admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
655 Commits 1 Branch 0 Tags
b40662fbd8637d2dc7ecfae70132a26823fffe21
Commit Graph

261 Commits

Author SHA1 Message Date
Ho Ngoc Hai
efabe49157 refactor(P2): standardize API responses + fix migrations + cleanup DI 
Wave 3 — 3 parallel agents fixing P2 code quality issues:

Response format standardization (30 controllers across 8 services):
- Wrapped all raw DTO returns with { success: true, data: result }
- Standardized error responses with { success: false, error: { code, message } }
- Services: chat, social, membership, ads-manager, ads-serving,
  ads-billing, ads-tracking, ads-analytics
- booking-service already compliant (skipped)

Migration fixes:
- ads-billing: Fixed InvoiceId1 spurious FK (explicit HasMany navigation)
- Removed unused IRequestManager DI from: ads-analytics, ads-serving,
  booking, mkt-facebook (classes preserved for future use)

Unused dependencies:
- No Redis/Dapper DI registrations found (only NuGet refs, kept as-is)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 20:34:10 +07:00
Ho Ngoc Hai
59b2cecaf2 feat(P1): add 57 validators + 10 missing handlers across 13 services 
Wave 2 — 3 parallel agents fixing P1 issues:

Validators (57 new FluentValidation validators):
- ads-manager: 10 validators for all commands
- ads-billing: 3 validators for all commands
- ads-tracking: 2 validators for missing commands
- ads-analytics: 1 validator for CreateReport
- social: 8 validators for all commands
- mining: 16 validators for all commands
- mission: 4 validators for all commands
- promotion: 13 validators for all commands

Missing handlers (10 implemented):
- promotion: ExchangeVoucher, PurchaseVoucher, SearchVouchers,
  GetCampaignStatistics, GetCampaignVouchers
- mission: GetUserMissionProgress
- mkt-facebook: GetConversations, GetCustomers
- ads-manager: ListAudiences, GetAudienceById

All validators use bilingual messages (EN/VI) and are auto-registered
via MediatR ValidatorBehavior pipeline.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 20:24:06 +07:00
Ho Ngoc Hai
f8606e0447 fix(P0): security hardening + critical bug fixes across 22 services 
Wave 1 — 6 parallel agents fixing P0 issues from code audit:

Auth (18 services secured):
- Added JWT Bearer auth + [Authorize] to all unprotected controllers
- Webhook endpoints (Facebook/WhatsApp/Zalo/X) stay [AllowAnonymous]
- Health checks remain public for Docker/K8s probes
- Services: catalog, order, booking, fnb-engine, inventory, social,
  ads-manager, ads-serving, ads-billing, ads-tracking, ads-analytics,
  mkt-facebook, mkt-whatsapp, mkt-x, mkt-zalo, promotion

Template artifacts (4 services):
- mission-service: myservice_db → mission_service
- mkt-facebook: Dockerfile MyService.API → FacebookService.API
- mkt-whatsapp: MyServiceContext.cs → WhatsAppServiceContext.cs
- promotion: UserSecretsId fixed

Critical handler bugs (7 fixes):
- ads-tracking: TrackPixelEventHandler now persists to DB
- ads-tracking: RecordConversion endpoint exposed via controller
- booking: UpdateResource now applies Name + Capacity changes
- ads-manager: ListPendingAds uses correct enum (pending_review)
- mining: BanMiner calls Ban() not Suspend()
- mining: ResetMinerStreak now actually resets streak
- mkt-x: 8 missing repository DI registrations added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 20:18:09 +07:00
Ho Ngoc Hai
f3779c4ebe docs: add SERVICE_DOCS.md for all 24 microservices from per-service code audit 
Each SERVICE_DOCS.md documents: Overview, API Endpoints, Commands, Queries,
Domain Model, Database Schema, Integration Events, Dependencies, Configuration.
Generated by 23 parallel audit agents reading actual source code.

Key corrections from audit:
- inventory-service: 12 commands/6 queries (was listed as scaffold)
- promotion-service: 12 commands/10 queries (was listed as 0)
- mission-service: 4 commands/7 queries (was listed as 0)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 17:54:53 +07:00
Ho Ngoc Hai
deffb9de4a fix: resolve attendance staffName display and token conflict between staff/admin sessions 
1. Attendance API now joins with MerchantStaff to return staffName instead of showing truncated staffId
2. AuthService uses role-suffixed localStorage keys (aPOS_token_owner, aPOS_token_staff) to prevent
   staff and admin tokens from overwriting each other on the same origin

