admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
627 Commits 1 Branch 0 Tags
0d03feeffd80c6f93c7b00dd3ce3de4385700152
Commit Graph

252 Commits

Author SHA1 Message Date
Ho Ngoc Hai
0d03feeffd feat: Phase 2 multi-vertical expansion — Spa appointments, Retail POS, Cafe loyalty 
Spa/Beauty (booking-service) — Therapist + Appointment scheduling:
- Therapist aggregate: specialties (text[]), workingHours (jsonb), CRUD
- Appointment: notes field, Pending initial status, MarkNoShow() behavior
- TherapistsController (4 endpoints), 9 FluentValidation validators
- EF config: PostgreSQL native text[] + jsonb column types

Retail POS (catalog + inventory + order) — Barcode, stock, returns:
- Product: barcode/SKU fields, GetProductByBarcodeQuery (lookup endpoint)
- Inventory: bulk stock check, low stock alert threshold (SetReorderLevel)
- Order: return/exchange flow with ProcessReturn(), Returned status (id=8)
- CreateReturnCommand, CreateExchangeCommand (same UnitOfWork)
- 2 domain events: OrderReturnedDomainEvent, OrderExchangedDomainEvent
- 6 new API endpoints across 3 services

Cafe (membership + fnb-engine) — Loyalty stamps + barista queue:
- StampCard aggregate: AddStamp(), ClaimReward(), Reset(), 4 domain events
- Auto-create card on first stamp (friction-free UX)
- StampCardsController (6 endpoints), 4 commands, 2 queries
- BaristaQueueItem: 5-status workflow (Queued→Preparing→Ready→Delivered)
- BaristaController (6 endpoints), 5 commands, 2 queries
- Tenant isolation (shop-level) on both features

ROADMAP: Phase 1 closed out, Phase 2 vertical tasks IN-PROGRESS

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 16:45:43 +07:00
Ho Ngoc Hai
a7a753bf38 feat: EOD reports, security audit (rate limiting + 44 validators), and 30 critical path tests 
EOD Reports & Daily Close (order-service + Blazor UI):
- GetEodReportQuery: Dapper query for revenue, orders, payment breakdown, top items, hourly chart
- CloseDayCommand: check pending orders, generate final report
- EodReport.razor: 6 KPI cards, donut/bar charts, top 10 table, close-day dialog
- FluentValidation for both query and command
- BFF proxy endpoints for reports

Security Audit — Rate Limiting:
- Tighten auth-ratelimit from 100 to 10 req/min (brute force protection)
- Add payment-ratelimit (30/min), api-ratelimit (100/min), hub-ratelimit (500/min)
- Apply rate limits to ALL Traefik routers (previously many had none)

Security Audit — Input Sanitization (44 missing validators created):
- iam-service: 14 validators (auth, user, role commands)
- merchant-service: 11 validators (admin, attendance commands)
- wallet-service: 7 validators (wallet, points commands)
- fnb-engine: 7 validators (session, table, ticket, reservation)
- catalog-service: 6 validators (product, category CRUD)
- storage-service: 6 validators (upload, share, quota)
- order-service: 2 validators (complete order/payment)

Critical Path Unit Tests (30 new tests):
- inventory-service: 12 tests (deduction, partial stock, idempotency)
- wallet-service: 14 tests (create payment, process callback, domain events)
- fnb-engine: 8 tests (kitchen-served event handler, inventory client integration)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 16:33:39 +07:00
Ho Ngoc Hai
653322b26c fix: resolve 12 critical/high issues from code review across backend, frontend, and infra 
Backend (7 fixes):
- wallet-service: remove conflicting EF Ignore() calls for mapped backing fields
- fnb-engine: remove KitchenTicket short constructor that set productId=orderItemId
- fnb-engine: replace fire-and-forget Task.Run with direct await for inventory deduction
- TenantMiddleware: implement PostgreSQL RLS SET LOCAL in 4 services (wallet, fnb, inventory, catalog)
- order-service: fix SQL injection pattern in TenantMiddleware with Guid.ToString("D")
- order-service: add ValidateShopAccess() authorization check in SignalR PosHub
- 4 services: register IDbConnection (NpgsqlConnection) in DI for RLS middleware

