admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add MFA/TOTP auth, PII encryption, agents/leads/inquiries modules, and comprehensive tests

Browse Source 
- Add TOTP-based MFA with setup, verify, disable, backup codes, and challenge flow
- Add PII field encryption middleware with AES-256-GCM and deterministic search hashes
- Add agents, inquiries, and leads domain modules with entities, events, value objects
- Add web dashboard pages for inquiries and leads with detail dialogs
- Add 30+ component tests (valuation, charts, listings, search, providers, UI)
- Add Prisma migrations for encryption hash columns and MFA TOTP support
- Fix all ESLint errors (unused imports, duplicate imports, lint auto-fixes)
- Update dependencies and lock file
- Clean up obsolete exploration/QA docs, add audit documentation

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-11 23:43:20 +07:00
parent 9e2bf9a4b5
commit 1fbe2f4e73
131 changed files with 11436 additions and 2595 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
prisma/migrations/20260411100000_add_pii_encryption_hash_columns/migration.sql Normal file
View File

@@ -0,0 +1,34 @@
-- =============================================================================
-- Migration: Add hash columns for field-level PII encryption
--
-- This migration adds deterministic HMAC-SHA256 hash columns alongside
-- encrypted PII fields to support indexed lookups (WHERE / UNIQUE).
--
-- The original email/phone columns will hold encrypted ciphertext after
-- the backfill script runs. Uniqueness shifts to the hash columns.
-- =============================================================================
-- ---------- User ----------
-- Drop existing unique constraints on plaintext columns
-- These will be replaced by unique constraints on hash columns
ALTER TABLE "User" DROP CONSTRAINT IF EXISTS "User_email_key";
ALTER TABLE "User" DROP CONSTRAINT IF EXISTS "User_phone_key";
-- Add hash columns
ALTER TABLE "User" ADD COLUMN "emailHash" TEXT;
ALTER TABLE "User" ADD COLUMN "phoneHash" TEXT;
-- Unique indexes on hash columns (replace the old plaintext unique constraints)
CREATE UNIQUE INDEX "User_emailHash_key" ON "User"("emailHash");
CREATE UNIQUE INDEX "User_phoneHash_key" ON "User"("phoneHash");
-- ---------- Lead ----------
-- Add hash columns
ALTER TABLE "Lead" ADD COLUMN "phoneHash" TEXT;
ALTER TABLE "Lead" ADD COLUMN "emailHash" TEXT;
-- Non-unique indexes for Lead hash columns (leads can share phone/email)
CREATE INDEX "Lead_phoneHash_idx" ON "Lead"("phoneHash");
CREATE INDEX "Lead_emailHash_idx" ON "Lead"("emailHash");

29
prisma/migrations/20260411200000_add_mfa_totp_support/migration.sql Normal file
View File

@@ -0,0 +1,29 @@
-- AddMfaTotpSupport
-- Add TOTP-based MFA fields to User model and MfaChallenge table
-- Add MFA columns to User
ALTER TABLE "User" ADD COLUMN "totpSecret" TEXT;
ALTER TABLE "User" ADD COLUMN "totpEnabled" BOOLEAN NOT NULL DEFAULT false;
ALTER TABLE "User" ADD COLUMN "totpBackupCodes" TEXT[] DEFAULT ARRAY[]::TEXT[];
ALTER TABLE "User" ADD COLUMN "totpEnabledAt" TIMESTAMP(3);
-- Create MfaChallenge table for login verification flow
CREATE TABLE "MfaChallenge" (
"id" TEXT NOT NULL,
"userId" TEXT NOT NULL,
"type" TEXT NOT NULL,
"attemptCount" INTEGER NOT NULL DEFAULT 0,
"maxAttempts" INTEGER NOT NULL DEFAULT 5,
"isVerified" BOOLEAN NOT NULL DEFAULT false,
"expiresAt" TIMESTAMP(3) NOT NULL,
"createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
CONSTRAINT "MfaChallenge_pkey" PRIMARY KEY ("id")
);
-- Indexes
CREATE INDEX "MfaChallenge_userId_expiresAt_idx" ON "MfaChallenge"("userId", "expiresAt");
CREATE INDEX "MfaChallenge_expiresAt_idx" ON "MfaChallenge"("expiresAt");
-- Foreign key
ALTER TABLE "MfaChallenge" ADD CONSTRAINT "MfaChallenge_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;