v1.1.0: Complete UI redesign, REST API, reviews & wishlist, test suite, CI/CD, and Docker support

[muchaisam]

Summary

Major platform overhaul covering frontend redesign, backend features, testing infrastructure, and DevOps. This PR represents the evolution from a basic CRUD app to a production-ready travel booking platform.

What's Changed

🎨 Frontend Redesign

• Complete dark mode UI with CSS custom properties design system, animations, and micro-interactions
• Redesigned all public pages: home, packages, destinations detail, blog, about, contact
• Redesigned all admin pages: dashboard, CRUD forms, user management
• Shared navbar and footer partials with auth dropdown
• Reusable Blade components: star rating, toast notifications, loading spinner, skeleton loader, wishlist button, SEO meta, flash messages
• Removed all inline styles across 19+ views

🔌 REST API (v1)

• DestinationApiController and CategoryApiController with filtering, pagination, and search
• 6 API Resource classes (DestinationResource, CategoryResource, ReviewResource, TagResource, BookingResource, DestinationCollection)
• Versioned routes under /api/v1 with rate limiting
• Full API documentation in docs/API.md

⭐ Reviews & Wishlist

• Reviews system with star ratings on destinations (ReviewController, Review model)
• Wishlist/favorites feature with toggle functionality (WishlistController, Wishlist model)
• Booking model with status tracking and scopes

🏗️ Architecture Improvements

• Service layer: ImageService (upload/delete/replace), SearchService (filtering, sorting, scopes)
• Policies: DestinationPolicy, BlogPolicy, CategoryPolicy, UserPolicy for authorization
• Eloquent scopes: published(), recent(), inCategory(), withTags() on Destinations and Blog
• Model accessors: price, image_url, average_rating, reviews_count on Destinations
• Form request auth: All 9 FormRequest classes now enforce admin-only authorization
• Factories: Added factories for all models (Destinations, Blog, Category, Tag, Review, Booking, User)

🧪 Testing (68 tests, 149 assertions)

• 13 test classes across Unit and Feature suites
• Coverage: public pages, destination CRUD, blog CRUD, cart, auth (login/register), admin access, API endpoints, models, services
• SQLite in-memory for fast isolated testing

🔧 DevOps & CI/CD

• GitHub Actions: test + lint (Laravel Pint) + security audit pipeline
• Railway deployment workflow on main branch merge
• Docker multi-stage build with docker-compose.yml
• Nginx config with gzip compression and security headers
• Updated nixpacks.toml for PHP 8.2

🐛 Fixes

• Fixed price vs pricing mismatch on destination detail page (was showing KSH 0)
• Fixed broken destination images — seeder now uses existing public/images/ assets
• Fixed hardcoded metadata (duration, rating) with real DB columns and model data
• Fixed mass assignment vulnerability in CheckoutController
• Fixed authorization bypass in all FormRequest classes
• Fixed cart remove from GET to DELETE method
• Fixed undefined variable in CheckoutController::checkout()
• Fixed route syntax issues (string|syntax → class-based)

📝 Documentation

• Comprehensive README with setup instructions, architecture diagram, test coverage table, API reference
• CLAUDE.md for AI-assisted development context
• CHANGELOG.md with semantic versioning
• CONTRIBUTING.md with contributor guidelines
• Bug report and feature request issue templates

🗃️ Database

• 3 new migrations: reviews, wishlists, bookings
• 1 new migration: add_tour_details_to_destinations_table (duration, group_size, tour_type)
• Enriched destination seeder with detailed content, proper pricing, and real images
• All destinations now seeded with published_at set

Demo Account

Field	Value
Email	samadmin@gmail.com
Password	password
Role	Admin