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 16:38:01 +07:00
Ho Ngoc Hai
8086bc627f fix: resolve HR module bugs — leave approval, staff auth timing, EF Core mapping 
- BFF: extract approver/rejector userId from JWT instead of accepting Guid.Empty from client
- Staff pages (Dashboard, Leave, Attendance): move data loading to OnAfterRenderAsync
  to fix token timing bug where OnInitializedAsync runs before auth session is restored
- EF Core: fix AttendanceRepository to use public properties after HasField() migration
- LeaveRequest: fix DateTime UTC kind for Npgsql 10 compatibility
- merchant-service: add debug seed endpoints for staff/shop test data
- EF configs: migrate to HasField() pattern for private field mapping

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 15:23:35 +07:00
Ho Ngoc Hai
aba5ee1162 fix: resolve inventory display bugs — transaction history & item type mapping 
- Fix DTO field mismatch: QuantityChange→Quantity, Reason→Notes in PosDataService
- Fix ItemType enum mismatch: FinishedProduct→FinishedGood, Supply→Consumable in ShopInventory
- Add ResolveTransactionTypeName fallback in InventoryMapper when Type nav property is null
- Add "In"/"Out" alternative matches for TransactionType in history display

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 13:54:44 +07:00
Ho Ngoc Hai
76b5e6afd0 feat: Phase 2 close-out — multi-branch management, production K8s, revenue dashboard UI, responsive POS 
Backend:
- Multi-branch shop management: SetDefaultShop, TransferShop commands, GetMerchantShops paginated query
- Shop aggregate: IsDefault field, SetAsDefault/ClearDefault/TransferOwnership behavior methods
- 2 new domain events: ShopSetAsDefaultDomainEvent, ShopTransferredDomainEvent

Frontend:
- Revenue Dashboard (MudChart line/donut/bar, 4 KPI cards, top products table)
- Staff Performance (sortable table, color-coded completion rates, CSV export)
- Customer QR Menu page (/menu/{ShopId}, mobile-first, Vietnamese labels)
- QR Code Generator admin page (batch generate, print-all, per-table QR)
- Responsive POS layout (collapsible sidebar, slide-out order drawer, touch-friendly CSS)
- ResponsiveOrderPanel component (desktop inline / tablet drawer / mobile overlay)

Infrastructure:
- Production K8s manifests: 8 services (3 replicas, 512Mi-1Gi, HPA min3/max10), Redis with persistence
- Production ingress: api.goodgo.vn, cert-manager TLS, rate-limit middleware
- Deploy script: pre-flight checks, dry-run, single-service deploy, rollback support
- CI/CD: deploy-production.yml with environment approval, commit SHA tags
- Prometheus full scrape config (11 targets), docker-compose observability stack
- Production deployment checklist (80+ items)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 19:58:40 +07:00
Ho Ngoc Hai
dc1ea7c0d2 feat: Phase 2 W7-8 production readiness — QR menu, analytics, E2E tests, observability 
- Public QR menu: BFF proxy endpoints (no auth), PosDataService public methods
- Revenue analytics + staff performance: Dapper queries, validators, BFF proxy
- Playwright E2E tests: 8 spec files covering auth, admin, 5 POS verticals, reports
- Observability: Grafana dashboard (HTTP metrics, infra, business), Prometheus alert rules
- Fixes: validator frozen-date bug (Must vs LessThanOrEqualTo), PublicMenuController logging + CancellationToken

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 19:51:37 +07:00
Ho Ngoc Hai
0d03feeffd feat: Phase 2 multi-vertical expansion — Spa appointments, Retail POS, Cafe loyalty 
Spa/Beauty (booking-service) — Therapist + Appointment scheduling:
- Therapist aggregate: specialties (text[]), workingHours (jsonb), CRUD
- Appointment: notes field, Pending initial status, MarkNoShow() behavior
- TherapistsController (4 endpoints), 9 FluentValidation validators
- EF config: PostgreSQL native text[] + jsonb column types

Retail POS (catalog + inventory + order) — Barcode, stock, returns:
- Product: barcode/SKU fields, GetProductByBarcodeQuery (lookup endpoint)
- Inventory: bulk stock check, low stock alert threshold (SetReorderLevel)
- Order: return/exchange flow with ProcessReturn(), Returned status (id=8)
- CreateReturnCommand, CreateExchangeCommand (same UnitOfWork)
- 2 domain events: OrderReturnedDomainEvent, OrderExchangedDomainEvent
- 6 new API endpoints across 3 services

