.SECRET_PASS_LENGTH)
+    # secret = secrets.token_urlsafe(16)
    secret = "1234"
    async with AsyncSessionLocal() as db:
        try:
--- a/Back/tests/test_groups_service.py
+++ b/Back/tests/test_groups_service.py
@ -1,246 +0,0 @@
 import uuid
 from types import SimpleNamespace
 from unittest.mock import AsyncMock
 import pytest
 from domains.groups.models import GroupMemberRole, GroupType
 from domains.groups import service
@pytest.mark.asyncio
 async def test_create_user_group_creates_private_group_and_owner_membership(monkeypatch):
    created_group = None
    added_membership = None
    async def fake_create_group(db, group):
        nonlocal created_group
        created_group = group
        group.id = uuid.uuid4()
        return group
    async def fake_add_group_member(db, membership):
        nonlocal added_membership
        added_membership = membership
        return membership
    monkeypatch.setattr(service, "create_group", fake_create_group)
    monkeypatch.setattr(service, "add_group_member", fake_add_group_member)
    owner_id = uuid.uuid4()
    group = await service.create_user_group(object(), "team-alpha", owner_id)
    assert group.type == GroupType.PRIVATE
    assert group.owner_id == owner_id
    assert created_group is group
    assert added_membership is not None
    assert added_membership.user_id == owner_id
    assert added_membership.role == GroupMemberRole.MANAGER
@pytest.mark.asyncio
 async def test_create_admin_group_creates_public_group_without_membership(monkeypatch):
    create_group_mock = AsyncMock(side_effect=lambda db, group: setattr(group, "id", uuid.uuid4()) or group)
    add_group_member_mock = AsyncMock()
    monkeypatch.setattr(service, "create_group", create_group_mock)
    monkeypatch.setattr(service, "add_group_member", add_group_member_mock)
    owner_id = uuid.uuid4()
    group = await service.create_admin_group(object(), "ops-room", owner_id)
    assert group.type == GroupType.PUBLIC
    assert group.owner_id == owner_id
    add_group_member_mock.assert_not_awaited()
@pytest.mark.asyncio
 async def test_list_group_members_api_returns_only_real_members(monkeypatch):
    group_id = uuid.uuid4()
    member_id = uuid.uuid4()
    members_data = [
        (
            SimpleNamespace(
                user_id=member_id,
                role=GroupMemberRole.MEMBER,
            ),
            "neda-user",
        )
    ]
    monkeypatch.setattr(
        service,
        "get_group_members_with_details",
        AsyncMock(return_value=members_data),
    )
    monkeypatch.setattr(
        service,
        "list_online_users",
        AsyncMock(return_value=[str(member_id)]),
    )
    response = await service.list_group_members_api(object(), group_id)
    assert response == [
        {
            "user_id": member_id,
            "username": "neda-user",
            "role": GroupMemberRole.MEMBER,
            "is_online": True,
        }
    ]
 def test_group_routes_are_namespaced():
    from main import app
    route_map = {
        (route.path, method)
        for route in app.routes
        if getattr(route, "methods", None)
        for method in route.methods
    }
    assert ("/groups/", "POST") in route_map
    assert ("/groups/{group_id}/members/{user_id}", "DELETE") in route_map
    assert ("/admin/groups/", "POST") in route_map
    assert ("/admin/groups/", "GET") in route_map
    assert ("/admin/groups/{group_id}/members", "GET") in route_map
    assert ("/admin/groups/{group_id}/members", "POST") in route_map
@pytest.mark.asyncio
 async def test_remove_member_from_group_allows_manager_to_remove_member(monkeypatch):
    db = object()
    group_id = uuid.uuid4()
    manager_id = uuid.uuid4()
    member_id = uuid.uuid4()
    group = SimpleNamespace(owner_id=uuid.uuid4())
    removed = AsyncMock()
    async def fake_get_group_member(db, requested_group_id, requested_user_id):
        if requested_user_id == manager_id:
            return SimpleNamespace(role=GroupMemberRole.MANAGER)
        if requested_user_id == member_id:
            return SimpleNamespace(role=GroupMemberRole.MEMBER)
        return None
    monkeypatch.setattr(service, "get_group_by_id", AsyncMock(return_value=group))
    monkeypatch.setattr(service, "get_group_member", fake_get_group_member)
    monkeypatch.setattr(service, "delete_group_member", removed)
    requester = SimpleNamespace(id=manager_id, is_admin=False)
    await service.remove_member_from_group(db, group_id, member_id, requester)
    removed.assert_awaited_once_with(db, group_id, member_id)
@pytest.mark.asyncio
 async def test_remove_member_from_group_rejects_non_manager(monkeypatch):
    group_id = uuid.uuid4()
    requester_id = uuid.uuid4()
    member_id = uuid.uuid4()
