A comprehensive full-stack disaster alert management system built with React 18 (Vite), Azure Functions (Python 3.12), Cosmos DB, and Azure Static Web Apps.
This platform enables:
- π₯ User Registration & Authentication with JWT and bcrypt hashing
- π’ Disaster Alert Submission with real-time validation
- π Admin Dashboard for alert verification and user management
- π Security Features including rate limiting and input sanitization
- βοΈ Full Azure Deployment with CI/CD automation
β Production Ready - Live on Azure Static Web Apps!
π Live Application: https://blue-sand-0ebf47300.1.azurestaticapps.net/
- β Custom JWT Authentication - Email/password login with bcrypt hashing
- β Admin Dashboard - Verify/block/delete users and alerts
- β Real-time Filtering - Filter alerts by type, severity, location
- β Role-Based Access - Admin and user roles with permissions
- β Security Hardening - Rate limiting, input validation, sanitization
- β Cosmos DB - Globally distributed NoSQL database
- β Responsive React UI - Modern Vite-powered frontend
- β GitHub Actions CI/CD - Automated testing and deployment
- β Comprehensive Documentation - Complete deployment guides
ββββββββββββββββββββββββββββ
β React 18 (Vite) β Frontend UI
β β’ Auth Context β β’ Login/Register
β β’ Dashboard β β’ Alert submission
β β’ Admin Panel β β’ Real-time filtering
ββββββββββββββ¬ββββββββββββββ
β JWT Bearer Token
β HTTPS/CORS
β
ββββββββββββββββββββββββββββ
β Azure Functions (Python)β Backend API
β β’ AuthRegister β β’ User registration
β β’ AuthLogin β β’ JWT token issuance
β β’ SubmitAlert β β’ Alert creation
β β’ GetAlerts β β’ Data retrieval
β β’ Admin endpoints β β’ User/alert management
ββββββββββββββ¬ββββββββββββββ
β SDK Connection
β Partition-based queries
β
ββββββββββββββββββββββββββββ
β Cosmos DB (NoSQL) β Database
β β’ Users container β β’ Email & password hashes
β β’ Alerts container β β’ Disaster alerts
β β’ Global distribution β β’ Multi-region support
ββββββββββββββββββββββββββββ
- Frontend: React 18, Vite, Bootstrap 5, Axios
- Backend: Azure Functions (Python 3.12), JWT, bcrypt
- Database: Azure Cosmos DB (serverless)
- Hosting: Azure Static Web Apps (frontend), Azure Functions (API)
- CI/CD: GitHub Actions workflow
- Infrastructure: Bicep templates for IaC
azure-disaster-response/
βββ frontend/ # React Vite application
β βββ src/
β β βββ auth/
β β β βββ AuthContext.jsx # JWT token management
β β βββ components/
β β β βββ LoginPage.jsx # Registration & login
β β β βββ AdminDashboard.jsx # Admin panel
β β β βββ AlertsDashboard.jsx # Alert list with filters
β β β βββ SubmitAlertForm.jsx # Alert submission
β β β βββ Navbar.jsx # Navigation
β β βββ App.jsx
β β βββ main.jsx
β βββ .env.production # Production API URL
β βββ vite.config.js
βββ AuthLogin/ # Login function
βββ AuthRegister/ # Registration function
βββ AuthMe/ # Get current user
βββ SubmitAlert/ # Submit disaster alert
βββ GetAlerts/ # Retrieve all alerts
βββ GetAlert/ # Get single alert
βββ VerifyAlert/ # Admin: verify alert
βββ DeleteAlert/ # Admin: delete alert
βββ VerifyUser/ # Admin: verify user
βββ BlockUser/ # Admin: block user
βββ DeleteUser/ # Admin: delete user
βββ GetAllUsers/ # Admin: list users
βββ auth_utils.py # JWT & hashing utilities
βββ security_utils.py # Rate limiting & validation
βββ requirements.txt # Python dependencies
βββ main.bicep # Full infrastructure template
βββ main-simple.bicep # Simplified template
βββ main-backend-only.bicep # Backend-only template
βββ deploy-production.sh # One-command deployment
βββ deploy-backend.sh # Backend deployment only
βββ .github/workflows/
β βββ deploy-azure.yml # CI/CD automation
βββ history/prompts/ # Development session logs
βββ README.md # This file
- Node.js 20+ (for frontend)
- Python 3.12+ (for backend)
- Azure Functions Core Tools v4
- Git installed
pip install -r requirements.txtcd frontend
npm install
cd ..Backend: local.settings.json
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "UseDevelopmentStorage=true",
"FUNCTIONS_WORKER_RUNTIME": "python",
"COSMOS_ENDPOINT": "https://your-cosmos.documents.azure.com:443/",
"COSMOS_KEY": "your-cosmos-key",