Cafe (membership + fnb-engine) — Loyalty stamps + barista queue:
- StampCard aggregate: AddStamp(), ClaimReward(), Reset(), 4 domain events
- Auto-create card on first stamp (friction-free UX)
- StampCardsController (6 endpoints), 4 commands, 2 queries
- BaristaQueueItem: 5-status workflow (Queued→Preparing→Ready→Delivered)
- BaristaController (6 endpoints), 5 commands, 2 queries
- Tenant isolation (shop-level) on both features

ROADMAP: Phase 1 closed out, Phase 2 vertical tasks IN-PROGRESS

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 16:45:43 +07:00
Ho Ngoc Hai
a7a753bf38 feat: EOD reports, security audit (rate limiting + 44 validators), and 30 critical path tests 
EOD Reports & Daily Close (order-service + Blazor UI):
- GetEodReportQuery: Dapper query for revenue, orders, payment breakdown, top items, hourly chart
- CloseDayCommand: check pending orders, generate final report
- EodReport.razor: 6 KPI cards, donut/bar charts, top 10 table, close-day dialog
- FluentValidation for both query and command
- BFF proxy endpoints for reports

Security Audit — Rate Limiting:
- Tighten auth-ratelimit from 100 to 10 req/min (brute force protection)
- Add payment-ratelimit (30/min), api-ratelimit (100/min), hub-ratelimit (500/min)
- Apply rate limits to ALL Traefik routers (previously many had none)

Security Audit — Input Sanitization (44 missing validators created):
- iam-service: 14 validators (auth, user, role commands)
- merchant-service: 11 validators (admin, attendance commands)
- wallet-service: 7 validators (wallet, points commands)
- fnb-engine: 7 validators (session, table, ticket, reservation)
- catalog-service: 6 validators (product, category CRUD)
- storage-service: 6 validators (upload, share, quota)
- order-service: 2 validators (complete order/payment)

Critical Path Unit Tests (30 new tests):
- inventory-service: 12 tests (deduction, partial stock, idempotency)
- wallet-service: 14 tests (create payment, process callback, domain events)
- fnb-engine: 8 tests (kitchen-served event handler, inventory client integration)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 16:33:39 +07:00
Ho Ngoc Hai
653322b26c fix: resolve 12 critical/high issues from code review across backend, frontend, and infra 
Backend (7 fixes):
- wallet-service: remove conflicting EF Ignore() calls for mapped backing fields
- fnb-engine: remove KitchenTicket short constructor that set productId=orderItemId
- fnb-engine: replace fire-and-forget Task.Run with direct await for inventory deduction
- TenantMiddleware: implement PostgreSQL RLS SET LOCAL in 4 services (wallet, fnb, inventory, catalog)
- order-service: fix SQL injection pattern in TenantMiddleware with Guid.ToString("D")
- order-service: add ValidateShopAccess() authorization check in SignalR PosHub
- 4 services: register IDbConnection (NpgsqlConnection) in DI for RLS middleware

Frontend (3 fixes):
- PosDataService: return Success=false (not true) when PayOrder response parsing fails
- QrPayment: add _disposed guard to prevent timer race condition after component disposal
- BFF OrderController: add [Authorize] attribute to require JWT for all endpoints

Infrastructure (3 fixes):
- docker-compose: upgrade PostgreSQL 15-alpine to 16-alpine per project spec
- init-databases.sh: add 4 missing marketing service databases (mkt_*)
- Traefik routes: add wallet, catalog, booking routers and /api/v1/stock path

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 16:22:08 +07:00
Ho Ngoc Hai
1d12a7980b feat: add order lifecycle integration tests (29 tests) and staging K8s deployment manifests 
Testing (P0-7):
- 29 functional tests for order-service API (create/pay/complete/cancel lifecycle)
- CustomWebApplicationFactory with InMemory DB, mocked wallet/SignalR/tenant
- TestAuthHandler for JWT auth in tests
- Full lifecycle tests: cash flow and online payment flow end-to-end

Staging Deployment (P0-8):
- K8s manifests for 8 MVP services + Redis + POS web (namespace, configmap, secrets)
- Traefik Ingress with path-based routing and TLS via cert-manager
- HPA auto-scaling (2-4 replicas, CPU/memory thresholds)
- deploy-staging.sh script with --dry-run and --service flags
- CI/CD: deploy-staging.yml and docker-build.yml with matrix strategy
- Consistent patterns: port 8080, 3 health probes, RollingUpdate

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 13:56:03 +07:00
Ho Ngoc Hai
6061164873 feat: add multi-tenant row-level security across 5 services and 96 FnB engine unit tests 
Security (P0-5):
- Implement ITenantProvider + HttpContextTenantProvider per service (order, fnb, inventory, catalog, wallet)
- Add EF Core global query filters for tenant isolation (shop_id/user_id based)
- Add TenantMiddleware setting PostgreSQL session variables for RLS
- Create PostgreSQL RLS policies script (scripts/db/rls-policies.sql)
- Adapter pattern bridges API-layer to Infrastructure-layer (Clean Architecture)
- Bypass mechanisms for admin roles, service-to-service calls, and migrations