    group = SimpleNamespace(owner_id=uuid.uuid4())
    monkeypatch.setattr(service, "get_group_by_id", AsyncMock(return_value=group))
    monkeypatch.setattr(
        service,
        "get_group_member",
        AsyncMock(return_value=SimpleNamespace(role=GroupMemberRole.MEMBER)),
    )
    monkeypatch.setattr(service, "delete_group_member", AsyncMock())
    requester = SimpleNamespace(id=requester_id, is_admin=False)
    with pytest.raises(PermissionError, match="دسترسی لازم را ندارید"):
        await service.remove_member_from_group(object(), group_id, member_id, requester)
@pytest.mark.asyncio
 async def test_remove_member_from_group_rejects_owner_removal(monkeypatch):
    group_id = uuid.uuid4()
    manager_id = uuid.uuid4()
    owner_id = uuid.uuid4()
    group = SimpleNamespace(owner_id=owner_id)
    async def fake_get_group_member(db, requested_group_id, requested_user_id):
        if requested_user_id == manager_id:
            return SimpleNamespace(role=GroupMemberRole.MANAGER)
        return SimpleNamespace(role=GroupMemberRole.MEMBER)
    monkeypatch.setattr(service, "get_group_by_id", AsyncMock(return_value=group))
    monkeypatch.setattr(service, "get_group_member", fake_get_group_member)
    monkeypatch.setattr(service, "delete_group_member", AsyncMock())
    requester = SimpleNamespace(id=manager_id, is_admin=False)
    with pytest.raises(ValueError, match="حذف سازنده گروه مجاز نیست"):
        await service.remove_member_from_group(object(), group_id, owner_id, requester)
@pytest.mark.asyncio
 async def test_remove_member_from_group_rejects_missing_target_membership(monkeypatch):
    group_id = uuid.uuid4()
    manager_id = uuid.uuid4()
    member_id = uuid.uuid4()
    group = SimpleNamespace(owner_id=uuid.uuid4())
    async def fake_get_group_member(db, requested_group_id, requested_user_id):
        if requested_user_id == manager_id:
            return SimpleNamespace(role=GroupMemberRole.MANAGER)
        return None
    monkeypatch.setattr(service, "get_group_by_id", AsyncMock(return_value=group))
    monkeypatch.setattr(service, "get_group_member", fake_get_group_member)
    monkeypatch.setattr(service, "delete_group_member", AsyncMock())
    requester = SimpleNamespace(id=manager_id, is_admin=False)
    with pytest.raises(ValueError, match="کاربر عضو این گروه نیست"):
        await service.remove_member_from_group(object(), group_id, member_id, requester)
@pytest.mark.asyncio
 async def test_remove_member_from_group_rejects_manager_target_for_non_admin(monkeypatch):
    group_id = uuid.uuid4()
    manager_id = uuid.uuid4()
    other_manager_id = uuid.uuid4()
    group = SimpleNamespace(owner_id=uuid.uuid4())
    async def fake_get_group_member(db, requested_group_id, requested_user_id):
        if requested_user_id == manager_id:
            return SimpleNamespace(role=GroupMemberRole.MANAGER)
        if requested_user_id == other_manager_id:
            return SimpleNamespace(role=GroupMemberRole.MANAGER)
        return None
    monkeypatch.setattr(service, "get_group_by_id", AsyncMock(return_value=group))
    monkeypatch.setattr(service, "get_group_member", fake_get_group_member)
    monkeypatch.setattr(service, "delete_group_member", AsyncMock())
    requester = SimpleNamespace(id=manager_id, is_admin=False)
    with pytest.raises(ValueError, match="حذف مدیر گروه مجاز نیست"):
        await service.remove_member_from_group(object(), group_id, other_manager_id, requester)
@pytest.mark.asyncio
 async def test_remove_member_from_group_allows_admin_to_remove_manager(monkeypatch):
    db = object()
    group_id = uuid.uuid4()
    target_manager_id = uuid.uuid4()
    group = SimpleNamespace(owner_id=uuid.uuid4())
    removed = AsyncMock()
    monkeypatch.setattr(service, "get_group_by_id", AsyncMock(return_value=group))
    monkeypatch.setattr(
        service,
        "get_group_member",
        AsyncMock(return_value=SimpleNamespace(role=GroupMemberRole.MANAGER)),
    )
    monkeypatch.setattr(service, "delete_group_member", removed)
    requester = SimpleNamespace(id=uuid.uuid4(), is_admin=True)
    await service.remove_member_from_group(db, group_id, target_manager_id, requester)
    removed.assert_awaited_once_with(db, group_id, target_manager_id)
--- a/Back/tests/test_redis.py
+++ b/Back/tests/test_redis.py
@ -1,15 +0,0 @@
 import asyncio
 import redis.asyncio as redis
 from core.config import settings
 async def test_redis():
    print(f"Testing connection to: {settings.REDIS_URL}")
    try:
        client = redis.from_url(settings.REDIS_URL, decode_responses=True)
        pong = await client.ping()
        print(f"Ping successful: {pong}")
    except Exception as e:
        print(f"Connection failed: {e}")
 if __name__ == "__main__":
    asyncio.run(test_redis())