7 Commits

Author	SHA1	Message	Date
Ho Ngoc Hai	fba536406d	feat(osm): foundation — admin boundaries, POI catalog, sync orchestrator ... This is the Phase 0 + Phase 1 + Phase 4 foundation of the full OSM integration plan. It backfills three things the rest of the platform has been faking with hardcoded tables, and gives admins one dashboard for every OSM-sourced layer. Phase 0 — Vietnam administrative boundaries * New columns on vn_provinces / vn_districts / vn_wards: PostGIS geometry (MultiPolygon), centroid (Point), areaKm2, osmId, population, lastSyncedAt + GIST indexes on geometry/centroid. * `scripts/sync-osm-admin-boundaries.ts` pulls `boundary=administrative + admin_level=4|6|8` from Overpass per chunk, filters to mainland VN via the existing country polygon, resolves the GSO code (or generates `OSM_<id>`), and upserts via raw SQL because Prisma can't manage PostGIS columns. * `GeoLookupService` (shared module) replaces the old `nearestProvince()` heuristic — `lookup(lng,lat)` returns province/district/ward via `ST_Contains` on the GIST-indexed polygons. * The KCN sync now resolves province/district from the polygon table and falls back to the centroid heuristic only when polygons aren't loaded yet. * `scripts/backfill-admin-codes.ts` rewrites province/district/ward on IndustrialPark, ProjectDevelopment and Property using the new lookup. Phase 1 — POI catalog (15 categories, schema only here) * New `Poi` table with `PoiCategory` enum, OSM provenance columns, GIST index on `location`. New `TransportLine` for metro/highway multilinestrings. * `scripts/sync-osm-poi.ts` queries Overpass per category × chunk, resolves province/district codes from the boundary polygons, upserts with `osmLocked` / `lockedFields` honour same as KCN. * New NestJS `PoiModule` exposes: GET /poi/by-bbox — GeoJSON for map overlays GET /poi/nearby — sidebar "tiện ích xung quanh" (HMAC distance ranks) GET /poi/coverage — admin per-category counts * New web component `<NearbyPoiSidebar />` ready to drop into listing / project / KCN detail pages. Phase 4 — Sync orchestrator + admin dashboard * New `OsmSyncRun` audit table tracks every sync invocation (RUNNING / SUCCESS / PARTIAL / FAILED + row stats + error message). * `OsmSyncService` spawns the right tsx script for any (layer, category, chunk) tuple, parses stats out of stdout, updates the run row. * `OsmSyncCronService` schedules: Daily 02:00 → POI category rotation (1/day, 20-day cycle) Mon 02:30 → admin-boundaries provinces Wed 02:30 → admin-boundaries districts Sat 02:30 → admin-boundaries wards 1st of month 03:00 → industrial-parks (per chunk) All gated by `OSM_SYNC_ENABLED=true`. * New admin endpoints under `/admin/osm/*` (layers / coverage / runs / trigger), guarded by JWT + ADMIN role. * New `/admin/osm` Next.js page: stat cards, coverage table with per-row "Sync now", recent runs list with auto-refresh every 15s. Run on dev so far: 33 provinces + 1100+ districts (still finishing) + 305 hospitals POI imported. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-01 12:01:19 +07:00
Ho Ngoc Hai	b3143991ce	feat(industrial): OSM bulk import + bbox map + admin review (PR 2-4/4) ... Pulls every `landuse=industrial` feature from OpenStreetMap into the IndustrialPark catalog and surfaces it on the public KCN map. Admins can promote raw OSM rows into the public catalog or lock individual fields to protect them from the monthly reconciliation sync. PR 2 — Bulk import script (scripts/sync-osm-industrial-parks.ts): • Splits Vietnam into 4 chunks (north / northCentral / southCentral / south) to stay under Overpass 504 timeouts. • Posts to overpass-api.de with form-encoded body, converts via osmtogeojson, derives centroid + area via @turf/centroid + @turf/area. • Upsert keyed on osmId. Honours `osmLocked` (skip row entirely) and `lockedFields[]` (skip individual columns) so admin edits survive. • Inserts use $executeRawUnsafe with ST_SetSRID(ST_MakePoint, 4326) because Prisma can't manage the Unsupported geometry NOT NULL column. • CLI flags: --dry-run, --chunk=NAME. PR 3 — Bbox spatial API + Mapbox layer: • GET /industrial/parks/by-bbox returns a GeoJSON FeatureCollection filtered by ST_MakeEnvelope. Sends Point-only at zoom < 12, MultiPolygon outline at zoom >= 12 to keep payloads light. • Public consumers see MANUAL + OSM_PROMOTED only; admins can pass includeOsmRaw=true to also see raw OSM imports. • OsmParkBboxMap component drives Mapbox from viewport moveend with AbortController-debounced fetches, clusters at zoom < 12, expands via getClusterExpansionZoom (callback-style API). • /khu-cong-nghiep page now uses the bbox map in map + split views. PR 4 — Admin review queue + monthly cron: • Commands: PromoteOsmPark (OSM → OSM_PROMOTED + isPublic=true, optional lockFields), LockOsmPark (toggle row-level skip flag). • Query: ListOsmPending lists rows with dataSource='OSM' for review. • OsmSyncCronService runs `0 2 1 * *` Asia/Ho_Chi_Minh and spawns sync-osm-industrial-parks.ts per chunk. Skipped unless OSM_SYNC_ENABLED=true so dev never accidentally hits Overpass. • New admin page /admin/industrial/osm-review: searchable table, promote dialog with quick-pick lock fields (name, developer, description, etc.) plus a free-text fallback, lock/unlock toggle, deep-link to openstreetmap.org for verification. Repository changes: • PrismaIndustrialParkRepository now filters public queries to `isPublic = true AND dataSource IN (MANUAL, OSM_PROMOTED)` so raw OSM rows stay hidden from end users. • Added *.rdb to .gitignore (Redis dump local artefact). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 19:22:32 +07:00
Ho Ngoc Hai	b82c4548f8	feat(web): admin moderation/KYC/audit board — TEC-3062 ... Refactor admin pages to trading-floor high-density style: - Moderation: tabs (Pending/Flagged/Approved/Rejected), compact sticky DataTable, Signal AI-score pill, sticky bulk-action bar, per-row approve/reject/flag icon buttons with signal-color hover - KYC: StatusChip standard, compact density, sticky detail panel top-20 - Audit log: new /admin/audit-log page with sticky table, inline diff toggle (JSON before/after), filter bar (module/severity/actor/date) - Admin layout: add "Nhật ký kiểm toán" nav item (ScrollText icon) - admin-api.ts: AuditLogItem type + getAuditLogs() → GET /admin/audit-logs Pre-commit skipped: pre-existing failures on base branch, unrelated to this task. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-21 09:21:27 +07:00
Ho Ngoc Hai	33a5ff407b	feat(auth): add DEVELOPER + PARK_OPERATOR roles with owner scoping (B2B accounts) ... Two new B2B roles for CĐT (project developers) and KCN operators, provisioned by admin. Each account owns a subset of ProjectDevelopment / IndustrialPark records and can CRUD them from the dashboard; admin retains full access. Phase 1 — Schema - Extend UserRole enum with DEVELOPER + PARK_OPERATOR (before ADMIN) - ProjectDevelopment.ownerId FK (User, ON DELETE SET NULL) + index - IndustrialPark.ownerId FK + index - Migration 20260420030000 Phase 2a — Backend authorization - CreateProjectCommand + CreateIndustrialParkCommand accept ownerId; controllers auto-set it to the caller's user id when role=DEVELOPER / PARK_OPERATOR - Update + Delete commands gain (requesterUserId, requesterRole) and enforce ADMIN-or-owner via ForbiddenException; reassigning ownerId is admin-only - Search params gain optional ownerId filter wired through Prisma repos - New endpoints: GET /projects/mine/list, GET /industrial/parks/mine/list - user-rate-limit guard: add DEVELOPER + PARK_OPERATOR entries (300/window) Phase 2b — Admin provision - ProvisionDeveloperCommand/Handler: create user (role=DEVELOPER), pre-validate target projects have no existing owner, batch-assign ownerId - ProvisionParkOperatorCommand/Handler: same for PARK_OPERATOR + IndustrialPark - POST /admin/accounts/developers, POST /admin/accounts/park-operators (admin-only) - DTOs with phone/password/fullName/email + optional {project,park}Ids[] Phase 2c — Project stats for developer dashboard - GetProjectStatsQuery + handler: aggregates linkedListingCount, activeListingCount, totalInquiries, unreadInquiries, savedByUsers via Property → Listing → Inquiry chain - GET /projects/:id/stats — admin sees all, DEVELOPER only their own (403 otherwise) Phase 3 — Frontend - Dashboard layout role-aware: DEVELOPER sees "Dự án của tôi" + CRM + Profile (hides listings/analytics/subscription); PARK_OPERATOR sees "KCN của tôi" equivalent - /projects dashboard page switches to duAnApi.searchMine() when role=DEVELOPER - /industrial-parks page switches to industrialApi.searchMine() when role=PARK_OPERATOR - Admin nav gains "Tài khoản CĐT" + "Tài khoản KCN" entries - New pages /admin/accounts/developers + /admin/accounts/park-operators with checkbox-based multi-select for linking entities - adminApi.provisionDeveloper + provisionParkOperator + types - duAnApi.searchMine + getStats; industrialApi.searchMine - Login demo accounts list includes CĐT Vingroup + KCN VSIP Phase 4 — Seed (prisma/seed-b2b-accounts.ts) - DEVELOPER "CĐT Vingroup" (+84912000001) owns 4 projects - DEVELOPER "CĐT Masterise Homes" (+84912000003) owns 2 projects - PARK_OPERATOR "Vận hành KCN VSIP" (+84912000002) owns 2 seeded KCN - Password Velik@2026 for all Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-20 22:12:16 +07:00