Frontend (3 fixes):
- PosDataService: return Success=false (not true) when PayOrder response parsing fails
- QrPayment: add _disposed guard to prevent timer race condition after component disposal
- BFF OrderController: add [Authorize] attribute to require JWT for all endpoints

Infrastructure (3 fixes):
- docker-compose: upgrade PostgreSQL 15-alpine to 16-alpine per project spec
- init-databases.sh: add 4 missing marketing service databases (mkt_*)
- Traefik routes: add wallet, catalog, booking routers and /api/v1/stock path

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 16:22:08 +07:00
Ho Ngoc Hai
1d12a7980b feat: add order lifecycle integration tests (29 tests) and staging K8s deployment manifests 
Testing (P0-7):
- 29 functional tests for order-service API (create/pay/complete/cancel lifecycle)
- CustomWebApplicationFactory with InMemory DB, mocked wallet/SignalR/tenant
- TestAuthHandler for JWT auth in tests
- Full lifecycle tests: cash flow and online payment flow end-to-end

Staging Deployment (P0-8):
- K8s manifests for 8 MVP services + Redis + POS web (namespace, configmap, secrets)
- Traefik Ingress with path-based routing and TLS via cert-manager
- HPA auto-scaling (2-4 replicas, CPU/memory thresholds)
- deploy-staging.sh script with --dry-run and --service flags
- CI/CD: deploy-staging.yml and docker-build.yml with matrix strategy
- Consistent patterns: port 8080, 3 health probes, RollingUpdate

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 13:56:03 +07:00
Ho Ngoc Hai
6061164873 feat: add multi-tenant row-level security across 5 services and 96 FnB engine unit tests 
Security (P0-5):
- Implement ITenantProvider + HttpContextTenantProvider per service (order, fnb, inventory, catalog, wallet)
- Add EF Core global query filters for tenant isolation (shop_id/user_id based)
- Add TenantMiddleware setting PostgreSQL session variables for RLS
- Create PostgreSQL RLS policies script (scripts/db/rls-policies.sql)
- Adapter pattern bridges API-layer to Infrastructure-layer (Clean Architecture)
- Bypass mechanisms for admin roles, service-to-service calls, and migrations

Testing (P1-12):
- Add 96 unit tests for fnb-engine (up from 3)
- 57 domain entity tests: Table(18), KitchenTicket(12), Session(8), Reservation(13), Recipe(6)
- 39 command handler tests: CRUD operations, status transitions, validation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 13:40:34 +07:00
Ho Ngoc Hai
8af86e9e89 feat: implement Phase 1 payment gateway, real-time SignalR, kitchen-inventory deduction, and order payment flow 
- wallet-service: IPaymentGateway abstraction + VN Pay implementation (HMAC-SHA512, sandbox), Payment aggregate root, PaymentsController with create/callback/query endpoints
- order-service: PosHub SignalR hub with Redis backplane + MessagePack, strongly-typed clients, 3 group types (shop/kds/pos), integrated into Create/Pay/Complete/Cancel order handlers
- fnb-engine + inventory-service: Kitchen→Inventory auto-deduction via domain events, HTTP with Polly retry + circuit breaker, idempotency check, graceful degradation on insufficient stock
- order-service: Enhanced PayOrderCommand with 3 flows (cash/card/online), PaymentPending status, WalletServiceClient, CompleteOrderPaymentCommand for gateway callbacks
- POS frontend: Cash/Card/QR payment components wired to real backend, BFF proxy updated
- infra: Traefik routes for fnb-engine, inventory-service, and SignalR WebSocket hub
- ROADMAP.md: Updated with Phase 1 progress tracking

