ankhbayar/Assist_Design
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Refactor ESLint configuration to enforce stricter TypeScript rules across all packages. Update design documentation to clarify component categorization and address legacy issues. Enhance task documentation for codebase refactoring, ensuring clear requirements and testing coverage. Improve Dockerfile for BFF and portal applications by optimizing package copying and build processes. Introduce new environment variables for authentication and queue configurations, enhancing service reliability and maintainability.

Browse Source
This commit is contained in:
barsa 2025-09-26 17:02:36 +09:00
parent ac61dd1e17
commit f4b8c0f324
62 changed files with 69253 additions and 9862 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.kiro/specs/codebase-refactoring-review/design.md
View File

@ -11,6 +11,7 @@ This design document outlines the fixes and improvements needed to complete the
**Problem**: Components are not properly categorized according to atomic design principles.
**Current State**:
- Catalog components are in `/components/catalog/` instead of being properly categorized
- Many components that should be molecules are mixed with atoms
- Business-specific components are in shared locations
@ -44,6 +45,7 @@ components/
**Problem**: Numerous TODO comments and legacy compatibility code remain.
**Current Issues**:
- Disabled exports with TODO comments in multiple index files
- Legacy compatibility exports in layout components
- Incomplete feature module implementations
@ -56,6 +58,7 @@ components/
**Problem**: Business-specific components are in shared locations.
**Current Issues**:
- Catalog components should be in the catalog feature module
- Product-specific components are in shared components directory
- Business logic mixed with presentation components
@ -67,6 +70,7 @@ components/
**Problem**: Components don't follow consistent patterns.
**Current Issues**:
- Mixed file naming conventions
- Inconsistent folder structures
- Some components lack proper index files
@ -124,10 +128,10 @@ export { PageLayout } from "./PageLayout";
// export * from './components';
// After:
export * from './components';
export * from './hooks';
export * from './services';
export * from './types';
export * from "./components";
export * from "./hooks";
export * from "./services";
export * from "./types";
```
### Component Standards
@ -155,14 +159,14 @@ api-client.ts
```typescript
// Component index files
export { ComponentName } from './ComponentName';
export type { ComponentNameProps } from './ComponentName';
export { ComponentName } from "./ComponentName";
export type { ComponentNameProps } from "./ComponentName";
// Feature index files
export * from './components';
export * from './hooks';
export * from './services';
export * from './types';
export * from "./components";
export * from "./hooks";
export * from "./services";
export * from "./types";
```
### File Structure Standards

45
.kiro/specs/codebase-refactoring/design.md
View File

@ -88,8 +88,8 @@ interface BaseComponentProps {
// Variant-based component pattern
interface ButtonProps extends BaseComponentProps {
variant?: 'primary' | 'secondary' | 'outline' | 'ghost';
size?: 'sm' | 'md' | 'lg';
variant?: "primary" | "secondary" | "outline" | "ghost";
size?: "sm" | "md" | "lg";
disabled?: boolean;
loading?: boolean;
onClick?: () => void;
@ -151,11 +151,11 @@ interface ApiService<T> {
```typescript
// lib/types/index.ts - Centralized type exports
export * from './api.types';
export * from './auth.types';
export * from './billing.types';
export * from './subscription.types';
export * from './common.types';
export * from "./api.types";
export * from "./auth.types";
export * from "./billing.types";
export * from "./subscription.types";
export * from "./common.types";
// Common base types
interface BaseEntity {
@ -202,7 +202,7 @@ interface FeatureStore {
// React Query integration for server state
const useFeatureQuery = (params?: QueryParams) => {
return useQuery({
queryKey: ['feature', params],
queryKey: ["feature", params],
queryFn: () => featureService.getAll(params),
staleTime: 5 * 60 * 1000, // 5 minutes
});
@ -222,7 +222,7 @@ export class AppError extends Error {
public statusCode?: number
) {
super(message);
this.name = 'AppError';
this.name = "AppError";
}
}
@ -236,7 +236,7 @@ export function handleApiError(error: unknown): AppError {
if (error instanceof ApiError) {
return new AppError(error.message, error.code, error.status);
}
return new AppError('An unexpected error occurred', 'UNKNOWN_ERROR');
return new AppError("An unexpected error occurred", "UNKNOWN_ERROR");
}
```
@ -247,10 +247,10 @@ export function handleApiError(error: unknown): AppError {
interface ErrorStateProps {
error: AppError;
onRetry?: () => void;
variant?: 'page' | 'inline' | 'toast';
variant?: "page" | "inline" | "toast";
}
export function ErrorState({ error, onRetry, variant = 'page' }: ErrorStateProps) {
export function ErrorState({ error, onRetry, variant = "page" }: ErrorStateProps) {
// Render appropriate error UI based on variant
}
```
@ -313,11 +313,11 @@ describe('Dashboard Feature', () => {
```typescript
// Feature-based code splitting
const DashboardPage = lazy(() => import('@/features/dashboard/pages/DashboardPage'));
const BillingPage = lazy(() => import('@/features/billing/pages/BillingPage'));
const DashboardPage = lazy(() => import("@/features/dashboard/pages/DashboardPage"));
const BillingPage = lazy(() => import("@/features/billing/pages/BillingPage"));
// Component-level splitting for heavy components
const DataVisualization = lazy(() => import('@/components/common/DataVisualization'));
const DataVisualization = lazy(() => import("@/components/common/DataVisualization"));
```
### Bundle Optimization
@ -326,12 +326,12 @@ const DataVisualization = lazy(() => import('@/components/common/DataVisualizati
// Tree-shakeable exports
// Instead of: export * from './components';
// Use specific exports:
export { Button } from './Button';
export { Input } from './Input';
export type { ButtonProps, InputProps } from './types';
export { Button } from "./Button";
export { Input } from "./Input";
export type { ButtonProps, InputProps } from "./types";
// Dynamic imports for heavy dependencies
const heavyLibrary = await import('heavy-library');
const heavyLibrary = await import("heavy-library");
```
### Caching Strategy
@ -355,24 +355,28 @@ const queryClient = new QueryClient({
## Migration Strategy
### Phase 1: Foundation (Weeks 1-2)
- Set up new folder structure
- Create base UI components (Button, Input, etc.)
- Establish design tokens and styling system
- Set up centralized API client
### Phase 2: Core Features (Weeks 3-4)
- Refactor authentication module
- Migrate dashboard feature
- Consolidate layout components
- Implement error handling system
### Phase 3: Business Features (Weeks 5-6)
- Migrate billing feature
- Refactor subscriptions feature
- Consolidate catalog functionality
- Implement testing framework
### Phase 4: Optimization (Weeks 7-8)
- Performance optimization
- Bundle analysis and splitting
- Documentation and cleanup
@ -381,16 +385,19 @@ const queryClient = new QueryClient({
## Risk Mitigation
### Backward Compatibility
- Maintain existing API contracts during migration
- Use feature flags for gradual rollout
- Keep old components until migration is complete
### Testing Coverage
- Maintain existing functionality through comprehensive testing
- Implement visual regression testing
- Set up automated testing pipeline
### Performance Monitoring
- Implement bundle size monitoring
- Set up performance metrics tracking
- Monitor Core Web Vitals during migration

38
CLEAN_ZOD_IMPLEMENTATION.md
View File

@ -7,6 +7,7 @@ We have successfully completed a comprehensive cleanup of the Zod validation sys
## 🧹 **What We Cleaned Up**
### ❌ **Removed Legacy Patterns**
- ~~`FormBuilder` class~~ → Direct `useZodForm` hook
- ~~`validateOrThrow`, `safeValidate`, `createValidator`~~ → Direct `schema.parse()` and `schema.safeParse()`
- ~~`createTypeGuard`, `createAsyncValidator`, `createDebouncedValidator`~~ → Direct Zod usage
@ -14,6 +15,7 @@ We have successfully completed a comprehensive cleanup of the Zod validation sys
- ~~Complex validation utilities~~ → Simple `parseOrThrow` and `safeParse` helpers
### ❌ **Removed Documentation Debt**
- ~~`VALIDATION_CONSOLIDATION_SUMMARY.md`~~
- ~~`CONSOLIDATION_PLAN.md`~~
- ~~`ZOD_ARCHITECTURE_GUIDE.md`~~
@ -22,6 +24,7 @@ We have successfully completed a comprehensive cleanup of the Zod validation sys
### ✅ **Simplified Architecture**
#### **Before: Complex Abstractions**
```typescript
// Multiple wrapper functions
const result = validateOrderBusinessRules(data);
@ -30,13 +33,11 @@ const typeGuard = createTypeGuard(schema);
const asyncValidator = createAsyncValidator(schema);
// Complex FormBuilder
const form = FormBuilder.create(schema)
.withValidation()
.withAsyncValidation()
.build();
const form = FormBuilder.create(schema).withValidation().withAsyncValidation().build();
```
#### **After: Pure Zod**
```typescript
// Direct Zod usage - clean and simple
const result = schema.safeParse(data);
@ -49,6 +50,7 @@ const form = useZodForm({ schema, initialValues, onSubmit });
## 📦 **Final Clean Architecture**
### **`@customer-portal/validation-service`** (Minimal & Focused)
```typescript
// packages/validation-service/src/
├── zod-pipe.ts // Simple NestJS pipe: ZodPipe(schema)
@ -59,6 +61,7 @@ const form = useZodForm({ schema, initialValues, onSubmit });
```
### **`@customer-portal/domain`** (Clean Schemas)
```typescript
// packages/domain/src/validation/
├── shared/ // Primitives, identifiers, common patterns
@ -71,6 +74,7 @@ const form = useZodForm({ schema, initialValues, onSubmit });
## 🎯 **Usage Patterns - Industry Standard**
### **NestJS Controllers**
```typescript
import { ZodPipe } from '@customer-portal/validation-service/nestjs';
import { createOrderRequestSchema } from '@customer-portal/domain';
@ -82,50 +86,56 @@ async createOrder(@Body(ZodPipe(createOrderRequestSchema)) body: CreateOrderRequ
```
### **React Forms**
```typescript
import { useZodForm } from '@customer-portal/validation-service/react';
import { signupFormSchema } from '@customer-portal/domain';
import { useZodForm } from "@customer-portal/validation-service/react";
import { signupFormSchema } from "@customer-portal/domain";
const { values, errors, handleSubmit } = useZodForm({
schema: signupFormSchema,
initialValues: { email: '', password: '' },
onSubmit: async (data) => await signup(data)
initialValues: { email: "", password: "" },
onSubmit: async data => await signup(data),
});
```
### **Business Logic**
```typescript
import { z } from 'zod';
import { orderBusinessValidationSchema } from '@customer-portal/domain';
import { z } from "zod";
import { orderBusinessValidationSchema } from "@customer-portal/domain";
// Direct validation - no wrappers needed
const result = orderBusinessValidationSchema.safeParse(orderData);
if (!result.success) {
throw new Error(result.error.issues.map(i => i.message).join(', '));
throw new Error(result.error.issues.map(i => i.message).join(", "));
}
```
## 🏆 **Benefits Achieved**
### **🔥 Eliminated Complexity**
- **-7 legacy validation files** removed
- **-15 wrapper functions** eliminated
- **-3 documentation files** cleaned up
- **-200+ lines** of unnecessary abstraction code
### **✅ Industry Alignment**
- **tRPC**: Uses Zod directly ✓
- **React Hook Form**: Direct Zod integration ✓
- **Next.js**: Direct Zod for API validation ✓
- **Prisma**: Direct Zod for schema validation ✓
### **💡 Developer Experience**
- **Familiar patterns**: Standard Zod usage everywhere
- **Clear imports**: `import { z } from 'zod'`
- **Simple debugging**: Direct Zod stack traces
- **Easy maintenance**: Less custom code = fewer bugs
### **🚀 Performance**
- **No abstraction overhead**: Direct Zod calls
- **Better tree shaking**: Clean exports
- **Smaller bundle size**: Removed unused utilities
@ -140,20 +150,24 @@ if (!result.success) {
## 🎉 **Key Achievements**
### **1. Zero Abstractions Over Zod**
No more "enhanced", "extended", or "wrapped" Zod. Just pure, direct usage.
### **2. Consistent Patterns Everywhere**
- Controllers: `ZodPipe(schema)`
- Forms: `useZodForm({ schema, ... })`
- Business Logic: `schema.parse(data)`
### **3. Clean Codebase**
- No legacy validation files
- No redundant utilities
- No complex documentation
- No over-engineering
### **4. Industry Standard Implementation**
Following the same patterns as major frameworks and libraries.
## 💎 **Philosophy Realized**
@ -161,6 +175,7 @@ Following the same patterns as major frameworks and libraries.
> **"Simplicity is the ultimate sophistication"**
We've achieved a validation system that is:
- **Simple**: Direct Zod usage
- **Clean**: No unnecessary abstractions
- **Maintainable**: Industry-standard patterns
@ -170,6 +185,7 @@ We've achieved a validation system that is:
## 🚀 **Ready for Production**
The Zod validation system is now **production-ready** with:
- ✅ Clean, maintainable code
- ✅ Industry-standard patterns
- ✅ Zero technical debt

5
MEMORY_OPTIMIZATION_SUMMARY.md
View File

@ -1,11 +1,13 @@
# Memory & TypeScript Tooling
## Current Status
- TypeScript diagnostics now run with a unified configuration shared across the monorepo.
- Portal and BFF type-check reliably on machines with ~812GB available RAM when using the provided Node.js memory limits.
- Package builds remain incremental and continue to emit declaration files for downstream consumers.
## Key Changes
- Introduced `tsconfig.base.json` to centralise shared compiler options.
- Each package/app now owns a single `tsconfig.json` (plus `tsconfig.build.json` for the NestJS app) instead of dozens of per-area configs.
- Removed the `.typecheck` staging folders and the chunked `run-chunks.mjs` workflow.
@ -13,17 +15,20 @@
- Root `tsconfig.json` references the reusable libraries (`domain`, `logging`, `api-client`, `validation-service`) for fast incremental builds.
## Recommended CI/CD Setup
1. Provide at least 8GB of RAM (12GB+ preferred) to the type-check job.
2. Run package checks: `pnpm type-check:packages` (invokes `tsc --noEmit` for each workspace package).
3. Run application checks: `pnpm type-check:apps` (executes the BFF and Portal scripts sequentially).
4. Optional: `pnpm type-check:workspace` runs `tsc -b --noEmit` against the shared libraries for an incremental baseline.
## Local Development Tips
- Use `pnpm --filter <workspace> run type-check:watch` (where available) for continuous feedback without emitting build artefacts.
- Keep `NODE_OPTIONS` memory ceilings from the scripts; they balance speed with predictable RAM usage on developer laptops.
- When additional capacity is available, bump `--max-old-space-size` to 8192+ in CI to future-proof larger schemas.
## Follow-Up Ideas
- Monitor CI telemetry to validate the new memory headroom and tune limits as the codebase grows.
- Evaluate splitting large schema modules only if memory pressure returns; the current setup avoids premature fragmentation.
- Consider enabling `strict` extensions such as `noUncheckedIndexedAccess` once the pipeline is stable again.

9
README.md
View File

@ -163,17 +163,20 @@ Upload the tar files in Plesk → Docker → Images → Upload, then deploy usin
### API Client Codegen
1) Generate OpenAPI spec from BFF:
1. Generate OpenAPI spec from BFF:
```bash
pnpm --filter @customer-portal/bff run openapi:gen
```
2) Generate types and client:
2. Generate types and client:
```bash
pnpm --filter @customer-portal/api-client run codegen && pnpm --filter @customer-portal/api-client build
```
3) Use in Portal:
3. Use in Portal:
```ts
import { createClient } from "@customer-portal/api-client";
```

18
ZOD_TRANSITION_COMPLETE.md
View File

@ -7,6 +7,7 @@ We have successfully transitioned the entire monorepo to use **pure Zod directly
## 🧹 **What We Cleaned Up**
### ❌ **Removed Complex Abstractions**
- ~~`EnhancedZodValidationPipe`~~ → Simple `ZodPipe` factory function
- ~~`BusinessValidator`~~ → Direct Zod schema validation
- ~~`FormBuilder`~~ → Direct `useZodForm` hook
@ -16,6 +17,7 @@ We have successfully transitioned the entire monorepo to use **pure Zod directly
### ✅ **Implemented Simple Patterns**
#### **1. NestJS Backend Validation**
```typescript
// Before: Complex enhanced pipe
@Body(EnhancedZodValidationPipe(schema, { transform: true, sanitize: true }))
@ -25,6 +27,7 @@ We have successfully transitioned the entire monorepo to use **pure Zod directly
```
#### **2. React Frontend Validation**
```typescript
// Before: Complex FormBuilder abstraction
const form = FormBuilder.create(schema).withValidation().build();
@ -33,16 +36,17 @@ const form = FormBuilder.create(schema).withValidation().build();
const { values, errors, handleSubmit } = useZodForm({
schema: signupFormSchema,
initialValues,
onSubmit
onSubmit,
});
```
#### **3. Direct Zod Usage Everywhere**
```typescript
// Simple, direct Zod schemas
const userSchema = z.object({
email: z.string().email(),
name: z.string().min(1)
name: z.string().min(1),
});
// Direct validation
@ -52,12 +56,14 @@ const result = userSchema.parse(data);
## 📦 **New Architecture**
### **`@customer-portal/validation-service`**
- **Pure Zod re-export**: `export { z } from 'zod'`
- **Simple NestJS pipe**: `ZodPipe(schema)` factory function
- **Simple React hook**: `useZodForm({ schema, initialValues, onSubmit })`
- **No complex abstractions**: Just thin wrappers for framework integration
### **Framework Integration**
```typescript
// NestJS Controllers
import { ZodPipe } from '@customer-portal/validation-service/nestjs';
@ -75,16 +81,19 @@ const schema = z.object({ ... });
## 🔧 **Key Fixes Applied**
### **1. Type Consistency**
- Fixed `whmcsClientId` type mismatch (database `number` vs Zod `string`)
- Aligned all Zod schemas with actual database types
- Removed unnecessary type conversions
### **2. Direct Imports**
- All files now import `z` directly from `'zod'`
- No more complex re-exports or aliases
- Clean, traceable import paths
### **3. Validation Patterns**
- Controllers use simple `ZodPipe(schema)`
- Forms use simple `useZodForm({ schema, ... })`
- Business logic uses direct `schema.parse(data)`
@ -92,18 +101,21 @@ const schema = z.object({ ... });
## 🏆 **Why This Approach Wins**
### **Industry Standard**
- **tRPC**: Uses Zod directly
- **React Hook Form**: Integrates with Zod directly
- **Next.js**: Uses Zod directly for API validation
- **Prisma**: Uses Zod directly for schema validation
### **Developer Experience**
- **Familiar**: Developers know Zod, not custom abstractions
- **Debuggable**: Clear stack traces, no wrapper confusion
- **Maintainable**: Less custom code = fewer bugs
- **Performant**: No abstraction overhead
### **Your Requirements Met**
- ✅ **No aliases**: Direct `z` import everywhere
- ✅ **Clean centralized structure**: Single validation service
- ✅ **Pure Zod**: No enhanced/extended versions
@ -120,6 +132,7 @@ const schema = z.object({ ... });
## 🚀 **Next Steps**
The Zod transition is **complete**. The remaining build errors are unrelated to validation:
- Auth workflow return types
- VPN catalog property mismatches
- Invoice controller duplicate imports
@ -130,6 +143,7 @@ These are separate business logic issues, not validation architecture problems.
## 💡 **Key Takeaway**
**"Simple is better than complex"** - We now have a clean, industry-standard Zod implementation that's:
- Easy to understand
- Easy to maintain
- Easy to debug

7
apps/bff/.eslintrc.json
View File

@ -17,13 +17,8 @@
{
"files": ["src/integrations/**/*.ts"],
"rules": {
"no-restricted-imports": [
"error",
{ "patterns": ["@bff/modules/*"] }
]
"no-restricted-imports": ["error", { "patterns": ["@bff/modules/*"] }]
}
}
]
}

23
apps/bff/Dockerfile
View File

@ -16,7 +16,9 @@ WORKDIR /app
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
# Copy package.json files for dependency resolution
COPY packages/shared/package.json ./packages/shared/
COPY packages/domain/package.json ./packages/domain/
COPY packages/logging/package.json ./packages/logging/
COPY packages/validation/package.json ./packages/validation/
COPY apps/bff/package.json ./apps/bff/
# Install ALL dependencies (needed for build)
@ -37,19 +39,20 @@ WORKDIR /app
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
# Copy source code
COPY packages/shared/ ./packages/shared/
COPY packages/ ./packages/
COPY apps/bff/ ./apps/bff/
COPY tsconfig.json ./
# Copy node_modules from deps stage
COPY --from=deps /app/node_modules ./node_modules
WORKDIR /app/packages/shared
RUN pnpm build
WORKDIR /app
# Align workspace modules in builder (ensures proper symlinks and resolution)
RUN pnpm install --frozen-lockfile --prefer-offline
# Build workspace packages so downstream apps can consume compiled artifacts
RUN pnpm --filter @customer-portal/domain build && \
pnpm --filter @customer-portal/logging build && \
pnpm --filter @customer-portal/validation build
# Build BFF (generate Prisma client then compile)
RUN pnpm --filter @customer-portal/bff exec prisma generate && \
pnpm --filter @customer-portal/bff build
@ -80,7 +83,11 @@ WORKDIR /app
# Copy workspace configuration
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
COPY packages/shared/package.json ./packages/shared/
# Copy package.json files for dependency resolution
COPY packages/domain/package.json ./packages/domain/
COPY packages/logging/package.json ./packages/logging/
COPY packages/validation/package.json ./packages/validation/
COPY apps/bff/package.json ./apps/bff/
# Install production dependencies only (clean approach)
@ -91,7 +98,9 @@ RUN pnpm install --frozen-lockfile --prod --ignore-scripts
RUN pnpm rebuild bcrypt
# Copy built applications and shared package from builder
COPY --from=builder /app/packages/shared/dist ./packages/shared/dist
COPY --from=builder /app/packages/domain/dist ./packages/domain/dist
COPY --from=builder /app/packages/logging/dist ./packages/logging/dist
COPY --from=builder /app/packages/validation/dist ./packages/validation/dist
COPY --from=builder /app/apps/bff/dist ./apps/bff/dist
COPY --from=builder /app/apps/bff/prisma ./apps/bff/prisma

64389
apps/bff/build-trace/trace.json
View File

File diff suppressed because it is too large Load Diff

446
apps/bff/build-trace/types.json
View File

@ -1,85 +1,361 @@
[{"id":1,"intrinsicName":"any","recursionId":0,"flags":["Any"]},
{"id":2,"intrinsicName":"any","recursionId":1,"flags":["Any"]},
{"id":3,"intrinsicName":"any","recursionId":2,"flags":["Any"]},
{"id":4,"intrinsicName":"any","recursionId":3,"flags":["Any"]},
{"id":5,"intrinsicName":"error","recursionId":4,"flags":["Any"]},
{"id":6,"intrinsicName":"unresolved","recursionId":5,"flags":["Any"]},
{"id":7,"intrinsicName":"any","recursionId":6,"flags":["Any"]},
{"id":8,"intrinsicName":"intrinsic","recursionId":7,"flags":["Any"]},
{"id":9,"intrinsicName":"unknown","recursionId":8,"flags":["Unknown"]},
{"id":10,"intrinsicName":"undefined","recursionId":9,"flags":["Undefined"]},
{"id":11,"intrinsicName":"undefined","recursionId":10,"flags":["Undefined"]},
{"id":12,"intrinsicName":"undefined","recursionId":11,"flags":["Undefined"]},
{"id":13,"intrinsicName":"null","recursionId":12,"flags":["Null"]},
{"id":14,"intrinsicName":"string","recursionId":13,"flags":["String"]},
{"id":15,"intrinsicName":"number","recursionId":14,"flags":["Number"]},
{"id":16,"intrinsicName":"bigint","recursionId":15,"flags":["BigInt"]},
{"id":17,"intrinsicName":"false","recursionId":16,"flags":["BooleanLiteral"],"display":"false"},
{"id":18,"intrinsicName":"false","recursionId":17,"flags":["BooleanLiteral"],"display":"false"},
{"id":19,"intrinsicName":"true","recursionId":18,"flags":["BooleanLiteral"],"display":"true"},
{"id":20,"intrinsicName":"true","recursionId":19,"flags":["BooleanLiteral"],"display":"true"},
{"id":21,"intrinsicName":"boolean","recursionId":20,"unionTypes":[18,20],"flags":["Boolean","BooleanLike","PossiblyFalsy","Union"]},
{"id":22,"intrinsicName":"symbol","recursionId":21,"flags":["ESSymbol"]},
{"id":23,"intrinsicName":"void","recursionId":22,"flags":["Void"]},
{"id":24,"intrinsicName":"never","recursionId":23,"flags":["Never"]},
{"id":25,"intrinsicName":"never","recursionId":24,"flags":["Never"]},
{"id":26,"intrinsicName":"never","recursionId":25,"flags":["Never"]},
{"id":27,"intrinsicName":"never","recursionId":26,"flags":["Never"]},
{"id":28,"intrinsicName":"object","recursionId":27,"flags":["NonPrimitive"]},
{"id":29,"recursionId":28,"unionTypes":[14,15],"flags":["Union"]},
{"id":30,"recursionId":29,"unionTypes":[14,15,22],"flags":["Union"]},
{"id":31,"recursionId":30,"unionTypes":[15,16],"flags":["Union"]},
{"id":32,"recursionId":31,"unionTypes":[10,13,14,15,16,18,20],"flags":["Union"]},
{"id":33,"recursionId":32,"flags":["TemplateLiteral"]},
{"id":34,"intrinsicName":"never","recursionId":33,"flags":["Never"]},
{"id":35,"recursionId":34,"flags":["Object"],"display":"{}"},
{"id":36,"recursionId":35,"flags":["Object"],"display":"{}"},
{"id":37,"recursionId":36,"flags":["Object"],"display":"{}"},
{"id":38,"symbolName":"__type","recursionId":37,"flags":["Object"],"display":"{}"},
{"id":39,"recursionId":38,"flags":["Object"],"display":"{}"},
{"id":40,"recursionId":39,"unionTypes":[10,13,39],"flags":["Union"]},
{"id":41,"recursionId":40,"flags":["Object"],"display":"{}"},
{"id":42,"recursionId":41,"flags":["Object"],"display":"{}"},
{"id":43,"recursionId":42,"flags":["Object"],"display":"{}"},