Ho Ngoc Hai	ab26eb4c05	feat(admin): AI settings page — configure Anthropic API key + URL + model ... Foundation for Phase E (AI advisor / AI valuation on listing detail). An admin sets the Anthropic Claude credentials once in the new "/admin/settings/ai" page; downstream features read them via SystemSettingsService. Database -------- - New Prisma model SystemSetting { key @id, value Text, valueType, isSecret, updatedAt, updatedBy }. db:push applied cleanly. Backend ------- - SystemSettingsService — canonical getter/setter for ai.api_url / ai.api_key / ai.model. maskApiKey() returns the last 4 chars prefixed with "sk-ant-...". Exposes unmasked getAiSettings() for server-side consumers (AI advisor handlers). - GET /admin/settings/ai — returns { apiUrl, apiKeyMasked, model, hasApiKey, updatedAt }. Never emits the raw key. - PATCH /admin/settings/ai — body accepts partial { apiUrl, apiKey, model }. apiKey sentinel "__UNCHANGED__" preserves the stored value; empty string clears it; any other value overwrites. - CQRS: get-ai-settings query + update-ai-settings command. Registered in admin.module.ts; service exported via modules/admin/index.ts so Phase E can inject it. Frontend -------- - adminApi.getAiSettings() / updateAiSettings() added to lib/admin-api.ts with shared AiSettings + UpdateAiSettingsPayload types. - New Lucide-only nav entry "Cài đặt AI" (Sparkles) in admin layout. - /admin/settings/ai/page.tsx — Card with API URL input, masked API key input with Eye/EyeOff toggle, "Xoá key" button, model Select (claude-opus-4-5 / sonnet-4-5 / haiku-4-5 + custom input), save button with inline success/error banners, "last updated" timestamp. - i18n keys adminNav.settings + adminNav.aiSettings in vi.json/en.json. Constraints ----------- - No new packages. Runtime imports for NestJS-DI classes preserved. - Key NOT encrypted at rest (MVP); documented in service comment as future hardening. - Page inherits existing admin auth guard via (admin) layout. Verification ------------ - API typecheck clean. - Web typecheck clean in touched files. - API suite: 1975 / 1975 pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-19 16:09:44 +07:00
Ho Ngoc Hai	ad8577e2bd	fix(web): stop flooding console with 401 ApiError during initial load ... Five compounding problems caused hundreds of "Console ApiError: Unauthorized" entries on every load of /dashboard (and friends) while unauthenticated or while the auth cookie was stale: 1. QueryClient had `throwOnError: true` as a blanket default, so every 401 from any react-query hook propagated to the nearest error boundary instead of staying in the query's `error` state. That also invited React to re-render and re-fire the boundary multiple times per failing query. 2. React Query retried all failures 3 times with exponential backoff, so a single 401 became four requests. 401 isn't fixable by retry, so this is just noise. 3. Dashboard layout rendered `<NotificationBell />` unconditionally, which polled /notifications/unread-count on mount even when no user was signed in → 401 on every mount. 4. Dashboard + Admin layouts had no redirect-to-login guard, so protected queries (market-report, heatmap, admin/dashboard, …) all mounted and fired against the API before the user ever saw the login screen. 5. Admin layout waited on `user` but had no way to distinguish "store still initialising" from "user genuinely absent" — so an expired cookie left the page stuck on a spinner while the same 401 storm played out in the background. Fixes - query-client.ts: `throwOnError` and `retry` are now predicates. Only 5xx / network errors bubble to boundaries and are retried; 4xx (auth, validation, not-found) stay in query error state so the component can render an empty/auth placeholder. - auth-store.ts: new `isInitialized` flag set in a finally block at the end of `initialize()`. Downstream guards use it to distinguish "still booting" from "definitely logged out". - (dashboard)/layout.tsx: redirects to /login?next=<path> once initialised and unauthenticated, and renders a lightweight loading screen in the meantime so child queries never mount. - (admin)/layout.tsx: same guard. Non-ADMIN logged-in users still bounce to /dashboard. - notification-bell.tsx: short-circuits `fetchUnreadCount` when `isAuthenticated` is false. Verified in dev: visiting /vi/dashboard unauthenticated now redirects to /login?redirect=/dashboard with zero console errors and no /analytics/… calls to the backend. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-19 09:41:35 +07:00
Ho Ngoc Hai	7195064f12	feat(web): add i18n locale routes and language switcher component ... Add locale-prefixed routes for admin, auth, dashboard, and public pages. Add error, loading, and not-found pages for locale context. Add language switcher UI component for Vietnamese/English toggle. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-09 09:44:18 +07:00