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 13:28:46 +07:00
Ho Ngoc Hai
2e1bb65bd3 feat: implement merchant subscription management and enhanced user account/security features with a new BFF layer. 2026-03-06 12:34:53 +07:00
Ho Ngoc Hai
193b9edd23 feat(staff): Integrate kitchen display system, add new staff roles, and enhance staff profile resolution with improved attendance proxying. 2026-03-06 11:42:41 +07:00
Ho Ngoc Hai
30b3f9a37c feat(staff-portal): implement staff attendance and leave request management with dedicated portal UI and backend services 2026-03-06 04:29:00 +07:00
Ho Ngoc Hai
fd75da34dc feat: enhance inventory management with new item types, stocktake, wastage, and recipe-based deductions 2026-03-05 22:28:45 +07:00
Ho Ngoc Hai
6d5d4108c7 refactor(api, web-client): remove API versioning from services and update client calls, and enhance staff schedule management in the admin UI to support multiple days and shift presets. 2026-03-05 16:40:02 +07:00
Ho Ngoc Hai
3f1ecc8122 feat(booking-service, web-client-tpos): implement staff schedule creation/deletion and enhance staff name display. 2026-03-05 16:19:46 +07:00
Ho Ngoc Hai
81c5be9e37 fix(staff): Vấn đề trạng thái nhân viên "Invited" 2026-03-05 15:56:37 +07:00
Ho Ngoc Hai
91a219d65f feat: implement hourly rates for tables/rooms, add shop publishing, and introduce system health checks. 2026-03-05 12:09:28 +07:00
Ho Ngoc Hai
cd979970e7 feat(fnb, tpos): implement table QR code scanning for customer menu and reservation management 2026-03-05 08:28:32 +07:00
Ho Ngoc Hai
cfcdbd069d feat(pos): implement order payment flow and update order aggregate status handling. 2026-03-05 08:05:19 +07:00
Ho Ngoc Hai
0901e91673 feat(pos): implement table-based ordering, kitchen ticket workflow, and table floor plan management 2026-03-05 07:53:00 +07:00
Ho Ngoc Hai
802c03995a feat(order-processing): execute order item strategies during order creation and add kitchen ticket API with session management. 2026-03-05 06:19:18 +07:00
Ho Ngoc Hai
a4f4c4755e feat(fnb-reservation): implement reservation management with API, infrastructure, and TPOS client UI. 2026-03-05 05:39:02 +07:00
Ho Ngoc Hai
c0301a22e5 feat(pos): Display empty state messages for resource grids and implement shop-specific staff management in POS views. 2026-03-05 05:03:28 +07:00
Ho Ngoc Hai
c86500214b feat: implement category CRUD with image upload, extend staff profile fields, and add membership level/EXP management 2026-03-05 03:03:48 +07:00
Ho Ngoc Hai
4d6c9c6ba3 feat: enhance error handling for staff and member creation, update IAM token lifetime, and refine staff query enumeration. 2026-03-05 02:10:52 +07:00
Ho Ngoc Hai
629fed8a55 commit 2026-03-05 01:39:40 +07:00
Ho Ngoc Hai
df7eec1ec2 feat(web-client-tpos, inventory-service): implement percentage-based campaigns and enrich inventory with product names 2026-03-04 20:22:54 +07:00
Ho Ngoc Hai
051261accd feat: implement recipe management, inventory operations, voucher integration, and order discounts 2026-03-04 20:05:38 +07:00
Ho Ngoc Hai
65f3da53ae refactor(merchant-service): standardize enumeration name resolution in shop queries using a new helper method. 2026-03-04 16:11:55 +07:00
Ho Ngoc Hai
028ef4c1cd feat: implement user-based wallet and transaction retrieval by parsing JWT sub claim and adjust JWT validation parameters across services. 2026-03-04 13:08:08 +07:00
Ho Ngoc Hai
7baba14fad refactor(web-client-tpos, order-service): improve API deserialization, update DTO types for Dapper compatibility, and refine API proxying for staff schedules and order cancellations. 2026-03-04 12:53:43 +07:00
Ho Ngoc Hai
64e7b4e00d refactor: update EF Core backing field mapping and ignore DDD enumeration types 2026-03-04 12:36:19 +07:00
Ho Ngoc Hai
2d74f53f0d refactor: update DTO numeric types, refactor EF Core entity configurations to use HasField, and enable JsonDocument change tracking. 2026-03-04 11:44:43 +07:00
Ho Ngoc Hai
89bd8232a8 feat: Implement Blazor lifecycle improvements, enhance navigation with browser history, and update EF Core entity configurations for backing fields 2026-03-04 11:35:41 +07:00
Ho Ngoc Hai
ce61b4d3db feat(fnb-engine): add shopId and status filters to kitchen tickets 
Add shopId and status query params to GET /api/v1/kitchen/tickets.
Joins through Session to resolve shopId since KitchenTicket only
has SessionId. Backward-compatible: without shopId falls back to
existing pending-by-station behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:37:55 +07:00
Ho Ngoc Hai
4cd172bee5 feat(booking-service): add shop-wide staff schedules endpoint 
Add GET /api/v1/schedules?shopId= to return all staff schedules
for a shop. Existing per-staff endpoint unchanged. BFF needs this
to display all schedules on the admin dashboard.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:36:43 +07:00
Ho Ngoc Hai
9b44e88a6a feat(order-service): add dashboard and reporting endpoints 
- GET /api/v1/orders/dashboard — POS dashboard stats (revenue, orders,
  items sold, popular items, payment breakdown, hourly revenue, recent orders)
- GET /api/v1/reports/revenue — Revenue report grouped by daily/weekly/monthly
- GET /api/v1/reports/top-products — Top selling products by quantity

