feat: complete mealplanner app (backend + frontend + deployment)

.NET 8 backend with Zitadel JWT auth, TheMealDB integration,
weekly meal plan generation, shopping list aggregation.
Vue 3 + Tailwind 4 frontend with dark emerald theme,
manual OIDC PKCE auth, all views implemented.
Multi-stage Dockerfile with nginx reverse proxy.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/Controllers/MealPlanController.cs

@@ -0,0 +1,98 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using MealPlanner.Services;
+
+namespace MealPlanner.Controllers;
+
+[ApiController]
+[Route("api/mealplan")]
+[Authorize]
+public class MealPlanController(MealPlanService mealPlanService) : ControllerBase
+{
+    private string UserId => User.FindFirst("sub")?.Value ?? throw new UnauthorizedAccessException();
+
+    public record GenerateRequest(string? WeekStart);
+    public record SwapRequest(Guid RecipeId);
+
+    [HttpPost("generate")]
+    public async Task<IActionResult> Generate([FromBody] GenerateRequest? body)
+    {
+        DateOnly weekStart;
+
+        if (body?.WeekStart is not null && DateOnly.TryParse(body.WeekStart, out var parsed))
+        {
+            weekStart = MealPlanService.GetWeekStart(parsed);
+        }
+        else
+        {
+            weekStart = MealPlanService.GetWeekStart(DateOnly.FromDateTime(DateTime.UtcNow));
+        }
+
+        var plan = await mealPlanService.GenerateWeekPlanAsync(UserId, weekStart);
+        return Ok(plan);
+    }
+
+    [HttpGet("current")]
+    public async Task<IActionResult> GetCurrent()
+    {
+        var plan = await mealPlanService.GetCurrentPlanAsync(UserId);
+        if (plan is null) return NotFound();
+        return Ok(plan);
+    }
+
+    [HttpGet("{weekStart}")]
+    public async Task<IActionResult> GetByWeek(string weekStart)
+    {
+        if (!DateOnly.TryParse(weekStart, out var date)) return BadRequest("Invalid date format.");
+        var plan = await mealPlanService.GetPlanAsync(UserId, date);
+        if (plan is null) return NotFound();
+        return Ok(plan);
+    }
+
+    [HttpPut("{id:guid}/entry/{date}")]
+    public async Task<IActionResult> SwapEntry(Guid id, string date, [FromBody] SwapRequest body)
+    {
+        if (!DateOnly.TryParse(date, out var parsedDate)) return BadRequest("Invalid date format.");
+
+        // Find entry by plan id + date
+        var plan = await mealPlanService.GetPlanAsync(UserId, MealPlanService.GetWeekStart(parsedDate));
+        if (plan is null || plan.Id != id) return NotFound();
+
+        var entry = plan.Entries.FirstOrDefault(e => e.Date == parsedDate);
+        if (entry is null) return NotFound();
+
+        try
+        {
+            var updated = await mealPlanService.SwapEntryAsync(entry.Id, body.RecipeId, UserId);
+            if (updated is null) return NotFound();
+            return Ok(updated);
+        }
+        catch (UnauthorizedAccessException)
+        {
+            return Forbid();
+        }
+    }
+
+    [HttpPost("{id:guid}/entry/{date}/reroll")]
+    public async Task<IActionResult> RerollEntry(Guid id, string date)
+    {
+        if (!DateOnly.TryParse(date, out var parsedDate)) return BadRequest("Invalid date format.");
+
+        var plan = await mealPlanService.GetPlanAsync(UserId, MealPlanService.GetWeekStart(parsedDate));
+        if (plan is null || plan.Id != id) return NotFound();
+
+        var entry = plan.Entries.FirstOrDefault(e => e.Date == parsedDate);
+        if (entry is null) return NotFound();
+
+        try
+        {
+            var updated = await mealPlanService.RerollEntryAsync(entry.Id, UserId);
+            if (updated is null) return StatusCode(503, "Could not fetch a new recipe. Try again.");
+            return Ok(updated);
+        }
+        catch (UnauthorizedAccessException)
+        {
+            return Forbid();
+        }
+    }
+}