"COSMOS_DATABASE_NAME": "DisasterResponseDB",
"JWT_SECRET": "your-jwt-secret-min-32-chars",
"JWT_EXPIRES_MINUTES": "10080"
}
}Frontend: frontend/.env.local
VITE_API_URL=http://localhost:7071/api
# Terminal 1
func start --python# Terminal 2
cd frontend
npm run dev- Frontend: http://localhost:3000
- API: http://localhost:7071/api
- Functions: http://localhost:7071/api/\*
Email: [email protected]
Password: Admin@DisasterResponse123
Role: admin
(Or create new account via registration)
curl -X POST http://localhost:7071/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"name": "John Doe",
"email": "[email protected]",
"password": "SecurePass123"
}'curl -X POST http://localhost:7071/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "Admin@DisasterResponse123"
}'
# Response includes JWT token
# Use: Authorization: Bearer <token>curl -X POST http://localhost:7071/api/SubmitAlert \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-d '{
"type": "Flood",
"location": "Downtown Seattle, WA",
"severity": "Critical",
"message": "Heavy rainfall causing flash floods in downtown area"
}'curl -X GET "http://localhost:7071/api/GetAlerts?limit=10" \
-H "Authorization: Bearer YOUR_JWT_TOKEN"curl -X POST http://localhost:7071/api/admin/verify-alert \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ADMIN_TOKEN" \
-d '{
"alertId": "alert-uuid",
"verified": true
}'# Ensure you have Azure CLI installed and logged in
az login
# Run the automated deployment script
./deploy-production.sh
# Follow the prompts to confirm deploymentThis script will:
- β Create resource group
- β Deploy infrastructure via Bicep
- β Configure Function App settings
- β Deploy Python functions
- β Build and deploy React frontend
- β Output all URLs and connection info
See DEPLOYMENT_GUIDE.md for step-by-step instructions.
Push to main branch - automatic deployment via .github/workflows/deploy-azure.yml:
git add .
git commit -m "Your message"
git push origin mainThe workflow will:
- Run tests
- Build frontend and backend
- Deploy infrastructure
- Deploy functions
- Deploy frontend to Static Web Apps
βββββββββββββββββββββββββββββββββββββββββββ
β GitHub Actions Workflow (CI/CD) β
βββββββββββββββββββββββββββββββββββββββββββ€
β 1. Test & Build β
β 2. Deploy Infrastructure (Bicep) β
β 3. Deploy Azure Functions (Python) β
β 4. Deploy Frontend (Static Web Apps) β
βββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββββββββββββββββ
β Azure Resources β
βββββββββββββββββββββββββββββββββββββββββββ€
β β’ Function App (Python 3.12) β
β β’ Cosmos DB (Serverless) β
β β’ Static Web App (React) β
β β’ Application Insights (Monitoring) β
β β’ Storage Account (Function storage) β
βββββββββββββββββββββββββββββββββββββββββββ
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"type": "user",
"email": "[email protected]",
"name": "User Name",
"passwordHash": "bcrypt_hash_...",
"role": "user", // "user" or "admin"
"verified": false, // Admin verification status
"blocked": false, // Account blocked status
"createdAt": "2026-01-11T12:00:00Z"
}{
"id": "alert-550e8400-e29b-41d4-a716-446655440001",
"type": "Flood", // Disaster type
"severity": "High", // Low | Medium | High | Critical
"location": "Downtown Seattle, WA",
"message": "Alert description and details...",
"verified": false, // Admin verification
"verifiedAt": "2026-01-11T12:05:00Z",
"verifiedBy": {
"id": "admin-id",
"email": "[email protected]",
"name": "Admin Name"
},
"createdBy": {
"id": "user-id",
"email": "[email protected]",
"name": "User Name"
},
"timestamp": "2026-01-11T12:00:00Z"
}All documents use /type as partition key for optimal distribution.
- JWT Tokens - HS256 with 7-day expiration
- Bcrypt Hashing - 12-round password hashing
- Bearer Token - Standard Authorization header
- Session Persistence - localStorage token caching
- Register: 5 requests per 5 minutes
- Login: 10 requests per 5 minutes
- Submit Alert: 20 requests per 5 minutes
- Email: RFC format validation, max 254 chars
- Password: Min 8 chars, letters + numbers required
- Location: Alphanumeric, 3-200 chars
- Message: 20-2000 character range
- Type: Whitelist validation (Flood, Fire, Earthquake, etc.)