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:36:09 +07:00
Ho Ngoc Hai
37042b48b7 feat(inventory-service): add shopId filter to transactions endpoint 
BFF needs to query inventory transactions by shopId. The existing
endpoint only supported inventoryItemId. Now accepts either shopId
or inventoryItemId as query parameters.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:35:54 +07:00
Ho Ngoc Hai
617a7caf81 fix(iam-service): resolve 500 error on GET /api/v1/users endpoint 2026-03-03 10:48:13 +07:00
Ho Ngoc Hai
ea59326658 fix(iam-service): add try-catch to role seeding for visible error logging 2026-03-01 06:17:08 +07:00
Ho Ngoc Hai
cb6337cb7c test(merchant-service): add 38 unit tests for Shop aggregate and ShopFeatures 2026-03-01 05:50:58 +07:00
Ho Ngoc Hai
1acc0c399b fix(merchant-service): add vertical-specific categories to ShopFeatures.ForCategory() 2026-03-01 05:39:16 +07:00
Ho Ngoc Hai
36da982386 fix(merchant-service): resolve MapToDetailDto NullRef on shop detail API 
- Add null-safe access for Type, Category, Status, ContactInfo, Branches
- Fixes 500 error when loading shop details in admin UI
 2026-02-28 22:53:38 +07:00
Ho Ngoc Hai
4e91c96c97 feat(multi-vertical): phase 0 — seed data script + fix GetShopsQueryHandler NullRef 
- Add scripts/seed-demo-data.sh: creates user, merchant, 5 shops, 47 products, 15 categories, 18 tables/rooms, 13 booking resources
- Fix NullReferenceException in GetShopsQueryHandler (null-safe Enumeration access)
- Default account: hongochai10@icloud.com / Velik@2026
 2026-02-28 22:32:51 +07:00
Ho Ngoc Hai
fd9173237f feat(merchant-service): add Cafe/Restaurant/Karaoke/Spa business categories 
Add vertical-specific BusinessCategory enum values:
- Cafe (11), Restaurant (12), Karaoke (13), Spa (14)
Update CreateShopCommandHandler to map vertical names to new categories
Update EF Core seed data with new categories
 2026-02-28 08:49:58 +07:00
Ho Ngoc Hai
1caaf5e1e4 fix(web-client-tpos): auto-register merchant before shop creation 2026-02-28 04:00:09 +07:00
Ho Ngoc Hai
57afe213e4 fix(merchant-service): fix EF Core unmapped property errors in repositories 
- Changed repository LINQ queries to use EF.Property<T>() for backing fields
- Expression-bodied properties cannot be auto-mapped by EF Core
- Fixed StatusId comparison in CreateShopCommandHandler (Status nav is null)
- Updated EntityTypeConfiguration comments explaining Ignore pattern
 2026-02-28 03:12:42 +07:00
Ho Ngoc Hai
68a6c4a81e fix(iam-service): add custom ResourceOwnerPasswordValidator for Duende password grant 
- Created ResourceOwnerPasswordValidator using UserManager.CheckPasswordAsync
- Registered with .AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
- Added comments explaining EF.Property pattern for DDD backing fields
 2026-02-28 03:12:31 +07:00
Ho Ngoc Hai
b9e5c4e31e fix(merchant_service): PendingModelChangesWarning 2026-02-28 02:04:03 +07:00