Testing (P1-12):
- Add 96 unit tests for fnb-engine (up from 3)
- 57 domain entity tests: Table(18), KitchenTicket(12), Session(8), Reservation(13), Recipe(6)
- 39 command handler tests: CRUD operations, status transitions, validation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 13:40:34 +07:00
Ho Ngoc Hai
8af86e9e89 feat: implement Phase 1 payment gateway, real-time SignalR, kitchen-inventory deduction, and order payment flow 
- wallet-service: IPaymentGateway abstraction + VN Pay implementation (HMAC-SHA512, sandbox), Payment aggregate root, PaymentsController with create/callback/query endpoints
- order-service: PosHub SignalR hub with Redis backplane + MessagePack, strongly-typed clients, 3 group types (shop/kds/pos), integrated into Create/Pay/Complete/Cancel order handlers
- fnb-engine + inventory-service: Kitchen→Inventory auto-deduction via domain events, HTTP with Polly retry + circuit breaker, idempotency check, graceful degradation on insufficient stock
- order-service: Enhanced PayOrderCommand with 3 flows (cash/card/online), PaymentPending status, WalletServiceClient, CompleteOrderPaymentCommand for gateway callbacks
- POS frontend: Cash/Card/QR payment components wired to real backend, BFF proxy updated
- infra: Traefik routes for fnb-engine, inventory-service, and SignalR WebSocket hub
- ROADMAP.md: Updated with Phase 1 progress tracking

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 13:28:46 +07:00
Ho Ngoc Hai
2e1bb65bd3 feat: implement merchant subscription management and enhanced user account/security features with a new BFF layer. 2026-03-06 12:34:53 +07:00
Ho Ngoc Hai
193b9edd23 feat(staff): Integrate kitchen display system, add new staff roles, and enhance staff profile resolution with improved attendance proxying. 2026-03-06 11:42:41 +07:00
Ho Ngoc Hai
30b3f9a37c feat(staff-portal): implement staff attendance and leave request management with dedicated portal UI and backend services 2026-03-06 04:29:00 +07:00
Ho Ngoc Hai
fd75da34dc feat: enhance inventory management with new item types, stocktake, wastage, and recipe-based deductions 2026-03-05 22:28:45 +07:00
Ho Ngoc Hai
6d5d4108c7 refactor(api, web-client): remove API versioning from services and update client calls, and enhance staff schedule management in the admin UI to support multiple days and shift presets. 2026-03-05 16:40:02 +07:00
Ho Ngoc Hai
3f1ecc8122 feat(booking-service, web-client-tpos): implement staff schedule creation/deletion and enhance staff name display. 2026-03-05 16:19:46 +07:00
Ho Ngoc Hai
81c5be9e37 fix(staff): Vấn đề trạng thái nhân viên "Invited" 2026-03-05 15:56:37 +07:00
Ho Ngoc Hai
91a219d65f feat: implement hourly rates for tables/rooms, add shop publishing, and introduce system health checks. 2026-03-05 12:09:28 +07:00
Ho Ngoc Hai
cd979970e7 feat(fnb, tpos): implement table QR code scanning for customer menu and reservation management 2026-03-05 08:28:32 +07:00
Ho Ngoc Hai
cfcdbd069d feat(pos): implement order payment flow and update order aggregate status handling. 2026-03-05 08:05:19 +07:00
Ho Ngoc Hai
0901e91673 feat(pos): implement table-based ordering, kitchen ticket workflow, and table floor plan management 2026-03-05 07:53:00 +07:00
Ho Ngoc Hai
802c03995a feat(order-processing): execute order item strategies during order creation and add kitchen ticket API with session management. 2026-03-05 06:19:18 +07:00
Ho Ngoc Hai
a4f4c4755e feat(fnb-reservation): implement reservation management with API, infrastructure, and TPOS client UI. 2026-03-05 05:39:02 +07:00
Ho Ngoc Hai
c0301a22e5 feat(pos): Display empty state messages for resource grids and implement shop-specific staff management in POS views. 2026-03-05 05:03:28 +07:00
Ho Ngoc Hai
c86500214b feat: implement category CRUD with image upload, extend staff profile fields, and add membership level/EXP management 2026-03-05 03:03:48 +07:00
Ho Ngoc Hai
4d6c9c6ba3 feat: enhance error handling for staff and member creation, update IAM token lifetime, and refine staff query enumeration. 2026-03-05 02:10:52 +07:00
Ho Ngoc Hai
629fed8a55 commit 2026-03-05 01:39:40 +07:00
Ho Ngoc Hai
df7eec1ec2 feat(web-client-tpos, inventory-service): implement percentage-based campaigns and enrich inventory with product names 2026-03-04 20:22:54 +07:00
Ho Ngoc Hai
051261accd feat: implement recipe management, inventory operations, voucher integration, and order discounts 2026-03-04 20:05:38 +07:00
Ho Ngoc Hai
65f3da53ae refactor(merchant-service): standardize enumeration name resolution in shop queries using a new helper method. 2026-03-04 16:11:55 +07:00
Ho Ngoc Hai
028ef4c1cd feat: implement user-based wallet and transaction retrieval by parsing JWT sub claim and adjust JWT validation parameters across services. 2026-03-04 13:08:08 +07:00
Ho Ngoc Hai
7baba14fad refactor(web-client-tpos, order-service): improve API deserialization, update DTO types for Dapper compatibility, and refine API proxying for staff schedules and order cancellations. 2026-03-04 12:53:43 +07:00
Ho Ngoc Hai
64e7b4e00d refactor: update EF Core backing field mapping and ignore DDD enumeration types 2026-03-04 12:36:19 +07:00
Ho Ngoc Hai
2d74f53f0d refactor: update DTO numeric types, refactor EF Core entity configurations to use HasField, and enable JsonDocument change tracking. 2026-03-04 11:44:43 +07:00
Ho Ngoc Hai
89bd8232a8 feat: Implement Blazor lifecycle improvements, enhance navigation with browser history, and update EF Core entity configurations for backing fields 2026-03-04 11:35:41 +07:00
Ho Ngoc Hai
ce61b4d3db feat(fnb-engine): add shopId and status filters to kitchen tickets 
Add shopId and status query params to GET /api/v1/kitchen/tickets.
Joins through Session to resolve shopId since KitchenTicket only
has SessionId. Backward-compatible: without shopId falls back to
existing pending-by-station behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:37:55 +07:00
Ho Ngoc Hai
4cd172bee5 feat(booking-service): add shop-wide staff schedules endpoint 
Add GET /api/v1/schedules?shopId= to return all staff schedules
for a shop. Existing per-staff endpoint unchanged. BFF needs this
to display all schedules on the admin dashboard.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:36:43 +07:00
Ho Ngoc Hai
9b44e88a6a feat(order-service): add dashboard and reporting endpoints 
- GET /api/v1/orders/dashboard — POS dashboard stats (revenue, orders,
  items sold, popular items, payment breakdown, hourly revenue, recent orders)
- GET /api/v1/reports/revenue — Revenue report grouped by daily/weekly/monthly
- GET /api/v1/reports/top-products — Top selling products by quantity

