admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
206 Commits 1 Branch 0 Tags
1fbe2f4e731d9e43608fe48d16fe99642023928f
Commit Graph

11 Commits

Author SHA1 Message Date
Ho Ngoc Hai
1fbe2f4e73 feat: add MFA/TOTP auth, PII encryption, agents/leads/inquiries modules, and comprehensive tests 
- Add TOTP-based MFA with setup, verify, disable, backup codes, and challenge flow
- Add PII field encryption middleware with AES-256-GCM and deterministic search hashes
- Add agents, inquiries, and leads domain modules with entities, events, value objects
- Add web dashboard pages for inquiries and leads with detail dialogs
- Add 30+ component tests (valuation, charts, listings, search, providers, UI)
- Add Prisma migrations for encryption hash columns and MFA TOTP support
- Fix all ESLint errors (unused imports, duplicate imports, lint auto-fixes)
- Update dependencies and lock file
- Clean up obsolete exploration/QA docs, add audit documentation

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-11 23:43:20 +07:00
Ho Ngoc Hai
9e2bf9a4b5 fix: remaining lint auto-fixes and rate-limit guard test fixes 
- Import ordering auto-fixes from `pnpm lint --fix` for remaining API modules
- Fix rate-limit guard test specs: override NODE_ENV to 'development'
  so guards don't skip rate limiting in test mode
- Unused import removal (UnauthorizedException in login-user handler)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-11 23:12:45 +07:00
Ho Ngoc Hai
18e50a9649 fix(api): add error handling to remaining 51 CQRS handlers across 8 modules 
Wraps every handler's execute() method in a try-catch block that:
- Re-throws DomainExceptions to preserve structured error responses
- Logs unexpected infrastructure errors with full context
- Throws InternalServerErrorException with Vietnamese user message

Modules updated:
- auth (11 handlers: register, refresh-token, verify-kyc, deletions, profile queries)
- listings (7 handlers: create, moderate, upload, status, search, queries)
- payments (5 handlers: create, callback, refund, status, transactions)
- subscriptions (7 handlers: create, cancel, upgrade, meter, quota, billing, plans)
- analytics (8 handlers: reports, events, market-index, district, heatmap, trends, valuation)
- search (9 handlers: saved-search CRUD, reindex, sync, geo-search, properties)
- notifications (1 handler: send-notification)
- agents (3 handlers: quality-score, dashboard, public-profile)

Combined with the previous commit (29 handlers in admin, inquiries, leads, reviews),
all 80+ CQRS handlers now have comprehensive error handling.

Verification:
- pnpm typecheck: 0 errors
- pnpm test: 1387 tests passed (228 files)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-11 20:04:42 +07:00
Ho Ngoc Hai
2432a20b45 feat(api): add async error handling to critical module handlers 
Wrap async operations at application layer boundaries with proper
try/catch, LoggerService logging, and domain exceptions:
- UploadMediaHandler: mediaStorage.upload() error boundary
- ExportUserDataHandler: Promise.all() error logging
- ForceDeleteUserHandler: $transaction error logging
- LoginUserHandler: token generation error boundary
- RefreshTokenHandler: token rotation error boundary
- CreatePaymentHandler: payment gateway call error boundary