Ho Ngoc Hai
751f90c365 feat: Log EF Core migration errors instead of crashing the application at startup across all services. 2026-02-28 01:03:43 +07:00
Ho Ngoc Hai
be86e48de6 feat: automatically apply EF Core database migrations on service startup across all services 2026-02-28 00:51:35 +07:00
Ho Ngoc Hai
f521cc0a91 chore: Remove the web-client application, add a local database initialization script, and update service Dockerfiles. 2026-02-28 00:41:17 +07:00
Cursor Agent
783d95cbcc fix(ux): auth workflow fixes — customer login, dashboard, auth service, YARP ports
Some checks failed
IAM Service CI / build-and-test (push) Failing after 33s
Details
Mobile Apps CI / dotnet-client-apps (apps/web-client-base-net/src/WebClientBase.Server/WebClientBase.Server.csproj) (push) Failing after 5s
Details
Mobile Apps CI / dotnet-client-apps (apps/web-client-eggymon-landipage-net/src/EggymonLandingPage.Server/EggymonLandingPage.Server.csproj) (push) Failing after 9s
Details
Mobile Apps CI / dotnet-client-apps (apps/web-client-tpos-net/src/WebClientTpos.Server/WebClientTpos.Server.csproj) (push) Failing after 8s
Details
Mobile Apps CI / dotnet-client-app-tests (apps/app-client-base-net/tests/AppClientBase.UnitTests/AppClientBase.UnitTests.csproj) (push) Failing after 7s
Details
Mobile Apps CI / dotnet-client-app-tests (apps/web-client-base-net/tests/WebClientBase.SmokeTests/WebClientBase.SmokeTests.csproj) (push) Failing after 11s
Details
Mobile Apps CI / dotnet-client-app-tests (apps/web-client-eggymon-landipage-net/tests/EggymonLandingPage.SmokeTests/EggymonLandingPage.SmokeTests.csproj) (push) Failing after 9s
Details
Mobile Apps CI / dotnet-client-app-tests (apps/web-client-tpos-net/tests/WebClientTpos.SmokeTests/WebClientTpos.SmokeTests.csproj) (push) Failing after 5s
Details
Mobile Apps CI / maui-project-validation (push) Failing after 3s
Details
Mobile Apps CI / swift-client-app (push) Has been cancelled
Details 
Phase 1 fixes:
- Fixed Customer Login route (/auth/login/customer now renders correctly)
- Fixed YARP proxy ports for all microservices
- Fixed login links across all auth pages (/login → /auth/login)
- Created AuthStateService for role-based portal redirects
- Dashboard loads real shop data from BFF API
- Reverted UseBlazorFrameworkFiles (breaks .NET 10 MapStaticAssets)
- Created Home.razor landing page and LoginSelect.razor (compiled in DLL,
  Blazor client routing needs investigation for / and /auth/login routes)

Verified working:
- Customer Login: phone/OTP with social login
- Staff Login: green theme with role hints
- Admin Login: blue theme with security warning
- Branch Login: orange theme with stats
- Registration: form + API via YARP proxy
- Store Onboarding: 5 types (Café/Nhà hàng/Karaoke/Spa/Bán lẻ)

Co-authored-by: Velik <hongochai10@users.noreply.github.com>
 2026-02-27 08:35:07 +00:00