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:36:09 +07:00
Ho Ngoc Hai
37042b48b7 feat(inventory-service): add shopId filter to transactions endpoint 
BFF needs to query inventory transactions by shopId. The existing
endpoint only supported inventoryItemId. Now accepts either shopId
or inventoryItemId as query parameters.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 10:35:54 +07:00
Ho Ngoc Hai
617a7caf81 fix(iam-service): resolve 500 error on GET /api/v1/users endpoint 2026-03-03 10:48:13 +07:00
Ho Ngoc Hai
ea59326658 fix(iam-service): add try-catch to role seeding for visible error logging 2026-03-01 06:17:08 +07:00
Ho Ngoc Hai
cb6337cb7c test(merchant-service): add 38 unit tests for Shop aggregate and ShopFeatures 2026-03-01 05:50:58 +07:00
Ho Ngoc Hai
1acc0c399b fix(merchant-service): add vertical-specific categories to ShopFeatures.ForCategory() 2026-03-01 05:39:16 +07:00
Ho Ngoc Hai
36da982386 fix(merchant-service): resolve MapToDetailDto NullRef on shop detail API 
- Add null-safe access for Type, Category, Status, ContactInfo, Branches
- Fixes 500 error when loading shop details in admin UI
 2026-02-28 22:53:38 +07:00
Ho Ngoc Hai
4e91c96c97 feat(multi-vertical): phase 0 — seed data script + fix GetShopsQueryHandler NullRef 
- Add scripts/seed-demo-data.sh: creates user, merchant, 5 shops, 47 products, 15 categories, 18 tables/rooms, 13 booking resources
- Fix NullReferenceException in GetShopsQueryHandler (null-safe Enumeration access)
- Default account: hongochai10@icloud.com / Velik@2026
 2026-02-28 22:32:51 +07:00