{"id":44,"recursionId":43,"flags":["Object"],"display":"{}"},
{"id":45,"recursionId":44,"flags":["Object"],"display":"{}"},
{"id":46,"flags":["TypeParameter","IncludesMissingType"]},
{"id":47,"flags":["TypeParameter","IncludesMissingType"]},
{"id":48,"flags":["TypeParameter","IncludesMissingType"]},
{"id":49,"flags":["TypeParameter","IncludesMissingType"]},
{"id":50,"flags":["TypeParameter","IncludesMissingType"]},
{"id":51,"recursionId":45,"flags":["StringLiteral"],"display":"\"\""},
{"id":52,"recursionId":46,"flags":["NumberLiteral"],"display":"0"},
{"id":53,"recursionId":47,"flags":["BigIntLiteral"],"display":"0n"},
{"id":54,"recursionId":48,"flags":["StringLiteral"],"display":"\"string\""},
{"id":55,"recursionId":49,"flags":["StringLiteral"],"display":"\"number\""},
{"id":56,"recursionId":50,"flags":["StringLiteral"],"display":"\"bigint\""},
{"id":57,"recursionId":51,"flags":["StringLiteral"],"display":"\"boolean\""},
{"id":58,"recursionId":52,"flags":["StringLiteral"],"display":"\"symbol\""},
{"id":59,"recursionId":53,"flags":["StringLiteral"],"display":"\"undefined\""},
{"id":60,"recursionId":54,"flags":["StringLiteral"],"display":"\"object\""},
{"id":61,"recursionId":55,"flags":["StringLiteral"],"display":"\"function\""},
{"id":62,"recursionId":56,"unionTypes":[54,55,56,57,58,59,60,61],"flags":["Union"]},
{"id":63,"symbolName":"IArguments","recursionId":57,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":402,"character":2},"end":{"line":408,"character":2}},"flags":["Object"]},
{"id":64,"symbolName":"globalThis","recursionId":58,"flags":["Object"],"display":"typeof globalThis"},
{"id":65,"symbolName":"Array","recursionId":59,"instantiatedType":65,"typeArguments":[66],"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1323,"character":2},"end":{"line":1511,"character":2}},"flags":["Object"]},
{"id":66,"symbolName":"T","recursionId":60,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1325,"character":17},"end":{"line":1325,"character":18}},"flags":["TypeParameter","IncludesMissingType"]},
{"id":67,"symbolName":"Array","recursionId":59,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1323,"character":2},"end":{"line":1511,"character":2}},"flags":["TypeParameter","IncludesMissingType"]},
{"id":68,"symbolName":"Object","recursionId":61,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":121,"character":2},"end":{"line":153,"character":2}},"flags":["Object"]},
{"id":69,"symbolName":"Function","recursionId":62,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":270,"character":39},"end":{"line":307,"character":2}},"flags":["Object"]},
{"id":70,"symbolName":"CallableFunction","recursionId":63,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":329,"character":136},"end":{"line":366,"character":2}},"flags":["Object"]},
{"id":71,"symbolName":"NewableFunction","recursionId":64,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":366,"character":2},"end":{"line":402,"character":2}},"flags":["Object"]},
{"id":72,"symbolName":"String","recursionId":65,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":408,"character":2},"end":{"line":532,"character":2}},"flags":["Object"]},
{"id":73,"symbolName":"Number","recursionId":66,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":557,"character":41},"end":{"line":586,"character":2}},"flags":["Object"]},
{"id":74,"symbolName":"Boolean","recursionId":67,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":544,"character":39},"end":{"line":549,"character":2}},"flags":["Object"]},
{"id":75,"symbolName":"RegExp","recursionId":68,"instantiatedType":75,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":991,"character":2},"end":{"line":1023,"character":2}},"flags":["Object"]},
{"id":76,"symbolName":"RegExp","recursionId":68,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":991,"character":2},"end":{"line":1023,"character":2}},"flags":["TypeParameter","IncludesMissingType"]},
{"id":77,"symbolName":"Array","recursionId":59,"instantiatedType":65,"typeArguments":[1],"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1323,"character":2},"end":{"line":1511,"character":2}},"flags":["Object"]},
{"id":78,"symbolName":"Array","recursionId":59,"instantiatedType":65,"typeArguments":[2],"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1323,"character":2},"end":{"line":1511,"character":2}},"flags":["Object"]},
{"id":79,"symbolName":"ReadonlyArray","recursionId":69,"instantiatedType":79,"typeArguments":[80],"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1185,"character":24},"end":{"line":1316,"character":2}},"flags":["Object"]},
{"id":80,"symbolName":"T","recursionId":70,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1191,"character":25},"end":{"line":1191,"character":26}},"flags":["TypeParameter","IncludesMissingType"]},
{"id":81,"symbolName":"ReadonlyArray","recursionId":69,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1185,"character":24},"end":{"line":1316,"character":2}},"flags":["TypeParameter","IncludesMissingType"]},
{"id":82,"symbolName":"ReadonlyArray","recursionId":69,"instantiatedType":79,"typeArguments":[1],"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1185,"character":24},"end":{"line":1316,"character":2}},"flags":["Object"]},
{"id":83,"symbolName":"ThisType","recursionId":71,"instantiatedType":83,"typeArguments":[84],"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1680,"character":29},"end":{"line":1685,"character":25}},"flags":["Object"]},
{"id":84,"symbolName":"T","recursionId":72,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1685,"character":20},"end":{"line":1685,"character":21}},"flags":["TypeParameter","IncludesMissingType"]},
{"id":85,"symbolName":"ThisType","recursionId":71,"firstDeclaration":{"path":"/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts","start":{"line":1680,"character":29},"end":{"line":1685,"character":25}},"flags":["TypeParameter","IncludesMissingType"]}]
[
{ "id": 1, "intrinsicName": "any", "recursionId": 0, "flags": ["Any"] },
{ "id": 2, "intrinsicName": "any", "recursionId": 1, "flags": ["Any"] },
{ "id": 3, "intrinsicName": "any", "recursionId": 2, "flags": ["Any"] },
{ "id": 4, "intrinsicName": "any", "recursionId": 3, "flags": ["Any"] },
{ "id": 5, "intrinsicName": "error", "recursionId": 4, "flags": ["Any"] },
{ "id": 6, "intrinsicName": "unresolved", "recursionId": 5, "flags": ["Any"] },
{ "id": 7, "intrinsicName": "any", "recursionId": 6, "flags": ["Any"] },
{ "id": 8, "intrinsicName": "intrinsic", "recursionId": 7, "flags": ["Any"] },
{ "id": 9, "intrinsicName": "unknown", "recursionId": 8, "flags": ["Unknown"] },
{ "id": 10, "intrinsicName": "undefined", "recursionId": 9, "flags": ["Undefined"] },
{ "id": 11, "intrinsicName": "undefined", "recursionId": 10, "flags": ["Undefined"] },
{ "id": 12, "intrinsicName": "undefined", "recursionId": 11, "flags": ["Undefined"] },
{ "id": 13, "intrinsicName": "null", "recursionId": 12, "flags": ["Null"] },
{ "id": 14, "intrinsicName": "string", "recursionId": 13, "flags": ["String"] },
{ "id": 15, "intrinsicName": "number", "recursionId": 14, "flags": ["Number"] },
{ "id": 16, "intrinsicName": "bigint", "recursionId": 15, "flags": ["BigInt"] },
{
"id": 17,
"intrinsicName": "false",
"recursionId": 16,
"flags": ["BooleanLiteral"],
"display": "false"
},
{
"id": 18,
"intrinsicName": "false",
"recursionId": 17,
"flags": ["BooleanLiteral"],
"display": "false"
},
{
"id": 19,
"intrinsicName": "true",
"recursionId": 18,
"flags": ["BooleanLiteral"],
"display": "true"
},
{
"id": 20,
"intrinsicName": "true",
"recursionId": 19,
"flags": ["BooleanLiteral"],
"display": "true"
},
{
"id": 21,
"intrinsicName": "boolean",
"recursionId": 20,
"unionTypes": [18, 20],
"flags": ["Boolean", "BooleanLike", "PossiblyFalsy", "Union"]
},
{ "id": 22, "intrinsicName": "symbol", "recursionId": 21, "flags": ["ESSymbol"] },
{ "id": 23, "intrinsicName": "void", "recursionId": 22, "flags": ["Void"] },
{ "id": 24, "intrinsicName": "never", "recursionId": 23, "flags": ["Never"] },
{ "id": 25, "intrinsicName": "never", "recursionId": 24, "flags": ["Never"] },
{ "id": 26, "intrinsicName": "never", "recursionId": 25, "flags": ["Never"] },
{ "id": 27, "intrinsicName": "never", "recursionId": 26, "flags": ["Never"] },
{ "id": 28, "intrinsicName": "object", "recursionId": 27, "flags": ["NonPrimitive"] },
{ "id": 29, "recursionId": 28, "unionTypes": [14, 15], "flags": ["Union"] },
{ "id": 30, "recursionId": 29, "unionTypes": [14, 15, 22], "flags": ["Union"] },
{ "id": 31, "recursionId": 30, "unionTypes": [15, 16], "flags": ["Union"] },
{ "id": 32, "recursionId": 31, "unionTypes": [10, 13, 14, 15, 16, 18, 20], "flags": ["Union"] },
{ "id": 33, "recursionId": 32, "flags": ["TemplateLiteral"] },
{ "id": 34, "intrinsicName": "never", "recursionId": 33, "flags": ["Never"] },
{ "id": 35, "recursionId": 34, "flags": ["Object"], "display": "{}" },
{ "id": 36, "recursionId": 35, "flags": ["Object"], "display": "{}" },
{ "id": 37, "recursionId": 36, "flags": ["Object"], "display": "{}" },
{ "id": 38, "symbolName": "__type", "recursionId": 37, "flags": ["Object"], "display": "{}" },
{ "id": 39, "recursionId": 38, "flags": ["Object"], "display": "{}" },
{ "id": 40, "recursionId": 39, "unionTypes": [10, 13, 39], "flags": ["Union"] },
{ "id": 41, "recursionId": 40, "flags": ["Object"], "display": "{}" },
{ "id": 42, "recursionId": 41, "flags": ["Object"], "display": "{}" },
{ "id": 43, "recursionId": 42, "flags": ["Object"], "display": "{}" },
{ "id": 44, "recursionId": 43, "flags": ["Object"], "display": "{}" },
{ "id": 45, "recursionId": 44, "flags": ["Object"], "display": "{}" },
{ "id": 46, "flags": ["TypeParameter", "IncludesMissingType"] },
{ "id": 47, "flags": ["TypeParameter", "IncludesMissingType"] },
{ "id": 48, "flags": ["TypeParameter", "IncludesMissingType"] },
{ "id": 49, "flags": ["TypeParameter", "IncludesMissingType"] },
{ "id": 50, "flags": ["TypeParameter", "IncludesMissingType"] },
{ "id": 51, "recursionId": 45, "flags": ["StringLiteral"], "display": "\"\"" },
{ "id": 52, "recursionId": 46, "flags": ["NumberLiteral"], "display": "0" },
{ "id": 53, "recursionId": 47, "flags": ["BigIntLiteral"], "display": "0n" },
{ "id": 54, "recursionId": 48, "flags": ["StringLiteral"], "display": "\"string\"" },
{ "id": 55, "recursionId": 49, "flags": ["StringLiteral"], "display": "\"number\"" },
{ "id": 56, "recursionId": 50, "flags": ["StringLiteral"], "display": "\"bigint\"" },
{ "id": 57, "recursionId": 51, "flags": ["StringLiteral"], "display": "\"boolean\"" },
{ "id": 58, "recursionId": 52, "flags": ["StringLiteral"], "display": "\"symbol\"" },
{ "id": 59, "recursionId": 53, "flags": ["StringLiteral"], "display": "\"undefined\"" },
{ "id": 60, "recursionId": 54, "flags": ["StringLiteral"], "display": "\"object\"" },
{ "id": 61, "recursionId": 55, "flags": ["StringLiteral"], "display": "\"function\"" },
{
"id": 62,
"recursionId": 56,
"unionTypes": [54, 55, 56, 57, 58, 59, 60, 61],
"flags": ["Union"]
},
{
"id": 63,
"symbolName": "IArguments",
"recursionId": 57,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 402, "character": 2 },
"end": { "line": 408, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 64,
"symbolName": "globalThis",
"recursionId": 58,
"flags": ["Object"],
"display": "typeof globalThis"
},
{
"id": 65,
"symbolName": "Array",
"recursionId": 59,
"instantiatedType": 65,
"typeArguments": [66],
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1323, "character": 2 },
"end": { "line": 1511, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 66,
"symbolName": "T",
"recursionId": 60,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1325, "character": 17 },
"end": { "line": 1325, "character": 18 }
},
"flags": ["TypeParameter", "IncludesMissingType"]
},
{
"id": 67,
"symbolName": "Array",
"recursionId": 59,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1323, "character": 2 },
"end": { "line": 1511, "character": 2 }
},
"flags": ["TypeParameter", "IncludesMissingType"]
},
{
"id": 68,
"symbolName": "Object",
"recursionId": 61,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 121, "character": 2 },
"end": { "line": 153, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 69,
"symbolName": "Function",
"recursionId": 62,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 270, "character": 39 },
"end": { "line": 307, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 70,
"symbolName": "CallableFunction",
"recursionId": 63,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 329, "character": 136 },
"end": { "line": 366, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 71,
"symbolName": "NewableFunction",
"recursionId": 64,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 366, "character": 2 },
"end": { "line": 402, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 72,
"symbolName": "String",
"recursionId": 65,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 408, "character": 2 },
"end": { "line": 532, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 73,
"symbolName": "Number",
"recursionId": 66,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 557, "character": 41 },
"end": { "line": 586, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 74,
"symbolName": "Boolean",
"recursionId": 67,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 544, "character": 39 },
"end": { "line": 549, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 75,
"symbolName": "RegExp",
"recursionId": 68,
"instantiatedType": 75,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 991, "character": 2 },
"end": { "line": 1023, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 76,
"symbolName": "RegExp",
"recursionId": 68,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 991, "character": 2 },
"end": { "line": 1023, "character": 2 }
},
"flags": ["TypeParameter", "IncludesMissingType"]
},
{
"id": 77,
"symbolName": "Array",
"recursionId": 59,
"instantiatedType": 65,
"typeArguments": [1],
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1323, "character": 2 },
"end": { "line": 1511, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 78,
"symbolName": "Array",
"recursionId": 59,
"instantiatedType": 65,
"typeArguments": [2],
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1323, "character": 2 },
"end": { "line": 1511, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 79,
"symbolName": "ReadonlyArray",
"recursionId": 69,
"instantiatedType": 79,
"typeArguments": [80],
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1185, "character": 24 },
"end": { "line": 1316, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 80,
"symbolName": "T",
"recursionId": 70,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1191, "character": 25 },
"end": { "line": 1191, "character": 26 }
},
"flags": ["TypeParameter", "IncludesMissingType"]
},
{
"id": 81,
"symbolName": "ReadonlyArray",
"recursionId": 69,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1185, "character": 24 },
"end": { "line": 1316, "character": 2 }
},
"flags": ["TypeParameter", "IncludesMissingType"]
},
{
"id": 82,
"symbolName": "ReadonlyArray",
"recursionId": 69,
"instantiatedType": 79,
"typeArguments": [1],
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1185, "character": 24 },
"end": { "line": 1316, "character": 2 }
},
"flags": ["Object"]
},
{
"id": 83,
"symbolName": "ThisType",
"recursionId": 71,
"instantiatedType": 83,
"typeArguments": [84],
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1680, "character": 29 },
"end": { "line": 1685, "character": 25 }
},
"flags": ["Object"]
},
{
"id": 84,
"symbolName": "T",
"recursionId": 72,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1685, "character": 20 },
"end": { "line": 1685, "character": 21 }
},
"flags": ["TypeParameter", "IncludesMissingType"]
},
{
"id": 85,
"symbolName": "ThisType",
"recursionId": 71,
"firstDeclaration": {
"path": "/home/barsa/projects/customer_portal/customer-portal/node_modules/.pnpm/typescript@5.9.2/node_modules/typescript/lib/lib.es5.d.ts",
"start": { "line": 1680, "character": 29 },
"end": { "line": 1685, "character": 25 }
},
"flags": ["TypeParameter", "IncludesMissingType"]
}
]

343
apps/bff/openapi/openapi.json
View File

@ -29,9 +29,7 @@
}
],
"summary": "Create Salesforce Order",
"tags": [
"orders"
]
"tags": ["orders"]
}
},
"/api/orders/user": {
@ -49,9 +47,7 @@
}
],
"summary": "Get user's orders",
"tags": [
"orders"
]
"tags": ["orders"]
}
},
"/api/orders/{sfOrderId}": {
@ -78,9 +74,7 @@
}
],
"summary": "Get order summary/status",
"tags": [
"orders"
]
"tags": ["orders"]
}
},
"/api/me": {
@ -101,9 +95,7 @@
}
],
"summary": "Get current user profile",
"tags": [
"users"
]
"tags": ["users"]
},
"patch": {
"operationId": "UsersController_updateProfile",
@ -135,9 +127,7 @@
}
],
"summary": "Update user profile",
"tags": [
"users"
]
"tags": ["users"]
}
},
"/api/me/summary": {
@ -158,9 +148,7 @@
}
],
"summary": "Get user dashboard summary",
"tags": [
"users"
]
"tags": ["users"]
}
},
"/api/me/address": {
@ -181,9 +169,7 @@
}
],
"summary": "Get mailing address",
"tags": [
"users"
]
"tags": ["users"]
},
"patch": {
"operationId": "UsersController_updateAddress",
@ -215,9 +201,7 @@
}
],
"summary": "Update mailing address",
"tags": [
"users"
]
"tags": ["users"]
}
},
"/api/auth/validate-signup": {
@ -249,9 +233,7 @@
}
},
"summary": "Validate customer number for signup",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/health-check": {
@ -264,9 +246,7 @@
}
},
"summary": "Check auth service health and integrations",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/signup-preflight": {
@ -289,9 +269,7 @@
}
},
"summary": "Validate full signup data without creating anything",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/account-status": {
@ -314,9 +292,7 @@
}
},
"summary": "Get account status by email",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/signup": {
@ -345,9 +321,7 @@
}
},
"summary": "Create new user account",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/login": {
@ -363,9 +337,7 @@
}
},
"summary": "Authenticate user",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/logout": {
@ -378,9 +350,7 @@
}
},
"summary": "Logout user",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/link-whmcs": {
@ -409,9 +379,7 @@
}
},
"summary": "Link existing WHMCS user",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/set-password": {
@ -440,9 +408,7 @@
}
},
"summary": "Set password for linked user",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/check-password-needed": {
@ -455,9 +421,7 @@
}
},
"summary": "Check if user needs to set password",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/request-password-reset": {
@ -480,9 +444,7 @@
}
},
"summary": "Request password reset email",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/reset-password": {
@ -505,9 +467,7 @@
}
},
"summary": "Reset password with token",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/change-password": {
@ -530,9 +490,7 @@
}
},
"summary": "Change password (authenticated)",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/me": {
@ -545,9 +503,7 @@
}
},
"summary": "Get current authentication status",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/sso-link": {
@ -573,9 +529,7 @@
}
},
"summary": "Create SSO link to WHMCS",
"tags": [
"auth"
]
"tags": ["auth"]
}
},
"/api/auth/admin/audit-logs": {
@ -618,9 +572,7 @@
}
],
"summary": "Get audit logs (admin only)",
"tags": [
"auth-admin"
]
"tags": ["auth-admin"]
}
},
"/api/auth/admin/unlock-account/{userId}": {
@ -647,9 +599,7 @@
}
],
"summary": "Unlock user account (admin only)",
"tags": [
"auth-admin"
]
"tags": ["auth-admin"]
}
},
"/api/auth/admin/security-stats": {
@ -667,9 +617,7 @@
}
],
"summary": "Get security statistics (admin only)",
"tags": [
"auth-admin"
]
"tags": ["auth-admin"]
}
},
"/api/catalog/internet/plans": {
@ -687,9 +635,7 @@
}
],
"summary": "Get Internet plans filtered by customer eligibility",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/catalog/internet/addons": {
@ -707,9 +653,7 @@
}
],
"summary": "Get Internet add-ons",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/catalog/internet/installations": {
@ -727,9 +671,7 @@
}
],
"summary": "Get Internet installations",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/catalog/sim/plans": {
@ -747,9 +689,7 @@
}
],
"summary": "Get SIM plans filtered by user's existing services",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/catalog/sim/activation-fees": {
@ -767,9 +707,7 @@
}
],
"summary": "Get SIM activation fees",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/catalog/sim/addons": {
@ -787,9 +725,7 @@
}
],
"summary": "Get SIM add-ons",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/catalog/vpn/plans": {
@ -807,9 +743,7 @@
}
],
"summary": "Get VPN plans",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/catalog/vpn/activation-fees": {
@ -827,9 +761,7 @@
}
],
"summary": "Get VPN activation fees",
"tags": [
"catalog"
]
"tags": ["catalog"]
}
},
"/api/invoices": {
@ -883,9 +815,7 @@
}
],
"summary": "Get paginated list of user invoices",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/payment-methods": {
@ -904,9 +834,7 @@
}
],
"summary": "Get user payment methods",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/payment-gateways": {
@ -925,9 +853,7 @@
}
],
"summary": "Get available payment gateways",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/test-payment-methods/{clientId}": {
@ -956,9 +882,7 @@
}
],
"summary": "Test WHMCS payment methods API for specific client ID",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/payment-methods/refresh": {
@ -977,9 +901,7 @@
}
],
"summary": "Refresh payment methods cache",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/{id}": {
@ -1018,9 +940,7 @@
}
],
"summary": "Get invoice details by ID",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/{id}/subscriptions": {
@ -1052,9 +972,7 @@
}
],
"summary": "Get subscriptions related to an invoice",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/{id}/sso-link": {
@ -1077,11 +995,7 @@
"in": "query",
"description": "Link target: view invoice, download PDF, or go to payment page (default: view)",
"schema": {
"enum": [
"view",
"download",
"pay"
],
"enum": ["view", "download", "pay"],
"type": "string"
}
}
@ -1100,9 +1014,7 @@
}
],
"summary": "Create SSO link for invoice",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/invoices/{id}/payment-link": {
@ -1152,9 +1064,7 @@
}
],
"summary": "Create payment link for invoice with payment method",
"tags": [
"invoices"
]
"tags": ["invoices"]
}
},
"/api/subscriptions": {
@ -1183,9 +1093,7 @@
}
],
"summary": "Get all user subscriptions",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/active": {
@ -1204,9 +1112,7 @@
}
],
"summary": "Get active subscriptions only",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/stats": {
@ -1225,9 +1131,7 @@
}
],
"summary": "Get subscription statistics",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}": {
@ -1259,9 +1163,7 @@
}
],
"summary": "Get subscription details by ID",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/invoices": {
@ -1311,9 +1213,7 @@
}
],
"summary": "Get invoices for a specific subscription",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/debug": {
@ -1342,9 +1242,7 @@
}
],
"summary": "Debug SIM subscription data",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim": {
@ -1379,9 +1277,7 @@
}
],
"summary": "Get SIM details and usage",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/details": {
@ -1410,9 +1306,7 @@
}
],
"summary": "Get SIM details",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/usage": {
@ -1441,9 +1335,7 @@
}
],
"summary": "Get SIM data usage",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/top-up-history": {
@ -1492,9 +1384,7 @@
}
],
"summary": "Get SIM top-up history",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/top-up": {
@ -1526,9 +1416,7 @@
"example": 1000
}
},
"required": [
"quotaMb"
]
"required": ["quotaMb"]
}
}
}
@ -1544,9 +1432,7 @@
}
],
"summary": "Top up SIM data quota",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/change-plan": {
@ -1578,9 +1464,7 @@
"example": "LTE3G_P01"
}
},
"required": [
"newPlanCode"
]
"required": ["newPlanCode"]
}
}
}
@ -1596,9 +1480,7 @@
}
],
"summary": "Change SIM plan",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/cancel": {
@ -1645,9 +1527,7 @@
}
],
"summary": "Cancel SIM service",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/reissue-esim": {
@ -1698,9 +1578,7 @@
}
],
"summary": "Reissue eSIM profile",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/{id}/sim/features": {
@ -1737,10 +1615,7 @@
},
"networkType": {
"type": "string",
"enum": [
"4G",
"5G"
]
"enum": ["4G", "5G"]
}
}
}
@ -1758,9 +1633,7 @@
}
],
"summary": "Update SIM features",
"tags": [
"subscriptions"
]
"tags": ["subscriptions"]
}
},
"/api/subscriptions/sim/orders/activate": {
@ -1789,9 +1662,7 @@
}
],
"summary": "Create invoice, capture payment, and activate SIM in Freebit",
"tags": [
"sim-orders"
]
"tags": ["sim-orders"]
}
},
"/health": {
@ -1803,9 +1674,7 @@
"description": ""
}
},
"tags": [
"Health"
]
"tags": ["Health"]
}
}
},
@ -1893,9 +1762,7 @@
"example": "12345"
}
},
"required": [
"sfNumber"
]
"required": ["sfNumber"]
},
"AddressDto": {
"type": "object",
@ -1926,13 +1793,7 @@
"description": "ISO 2-letter country code"
}
},
"required": [
"street",
"city",
"state",
"postalCode",
"country"
]
"required": ["street", "city", "state", "postalCode", "country"]
},