- Severity: Whitelist validation (Low, Medium, High, Critical)
- Removes control characters and null bytes
- Truncates to safe length limits
- Escapes dangerous input patterns
X-Content-Type-Options: nosniffX-Frame-Options: DENYX-XSS-Protection: 1; mode=blockStrict-Transport-Security: max-age=31536000Content-Security-Policy: default-src 'self'
- Configured for production domain
- Allow credentials in production
- Restrict to specific origins
- Azure Functions v4 - Serverless compute runtime
- Python 3.12 - Runtime environment
- azure-functions - Azure Functions SDK
- azure-cosmos - Cosmos DB SDK
- pyjwt - JWT token encoding/decoding
- bcrypt - Password hashing
- pydantic - Data validation
- React 18 - UI framework
- Vite 5.4 - Build tool and dev server
- Bootstrap 5 - CSS framework
- Axios - HTTP client
- React Context API - State management
- Azure Bicep - Infrastructure as Code
- GitHub Actions - CI/CD pipeline
- Azure Static Web Apps - Frontend hosting
- Azure Cosmos DB - Serverless database
- Azure Functions - Backend hosting
- Application Insights - Monitoring and logging
POST /api/auth/register- Create new accountPOST /api/auth/login- Login and get JWT tokenGET /api/auth/me- Get current user profile
POST /api/SubmitAlert- Submit disaster alertGET /api/GetAlerts- List all alerts (paginated)GET /api/GetAlert/{id}- Get single alert details
POST /api/admin/verify-alert- Verify an alertPOST /api/admin/delete-alert- Delete an alertPOST /api/admin/verify-user- Verify a userPOST /api/admin/block-user- Block a userPOST /api/admin/delete-user- Delete a userGET /api/admin/users- List all users
- Auth endpoints: Per-client IP rate limiting
- Alert endpoints: 20 req/5min per user
- Admin endpoints: Admin-only access control
- β User registration with email/password
- β Secure login with JWT tokens
- β Disaster alert submission with validation
- β Real-time alert filtering and search
- β Alert verification (admin feature)
- β User verification (admin feature)
- β User blocking/deletion (admin feature)
- β Alert deletion (admin feature)
- β Bcrypt password hashing (12 rounds)
- β JWT authentication (HS256)
- β Rate limiting on auth endpoints
- β Input validation and sanitization
- β Security headers configured
- β CORS properly configured
- β Admin role-based access control
- β React 18 with Vite
- β Responsive Bootstrap 5 UI
- β Auth context state management
- β Admin dashboard
- β Alert dashboard with filters
- β Login and registration forms
- β Real-time form validation
- β 11 Azure Functions (Python 3.12)
- β Cosmos DB integration
- β JWT token management
- β Admin endpoints
- β Error handling and logging
- β CORS middleware
- β Rate limiting decorator
- β Bicep infrastructure templates
- β Automated deployment scripts
- β GitHub Actions CI/CD pipeline
- β Azure Static Web Apps integration
- β Cosmos DB serverless setup
- β Application Insights monitoring
- β Environment variable management
- β Comprehensive README
- β Deployment guide
- β Admin guide
- β API documentation
- β Setup instructions
- β Troubleshooting guide
- β Architecture diagrams
Solution:
- Ensure backend has been deployed with latest routes
- Run
func start --pythonlocally or redeploy to Azure - Check that admin token is valid
- Verify function route is correct in admin endpoints
Solution:
- Ensure functions have CORS configured in host.json
- Check
allowedOriginsincludes your frontend URL - For local dev,
allowedOrigins: ["*"]is fine
Solution:
- Verify you're logged in as admin user
- Check JWT token is valid (not expired)
- Confirm Bearer token is in Authorization header
- Check user has
role: "admin"in Cosmos DB
Solution:
- Verify
COSMOS_ENDPOINTandCOSMOS_KEYin local.settings.json - Ensure Cosmos DB account is accessible
- Check network/firewall rules
- Verify connection string format
Solution:
- Ensure files are in project root:
auth_utils.py,security_utils.py - Run
pip install -r requirements.txt - Check function.json has correct
scriptFile
Solution:
- This is normal - wait before retrying
- Rate limits: Register 5/5min, Login 10/5min, Submit 20/5min
- Reset in 5 minutes or wait for time window to pass
- Azure Functions Python Guide
- Cosmos DB Documentation
- React Documentation
- Vite Documentation
- Bicep Language Reference
- GitHub Actions Documentation
This project is provided as-is for educational and commercial use.
Azure Disaster Response Platform v2.0 Built with: React, Python, Azure, Cosmos DB
π Documentation Files
- DEPLOYMENT_GUIDE.md - Complete deployment steps
- ADMIN_GUIDE.md - Admin features and management
- PROJECT_COMPLETION.md - Project features summary
- COMPLETION_SUMMARY.txt - Detailed completion status
π Get Started
# Local development
func start --python # Terminal 1: Backend
cd frontend && npm run dev # Terminal 2: Frontend
# Production deployment
./deploy-production.sh⨠Key Features
- π€ JWT Authentication with bcrypt hashing
- ποΈ Admin Dashboard for content moderation
- π Real-time alert filtering and search
- π Security hardening with rate limiting
- βοΈ Serverless Cosmos DB backend
- π GitHub Actions CI/CD automation