backend/Controllers/RecipeController.cs

@@ -0,0 +1,74 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using MealPlanner.Models;
+using MealPlanner.Services;
+
+namespace MealPlanner.Controllers;
+
+[ApiController]
+[Route("api/recipes")]
+[Authorize]
+public class RecipeController(RecipeService recipeService) : ControllerBase
+{
+    private string UserId => User.FindFirst("sub")?.Value ?? throw new UnauthorizedAccessException();
+
+    [HttpGet]
+    public async Task<IActionResult> GetOwn()
+    {
+        var recipes = await recipeService.GetOwnRecipesAsync(UserId);
+        return Ok(recipes);
+    }
+
+    [HttpGet("{id:guid}")]
+    public async Task<IActionResult> GetById(Guid id)
+    {
+        var recipe = await recipeService.GetByIdOrFetchAsync(id);
+        if (recipe is null) return NotFound();
+        return Ok(recipe);
+    }
+
+    [HttpPost]
+    public async Task<IActionResult> Create([FromBody] Recipe recipe)
+    {
+        var created = await recipeService.CreateAsync(UserId, recipe);
+        return CreatedAtAction(nameof(GetById), new { id = created.Id }, created);
+    }
+
+    [HttpPut("{id:guid}")]
+    public async Task<IActionResult> Update(Guid id, [FromBody] Recipe recipe)
+    {
+        try
+        {
+            var updated = await recipeService.UpdateAsync(id, UserId, recipe);
+            if (updated is null) return NotFound();
+            return Ok(updated);
+        }
+        catch (UnauthorizedAccessException)
+        {
+            return Forbid();
+        }
+    }
+
+    [HttpDelete("{id:guid}")]
+    public async Task<IActionResult> Delete(Guid id)
+    {
+        try
+        {
+            var deleted = await recipeService.DeleteAsync(id, UserId);
+            if (!deleted) return NotFound();
+            return NoContent();
+        }
+        catch (UnauthorizedAccessException)
+        {
+            return Forbid();
+        }
+    }
+
+    [HttpGet("search")]
+    public async Task<IActionResult> Search([FromQuery] string q)
+    {
+        if (string.IsNullOrWhiteSpace(q)) return BadRequest("Query parameter 'q' is required.");
+        var results = await recipeService.SearchAsync(q, UserId);
+        return Ok(results);
+    }
+}

backend/Controllers/SettingsController.cs

@@ -0,0 +1,42 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using MealPlanner.Data;
+using MealPlanner.Models;
+
+namespace MealPlanner.Controllers;
+
+[ApiController]
+[Route("api/settings")]
+[Authorize]
+public class SettingsController(AppDbContext db) : ControllerBase
+{
+    private string UserId => User.FindFirst("sub")?.Value ?? throw new UnauthorizedAccessException();
+
+    [HttpGet]
+    public async Task<IActionResult> Get()
+    {
+        var settings = await db.UserSettings.FindAsync(UserId);
+        if (settings is null)
+        {
+            settings = new UserSettings { UserId = UserId, HouseholdSize = 2 };
+            db.UserSettings.Add(settings);
+            await db.SaveChangesAsync();
+        }
+        return Ok(settings);
+    }
+
+    [HttpPut]
+    public async Task<IActionResult> Update([FromBody] UserSettings updated)
+    {
+        var settings = await db.UserSettings.FindAsync(UserId);
+        if (settings is null)
+        {
+            settings = new UserSettings { UserId = UserId };
+            db.UserSettings.Add(settings);
+        }
+
+        settings.HouseholdSize = updated.HouseholdSize;
+        await db.SaveChangesAsync();
+        return Ok(settings);
+    }
+}

backend/Controllers/ShoppingListController.cs

@@ -0,0 +1,45 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using MealPlanner.Services;
+
+namespace MealPlanner.Controllers;
+
+[ApiController]
+[Route("api/shoppinglist")]
+[Authorize]
+public class ShoppingListController(ShoppingListService shoppingListService) : ControllerBase
+{
+    private string UserId => User.FindFirst("sub")?.Value ?? throw new UnauthorizedAccessException();
+
+    [HttpGet("{mealPlanId:guid}")]
+    public async Task<IActionResult> GetList(Guid mealPlanId)
+    {
+        try
+        {
+            var items = await shoppingListService.GetShoppingListAsync(mealPlanId, UserId);
+            return Ok(items);
+        }
+        catch (UnauthorizedAccessException)
+        {
+            return Forbid();
+        }
+    }
+
+    [HttpPut("{mealPlanId:guid}/check/{itemName}")]
+    public async Task<IActionResult> ToggleCheck(Guid mealPlanId, string itemName)
+    {
+        try
+        {
+            var result = await shoppingListService.ToggleCheckAsync(mealPlanId, itemName, UserId);
+            return Ok(result);
+        }
+        catch (KeyNotFoundException ex)
+        {
+            return NotFound(ex.Message);
+        }
+        catch (UnauthorizedAccessException)
+        {
+            return Forbid();
+        }
+    }
+}