"SignupDto": {
"type": "object",
@ -1985,22 +1846,10 @@
},
"gender": {
"type": "string",
"enum": [
"male",
"female",
"other"
]
"enum": ["male", "female", "other"]
}
},
"required": [
"email",
"password",
"firstName",
"lastName",
"phone",
"sfNumber",
"address"
]
"required": ["email", "password", "firstName", "lastName", "phone", "sfNumber", "address"]
},
"AccountStatusRequestDto": {
"type": "object",
@ -2010,9 +1859,7 @@
"example": "user@example.com"
}
},
"required": [
"email"
]
"required": ["email"]
},
"LinkWhmcsDto": {
"type": "object",
@ -2026,10 +1873,7 @@
"example": "existing-whmcs-password"
}
},
"required": [
"email",
"password"
]
"required": ["email", "password"]
},
"SetPasswordDto": {
"type": "object",
@ -2044,10 +1888,7 @@
"description": "Password must be at least 8 characters and contain uppercase, lowercase, number, and special character"
}
},
"required": [
"email",
"password"
]
"required": ["email", "password"]
},
"RequestPasswordResetDto": {
"type": "object",
@ -2057,9 +1898,7 @@
"example": "user@example.com"
}
},
"required": [
"email"
]
"required": ["email"]
},
"ResetPasswordDto": {
"type": "object",
@ -2073,10 +1912,7 @@
"example": "SecurePassword123!"
}
},
"required": [
"token",
"password"
]
"required": ["token", "password"]
},
"ChangePasswordDto": {
"type": "object",
@ -2090,10 +1926,7 @@
"example": "NewSecurePassword123!"
}
},
"required": [
"currentPassword",
"newPassword"
]
"required": ["currentPassword", "newPassword"]
},
"SsoLinkDto": {
"type": "object",
@ -2133,12 +1966,7 @@
"example": 555
}
},
"required": [
"id",
"description",
"amount",
"type"
]
"required": ["id", "description", "amount", "type"]
},
"InvoiceDto": {
"type": "object",
@ -2203,15 +2031,7 @@
}
}
},
"required": [
"id",
"number",
"status",
"currency",
"total",
"subtotal",
"tax"
]
"required": ["id", "number", "status", "currency", "total", "subtotal", "tax"]
},
"PaginationDto": {
"type": "object",
@ -2232,11 +2052,7 @@
"type": "string"
}
},
"required": [
"page",
"totalPages",
"totalItems"
]
"required": ["page", "totalPages", "totalItems"]
},
"InvoiceListDto": {
"type": "object",
@ -2251,10 +2067,7 @@
"$ref": "#/components/schemas/PaginationDto"
}
},
"required": [
"invoices",
"pagination"
]
"required": ["invoices", "pagination"]
}
}
}

21
apps/bff/src/core/config/env.validation.ts
View File

@ -20,6 +20,14 @@ export const envSchema = z.object({
AUTH_RATE_LIMIT_LIMIT: z.coerce.number().int().positive().default(3),
REDIS_URL: z.string().url().default("redis://localhost:6379"),
AUTH_ALLOW_REDIS_TOKEN_FAILOPEN: z.enum(["true", "false"]).default("false"),
AUTH_REQUIRE_REDIS_FOR_TOKENS: z.enum(["true", "false"]).default("false"),
AUTH_MAINTENANCE_MODE: z.enum(["true", "false"]).default("false"),
AUTH_MAINTENANCE_MESSAGE: z
.string()
.default(
"Authentication service is temporarily unavailable for maintenance. Please try again later."
),
DATABASE_URL: z.string().url(),
@ -43,6 +51,19 @@ export const envSchema = z.object({
SF_CLIENT_ID: z.string().optional(),
SF_PRIVATE_KEY_PATH: z.string().optional(),
SF_WEBHOOK_SECRET: z.string().optional(),
SF_AUTH_TIMEOUT_MS: z.coerce.number().int().positive().default(30000),
SF_TOKEN_TTL_MS: z.coerce.number().int().positive().default(720000),
SF_TOKEN_REFRESH_BUFFER_MS: z.coerce.number().int().positive().default(60000),
// Queue Throttling Configuration
WHMCS_QUEUE_CONCURRENCY: z.coerce.number().int().positive().default(15),
WHMCS_QUEUE_INTERVAL_CAP: z.coerce.number().int().positive().default(300),
WHMCS_QUEUE_TIMEOUT_MS: z.coerce.number().int().positive().default(30000),
SF_QUEUE_CONCURRENCY: z.coerce.number().int().positive().default(15),
SF_QUEUE_LONG_RUNNING_CONCURRENCY: z.coerce.number().int().positive().default(22),
SF_QUEUE_INTERVAL_CAP: z.coerce.number().int().positive().default(600),
SF_QUEUE_TIMEOUT_MS: z.coerce.number().int().positive().default(30000),
SF_QUEUE_LONG_RUNNING_TIMEOUT_MS: z.coerce.number().int().positive().default(600000),
SF_EVENTS_ENABLED: z.enum(["true", "false"]).default("false"),
SF_PROVISION_EVENT_CHANNEL: z.string().default("/event/Order_Fulfilment_Requested__e"),

52
apps/bff/src/core/queue/services/salesforce-request-queue.service.ts
View File

@ -1,5 +1,6 @@
import { Injectable, Inject, OnModuleInit, OnModuleDestroy } from "@nestjs/common";
import { Logger } from "nestjs-pino";
import { ConfigService } from "@nestjs/config";
export interface SalesforceQueueMetrics {
totalRequests: number;
@ -58,7 +59,10 @@ export class SalesforceRequestQueueService implements OnModuleInit, OnModuleDest
private readonly maxMetricsHistory = 100;
private dailyUsageResetTime: Date;
constructor(@Inject(Logger) private readonly logger: Logger) {
constructor(
@Inject(Logger) private readonly logger: Logger,
private readonly configService: ConfigService
) {
this.dailyUsageResetTime = this.getNextDayReset();
}
@ -66,20 +70,32 @@ export class SalesforceRequestQueueService implements OnModuleInit, OnModuleDest
if (!this.standardQueue) {
const { default: PQueue } = await import("p-queue");
// Optimized Salesforce requests queue for better user experience
const concurrency = this.configService.get<number>("SF_QUEUE_CONCURRENCY", 15);
const longRunningConcurrency = this.configService.get<number>(
"SF_QUEUE_LONG_RUNNING_CONCURRENCY",
22
);
const intervalCap = this.configService.get<number>("SF_QUEUE_INTERVAL_CAP", 600);
const timeout = this.configService.get<number>("SF_QUEUE_TIMEOUT_MS", 30000);
const longRunningTimeout = this.configService.get<number>(
"SF_QUEUE_LONG_RUNNING_TIMEOUT_MS",
600000
);
// Configurable Salesforce requests queue
this.standardQueue = new PQueue({
concurrency: 15, // Max 15 concurrent standard requests (increased from 10)
concurrency, // Max concurrent standard requests
interval: 60000, // Per minute
intervalCap: 600, // Max 600 requests per minute (10 RPS - increased from 2 RPS)
timeout: 30000, // 30 second default timeout
intervalCap, // Max requests per minute
timeout, // Request timeout
throwOnTimeout: true,
carryoverConcurrencyCount: true,
});
// Long-running requests queue (separate to respect 25 concurrent limit)
this.longRunningQueue = new PQueue({
concurrency: 22, // Max 22 concurrent long-running (closer to 25 limit)
timeout: 600000, // 10 minute timeout for long-running
concurrency: longRunningConcurrency, // Max concurrent long-running requests
timeout: longRunningTimeout, // Timeout for long-running requests
throwOnTimeout: true,
carryoverConcurrencyCount: true,
});
@ -91,12 +107,24 @@ export class SalesforceRequestQueueService implements OnModuleInit, OnModuleDest
async onModuleInit() {
await this.initializeQueues();
const concurrency = this.configService.get<number>("SF_QUEUE_CONCURRENCY", 15);
const longRunningConcurrency = this.configService.get<number>(
"SF_QUEUE_LONG_RUNNING_CONCURRENCY",
22
);
const intervalCap = this.configService.get<number>("SF_QUEUE_INTERVAL_CAP", 600);
const timeout = this.configService.get<number>("SF_QUEUE_TIMEOUT_MS", 30000);
const longRunningTimeout = this.configService.get<number>(
"SF_QUEUE_LONG_RUNNING_TIMEOUT_MS",
600000
);
this.logger.log("Salesforce Request Queue initialized", {
standardConcurrency: 15,
longRunningConcurrency: 22,
rateLimit: "600 requests/minute (10 RPS)",
standardTimeout: "30 seconds",
longRunningTimeout: "10 minutes",
standardConcurrency: concurrency,
longRunningConcurrency,
rateLimit: `${intervalCap} requests/minute (${(intervalCap / 60).toFixed(1)} RPS)`,
standardTimeout: `${timeout / 1000} seconds`,
longRunningTimeout: `${longRunningTimeout / 60000} minutes`,
});
}

28
apps/bff/src/core/queue/services/whmcs-request-queue.service.ts
View File

@ -1,5 +1,6 @@
import { Injectable, Inject, OnModuleInit, OnModuleDestroy } from "@nestjs/common";
import { Logger } from "nestjs-pino";
import { ConfigService } from "@nestjs/config";
export interface WhmcsQueueMetrics {
totalRequests: number;
@ -51,18 +52,25 @@ export class WhmcsRequestQueueService implements OnModuleInit, OnModuleDestroy {
private readonly executionTimes: number[] = [];
private readonly maxMetricsHistory = 100;
constructor(@Inject(Logger) private readonly logger: Logger) {}
constructor(
@Inject(Logger) private readonly logger: Logger,
private readonly configService: ConfigService
) {}
private async initializeQueue() {
if (!this.queue) {
const { default: PQueue } = await import("p-queue");
// Optimized WHMCS queue configuration for better user experience
const concurrency = this.configService.get<number>("WHMCS_QUEUE_CONCURRENCY", 15);
const intervalCap = this.configService.get<number>("WHMCS_QUEUE_INTERVAL_CAP", 300);
const timeout = this.configService.get<number>("WHMCS_QUEUE_TIMEOUT_MS", 30000);
// Configurable WHMCS queue configuration
this.queue = new PQueue({
concurrency: 15, // Max 15 concurrent WHMCS requests (matches Salesforce)
concurrency, // Max concurrent WHMCS requests
interval: 60000, // Per minute
intervalCap: 300, // Max 300 requests per minute (5 RPS - increased from 0.5 RPS)
timeout: 30000, // 30 second default timeout
intervalCap, // Max requests per minute
timeout, // Request timeout
throwOnTimeout: true,
carryoverConcurrencyCount: true,
});
@ -74,10 +82,14 @@ export class WhmcsRequestQueueService implements OnModuleInit, OnModuleDestroy {
async onModuleInit() {
await this.initializeQueue();
const concurrency = this.configService.get<number>("WHMCS_QUEUE_CONCURRENCY", 15);
const intervalCap = this.configService.get<number>("WHMCS_QUEUE_INTERVAL_CAP", 300);
const timeout = this.configService.get<number>("WHMCS_QUEUE_TIMEOUT_MS", 30000);
this.logger.log("WHMCS Request Queue initialized", {
concurrency: 15,
rateLimit: "300 requests/minute (5 RPS)",
timeout: "30 seconds",
concurrency,
rateLimit: `${intervalCap} requests/minute (${(intervalCap / 60).toFixed(1)} RPS)`,
timeout: `${timeout / 1000} seconds`,
});
}

133
apps/bff/src/integrations/salesforce/services/salesforce-connection.service.ts
View File

@ -65,6 +65,14 @@ export class SalesforceConnection {
const nodeEnv =
this.configService.get<string>("NODE_ENV") || process.env.NODE_ENV || "development";
const isProd = nodeEnv === "production";
const authTimeout = this.configService.get<number>("SF_AUTH_TIMEOUT_MS", 30000);
const startTime = Date.now();
this.logger.debug("Starting Salesforce authentication", {
authTimeout,
nodeEnv,
});
try {
const username = this.configService.get<string>("SF_USERNAME");
const clientId = this.configService.get<string>("SF_CLIENT_ID");
@ -140,16 +148,49 @@ export class SalesforceConnection {
const assertion = jwt.sign(payload, privateKey, { algorithm: "RS256" });
// Get access token
// Get access token with timeout
const tokenUrl = `${audience}/services/oauth2/token`;
const res = await fetch(tokenUrl, {
this.logger.debug("Requesting Salesforce access token", {
tokenUrl: isProd ? "[REDACTED]" : tokenUrl,
clientId: isProd ? "[REDACTED]" : clientId,
username: isProd ? "[REDACTED]" : username,
});
const controller = new AbortController();
const timeoutId = setTimeout(() => {
controller.abort();
}, authTimeout);
let res: Response;
try {
res = await fetch(tokenUrl, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
assertion,
}),
signal: controller.signal,
});
} catch (error) {
if (error instanceof Error && error.name === "AbortError") {
const authDuration = Date.now() - startTime;
this.logger.error("Salesforce authentication timeout", {
authTimeout,
authDuration,
tokenUrl: isProd ? "[REDACTED]" : tokenUrl,
});
throw new Error(
isProd
? "Salesforce authentication timeout"
: `Authentication timeout after ${authTimeout}ms`
);
}
throw error;
} finally {
clearTimeout(timeoutId);
}
if (!res.ok) {
const errorText = await res.text();
@ -172,13 +213,28 @@ export class SalesforceConnection {
this.tokenIssuedAt = issuedAt;
this.tokenExpiresAt = issuedAt + tokenTtlMs;
this.logger.log("✅ Salesforce connection established");
const authDuration = issuedAt - startTime;
this.logger.log("✅ Salesforce connection established", {
authDuration,
tokenTtlMs,
expiresAt: new Date(this.tokenExpiresAt).toISOString(),
instanceUrl: isProd ? "[REDACTED]" : this.connection.instanceUrl,
});
} catch (error) {
const authDuration = Date.now() - startTime;
const message = getErrorMessage(error);
if (isProd) {
this.logger.error("Failed to connect to Salesforce");
this.logger.error("Failed to connect to Salesforce", {
authDuration,
errorType: error instanceof Error ? error.constructor.name : "Unknown",
});
} else {
this.logger.error(`Failed to connect to Salesforce: ${message}`);
this.logger.error(`Failed to connect to Salesforce: ${message}`, {
authDuration,
errorType: error instanceof Error ? error.constructor.name : "Unknown",
errorMessage: message,
});
}
throw error;
}
@ -193,19 +249,29 @@ export class SalesforceConnection {
} catch (error: unknown) {
// Check if this is a session expiration error
if (this.isSessionExpiredError(error)) {
this.logger.warn("Salesforce session expired, attempting to re-authenticate");
const reAuthStartTime = Date.now();
this.logger.warn("Salesforce session expired, attempting to re-authenticate", {
originalError: getErrorMessage(error),
tokenIssuedAt: this.tokenIssuedAt ? new Date(this.tokenIssuedAt).toISOString() : null,
tokenExpiresAt: this.tokenExpiresAt ? new Date(this.tokenExpiresAt).toISOString() : null,
});
try {
// Re-authenticate
await this.connect(true);
// Retry the query once
this.logger.debug("Retrying query after re-authentication");
const reAuthDuration = Date.now() - reAuthStartTime;
this.logger.debug("Retrying query after re-authentication", {
reAuthDuration,
});
return await this.connection.query(soql);
} catch (retryError) {
const reAuthDuration = Date.now() - reAuthStartTime;
this.logger.error("Failed to re-authenticate or retry query", {
originalError: getErrorMessage(error),
retryError: getErrorMessage(retryError),
reAuthDuration,
});
throw retryError;
}
@ -244,18 +310,32 @@ export class SalesforceConnection {
return await originalSObject.create(data);
} catch (error: unknown) {
if (this.isSessionExpiredError(error)) {
const reAuthStartTime = Date.now();
this.logger.warn(
"Salesforce session expired during SObject create, attempting to re-authenticate"
"Salesforce session expired during SObject create, attempting to re-authenticate",
{
sobjectType: type,
originalError: getErrorMessage(error),
}
);
try {
await this.connect(true);
const reAuthDuration = Date.now() - reAuthStartTime;
this.logger.debug("Retrying SObject create after re-authentication", {
sobjectType: type,
reAuthDuration,
});
const newSObject = this.connection.sobject(type);
return await newSObject.create(data);
} catch (retryError) {
const reAuthDuration = Date.now() - reAuthStartTime;
this.logger.error("Failed to re-authenticate or retry SObject create", {
sobjectType: type,
originalError: getErrorMessage(error),
retryError: getErrorMessage(retryError),
reAuthDuration,
});
throw retryError;
}
@ -270,18 +350,35 @@ export class SalesforceConnection {
return await originalSObject.update(data);
} catch (error: unknown) {
if (this.isSessionExpiredError(error)) {
const reAuthStartTime = Date.now();
this.logger.warn(
"Salesforce session expired during SObject update, attempting to re-authenticate"
"Salesforce session expired during SObject update, attempting to re-authenticate",
{
sobjectType: type,
recordId: data.Id,
originalError: getErrorMessage(error),
}
);
try {
await this.connect(true);
const reAuthDuration = Date.now() - reAuthStartTime;
this.logger.debug("Retrying SObject update after re-authentication", {
sobjectType: type,
recordId: data.Id,
reAuthDuration,
});
const newSObject = this.connection.sobject(type);
return await newSObject.update(data);
} catch (retryError) {
const reAuthDuration = Date.now() - reAuthStartTime;
this.logger.error("Failed to re-authenticate or retry SObject update", {
sobjectType: type,
recordId: data.Id,
originalError: getErrorMessage(error),
retryError: getErrorMessage(retryError),
reAuthDuration,
});
throw retryError;
}
@ -321,9 +418,19 @@ export class SalesforceConnection {
}
async ensureConnected(): Promise<void> {
if (!this.isConnected() || this.isTokenExpiring()) {
this.logger.debug("Salesforce connection stale; refreshing access token");
await this.connect(!this.isConnected());
const wasConnected = this.isConnected();
const isExpiring = this.isTokenExpiring();
if (!wasConnected || isExpiring) {
this.logger.debug("Salesforce connection stale; refreshing access token", {
wasConnected,
isExpiring,
tokenIssuedAt: this.tokenIssuedAt ? new Date(this.tokenIssuedAt).toISOString() : null,
tokenExpiresAt: this.tokenExpiresAt ? new Date(this.tokenExpiresAt).toISOString() : null,
currentTime: new Date().toISOString(),
});
await this.connect(!wasConnected);
}
}

59
apps/bff/src/modules/auth/auth-admin.controller.ts
View File

@ -11,6 +11,7 @@ import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth } from "@nestjs/swagg
import { AdminGuard } from "./guards/admin.guard";
import { AuditService, AuditAction } from "@bff/infra/audit/audit.service";
import { UsersService } from "@bff/modules/users/users.service";
import { TokenMigrationService } from "./services/token-migration.service";
@ApiTags("auth-admin")
@ApiBearerAuth()
@ -19,7 +20,8 @@ import { UsersService } from "@bff/modules/users/users.service";
export class AuthAdminController {
constructor(
private auditService: AuditService,
private usersService: UsersService
private usersService: UsersService,
private tokenMigrationService: TokenMigrationService
) {}
@Get("audit-logs")
@ -86,4 +88,59 @@ export class AuthAdminController {
async getSecurityStats() {
return this.auditService.getSecurityStats();
}
@Get("token-migration/status")
@ApiOperation({ summary: "Get token migration status (admin only)" })
@ApiResponse({ status: 200, description: "Migration status retrieved" })
async getTokenMigrationStatus() {
return this.tokenMigrationService.getMigrationStatus();
}
@Post("token-migration/run")
@ApiOperation({ summary: "Run token migration (admin only)" })
@ApiResponse({ status: 200, description: "Migration completed" })
async runTokenMigration(@Query("dryRun") dryRun: string = "true") {
const isDryRun = dryRun.toLowerCase() !== "false";
const stats = await this.tokenMigrationService.migrateExistingTokens(isDryRun);
await this.auditService.log({
action: AuditAction.SYSTEM_MAINTENANCE,
resource: "auth",
details: {
operation: "token_migration",
dryRun: isDryRun,
stats,
},
success: true,
});
return {
message: isDryRun ? "Migration dry run completed" : "Migration completed",
stats,
};
}
@Post("token-migration/cleanup")
@ApiOperation({ summary: "Clean up orphaned tokens (admin only)" })
@ApiResponse({ status: 200, description: "Cleanup completed" })
async cleanupOrphanedTokens(@Query("dryRun") dryRun: string = "true") {
const isDryRun = dryRun.toLowerCase() !== "false";
const stats = await this.tokenMigrationService.cleanupOrphanedTokens(isDryRun);
await this.auditService.log({
action: AuditAction.SYSTEM_MAINTENANCE,
resource: "auth",
details: {
operation: "token_cleanup",
dryRun: isDryRun,
stats,
},
success: true,
});
return {
message: isDryRun ? "Cleanup dry run completed" : "Cleanup completed",
stats,
};
}
}

4
apps/bff/src/modules/auth/auth.module.ts
View File

@ -15,6 +15,7 @@ import { GlobalAuthGuard } from "./guards/global-auth.guard";
import { TokenBlacklistService } from "./services/token-blacklist.service";
import { EmailModule } from "@bff/infra/email/email.module";
import { AuthTokenService } from "./services/token.service";
import { TokenMigrationService } from "./services/token-migration.service";
import { SignupWorkflowService } from "./services/workflows/signup-workflow.service";
import { PasswordWorkflowService } from "./services/workflows/password-workflow.service";
import { WhmcsLinkWorkflowService } from "./services/workflows/whmcs-link-workflow.service";
@ -41,6 +42,7 @@ import { WhmcsLinkWorkflowService } from "./services/workflows/whmcs-link-workfl
LocalStrategy,
TokenBlacklistService,
AuthTokenService,
TokenMigrationService,
SignupWorkflowService,
PasswordWorkflowService,
WhmcsLinkWorkflowService,
@ -49,6 +51,6 @@ import { WhmcsLinkWorkflowService } from "./services/workflows/whmcs-link-workfl
useClass: GlobalAuthGuard,
},
],
exports: [AuthService, TokenBlacklistService, AuthTokenService],
exports: [AuthService, TokenBlacklistService, AuthTokenService, TokenMigrationService],
})
export class AuthModule {}

405
apps/bff/src/modules/auth/services/token-migration.service.ts Normal file
View File

@ -0,0 +1,405 @@
import { Injectable, Inject } from "@nestjs/common";
import { Logger } from "nestjs-pino";
import { ConfigService } from "@nestjs/config";
import { Redis } from "ioredis";
import { createHash } from "crypto";
export interface MigrationStats {
totalKeysScanned: number;
familiesFound: number;
familiesMigrated: number;
tokensFound: number;
tokensMigrated: number;
orphanedTokens: number;
errors: number;
duration: number;
}
@Injectable()
export class TokenMigrationService {
private readonly REFRESH_TOKEN_FAMILY_PREFIX = "refresh_family:";
private readonly REFRESH_TOKEN_PREFIX = "refresh_token:";
private readonly REFRESH_USER_SET_PREFIX = "refresh_user:";
constructor(
@Inject("REDIS_CLIENT") private readonly redis: Redis,
@Inject(Logger) private readonly logger: Logger,
private readonly configService: ConfigService
) {}
/**
* Migrate existing refresh tokens to the new per-user token set structure
*/
async migrateExistingTokens(dryRun = true): Promise<MigrationStats> {
const startTime = Date.now();
const stats: MigrationStats = {
totalKeysScanned: 0,
familiesFound: 0,
familiesMigrated: 0,
tokensFound: 0,
tokensMigrated: 0,
orphanedTokens: 0,
errors: 0,
duration: 0,
};
this.logger.log("Starting token migration", { dryRun });
if (this.redis.status !== "ready") {
throw new Error("Redis is not ready for migration");
}
try {
// First, scan for all refresh token families
await this.migrateFamilies(stats, dryRun);
// Then, scan for orphaned tokens (tokens without families)
await this.migrateOrphanedTokens(stats, dryRun);
stats.duration = Date.now() - startTime;
this.logger.log("Token migration completed", {
dryRun,
stats,
});
return stats;
} catch (error) {
stats.duration = Date.now() - startTime;
stats.errors++;
this.logger.error("Token migration failed", {
error: error instanceof Error ? error.message : String(error),
stats,
});
throw error;
}
}
/**
* Migrate refresh token families to per-user sets
*/
private async migrateFamilies(stats: MigrationStats, dryRun: boolean): Promise<void> {
let cursor = "0";
const pattern = `${this.REFRESH_TOKEN_FAMILY_PREFIX}*`;
do {
const [nextCursor, keys] = await this.redis.scan(cursor, "MATCH", pattern, "COUNT", 100);
cursor = nextCursor;
stats.totalKeysScanned += keys.length;
if (keys && keys.length > 0) {
for (const key of keys) {
try {
await this.migrateSingleFamily(key, stats, dryRun);
} catch (error) {
stats.errors++;
this.logger.error("Failed to migrate family", {
key,
error: error instanceof Error ? error.message : String(error),
});
}
}
}
} while (cursor !== "0");
}
/**
* Migrate a single refresh token family
*/
private async migrateSingleFamily(
familyKey: string,
stats: MigrationStats,
dryRun: boolean
): Promise<void> {
const familyData = await this.redis.get(familyKey);
if (!familyData) {
return;
}
stats.familiesFound++;
try {
const family = JSON.parse(familyData);
// Validate family structure
if (!family.userId || typeof family.userId !== "string") {
this.logger.warn("Invalid family structure, skipping", { familyKey });
return;
}
const familyId = familyKey.replace(this.REFRESH_TOKEN_FAMILY_PREFIX, "");
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${family.userId}`;
// Check if this family is already in the user's set
const isAlreadyMigrated = await this.redis.sismember(userFamilySetKey, familyId);
if (isAlreadyMigrated) {
this.logger.debug("Family already migrated", { familyKey, userId: family.userId });
return;
}
if (!dryRun) {
// Add family to user's token set
const pipeline = this.redis.pipeline();
pipeline.sadd(userFamilySetKey, familyId);
// Set expiration on the user set (use the same TTL as the family)
const ttl = await this.redis.ttl(familyKey);
if (ttl > 0) {
pipeline.expire(userFamilySetKey, ttl);
}
await pipeline.exec();
}
stats.familiesMigrated++;
this.logger.debug("Migrated family to user set", {
familyKey,
userId: family.userId,
dryRun,
});
} catch (error) {
this.logger.error("Failed to parse family data", {
familyKey,
error: error instanceof Error ? error.message : String(error),
});
stats.errors++;
}
}
/**
* Migrate orphaned tokens (tokens without corresponding families)
*/
private async migrateOrphanedTokens(stats: MigrationStats, dryRun: boolean): Promise<void> {
let cursor = "0";
const pattern = `${this.REFRESH_TOKEN_PREFIX}*`;
do {
const [nextCursor, keys] = await this.redis.scan(cursor, "MATCH", pattern, "COUNT", 100);
cursor = nextCursor;
stats.totalKeysScanned += keys.length;
if (keys && keys.length > 0) {
for (const key of keys) {
try {
await this.migrateSingleToken(key, stats, dryRun);
} catch (error) {
stats.errors++;
this.logger.error("Failed to migrate token", {
key,
error: error instanceof Error ? error.message : String(error),
});
}
}
}
} while (cursor !== "0");
}
/**
* Migrate a single refresh token
*/
private async migrateSingleToken(
tokenKey: string,
stats: MigrationStats,
dryRun: boolean
): Promise<void> {
const tokenData = await this.redis.get(tokenKey);
if (!tokenData) {
return;
}
stats.tokensFound++;
try {
const token = JSON.parse(tokenData);
// Validate token structure