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-10 18:11:49 +07:00
Ho Ngoc Hai
4c432c7ff9 fix: resolve 21 lint errors from GDPR/logger/caching commits and fix web lint 
- Fix import ordering in auth DTOs, admin module, and test files
- Merge duplicate @modules/shared imports (no-duplicates with prefer-inline)
- Remove unused imports (ForceDeleteUserCommand, Inject)
- Use parameterless catch for unused error bindings
- Switch web lint from `next lint` to `eslint` (flat config compatibility)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-10 18:00:37 +07:00
Ho Ngoc Hai
e03c4699d0 feat(api): implement GDPR-compliant user data deletion 
- Add deletedAt/deletionScheduledAt fields to User model with indexes
- Implement 5 CQRS command handlers:
  - RequestUserDeletion: 30-day soft-delete grace period
  - CancelUserDeletion: restore within grace period
  - ForceDeleteUser: admin immediate deletion with PII anonymization
  - ProcessScheduledDeletions: cron-ready batch processor
  - ExportUserData: GDPR Article 20 data portability
- Cascade strategy: anonymize PII, expire listings, cancel subscriptions,
  delete reviews/inquiries/searches/notifications, preserve payments for audit
- Add UserDataController with DELETE /users/me, POST /users/me/cancel-deletion,
  GET /users/me/export, DELETE /users/:id/force (admin)
- 22 unit tests covering all handlers (160 files, 853 tests passing)
- Migration: 20260410000000_add_user_soft_delete_fields

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-10 05:43:54 +07:00
Ho Ngoc Hai
36e0f49e9e feat(auth): add handler specs and improve auth infrastructure 
Add unit tests for get-profile, get-agent-by-user-id, and verify-kyc handlers.
Improve OAuth service, local strategy, and repository implementations with
proper ConfigService injection and error handling.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-09 09:42:16 +07:00
Ho Ngoc Hai
2502aa69b7 fix: production readiness — resolve build, lint, and code quality issues 
- Fix Next.js build failure: remove duplicate route at (dashboard)/listings/[id]
  that conflicted with (public)/listings/[id] (same URL path in two route groups)
- Fix 772 ESLint errors: auto-fix import ordering (import-x/order), remove unused
  imports/variables, convert empty interfaces to type aliases, replace require()
  with ESM imports, fix consistent-type-imports violations
- Add CLAUDE.md for developer onboarding documentation
- All checks pass: 0 lint errors, typecheck clean, 230 tests passing, build success

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-08 07:15:06 +07:00
Ho Ngoc Hai
e9889539ea fix: eliminate untyped repository returns and standardize DomainException usage across all handlers 
- Create typed DTOs (ListingDetailData, ListingSearchItem, ListingSellerItem) for repository read methods
- Replace all Promise<any> and PaginatedResult<any> with concrete types in repository interface and implementation
- Remove `as any` casts in search params by using Prisma enum types (TransactionType, PropertyType)
- Migrate all 16 handlers from NestJS built-in exceptions to domain exceptions (NotFoundException, ValidationException, etc.)
- Add CONTRIBUTING.md documenting error handling convention
- All 230 tests pass, typecheck clean

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-08 06:25:44 +07:00
Ho Ngoc Hai
2a392525a2 feat(cache): implement Redis caching layer for hot-read endpoints 
Add cache-aside pattern for listing detail, search results, market
analytics (4 endpoints), and user profile queries. Cache invalidation
on all write mutations. Prometheus cache_hit_total/cache_miss_total
metrics with resource labels.

- CacheService: getOrSet, invalidate, invalidateByPrefix (SCAN-based)
- TTLs: listing 5m, search 1m, market 30m, profile 10m
- All 230 tests passing (13 new cache tests + 6 updated handler tests)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-08 04:14:06 +07:00
Ho Ngoc Hai
391c040100 feat(auth): implement Auth module with register, login, JWT, guards, and CQRS 
- Add RefreshToken and OAuthAccount models to Prisma schema
- Implement clean architecture: domain (entities, VOs, events, repo interfaces),
  infrastructure (Prisma repos, Passport strategies, token service),
  application (CQRS command/query handlers), presentation (controller, guards, DTOs)
- Endpoints: POST /auth/register, /auth/login, /auth/refresh, GET /auth/profile,
  GET /auth/profile/agent, PATCH /auth/kyc
- JWT access + refresh token rotation with family-based revocation
- Role-based guards (BUYER, SELLER, AGENT, ADMIN)
- 16 unit tests (value objects, entity) + integration test suite
- All 80 tests passing, clean TypeScript build

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-08 00:24:42 +07:00