LUXURY_HOSPITALITY

DragonLair

v1.0.0 — Hotel Booking System

Full-stack hotel booking platform. Reservation engine, admin dashboard, and security hardening — built for hospitality businesses.

33 Pages 19 API Routes 15 DB Models

dragonlair

$ npx next build

▲ Next.js 14.2.35

✓ Compiled successfully

✓ Linting and types validated

✓ Static pages generated (33/33)

○ 14 Static pages

ƒ 19 Dynamic API routes

⊙ Middleware: 27 kB

● Ready for deployment

// BOOKING_ENGINE

Booking Experience

Guided reservation flow with real-time availability and activity add-ons.

Multi-Step Booking Wizard

Guided reservation flow — dates, room selection, activities, review & confirm. Real-time availability checks.

Room Management

Full CRUD with categories, pricing, capacity, amenities, image galleries. Slug-based detail pages.

Activity Booking

Safari, spa, dining, water sports — tied to reservations with participant tracking.

Dynamic Pricing

Per-night rates, seasonal adjustments, activity add-ons. Automatic total calculation with tax.

Real-Time Availability

Transactional availability checks prevent double-booking. Race condition protection with database-level locking.

Guest Communication

Contact system with message management. HTML email templates with booking confirmations.

// ADMIN_DASHBOARD

Complete Operations Center

Everything your hotel staff needs in one place.

Analytics Dashboard

Revenue tracking, occupancy rates, booking trends, and guest demographics.

User Management

Role-based access. Guest accounts, staff roles, admin privileges. Account lockout protection.

Room Operations

Create, edit, toggle availability, manage images and amenities. Bulk operations.

Booking Management

View, confirm, cancel reservations. Status workflow with audit trail.

Message Center

Guest inquiries with read/unread status, reply tracking, and archive.

Audit Logging

Activity trail — who did what, when, from where. Useful for compliance and debugging.

// DESIGN_SYSTEM

Visual Language

Custom design system with warm tones and elegant typography.

Typography

Cormorant Garamond + Inter + Lora

Primary Palette

Gold 50–900, Midnight 50–900

Accents

Ivory, Champagne, Sage, Forest, Espresso

Animations

Fade, Slide, Scale, Shimmer, Reveal

Effects

Glass morphism, Film grain, Parallax

Shadows

Luxury, Luxury-LG, Luxury-XL, Gold glow

// SECURITY_HARDENING

Security Hardening

Thoroughly tested and hardened against common web vulnerabilities.

JWT + HttpOnly Cookies

No tokens in localStorage. Secure, SameSite=Strict cookies with session management.

3-Layer Rate Limiting

Per-IP, per-user, and global rate limits. Database-backed with configurable windows.

CSP + Security Headers

Content Security Policy, HSTS, X-Frame-Options DENY, X-Content-Type-Options. Zero unsafe-eval in production.

Input Sanitization

Zod v4 validation on every endpoint. XSS prevention with HTML escaping on all user data.

CSRF Protection

Origin validation on all state-changing requests. SameSite cookie policy.

Account Security

bcrypt (12 rounds), account lockout after 5 failures, 30-minute cooldown, IP-based tracking.

// TECH_STACK

Built With

Next.js 14

App Router

TypeScript

Strict mode

Prisma 5

15 models

Tailwind CSS

Custom design system

Zustand

State management

Mobile-First

Responsive

// ARCHITECTURE

System Overview

architecture

┌─────────────────────────────────────────────────┐
│  DRAGONLAIR — System Architecture               │
├─────────────────────────────────────────────────┤
│                                                 │
│  ┌─── Frontend (Next.js 14 App Router) ───────┐ │
│  │  • Luxury Design System (Gold/Midnight)    │ │
│  │  • 14 Static Pages (SSG)                   │ │
│  │  • Multi-step Booking Wizard               │ │
│  │  • Masonry Gallery + Lightbox              │ │
│  │  • Admin Dashboard (6 views)               │ │
│  │  • Zustand Auth State                      │ │
│  └────────────────────────────────────────────┘ │
│                    ↕ API                        │
│  ┌─── Backend (19 API Routes) ────────────────┐ │
│  │  • Auth: Register, Login, Logout, Me       │ │
│  │  • Rooms: List, Detail, CRUD               │ │
│  │  • Bookings: Create, Read, Update          │ │
│  │  • Activities, Gallery, Reviews, Contact   │ │
│  │  • Admin: Dashboard, Users, Audit          │ │
│  └────────────────────────────────────────────┘ │
│                    ↕ ORM                        │
│  ┌─── Data Layer (Prisma 5) ──────────────────┐ │
│  │  15 Models: User, Room, Booking, Activity, │ │
│  │  Session, RateLimit, AuditLog, Review,     │ │
│  │  ContactMessage, GalleryImage, Setting...  │ │
│  └────────────────────────────────────────────┘ │
│                                                 │
│  ┌─── Security Layer ─────────────────────────┐ │
│  │  Middleware: CSP, HSTS, CORS               │ │
│  │  Auth: JWT + HttpOnly + Session Mgmt       │ │
│  │  Defense: Rate Limit + Lockout + Audit     │ │
│  │  Validation: Zod v4 + HTML Escape          │ │
│  └────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────┘

A Booking System Built for Your Property.

Self-hosted. Secure. Custom-built for your property. No monthly fees, no commissions — you own the code.