if (!token.familyId || !token.userId || typeof token.userId !== "string") {
this.logger.warn("Invalid token structure, skipping", { tokenKey });
return;
}
// Check if the corresponding family exists
const familyKey = `${this.REFRESH_TOKEN_FAMILY_PREFIX}${token.familyId}`;
const familyExists = await this.redis.exists(familyKey);
if (!familyExists) {
stats.orphanedTokens++;
this.logger.warn("Found orphaned token (no corresponding family)", {
tokenKey,
familyId: token.familyId,
userId: token.userId,
});
if (!dryRun) {
// Remove orphaned token
await this.redis.del(tokenKey);
this.logger.debug("Removed orphaned token", { tokenKey });
}
return;
}
// Check if this token's family is already in the user's set
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${token.userId}`;
const isAlreadyMigrated = await this.redis.sismember(userFamilySetKey, token.familyId);
if (isAlreadyMigrated) {
stats.tokensMigrated++;
return;
}
if (!dryRun) {
// Add family to user's token set
const pipeline = this.redis.pipeline();
pipeline.sadd(userFamilySetKey, token.familyId);
// Set expiration on the user set (use the same TTL as the token)
const ttl = await this.redis.ttl(tokenKey);
if (ttl > 0) {
pipeline.expire(userFamilySetKey, ttl);
}
await pipeline.exec();
}
stats.tokensMigrated++;
this.logger.debug("Migrated token family to user set", {
tokenKey,
familyId: token.familyId,
userId: token.userId,
dryRun,
});
} catch (error) {
this.logger.error("Failed to parse token data", {
tokenKey,
error: error instanceof Error ? error.message : String(error),
});
stats.errors++;
}
}
/**
* Clean up orphaned tokens and expired families
*/
async cleanupOrphanedTokens(dryRun = true): Promise<{ removed: number; errors: number }> {
const stats = { removed: 0, errors: 0 };
this.logger.log("Starting orphaned token cleanup", { dryRun });
let cursor = "0";
const pattern = `${this.REFRESH_TOKEN_PREFIX}*`;
do {
const [nextCursor, keys] = await this.redis.scan(cursor, "MATCH", pattern, "COUNT", 100);
cursor = nextCursor;
if (keys && keys.length > 0) {
for (const key of keys) {
try {
const tokenData = await this.redis.get(key);
if (!tokenData) continue;
const token = JSON.parse(tokenData);
if (!token.familyId) continue;
// Check if the corresponding family exists
const familyKey = `${this.REFRESH_TOKEN_FAMILY_PREFIX}${token.familyId}`;
const familyExists = await this.redis.exists(familyKey);
if (!familyExists) {
if (!dryRun) {
await this.redis.del(key);
}
stats.removed++;
this.logger.debug("Removed orphaned token", {
tokenKey: key,
familyId: token.familyId,
dryRun,
});
}
} catch (error) {
stats.errors++;
this.logger.error("Failed to cleanup token", {
key,
error: error instanceof Error ? error.message : String(error),
});
}
}
}
} while (cursor !== "0");
this.logger.log("Orphaned token cleanup completed", { dryRun, stats });
return stats;
}
/**
* Get migration status and statistics
*/
async getMigrationStatus(): Promise<{
totalFamilies: number;
totalTokens: number;
migratedUsers: number;
orphanedTokens: number;
needsMigration: boolean;
}> {
const stats = {
totalFamilies: 0,
totalTokens: 0,
migratedUsers: 0,
orphanedTokens: 0,
needsMigration: false,
};
// Count total families
let cursor = "0";
do {
const [nextCursor, keys] = await this.redis.scan(
cursor,
"MATCH",
`${this.REFRESH_TOKEN_FAMILY_PREFIX}*`,
"COUNT",
100
);
cursor = nextCursor;
stats.totalFamilies += keys.length;
} while (cursor !== "0");
// Count total tokens
cursor = "0";
do {
const [nextCursor, keys] = await this.redis.scan(
cursor,
"MATCH",
`${this.REFRESH_TOKEN_PREFIX}*`,
"COUNT",
100
);
cursor = nextCursor;
stats.totalTokens += keys.length;
} while (cursor !== "0");
// Count migrated users (users with token sets)
cursor = "0";
do {
const [nextCursor, keys] = await this.redis.scan(
cursor,
"MATCH",
`${this.REFRESH_USER_SET_PREFIX}*`,
"COUNT",
100
);
cursor = nextCursor;
stats.migratedUsers += keys.length;
} while (cursor !== "0");
// Estimate if migration is needed
stats.needsMigration = stats.totalFamilies > 0 && stats.migratedUsers === 0;
return stats;
}
}

371
apps/bff/src/modules/auth/services/token.service.ts
View File

@ -1,4 +1,9 @@
import { Injectable, Inject, UnauthorizedException } from "@nestjs/common";
import {
Injectable,
Inject,
UnauthorizedException,
ServiceUnavailableException,
} from "@nestjs/common";
import { JwtService } from "@nestjs/jwt";
import { ConfigService } from "@nestjs/config";
import { Redis } from "ioredis";
@ -36,6 +41,11 @@ export class AuthTokenService {
private readonly REFRESH_TOKEN_EXPIRY = "7d"; // Longer-lived refresh tokens
private readonly REFRESH_TOKEN_FAMILY_PREFIX = "refresh_family:";
private readonly REFRESH_TOKEN_PREFIX = "refresh_token:";
private readonly REFRESH_USER_SET_PREFIX = "refresh_user:";
private readonly allowRedisFailOpen: boolean;
private readonly requireRedisForTokens: boolean;
private readonly maintenanceMode: boolean;
private readonly maintenanceMessage: string;
constructor(
private readonly jwtService: JwtService,
@ -43,7 +53,37 @@ export class AuthTokenService {
@Inject("REDIS_CLIENT") private readonly redis: Redis,
@Inject(Logger) private readonly logger: Logger,
private readonly usersService: UsersService
) {}
) {
this.allowRedisFailOpen =
this.configService.get("AUTH_ALLOW_REDIS_TOKEN_FAILOPEN", "false") === "true";
this.requireRedisForTokens =
this.configService.get("AUTH_REQUIRE_REDIS_FOR_TOKENS", "false") === "true";
this.maintenanceMode = this.configService.get("AUTH_MAINTENANCE_MODE", "false") === "true";
this.maintenanceMessage = this.configService.get(
"AUTH_MAINTENANCE_MESSAGE",
"Authentication service is temporarily unavailable for maintenance. Please try again later."
);
}
/**
* Check if authentication service is available
*/
private checkServiceAvailability(): void {
if (this.maintenanceMode) {
this.logger.warn("Authentication service in maintenance mode", {
maintenanceMessage: this.maintenanceMessage,
});
throw new ServiceUnavailableException(this.maintenanceMessage);
}
if (this.requireRedisForTokens && this.redis.status !== "ready") {
this.logger.error("Redis required for token operations but not available", {
redisStatus: this.redis.status,
requireRedisForTokens: this.requireRedisForTokens,
});
throw new ServiceUnavailableException("Authentication service temporarily unavailable");
}
}
/**
* Generate a new token pair with refresh token rotation
@ -59,6 +99,8 @@ export class AuthTokenService {
userAgent?: string;
}
): Promise<AuthTokens> {
this.checkServiceAvailability();
const tokenId = this.generateTokenId();
const familyId = this.generateTokenId();
@ -95,36 +137,32 @@ export class AuthTokenService {
if (this.redis.status === "ready") {
try {
await this.redis.ping();
await this.redis.setex(
`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`,
refreshExpirySeconds,
JSON.stringify({
userId: user.id,
tokenHash: refreshTokenHash,
deviceId: deviceInfo?.deviceId,
userAgent: deviceInfo?.userAgent,
createdAt: new Date().toISOString(),
})
);
// Store individual refresh token
await this.redis.setex(
`${this.REFRESH_TOKEN_PREFIX}${refreshTokenHash}`,
refreshExpirySeconds,
JSON.stringify({
await this.storeRefreshTokenInRedis(
user.id,
familyId,
userId: user.id,
valid: true,
})
refreshTokenHash,
deviceInfo,
refreshExpirySeconds
);
} catch (error) {
this.logger.error("Failed to store refresh token in Redis", {
error: error instanceof Error ? error.message : String(error),
userId: user.id,
});
// If Redis is required, fail the operation
if (this.requireRedisForTokens) {
throw new ServiceUnavailableException("Authentication service temporarily unavailable");
}
}
} else {
if (this.requireRedisForTokens) {
this.logger.error("Redis required but not ready for token issuance", {
status: this.redis.status,
});
throw new ServiceUnavailableException("Authentication service temporarily unavailable");
}
this.logger.warn("Redis not ready for token issuance; issuing non-rotating tokens", {
status: this.redis.status,
});
@ -161,6 +199,15 @@ export class AuthTokenService {
if (!refreshToken) {
throw new UnauthorizedException("Invalid refresh token");
}
this.checkServiceAvailability();
if (!this.allowRedisFailOpen && this.redis.status !== "ready") {
this.logger.error("Redis unavailable for token refresh", {
redisStatus: this.redis.status,
});
throw new ServiceUnavailableException("Token refresh temporarily unavailable");
}
try {
// Verify refresh token
const payload = this.jwtService.verify<RefreshTokenPayload>(refreshToken);
@ -242,35 +289,15 @@ export class AuthTokenService {
error: error instanceof Error ? error.message : String(error),
});
// Always fail closed when Redis is not available for token operations
// This prevents refresh token replay attacks and maintains security
if (this.redis.status !== "ready") {
this.logger.warn("Redis unavailable during token refresh; issuing fallback token pair");
const fallbackDecoded: unknown = this.jwtService.decode(refreshToken);
const fallbackUserId =
fallbackDecoded && typeof fallbackDecoded === "object" && !Array.isArray(fallbackDecoded)
? (fallbackDecoded as { userId?: unknown }).userId
: undefined;
if (typeof fallbackUserId === "string") {
const fallbackUser = await this.usersService
.findByIdInternal(fallbackUserId)
.catch(() => null);
if (fallbackUser) {
const fallbackTokens = await this.generateTokenPair(
{
id: fallbackUser.id,
email: fallbackUser.email,
role: fallbackUser.role,
},
deviceInfo
);
return {
tokens: fallbackTokens,
user: mapPrismaUserToUserProfile(fallbackUser),
};
}
}
this.logger.error("Redis unavailable for token refresh - failing closed for security", {
redisStatus: this.redis.status,
allowRedisFailOpen: this.allowRedisFailOpen,
securityReason: "refresh_token_rotation_requires_redis",
});
throw new ServiceUnavailableException("Token refresh temporarily unavailable");
}
throw new UnauthorizedException("Invalid refresh token");
@ -303,9 +330,230 @@ export class AuthTokenService {
}
/**
* Revoke all refresh tokens for a user
* Store refresh token in Redis with per-user token set management
*/
private async storeRefreshTokenInRedis(
userId: string,
familyId: string,
refreshTokenHash: string,
deviceInfo?: { deviceId?: string; userAgent?: string },
refreshExpirySeconds?: number
): Promise<void> {
const expiry = refreshExpirySeconds || this.parseExpiryToSeconds(this.REFRESH_TOKEN_EXPIRY);
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${userId}`;
const pipeline = this.redis.pipeline();
// Store token family metadata
pipeline.setex(
`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`,
expiry,
JSON.stringify({
userId,
tokenHash: refreshTokenHash,
deviceId: deviceInfo?.deviceId,
userAgent: deviceInfo?.userAgent,
createdAt: new Date().toISOString(),
})
);
// Store token validation data
pipeline.setex(
`${this.REFRESH_TOKEN_PREFIX}${refreshTokenHash}`,
expiry,
JSON.stringify({
familyId,
userId,
valid: true,
})
);
// Add to user's token set for per-user management
pipeline.sadd(userFamilySetKey, familyId);
pipeline.expire(userFamilySetKey, expiry);
// Enforce maximum tokens per user (optional limit)
const maxTokensPerUser = 10; // Configurable limit
pipeline.scard(userFamilySetKey);
const results = await pipeline.exec();
// Check if user has too many tokens and clean up oldest ones
const cardResult = results?.[results.length - 1];
if (
cardResult &&
Array.isArray(cardResult) &&
cardResult[1] &&
typeof cardResult[1] === "number"
) {
const tokenCount = cardResult[1];
if (tokenCount > maxTokensPerUser) {
await this.cleanupExcessUserTokens(userId, maxTokensPerUser);
}
}
}
/**
* Clean up excess tokens for a user, keeping only the most recent ones
*/
private async cleanupExcessUserTokens(userId: string, maxTokens: number): Promise<void> {
try {
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${userId}`;
const familyIds = await this.redis.smembers(userFamilySetKey);
if (familyIds.length <= maxTokens) {
return;
}
// Get creation times for all families
const familiesWithTimes: Array<{ familyId: string; createdAt: Date }> = [];
for (const familyId of familyIds) {
const familyData = await this.redis.get(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
if (familyData) {
const family = this.parseRefreshTokenFamilyRecord(familyData);
if (family?.createdAt) {
familiesWithTimes.push({
familyId,
createdAt: new Date(family.createdAt),
});
}
}
}
// Sort by creation time (oldest first) and remove excess
familiesWithTimes.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
const tokensToRemove = familiesWithTimes.slice(0, familiesWithTimes.length - maxTokens);
for (const { familyId } of tokensToRemove) {
await this.invalidateTokenFamily(familyId);
await this.redis.srem(userFamilySetKey, familyId);
}
this.logger.debug("Cleaned up excess user tokens", {
userId,
removedCount: tokensToRemove.length,
remainingCount: maxTokens,
});
} catch (error) {
this.logger.error("Failed to cleanup excess user tokens", {
error: error instanceof Error ? error.message : String(error),
userId,
});
}
}
/**
* Get all active refresh token families for a user
*/
async getUserRefreshTokenFamilies(
userId: string
): Promise<
Array<{ familyId: string; deviceId?: string; userAgent?: string; createdAt?: string }>
> {
try {
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${userId}`;
const familyIds = await this.redis.smembers(userFamilySetKey);
const families: Array<{
familyId: string;
deviceId?: string;
userAgent?: string;
createdAt?: string;
}> = [];
for (const familyId of familyIds) {
const familyData = await this.redis.get(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
if (familyData) {
const family = this.parseRefreshTokenFamilyRecord(familyData);
if (family) {
families.push({
familyId,
deviceId: family.deviceId,
userAgent: family.userAgent,
createdAt: family.createdAt,
});
}
}
}
return families.sort((a, b) => {
const timeA = a.createdAt ? new Date(a.createdAt).getTime() : 0;
const timeB = b.createdAt ? new Date(b.createdAt).getTime() : 0;
return timeB - timeA; // Most recent first
});
} catch (error) {
this.logger.error("Failed to get user refresh token families", {
error: error instanceof Error ? error.message : String(error),
userId,
});
return [];
}
}
/**
* Revoke all refresh tokens for a user (optimized with per-user sets)
*/
async revokeAllUserTokens(userId: string): Promise<void> {
try {
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${userId}`;
const familyIds = await this.redis.smembers(userFamilySetKey);
if (familyIds.length === 0) {
this.logger.debug("No tokens found for user", { userId });
return;
}
const pipeline = this.redis.pipeline();
// Get all family data first to find token hashes
const familyDataPromises = familyIds.map(familyId =>
this.redis.get(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`)
);
const familyDataResults = await Promise.all(familyDataPromises);
// Delete all tokens and families
for (let i = 0; i < familyIds.length; i++) {
const familyId = familyIds[i];
const familyData = familyDataResults[i];
// Delete family record
pipeline.del(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
// Delete token record if we can parse the family data
if (familyData) {
const family = this.parseRefreshTokenFamilyRecord(familyData);
if (family?.tokenHash) {
pipeline.del(`${this.REFRESH_TOKEN_PREFIX}${family.tokenHash}`);
}
}
}
// Delete the user's token set
pipeline.del(userFamilySetKey);
await pipeline.exec();
this.logger.debug("Revoked all tokens for user", {
userId,
tokenCount: familyIds.length,
});
} catch (error) {
this.logger.error("Failed to revoke all user tokens", {
error: error instanceof Error ? error.message : String(error),
userId,
});
// Fallback to the old scan method if the optimized approach fails
await this.revokeAllUserTokensFallback(userId);
}
}
/**
* Fallback method for revoking all user tokens using scan
*/
private async revokeAllUserTokensFallback(userId: string): Promise<void> {
try {
let cursor = "0";
const pattern = `${this.REFRESH_TOKEN_FAMILY_PREFIX}*`;
@ -328,10 +576,11 @@ export class AuthTokenService {
}
} while (cursor !== "0");
this.logger.debug("Revoked all tokens for user", { userId });
this.logger.debug("Revoked all tokens for user (fallback method)", { userId });
} catch (error) {
this.logger.error("Failed to revoke all user tokens", {
this.logger.error("Failed to revoke all user tokens (fallback)", {
error: error instanceof Error ? error.message : String(error),
userId,
});
}
}
@ -341,15 +590,25 @@ export class AuthTokenService {
const familyData = await this.redis.get(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
if (familyData) {
const family = this.parseRefreshTokenFamilyRecord(familyData);
await this.redis.del(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
const pipeline = this.redis.pipeline();
pipeline.del(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
if (family) {
await this.redis.del(`${this.REFRESH_TOKEN_PREFIX}${family.tokenHash}`);
pipeline.del(`${this.REFRESH_TOKEN_PREFIX}${family.tokenHash}`);
// Remove from user's token set
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${family.userId}`;
pipeline.srem(userFamilySetKey, familyId);
await pipeline.exec();
this.logger.warn("Invalidated token family due to security concern", {
familyId: familyId.slice(0, 8),
userId: family.userId,
});
} else {
await pipeline.exec();
}
}
} catch (error) {

39
apps/bff/src/modules/auth/services/workflows/signup-workflow.service.ts
View File

@ -268,7 +268,10 @@ export class SignupWorkflowService {
);
}
const { createdUserId } = await this.prisma.$transaction(async tx => {
// Use a transaction with compensation to prevent WHMCS orphans
let createdUserId: string;
try {
const result = await this.prisma.$transaction(async tx => {
const created = await tx.user.create({
data: {
email,
@ -296,6 +299,40 @@ export class SignupWorkflowService {
return { createdUserId: created.id };
});
createdUserId = result.createdUserId;
} catch (dbError) {
// Compensation: Clean up the orphaned WHMCS client
this.logger.error("Database transaction failed, cleaning up WHMCS client", {
whmcsClientId: whmcsClient.clientId,
email,
error: getErrorMessage(dbError),
});
try {
// WHMCS doesn't have a delete client API, so we mark it for manual cleanup
// Update the client status to indicate it's orphaned
await this.whmcsService.updateClient(whmcsClient.clientId, {
status: "Inactive",
});
this.logger.warn("Marked orphaned WHMCS client for manual cleanup", {
whmcsClientId: whmcsClient.clientId,
email,
action: "marked_for_cleanup",
});
} catch (cleanupError) {
// Log but don't fail - the original error is more important
this.logger.error("Failed to mark orphaned WHMCS client for cleanup", {
whmcsClientId: whmcsClient.clientId,
email,
cleanupError: getErrorMessage(cleanupError),
recommendation: "Manual cleanup required in WHMCS admin",
});
}
throw new BadRequestException(`Failed to create user account: ${getErrorMessage(dbError)}`);
}
const freshUser = await this.usersService.findByIdInternal(createdUserId);
await this.auditService.logAuthEvent(

4
apps/bff/tsconfig.build.json
View File

@ -12,7 +12,5 @@
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist", "test", "**/*.spec.ts"],
"references": [
{ "path": "../../packages/domain" }
]
"references": [{ "path": "../../packages/domain" }]
}

7
apps/bff/tsconfig.typecheck.core-utils.json
View File

@ -11,11 +11,6 @@
"outDir": ".typecheck/core-utils",
"rootDir": "src"
},
"include": [
"src/core/utils/**/*.ts",
"src/core/utils/**/*.tsx"
],
"include": ["src/core/utils/**/*.ts", "src/core/utils/**/*.tsx"],
"exclude": ["node_modules", "dist", "test", "**/*.{spec,test}.ts", "**/*.{spec,test}.tsx"]
}

26
apps/portal/ARCHITECTURE.md
View File

@ -36,16 +36,21 @@ apps/portal/src/
## Design Principles
### 1. Feature-First Organization
Related functionality is grouped together in feature modules, making it easier to understand and maintain code.
### 2. Atomic Design
UI components are organized hierarchically:
- **Atoms**: Basic building blocks (Button, Input, etc.)
- **Molecules**: Combinations of atoms (SearchBar, DataTable, etc.)
- **Organisms**: Complex components (Layout, Header, etc.)
### 3. Separation of Concerns
Each feature module contains:
- `components/`: UI components specific to the feature
- `hooks/`: React hooks for state and operations
- `services/`: Business logic and API calls
@ -53,6 +58,7 @@ Each feature module contains:
- `utils/`: Utility functions
### 4. Centralized Shared Resources
Common utilities, types, and components are centralized in the `core/`, `shared/`, and `components/` directories.
## Feature Module Structure
@ -85,16 +91,19 @@ features/[feature-name]/
The design system is built with:
### Design Tokens
- CSS custom properties for consistent theming
- TypeScript constants for type safety
- Semantic color and spacing systems
### Component Library
- Reusable UI components following atomic design
- Consistent styling and behavior patterns
- Accessibility-first approach
### Responsive Design
- Mobile-first responsive utilities
- Consistent breakpoint system
- Container queries for component-level responsiveness
@ -102,6 +111,7 @@ The design system is built with:
## TypeScript Configuration
Enhanced TypeScript configuration with:
- Strict type checking enabled
- Path mappings for clean imports
- Enhanced error detection
@ -113,19 +123,19 @@ Enhanced TypeScript configuration with:
```typescript
// Feature imports
import { LoginForm, useAuth } from '@/features/auth';
import { LoginForm, useAuth } from "@/features/auth";
// Component imports
import { Button, Input } from '@/components/ui';
import { DataTable } from '@/components/common';
import { Button, Input } from "@/components/ui";
import { DataTable } from "@/components/common";
// Type imports
import type { User, ApiResponse } from '@/types';
import type { User, ApiResponse } from "@/types";
// Utility imports
import { QueryProvider } from '@/core/providers';
import { QueryProvider } from "@/core/providers";
// Prefer feature services/hooks over direct api usage in pages
import { logger } from '@/core/config';
import { logger } from "@/core/config";
```
### Path Mappings
@ -152,24 +162,28 @@ The migration to this new architecture will be done incrementally:
## Benefits
### Developer Experience
- Predictable code organization
- Easy to find and modify code
- Consistent patterns across features
- Better IntelliSense and type safety
### Maintainability
- Clear separation of concerns
- Reusable components and utilities
- Centralized design system
- Easier testing and debugging
### Performance
- Tree-shakeable exports
- Code splitting by feature
- Optimized bundle size
- Better caching strategies
### Scalability
- Easy to add new features
- Consistent architecture patterns
- Modular and composable design

13
apps/portal/Dockerfile
View File

@ -18,7 +18,9 @@ WORKDIR /app
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
# Copy package.json files for dependency resolution
COPY packages/shared/package.json ./packages/shared/
COPY packages/domain/package.json ./packages/domain/
COPY packages/logging/package.json ./packages/logging/
COPY packages/validation/package.json ./packages/validation/
COPY apps/portal/package.json ./apps/portal/
# Install dependencies with frozen lockfile
@ -38,7 +40,7 @@ WORKDIR /app
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
# Copy source code
COPY packages/shared/ ./packages/shared/
COPY packages/ ./packages/
COPY apps/portal/ ./apps/portal/
COPY tsconfig.json ./
@ -48,9 +50,10 @@ RUN mkdir -p /app/apps/portal/public
# Copy node_modules from deps stage
COPY --from=deps /app/node_modules ./node_modules
# Build shared package first
WORKDIR /app/packages/shared
RUN rm -f /app/packages/shared/tsconfig.tsbuildinfo && pnpm build
# Build shared workspace packages first
RUN pnpm --filter @customer-portal/domain build && \
pnpm --filter @customer-portal/logging build && \
pnpm --filter @customer-portal/validation build
# Build portal with standalone output
WORKDIR /app/apps/portal

16
apps/portal/PERFORMANCE.md
View File

@ -59,10 +59,10 @@ import { WebVitalsMonitor } from '@/components/common';
Use performance monitoring hooks:
```typescript
import { usePerformanceMonitor, useComponentLoadTime } from '@/hooks/use-performance-monitor';
import { usePerformanceMonitor, useComponentLoadTime } from "@/hooks/use-performance-monitor";
function MyComponent() {
useComponentLoadTime('MyComponent');
useComponentLoadTime("MyComponent");
const { performanceData } = usePerformanceMonitor();
// Component logic
@ -76,13 +76,13 @@ function MyComponent() {
Use optimized query hooks for better caching:
```typescript
import { useOptimizedQuery } from '@/hooks/use-optimized-query';
import { useOptimizedQuery } from "@/hooks/use-optimized-query";
// Use with data type for optimal caching
const { data } = useOptimizedQuery({
queryKey: ['invoices'],
queryKey: ["invoices"],
queryFn: fetchInvoices,
dataType: 'financial', // Shorter cache for financial data
dataType: "financial", // Shorter cache for financial data
});
```
@ -91,12 +91,12 @@ const { data } = useOptimizedQuery({
Use consistent query keys for better cache management:
```typescript
import { queryKeys } from '@/lib/query-client';
import { queryKeys } from "@/lib/query-client";
// Consistent query keys
const invoicesQuery = useQuery({
queryKey: queryKeys.billing.invoices({ status: 'unpaid' }),
queryFn: () => fetchInvoices({ status: 'unpaid' }),
queryKey: queryKeys.billing.invoices({ status: "unpaid" }),
queryFn: () => fetchInvoices({ status: "unpaid" }),
});
```

4
apps/portal/README.md
View File

@ -15,12 +15,12 @@ src/
```
Key changes:
- Merged former `core/` and `shared/` into `lib/`.
- Moved `components/providers/query-provider.tsx` to `providers/query-provider.tsx`.
- Introduced path aliases: `@/lib/*`, `@/providers/*`.
Migration tips:
- Prefer importing from `@/lib/...` going forward.
- All `@/shared/*` or `@/core/*` imports have been removed; use `@/lib/*`.

10
apps/portal/next.config.mjs
View File

@ -1,8 +1,8 @@
/* eslint-env node */
import bundleAnalyzer from '@next/bundle-analyzer';
import bundleAnalyzer from "@next/bundle-analyzer";
const withBundleAnalyzer = bundleAnalyzer({
enabled: process.env.ANALYZE === 'true',
enabled: process.env.ANALYZE === "true",
});
/** @type {import('next').NextConfig} */
@ -104,11 +104,7 @@ const nextConfig = {
// Simple bundle optimization
experimental: {
optimizePackageImports: [
'@heroicons/react',
'lucide-react',
'@tanstack/react-query',
],
optimizePackageImports: ["@heroicons/react", "lucide-react", "@tanstack/react-query"],
},
// Keep type checking enabled; monorepo paths provide types

46
apps/portal/src/components/atoms/README.md
View File

@ -5,6 +5,7 @@ This directory contains the atomic UI components for the customer portal applica
## Core Components
### Button
A versatile button component with multiple variants, sizes, and states.
```tsx
@ -27,6 +28,7 @@ import { Button } from "@/components/atoms";
```
**Props:**
- `variant`: "default" | "destructive" | "outline" | "secondary" | "ghost" | "link"
- `size`: "xs" | "sm" | "default" | "lg" | "xl"
- `loading`: boolean
@ -35,6 +37,7 @@ import { Button } from "@/components/atoms";
- `as`: "button" | "a" (for polymorphic behavior)
### Input
Enhanced input component with validation states and accessibility features.
```tsx
@ -59,6 +62,7 @@ import { Input } from "@/components/atoms";
```
**Props:**
- `variant`: "default" | "error" | "success" | "warning"
- `size`: "sm" | "default" | "lg"
- `leftIcon`, `rightIcon`: React.ReactNode
@ -68,6 +72,7 @@ import { Input } from "@/components/atoms";
- `required`: boolean
### FormField
Combines Label, Input, and ErrorMessage for complete form fields.
```tsx
@ -79,21 +84,25 @@ import { FormField } from "@/components/molecules";
required
error={errors.email}
helperText="We'll never share your email"
/>
/>;
```
### Label
Accessible label component with required field indicators.
```tsx
import { Label } from "@/components/atoms";
<Label htmlFor="email" required>Email Address</Label>
<Label htmlFor="email" required>
Email Address
</Label>;
```
## Status & Feedback Components
### StatusPill
Displays status information with consistent styling.
```tsx
@ -105,12 +114,14 @@ import { StatusPill } from "@/components/ui";
```
**Props:**
- `variant`: "success" | "warning" | "info" | "error" | "neutral" | "primary" | "secondary"
- `size`: "sm" | "default" | "lg"
- `dot`: boolean
- `icon`: React.ReactNode
### Badge
General-purpose badge component for labels and status indicators.
```tsx
@ -122,6 +133,7 @@ import { Badge } from "@/components/ui";
```
**Props:**
- `variant`: "default" | "secondary" | "success" | "warning" | "error" | "info" | "outline" | "ghost"
- `size`: "sm" | "default" | "lg"
- `dot`: boolean
@ -130,6 +142,7 @@ import { Badge } from "@/components/ui";
- `onRemove`: () => void
### LoadingSpinner
Accessible loading spinner with multiple sizes and variants.
```tsx
@ -140,11 +153,13 @@ import { LoadingSpinner, CenteredLoadingSpinner } from "@/components/ui";
```
**Props:**
- `size`: "xs" | "sm" | "default" | "lg" | "xl"
- `variant`: "default" | "white" | "gray" | "current"
- `label`: string (for accessibility)
### ErrorState
Displays error states with optional retry functionality.
```tsx
@ -160,12 +175,14 @@ import { ErrorState, NetworkErrorState } from "@/components/ui";
```
**Props:**
- `title`: string
- `message`: string
- `onRetry`: () => void
- `variant`: "page" | "card" | "inline"
### EmptyState
Displays empty states with optional actions.
```tsx
@ -192,21 +209,14 @@ import { useZodForm } from "@/core/forms";
import { loginFormSchema, type LoginFormData } from "@customer-portal/domain";
function MyForm() {
const {
values,
errors,
touched,
isSubmitting,
setValue,
setTouchedField,
handleSubmit,
} = useZodForm({
const { values, errors, touched, isSubmitting, setValue, setTouchedField, handleSubmit } =
useZodForm({
schema: loginFormSchema,
initialValues: {
email: "",
password: "",
},
onSubmit: async (data) => {
onSubmit: async data => {
// Handle form submission
await submitLogin(data);
},
@ -217,7 +227,7 @@ function MyForm() {
<FormField error={touched.email ? errors.email : undefined}>
<Input
value={values.email}
onChange={(e) => setValue("email", e.target.value)}
onChange={e => setValue("email", e.target.value)}
onBlur={() => setTouchedField("email")}
/>
</FormField>
@ -230,6 +240,7 @@ function MyForm() {
```
**Available Zod schemas in `@customer-portal/domain`:**
- `loginFormSchema` - Login form validation
- `signupFormSchema` - User registration
- `profileEditFormSchema` - Profile updates
@ -239,24 +250,28 @@ function MyForm() {
## Design Principles
### Accessibility
- All components include proper ARIA attributes
- Focus management and keyboard navigation
- Screen reader support with semantic HTML
- Color contrast compliance
### Consistency
- Unified design tokens through CSS variables
- Consistent spacing and typography
- Standardized color palette
- Predictable component APIs
### Flexibility
- Polymorphic components (Button as link/button)
- Composable architecture
- Customizable through className prop
- Variant-based styling with class-variance-authority
### Performance
- Tree-shakeable exports
- Minimal bundle impact
- Efficient re-renders with forwardRef
@ -265,21 +280,25 @@ function MyForm() {
## Usage Guidelines
1. **Import from the index file** for better tree-shaking:
```tsx
import { Button, Input, StatusPill } from "@/components/ui";
```
2. **Use semantic variants** that match the intent:
```tsx
<Button variant="destructive">Delete</Button> // Not variant="red"
```
3. **Provide accessibility labels** for interactive elements:
```tsx
<Button aria-label="Close dialog">×</Button>
```
4. **Combine components** for complex UI patterns:
```tsx
<FormField
label="Search"
@ -300,6 +319,7 @@ function MyForm() {
## Contributing
When adding new components:
1. Follow the existing patterns and conventions
2. Include proper TypeScript types
3. Add accessibility features

24
apps/portal/src/features/auth/README.md
View File

@ -26,18 +26,21 @@ features/auth/
## Features
### ✅ Consolidated State Management
- Centralized Zustand store with persistence
- Automatic session timeout detection
- Token refresh logic
- Consistent error handling
### ✅ Reusable Form Components
- LoginForm with validation and error handling
- Multi-step SignupForm with progress indication
- PasswordResetForm for both request and reset modes
- SetPasswordForm for WHMCS account linking
### ✅ Authentication Hooks
- `useAuth()` - Main authentication hook
- `useLogin()` - Login-specific functionality
- `useSignup()` - Signup-specific functionality
@ -48,6 +51,7 @@ features/auth/
- `usePermissions()` - Role and permission checking
### ✅ Route Protection
- `AuthGuard` - General authentication guard
- `ProtectedRoute` - Wrapper for protected routes
- `PublicRoute` - Wrapper for public routes
@ -55,6 +59,7 @@ features/auth/
- `PermissionGuard` - Permission-based access control
### ✅ Session Management
- Automatic token validation
- Session timeout detection
- Periodic session refresh
@ -65,13 +70,13 @@ features/auth/
### Basic Authentication
```tsx
import { useAuth } from '@/features/auth';
import { useAuth } from "@/features/auth";
function MyComponent() {
const { isAuthenticated, user, login, logout } = useAuth();
if (!isAuthenticated) {
return <LoginForm onSuccess={() => console.log('Logged in!')} />;
return <LoginForm onSuccess={() => console.log("Logged in!")} />;
}
return (
@ -86,12 +91,12 @@ function MyComponent() {
### Route Protection
```tsx
import { ProtectedRoute, RoleGuard } from '@/features/auth';
import { ProtectedRoute, RoleGuard } from "@/features/auth";
function AdminPage() {
return (
<ProtectedRoute>
<RoleGuard roles={['admin']}>
<RoleGuard roles={["admin"]}>
<AdminContent />
</RoleGuard>
</ProtectedRoute>
@ -102,20 +107,17 @@ function AdminPage() {
### Form Components
```tsx
import { LoginForm, SignupForm } from '@/features/auth';
import { LoginForm, SignupForm } from "@/features/auth";
function AuthPage() {
return (
<div>
<LoginForm
onSuccess={() => router.push('/dashboard')}
onError={(error) => toast.error(error)}
onSuccess={() => router.push("/dashboard")}
onError={error => toast.error(error)}
/>
<SignupForm
onSuccess={() => router.push('/dashboard')}
showLoginLink={true}
/>
<SignupForm onSuccess={() => router.push("/dashboard")} showLoginLink={true} />
</div>
);
}

11
apps/portal/src/features/auth/components/LoginForm/LoginForm.tsx
View File

@ -53,15 +53,8 @@ export function LoginForm({
[login, onSuccess, onError, clearError]
);
const {
values,
errors,
touched,
isSubmitting,
setValue,
setTouchedField,
handleSubmit,
} = useZodForm<LoginFormValues>({
const { values, errors, touched, isSubmitting, setValue, setTouchedField, handleSubmit } =
useZodForm<LoginFormValues>({
schema: loginSchema,
initialValues: {
email: "",

11
apps/portal/src/features/auth/components/SignupForm/SignupForm.tsx
View File

@ -9,7 +9,11 @@ import { useState, useCallback, useMemo } from "react";
import Link from "next/link";
import { ErrorMessage } from "@/components/atoms";
import { useSignup } from "../../hooks/use-auth";
import { signupFormSchema, signupFormToRequest, type SignupRequestInput } from "@customer-portal/domain";
import {
signupFormSchema,
signupFormToRequest,
type SignupRequestInput,
} from "@customer-portal/domain";
import { useZodForm } from "@customer-portal/validation";
import { z } from "zod";
@ -55,10 +59,7 @@ export function SignupForm({
const [currentStepIndex, setCurrentStepIndex] = useState(0);
const handleSignup = useCallback(
async ({
confirmPassword: _confirm,
...formData
}: SignupFormValues) => {
async ({ confirmPassword: _confirm, ...formData }: SignupFormValues) => {
clearError();
try {
const request: SignupRequestInput = signupFormToRequest(formData);

7
apps/portal/src/features/auth/services/auth.store.ts
View File

@ -245,9 +245,10 @@ export const useAuthStore = create<AuthState>()((set, get) => {
refreshUser: async () => {
try {
const response = await apiClient.GET<{ isAuthenticated?: boolean; user?: AuthenticatedUser }>(
"/auth/me"
);
const response = await apiClient.GET<{
isAuthenticated?: boolean;
user?: AuthenticatedUser;
}>("/auth/me");
const data = getNullableData(response);
if (data?.isAuthenticated && data.user) {
set({

4
apps/portal/src/features/catalog/components/internet/configure/steps/ServiceConfigurationStep.tsx
View File

@ -46,8 +46,8 @@ export function ServiceConfigurationStep({ plan, mode, setMode, isTransitioning,
from our tech team for details.
</p>
<p className="text-xs mt-2">
* Will appear on the invoice as &quot;Platinum Base Plan&quot;. Device subscriptions will be
added later.
* Will appear on the invoice as &quot;Platinum Base Plan&quot;. Device subscriptions
will be added later.
</p>
</AlertBanner>
)}

6
apps/portal/src/features/catalog/hooks/useSimConfigure.ts
View File

@ -177,7 +177,8 @@ export function useSimConfigure(planId?: string): UseSimConfigureResult {
if (!addon) return;
const billingType =
("billingType" in addon && typeof (addon as { billingType?: string }).billingType === "string"
("billingType" in addon &&
typeof (addon as { billingType?: string }).billingType === "string"
? (addon as { billingType?: string }).billingType
: addon.billingCycle) ?? "";
const normalizedBilling = billingType.toLowerCase();
@ -202,7 +203,8 @@ export function useSimConfigure(planId?: string): UseSimConfigureResult {
return (rawSimType ?? fee.simPlanType) === values.simType;
});
if (activationFee) {
oneTime += activationFee.oneTimePrice ?? activationFee.unitPrice ?? activationFee.monthlyPrice ?? 0;
oneTime +=
activationFee.oneTimePrice ?? activationFee.unitPrice ?? activationFee.monthlyPrice ?? 0;
}
}

4
apps/portal/src/features/catalog/services/catalog.service.ts
View File

@ -39,9 +39,7 @@ export const catalogService = {
installations: InternetInstallationCatalogItem[];
addons: InternetAddonCatalogItem[];
}> {
const response = await apiClient.GET<typeof defaultInternetCatalog>(
"/catalog/internet/plans"
);
const response = await apiClient.GET<typeof defaultInternetCatalog>("/catalog/internet/plans");
return getDataOrDefault<typeof defaultInternetCatalog>(response, defaultInternetCatalog);
},

3
apps/portal/src/lib/utils/error-handling.ts
View File

@ -216,8 +216,7 @@ function deriveInfoFromPayload(payload: unknown, status?: number): ApiErrorInfo
) {
const payloadWithMessage = payload as { code?: unknown; message: string };
const candidateCode = payloadWithMessage.code;
const code =
typeof candidateCode === "string" ? candidateCode : httpStatusCodeToLabel(status);
const code = typeof candidateCode === "string" ? candidateCode : httpStatusCodeToLabel(status);
return {
code,

468
apps/portal/src/styles/responsive.css
View File

@ -15,101 +15,269 @@
/* ===== RESPONSIVE CONTAINER QUERIES ===== */
@container (min-width: 320px) {
.cp-container-xs\:block { display: block; }
.cp-container-xs\:flex { display: flex; }
.cp-container-xs\:grid { display: grid; }
.cp-container-xs\:block {
display: block;
}
.cp-container-xs\:flex {
display: flex;
}
.cp-container-xs\:grid {
display: grid;
}
}
@container (min-width: 480px) {
.cp-container-sm\:block { display: block; }
.cp-container-sm\:flex { display: flex; }
.cp-container-sm\:grid { display: grid; }
.cp-container-sm\:block {
display: block;
}
.cp-container-sm\:flex {
display: flex;
}
.cp-container-sm\:grid {
display: grid;
}
}
@container (min-width: 768px) {
.cp-container-md\:block { display: block; }
.cp-container-md\:flex { display: flex; }
.cp-container-md\:grid { display: grid; }
.cp-container-md\:block {
display: block;
}
.cp-container-md\:flex {
display: flex;
}
.cp-container-md\:grid {
display: grid;
}
}
/* ===== RESPONSIVE SPACING ===== */
@media (min-width: 640px) {
.cp-sm\:stack > * + * { margin-top: var(--cp-space-4); }
.cp-sm\:stack-xs > * + * { margin-top: var(--cp-space-1); }
.cp-sm\:stack-sm > * + * { margin-top: var(--cp-space-2); }
.cp-sm\:stack-md > * + * { margin-top: var(--cp-space-3); }
.cp-sm\:stack-lg > * + * { margin-top: var(--cp-space-4); }
.cp-sm\:stack-xl > * + * { margin-top: var(--cp-space-6); }
.cp-sm\:stack > * + * {
margin-top: var(--cp-space-4);
}
.cp-sm\:stack-xs > * + * {
margin-top: var(--cp-space-1);
}
.cp-sm\:stack-sm > * + * {
margin-top: var(--cp-space-2);
}
.cp-sm\:stack-md > * + * {
margin-top: var(--cp-space-3);
}
.cp-sm\:stack-lg > * + * {
margin-top: var(--cp-space-4);
}
.cp-sm\:stack-xl > * + * {
margin-top: var(--cp-space-6);
}
.cp-sm\:inline { display: flex; align-items: center; gap: var(--cp-space-4); }
.cp-sm\:inline-xs { display: flex; align-items: center; gap: var(--cp-space-1); }
.cp-sm\:inline-sm { display: flex; align-items: center; gap: var(--cp-space-2); }
.cp-sm\:inline-md { display: flex; align-items: center; gap: var(--cp-space-3); }
.cp-sm\:inline-lg { display: flex; align-items: center; gap: var(--cp-space-4); }
.cp-sm\:inline-xl { display: flex; align-items: center; gap: var(--cp-space-6); }
.cp-sm\:inline {
display: flex;
align-items: center;
gap: var(--cp-space-4);
}
.cp-sm\:inline-xs {
display: flex;
align-items: center;
gap: var(--cp-space-1);
}
.cp-sm\:inline-sm {
display: flex;
align-items: center;
gap: var(--cp-space-2);
}
.cp-sm\:inline-md {
display: flex;
align-items: center;
gap: var(--cp-space-3);
}
.cp-sm\:inline-lg {
display: flex;
align-items: center;
gap: var(--cp-space-4);
}
.cp-sm\:inline-xl {
display: flex;
align-items: center;
gap: var(--cp-space-6);
}
}
@media (min-width: 768px) {
.cp-md\:stack > * + * { margin-top: var(--cp-space-4); }
.cp-md\:stack-xs > * + * { margin-top: var(--cp-space-1); }
.cp-md\:stack-sm > * + * { margin-top: var(--cp-space-2); }
.cp-md\:stack-md > * + * { margin-top: var(--cp-space-3); }
.cp-md\:stack-lg > * + * { margin-top: var(--cp-space-4); }
.cp-md\:stack-xl > * + * { margin-top: var(--cp-space-6); }
.cp-md\:stack > * + * {
margin-top: var(--cp-space-4);
}
.cp-md\:stack-xs > * + * {
margin-top: var(--cp-space-1);
}
.cp-md\:stack-sm > * + * {
margin-top: var(--cp-space-2);
}
.cp-md\:stack-md > * + * {
margin-top: var(--cp-space-3);
}
.cp-md\:stack-lg > * + * {
margin-top: var(--cp-space-4);
}
.cp-md\:stack-xl > * + * {
margin-top: var(--cp-space-6);
}
.cp-md\:inline { display: flex; align-items: center; gap: var(--cp-space-4); }
.cp-md\:inline-xs { display: flex; align-items: center; gap: var(--cp-space-1); }
.cp-md\:inline-sm { display: flex; align-items: center; gap: var(--cp-space-2); }
.cp-md\:inline-md { display: flex; align-items: center; gap: var(--cp-space-3); }
.cp-md\:inline-lg { display: flex; align-items: center; gap: var(--cp-space-4); }
.cp-md\:inline-xl { display: flex; align-items: center; gap: var(--cp-space-6); }
.cp-md\:inline {
display: flex;
align-items: center;
gap: var(--cp-space-4);
}
.cp-md\:inline-xs {
display: flex;
align-items: center;
gap: var(--cp-space-1);
}
.cp-md\:inline-sm {
display: flex;
align-items: center;
gap: var(--cp-space-2);
}
.cp-md\:inline-md {
display: flex;
align-items: center;
gap: var(--cp-space-3);
}
.cp-md\:inline-lg {
display: flex;
align-items: center;
gap: var(--cp-space-4);
}
.cp-md\:inline-xl {
display: flex;
align-items: center;
gap: var(--cp-space-6);
}
}
@media (min-width: 1024px) {
.cp-lg\:stack > * + * { margin-top: var(--cp-space-4); }
.cp-lg\:stack-xs > * + * { margin-top: var(--cp-space-1); }
.cp-lg\:stack-sm > * + * { margin-top: var(--cp-space-2); }
.cp-lg\:stack-md > * + * { margin-top: var(--cp-space-3); }
.cp-lg\:stack-lg > * + * { margin-top: var(--cp-space-4); }
.cp-lg\:stack-xl > * + * { margin-top: var(--cp-space-6); }
.cp-lg\:stack > * + * {
margin-top: var(--cp-space-4);
}
.cp-lg\:stack-xs > * + * {
margin-top: var(--cp-space-1);
}
.cp-lg\:stack-sm > * + * {
margin-top: var(--cp-space-2);
}
.cp-lg\:stack-md > * + * {
margin-top: var(--cp-space-3);
}
.cp-lg\:stack-lg > * + * {
margin-top: var(--cp-space-4);
}
.cp-lg\:stack-xl > * + * {
margin-top: var(--cp-space-6);
}
.cp-lg\:inline { display: flex; align-items: center; gap: var(--cp-space-4); }
.cp-lg\:inline-xs { display: flex; align-items: center; gap: var(--cp-space-1); }
.cp-lg\:inline-sm { display: flex; align-items: center; gap: var(--cp-space-2); }
.cp-lg\:inline-md { display: flex; align-items: center; gap: var(--cp-space-3); }
.cp-lg\:inline-lg { display: flex; align-items: center; gap: var(--cp-space-4); }
.cp-lg\:inline-xl { display: flex; align-items: center; gap: var(--cp-space-6); }
.cp-lg\:inline {
display: flex;
align-items: center;
gap: var(--cp-space-4);
}
.cp-lg\:inline-xs {
display: flex;
align-items: center;
gap: var(--cp-space-1);
}
.cp-lg\:inline-sm {
display: flex;
align-items: center;
gap: var(--cp-space-2);
}
.cp-lg\:inline-md {
display: flex;
align-items: center;
gap: var(--cp-space-3);
}
.cp-lg\:inline-lg {
display: flex;
align-items: center;
gap: var(--cp-space-4);
}
.cp-lg\:inline-xl {
display: flex;
align-items: center;
gap: var(--cp-space-6);
}
}
/* ===== RESPONSIVE TYPOGRAPHY ===== */
@media (min-width: 640px) {
.cp-sm\:text-xs { font-size: var(--cp-text-xs); }
.cp-sm\:text-sm { font-size: var(--cp-text-sm); }
.cp-sm\:text-base { font-size: var(--cp-text-base); }
.cp-sm\:text-lg { font-size: var(--cp-text-lg); }
.cp-sm\:text-xl { font-size: var(--cp-text-xl); }
.cp-sm\:text-2xl { font-size: var(--cp-text-2xl); }
.cp-sm\:text-3xl { font-size: var(--cp-text-3xl); }
.cp-sm\:text-xs {
font-size: var(--cp-text-xs);
}
.cp-sm\:text-sm {
font-size: var(--cp-text-sm);
}
.cp-sm\:text-base {
font-size: var(--cp-text-base);
}
.cp-sm\:text-lg {
font-size: var(--cp-text-lg);
}
.cp-sm\:text-xl {
font-size: var(--cp-text-xl);
}
.cp-sm\:text-2xl {
font-size: var(--cp-text-2xl);
}
.cp-sm\:text-3xl {
font-size: var(--cp-text-3xl);
}
}
@media (min-width: 768px) {
.cp-md\:text-xs { font-size: var(--cp-text-xs); }
.cp-md\:text-sm { font-size: var(--cp-text-sm); }
.cp-md\:text-base { font-size: var(--cp-text-base); }
.cp-md\:text-lg { font-size: var(--cp-text-lg); }
.cp-md\:text-xl { font-size: var(--cp-text-xl); }
.cp-md\:text-2xl { font-size: var(--cp-text-2xl); }
.cp-md\:text-3xl { font-size: var(--cp-text-3xl); }
.cp-md\:text-xs {
font-size: var(--cp-text-xs);
}
.cp-md\:text-sm {
font-size: var(--cp-text-sm);
}
.cp-md\:text-base {
font-size: var(--cp-text-base);
}
.cp-md\:text-lg {
font-size: var(--cp-text-lg);
}
.cp-md\:text-xl {
font-size: var(--cp-text-xl);
}
.cp-md\:text-2xl {
font-size: var(--cp-text-2xl);
}
.cp-md\:text-3xl {
font-size: var(--cp-text-3xl);
}
}
@media (min-width: 1024px) {
.cp-lg\:text-xs { font-size: var(--cp-text-xs); }
.cp-lg\:text-sm { font-size: var(--cp-text-sm); }
.cp-lg\:text-base { font-size: var(--cp-text-base); }
.cp-lg\:text-lg { font-size: var(--cp-text-lg); }
.cp-lg\:text-xl { font-size: var(--cp-text-xl); }
.cp-lg\:text-2xl { font-size: var(--cp-text-2xl); }
.cp-lg\:text-3xl { font-size: var(--cp-text-3xl); }
.cp-lg\:text-xs {
font-size: var(--cp-text-xs);
}
.cp-lg\:text-sm {
font-size: var(--cp-text-sm);
}
.cp-lg\:text-base {
font-size: var(--cp-text-base);
}
.cp-lg\:text-lg {
font-size: var(--cp-text-lg);
}
.cp-lg\:text-xl {
font-size: var(--cp-text-xl);
}
.cp-lg\:text-2xl {
font-size: var(--cp-text-2xl);
}
.cp-lg\:text-3xl {
font-size: var(--cp-text-3xl);
}
}
/* ===== RESPONSIVE LAYOUT PATTERNS ===== */
@ -231,64 +399,148 @@
/* ===== RESPONSIVE UTILITIES ===== */
/* Responsive padding */
@media (min-width: 640px) {
.cp-sm\:p-0 { padding: 0; }
.cp-sm\:p-1 { padding: var(--cp-space-1); }
.cp-sm\:p-2 { padding: var(--cp-space-2); }
.cp-sm\:p-3 { padding: var(--cp-space-3); }
.cp-sm\:p-4 { padding: var(--cp-space-4); }
.cp-sm\:p-6 { padding: var(--cp-space-6); }
.cp-sm\:p-8 { padding: var(--cp-space-8); }
.cp-sm\:p-0 {
padding: 0;
}
.cp-sm\:p-1 {
padding: var(--cp-space-1);
}
.cp-sm\:p-2 {
padding: var(--cp-space-2);
}
.cp-sm\:p-3 {
padding: var(--cp-space-3);
}
.cp-sm\:p-4 {
padding: var(--cp-space-4);
}
.cp-sm\:p-6 {
padding: var(--cp-space-6);
}
.cp-sm\:p-8 {
padding: var(--cp-space-8);
}
}
@media (min-width: 768px) {
.cp-md\:p-0 { padding: 0; }
.cp-md\:p-1 { padding: var(--cp-space-1); }
.cp-md\:p-2 { padding: var(--cp-space-2); }
.cp-md\:p-3 { padding: var(--cp-space-3); }
.cp-md\:p-4 { padding: var(--cp-space-4); }
.cp-md\:p-6 { padding: var(--cp-space-6); }
.cp-md\:p-8 { padding: var(--cp-space-8); }
.cp-md\:p-0 {
padding: 0;
}
.cp-md\:p-1 {
padding: var(--cp-space-1);
}
.cp-md\:p-2 {
padding: var(--cp-space-2);
}
.cp-md\:p-3 {
padding: var(--cp-space-3);
}
.cp-md\:p-4 {
padding: var(--cp-space-4);
}
.cp-md\:p-6 {
padding: var(--cp-space-6);
}
.cp-md\:p-8 {
padding: var(--cp-space-8);
}
}
@media (min-width: 1024px) {
.cp-lg\:p-0 { padding: 0; }
.cp-lg\:p-1 { padding: var(--cp-space-1); }
.cp-lg\:p-2 { padding: var(--cp-space-2); }
.cp-lg\:p-3 { padding: var(--cp-space-3); }
.cp-lg\:p-4 { padding: var(--cp-space-4); }
.cp-lg\:p-6 { padding: var(--cp-space-6); }
.cp-lg\:p-8 { padding: var(--cp-space-8); }
.cp-lg\:p-0 {
padding: 0;
}
.cp-lg\:p-1 {
padding: var(--cp-space-1);
}
.cp-lg\:p-2 {
padding: var(--cp-space-2);
}
.cp-lg\:p-3 {
padding: var(--cp-space-3);
}
.cp-lg\:p-4 {
padding: var(--cp-space-4);
}
.cp-lg\:p-6 {
padding: var(--cp-space-6);
}
.cp-lg\:p-8 {
padding: var(--cp-space-8);
}
}
/* Responsive margin */
@media (min-width: 640px) {
.cp-sm\:m-0 { margin: 0; }
.cp-sm\:m-1 { margin: var(--cp-space-1); }
.cp-sm\:m-2 { margin: var(--cp-space-2); }
.cp-sm\:m-3 { margin: var(--cp-space-3); }
.cp-sm\:m-4 { margin: var(--cp-space-4); }
.cp-sm\:m-6 { margin: var(--cp-space-6); }
.cp-sm\:m-8 { margin: var(--cp-space-8); }
.cp-sm\:m-0 {
margin: 0;
}
.cp-sm\:m-1 {
margin: var(--cp-space-1);
}
.cp-sm\:m-2 {
margin: var(--cp-space-2);
}
.cp-sm\:m-3 {
margin: var(--cp-space-3);
}
.cp-sm\:m-4 {
margin: var(--cp-space-4);
}
.cp-sm\:m-6 {
margin: var(--cp-space-6);
}
.cp-sm\:m-8 {
margin: var(--cp-space-8);
}
}
@media (min-width: 768px) {
.cp-md\:m-0 { margin: 0; }
.cp-md\:m-1 { margin: var(--cp-space-1); }
.cp-md\:m-2 { margin: var(--cp-space-2); }
.cp-md\:m-3 { margin: var(--cp-space-3); }
.cp-md\:m-4 { margin: var(--cp-space-4); }
.cp-md\:m-6 { margin: var(--cp-space-6); }
.cp-md\:m-8 { margin: var(--cp-space-8); }
.cp-md\:m-0 {
margin: 0;
}
.cp-md\:m-1 {
margin: var(--cp-space-1);
}
.cp-md\:m-2 {
margin: var(--cp-space-2);
}
.cp-md\:m-3 {
margin: var(--cp-space-3);
}
.cp-md\:m-4 {
margin: var(--cp-space-4);
}
.cp-md\:m-6 {
margin: var(--cp-space-6);
}
.cp-md\:m-8 {
margin: var(--cp-space-8);
}
}
@media (min-width: 1024px) {
.cp-lg\:m-0 { margin: 0; }
.cp-lg\:m-1 { margin: var(--cp-space-1); }
.cp-lg\:m-2 { margin: var(--cp-space-2); }
.cp-lg\:m-3 { margin: var(--cp-space-3); }
.cp-lg\:m-4 { margin: var(--cp-space-4); }
.cp-lg\:m-6 { margin: var(--cp-space-6); }
.cp-lg\:m-8 { margin: var(--cp-space-8); }
.cp-lg\:m-0 {
margin: 0;
}
.cp-lg\:m-1 {
margin: var(--cp-space-1);
}
.cp-lg\:m-2 {
margin: var(--cp-space-2);
}
.cp-lg\:m-3 {
margin: var(--cp-space-3);
}
.cp-lg\:m-4 {
margin: var(--cp-space-4);
}
.cp-lg\:m-6 {
margin: var(--cp-space-6);
}
.cp-lg\:m-8 {
margin: var(--cp-space-8);
}
}
/* ===== PRINT STYLES ===== */

269
apps/portal/src/styles/utilities.css
View File

@ -167,32 +167,68 @@
}
/* Responsive grid columns */
.cp-grid-cols-1 { grid-template-columns: repeat(1, minmax(0, 1fr)); }
.cp-grid-cols-2 { grid-template-columns: repeat(2, minmax(0, 1fr)); }
.cp-grid-cols-3 { grid-template-columns: repeat(3, minmax(0, 1fr)); }
.cp-grid-cols-4 { grid-template-columns: repeat(4, minmax(0, 1fr)); }
.cp-grid-cols-5 { grid-template-columns: repeat(5, minmax(0, 1fr)); }
.cp-grid-cols-6 { grid-template-columns: repeat(6, minmax(0, 1fr)); }
.cp-grid-cols-1 {
grid-template-columns: repeat(1, minmax(0, 1fr));
}
.cp-grid-cols-2 {
grid-template-columns: repeat(2, minmax(0, 1fr));
}
.cp-grid-cols-3 {
grid-template-columns: repeat(3, minmax(0, 1fr));
}
.cp-grid-cols-4 {
grid-template-columns: repeat(4, minmax(0, 1fr));
}
.cp-grid-cols-5 {
grid-template-columns: repeat(5, minmax(0, 1fr));
}
.cp-grid-cols-6 {
grid-template-columns: repeat(6, minmax(0, 1fr));
}
@media (min-width: 640px) {
.cp-sm\:grid-cols-1 { grid-template-columns: repeat(1, minmax(0, 1fr)); }
.cp-sm\:grid-cols-2 { grid-template-columns: repeat(2, minmax(0, 1fr)); }
.cp-sm\:grid-cols-3 { grid-template-columns: repeat(3, minmax(0, 1fr)); }
.cp-sm\:grid-cols-4 { grid-template-columns: repeat(4, minmax(0, 1fr)); }
.cp-sm\:grid-cols-1 {
grid-template-columns: repeat(1, minmax(0, 1fr));
}
.cp-sm\:grid-cols-2 {
grid-template-columns: repeat(2, minmax(0, 1fr));
}
.cp-sm\:grid-cols-3 {
grid-template-columns: repeat(3, minmax(0, 1fr));
}
.cp-sm\:grid-cols-4 {
grid-template-columns: repeat(4, minmax(0, 1fr));
}
}
@media (min-width: 768px) {
.cp-md\:grid-cols-1 { grid-template-columns: repeat(1, minmax(0, 1fr)); }
.cp-md\:grid-cols-2 { grid-template-columns: repeat(2, minmax(0, 1fr)); }
.cp-md\:grid-cols-3 { grid-template-columns: repeat(3, minmax(0, 1fr)); }
.cp-md\:grid-cols-4 { grid-template-columns: repeat(4, minmax(0, 1fr)); }
.cp-md\:grid-cols-1 {
grid-template-columns: repeat(1, minmax(0, 1fr));
}
.cp-md\:grid-cols-2 {
grid-template-columns: repeat(2, minmax(0, 1fr));
}
.cp-md\:grid-cols-3 {
grid-template-columns: repeat(3, minmax(0, 1fr));
}
.cp-md\:grid-cols-4 {
grid-template-columns: repeat(4, minmax(0, 1fr));
}
}
@media (min-width: 1024px) {
.cp-lg\:grid-cols-1 { grid-template-columns: repeat(1, minmax(0, 1fr)); }
.cp-lg\:grid-cols-2 { grid-template-columns: repeat(2, minmax(0, 1fr)); }
.cp-lg\:grid-cols-3 { grid-template-columns: repeat(3, minmax(0, 1fr)); }
.cp-lg\:grid-cols-4 { grid-template-columns: repeat(4, minmax(0, 1fr)); }
.cp-lg\:grid-cols-1 {
grid-template-columns: repeat(1, minmax(0, 1fr));
}
.cp-lg\:grid-cols-2 {
grid-template-columns: repeat(2, minmax(0, 1fr));
}
.cp-lg\:grid-cols-3 {
grid-template-columns: repeat(3, minmax(0, 1fr));
}
.cp-lg\:grid-cols-4 {
grid-template-columns: repeat(4, minmax(0, 1fr));
}
}
/* ===== COMPONENT UTILITIES ===== */
@ -271,18 +307,13 @@
}
.cp-skeleton::after {
content: '';
content: "";
position: absolute;
top: 0;
right: 0;
bottom: 0;
left: 0;
background: linear-gradient(
90deg,
transparent,
var(--cp-skeleton-shimmer),
transparent
);
background: linear-gradient(90deg, transparent, var(--cp-skeleton-shimmer), transparent);
animation: cp-skeleton-shimmer 2s infinite;
}
@ -308,7 +339,9 @@
/* ===== ANIMATION UTILITIES ===== */
.cp-transition {
transition-property: color, background-color, border-color, text-decoration-color, fill, stroke, opacity, box-shadow, transform, filter, backdrop-filter;
transition-property:
color, background-color, border-color, text-decoration-color, fill, stroke, opacity, box-shadow,
transform, filter, backdrop-filter;
transition-timing-function: var(--cp-ease-in-out);
transition-duration: var(--cp-duration-150);
}
@ -337,66 +370,158 @@
/* ===== RESPONSIVE UTILITIES ===== */
/* Hide/show at different breakpoints */
.cp-hidden { display: none; }
.cp-block { display: block; }
.cp-inline { display: inline; }
.cp-inline-block { display: inline-block; }
.cp-flex { display: flex; }
.cp-inline-flex { display: inline-flex; }
.cp-grid { display: grid; }
.cp-hidden {
display: none;
}
.cp-block {
display: block;
}
.cp-inline {
display: inline;
}
.cp-inline-block {
display: inline-block;
}
.cp-flex {
display: flex;
}
.cp-inline-flex {
display: inline-flex;
}
.cp-grid {
display: grid;
}
@media (min-width: 640px) {
.cp-sm\:hidden { display: none; }
.cp-sm\:block { display: block; }
.cp-sm\:inline { display: inline; }
.cp-sm\:inline-block { display: inline-block; }
.cp-sm\:flex { display: flex; }
.cp-sm\:inline-flex { display: inline-flex; }
.cp-sm\:grid { display: grid; }
.cp-sm\:hidden {
display: none;
}
.cp-sm\:block {
display: block;
}
.cp-sm\:inline {
display: inline;
}
.cp-sm\:inline-block {
display: inline-block;
}
.cp-sm\:flex {
display: flex;
}
.cp-sm\:inline-flex {
display: inline-flex;
}
.cp-sm\:grid {
display: grid;
}
}
@media (min-width: 768px) {
.cp-md\:hidden { display: none; }
.cp-md\:block { display: block; }
.cp-md\:inline { display: inline; }
.cp-md\:inline-block { display: inline-block; }
.cp-md\:flex { display: flex; }
.cp-md\:inline-flex { display: inline-flex; }
.cp-md\:grid { display: grid; }
.cp-md\:hidden {
display: none;
}
.cp-md\:block {
display: block;
}
.cp-md\:inline {
display: inline;
}
.cp-md\:inline-block {
display: inline-block;
}
.cp-md\:flex {
display: flex;
}
.cp-md\:inline-flex {
display: inline-flex;
}
.cp-md\:grid {
display: grid;
}
}
@media (min-width: 1024px) {
.cp-lg\:hidden { display: none; }
.cp-lg\:block { display: block; }
.cp-lg\:inline { display: inline; }
.cp-lg\:inline-block { display: inline-block; }
.cp-lg\:flex { display: flex; }
.cp-lg\:inline-flex { display: inline-flex; }
.cp-lg\:grid { display: grid; }
.cp-lg\:hidden {
display: none;
}
.cp-lg\:block {
display: block;
}
.cp-lg\:inline {
display: inline;
}
.cp-lg\:inline-block {
display: inline-block;
}
.cp-lg\:flex {
display: flex;
}
.cp-lg\:inline-flex {
display: inline-flex;
}
.cp-lg\:grid {
display: grid;
}
}
/* ===== TEXT UTILITIES ===== */
.cp-text-xs { font-size: var(--cp-text-xs); }
.cp-text-sm { font-size: var(--cp-text-sm); }
.cp-text-base { font-size: var(--cp-text-base); }
.cp-text-lg { font-size: var(--cp-text-lg); }
.cp-text-xl { font-size: var(--cp-text-xl); }
.cp-text-2xl { font-size: var(--cp-text-2xl); }
.cp-text-3xl { font-size: var(--cp-text-3xl); }
.cp-text-xs {
font-size: var(--cp-text-xs);
}
.cp-text-sm {
font-size: var(--cp-text-sm);
}
.cp-text-base {
font-size: var(--cp-text-base);
}
.cp-text-lg {
font-size: var(--cp-text-lg);
}
.cp-text-xl {
font-size: var(--cp-text-xl);
}
.cp-text-2xl {
font-size: var(--cp-text-2xl);
}
.cp-text-3xl {
font-size: var(--cp-text-3xl);
}
.cp-font-light { font-weight: var(--cp-font-light); }
.cp-font-normal { font-weight: var(--cp-font-normal); }
.cp-font-medium { font-weight: var(--cp-font-medium); }
.cp-font-semibold { font-weight: var(--cp-font-semibold); }
.cp-font-bold { font-weight: var(--cp-font-bold); }
.cp-font-light {
font-weight: var(--cp-font-light);
}
.cp-font-normal {
font-weight: var(--cp-font-normal);
}
.cp-font-medium {
font-weight: var(--cp-font-medium);
}
.cp-font-semibold {
font-weight: var(--cp-font-semibold);
}
.cp-font-bold {
font-weight: var(--cp-font-bold);
}
.cp-leading-tight { line-height: var(--cp-leading-tight); }
.cp-leading-normal { line-height: var(--cp-leading-normal); }
.cp-leading-relaxed { line-height: var(--cp-leading-relaxed); }
.cp-leading-tight {
line-height: var(--cp-leading-tight);
}
.cp-leading-normal {
line-height: var(--cp-leading-normal);
}
.cp-leading-relaxed {
line-height: var(--cp-leading-relaxed);
}
.cp-text-center { text-align: center; }
.cp-text-left { text-align: left; }
.cp-text-right { text-align: right; }
.cp-text-center {
text-align: center;
}
.cp-text-left {
text-align: left;
}
.cp-text-right {
text-align: right;
}
.cp-truncate {
overflow: hidden;

11
apps/portal/tsconfig.json
View File

@ -5,9 +5,7 @@
"noEmit": true,
"moduleResolution": "node",
"lib": ["ES2022", "DOM", "DOM.Iterable"],
"plugins": [
{ "name": "next" }
],
"plugins": [{ "name": "next" }],
"baseUrl": ".",
"paths": {
"@/*": ["./src/*"],
@ -27,11 +25,6 @@
},
"allowJs": false
},
"include": [
"next-env.d.ts",
"**/*.ts",
"**/*.tsx",
".next/types/**/*.ts"
],
"include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
"exclude": ["node_modules"]
}

38
docs/ADDON-INSTALLATION-LOGIC.md
View File

@ -2,7 +2,8 @@
## Product Classification in Salesforce
### Item_Class__c Values
### Item_Class\_\_c Values
- **Service**: Main customer-selectable products (Internet plans, SIM plans, VPN)
- **Installation**: Installation options for services (one-time or monthly)
- **Add-on**: Optional additional services that can be standalone or bundled
@ -11,7 +12,9 @@
## Addon Logic
### Standalone Addons
Addons can exist independently without bundling:
```typescript
// Example: Voice Mail addon for SIM
{
@ -24,7 +27,9 @@ Addons can exist independently without bundling:
```
### Bundled Addons
Addons can be bundled with their installation/setup:
```typescript
// Monthly service addon
{
@ -48,7 +53,9 @@ Addons can be bundled with their installation/setup:
## Installation Logic
### Service Installations
Main service installations are classified as "Installation":
```typescript
// Internet service installation
{
@ -61,7 +68,9 @@ Main service installations are classified as "Installation":
```
### Addon Installations
Addon installations remain classified as "Add-on":
```typescript
// Addon installation (not classified as Installation)
{
@ -88,17 +97,20 @@ The `AddonGroup.tsx` component handles bundling:
## Business Rules
### Bundling Rules
- Only addons can be bundled (Item_Class__c = "Add-on")
- Service installations are separate (Item_Class__c = "Installation")
- Only addons can be bundled (Item_Class\_\_c = "Add-on")
- Service installations are separate (Item_Class\_\_c = "Installation")
- Bundled addons must have matching `bundledAddonId` references
- Bundle pairs: One Monthly + One Onetime with same bundle relationship
### SKU Patterns
- Service installations: `*-INSTALL-*` with Item_Class__c = "Installation"
- Addon installations: `*-ADDON-*-INSTALL` with Item_Class__c = "Add-on"
- Monthly addons: `*-ADDON-*` (no INSTALL suffix) with Item_Class__c = "Add-on"
- Service installations: `*-INSTALL-*` with Item_Class\_\_c = "Installation"
- Addon installations: `*-ADDON-*-INSTALL` with Item_Class\_\_c = "Add-on"
- Monthly addons: `*-ADDON-*` (no INSTALL suffix) with Item_Class\_\_c = "Add-on"
### Validation Logic
```typescript
// Service vs Addon installation detection
function isServiceInstallation(product) {
@ -106,20 +118,22 @@ function isServiceInstallation(product) {
}
function isAddonInstallation(product) {
return product.itemClass === "Add-on" &&
return (
product.itemClass === "Add-on" &&
product.sku.includes("INSTALL") &&
product.billingCycle === "Onetime";
product.billingCycle === "Onetime"
);
}
function isMonthlyAddon(product) {
return product.itemClass === "Add-on" &&
product.billingCycle === "Monthly";
return product.itemClass === "Add-on" && product.billingCycle === "Monthly";
}
```
This clarifies that:
1. **No featureList/featureSet fields** - removed from field mapping
2. **Addons can be standalone or bundled** with their installations
3. **Service installations** use Item_Class__c = "Installation"
4. **Addon installations** use Item_Class__c = "Add-on" (not "Installation")
3. **Service installations** use Item_Class\_\_c = "Installation"
4. **Addon installations** use Item_Class\_\_c = "Add-on" (not "Installation")
5. **Bundle logic** is based on `isBundledAddon` + `bundledAddonId` fields, not SKU patterns

4
docs/BUNDLE_ANALYSIS.md
View File

@ -26,10 +26,10 @@ pnpm bundle-analyze
```typescript
// Good: Specific imports
import { debounce } from 'lodash-es';
import { debounce } from "lodash-es";
// Bad: Full library import
import * as _ from 'lodash';
import * as _ from "lodash";
```
That's it! Keep it simple.

28
docs/CONSOLIDATED-TYPE-SYSTEM.md
View File

@ -146,21 +146,25 @@ type OrderItem = WhmcsOrderItem | OrderItemRequest | SalesforceOrderItem;
## Key Benefits
### 1. **Single Source of Truth**
- All types map directly to Salesforce object structure
- No more guessing which type to use in which context
- Consistent field names across the application
### 2. **Proper PricebookEntry Representation**
- Pricing is now properly modeled as PricebookEntry structure
- Convenience fields (`monthlyPrice`, `oneTimePrice`) derived from `unitPrice` and `billingCycle`
- No more confusion between `price` vs `monthlyPrice` vs `unitPrice`
### 3. **Type Safety**
- TypeScript discrimination based on `category` field
- Proper type guards for business logic
- Compile-time validation of field access
### 4. **Maintainability**
- Changes to Salesforce fields only need updates in one place
- Clear transformation functions between Salesforce API and TypeScript types
- Backward compatibility through type aliases
@ -186,14 +190,16 @@ function fromSalesforceProduct2(sfProduct: any, pricebookEntry?: any): Product {
whmcsProductName: sfProduct.WH_Product_Name__c,
// PricebookEntry structure
pricebookEntry: pricebookEntry ? {
pricebookEntry: pricebookEntry
? {
id: pricebookEntry.Id,
name: pricebookEntry.Name,
unitPrice: pricebookEntry.UnitPrice,
pricebook2Id: pricebookEntry.Pricebook2Id,
product2Id: sfProduct.Id,
isActive: pricebookEntry.IsActive !== false
} : undefined,
isActive: pricebookEntry.IsActive !== false,
}
: undefined,
// Convenience pricing fields
unitPrice: unitPrice,
@ -201,7 +207,7 @@ function fromSalesforceProduct2(sfProduct: any, pricebookEntry?: any): Product {
oneTimePrice: billingCycle === "Onetime" ? unitPrice : undefined,
// Include all other fields for dynamic access
...sfProduct
...sfProduct,
};
}
@ -220,11 +226,11 @@ function fromSalesforceOrderItem(sfOrderItem: any): SalesforceOrderItem {
totalPrice: sfOrderItem.TotalPrice,
pricebookEntry: {
...product.pricebookEntry!,
product2: product
product2: product,
},
whmcsServiceId: sfOrderItem.WHMCS_Service_ID__c,
billingCycle: product.billingCycle,
...sfOrderItem
...sfOrderItem,
};
}
```
@ -232,6 +238,7 @@ function fromSalesforceOrderItem(sfOrderItem: any): SalesforceOrderItem {
## Usage Examples
### Catalog Context
```typescript
const product = fromSalesforceProduct2(salesforceProduct, pricebookEntry);
@ -241,15 +248,17 @@ if (isCatalogVisible(product)) {
```
### Order Context
```typescript
const orderItem: OrderItemRequest = {
...product,
quantity: 1,
autoAdded: false
autoAdded: false,
};
```
### Enhanced Order Summary
```typescript
// Now uses consistent unified types
interface OrderItem extends OrderItemRequest {
@ -258,7 +267,8 @@ interface OrderItem extends OrderItemRequest {
}
// Access unified pricing fields
const price = item.billingCycle === "Monthly"
const price =
item.billingCycle === "Monthly"
? item.monthlyPrice || item.unitPrice || 0
: item.oneTimePrice || item.unitPrice || 0;
```
@ -266,6 +276,7 @@ const price = item.billingCycle === "Monthly"
## Migration Strategy
1. **Backward Compatibility**: Legacy type aliases maintained
```typescript
export type InternetPlan = InternetProduct;
export type CatalogItem = Product;
@ -291,6 +302,7 @@ The **Enhanced Order Summary** was a UI component that created its own `OrderIte
3. **Proper field access**: Uses `itemClass`, `billingCycle` from unified product structure
This eliminates the confusion about "which OrderItem type should I use?" because there's now a clear hierarchy:
- `OrderItemRequest` - for new orders in the portal
- `SalesforceOrderItem` - for existing orders from Salesforce
- `WhmcsOrderItem` - for existing orders from WHMCS

28
docs/CORRECTED-BUSINESS-LOGIC.md
View File

@ -3,47 +3,54 @@
## ✅ **Fixed Issues**
### **1. Removed Non-Existent Fields**
- **Removed**: `featureList` and `featureSet` from field mapping
- **Impact**: Prevents Salesforce query errors for non-existent fields
- **Solution**: Use hardcoded tier features in `getTierTemplate()`
### **2. Clarified Addon Logic**
**Addons can be:**
- **Standalone**: Independent monthly/onetime addons
- **Bundled**: Monthly addon + Onetime installation paired via `bundledAddonId`
**Key Points:**
- Addons use `Item_Class__c = "Add-on"` (even for installations)
- Service installations use `Item_Class__c = "Installation"`
- Bundle relationship via `isBundledAddon` + `bundledAddonId` fields
### **3. Fixed Order Validation**
**Before (Incorrect):**
```typescript
// Too restrictive - only allowed exactly 1 service SKU
const mainServiceSkus = data.skus.filter(
sku => !sku.includes("addon") && !sku.includes("fee")
);
const mainServiceSkus = data.skus.filter(sku => !sku.includes("addon") && !sku.includes("fee"));
return mainServiceSkus.length === 1;
```
**After (Correct):**
```typescript
// Allows service + installations + addons
const mainServiceSkus = data.skus.filter(sku => {
const upperSku = sku.toUpperCase();
return !upperSku.includes("INSTALL") &&
return (
!upperSku.includes("INSTALL") &&
!upperSku.includes("ADDON") &&
!upperSku.includes("ACTIVATION") &&
!upperSku.includes("FEE");
!upperSku.includes("FEE")
);
});
return mainServiceSkus.length >= 1; // At least one service required
```
## 📋 **Product Classification Matrix**
| Product Type | Item_Class__c | SKU Pattern | Billing Cycle | Bundle Logic |
|--------------|---------------|-------------|---------------|--------------|
| Product Type | Item_Class\_\_c | SKU Pattern | Billing Cycle | Bundle Logic |
| -------------------- | --------------- | ------------------------------ | ------------- | -------------------- |
| Internet Plan | Service | `INTERNET-SILVER-*` | Monthly | N/A |
| Service Installation | Installation | `INTERNET-INSTALL-*` | Onetime | Standalone |
| Monthly Addon | Add-on | `INTERNET-ADDON-DENWA` | Monthly | Can be bundled |
@ -54,6 +61,7 @@ return mainServiceSkus.length >= 1; // At least one service required
## 🔧 **Valid Order Examples**
### **Internet Order with Addons**
```json
{
"orderType": "Internet",
@ -67,6 +75,7 @@ return mainServiceSkus.length >= 1; // At least one service required
```
### **SIM Order with Addons**
```json
{
"orderType": "SIM",
@ -85,16 +94,19 @@ return mainServiceSkus.length >= 1; // At least one service required
## 🛡️ **Business Rules**
### **Internet Orders**
- ✅ Must have at least 1 main service SKU
- ✅ Can have multiple installations, addons, fees
- ✅ Bundled addons (monthly + installation) allowed
### **SIM Orders**
- ✅ Must specify `simType` in configurations
- ✅ eSIM orders must provide `eid`
- ✅ Can include activation fees and addons
### **Addon Bundling**
- ✅ Monthly addon + Onetime installation = Bundle
- ✅ Both use `Item_Class__c = "Add-on"`
- ✅ Linked via `bundledAddonId` field
@ -103,7 +115,7 @@ return mainServiceSkus.length >= 1; // At least one service required
## 🎯 **Key Differences from Main Branch**
| Aspect | Main Branch | Ver2 (Corrected) |
|--------|-------------|-------------------|
| ---------------- | ---------------------------- | ---------------------------- |
| Field Mapping | Includes non-existent fields | Only existing SF fields |
| Order Validation | Simple, permissive | Structured with clear rules |
| Addon Logic | Basic bundling | Comprehensive bundle support |

280
docs/CRITICAL-ISSUES-FIXED.md Normal file
View File

@ -0,0 +1,280 @@
# Critical Issues Fixed - Security & Reliability Improvements
## Overview
This document summarizes the resolution of critical high-impact issues identified in the codebase audit. All RED (High×High) and AMBER (High×Med/Med×High) issues have been addressed with production-ready solutions.
## ✅ Fixed Issues
### 🔴 RED · High×High · Broken Docker Build References
**Issue:** Both Dockerfiles referenced non-existent `packages/shared`, causing build failures.
**Files Fixed:**
- `apps/bff/Dockerfile` - Removed line 86 reference to `packages/shared/package.json`
- `eslint.config.mjs` - Removed line 53 reference to `packages/api-client/**/*.ts`
**Solution:**
- Updated Dockerfile to only reference existing packages: `domain`, `logging`, `validation`
- Cleaned up ESLint configuration to match actual package structure
- Docker builds now succeed without errors
**Impact:** ✅ **RESOLVED** - Docker builds now work correctly
---
### 🔴 RED · High×High · Refresh Rotation Bypass When Redis Degrades
**Issue:** `AuthTokenService.refreshTokens()` silently re-issued tokens when Redis wasn't ready, defeating refresh token invalidation and enabling replay attacks.
**Security Risk:** Attackers could replay stolen refresh tokens during Redis outages.
**Files Fixed:**
- `apps/bff/src/modules/auth/services/token.service.ts` (lines 275-292)
**Solution:**
```typescript
// OLD - Dangerous fallback that bypassed security
if (this.allowRedisFailOpen && this.redis.status !== "ready") {
// Issue new tokens without validation - SECURITY HOLE
}
// NEW - Fail closed for security
if (this.redis.status !== "ready") {
this.logger.error("Redis unavailable for token refresh - failing closed for security", {
redisStatus: this.redis.status,
securityReason: "refresh_token_rotation_requires_redis",
});
throw new ServiceUnavailableException("Token refresh temporarily unavailable");
}
```
**Security Improvements:**
- ✅ Always fail closed when Redis is unavailable
- ✅ Prevents refresh token replay attacks
- ✅ Maintains token rotation security guarantees
- ✅ Structured logging for security monitoring
**Impact:** ✅ **RESOLVED** - System now fails securely during Redis outages
---
### 🟡 AMBER · High×Med · Signup Workflow Leaves WHMCS Orphans
**Issue:** WHMCS client creation happened outside the database transaction, leaving orphaned billing accounts when user creation failed.
**Files Fixed:**
- `apps/bff/src/modules/auth/services/workflows/signup-workflow.service.ts` (lines 271-337)
**Solution:**
```typescript
// Added compensation pattern with proper error handling
try {
const result = await this.prisma.$transaction(async tx => {
// User creation and ID mapping in transaction
});
createdUserId = result.createdUserId;
} catch (dbError) {
// Compensation: Mark WHMCS client for cleanup
try {
await this.whmcsService.updateClient(whmcsClient.clientId, {
status: "Inactive",
});
this.logger.warn("Marked orphaned WHMCS client for manual cleanup", {
whmcsClientId: whmcsClient.clientId,
email,
action: "marked_for_cleanup",
});
} catch (cleanupError) {
this.logger.error("Failed to mark orphaned WHMCS client for cleanup", {
whmcsClientId: whmcsClient.clientId,
email,
cleanupError: getErrorMessage(cleanupError),
recommendation: "Manual cleanup required in WHMCS admin",
});
}
throw new BadRequestException(`Failed to create user account: ${getErrorMessage(dbError)}`);
}
```
**Improvements:**
- ✅ Proper compensation pattern prevents orphaned accounts
- ✅ Comprehensive logging for audit trails
- ✅ Graceful error handling with actionable recommendations
- ✅ Production-safe error messages [[memory:6689308]]
**Impact:** ✅ **RESOLVED** - No more orphaned WHMCS clients
---
### 🟡 AMBER · Med×Med · Salesforce Auth Fetches Can Hang Indefinitely
**Issue:** `performConnect()` called fetch without timeout, causing potential indefinite hangs.
**Files Fixed:**
- `apps/bff/src/integrations/salesforce/services/salesforce-connection.service.ts` (lines 160-189)
**Solution:**
```typescript
// Added AbortController with configurable timeout
const controller = new AbortController();
const timeoutId = setTimeout(() => {
controller.abort();
}, authTimeout);
try {
res = await fetch(tokenUrl, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
assertion,
}),
signal: controller.signal, // ✅ Timeout protection
});
} catch (error) {
if (error instanceof Error && error.name === "AbortError") {
const authDuration = Date.now() - startTime;
this.logger.error("Salesforce authentication timeout", {
authTimeout,
authDuration,
tokenUrl: isProd ? "[REDACTED]" : tokenUrl,
});
throw new Error(
isProd ? "Salesforce authentication timeout" : `Authentication timeout after ${authTimeout}ms`
);
}
throw error;
} finally {
clearTimeout(timeoutId);
}
```
**Improvements:**
- ✅ Configurable timeout via `SF_AUTH_TIMEOUT_MS` (default: 30s)
- ✅ Proper cleanup with `clearTimeout()`
- ✅ Enhanced logging with timing information
- ✅ Production-safe error messages [[memory:6689308]]
**Impact:** ✅ **RESOLVED** - Salesforce auth calls now have timeout protection
---
### 🟡 AMBER · Med×High · Logout Scans Entire Redis Keyspace Per User
**Issue:** `revokeAllUserTokens()` performed `SCAN MATCH refresh_family:*` on every logout, causing O(N) behavior.
**Files Fixed:**
- `apps/bff/src/modules/auth/services/token.service.ts` (per-user token sets implementation)
**Solution:**
```typescript
// OLD - Expensive keyspace scan
async revokeAllUserTokens(userId: string): Promise<void> {
let cursor = "0";
const pattern = `${this.REFRESH_TOKEN_FAMILY_PREFIX}*`;
do {
const [nextCursor, keys] = await this.redis.scan(cursor, "MATCH", pattern, "COUNT", 100);
// Scan entire keyspace - O(N) where N = all tokens
} while (cursor !== "0");
}
// NEW - Efficient per-user sets
async revokeAllUserTokens(userId: string): Promise<void> {
const userFamilySetKey = `${this.REFRESH_USER_SET_PREFIX}${userId}`;
const familyIds = await this.redis.smembers(userFamilySetKey); // O(1) lookup
// Only process this user's tokens - O(M) where M = user's tokens
const pipeline = this.redis.pipeline();
for (const familyId of familyIds) {
pipeline.del(`${this.REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
// Delete associated token records
}
pipeline.del(userFamilySetKey);
await pipeline.exec();
}
```
**Performance Improvements:**
- ✅ Changed from O(N) keyspace scan to O(1) set lookup
- ✅ Per-user token sets: `refresh_user:{userId}``{familyId1, familyId2, ...}`
- ✅ Automatic cleanup of excess tokens (max 10 per user)
- ✅ Fallback method for edge cases
**Impact:** ✅ **RESOLVED** - Logout performance is now O(1) instead of O(N)
---
## 🔧 Additional Improvements
### Environment Configuration
Added configurable settings for all critical thresholds:
```bash
# Redis-required token flow
AUTH_REQUIRE_REDIS_FOR_TOKENS=false
AUTH_MAINTENANCE_MODE=false
# Salesforce timeouts
SF_AUTH_TIMEOUT_MS=30000
SF_TOKEN_TTL_MS=720000
SF_TOKEN_REFRESH_BUFFER_MS=60000
# Queue throttling
WHMCS_QUEUE_CONCURRENCY=15
SF_QUEUE_CONCURRENCY=15
SF_QUEUE_LONG_RUNNING_CONCURRENCY=22
```
### Security Enhancements
- ✅ Fail-closed authentication during Redis outages
- ✅ Production-safe logging (no sensitive data exposure) [[memory:6689308]]
- ✅ Comprehensive audit trails for all operations
- ✅ Structured error handling with actionable recommendations
### Performance Optimizations
- ✅ Per-user token sets eliminate keyspace scans
- ✅ Configurable queue throttling thresholds
- ✅ Timeout protection for external API calls
- ✅ Efficient Redis pipeline operations
## 📊 Impact Summary
| Issue | Severity | Status | Impact |
| ----------------------- | ----------- | -------- | ----------------------------- |
| Docker Build References | 🔴 Critical | ✅ Fixed | Builds now succeed |
| Refresh Token Bypass | 🔴 Critical | ✅ Fixed | Security vulnerability closed |
| WHMCS Orphans | 🟡 High | ✅ Fixed | No more orphaned accounts |
| Salesforce Timeouts | 🟡 Medium | ✅ Fixed | No more hanging requests |
| Logout Performance | 🟡 High | ✅ Fixed | O(N) → O(1) improvement |
| ESLint Config | 🟡 Low | ✅ Fixed | Clean build process |
## 🚀 Deployment Readiness
All fixes are:
- ✅ **Production-ready** with proper error handling
- ✅ **Backward compatible** - no breaking changes
- ✅ **Configurable** via environment variables
- ✅ **Monitored** with comprehensive logging
- ✅ **Secure** with fail-closed patterns
- ✅ **Performant** with optimized algorithms
The system is now ready for production deployment with significantly improved security, reliability, and performance characteristics.

10
docs/FIXES-APPLIED.md
View File

@ -7,24 +7,28 @@ All TypeScript errors have been thoroughly resolved. The consolidated type syste
## Issues Fixed
### 1. **Export Conflicts and Missing Exports**
- ✅ Added `ProductOrderItem` as legacy alias for `OrderItemRequest`
- ✅ Fixed `catalog.ts` to properly import and re-export unified types
- ✅ Resolved `ItemClass` and `BillingCycle` export conflicts between modules
- ✅ Fixed `index.ts` to export types in correct order to avoid conflicts
### 2. **Enhanced Order Summary Type Issues**
- ✅ Created explicit `OrderItem` interface with all required properties
- ✅ Fixed `BillingCycle` type conflict (product vs subscription types)
- ✅ Updated all pricing field references to use unified structure
- ✅ Proper type imports from domain package
### 3. **Checkout Functions Updated**
- ✅ `buildInternetOrderItems()` now uses `InternetProduct` and `Product[]`
- ✅ `buildSimOrderItems()` now uses `SimProduct` and `Product[]`
- ✅ All order item creation uses proper unified structure with required fields
- ✅ Removed legacy type references (`InternetAddon`, `SimActivationFee`, etc.)
### 4. **Domain Package Structure**
- ✅ `product.ts` - Core unified types with proper PricebookEntry representation
- ✅ `order.ts` - Updated order types with re-exports for convenience
- ✅ `catalog.ts` - Legacy aliases and proper re-exports
@ -34,6 +38,7 @@ All TypeScript errors have been thoroughly resolved. The consolidated type syste
## Key Type Consolidations
### Before (Multiple Conflicting Types)
```typescript
// Multiple types for same data
interface CatalogItem { name, sku, monthlyPrice?, oneTimePrice?, type }
@ -43,6 +48,7 @@ interface InternetPlan { tier, offeringType, monthlyPrice?, features, ... }
```
### After (Unified Structure)
```typescript
// Single source of truth
interface BaseProduct {
@ -90,10 +96,10 @@ All transformation functions now properly handle the unified structure:
```typescript
// Salesforce Product2 + PricebookEntry → Unified Product
function fromSalesforceProduct2(sfProduct: any, pricebookEntry?: any): Product
function fromSalesforceProduct2(sfProduct: any, pricebookEntry?: any): Product;
// Salesforce OrderItem → Unified SalesforceOrderItem
function fromSalesforceOrderItem(sfOrderItem: any): SalesforceOrderItem
function fromSalesforceOrderItem(sfOrderItem: any): SalesforceOrderItem;
```
## Benefits Achieved

37
docs/FREEBIT-SIM-MANAGEMENT.md
View File

@ -189,6 +189,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
**Freebit API**: `PA03-02: Get Account Details` (`/mvno/getDetail/`)
#### Data Mapping:
```typescript
// Freebit API Response → Portal Display
{
@ -214,6 +215,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
```
#### Visual Elements:
- **Header**: SIM type icon + plan name + status badge
- **Phone Number**: Large, prominent display
- **Data Remaining**: Green highlight with formatted units (MB/GB)
@ -228,6 +230,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
**Freebit API**: `PA05-01: MVNO Communication Information Retrieval` (`/mvno/getTrafficInfo/`)
#### Data Mapping:
```typescript
// Freebit API Response → Portal Display
{
@ -246,6 +249,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
```
#### Visual Elements:
- **Progress Bar**: Color-coded based on usage percentage
- Green: 0-50% usage
- Orange: 50-75% usage
@ -264,6 +268,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
#### Action Buttons:
##### 🔵 **Top Up Data** Button
- **API**: `POST /api/subscriptions/29951/sim/top-up`
- **WHMCS APIs**: `CreateInvoice``CapturePayment`
- **Freebit API**: `PA04-04: Add Specs & Quota` (`/master/addSpec/`)
@ -273,18 +278,21 @@ This section provides a detailed breakdown of every element on the SIM managemen
- **Status**: ✅ **Fully Implemented** with payment processing
##### 🟢 **Reissue eSIM** Button (eSIM only)
- **API**: `POST /api/subscriptions/29951/sim/reissue-esim`
- **Freebit API**: `PA05-42: eSIM Profile Reissue` (`/esim/reissueProfile/`)
- **Confirmation**: Inline modal with warning about new QR code
- **Color Theme**: Green (`bg-green-50`, `text-green-700`, `border-green-200`)
##### 🔴 **Cancel SIM** Button
- **API**: `POST /api/subscriptions/29951/sim/cancel`
- **Freebit API**: `PA05-04: MVNO Plan Cancellation` (`/mvno/releasePlan/`)
- **Confirmation**: Destructive action modal with permanent warning
- **Color Theme**: Red (`bg-red-50`, `text-red-700`, `border-red-200`)
##### 🟣 **Change Plan** Button
- **API**: `POST /api/subscriptions/29951/sim/change-plan`
- **Freebit API**: `PA05-21: MVNO Plan Change` (`/mvno/changePlan/`)
- **Modal**: `ChangePlanModal.tsx` with plan selection
@ -292,6 +300,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
- **Important Notice**: "Plan changes must be requested before the 25th of the month"
#### Button States:
- **Enabled**: Full color theme with hover effects
- **Disabled**: Gray theme when SIM is not active
- **Loading**: "Processing..." text with disabled state
@ -305,21 +314,25 @@ This section provides a detailed breakdown of every element on the SIM managemen
#### Service Options:
##### 📞 **Voice Mail** (¥300/month)
- **Current Status**: Enabled/Disabled indicator
- **Toggle**: Dropdown to change status
- **API Mapping**: Voice option management endpoints
##### 📞 **Call Waiting** (¥300/month)
- **Current Status**: Enabled/Disabled indicator
- **Toggle**: Dropdown to change status
- **API Mapping**: Voice option management endpoints
##### 🌍 **International Roaming**
- **Current Status**: Enabled/Disabled indicator
- **Toggle**: Dropdown to change status
- **API Mapping**: Roaming configuration endpoints
##### 📶 **Network Type** (4G/5G)
- **Current Status**: Network type display
- **Toggle**: Dropdown to switch between 4G/5G
- **API Mapping**: Contract line change endpoints
@ -329,6 +342,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
**Component**: Static information panel in `SimManagementSection.tsx`
#### Information Items:
- **Real-time Updates**: "Data usage is updated in real-time and may take a few minutes to reflect recent activity"
- **Top-up Processing**: "Top-up data will be available immediately after successful processing"
- **Cancellation Warning**: "SIM cancellation is permanent and cannot be undone"
@ -337,6 +351,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
## 🔄 API Call Sequence
### Page Load Sequence:
1. **Initial Load**: `GET /api/subscriptions/29951/sim`
2. **Backend Processing**:
- `PA01-01: OEM Authentication` → Get auth token
@ -348,6 +363,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
### Action Sequences:
#### Top Up Data (Complete Payment Flow):
1. User clicks "Top Up Data" → Opens `TopUpModal`
2. User selects amount (1GB = 500 JPY) → `POST /api/subscriptions/29951/sim/top-up`
3. Backend: Calculate cost (ceil(GB) × ¥500)
@ -358,18 +374,21 @@ This section provides a detailed breakdown of every element on the SIM managemen
8. Frontend: Success/Error response → Refresh SIM data → Show message
#### eSIM Reissue:
1. User clicks "Reissue eSIM" → Confirmation modal
2. User confirms → `POST /api/subscriptions/29951/sim/reissue-esim`
3. Backend calls `PA05-42: eSIM Profile Reissue`
4. Success response → Show success message
#### Cancel SIM:
1. User clicks "Cancel SIM" → Destructive confirmation modal
2. User confirms → `POST /api/subscriptions/29951/sim/cancel`
3. Backend calls `PA05-04: MVNO Plan Cancellation`
4. Success response → Refresh SIM data → Show success message
#### Change Plan:
1. User clicks "Change Plan" → Opens `ChangePlanModal`
2. User selects new plan → `POST /api/subscriptions/29951/sim/change-plan`
3. Backend calls `PA05-21: MVNO Plan Change`
@ -378,6 +397,7 @@ This section provides a detailed breakdown of every element on the SIM managemen
## 🎨 Visual Design Elements
### Color Coding:
- **Blue**: Primary actions (Top Up Data)
- **Green**: eSIM operations (Reissue eSIM)
- **Red**: Destructive actions (Cancel SIM)
@ -386,12 +406,14 @@ This section provides a detailed breakdown of every element on the SIM managemen
- **Gray**: Disabled states
### Status Indicators:
- **Active**: Green checkmark + green badge
- **Suspended**: Yellow warning + yellow badge
- **Cancelled**: Red X + red badge
- **Pending**: Blue clock + blue badge
### Progress Visualization:
- **Usage Bar**: Color-coded based on percentage
- **Mini Bars**: Recent usage history
- **Cards**: Today's usage and remaining quota
@ -803,7 +825,7 @@ The Freebit SIM management system is now fully implemented and ready for deploym
### Complete API Mapping for `http://localhost:3000/subscriptions/29951#sim-management`
| UI Element | Component | Portal API | Freebit API | Data Transformation |
|------------|-----------|------------|-------------|-------------------|
| ----------------------- | ----------------------- | ------------------------------------------------ | ----------------------------------------------------------------------- | ---------------------------------------------------------------- |
| **SIM Details Card** | `SimDetailsCard.tsx` | `GET /api/subscriptions/29951/sim/details` | `PA03-02: Get Account Details` | Raw Freebit response → Formatted display with status badges |
| **Data Usage Chart** | `DataUsageChart.tsx` | `GET /api/subscriptions/29951/sim/usage` | `PA05-01: MVNO Communication Information` | Usage data → Progress bars and history charts |
| **Top Up Data Button** | `SimActions.tsx` | `POST /api/subscriptions/29951/sim/top-up` | `WHMCS: CreateInvoice + CapturePayment`<br>`PA04-04: Add Specs & Quota` | User input → Invoice creation → Payment capture → Freebit top-up |
@ -821,6 +843,7 @@ The Freebit SIM management system is now fully implemented and ready for deploym
5. **Error Handling**: Freebit errors → User-friendly error messages
### Real-time Updates:
- All actions trigger data refresh via `handleActionSuccess()`
- Loading states prevent duplicate actions
- Success/error messages provide immediate feedback
@ -831,34 +854,40 @@ The Freebit SIM management system is now fully implemented and ready for deploym
### ✅ **What Was Added (January 2025)**:
#### **WHMCS Invoice Creation & Payment Capture**
- ✅ **New WHMCS API Types**: `WhmcsCreateInvoiceParams`, `WhmcsCapturePaymentParams`, etc.
- ✅ **WhmcsConnectionService**: Added `createInvoice()` and `capturePayment()` methods
- ✅ **WhmcsInvoiceService**: Added invoice creation and payment processing
- ✅ **WhmcsService**: Exposed new invoice and payment methods
#### **Enhanced SIM Management Service**
- ✅ **Payment Integration**: `SimManagementService.topUpSim()` now includes full payment flow
- ✅ **Pricing Logic**: 1GB = 500 JPY calculation
- ✅ **Error Handling**: Payment failures prevent data addition
- ✅ **Transaction Logging**: Complete audit trail for payments and top-ups
#### **Complete Flow Implementation**
```
User Action → Cost Calculation → Invoice Creation → Payment Capture → Data Addition
```
### 📊 **Pricing Structure**
- **1 GB = ¥500**
- **2 GB = ¥1,000**
- **5 GB = ¥2,500**
- **10 GB = ¥5,000**
### ⚠️ **Error Handling**:
- **Payment Failed**: No data added, user notified
- **Freebit Failed**: Payment captured but data not added (requires manual intervention)
- **Invoice Creation Failed**: No charge, no data added
### 📝 **Implementation Files Modified**:
1. `apps/bff/src/vendors/whmcs/types/whmcs-api.types.ts` - Added WHMCS API types
2. `apps/bff/src/vendors/whmcs/services/whmcs-connection.service.ts` - Added API methods
3. `apps/bff/src/vendors/whmcs/services/whmcs-invoice.service.ts` - Added invoice creation
@ -870,17 +899,20 @@ User Action → Cost Calculation → Invoice Creation → Payment Capture → Da
### ✅ **Interface Improvements**:
#### **Simplified Top-Up Modal**
- ✅ **Custom GB Input**: Users can now enter any amount of GB (0.1 - 100 GB)
- ✅ **Real-time Cost Calculation**: Shows JPY cost as user types (1GB = 500 JPY)
- ✅ **Removed Complexity**: No more preset buttons, campaign codes, or scheduling
- ✅ **Cleaner UX**: Single input field with immediate cost feedback
#### **Updated Backend**
- ✅ **Simplified API**: Only requires `quotaMb` parameter
- ✅ **Removed Optional Fields**: No more `campaignCode`, `expiryDate`, or `scheduledAt`
- ✅ **Streamlined Processing**: Direct payment → data addition flow
#### **New User Experience**
```
1. User clicks "Top Up Data"
2. Enters desired GB amount (e.g., "2.5")
@ -890,8 +922,9 @@ User Action → Cost Calculation → Invoice Creation → Payment Capture → Da
```
### 📊 **Interface Changes**:
| **Before** | **After** |
|------------|-----------|
| -------------------------------------- | ---------------------------------- |
| 6 preset buttons (1GB, 2GB, 5GB, etc.) | Single GB input field (0.1-100 GB) |
| Campaign code input | Removed |
| Schedule date picker | Removed |

4
docs/MONOREPO-ARCHITECTURE.md
View File

@ -23,6 +23,7 @@ src/
```
Conventions:
- Use `@/lib/*` for shared frontend utilities and services.
- Avoid duplicate layers: do not reintroduce `core/` or `shared/` inside the app.
- Feature modules own their `components/`, `hooks/`, `services/`, and `types/` as needed.
@ -39,6 +40,7 @@ src/
```
Conventions:
- Prefer `modules/*` over flat directories per domain.
- Keep DTOs and validators in-module; reuse `packages/domain` for domain types.
@ -63,5 +65,3 @@ Conventions:
- Consider adding unit/integration tests per feature module.
- Enforce ESLint/Prettier consistent across repo.
- Optional: generators for feature scaffolding.

28
docs/NEW-AUTH-ARCHITECTURE-2025.md
View File

@ -7,12 +7,14 @@ This document outlines the completely redesigned authentication system that addr
## 🚨 Issues Fixed
### Critical Security Fixes
- ✅ **Removed dangerous manual JWT parsing** from GlobalAuthGuard
- ✅ **Eliminated sensitive data logging** (emails removed from error logs)
- ✅ **Consolidated duplicate throttle guards** (removed AuthThrottleEnhancedGuard)
- ✅ **Standardized error handling** with production-safe logging
### Architecture Improvements
- ✅ **Unified token service** with refresh token rotation
- ✅ **Comprehensive session management** with device tracking
- ✅ **Multi-factor authentication** support with TOTP and backup codes
@ -24,12 +26,14 @@ This document outlines the completely redesigned authentication system that addr
### Core Services
#### 1. **AuthTokenService** (`services/token.service.ts`)
- **Refresh Token Rotation**: Implements secure token rotation to prevent token reuse attacks
- **Short-lived Access Tokens**: 15-minute access tokens for minimal exposure
- **Token Family Management**: Detects and invalidates compromised token families
- **Backward Compatibility**: Maintains legacy `generateTokens()` method
**Key Features:**
```typescript
// Generate secure token pair
await tokenService.generateTokenPair(user, deviceInfo);
@ -42,12 +46,14 @@ await tokenService.revokeAllUserTokens(userId);
```
#### 2. **SessionService** (`services/session.service.ts`)
- **Device Tracking**: Monitors and manages user devices
- **Session Limits**: Enforces maximum 5 concurrent sessions per user
- **Trusted Devices**: Allows users to mark devices as trusted
- **Session Analytics**: Tracks session creation, access patterns, and expiry
**Key Features:**
```typescript
// Create secure session
const sessionId = await sessionService.createSession(userId, deviceInfo, mfaVerified);
@ -60,12 +66,14 @@ const sessions = await sessionService.getUserActiveSessions(userId);
```
#### 3. **MfaService** (`services/mfa.service.ts`)
- **TOTP Authentication**: Time-based one-time passwords using Google Authenticator
- **Backup Codes**: Cryptographically secure backup codes for recovery
- **QR Code Generation**: Easy setup with QR codes
- **Token Family Invalidation**: Security measure for compromised accounts
**Key Features:**
```typescript
// Setup MFA for user
const setup = await mfaService.generateMfaSetup(userId, userEmail);
@ -78,12 +86,14 @@ const codes = await mfaService.regenerateBackupCodes(userId);
```
#### 4. **AuthErrorService** (`services/auth-error.service.ts`)
- **Standardized Error Types**: Consistent error categorization
- **Production-Safe Logging**: No sensitive data in logs
- **User-Friendly Messages**: Clear, actionable error messages
- **Metadata Sanitization**: Automatic removal of sensitive fields
**Key Features:**
```typescript
// Create standardized error
const error = errorService.createError(AuthErrorType.INVALID_CREDENTIALS, "Login failed");
@ -98,12 +108,14 @@ const error = errorService.handleValidationError("email", value, "format");
### Enhanced Security Guards
#### **GlobalAuthGuard** (Simplified)
- ✅ Removed dangerous manual JWT parsing
- ✅ Relies on Passport JWT for token validation
- ✅ Only handles token blacklist checking
- ✅ Clean error handling without sensitive data exposure
#### **AuthThrottleGuard** (Unified)
- ✅ Single throttle guard implementation
- ✅ IP + User Agent tracking for better security
- ✅ Configurable rate limits per endpoint
@ -111,24 +123,28 @@ const error = errorService.handleValidationError("email", value, "format");
## 🔒 Security Features (2025 Standards)
### 1. **Token Security**
- **Short-lived Access Tokens**: 15-minute expiry reduces exposure window
- **Refresh Token Rotation**: New refresh token issued on each refresh
- **Token Family Tracking**: Detects and prevents token reuse attacks
- **Secure Storage**: Tokens hashed and stored in Redis with proper TTL
### 2. **Session Security**
- **Device Fingerprinting**: Tracks device characteristics for anomaly detection
- **Session Limits**: Maximum 5 concurrent sessions per user
- **Automatic Cleanup**: Expired sessions automatically removed
- **MFA Integration**: Sessions track MFA verification status
### 3. **Multi-Factor Authentication**
- **TOTP Support**: Compatible with Google Authenticator, Authy, etc.
- **Backup Codes**: 10 cryptographically secure backup codes
- **Code Rotation**: Used backup codes are immediately invalidated
- **Recovery Options**: Multiple recovery paths for account access
### 4. **Error Handling & Logging**
- **No Sensitive Data**: Emails, passwords, tokens never logged
- **Structured Logging**: Consistent log format with correlation IDs
- **User-Safe Messages**: Error messages safe for end-user display
@ -137,17 +153,20 @@ const error = errorService.handleValidationError("email", value, "format");
## 🚀 Implementation Benefits
### Performance Improvements
- **Reduced Complexity**: Eliminated over-abstraction and duplicate code
- **Efficient Caching**: Smart Redis usage with proper TTL management
- **Optimized Queries**: Reduced database calls through better session management
### Security Enhancements
- **Zero Sensitive Data Leakage**: Production-safe logging throughout
- **Token Reuse Prevention**: Refresh token rotation prevents replay attacks
- **Device Trust Management**: Reduces MFA friction for trusted devices
- **Comprehensive Audit Trail**: Full visibility into authentication events
### Developer Experience
- **Clean APIs**: Intuitive service interfaces with clear responsibilities
- **Consistent Naming**: No more confusing "Enhanced" or duplicate services
- **Type Safety**: Full TypeScript support with proper interfaces
@ -158,6 +177,7 @@ const error = errorService.handleValidationError("email", value, "format");
### Immediate Changes Required
1. **Update Token Usage**:
```typescript
// Old way
const tokens = tokenService.generateTokens(user);
@ -167,6 +187,7 @@ const error = errorService.handleValidationError("email", value, "format");
```
2. **Error Handling**:
```typescript
// Old way
throw new UnauthorizedException("Invalid credentials");
@ -227,12 +248,14 @@ const ENABLE_SESSION_TRACKING = true;
## 🧪 Testing
### Unit Tests Required
- [ ] AuthTokenService refresh token rotation
- [ ] MfaService TOTP verification
- [ ] SessionService device management
- [ ] AuthErrorService error sanitization
### Integration Tests Required
- [ ] End-to-end authentication flow
- [ ] MFA setup and verification
- [ ] Session management across devices
@ -241,12 +264,14 @@ const ENABLE_SESSION_TRACKING = true;
## 📊 Monitoring & Alerts
### Key Metrics to Track
- **Token Refresh Rate**: Monitor for unusual refresh patterns
- **MFA Adoption**: Track MFA enablement across users
- **Session Anomalies**: Detect unusual session patterns
- **Error Rates**: Monitor authentication failure rates
### Recommended Alerts
- **Token Family Invalidation**: Potential security breach
- **High MFA Failure Rate**: Possible attack or user issues
- **Session Limit Exceeded**: Unusual user behavior
@ -255,18 +280,21 @@ const ENABLE_SESSION_TRACKING = true;
## 🎯 Next Steps
### Phase 1: Core Implementation ✅
- [x] Fix security vulnerabilities
- [x] Implement new services
- [x] Update auth module
- [x] Add comprehensive error handling
### Phase 2: Frontend Integration
- [ ] Update frontend to use refresh tokens
- [ ] Implement MFA setup UI
- [ ] Add session management interface
- [ ] Update error handling in UI
### Phase 3: Advanced Features
- [ ] Risk-based authentication
- [ ] Passwordless authentication options
- [ ] Advanced device fingerprinting

1
docs/PRODUCT-CATALOG-ARCHITECTURE.md
View File

@ -13,6 +13,7 @@ The portal surfaces catalog content and checkout actions based on the customer's
- The portal SIM catalog automatically renders a Family Discount section and banner when such plans are present.
Implementation notes
- Portal uses the `useActiveSubscriptions()` hook which calls `GET /subscriptions/active` and relies on the shared Subscription type (product/group name and status) to detect Internet/SIM services.
- No guessing of API response shapes; behavior aligns with the documented BFF controllers in `apps/bff/src/subscriptions/subscriptions.controller.ts` and catalog services.

277
docs/REDIS-TOKEN-FLOW-IMPLEMENTATION.md Normal file
View File

@ -0,0 +1,277 @@
# Redis-Required Token Flow Implementation Summary
## Overview
This document summarizes the implementation of the Redis-required token flow with maintenance response, Salesforce auth timeout and logging improvements, queue throttling threshold updates, per-user refresh token sets, and migration utilities.
## ✅ Completed Features
### 1. Redis-Required Token Flow with Maintenance Response
**Environment Variables Added:**
- `AUTH_REQUIRE_REDIS_FOR_TOKENS`: When enabled, tokens require Redis to be available
- `AUTH_MAINTENANCE_MODE`: Enables maintenance mode for authentication service
- `AUTH_MAINTENANCE_MESSAGE`: Customizable maintenance message
**Implementation:**
- Added `checkServiceAvailability()` method in `AuthTokenService`
- Strict Redis requirement enforcement when flag is enabled
- Graceful maintenance mode with custom messaging
- Production-safe error handling [[memory:6689308]]
**Files Modified:**
- `apps/bff/src/core/config/env.validation.ts`
- `apps/bff/src/modules/auth/services/token.service.ts`
- `env/portal-backend.env.sample`
### 2. Salesforce Auth Timeout + Logging
**Environment Variables Added:**
- `SF_AUTH_TIMEOUT_MS`: Configurable authentication timeout (default: 30s)
- `SF_TOKEN_TTL_MS`: Token time-to-live (default: 12 minutes)
- `SF_TOKEN_REFRESH_BUFFER_MS`: Refresh buffer time (default: 1 minute)
**Implementation:**
- Added timeout handling with `AbortController`
- Enhanced logging with timing information and error details
- Production-safe logging (sensitive data redacted) [[memory:6689308]]
- Re-authentication attempt logging with duration tracking
- Session expiration detection and automatic retry
**Files Modified:**
- `apps/bff/src/integrations/salesforce/services/salesforce-connection.service.ts`
- `apps/bff/src/core/config/env.validation.ts`
- `env/portal-backend.env.sample`
### 3. Queue Throttling Thresholds (Configurable)
**Environment Variables Added:**
- `WHMCS_QUEUE_CONCURRENCY`: WHMCS concurrent requests (default: 15)
- `WHMCS_QUEUE_INTERVAL_CAP`: WHMCS requests per minute (default: 300)
- `WHMCS_QUEUE_TIMEOUT_MS`: WHMCS request timeout (default: 30s)
- `SF_QUEUE_CONCURRENCY`: Salesforce concurrent requests (default: 15)
- `SF_QUEUE_LONG_RUNNING_CONCURRENCY`: SF long-running requests (default: 22)
- `SF_QUEUE_INTERVAL_CAP`: SF requests per minute (default: 600)
- `SF_QUEUE_TIMEOUT_MS`: SF request timeout (default: 30s)
- `SF_QUEUE_LONG_RUNNING_TIMEOUT_MS`: SF long-running timeout (default: 10 minutes)
**Implementation:**
- Made all queue thresholds configurable via environment variables
- Maintained optimized default values (15 concurrent, 5-10 RPS)
- Enhanced logging with actual configuration values
**Files Modified:**
- `apps/bff/src/core/queue/services/whmcs-request-queue.service.ts`
- `apps/bff/src/core/queue/services/salesforce-request-queue.service.ts`
- `apps/bff/src/core/config/env.validation.ts`
- `env/portal-backend.env.sample`
### 4. Per-User Refresh Token Sets
**Implementation:**
- Enhanced `AuthTokenService` with per-user token management
- Added `REFRESH_USER_SET_PREFIX` for organizing tokens by user
- Implemented automatic cleanup of excess tokens (max 10 per user)
- Added `getUserRefreshTokenFamilies()` method for token inspection
- Optimized `revokeAllUserTokens()` using Redis sets instead of scanning
**New Methods:**
- `storeRefreshTokenInRedis()`: Enhanced storage with user sets
- `cleanupExcessUserTokens()`: Automatic cleanup of old tokens
- `getUserRefreshTokenFamilies()`: Get user's active token families
- `revokeAllUserTokensFallback()`: Fallback for edge cases
**Files Modified:**
- `apps/bff/src/modules/auth/services/token.service.ts`
### 5. Migration Utilities for Existing Keys
**New Service:** `TokenMigrationService`
- Migrates existing refresh tokens to new per-user structure
- Handles orphaned token cleanup
- Provides migration statistics and status
- Supports dry-run mode for safe testing
**Admin Endpoints Added:**
- `GET /auth/admin/token-migration/status`: Check migration status
- `POST /auth/admin/token-migration/run?dryRun=true`: Run migration
- `POST /auth/admin/token-migration/cleanup?dryRun=true`: Cleanup orphaned tokens
**Migration Features:**
- Scans existing refresh token families and tokens
- Creates per-user token sets for existing tokens
- Identifies and removes orphaned tokens
- Comprehensive logging and error handling
- Audit trail for all migration operations
**Files Created:**
- `apps/bff/src/modules/auth/services/token-migration.service.ts`
**Files Modified:**
- `apps/bff/src/modules/auth/auth.module.ts`
- `apps/bff/src/modules/auth/auth-admin.controller.ts`
## 🚀 Deployment Instructions
### 1. Environment Configuration
Add the following to your environment file:
```bash
# Redis-required token flow
AUTH_REQUIRE_REDIS_FOR_TOKENS=false # Set to true to require Redis
AUTH_MAINTENANCE_MODE=false # Set to true for maintenance
AUTH_MAINTENANCE_MESSAGE=Authentication service is temporarily unavailable for maintenance. Please try again later.
# Salesforce timeouts
SF_AUTH_TIMEOUT_MS=30000
SF_TOKEN_TTL_MS=720000
SF_TOKEN_REFRESH_BUFFER_MS=60000
# Queue throttling (adjust as needed)
WHMCS_QUEUE_CONCURRENCY=15
WHMCS_QUEUE_INTERVAL_CAP=300
WHMCS_QUEUE_TIMEOUT_MS=30000
SF_QUEUE_CONCURRENCY=15
SF_QUEUE_LONG_RUNNING_CONCURRENCY=22
SF_QUEUE_INTERVAL_CAP=600
SF_QUEUE_TIMEOUT_MS=30000
SF_QUEUE_LONG_RUNNING_TIMEOUT_MS=600000
```
### 2. Migration Process
1. **Check Migration Status:**
```bash
GET /auth/admin/token-migration/status
```
2. **Run Dry-Run Migration:**
```bash
POST /auth/admin/token-migration/run?dryRun=true
```
3. **Execute Actual Migration:**
```bash
POST /auth/admin/token-migration/run?dryRun=false
```
4. **Cleanup Orphaned Tokens:**
```bash
POST /auth/admin/token-migration/cleanup?dryRun=false
```
### 3. Feature Flag Rollout
1. **Phase 1:** Deploy with `AUTH_REQUIRE_REDIS_FOR_TOKENS=false`
2. **Phase 2:** Run migration in dry-run mode to assess impact
3. **Phase 3:** Execute migration during maintenance window
4. **Phase 4:** Enable `AUTH_REQUIRE_REDIS_FOR_TOKENS=true` for strict mode
## 🔧 Configuration Recommendations
### Production Settings
```bash
# Strict Redis requirement for production
AUTH_REQUIRE_REDIS_FOR_TOKENS=true
# Conservative queue settings for stability
WHMCS_QUEUE_CONCURRENCY=10
WHMCS_QUEUE_INTERVAL_CAP=200
SF_QUEUE_CONCURRENCY=12
SF_QUEUE_INTERVAL_CAP=400
# Longer timeouts for production reliability
SF_AUTH_TIMEOUT_MS=45000
WHMCS_QUEUE_TIMEOUT_MS=45000
```
### Development Settings
```bash
# Allow failover for development
AUTH_REQUIRE_REDIS_FOR_TOKENS=false
# Higher throughput for development
WHMCS_QUEUE_CONCURRENCY=20
WHMCS_QUEUE_INTERVAL_CAP=500
SF_QUEUE_CONCURRENCY=20
SF_QUEUE_INTERVAL_CAP=800
```
## 🔍 Monitoring and Observability
### Key Metrics to Monitor
1. **Token Operations:**
- Redis connection status
- Token generation/refresh success rates
- Per-user token counts
2. **Queue Performance:**
- Queue depths and wait times
- Request success/failure rates
- Timeout occurrences
3. **Salesforce Auth:**
- Authentication duration
- Re-authentication frequency
- Session expiration events
### Log Patterns to Watch
- `"Authentication service in maintenance mode"`
- `"Redis required for token operations but not available"`
- `"Salesforce authentication timeout"`
- `"Cleaned up excess user tokens"`
## 🛡️ Security Considerations
1. **Production Logging:** All sensitive data is redacted in production logs [[memory:6689308]]
2. **Token Limits:** Automatic cleanup prevents token accumulation attacks
3. **Redis Dependency:** Strict mode prevents token operations without Redis
4. **Audit Trail:** All migration operations are logged for compliance
5. **Graceful Degradation:** Maintenance mode provides controlled service interruption
## 📋 Testing Checklist
- [ ] Redis failover behavior with strict mode enabled
- [ ] Maintenance mode activation and messaging
- [ ] Salesforce authentication timeout handling
- [ ] Queue throttling under load
- [ ] Token migration dry-run and execution
- [ ] Per-user token limit enforcement
- [ ] Orphaned token cleanup
- [ ] Admin endpoint security (admin-only access)
## 🔄 Rollback Plan
If issues arise:
1. **Disable Strict Mode:** Set `AUTH_REQUIRE_REDIS_FOR_TOKENS=false`
2. **Exit Maintenance:** Set `AUTH_MAINTENANCE_MODE=false`
3. **Revert Queue Settings:** Use previous concurrency/timeout values
4. **Token Cleanup:** Use migration service to clean up if needed
All changes are backward compatible and can be safely rolled back via environment variables.

1
docs/SIM-MANAGEMENT-API-DATA-FLOW.md
View File

@ -301,6 +301,7 @@ Endpoints used
- BFF → Freebit: `PA04-04 Add Spec & Quota` (`/master/addSpec/`) if payment succeeds
Pricing
- Amount in JPY = ceil(quotaMb / 1000) × 500
- Example: 1000MB → ¥500, 3000MB → ¥1,500

4
docs/UNIFIED-PRODUCT-TYPES.md
View File

@ -10,6 +10,7 @@ Previously, we had multiple type definitions trying to represent the same underl
- Various interfaces in Salesforce order types
This led to:
- **Type duplication** across the codebase
- **Inconsistent field names** between contexts
- **Maintenance overhead** when Salesforce fields change
@ -101,7 +102,7 @@ const orderItem: ProductOrderItem = {
...product,
quantity: 1,
unitPrice: product.monthlyPrice || 0,
totalPrice: product.monthlyPrice || 0
totalPrice: product.monthlyPrice || 0,
};
// Type-safe access to specific fields
@ -113,6 +114,7 @@ if (isInternetProduct(product)) {
### Migration Strategy
1. **Backward Compatibility**: Legacy type aliases maintained
```typescript
export type InternetPlan = InternetProduct; // For existing code
export type CatalogItem = Product; // Unified representation

21
env/portal-backend.env.sample vendored
View File

@ -13,6 +13,12 @@ DATABASE_URL=postgresql://portal:CHANGE_ME@database:5432/portal_prod?schema=publ
# Cache (Redis)
REDIS_URL=redis://cache:6379/0
AUTH_ALLOW_REDIS_TOKEN_FAILOPEN=false
# Redis-required token flow (when enabled, tokens require Redis to be available)
AUTH_REQUIRE_REDIS_FOR_TOKENS=false
# Maintenance mode for authentication service
AUTH_MAINTENANCE_MODE=false
AUTH_MAINTENANCE_MESSAGE=Authentication service is temporarily unavailable for maintenance. Please try again later.
# Security
JWT_SECRET=CHANGE_ME
@ -52,6 +58,20 @@ SF_CLIENT_ID=
SF_PRIVATE_KEY_PATH=/app/secrets/sf-private.key
SF_USERNAME=
SF_WEBHOOK_SECRET=
# Salesforce Authentication Timeouts (in milliseconds)
SF_AUTH_TIMEOUT_MS=30000
SF_TOKEN_TTL_MS=720000
SF_TOKEN_REFRESH_BUFFER_MS=60000
# Queue Throttling Configuration
WHMCS_QUEUE_CONCURRENCY=15
WHMCS_QUEUE_INTERVAL_CAP=300
WHMCS_QUEUE_TIMEOUT_MS=30000
SF_QUEUE_CONCURRENCY=15
SF_QUEUE_LONG_RUNNING_CONCURRENCY=22
SF_QUEUE_INTERVAL_CAP=600
SF_QUEUE_TIMEOUT_MS=30000
SF_QUEUE_LONG_RUNNING_TIMEOUT_MS=600000
# Salesforce Platform Events (Provisioning)
SF_EVENTS_ENABLED=true
@ -92,4 +112,3 @@ NODE_OPTIONS=--max-old-space-size=512
# NOTE: Frontend (Next.js) uses a separate env file (portal-frontend.env)
# Do not include NEXT_PUBLIC_* variables here.

3
eslint.config.mjs
View File

@ -50,7 +50,6 @@ export default [
"apps/bff/**/*.ts",
"packages/domain/**/*.ts",
"packages/logging/**/*.ts",
"packages/api-client/**/*.ts",
"packages/validation/**/*.ts",
],
languageOptions: {
@ -71,7 +70,7 @@ export default [
// Enforce consistent strict rules across shared as well
{
files: ["packages/shared/**/*.ts"],
files: ["packages/**/*.{ts,tsx}"],
rules: {
"@typescript-eslint/no-redundant-type-constituents": "error",
"@typescript-eslint/no-explicit-any": "error",

3
packages/domain/tsconfig.json
View File

@ -10,8 +10,7 @@
"declarationMap": true,
"composite": true,
"tsBuildInfoFile": "./tsconfig.tsbuildinfo",
"paths": {
}
"paths": {}
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"]

11
packages/validation/tsconfig.json
View File

@ -12,13 +12,6 @@
"tsBuildInfoFile": "dist/.tsbuildinfo"
},
"include": ["src/**/*"],
"exclude": [
"dist",
"node_modules",
"**/*.test.ts",
"**/*.spec.ts"
],
"references": [
{ "path": "../domain" }
]
"exclude": ["dist", "node_modules", "**/*.test.ts", "**/*.spec.ts"],
"references": [{ "path": "../domain" }]
}

10470
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff