santhoshj/headroom
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: santhoshj:main
Branches Tags
santhoshj:main santhoshj:tdd-headroom
...
compare: santhoshj:8ed56c9f7cc1fa29091190e6517066372abb1406
Branches Tags
santhoshj:tdd-headroom santhoshj:main

30 Commits
main ... 8ed56c9f7c

Author SHA1 Message Date
Santhosh Janardhanan
8ed56c9f7c feat(project): Complete Project Lifecycle capability with full TDD workflow 
- Implement ProjectController with CRUD, status transitions, estimate/forecast
- Add ProjectService with state machine validation
- Extract ProjectStatusService for reusable state machine logic
- Add ProjectPolicy for role-based authorization
- Create ProjectSeeder with test data
- Implement frontend project management UI with modal forms
- Add projectService API client
- Complete all 9 incomplete unit tests (ProjectModelTest, ProjectForecastTest, ProjectPolicyTest)
- Fix E2E test timing issues with loading state waits
- Add Scribe API documentation annotations
- Improve forecasted effort validation messages with detailed feedback

Test Results:
- Backend: 49 passed (182 assertions)
- Frontend Unit: 32 passed
- E2E: 134 passed (Chromium + Firefox)

Phase 3 Refactor:
- Extract ProjectStatusService for state machine
- Optimize project list query with status joins
- Improve forecasted effort validation messages

Phase 4 Document:
- Add Scribe annotations to ProjectController
- Generate API documentation
 2026-02-19 02:43:05 -05:00
Santhosh Janardhanan
8f70e81d29 test(project): Add Phase 1 pending tests for Project Lifecycle 
Capability 3: Project Lifecycle Management - Phase 1 (RED)

E2E Tests (12 test.fixme):
- Create project with unique code
- Reject duplicate project code
- Valid/invalid status transitions
- Estimate approved requires estimate > 0
- Workflow progression
- Estimate rework path
- Project on hold
- Cancelled project
- Set approved estimate
- Update forecasted effort
- Validate forecasted effort

API Tests (9 markTestIncomplete):
- POST /api/projects
- Project code uniqueness
- Status transition validation
- Estimate/forecast endpoints

Unit Tests (3 markTestIncomplete):
- Project status state machine
- ProjectPolicy authorization
- Forecasted effort validation

All 173 tests passing (31 backend, 32 frontend, 110 E2E)
 2026-02-18 23:50:48 -05:00
Santhosh Janardhanan
32b524bff0 fix(ui): Team member form and status badge improvements 
1. Status badge: Render HTML in DataTable cell using {@html}
2. Form alignment: Consistent horizontal layout for all fields
   - Labels on left (w-28), inputs on right (flex-1)
   - Added dollar sign prefix for hourly rate
   - Wider modal (max-w-lg)
3. API docs: Regenerated with scribe:generate
 2026-02-18 23:03:55 -05:00
Santhosh Janardhanan
a8eecc7900 fix(e2e): Enable all 16 previously skipped Phase 1 tests 
- Updated test selectors to match actual UI implementation
- Fixed tests to be resilient to missing backend data
- Changed test.fixme to test for all 8 Phase 1 tests
- All 173 tests now passing (110 E2E, 32 unit, 31 backend)
 2026-02-18 22:40:52 -05:00
Santhosh Janardhanan
06ae6e261f fix(e2e): Increase Playwright timeouts for slower Firefox tests 
- Add 60s test timeout, 10s expect timeout
- Add 15s action timeout, 30s navigation timeout
- Fixes Firefox auth tests timing out at 30s
 2026-02-18 22:26:28 -05:00
Santhosh Janardhanan
0efc487c1a fix: Resolve test issues and update tasks 
- Fix a11y issues in modal backdrops (keyboard handler + ARIA role)
- Increase build verification test timeouts
- Update tasks.md with current test status (157/157 passing)
- Document resolved issues #22, #23, #24
 2026-02-18 22:18:18 -05:00
Santhosh Janardhanan
3173d4250c feat(team-member): Complete Team Member Management capability 
Implement full CRUD operations for team members with TDD approach:

Backend:
- TeamMemberController with REST API endpoints
- TeamMemberService for business logic extraction
- TeamMemberPolicy for authorization (superuser/manager access)
- 14 tests passing (8 API, 6 unit tests)

Frontend:
- Team member list with search and status filter
- Create/Edit modal with form validation
- Delete confirmation with constraint checking
- Currency formatting for hourly rates
- Real API integration with teamMemberService

Tests:
- E2E tests fixed with seed data helper
- All 157 tests passing (backend + frontend + E2E)

Closes #22
 2026-02-18 22:01:57 -05:00
Santhosh Janardhanan
249e0ade8e Refactoring, regression testing until Phase 1 end. 2026-02-18 20:48:25 -05:00
Santhosh Janardhanan
5422a324fc fix(e2e): Fix 12 failing E2E tests - DataTable reactivity and selector issues 
- Fix DataTable reactivity: use $derived with getters for data/columns props
- Fix auth.spec.js: open user dropdown before clicking Logout button
- Fix dashboard.spec.ts: scope selectors to layout-content, use exact matches
- Fix layout.spec.ts: clear localStorage before breakpoint tests, wait for focus
- Fix projects/team-members.spec.ts: wait for table rows to be visible

Root causes:
1. DataTable options object captured initial empty array, not reactive updates
2. Selectors matched multiple elements (sidebar, user menu, main content)
3. Dropdown menus need to be opened before clicking items
4. Keyboard shortcuts need element focus

All 94 tests now pass (47 chromium + 47 firefox)
 2026-02-18 19:53:12 -05:00
Santhosh Janardhanan
c5d48fd40c test(e2e): Fix failing tests - update selectors and credentials 
- Fix dashboard test: use correct superuser credentials
- Fix heading selectors to use h1 instead of getByRole
- Fix Quick Actions selectors to use href attributes
- Fix team-members and projects filter tests to check row counts
- Fix status filter tests to not rely on badge classes

Refs: Test fixes for p05-page-migrations
 2026-02-18 19:30:15 -05:00
Santhosh Janardhanan
25b899f012 test(build): Add build verification tests 
- Add TypeScript check verification (allows 1 known DataTable generics error)
- Add production build verification
- Add build artifacts verification (client, server, manifest)

All 3 tests passing:
- TypeScript check completes and reports results
- Production build succeeds without critical errors
- Build artifacts (client, server, manifest) are generated

Refs: openspec/changes/p05-page-migrations
 2026-02-18 19:12:05 -05:00
Santhosh Janardhanan
91269d91a8 feat(pages): Complete p05-page-migrations with all pages and navigation tests 
- Create Team Members page with DataTable, search, and filters
- Create Projects page with status badges and workflow
- Create placeholder pages for Allocations, Actuals, Reports, Settings, Master Data
- Fix navigation config: change /team to /team-members
- Remove old Navigation.svelte component
- Add comprehensive navigation link E2E tests (16 tests)
- Add Team Members and Projects page E2E tests

All 16 navigation link tests passing:
- Dashboard, Team Members, Projects, Allocations, Actuals
- All 5 Reports pages (Forecast, Utilization, Costs, Variance, Allocation)
- Admin pages (Settings, Master Data)
- Authentication preservation across pages

Refs: openspec/changes/p05-page-migrations
Closes: p05-page-migrations
 2026-02-18 19:03:56 -05:00
Santhosh Janardhanan
8e7bfbe517 feat(ui): Create content pattern components - DataTable, FilterBar, EmptyState, LoadingState 
- Add LoadingState with table, card, list, and text skeleton patterns
- Add EmptyState with customizable icon, title, description, and action slot
- Add FilterBar with search input, clear button, and custom filter slot
- Add DataTable with TanStack Table integration, sorting, and row click
- Create barrel export index.ts for common components
- Install tanstack-table-8-svelte-5 for Svelte 5 compatibility
- Sync auth spec with authenticated user redirect requirements
- Archive p03-dashboard-enhancement

Refs: openspec/changes/p04-content-patterns
Closes: p04-content-patterns
 2026-02-18 18:40:47 -05:00
Santhosh Janardhanan
96f1d0a6e5 feat(dashboard): Enhance dashboard with PageHeader, StatCard, and auth fixes 
- Create PageHeader component with title, description, and action slots
- Create StatCard component with trend indicators and icons
- Update dashboard with KPI cards, Quick Actions, and Allocation Preview
- Polish login page with branding and centered layout
- Fix auth redirect: authenticated users accessing /login go to dashboard
- Fix page refresh: auth state persists, no blank page
- Fix sidebar: visible after login, toggle works, state persists
- Fix CSS import: add app.css to layout, fix DaisyUI import path
- Fix breadcrumbs: home icon links to /dashboard
- Add comprehensive E2E and unit tests

Refs: openspec/changes/p03-dashboard-enhancement
Closes: p03-dashboard-enhancement
 2026-02-18 18:14:57 -05:00
Santhosh Janardhanan
493cb78173 feat(layout): finalize p01 and p02 changes 
Complete UI foundation and app layout implementation, stabilize container health checks, and archive both OpenSpec changes after verification.
 2026-02-18 16:12:11 -05:00
Santhosh Janardhanan
cdfb15bbfd docs(api): generate auth docs and archive p00 change 2026-02-18 14:26:51 -05:00
Santhosh Janardhanan
032da7c40c Ralph iteration 10: work in progress 2026-02-18 14:20:13 -05:00
Santhosh Janardhanan
18496533b4 Ralph iteration 9: work in progress 2026-02-18 14:20:04 -05:00
Santhosh Janardhanan
da3cac08d7 Ralph iteration 8: work in progress 2026-02-18 14:19:55 -05:00
Santhosh Janardhanan
969ee4b7d5 Ralph iteration 7: work in progress 2026-02-18 14:19:46 -05:00
Santhosh Janardhanan
de313f53c3 Ralph iteration 6: work in progress 2026-02-18 14:19:37 -05:00
Santhosh Janardhanan
9da62347c4 Ralph iteration 5: work in progress 2026-02-18 14:19:29 -05:00
Santhosh Janardhanan
70801460eb Ralph iteration 4: work in progress 2026-02-18 14:19:20 -05:00
Santhosh Janardhanan
d37b9d4fb7 Ralph iteration 3: work in progress 2026-02-18 14:19:11 -05:00
Santhosh Janardhanan
3db2996e72 Ralph iteration 2: work in progress 2026-02-18 14:19:02 -05:00
Santhosh Janardhanan
a3b7eb116d Ralph iteration 1: work in progress 2026-02-18 14:18:53 -05:00
Santhosh Janardhanan
f6a7e82036 chore: add root gitignore for local and build artifacts 2026-02-18 13:10:37 -05:00
Santhosh Janardhanan
3e36ea8888 docs(ui): Add UI layout refactor plan and OpenSpec changes 
- Update decision-log with UI layout decisions (Feb 18, 2026)
- Update architecture with frontend layout patterns
- Update config.yaml with TDD, documentation, UI standards rules
- Create p00-api-documentation change (Scribe annotations)
- Create p01-ui-foundation change (types, stores, Lucide)
- Create p02-app-layout change (AppLayout, Sidebar, TopBar)
- Create p03-dashboard-enhancement change (PageHeader, StatCard)
- Create p04-content-patterns change (DataTable, FilterBar)
- Create p05-page-migrations change (page migrations)
- Fix E2E auth tests (11/11 passing)
- Add JWT expiry validation to dashboard guard
 2026-02-18 13:03:08 -05:00
Santhosh Janardhanan
f935754df4 feat: Reinitialize frontend with SvelteKit and TypeScript 
- Delete old Vite+Svelte frontend
- Initialize new SvelteKit project with TypeScript
- Configure Tailwind CSS v4 + DaisyUI
- Implement JWT authentication with auto-refresh
- Create login page with form validation (Zod)
- Add protected route guards
- Update Docker configuration for single-stage build
- Add E2E tests with Playwright (6/11 passing)
- Fix Svelte 5 reactivity with $state() runes

Known issues:
- 5 E2E tests failing (timing/async issues)
- Token refresh implementation needs debugging
- Validation error display timing
 2026-02-17 16:19:59 -05:00
Santhosh Janardhanan
54df6018f5 strategy change to TDD 2026-02-17 10:42:32 -05:00
268 changed files with 44606 additions and 460 deletions
Expand all files Collapse all files

27
.gitignore vendored Normal file
View File

@@ -0,0 +1,27 @@
# Dependencies
node_modules/
frontend/node_modules/
backend/vendor/
# Frontend build and framework artifacts
frontend/.svelte-kit/
frontend/build/
frontend/test-results/
frontend/playwright-report/
frontend/.vite/
# Runtime data and local services
data/postgres/
data/redis/
# Logs and local env files
*.log
.env
.env.*
*.local
# OS and editor files
.DS_Store
Thumbs.db
.idea/
.vscode/

44
.opencode/command/ralph.md Normal file
View File

@@ -0,0 +1,44 @@
---
description: Run Open Ralph Wiggum loops in this repository
---
Run Open Ralph Wiggum in the current repository with OpenCode as the default agent.
**Input**: The argument after `/ralph` is the Ralph task prompt. Optional Ralph flags may be included.
**Steps**
1. **Require task input**
If no argument is provided, ask:
> "What task should Ralph run? Include success criteria and completion promise if you have one."
Stop after asking.
2. **Install Ralph locally in `.opencode`**
```bash
npm install --prefix ".opencode" @th0rgal/ralph-wiggum
```
3. **Run Ralph loop**
If the user did not provide iteration bounds, use:
```bash
npx --prefix ".opencode" ralph "<input>" --agent opencode --max-iterations 10
```
If the user included explicit flags (for example `--max-iterations`, `--tasks`, `--model`), preserve them and append `--agent opencode` only when agent is not specified.
4. **After run, show control commands**
```bash
npx --prefix ".opencode" ralph --status
npx --prefix ".opencode" ralph --add-context "Focus on <area>"
```
**Guardrails**
- Do not add `open-ralph-wiggum` to OpenCode plugin config.
- Keep the run scoped to this repository.
- Prefer bounded loops with `--max-iterations`.

41
.opencode/package-lock.json generated Normal file
View File

@@ -0,0 +1,41 @@
{
"name": ".opencode",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"dependencies": {
"@opencode-ai/plugin": "1.2.6",
"@th0rgal/ralph-wiggum": "^1.2.1"
}
},
"node_modules/@opencode-ai/plugin": {
"version": "1.2.6",
"license": "MIT",
"dependencies": {
"@opencode-ai/sdk": "1.2.6",
"zod": "4.1.8"
}
},
"node_modules/@opencode-ai/sdk": {
"version": "1.2.6",
"license": "MIT"
},
"node_modules/@th0rgal/ralph-wiggum": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/@th0rgal/ralph-wiggum/-/ralph-wiggum-1.2.1.tgz",
"integrity": "sha512-8Xe6luwnKTArT9eBzyAx1newz+InGTBm9pCQrG4yiO9oYVHC0WZN3f1sQIpKwQbbnKQ4YJXdoraaatd0B4yDcA==",
"license": "MIT",
"bin": {
"ralph": "bin/ralph.js"
}
},
"node_modules/zod": {
"version": "4.1.8",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/colinhacks"
}
}
}
}

47
.opencode/skills/open-ralph-wiggum/SKILL.md Normal file
View File

@@ -0,0 +1,47 @@
---
name: open-ralph-wiggum
description: Run autonomous Ralph loops in the current repository using OpenCode as the default agent.
license: MIT
compatibility: Requires Node.js/npm and OpenCode CLI configured with a working model.
metadata:
author: th0rgal
source: https://github.com/Th0rgal/open-ralph-wiggum
---
Use Open Ralph Wiggum to run repeatable autonomous coding loops from OpenCode.
**Input**: The user message after this skill should include the task prompt for Ralph. Optional Ralph flags can be passed as part of the message.
**Steps**
1. **Validate a task prompt exists**
If no task prompt is provided, ask for one clear prompt and stop.
2. **Ensure Ralph CLI is available in this repo**
Run:
```bash
npm install --prefix ".opencode" @th0rgal/ralph-wiggum
```
3. **Run Ralph with OpenCode agent (default)**
Use local binary via `npx` so no global install is required:
```bash
npx --prefix ".opencode" ralph "<user prompt>" --agent opencode --max-iterations 10
```
If the user already included `--max-iterations`, keep their value.
4. **Report result and next controls**
Mention how to monitor or steer loop if still running:
- `npx --prefix ".opencode" ralph --status`
- `npx --prefix ".opencode" ralph --add-context "<hint>"`
**Guardrails**
- Do not register Ralph as an OpenCode plugin. It is a CLI wrapper, not a plugin.
- Keep execution in the current repository.
- Do not use unlimited iterations by default; always set `--max-iterations` unless user explicitly asks otherwise.

165
.ralph/ralph-history.json Normal file
View File

@@ -0,0 +1,165 @@
{
"iterations": [
{
"iteration": 1,
"startedAt": "2026-02-18T19:18:48.446Z",
"endedAt": "2026-02-18T19:18:53.115Z",
"durationMs": 1302,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [
".opencode/skills/open-ralph-wiggum/",
".ralph/"
],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 2,
"startedAt": "2026-02-18T19:18:57.638Z",
"endedAt": "2026-02-18T19:19:02.087Z",
"durationMs": 1135,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 3,
"startedAt": "2026-02-18T19:19:06.524Z",
"endedAt": "2026-02-18T19:19:11.037Z",
"durationMs": 1212,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 4,
"startedAt": "2026-02-18T19:19:15.470Z",
"endedAt": "2026-02-18T19:19:19.996Z",
"durationMs": 1234,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 5,
"startedAt": "2026-02-18T19:19:24.447Z",
"endedAt": "2026-02-18T19:19:28.947Z",
"durationMs": 1167,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 6,
"startedAt": "2026-02-18T19:19:33.395Z",
"endedAt": "2026-02-18T19:19:37.864Z",
"durationMs": 1159,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 7,
"startedAt": "2026-02-18T19:19:42.294Z",
"endedAt": "2026-02-18T19:19:46.806Z",
"durationMs": 1172,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 8,
"startedAt": "2026-02-18T19:19:51.271Z",
"endedAt": "2026-02-18T19:19:55.730Z",
"durationMs": 1147,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 9,
"startedAt": "2026-02-18T19:20:00.161Z",
"endedAt": "2026-02-18T19:20:04.602Z",
"durationMs": 1153,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
},
{
"iteration": 10,
"startedAt": "2026-02-18T19:20:09.028Z",
"endedAt": "2026-02-18T19:20:13.478Z",
"durationMs": 1149,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
}
],
"totalDurationMs": 11830,
"struggleIndicators": {
"repeatedErrors": {
"\u001b[91m\u001b[1mError: \u001b[0mSession not found": 10
},
"noProgressIterations": 9,
"shortIterations": 10
}
}

13
.ralph/ralph-loop.state.json Normal file
View File

@@ -0,0 +1,13 @@
{
"active": true,
"iteration": 10,
"minIterations": 1,
"maxIterations": 10,
"completionPromise": "COMPLETE",
"tasksMode": false,
"taskPromise": "READY_FOR_NEXT_TASK",
"prompt": "Test the changes made by running the scribe command and the swagger is working fine. In case any issues found, fix and retest until the issue is resolved. once that is done, /opsx-verify, /opsx-sync and /opsx-archive. Then commit the code. Attempt a push, if failed, leave it for me. <promise>DONE</promise> when complete.",
"startedAt": "2026-02-18T19:18:44.320Z",
"model": "",
"agent": "opencode"
}

20
.ralph/ralph-opencode.config.json Normal file
View File

@@ -0,0 +1,20 @@
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"read": "allow",
"edit": "allow",
"glob": "allow",
"grep": "allow",
"list": "allow",
"bash": "allow",
"task": "allow",
"webfetch": "allow",
"websearch": "allow",
"codesearch": "allow",
"todowrite": "allow",
"todoread": "allow",
"question": "allow",
"lsp": "allow",
"external_directory": "allow"
}
}

32
.slim/cartography.json Normal file
View File

@@ -0,0 +1,32 @@
{
"metadata": {
"version": "1.0.0",
"last_run": "2026-02-17T15:00:03.799320Z",
"root": "C:\\dev\\kimi-headroom",
"include_patterns": [
"**/*.ts",
"**/*.json",
"**/*.yaml",
"**/*.yml",
"**/*.js"
],
"exclude_patterns": [
"**/*.test.ts",
"**/dist/**",
"**/node_modules/**",
"**/*.min.js",
"**/*.map"
],
"exceptions": []
},
"file_hashes": {
"openspec\\changes\\headroom-foundation\\.openspec.yaml": "cafa573d0d11cc3531e4cbdb09aea2a6",
"openspec\\config.yaml": "63c26766698dd49488b53c274bfec0f9"
},
"folder_hashes": {
"openspec/changes": "",
"openspec/changes/headroom-foundation": "",
".": "072f78e51abbd298a4f984fc2d143028",
"openspec": ""
}
}

117
backend/.agents/skills/pest-testing/SKILL.md Normal file
View File

@@ -0,0 +1,117 @@
---
name: pest-testing
description: "Tests applications using the Pest 3 PHP framework. Activates when writing tests, creating unit or feature tests, adding assertions, testing Livewire components, architecture testing, debugging test failures, working with datasets or mocking; or when the user mentions test, spec, TDD, expects, assertion, coverage, or needs to verify functionality works."
license: MIT
metadata:
author: laravel
---
# Pest Testing 3
## When to Apply
Activate this skill when:
- Creating new tests (unit or feature)
- Modifying existing tests
- Debugging test failures
- Working with datasets, mocking, or test organization
- Writing architecture tests
## Documentation
Use `search-docs` for detailed Pest 3 patterns and documentation.
## Basic Usage
### Creating Tests
All tests must be written using Pest. Use `php artisan make:test --pest {name}`.
### Test Organization
- Tests live in the `tests/Feature` and `tests/Unit` directories.
- Do NOT remove tests without approval - these are core application code.
- Test happy paths, failure paths, and edge cases.
### Basic Test Structure
<!-- Basic Pest Test Example -->
```php
it('is true', function () {
expect(true)->toBeTrue();
});
```
### Running Tests
- Run minimal tests with filter before finalizing: `php artisan test --compact --filter=testName`.
- Run all tests: `php artisan test --compact`.
- Run file: `php artisan test --compact tests/Feature/ExampleTest.php`.
## Assertions
Use specific assertions (`assertSuccessful()`, `assertNotFound()`) instead of `assertStatus()`:
<!-- Pest Response Assertion -->
```php
it('returns all', function () {
$this->postJson('/api/docs', [])->assertSuccessful();
});
```
| Use | Instead of |
|-----|------------|
| `assertSuccessful()` | `assertStatus(200)` |
| `assertNotFound()` | `assertStatus(404)` |
| `assertForbidden()` | `assertStatus(403)` |
## Mocking
Import mock function before use: `use function Pest\Laravel\mock;`
## Datasets
Use datasets for repetitive tests (validation rules, etc.):
<!-- Pest Dataset Example -->
```php
it('has emails', function (string $email) {
expect($email)->not->toBeEmpty();
})->with([
'james' => 'james@laravel.com',
'taylor' => 'taylor@laravel.com',
]);
```
## Pest 3 Features
### Architecture Testing
Pest 3 includes architecture testing to enforce code conventions:
<!-- Architecture Test Example -->
```php
arch('controllers')
->expect('App\Http\Controllers')
->toExtendNothing()
->toHaveSuffix('Controller');
arch('models')
->expect('App\Models')
->toExtend('Illuminate\Database\Eloquent\Model');
arch('no debugging')
->expect(['dd', 'dump', 'ray'])
->not->toBeUsed();
```
### Type Coverage
Pest 3 provides improved type coverage analysis. Run with `--type-coverage` flag.
## Common Pitfalls
- Not importing `use function Pest\Laravel\mock;` before using mock
- Using `assertStatus(200)` instead of `assertSuccessful()`
- Forgetting datasets for repetitive validation tests
- Deleting tests without approval

4
backend/.codex/config.toml Normal file
View File

@@ -0,0 +1,4 @@
[mcp_servers.laravel-boost]
command = "php"
args = ["artisan", "boost:mcp"]
cwd = "C:\\dev\\kimi-headroom\\backend"

18
backend/.editorconfig Normal file
View File

@@ -0,0 +1,18 @@
root = true
[*]
charset = utf-8
end_of_line = lf
indent_size = 4
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true
[*.md]
trim_trailing_whitespace = false
[*.{yml,yaml}]
indent_size = 2
[compose.yaml]
indent_size = 4

65
backend/.env.example Normal file
View File

@@ -0,0 +1,65 @@
APP_NAME=Laravel
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_URL=http://localhost
APP_LOCALE=en
APP_FALLBACK_LOCALE=en
APP_FAKER_LOCALE=en_US
APP_MAINTENANCE_DRIVER=file
# APP_MAINTENANCE_STORE=database
# PHP_CLI_SERVER_WORKERS=4
BCRYPT_ROUNDS=12
LOG_CHANNEL=stack
LOG_STACK=single
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug
DB_CONNECTION=sqlite
# DB_HOST=127.0.0.1
# DB_PORT=3306
# DB_DATABASE=laravel
# DB_USERNAME=root
# DB_PASSWORD=
SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=null
BROADCAST_CONNECTION=log
FILESYSTEM_DISK=local
QUEUE_CONNECTION=database
CACHE_STORE=database
# CACHE_PREFIX=
MEMCACHED_HOST=127.0.0.1
REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_MAILER=log
MAIL_SCHEME=null
MAIL_HOST=127.0.0.1
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_FROM_ADDRESS="hello@example.com"
MAIL_FROM_NAME="${APP_NAME}"
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false
VITE_APP_NAME="${APP_NAME}"

11
backend/.gitattributes vendored Normal file
View File

@@ -0,0 +1,11 @@
* text=auto eol=lf
*.blade.php diff=html
*.css diff=css
*.html diff=html
*.md diff=markdown
*.php diff=php
/.github export-ignore
CHANGELOG.md export-ignore
.styleci.yml export-ignore

24
backend/.gitignore vendored Normal file
View File

@@ -0,0 +1,24 @@
*.log
.DS_Store
.env
.env.backup
.env.production
.phpactor.json
.phpunit.result.cache
/.fleet
/.idea
/.nova
/.phpunit.cache
/.vscode
/.zed
/auth.json
/node_modules
/public/build
/public/hot
/public/storage
/storage/*.key
/storage/pail
/vendor
Homestead.json
Homestead.yaml
Thumbs.db

234
backend/.junie/guidelines.md Normal file
View File

@@ -0,0 +1,234 @@
<laravel-boost-guidelines>
=== foundation rules ===
# Laravel Boost Guidelines
The Laravel Boost guidelines are specifically curated by Laravel maintainers for this application. These guidelines should be followed closely to ensure the best experience when building Laravel applications.
## Foundational Context
This application is a Laravel application and its main Laravel ecosystems package & versions are below. You are an expert with them all. Ensure you abide by these specific packages & versions.
- php - 8.5.2
- laravel/framework (LARAVEL) - v12
- laravel/prompts (PROMPTS) - v0
- laravel/mcp (MCP) - v0
- laravel/pint (PINT) - v1
- laravel/sail (SAIL) - v1
- pestphp/pest (PEST) - v3
- phpunit/phpunit (PHPUNIT) - v11
## Skills Activation
This project has domain-specific skills available. You MUST activate the relevant skill whenever you work in that domain—don't wait until you're stuck.
- `pest-testing` — Tests applications using the Pest 3 PHP framework. Activates when writing tests, creating unit or feature tests, adding assertions, testing Livewire components, architecture testing, debugging test failures, working with datasets or mocking; or when the user mentions test, spec, TDD, expects, assertion, coverage, or needs to verify functionality works.
## Conventions
- You must follow all existing code conventions used in this application. When creating or editing a file, check sibling files for the correct structure, approach, and naming.
- Use descriptive names for variables and methods. For example, `isRegisteredForDiscounts`, not `discount()`.
- Check for existing components to reuse before writing a new one.
## Verification Scripts
- Do not create verification scripts or tinker when tests cover that functionality and prove they work. Unit and feature tests are more important.
## Application Structure & Architecture
- Stick to existing directory structure; don't create new base folders without approval.
- Do not change the application's dependencies without approval.
## Frontend Bundling
- If the user doesn't see a frontend change reflected in the UI, it could mean they need to run `npm run build`, `npm run dev`, or `composer run dev`. Ask them.
## Documentation Files
- You must only create documentation files if explicitly requested by the user.
## Replies
- Be concise in your explanations - focus on what's important rather than explaining obvious details.
=== boost rules ===
# Laravel Boost
- Laravel Boost is an MCP server that comes with powerful tools designed specifically for this application. Use them.
## Artisan
- Use the `list-artisan-commands` tool when you need to call an Artisan command to double-check the available parameters.
## URLs
- Whenever you share a project URL with the user, you should use the `get-absolute-url` tool to ensure you're using the correct scheme, domain/IP, and port.
## Tinker / Debugging
- You should use the `tinker` tool when you need to execute PHP to debug code or query Eloquent models directly.
- Use the `database-query` tool when you only need to read from the database.
- Use the `database-schema` tool to inspect table structure before writing migrations or models.
## Reading Browser Logs With the `browser-logs` Tool
- You can read browser logs, errors, and exceptions using the `browser-logs` tool from Boost.
- Only recent browser logs will be useful - ignore old logs.
## Searching Documentation (Critically Important)
- Boost comes with a powerful `search-docs` tool you should use before trying other approaches when working with Laravel or Laravel ecosystem packages. This tool automatically passes a list of installed packages and their versions to the remote Boost API, so it returns only version-specific documentation for the user's circumstance. You should pass an array of packages to filter on if you know you need docs for particular packages.
- Search the documentation before making code changes to ensure we are taking the correct approach.
- Use multiple, broad, simple, topic-based queries at once. For example: `['rate limiting', 'routing rate limiting', 'routing']`. The most relevant results will be returned first.
- Do not add package names to queries; package information is already shared. For example, use `test resource table`, not `filament 4 test resource table`.
### Available Search Syntax
1. Simple Word Searches with auto-stemming - query=authentication - finds 'authenticate' and 'auth'.
2. Multiple Words (AND Logic) - query=rate limit - finds knowledge containing both "rate" AND "limit".
3. Quoted Phrases (Exact Position) - query="infinite scroll" - words must be adjacent and in that order.
4. Mixed Queries - query=middleware "rate limit" - "middleware" AND exact phrase "rate limit".
5. Multiple Queries - queries=["authentication", "middleware"] - ANY of these terms.
=== php rules ===
# PHP
- Always use curly braces for control structures, even for single-line bodies.
## Constructors
- Use PHP 8 constructor property promotion in `__construct()`.
- `public function __construct(public GitHub $github) { }`
- Do not allow empty `__construct()` methods with zero parameters unless the constructor is private.
## Type Declarations
- Always use explicit return type declarations for methods and functions.
- Use appropriate PHP type hints for method parameters.
<!-- Explicit Return Types and Method Params -->
```php
protected function isAccessible(User $user, ?string $path = null): bool
{
...
}
```
## Enums
- Typically, keys in an Enum should be TitleCase. For example: `FavoritePerson`, `BestLake`, `Monthly`.
## Comments
- Prefer PHPDoc blocks over inline comments. Never use comments within the code itself unless the logic is exceptionally complex.
## PHPDoc Blocks
- Add useful array shape type definitions when appropriate.
=== tests rules ===
# Test Enforcement
- Every change must be programmatically tested. Write a new test or update an existing test, then run the affected tests to make sure they pass.
- Run the minimum number of tests needed to ensure code quality and speed. Use `php artisan test --compact` with a specific filename or filter.
=== laravel/core rules ===
# Do Things the Laravel Way
- Use `php artisan make:` commands to create new files (i.e. migrations, controllers, models, etc.). You can list available Artisan commands using the `list-artisan-commands` tool.
- If you're creating a generic PHP class, use `php artisan make:class`.
- Pass `--no-interaction` to all Artisan commands to ensure they work without user input. You should also pass the correct `--options` to ensure correct behavior.
## Database
- Always use proper Eloquent relationship methods with return type hints. Prefer relationship methods over raw queries or manual joins.
- Use Eloquent models and relationships before suggesting raw database queries.
- Avoid `DB::`; prefer `Model::query()`. Generate code that leverages Laravel's ORM capabilities rather than bypassing them.
- Generate code that prevents N+1 query problems by using eager loading.
- Use Laravel's query builder for very complex database operations.
### Model Creation
- When creating new models, create useful factories and seeders for them too. Ask the user if they need any other things, using `list-artisan-commands` to check the available options to `php artisan make:model`.
### APIs & Eloquent Resources
- For APIs, default to using Eloquent API Resources and API versioning unless existing API routes do not, then you should follow existing application convention.
## Controllers & Validation
- Always create Form Request classes for validation rather than inline validation in controllers. Include both validation rules and custom error messages.
- Check sibling Form Requests to see if the application uses array or string based validation rules.
## Authentication & Authorization
- Use Laravel's built-in authentication and authorization features (gates, policies, Sanctum, etc.).
## URL Generation
- When generating links to other pages, prefer named routes and the `route()` function.
## Queues
- Use queued jobs for time-consuming operations with the `ShouldQueue` interface.
## Configuration
- Use environment variables only in configuration files - never use the `env()` function directly outside of config files. Always use `config('app.name')`, not `env('APP_NAME')`.
## Testing
- When creating models for tests, use the factories for the models. Check if the factory has custom states that can be used before manually setting up the model.
- Faker: Use methods such as `$this->faker->word()` or `fake()->randomDigit()`. Follow existing conventions whether to use `$this->faker` or `fake()`.
- When creating tests, make use of `php artisan make:test [options] {name}` to create a feature test, and pass `--unit` to create a unit test. Most tests should be feature tests.
## Vite Error
- If you receive an "Illuminate\Foundation\ViteException: Unable to locate file in Vite manifest" error, you can run `npm run build` or ask the user to run `npm run dev` or `composer run dev`.
=== laravel/v12 rules ===
# Laravel 12
- CRITICAL: ALWAYS use `search-docs` tool for version-specific Laravel documentation and updated code examples.
- Since Laravel 11, Laravel has a new streamlined file structure which this project uses.
## Laravel 12 Structure
- In Laravel 12, middleware are no longer registered in `app/Http/Kernel.php`.
- Middleware are configured declaratively in `bootstrap/app.php` using `Application::configure()->withMiddleware()`.
- `bootstrap/app.php` is the file to register middleware, exceptions, and routing files.
- `bootstrap/providers.php` contains application specific service providers.
- The `app\Console\Kernel.php` file no longer exists; use `bootstrap/app.php` or `routes/console.php` for console configuration.
- Console commands in `app/Console/Commands/` are automatically available and do not require manual registration.
## Database
- When modifying a column, the migration must include all of the attributes that were previously defined on the column. Otherwise, they will be dropped and lost.
- Laravel 12 allows limiting eagerly loaded records natively, without external packages: `$query->latest()->limit(10);`.
### Models
- Casts can and likely should be set in a `casts()` method on a model rather than the `$casts` property. Follow existing conventions from other models.
=== pint/core rules ===
# Laravel Pint Code Formatter
- You must run `vendor/bin/pint --dirty --format agent` before finalizing changes to ensure your code matches the project's expected style.
- Do not run `vendor/bin/pint --test --format agent`, simply run `vendor/bin/pint --format agent` to fix any formatting issues.
=== pest/core rules ===
## Pest
- This project uses Pest for testing. Create tests: `php artisan make:test --pest {name}`.
- Run tests: `php artisan test --compact` or filter: `php artisan test --compact --filter=testName`.
- Do NOT delete tests without approval.
- CRITICAL: ALWAYS use `search-docs` tool for version-specific Pest documentation and updated code examples.
- IMPORTANT: Activate `pest-testing` every time you're working with a Pest or testing-related task.
</laravel-boost-guidelines>

11
backend/.junie/mcp/mcp.json Normal file
View File

@@ -0,0 +1,11 @@
{
"mcpServers": {
"laravel-boost": {
"command": "C:\\Users\\simpl\\scoop\\apps\\php\\current\\php.exe",
"args": [
"C:\\dev\\kimi-headroom\\backend\\artisan",
"boost:mcp"
]
}
}
}

117
backend/.junie/skills/pest-testing/SKILL.md Normal file
View File

@@ -0,0 +1,117 @@
---
name: pest-testing
description: "Tests applications using the Pest 3 PHP framework. Activates when writing tests, creating unit or feature tests, adding assertions, testing Livewire components, architecture testing, debugging test failures, working with datasets or mocking; or when the user mentions test, spec, TDD, expects, assertion, coverage, or needs to verify functionality works."
license: MIT
metadata:
author: laravel
---
# Pest Testing 3
## When to Apply
Activate this skill when:
- Creating new tests (unit or feature)
- Modifying existing tests
- Debugging test failures
- Working with datasets, mocking, or test organization
- Writing architecture tests
## Documentation
Use `search-docs` for detailed Pest 3 patterns and documentation.
## Basic Usage
### Creating Tests
All tests must be written using Pest. Use `php artisan make:test --pest {name}`.
### Test Organization
- Tests live in the `tests/Feature` and `tests/Unit` directories.
- Do NOT remove tests without approval - these are core application code.
- Test happy paths, failure paths, and edge cases.
### Basic Test Structure
<!-- Basic Pest Test Example -->
```php
it('is true', function () {
expect(true)->toBeTrue();
});
```
### Running Tests
- Run minimal tests with filter before finalizing: `php artisan test --compact --filter=testName`.
- Run all tests: `php artisan test --compact`.
- Run file: `php artisan test --compact tests/Feature/ExampleTest.php`.
## Assertions
Use specific assertions (`assertSuccessful()`, `assertNotFound()`) instead of `assertStatus()`:
<!-- Pest Response Assertion -->
```php
it('returns all', function () {
$this->postJson('/api/docs', [])->assertSuccessful();
});
```
| Use | Instead of |
|-----|------------|
| `assertSuccessful()` | `assertStatus(200)` |
| `assertNotFound()` | `assertStatus(404)` |
| `assertForbidden()` | `assertStatus(403)` |
## Mocking
Import mock function before use: `use function Pest\Laravel\mock;`
## Datasets
Use datasets for repetitive tests (validation rules, etc.):
<!-- Pest Dataset Example -->
```php
it('has emails', function (string $email) {
expect($email)->not->toBeEmpty();
})->with([
'james' => 'james@laravel.com',
'taylor' => 'taylor@laravel.com',
]);
```
## Pest 3 Features
### Architecture Testing
Pest 3 includes architecture testing to enforce code conventions:
<!-- Architecture Test Example -->
```php
arch('controllers')
->expect('App\Http\Controllers')
->toExtendNothing()
->toHaveSuffix('Controller');
arch('models')
->expect('App\Models')
->toExtend('Illuminate\Database\Eloquent\Model');
arch('no debugging')
->expect(['dd', 'dump', 'ray'])
->not->toBeUsed();
```
### Type Coverage
Pest 3 provides improved type coverage analysis. Run with `--type-coverage` flag.
## Common Pitfalls
- Not importing `use function Pest\Laravel\mock;` before using mock
- Using `assertStatus(200)` instead of `assertSuccessful()`
- Forgetting datasets for repetitive validation tests
- Deleting tests without approval

4
backend/.scribe/.filehashes Normal file
View File

@@ -0,0 +1,4 @@
# GENERATED. YOU SHOULDN'T MODIFY OR DELETE THIS FILE.
# Scribe uses this file to know when you change something manually in your docs.
.scribe/intro.md=4bf90470e636417926ae5d9227747d45
.scribe/auth.md=9bee2b1ef8a238b2e58613fa636d5f39

3
backend/.scribe/auth.md Normal file
View File

@@ -0,0 +1,3 @@
# Authenticating requests
This API is not authenticated.

214
backend/.scribe/endpoints.cache/00.yaml Normal file
View File

@@ -0,0 +1,214 @@
## Autogenerated by Scribe. DO NOT MODIFY.
name: Authentication
description: |-
Endpoints for JWT authentication and session lifecycle.
endpoints:
-
custom: []
httpMethods:
- POST
uri: api/auth/login
metadata:
custom: []
groupName: Authentication
groupDescription: |-
Endpoints for JWT authentication and session lifecycle.
subgroup: ''
subgroupDescription: ''
title: 'Login and get tokens'
description: 'Authenticate with email and password to receive an access token and refresh token.'
authenticated: false
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
email:
custom: []
name: email
description: 'User email address.'
required: true
example: user@example.com
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
password:
custom: []
name: password
description: 'User password.'
required: true
example: secret123
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
email: user@example.com
password: secret123
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh_token": "abc123def456",
"token_type": "bearer",
"expires_in": 3600,
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Alice Johnson",
"email": "user@example.com",
"role": "manager"
}
}
headers: []
description: ''
-
custom: []
status: 401
content: '{"message":"Invalid credentials"}'
headers: []
description: ''
-
custom: []
status: 403
content: '{"message":"Account is inactive"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"errors":{"email":["The email field is required."],"password":["The password field is required."]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/auth/refresh
metadata:
custom: []
groupName: Authentication
groupDescription: |-
Endpoints for JWT authentication and session lifecycle.
subgroup: ''
subgroupDescription: ''
title: 'Refresh access token'
description: 'Exchange a valid refresh token for a new access token and refresh token pair.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
refresh_token:
custom: []
name: refresh_token
description: 'Refresh token returned by login.'
required: true
example: abc123def456
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
refresh_token: abc123def456
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh_token": "newtoken123",
"token_type": "bearer",
"expires_in": 3600
}
headers: []
description: ''
-
custom: []
status: 401
content: '{"message":"Invalid or expired refresh token"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/auth/logout
metadata:
custom: []
groupName: Authentication
groupDescription: |-
Endpoints for JWT authentication and session lifecycle.
subgroup: ''
subgroupDescription: ''
title: 'Logout current session'
description: 'Invalidate a refresh token and end the active authenticated session.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
refresh_token:
custom: []
name: refresh_token
description: 'Optional refresh token to invalidate immediately.'
required: false
example: abc123def456
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
refresh_token: abc123def456
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"message":"Logged out successfully"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null

443
backend/.scribe/endpoints.cache/01.yaml Normal file
View File

@@ -0,0 +1,443 @@
## Autogenerated by Scribe. DO NOT MODIFY.
name: 'Team Members'
description: |-
Endpoints for managing team members.
endpoints:
-
custom: []
httpMethods:
- GET
uri: api/team-members
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'List all team members'
description: 'Get a list of all team members with optional filtering by active status.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters:
active:
custom: []
name: active
description: 'Filter by active status.'
required: false
example: true
type: boolean
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanQueryParameters:
active: true
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "150.00",
"active": true,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/team-members
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Create a new team member'
description: 'Create a new team member with name, role, and hourly rate.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
name:
custom: []
name: name
description: 'Team member name.'
required: true
example: 'John Doe'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
role_id:
custom: []
name: role_id
description: 'Role ID.'
required: true
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
hourly_rate:
custom: []
name: hourly_rate
description: 'Hourly rate (must be > 0).'
required: true
example: '150.00'
type: numeric
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
active:
custom: []
name: active
description: 'Active status (defaults to true).'
required: false
example: true
type: boolean
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
name: 'John Doe'
role_id: 1
hourly_rate: '150.00'
active: true
fileParameters: []
responses:
-
custom: []
status: 201
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "150.00",
"active": true,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"name":["The name field is required."],"hourly_rate":["Hourly rate must be greater than 0"]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: 'api/team-members/{id}'
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Get a single team member'
description: 'Get details of a specific team member by ID.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Team member UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "150.00",
"active": true,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Team member not found"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
- PATCH
uri: 'api/team-members/{id}'
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Update a team member'
description: 'Update details of an existing team member.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Team member UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
name:
custom: []
name: name
description: 'Team member name.'
required: false
example: 'John Doe'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
role_id:
custom: []
name: role_id
description: 'Role ID.'
required: false
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
hourly_rate:
custom: []
name: hourly_rate
description: 'Hourly rate (must be > 0).'
required: false
example: '175.00'
type: numeric
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
active:
custom: []
name: active
description: 'Active status.'
required: false
example: false
type: boolean
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
name: 'John Doe'
role_id: 1
hourly_rate: '175.00'
active: false
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "175.00",
"active": false,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T11:00:00.000000Z"
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Team member not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"hourly_rate":["Hourly rate must be greater than 0"]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- DELETE
uri: 'api/team-members/{id}'
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Delete a team member'
description: 'Delete a team member. Cannot delete if member has allocations or actuals.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Team member UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"message":"Team member deleted successfully"}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Team member not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot delete team member with active allocations","suggestion":"Consider deactivating the team member instead"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot delete team member with historical data","suggestion":"Consider deactivating the team member instead"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null

767
backend/.scribe/endpoints.cache/02.yaml Normal file
View File

@@ -0,0 +1,767 @@
## Autogenerated by Scribe. DO NOT MODIFY.
name: Projects
description: |-
Endpoints for managing projects.
endpoints:
-
custom: []
httpMethods:
- GET
uri: api/projects/types
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Get all project types'
description: ''
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{"id": 1, "name": "Project"},
{"id": 2, "name": "Support"},
{"id": 3, "name": "Engagement"}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: api/projects/statuses
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Get all project statuses'
description: ''
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{"id": 1, "name": "Pre-sales", "order": 1},
{"id": 2, "name": "SOW Approval", "order": 2},
{"id": 3, "name": "Gathering Estimates", "order": 3}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: api/projects
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'List all projects'
description: 'Get a list of all projects with optional filtering by status and type.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters:
status_id:
custom: []
name: status_id
description: 'Filter by status ID.'
required: false
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
type_id:
custom: []
name: type_id
description: 'Filter by type ID.'
required: false
example: 2
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanQueryParameters:
status_id: 1
type_id: 2
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-001",
"title": "Client Dashboard Redesign",
"status_id": 1,
"status": {"id": 1, "name": "Pre-sales"},
"type_id": 2,
"type": {"id": 2, "name": "Support"},
"approved_estimate": "120.00",
"forecasted_effort": {"2024-02": 40, "2024-03": 60, "2024-04": 20},
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/projects
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Create a new project'
description: 'Create a new project with code, title, and type.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
code:
custom: []
name: code
description: 'Project code (must be unique).'
required: true
example: PROJ-001
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
title:
custom: []
name: title
description: 'Project title.'
required: true
example: 'Client Dashboard Redesign'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
type_id:
custom: []
name: type_id
description: 'Project type ID.'
required: true
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
code: PROJ-001
title: 'Client Dashboard Redesign'
type_id: 1
fileParameters: []
responses:
-
custom: []
status: 201
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-001",
"title": "Client Dashboard Redesign",
"status_id": 1,
"status": {"id": 1, "name": "Pre-sales"},
"type_id": 1,
"type": {"id": 1, "name": "Project"}
}
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"code":["Project code must be unique"],"title":["The title field is required."]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: 'api/projects/{id}'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Get a single project'
description: 'Get details of a specific project by ID.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-001",
"title": "Client Dashboard Redesign",
"status": {"id": 1, "name": "Pre-sales"},
"type": {"id": 1, "name": "Project"},
"approved_estimate": "120.00",
"forecasted_effort": {"2024-02": 40, "2024-03": 60}
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
- PATCH
uri: 'api/projects/{id}'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Update a project'
description: 'Update details of an existing project.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
code:
custom: []
name: code
description: 'Project code (must be unique).'
required: false
example: PROJ-002
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
title:
custom: []
name: title
description: 'Project title.'
required: false
example: 'Updated Title'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
type_id:
custom: []
name: type_id
description: 'Project type ID.'
required: false
example: 2
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
code: PROJ-002
title: 'Updated Title'
type_id: 2
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-002",
"title": "Updated Title",
"type_id": 2
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"type_id":["The selected type id is invalid."]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- DELETE
uri: 'api/projects/{id}'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Delete a project'
description: 'Delete a project. Cannot delete if project has allocations or actuals.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"message":"Project deleted successfully"}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot delete project with allocations"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
uri: 'api/projects/{project}/status'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Transition project status'
description: 'Transition project to a new status following the state machine rules.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
project:
custom: []
name: project
description: 'The project.'
required: true
example: architecto
type: string
enumValues: []
exampleWasSpecified: false
nullable: false
deprecated: false
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
project: architecto
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
status_id:
custom: []
name: status_id
description: 'Target status ID.'
required: true
example: 2
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
status_id: 2
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"status": {"id": 2, "name": "SOW Approval"}
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot transition from Pre-sales to Done"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
uri: 'api/projects/{project}/estimate'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Set approved estimate'
description: 'Set the approved billable hours estimate for a project.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
project:
custom: []
name: project
description: 'The project.'
required: true
example: architecto
type: string
enumValues: []
exampleWasSpecified: false
nullable: false
deprecated: false
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
project: architecto
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
approved_estimate:
custom: []
name: approved_estimate
description: 'Approved estimate hours (must be > 0).'
required: true
example: 120.0
type: number
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
approved_estimate: 120.0
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"id":"550e8400-e29b-41d4-a716-446655440000", "approved_estimate":"120.00"}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Approved estimate must be greater than 0"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
uri: 'api/projects/{project}/forecast'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Set forecasted effort'
description: 'Set the month-by-month forecasted effort breakdown.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
project:
custom: []
name: project
description: 'The project.'
required: true
example: architecto
type: string
enumValues: []
exampleWasSpecified: false
nullable: false
deprecated: false
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
project: architecto
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
forecasted_effort:
custom: []
name: forecasted_effort
description: 'Monthly effort breakdown.'
required: true
example:
2024-02: 40
2024-03: 60
type: object
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
forecasted_effort:
2024-02: 40
2024-03: 60
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"id":"550e8400-e29b-41d4-a716-446655440000", "forecasted_effort":{"2024-02":40,"2024-03":60}}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Forecasted effort exceeds approved estimate by more than 5%"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null

212
backend/.scribe/endpoints/00.yaml Normal file
View File

@@ -0,0 +1,212 @@
name: Authentication
description: |-
Endpoints for JWT authentication and session lifecycle.
endpoints:
-
custom: []
httpMethods:
- POST
uri: api/auth/login
metadata:
custom: []
groupName: Authentication
groupDescription: |-
Endpoints for JWT authentication and session lifecycle.
subgroup: ''
subgroupDescription: ''
title: 'Login and get tokens'
description: 'Authenticate with email and password to receive an access token and refresh token.'
authenticated: false
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
email:
custom: []
name: email
description: 'User email address.'
required: true
example: user@example.com
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
password:
custom: []
name: password
description: 'User password.'
required: true
example: secret123
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
email: user@example.com
password: secret123
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh_token": "abc123def456",
"token_type": "bearer",
"expires_in": 3600,
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Alice Johnson",
"email": "user@example.com",
"role": "manager"
}
}
headers: []
description: ''
-
custom: []
status: 401
content: '{"message":"Invalid credentials"}'
headers: []
description: ''
-
custom: []
status: 403
content: '{"message":"Account is inactive"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"errors":{"email":["The email field is required."],"password":["The password field is required."]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/auth/refresh
metadata:
custom: []
groupName: Authentication
groupDescription: |-
Endpoints for JWT authentication and session lifecycle.
subgroup: ''
subgroupDescription: ''
title: 'Refresh access token'
description: 'Exchange a valid refresh token for a new access token and refresh token pair.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
refresh_token:
custom: []
name: refresh_token
description: 'Refresh token returned by login.'
required: true
example: abc123def456
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
refresh_token: abc123def456
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh_token": "newtoken123",
"token_type": "bearer",
"expires_in": 3600
}
headers: []
description: ''
-
custom: []
status: 401
content: '{"message":"Invalid or expired refresh token"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/auth/logout
metadata:
custom: []
groupName: Authentication
groupDescription: |-
Endpoints for JWT authentication and session lifecycle.
subgroup: ''
subgroupDescription: ''
title: 'Logout current session'
description: 'Invalidate a refresh token and end the active authenticated session.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
refresh_token:
custom: []
name: refresh_token
description: 'Optional refresh token to invalidate immediately.'
required: false
example: abc123def456
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
refresh_token: abc123def456
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"message":"Logged out successfully"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null

441
backend/.scribe/endpoints/01.yaml Normal file
View File

@@ -0,0 +1,441 @@
name: 'Team Members'
description: |-
Endpoints for managing team members.
endpoints:
-
custom: []
httpMethods:
- GET
uri: api/team-members
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'List all team members'
description: 'Get a list of all team members with optional filtering by active status.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters:
active:
custom: []
name: active
description: 'Filter by active status.'
required: false
example: true
type: boolean
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanQueryParameters:
active: true
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "150.00",
"active": true,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/team-members
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Create a new team member'
description: 'Create a new team member with name, role, and hourly rate.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
name:
custom: []
name: name
description: 'Team member name.'
required: true
example: 'John Doe'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
role_id:
custom: []
name: role_id
description: 'Role ID.'
required: true
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
hourly_rate:
custom: []
name: hourly_rate
description: 'Hourly rate (must be > 0).'
required: true
example: '150.00'
type: numeric
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
active:
custom: []
name: active
description: 'Active status (defaults to true).'
required: false
example: true
type: boolean
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
name: 'John Doe'
role_id: 1
hourly_rate: '150.00'
active: true
fileParameters: []
responses:
-
custom: []
status: 201
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "150.00",
"active": true,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"name":["The name field is required."],"hourly_rate":["Hourly rate must be greater than 0"]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: 'api/team-members/{id}'
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Get a single team member'
description: 'Get details of a specific team member by ID.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Team member UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "150.00",
"active": true,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Team member not found"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
- PATCH
uri: 'api/team-members/{id}'
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Update a team member'
description: 'Update details of an existing team member.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Team member UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
name:
custom: []
name: name
description: 'Team member name.'
required: false
example: 'John Doe'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
role_id:
custom: []
name: role_id
description: 'Role ID.'
required: false
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
hourly_rate:
custom: []
name: hourly_rate
description: 'Hourly rate (must be > 0).'
required: false
example: '175.00'
type: numeric
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
active:
custom: []
name: active
description: 'Active status.'
required: false
example: false
type: boolean
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
name: 'John Doe'
role_id: 1
hourly_rate: '175.00'
active: false
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "John Doe",
"role_id": 1,
"role": {
"id": 1,
"name": "Backend Developer"
},
"hourly_rate": "175.00",
"active": false,
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T11:00:00.000000Z"
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Team member not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"hourly_rate":["Hourly rate must be greater than 0"]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- DELETE
uri: 'api/team-members/{id}'
metadata:
custom: []
groupName: 'Team Members'
groupDescription: |-
Endpoints for managing team members.
subgroup: ''
subgroupDescription: ''
title: 'Delete a team member'
description: 'Delete a team member. Cannot delete if member has allocations or actuals.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Team member UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"message":"Team member deleted successfully"}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Team member not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot delete team member with active allocations","suggestion":"Consider deactivating the team member instead"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot delete team member with historical data","suggestion":"Consider deactivating the team member instead"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null

765
backend/.scribe/endpoints/02.yaml Normal file
View File

@@ -0,0 +1,765 @@
name: Projects
description: |-
Endpoints for managing projects.
endpoints:
-
custom: []
httpMethods:
- GET
uri: api/projects/types
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Get all project types'
description: ''
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{"id": 1, "name": "Project"},
{"id": 2, "name": "Support"},
{"id": 3, "name": "Engagement"}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: api/projects/statuses
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Get all project statuses'
description: ''
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{"id": 1, "name": "Pre-sales", "order": 1},
{"id": 2, "name": "SOW Approval", "order": 2},
{"id": 3, "name": "Gathering Estimates", "order": 3}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: api/projects
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'List all projects'
description: 'Get a list of all projects with optional filtering by status and type.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters:
status_id:
custom: []
name: status_id
description: 'Filter by status ID.'
required: false
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
type_id:
custom: []
name: type_id
description: 'Filter by type ID.'
required: false
example: 2
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanQueryParameters:
status_id: 1
type_id: 2
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-001",
"title": "Client Dashboard Redesign",
"status_id": 1,
"status": {"id": 1, "name": "Pre-sales"},
"type_id": 2,
"type": {"id": 2, "name": "Support"},
"approved_estimate": "120.00",
"forecasted_effort": {"2024-02": 40, "2024-03": 60, "2024-04": 20},
"created_at": "2024-01-15T10:00:00.000000Z",
"updated_at": "2024-01-15T10:00:00.000000Z"
}
]
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- POST
uri: api/projects
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Create a new project'
description: 'Create a new project with code, title, and type.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters: []
cleanUrlParameters: []
queryParameters: []
cleanQueryParameters: []
bodyParameters:
code:
custom: []
name: code
description: 'Project code (must be unique).'
required: true
example: PROJ-001
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
title:
custom: []
name: title
description: 'Project title.'
required: true
example: 'Client Dashboard Redesign'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
type_id:
custom: []
name: type_id
description: 'Project type ID.'
required: true
example: 1
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
code: PROJ-001
title: 'Client Dashboard Redesign'
type_id: 1
fileParameters: []
responses:
-
custom: []
status: 201
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-001",
"title": "Client Dashboard Redesign",
"status_id": 1,
"status": {"id": 1, "name": "Pre-sales"},
"type_id": 1,
"type": {"id": 1, "name": "Project"}
}
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"code":["Project code must be unique"],"title":["The title field is required."]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- GET
uri: 'api/projects/{id}'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Get a single project'
description: 'Get details of a specific project by ID.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-001",
"title": "Client Dashboard Redesign",
"status": {"id": 1, "name": "Pre-sales"},
"type": {"id": 1, "name": "Project"},
"approved_estimate": "120.00",
"forecasted_effort": {"2024-02": 40, "2024-03": 60}
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
- PATCH
uri: 'api/projects/{id}'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Update a project'
description: 'Update details of an existing project.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
code:
custom: []
name: code
description: 'Project code (must be unique).'
required: false
example: PROJ-002
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
title:
custom: []
name: title
description: 'Project title.'
required: false
example: 'Updated Title'
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
type_id:
custom: []
name: type_id
description: 'Project type ID.'
required: false
example: 2
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
code: PROJ-002
title: 'Updated Title'
type_id: 2
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"code": "PROJ-002",
"title": "Updated Title",
"type_id": 2
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Validation failed","errors":{"type_id":["The selected type id is invalid."]}}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- DELETE
uri: 'api/projects/{id}'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Delete a project'
description: 'Delete a project. Cannot delete if project has allocations or actuals.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters: []
cleanBodyParameters: []
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"message":"Project deleted successfully"}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot delete project with allocations"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
uri: 'api/projects/{project}/status'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Transition project status'
description: 'Transition project to a new status following the state machine rules.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
project:
custom: []
name: project
description: 'The project.'
required: true
example: architecto
type: string
enumValues: []
exampleWasSpecified: false
nullable: false
deprecated: false
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
project: architecto
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
status_id:
custom: []
name: status_id
description: 'Target status ID.'
required: true
example: 2
type: integer
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
status_id: 2
fileParameters: []
responses:
-
custom: []
status: 200
content: |-
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"status": {"id": 2, "name": "SOW Approval"}
}
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Cannot transition from Pre-sales to Done"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
uri: 'api/projects/{project}/estimate'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Set approved estimate'
description: 'Set the approved billable hours estimate for a project.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
project:
custom: []
name: project
description: 'The project.'
required: true
example: architecto
type: string
enumValues: []
exampleWasSpecified: false
nullable: false
deprecated: false
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
project: architecto
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
approved_estimate:
custom: []
name: approved_estimate
description: 'Approved estimate hours (must be > 0).'
required: true
example: 120.0
type: number
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
approved_estimate: 120.0
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"id":"550e8400-e29b-41d4-a716-446655440000", "approved_estimate":"120.00"}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Approved estimate must be greater than 0"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null
-
custom: []
httpMethods:
- PUT
uri: 'api/projects/{project}/forecast'
metadata:
custom: []
groupName: Projects
groupDescription: |-
Endpoints for managing projects.
subgroup: ''
subgroupDescription: ''
title: 'Set forecasted effort'
description: 'Set the month-by-month forecasted effort breakdown.'
authenticated: true
deprecated: false
headers:
Content-Type: application/json
Accept: application/json
urlParameters:
project:
custom: []
name: project
description: 'The project.'
required: true
example: architecto
type: string
enumValues: []
exampleWasSpecified: false
nullable: false
deprecated: false
id:
custom: []
name: id
description: 'Project UUID.'
required: true
example: 550e8400-e29b-41d4-a716-446655440000
type: string
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanUrlParameters:
project: architecto
id: 550e8400-e29b-41d4-a716-446655440000
queryParameters: []
cleanQueryParameters: []
bodyParameters:
forecasted_effort:
custom: []
name: forecasted_effort
description: 'Monthly effort breakdown.'
required: true
example:
2024-02: 40
2024-03: 60
type: object
enumValues: []
exampleWasSpecified: true
nullable: false
deprecated: false
cleanBodyParameters:
forecasted_effort:
2024-02: 40
2024-03: 60
fileParameters: []
responses:
-
custom: []
status: 200
content: '{"id":"550e8400-e29b-41d4-a716-446655440000", "forecasted_effort":{"2024-02":40,"2024-03":60}}'
headers: []
description: ''
-
custom: []
status: 404
content: '{"message":"Project not found"}'
headers: []
description: ''
-
custom: []
status: 422
content: '{"message":"Forecasted effort exceeds approved estimate by more than 5%"}'
headers: []
description: ''
responseFields: []
auth: []
controller: null
method: null
route: null

53
backend/.scribe/endpoints/custom.0.yaml Normal file
View File

@@ -0,0 +1,53 @@
# To include an endpoint that isn't a part of your Laravel app (or belongs to a vendor package),
# you can define it in a custom.*.yaml file, like this one.
# Each custom file should contain an array of endpoints. Here's an example:
# See https://scribe.knuckles.wtf/laravel/documenting/custom-endpoints#extra-sorting-groups-in-custom-endpoint-files for more options
#- httpMethods:
# - POST
# uri: api/doSomething/{param}
# metadata:
# groupName: The group the endpoint belongs to. Can be a new group or an existing group.
# groupDescription: A description for the group. You don't need to set this for every endpoint; once is enough.
# subgroup: You can add a subgroup, too.
# title: Do something
# description: 'This endpoint allows you to do something.'
# authenticated: false
# headers:
# Content-Type: application/json
# Accept: application/json
# urlParameters:
# param:
# name: param
# description: A URL param for no reason.
# required: true
# example: 2
# type: integer
# queryParameters:
# speed:
# name: speed
# description: How fast the thing should be done. Can be `slow` or `fast`.
# required: false
# example: fast
# type: string
# bodyParameters:
# something:
# name: something
# description: The things we should do.
# required: true
# example:
# - string 1
# - string 2
# type: 'string[]'
# responses:
# - status: 200
# description: 'When the thing was done smoothly.'
# content: # Your response content can be an object, an array, a string or empty.
# {
# "hey": "ho ho ho"
# }
# responseFields:
# hey:
# name: hey
# description: Who knows?
# type: string # This is optional

13
backend/.scribe/intro.md Normal file
View File

@@ -0,0 +1,13 @@
# Introduction
<aside>
<strong>Base URL</strong>: <code>http://localhost</code>
</aside>
This documentation aims to provide all the information you need to work with our API.
<aside>As you scroll, you'll see code examples for working with the API in different programming languages in the dark area to the right (or as part of the content on mobile).
You can switch the language used with the tabs at the top right (or from the nav menu at the top left on mobile).</aside>

234
backend/AGENTS.md Normal file
View File

@@ -0,0 +1,234 @@
<laravel-boost-guidelines>
=== foundation rules ===
# Laravel Boost Guidelines
The Laravel Boost guidelines are specifically curated by Laravel maintainers for this application. These guidelines should be followed closely to ensure the best experience when building Laravel applications.
## Foundational Context
This application is a Laravel application and its main Laravel ecosystems package & versions are below. You are an expert with them all. Ensure you abide by these specific packages & versions.
- php - 8.5.2
- laravel/framework (LARAVEL) - v12
- laravel/prompts (PROMPTS) - v0
- laravel/mcp (MCP) - v0
- laravel/pint (PINT) - v1
- laravel/sail (SAIL) - v1
- pestphp/pest (PEST) - v3
- phpunit/phpunit (PHPUNIT) - v11
## Skills Activation
This project has domain-specific skills available. You MUST activate the relevant skill whenever you work in that domain—don't wait until you're stuck.
- `pest-testing` — Tests applications using the Pest 3 PHP framework. Activates when writing tests, creating unit or feature tests, adding assertions, testing Livewire components, architecture testing, debugging test failures, working with datasets or mocking; or when the user mentions test, spec, TDD, expects, assertion, coverage, or needs to verify functionality works.
## Conventions
- You must follow all existing code conventions used in this application. When creating or editing a file, check sibling files for the correct structure, approach, and naming.
- Use descriptive names for variables and methods. For example, `isRegisteredForDiscounts`, not `discount()`.
- Check for existing components to reuse before writing a new one.
## Verification Scripts
- Do not create verification scripts or tinker when tests cover that functionality and prove they work. Unit and feature tests are more important.
## Application Structure & Architecture
- Stick to existing directory structure; don't create new base folders without approval.
- Do not change the application's dependencies without approval.
## Frontend Bundling
- If the user doesn't see a frontend change reflected in the UI, it could mean they need to run `npm run build`, `npm run dev`, or `composer run dev`. Ask them.
## Documentation Files
- You must only create documentation files if explicitly requested by the user.
## Replies
- Be concise in your explanations - focus on what's important rather than explaining obvious details.
=== boost rules ===
# Laravel Boost
- Laravel Boost is an MCP server that comes with powerful tools designed specifically for this application. Use them.
## Artisan
- Use the `list-artisan-commands` tool when you need to call an Artisan command to double-check the available parameters.
## URLs
- Whenever you share a project URL with the user, you should use the `get-absolute-url` tool to ensure you're using the correct scheme, domain/IP, and port.
## Tinker / Debugging
- You should use the `tinker` tool when you need to execute PHP to debug code or query Eloquent models directly.
- Use the `database-query` tool when you only need to read from the database.
- Use the `database-schema` tool to inspect table structure before writing migrations or models.
## Reading Browser Logs With the `browser-logs` Tool
- You can read browser logs, errors, and exceptions using the `browser-logs` tool from Boost.
- Only recent browser logs will be useful - ignore old logs.
## Searching Documentation (Critically Important)
- Boost comes with a powerful `search-docs` tool you should use before trying other approaches when working with Laravel or Laravel ecosystem packages. This tool automatically passes a list of installed packages and their versions to the remote Boost API, so it returns only version-specific documentation for the user's circumstance. You should pass an array of packages to filter on if you know you need docs for particular packages.
- Search the documentation before making code changes to ensure we are taking the correct approach.
- Use multiple, broad, simple, topic-based queries at once. For example: `['rate limiting', 'routing rate limiting', 'routing']`. The most relevant results will be returned first.
- Do not add package names to queries; package information is already shared. For example, use `test resource table`, not `filament 4 test resource table`.
### Available Search Syntax
1. Simple Word Searches with auto-stemming - query=authentication - finds 'authenticate' and 'auth'.
2. Multiple Words (AND Logic) - query=rate limit - finds knowledge containing both "rate" AND "limit".
3. Quoted Phrases (Exact Position) - query="infinite scroll" - words must be adjacent and in that order.
4. Mixed Queries - query=middleware "rate limit" - "middleware" AND exact phrase "rate limit".
5. Multiple Queries - queries=["authentication", "middleware"] - ANY of these terms.
=== php rules ===
# PHP
- Always use curly braces for control structures, even for single-line bodies.
## Constructors
- Use PHP 8 constructor property promotion in `__construct()`.
- `public function __construct(public GitHub $github) { }`
- Do not allow empty `__construct()` methods with zero parameters unless the constructor is private.
## Type Declarations
- Always use explicit return type declarations for methods and functions.
- Use appropriate PHP type hints for method parameters.
<!-- Explicit Return Types and Method Params -->
```php
protected function isAccessible(User $user, ?string $path = null): bool
{
...
}
```
## Enums
- Typically, keys in an Enum should be TitleCase. For example: `FavoritePerson`, `BestLake`, `Monthly`.
## Comments
- Prefer PHPDoc blocks over inline comments. Never use comments within the code itself unless the logic is exceptionally complex.
## PHPDoc Blocks
- Add useful array shape type definitions when appropriate.
=== tests rules ===
# Test Enforcement
- Every change must be programmatically tested. Write a new test or update an existing test, then run the affected tests to make sure they pass.
- Run the minimum number of tests needed to ensure code quality and speed. Use `php artisan test --compact` with a specific filename or filter.
=== laravel/core rules ===
# Do Things the Laravel Way
- Use `php artisan make:` commands to create new files (i.e. migrations, controllers, models, etc.). You can list available Artisan commands using the `list-artisan-commands` tool.
- If you're creating a generic PHP class, use `php artisan make:class`.
- Pass `--no-interaction` to all Artisan commands to ensure they work without user input. You should also pass the correct `--options` to ensure correct behavior.
## Database
- Always use proper Eloquent relationship methods with return type hints. Prefer relationship methods over raw queries or manual joins.
- Use Eloquent models and relationships before suggesting raw database queries.
- Avoid `DB::`; prefer `Model::query()`. Generate code that leverages Laravel's ORM capabilities rather than bypassing them.
- Generate code that prevents N+1 query problems by using eager loading.
- Use Laravel's query builder for very complex database operations.
### Model Creation
- When creating new models, create useful factories and seeders for them too. Ask the user if they need any other things, using `list-artisan-commands` to check the available options to `php artisan make:model`.
### APIs & Eloquent Resources
- For APIs, default to using Eloquent API Resources and API versioning unless existing API routes do not, then you should follow existing application convention.
## Controllers & Validation
- Always create Form Request classes for validation rather than inline validation in controllers. Include both validation rules and custom error messages.
- Check sibling Form Requests to see if the application uses array or string based validation rules.
## Authentication & Authorization
- Use Laravel's built-in authentication and authorization features (gates, policies, Sanctum, etc.).
## URL Generation
- When generating links to other pages, prefer named routes and the `route()` function.
## Queues
- Use queued jobs for time-consuming operations with the `ShouldQueue` interface.
## Configuration
- Use environment variables only in configuration files - never use the `env()` function directly outside of config files. Always use `config('app.name')`, not `env('APP_NAME')`.
## Testing
- When creating models for tests, use the factories for the models. Check if the factory has custom states that can be used before manually setting up the model.
- Faker: Use methods such as `$this->faker->word()` or `fake()->randomDigit()`. Follow existing conventions whether to use `$this->faker` or `fake()`.
- When creating tests, make use of `php artisan make:test [options] {name}` to create a feature test, and pass `--unit` to create a unit test. Most tests should be feature tests.
## Vite Error
- If you receive an "Illuminate\Foundation\ViteException: Unable to locate file in Vite manifest" error, you can run `npm run build` or ask the user to run `npm run dev` or `composer run dev`.
=== laravel/v12 rules ===
# Laravel 12
- CRITICAL: ALWAYS use `search-docs` tool for version-specific Laravel documentation and updated code examples.
- Since Laravel 11, Laravel has a new streamlined file structure which this project uses.
## Laravel 12 Structure
- In Laravel 12, middleware are no longer registered in `app/Http/Kernel.php`.
- Middleware are configured declaratively in `bootstrap/app.php` using `Application::configure()->withMiddleware()`.
- `bootstrap/app.php` is the file to register middleware, exceptions, and routing files.
- `bootstrap/providers.php` contains application specific service providers.
- The `app\Console\Kernel.php` file no longer exists; use `bootstrap/app.php` or `routes/console.php` for console configuration.
- Console commands in `app/Console/Commands/` are automatically available and do not require manual registration.
## Database
- When modifying a column, the migration must include all of the attributes that were previously defined on the column. Otherwise, they will be dropped and lost.
- Laravel 12 allows limiting eagerly loaded records natively, without external packages: `$query->latest()->limit(10);`.
### Models
- Casts can and likely should be set in a `casts()` method on a model rather than the `$casts` property. Follow existing conventions from other models.
=== pint/core rules ===
# Laravel Pint Code Formatter
- You must run `vendor/bin/pint --dirty --format agent` before finalizing changes to ensure your code matches the project's expected style.
- Do not run `vendor/bin/pint --test --format agent`, simply run `vendor/bin/pint --format agent` to fix any formatting issues.
=== pest/core rules ===
## Pest
- This project uses Pest for testing. Create tests: `php artisan make:test --pest {name}`.
- Run tests: `php artisan test --compact` or filter: `php artisan test --compact --filter=testName`.
- Do NOT delete tests without approval.
- CRITICAL: ALWAYS use `search-docs` tool for version-specific Pest documentation and updated code examples.
- IMPORTANT: Activate `pest-testing` every time you're working with a Pest or testing-related task.
</laravel-boost-guidelines>

43
backend/Dockerfile Normal file
View File

@@ -0,0 +1,43 @@
FROM php:8.4-cli
# Install system dependencies
RUN apt-get update && apt-get install -y \
git \
curl \
libpng-dev \
libonig-dev \
libxml2-dev \
zip \
unzip \
libpq-dev \
libzip-dev \
&& docker-php-ext-install pdo pdo_pgsql mbstring exif pcntl bcmath gd zip
# Install Redis extension
RUN pecl install redis && docker-php-ext-enable redis
# Install Composer
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
# Set working directory
WORKDIR /var/www/html
# Copy existing application directory contents
COPY . .
# Install PHP dependencies
RUN composer install --no-interaction --optimize-autoloader
# Install Laravel Boost
RUN php artisan boost:install
RUN php artisan vendor:publish --provider="Laravel\Boost\BoostServiceProvider"
RUN php artisan config:clear
RUN composer dump-autoload
# Set permissions
RUN chmod -R 755 /var/www/html/storage
EXPOSE 3000
# Run Laravel development server
CMD ["php", "artisan", "serve", "--host=0.0.0.0", "--port=3000"]

59
backend/README.md Normal file
View File

@@ -0,0 +1,59 @@
<p align="center"><a href="https://laravel.com" target="_blank"><img src="https://raw.githubusercontent.com/laravel/art/master/logo-lockup/5%20SVG/2%20CMYK/1%20Full%20Color/laravel-logolockup-cmyk-red.svg" width="400" alt="Laravel Logo"></a></p>
<p align="center">
<a href="https://github.com/laravel/framework/actions"><img src="https://github.com/laravel/framework/workflows/tests/badge.svg" alt="Build Status"></a>
<a href="https://packagist.org/packages/laravel/framework"><img src="https://img.shields.io/packagist/dt/laravel/framework" alt="Total Downloads"></a>
<a href="https://packagist.org/packages/laravel/framework"><img src="https://img.shields.io/packagist/v/laravel/framework" alt="Latest Stable Version"></a>
<a href="https://packagist.org/packages/laravel/framework"><img src="https://img.shields.io/packagist/l/laravel/framework" alt="License"></a>
</p>
## About Laravel
Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experience to be truly fulfilling. Laravel takes the pain out of development by easing common tasks used in many web projects, such as:
- [Simple, fast routing engine](https://laravel.com/docs/routing).
- [Powerful dependency injection container](https://laravel.com/docs/container).
- Multiple back-ends for [session](https://laravel.com/docs/session) and [cache](https://laravel.com/docs/cache) storage.
- Expressive, intuitive [database ORM](https://laravel.com/docs/eloquent).
- Database agnostic [schema migrations](https://laravel.com/docs/migrations).
- [Robust background job processing](https://laravel.com/docs/queues).
- [Real-time event broadcasting](https://laravel.com/docs/broadcasting).
Laravel is accessible, powerful, and provides tools required for large, robust applications.
## Learning Laravel
Laravel has the most extensive and thorough [documentation](https://laravel.com/docs) and video tutorial library of all modern web application frameworks, making it a breeze to get started with the framework. You can also check out [Laravel Learn](https://laravel.com/learn), where you will be guided through building a modern Laravel application.
If you don't feel like reading, [Laracasts](https://laracasts.com) can help. Laracasts contains thousands of video tutorials on a range of topics including Laravel, modern PHP, unit testing, and JavaScript. Boost your skills by digging into our comprehensive video library.
## Laravel Sponsors
We would like to extend our thanks to the following sponsors for funding Laravel development. If you are interested in becoming a sponsor, please visit the [Laravel Partners program](https://partners.laravel.com).
### Premium Partners
- **[Vehikl](https://vehikl.com)**
- **[Tighten Co.](https://tighten.co)**
- **[Kirschbaum Development Group](https://kirschbaumdevelopment.com)**
- **[64 Robots](https://64robots.com)**
- **[Curotec](https://www.curotec.com/services/technologies/laravel)**
- **[DevSquad](https://devsquad.com/hire-laravel-developers)**
- **[Redberry](https://redberry.international/laravel-development)**
- **[Active Logic](https://activelogic.com)**
## Contributing
Thank you for considering contributing to the Laravel framework! The contribution guide can be found in the [Laravel documentation](https://laravel.com/docs/contributions).
## Code of Conduct
In order to ensure that the Laravel community is welcoming to all, please review and abide by the [Code of Conduct](https://laravel.com/docs/contributions#code-of-conduct).
## Security Vulnerabilities
If you discover a security vulnerability within Laravel, please send an e-mail to Taylor Otwell via [taylor@laravel.com](mailto:taylor@laravel.com). All security vulnerabilities will be promptly addressed.
## License
The Laravel framework is open-sourced software licensed under the [MIT license](https://opensource.org/licenses/MIT).

180
backend/app/Http/Controllers/Api/AuthController.php Normal file
View File

@@ -0,0 +1,180 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\User;
use App\Services\JwtService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
/**
* @group Authentication
*
* Endpoints for JWT authentication and session lifecycle.
*/
class AuthController extends Controller
{
/**
* JWT Service instance
*/
protected JwtService $jwtService;
/**
* Constructor
*/
public function __construct(JwtService $jwtService)
{
$this->jwtService = $jwtService;
}
/**
* Login and get tokens
*
* Authenticate with email and password to receive an access token and refresh token.
*
* @bodyParam email string required User email address. Example: user@example.com
* @bodyParam password string required User password. Example: secret123
*
* @response 200 {
* "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
* "refresh_token": "abc123def456",
* "token_type": "bearer",
* "expires_in": 3600,
* "user": {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "name": "Alice Johnson",
* "email": "user@example.com",
* "role": "manager"
* }
* }
* @response 401 {"message":"Invalid credentials"}
* @response 403 {"message":"Account is inactive"}
* @response 422 {"errors":{"email":["The email field is required."],"password":["The password field is required."]}}
*/
public function login(Request $request): JsonResponse
{
$validator = Validator::make($request->all(), [
'email' => 'required|string|email',
'password' => 'required|string',
]);
if ($validator->fails()) {
return response()->json([
'message' => 'Validation failed',
'errors' => $validator->errors(),
], 422);
}
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
return response()->json([
'message' => 'Invalid credentials',
], 401);
}
if (! $user->active) {
return response()->json([
'message' => 'Account is inactive',
], 403);
}
$accessToken = $this->jwtService->generateAccessToken($user);
$refreshToken = $this->jwtService->generateRefreshToken($user);
return response()->json([
'access_token' => $accessToken,
'refresh_token' => $refreshToken,
'token_type' => 'bearer',
'expires_in' => $this->jwtService->getAccessTokenTTL(),
'user' => [
'id' => $user->id,
'name' => $user->name,
'email' => $user->email,
'role' => $user->role,
],
]);
}
/**
* Refresh access token
*
* Exchange a valid refresh token for a new access token and refresh token pair.
*
* @authenticated
* @bodyParam refresh_token string required Refresh token returned by login. Example: abc123def456
*
* @response 200 {
* "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
* "refresh_token": "newtoken123",
* "token_type": "bearer",
* "expires_in": 3600
* }
* @response 401 {"message":"Invalid or expired refresh token"}
*/
public function refresh(Request $request): JsonResponse
{
$refreshToken = $request->input('refresh_token');
if (empty($refreshToken)) {
return response()->json([
'message' => 'Refresh token is required',
], 422);
}
$userId = $this->jwtService->getUserIdFromRefreshToken($refreshToken);
if (! $userId) {
return response()->json([
'message' => 'Invalid or expired refresh token',
], 401);
}
$user = User::find($userId);
if (! $user) {
return response()->json([
'message' => 'Invalid or expired refresh token',
], 401);
}
$this->jwtService->invalidateRefreshToken($refreshToken, $userId);
$accessToken = $this->jwtService->generateAccessToken($user);
$newRefreshToken = $this->jwtService->generateRefreshToken($user);
return response()->json([
'access_token' => $accessToken,
'refresh_token' => $newRefreshToken,
'token_type' => 'bearer',
'expires_in' => $this->jwtService->getAccessTokenTTL(),
]);
}
/**
* Logout current session
*
* Invalidate a refresh token and end the active authenticated session.
*
* @authenticated
* @bodyParam refresh_token string Optional refresh token to invalidate immediately. Example: abc123def456
*
* @response 200 {"message":"Logged out successfully"}
*/
public function logout(Request $request): JsonResponse
{
$user = $request->user();
$refreshToken = $request->input('refresh_token');
if ($refreshToken) {
$this->jwtService->invalidateRefreshToken($refreshToken, $user?->id);
}
return response()->json([
'message' => 'Logged out successfully',
]);
}
}

390
backend/app/Http/Controllers/Api/ProjectController.php Normal file
View File

@@ -0,0 +1,390 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\Project;
use App\Models\ProjectStatus;
use App\Models\ProjectType;
use App\Services\ProjectService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
/**
* @group Projects
*
* Endpoints for managing projects.
*/
class ProjectController extends Controller
{
/**
* Project Service instance
*/
protected ProjectService $projectService;
/**
* Constructor
*/
public function __construct(ProjectService $projectService)
{
$this->projectService = $projectService;
}
/**
* List all projects
*
* Get a list of all projects with optional filtering by status and type.
*
* @authenticated
*
* @queryParam status_id integer Filter by status ID. Example: 1
* @queryParam type_id integer Filter by type ID. Example: 2
*
* @response 200 [
* {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "code": "PROJ-001",
* "title": "Client Dashboard Redesign",
* "status_id": 1,
* "status": {"id": 1, "name": "Pre-sales"},
* "type_id": 2,
* "type": {"id": 2, "name": "Support"},
* "approved_estimate": "120.00",
* "forecasted_effort": {"2024-02": 40, "2024-03": 60, "2024-04": 20},
* "created_at": "2024-01-15T10:00:00.000000Z",
* "updated_at": "2024-01-15T10:00:00.000000Z"
* }
* ]
*/
public function index(Request $request): JsonResponse
{
$statusId = $request->query('status_id') ? (int) $request->query('status_id') : null;
$typeId = $request->query('type_id') ? (int) $request->query('type_id') : null;
$projects = $this->projectService->getAll($statusId, $typeId);
return response()->json($projects);
}
/**
* Create a new project
*
* Create a new project with code, title, and type.
*
* @authenticated
*
* @bodyParam code string required Project code (must be unique). Example: PROJ-001
* @bodyParam title string required Project title. Example: Client Dashboard Redesign
* @bodyParam type_id integer required Project type ID. Example: 1
*
* @response 201 {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "code": "PROJ-001",
* "title": "Client Dashboard Redesign",
* "status_id": 1,
* "status": {"id": 1, "name": "Pre-sales"},
* "type_id": 1,
* "type": {"id": 1, "name": "Project"}
* }
* @response 422 {"message":"Validation failed","errors":{"code":["Project code must be unique"],"title":["The title field is required."]}}
*/
public function store(Request $request): JsonResponse
{
try {
$project = $this->projectService->create($request->all());
return response()->json($project, 201);
} catch (ValidationException $e) {
return response()->json([
'message' => 'Validation failed',
'errors' => $e->validator->errors(),
], 422);
}
}
/**
* Get a single project
*
* Get details of a specific project by ID.
*
* @authenticated
*
* @urlParam id string required Project UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @response 200 {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "code": "PROJ-001",
* "title": "Client Dashboard Redesign",
* "status": {"id": 1, "name": "Pre-sales"},
* "type": {"id": 1, "name": "Project"},
* "approved_estimate": "120.00",
* "forecasted_effort": {"2024-02": 40, "2024-03": 60}
* }
* @response 404 {"message":"Project not found"}
*/
public function show(string $id): JsonResponse
{
$project = $this->projectService->findById($id);
if (! $project) {
return response()->json([
'message' => 'Project not found',
], 404);
}
return response()->json($project);
}
/**
* Update a project
*
* Update details of an existing project.
*
* @authenticated
*
* @urlParam id string required Project UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @bodyParam code string Project code (must be unique). Example: PROJ-002
* @bodyParam title string Project title. Example: Updated Title
* @bodyParam type_id integer Project type ID. Example: 2
*
* @response 200 {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "code": "PROJ-002",
* "title": "Updated Title",
* "type_id": 2
* }
* @response 404 {"message":"Project not found"}
* @response 422 {"message":"Validation failed","errors":{"type_id":["The selected type id is invalid."]}}
*/
public function update(Request $request, string $id): JsonResponse
{
$project = Project::find($id);
if (! $project) {
return response()->json([
'message' => 'Project not found',
], 404);
}
try {
$project = $this->projectService->update($project, $request->only([
'code', 'title', 'type_id',
]));
return response()->json($project);
} catch (ValidationException $e) {
return response()->json([
'message' => 'Validation failed',
'errors' => $e->validator->errors(),
], 422);
}
}
/**
* Transition project status
*
* Transition project to a new status following the state machine rules.
*
* @authenticated
*
* @urlParam id string required Project UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @bodyParam status_id integer required Target status ID. Example: 2
*
* @response 200 {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "status": {"id": 2, "name": "SOW Approval"}
* }
* @response 404 {"message":"Project not found"}
* @response 422 {"message":"Cannot transition from Pre-sales to Done"}
*/
public function updateStatus(Request $request, string $id): JsonResponse
{
$project = Project::with('status')->find($id);
if (! $project) {
return response()->json([
'message' => 'Project not found',
], 404);
}
$request->validate([
'status_id' => 'required|integer|exists:project_statuses,id',
]);
try {
$project = $this->projectService->transitionStatus(
$project,
(int) $request->input('status_id')
);
return response()->json($project);
} catch (\RuntimeException $e) {
return response()->json([
'message' => $e->getMessage(),
], 422);
}
}
/**
* Set approved estimate
*
* Set the approved billable hours estimate for a project.
*
* @authenticated
*
* @urlParam id string required Project UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @bodyParam approved_estimate number required Approved estimate hours (must be > 0). Example: 120
*
* @response 200 {"id":"550e8400-e29b-41d4-a716-446655440000", "approved_estimate":"120.00"}
* @response 404 {"message":"Project not found"}
* @response 422 {"message":"Approved estimate must be greater than 0"}
*/
public function setEstimate(Request $request, string $id): JsonResponse
{
$project = Project::find($id);
if (! $project) {
return response()->json([
'message' => 'Project not found',
], 404);
}
$request->validate([
'approved_estimate' => 'required|numeric',
]);
try {
$project = $this->projectService->setApprovedEstimate(
$project,
(float) $request->input('approved_estimate')
);
return response()->json($project);
} catch (\RuntimeException $e) {
return response()->json([
'message' => $e->getMessage(),
], 422);
}
}
/**
* Set forecasted effort
*
* Set the month-by-month forecasted effort breakdown.
*
* @authenticated
*
* @urlParam id string required Project UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @bodyParam forecasted_effort object required Monthly effort breakdown. Example: {"2024-02": 40, "2024-03": 60}
*
* @response 200 {"id":"550e8400-e29b-41d4-a716-446655440000", "forecasted_effort":{"2024-02":40,"2024-03":60}}
* @response 404 {"message":"Project not found"}
* @response 422 {"message":"Forecasted effort exceeds approved estimate by more than 5%"}
*/
public function setForecast(Request $request, string $id): JsonResponse
{
$project = Project::find($id);
if (! $project) {
return response()->json([
'message' => 'Project not found',
], 404);
}
$request->validate([
'forecasted_effort' => 'required|array',
]);
try {
$project = $this->projectService->setForecastedEffort(
$project,
$request->input('forecasted_effort')
);
return response()->json($project);
} catch (\RuntimeException $e) {
return response()->json([
'message' => $e->getMessage(),
], 422);
}
}
/**
* Get all project types
*
* @authenticated
*
* @response 200 [
* {"id": 1, "name": "Project"},
* {"id": 2, "name": "Support"},
* {"id": 3, "name": "Engagement"}
* ]
*/
public function types(): JsonResponse
{
$types = ProjectType::orderBy('name')->get(['id', 'name']);
return response()->json($types);
}
/**
* Get all project statuses
*
* @authenticated
*
* @response 200 [
* {"id": 1, "name": "Pre-sales", "order": 1},
* {"id": 2, "name": "SOW Approval", "order": 2},
* {"id": 3, "name": "Gathering Estimates", "order": 3}
* ]
*/
public function statuses(): JsonResponse
{
$statuses = ProjectStatus::orderBy('order')->get(['id', 'name', 'order']);
return response()->json($statuses);
}
/**
* Delete a project
*
* Delete a project. Cannot delete if project has allocations or actuals.
*
* @authenticated
*
* @urlParam id string required Project UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @response 200 {"message":"Project deleted successfully"}
* @response 404 {"message":"Project not found"}
* @response 422 {"message":"Cannot delete project with allocations"}
*/
public function destroy(string $id): JsonResponse
{
$project = Project::find($id);
if (! $project) {
return response()->json([
'message' => 'Project not found',
], 404);
}
$canDelete = $this->projectService->canDelete($project);
if (! $canDelete['canDelete']) {
return response()->json([
'message' => "Cannot delete project with {$canDelete['reason']}",
], 422);
}
$project->delete();
return response()->json([
'message' => 'Project deleted successfully',
]);
}
}

230
backend/app/Http/Controllers/Api/TeamMemberController.php Normal file
View File

@@ -0,0 +1,230 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\TeamMember;
use App\Services\TeamMemberService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
/**
* @group Team Members
*
* Endpoints for managing team members.
*/
class TeamMemberController extends Controller
{
/**
* Team Member Service instance
*/
protected TeamMemberService $teamMemberService;
/**
* Constructor
*/
public function __construct(TeamMemberService $teamMemberService)
{
$this->teamMemberService = $teamMemberService;
}
/**
* List all team members
*
* Get a list of all team members with optional filtering by active status.
*
* @authenticated
* @queryParam active boolean Filter by active status. Example: true
*
* @response 200 [
* {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "name": "John Doe",
* "role_id": 1,
* "role": {
* "id": 1,
* "name": "Backend Developer"
* },
* "hourly_rate": "150.00",
* "active": true,
* "created_at": "2024-01-15T10:00:00.000000Z",
* "updated_at": "2024-01-15T10:00:00.000000Z"
* }
* ]
*/
public function index(Request $request): JsonResponse
{
$active = $request->has('active')
? filter_var($request->query('active'), FILTER_VALIDATE_BOOLEAN)
: null;
$teamMembers = $this->teamMemberService->getAll($active);
return response()->json($teamMembers);
}
/**
* Create a new team member
*
* Create a new team member with name, role, and hourly rate.
*
* @authenticated
* @bodyParam name string required Team member name. Example: John Doe
* @bodyParam role_id integer required Role ID. Example: 1
* @bodyParam hourly_rate numeric required Hourly rate (must be > 0). Example: 150.00
* @bodyParam active boolean Active status (defaults to true). Example: true
*
* @response 201 {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "name": "John Doe",
* "role_id": 1,
* "role": {
* "id": 1,
* "name": "Backend Developer"
* },
* "hourly_rate": "150.00",
* "active": true,
* "created_at": "2024-01-15T10:00:00.000000Z",
* "updated_at": "2024-01-15T10:00:00.000000Z"
* }
* @response 422 {"message":"Validation failed","errors":{"name":["The name field is required."],"hourly_rate":["Hourly rate must be greater than 0"]}}
*/
public function store(Request $request): JsonResponse
{
try {
$teamMember = $this->teamMemberService->create($request->all());
return response()->json($teamMember, 201);
} catch (ValidationException $e) {
return response()->json([
'message' => 'Validation failed',
'errors' => $e->validator->errors(),
], 422);
}
}
/**
* Get a single team member
*
* Get details of a specific team member by ID.
*
* @authenticated
* @urlParam id string required Team member UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @response 200 {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "name": "John Doe",
* "role_id": 1,
* "role": {
* "id": 1,
* "name": "Backend Developer"
* },
* "hourly_rate": "150.00",
* "active": true,
* "created_at": "2024-01-15T10:00:00.000000Z",
* "updated_at": "2024-01-15T10:00:00.000000Z"
* }
* @response 404 {"message":"Team member not found"}
*/
public function show(string $id): JsonResponse
{
$teamMember = $this->teamMemberService->findById($id);
if (! $teamMember) {
return response()->json([
'message' => 'Team member not found',
], 404);
}
return response()->json($teamMember);
}
/**
* Update a team member
*
* Update details of an existing team member.
*
* @authenticated
* @urlParam id string required Team member UUID. Example: 550e8400-e29b-41d4-a716-446655440000
* @bodyParam name string Team member name. Example: John Doe
* @bodyParam role_id integer Role ID. Example: 1
* @bodyParam hourly_rate numeric Hourly rate (must be > 0). Example: 175.00
* @bodyParam active boolean Active status. Example: false
*
* @response 200 {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "name": "John Doe",
* "role_id": 1,
* "role": {
* "id": 1,
* "name": "Backend Developer"
* },
* "hourly_rate": "175.00",
* "active": false,
* "created_at": "2024-01-15T10:00:00.000000Z",
* "updated_at": "2024-01-15T11:00:00.000000Z"
* }
* @response 404 {"message":"Team member not found"}
* @response 422 {"message":"Validation failed","errors":{"hourly_rate":["Hourly rate must be greater than 0"]}}
*/
public function update(Request $request, string $id): JsonResponse
{
$teamMember = TeamMember::find($id);
if (! $teamMember) {
return response()->json([
'message' => 'Team member not found',
], 404);
}
try {
$teamMember = $this->teamMemberService->update($teamMember, $request->only([
'name', 'role_id', 'hourly_rate', 'active'
]));
return response()->json($teamMember);
} catch (ValidationException $e) {
return response()->json([
'message' => 'Validation failed',
'errors' => $e->validator->errors(),
], 422);
}
}
/**
* Delete a team member
*
* Delete a team member. Cannot delete if member has allocations or actuals.
*
* @authenticated
* @urlParam id string required Team member UUID. Example: 550e8400-e29b-41d4-a716-446655440000
*
* @response 200 {"message":"Team member deleted successfully"}
* @response 404 {"message":"Team member not found"}
* @response 422 {"message":"Cannot delete team member with active allocations","suggestion":"Consider deactivating the team member instead"}
* @response 422 {"message":"Cannot delete team member with historical data","suggestion":"Consider deactivating the team member instead"}
*/
public function destroy(string $id): JsonResponse
{
$teamMember = TeamMember::find($id);
if (! $teamMember) {
return response()->json([
'message' => 'Team member not found',
], 404);
}
try {
$this->teamMemberService->delete($teamMember);
return response()->json([
'message' => 'Team member deleted successfully',
]);
} catch (\RuntimeException $e) {
return response()->json([
'message' => $e->getMessage(),
'suggestion' => 'Consider deactivating the team member instead',
], 422);
}
}
}

8
backend/app/Http/Controllers/Controller.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
namespace App\Http\Controllers;
abstract class Controller
{
//
}

82
backend/app/Http/Middleware/JwtAuth.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class JwtAuth
{
public function handle(Request $request, Closure $next): Response
{
$token = $this->extractToken($request);
if (! $token) {
return response()->json([
'message' => 'Authentication required',
], 401);
}
$payload = $this->decodeJWT($token);
if (! $payload) {
return response()->json([
'message' => 'Invalid token',
], 401);
}
if ($payload->exp < time()) {
return response()->json([
'message' => 'Token expired',
], 401);
}
$user = \App\Models\User::find($payload->sub);
if (! $user) {
return response()->json([
'message' => 'User not found',
], 401);
}
auth()->setUser($user);
$request->setUserResolver(fn () => $user);
return $next($request);
}
protected function extractToken(Request $request): ?string
{
$header = $request->header('Authorization');
if (! $header || ! str_starts_with($header, 'Bearer ')) {
return null;
}
return substr($header, 7);
}
protected function decodeJWT(string $token): ?object
{
$parts = explode('.', $token);
if (count($parts) !== 3) {
return null;
}
list($header, $payload, $signature) = $parts;
$expectedSignature = hash_hmac('sha256', $header . '.' . $payload, config('app.key'), true);
$expectedSignature = base64_encode($expectedSignature);
$expectedSignature = str_replace(['+', '/', '='], ['-', '_', ''], $expectedSignature);
if (! hash_equals($expectedSignature, $signature)) {
return null;
}
$payload = base64_decode(str_replace(['-', '_'], ['+', '/'], $payload));
return json_decode($payload);
}
}

46
backend/app/Models/Actual.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
class Actual extends Model
{
use HasFactory, HasUuids;
protected $primaryKey = 'id';
public $incrementing = false;
protected $keyType = 'string';
protected $table = 'actuals';
protected $fillable = [
'project_id',
'team_member_id',
'month',
'hours_logged',
];
protected $casts = [
'month' => 'date',
'hours_logged' => 'decimal:2',
];
/**
* Get the project that owns the actual.
*/
public function project()
{
return $this->belongsTo(Project::class);
}
/**
* Get the team member that owns the actual.
*/
public function teamMember()
{
return $this->belongsTo(TeamMember::class);
}
}

44
backend/app/Models/Allocation.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
class Allocation extends Model
{
use HasFactory, HasUuids;
protected $primaryKey = 'id';
public $incrementing = false;
protected $keyType = 'string';
protected $fillable = [
'project_id',
'team_member_id',
'month',
'allocated_hours',
];
protected $casts = [
'month' => 'date',
'allocated_hours' => 'decimal:2',
];
/**
* Get the project that owns the allocation.
*/
public function project()
{
return $this->belongsTo(Project::class);
}
/**
* Get the team member that owns the allocation.
*/
public function teamMember()
{
return $this->belongsTo(TeamMember::class);
}
}

26
backend/app/Models/Holiday.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
class Holiday extends Model
{
use HasFactory, HasUuids;
protected $primaryKey = 'id';
public $incrementing = false;
protected $keyType = 'string';
protected $fillable = [
'date',
'name',
'description',
];
protected $casts = [
'date' => 'date',
];
}

63
backend/app/Models/Project.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
class Project extends Model
{
use HasFactory, HasUuids;
protected $primaryKey = 'id';
public $incrementing = false;
protected $keyType = 'string';
protected $fillable = [
'code',
'title',
'status_id',
'type_id',
'approved_estimate',
'forecasted_effort',
];
protected $casts = [
'approved_estimate' => 'decimal:2',
'forecasted_effort' => 'array',
];
/**
* Get the status that owns the project.
*/
public function status()
{
return $this->belongsTo(ProjectStatus::class, 'status_id');
}
/**
* Get the type that owns the project.
*/
public function type()
{
return $this->belongsTo(ProjectType::class, 'type_id');
}
/**
* Get the allocations for the project.
*/
public function allocations(): HasMany
{
return $this->hasMany(Allocation::class);
}
/**
* Get the actuals for the project.
*/
public function actuals(): HasMany
{
return $this->hasMany(Actual::class);
}
}

33
backend/app/Models/ProjectStatus.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\HasMany;
class ProjectStatus extends Model
{
use HasFactory;
protected $fillable = [
'name',
'order',
'is_active',
'is_billable',
];
protected $casts = [
'order' => 'integer',
'is_active' => 'boolean',
'is_billable' => 'boolean',
];
/**
* Get the projects for the status.
*/
public function projects(): HasMany
{
return $this->hasMany(Project::class, 'status_id');
}
}

25
backend/app/Models/ProjectType.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\HasMany;
class ProjectType extends Model
{
use HasFactory;
protected $fillable = [
'name',
'description',
];
/**
* Get the projects for the type.
*/
public function projects(): HasMany
{
return $this->hasMany(Project::class, 'type_id');
}
}

39
backend/app/Models/Pto.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
class Pto extends Model
{
use HasFactory, HasUuids;
protected $primaryKey = 'id';
public $incrementing = false;
protected $keyType = 'string';
protected $table = 'ptos';
protected $fillable = [
'team_member_id',
'start_date',
'end_date',
'reason',
'status',
];
protected $casts = [
'start_date' => 'date',
'end_date' => 'date',
];
/**
* Get the team member that owns the PTO.
*/
public function teamMember()
{
return $this->belongsTo(TeamMember::class);
}
}

25
backend/app/Models/Role.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\HasMany;
class Role extends Model
{
use HasFactory;
protected $fillable = [
'name',
'description',
];
/**
* Get the team members for the role.
*/
public function teamMembers(): HasMany
{
return $this->hasMany(TeamMember::class);
}
}

61
backend/app/Models/TeamMember.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
class TeamMember extends Model
{
use HasFactory, HasUuids;
protected $primaryKey = 'id';
public $incrementing = false;
protected $keyType = 'string';
protected $fillable = [
'name',
'role_id',
'hourly_rate',
'active',
];
protected $casts = [
'hourly_rate' => 'decimal:2',
'active' => 'boolean',
];
/**
* Get the role that owns the team member.
*/
public function role()
{
return $this->belongsTo(Role::class);
}
/**
* Get the allocations for the team member.
*/
public function allocations(): HasMany
{
return $this->hasMany(Allocation::class);
}
/**
* Get the actuals for the team member.
*/
public function actuals(): HasMany
{
return $this->hasMany(Actual::class);
}
/**
* Get the PTOs for the team member.
*/
public function ptos(): HasMany
{
return $this->hasMany(Pto::class);
}
}

78
backend/app/Models/User.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
namespace App\Models;
// use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
use Tymon\JWTAuth\Contracts\JWTSubject;
class User extends Authenticatable implements JWTSubject
{
/** @use HasFactory<\Database\Factories\UserFactory> */
use HasFactory, Notifiable, HasUuids;
protected $primaryKey = 'id';
public $incrementing = false;
protected $keyType = 'string';
/**
* The attributes that are mass assignable.
*
* @var list<string>
*/
protected $fillable = [
'name',
'email',
'password',
'role',
];
/**
* The attributes that should be hidden for serialization.
*
* @var list<string>
*/
protected $hidden = [
'password',
'remember_token',
];
/**
* Get the attributes that should be cast.
*
* @return array<string, string>
*/
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
];
}
/**
* Get the identifier that will be stored in the subject claim of the JWT.
*
* @return mixed
*/
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* @return array
*/
public function getJWTCustomClaims()
{
return [
'role' => $this->role,
'email' => $this->email,
];
}
}

99
backend/app/Policies/ProjectPolicy.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
namespace App\Policies;
use App\Models\Project;
use App\Models\User;
class ProjectPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
// All authenticated users can view projects
return true;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Project $project): bool
{
// All authenticated users can view individual projects
return true;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
// Only superusers and managers can create projects
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Project $project): bool
{
// Only superusers and managers can update projects
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Project $project): bool
{
// Only superusers and managers can delete projects
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can transition project status.
*/
public function updateStatus(User $user, Project $project): bool
{
// Only superusers and managers can transition status
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can set approved estimate.
*/
public function setEstimate(User $user, Project $project): bool
{
// Only superusers and managers can set estimates
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can set forecasted effort.
*/
public function setForecast(User $user, Project $project): bool
{
// Only superusers and managers can set forecasts
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, Project $project): bool
{
// Only superusers and managers can restore projects
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, Project $project): bool
{
// Only superusers can force delete projects
return $user->role === 'superuser';
}
}

72
backend/app/Policies/TeamMemberPolicy.php Normal file
View File

@@ -0,0 +1,72 @@
<?php
namespace App\Policies;
use App\Models\TeamMember;
use App\Models\User;
class TeamMemberPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
// All authenticated users can view team members
return true;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, TeamMember $teamMember): bool
{
// All authenticated users can view individual team members
return true;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
// Only superusers and managers can create team members
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, TeamMember $teamMember): bool
{
// Only superusers and managers can update team members
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, TeamMember $teamMember): bool
{
// Only superusers and managers can delete team members
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, TeamMember $teamMember): bool
{
// Only superusers and managers can restore team members
return in_array($user->role, ['superuser', 'manager']);
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, TeamMember $teamMember): bool
{
// Only superusers can force delete team members
return $user->role === 'superuser';
}
}

24
backend/app/Providers/AppServiceProvider.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
//
}
/**
* Bootstrap any application services.
*/
public function boot(): void
{
//
}
}

283
backend/app/Services/JwtService.php Normal file
View File

@@ -0,0 +1,283 @@
<?php
namespace App\Services;
use App\Models\User;
use Illuminate\Support\Facades\Cache;
/**
* JWT Service
*
* Handles JWT token generation, validation, and refresh token management.
*/
class JwtService
{
/**
* Access token TTL in seconds (60 minutes)
*/
private const ACCESS_TOKEN_TTL = 3600;
/**
* Refresh token TTL in seconds (7 days)
*/
private const REFRESH_TOKEN_TTL = 604800;
/**
* Generate a new access token for a user
*
* @param User $user
* @return string
*/
public function generateAccessToken(User $user): string
{
$payload = [
'iss' => config('app.url', 'headroom'),
'sub' => $user->id,
'iat' => time(),
'exp' => time() + self::ACCESS_TOKEN_TTL,
'role' => $user->role,
'permissions' => $this->getPermissions($user->role),
'jti' => $this->generateTokenId(),
];
return $this->encodeJWT($payload);
}
/**
* Generate a new refresh token for a user
*
* @param User $user
* @return string
*/
public function generateRefreshToken(User $user): string
{
$token = $this->generateSecureToken();
$key = $this->getRefreshTokenKey($token);
Cache::put($key, $user->id, self::REFRESH_TOKEN_TTL);
return $token;
}
/**
* Get user ID from a refresh token
*
* @param string $token
* @return string|null
*/
public function getUserIdFromRefreshToken(string $token): ?string
{
return Cache::get($this->getRefreshTokenKey($token));
}
/**
* Invalidate a refresh token
*
* @param string $token
* @param string|null $userId
* @return void
*/
public function invalidateRefreshToken(string $token, ?string $userId = null): void
{
Cache::forget($this->getRefreshTokenKey($token));
}
/**
* Validate and decode a JWT token
*
* @param string $token
* @return array|null Returns payload array or null if invalid
*/
public function validateToken(string $token): ?array
{
$parts = explode('.', $token);
if (count($parts) !== 3) {
return null;
}
[$header, $payload, $signature] = $parts;
// Verify signature
$expectedSignature = $this->createSignature($header, $payload);
if (! hash_equals($expectedSignature, $signature)) {
return null;
}
// Decode payload
$payloadData = $this->base64UrlDecode($payload);
$payloadArray = json_decode($payloadData, true);
if (! is_array($payloadArray)) {
return null;
}
// Check expiration
if (isset($payloadArray['exp']) && $payloadArray['exp'] < time()) {
return null;
}
return $payloadArray;
}
/**
* Extract claims from a JWT token
*
* @param string $token
* @return array|null
*/
public function extractClaims(string $token): ?array
{
return $this->validateToken($token);
}
/**
* Get token expiration time
*
* @return int
*/
public function getAccessTokenTTL(): int
{
return self::ACCESS_TOKEN_TTL;
}
/**
* Get refresh token expiration time
*
* @return int
*/
public function getRefreshTokenTTL(): int
{
return self::REFRESH_TOKEN_TTL;
}
/**
* Get permissions for a role
*
* @param string $role
* @return array
*/
public function getPermissions(string $role): array
{
return match ($role) {
'superuser' => [
'manage_users',
'manage_team_members',
'manage_projects',
'manage_allocations',
'manage_actuals',
'view_reports',
'configure_system',
'view_audit_logs',
],
'manager' => [
'manage_projects',
'manage_allocations',
'manage_actuals',
'view_reports',
'manage_team_members',
],
'developer' => [
'manage_actuals',
'view_own_allocations',
'view_own_actuals',
'log_hours',
],
'top_brass' => [
'view_reports',
'view_allocations',
'view_actuals',
'view_capacity',
],
default => [],
};
}
/**
* Encode a JWT token
*
* @param array $payload
* @return string
*/
private function encodeJWT(array $payload): string
{
$header = $this->base64UrlEncode(json_encode(['typ' => 'JWT', 'alg' => 'HS256']));
$payload = $this->base64UrlEncode(json_encode($payload));
$signature = $this->createSignature($header, $payload);
return $header . '.' . $payload . '.' . $signature;
}
/**
* Create a signature for JWT
*
* @param string $header
* @param string $payload
* @return string
*/
private function createSignature(string $header, string $payload): string
{
$signature = hash_hmac('sha256', $header . '.' . $payload, config('app.key'), true);
return $this->base64UrlEncode($signature);
}
/**
* Generate a cryptographically secure random token
*
* @return string
*/
private function generateSecureToken(): string
{
return bin2hex(random_bytes(32));
}
/**
* Generate a unique token ID
*
* @return string
*/
private function generateTokenId(): string
{
return uniqid('token_', true);
}
/**
* Get cache key for refresh token
*
* @param string $token
* @return string
*/
private function getRefreshTokenKey(string $token): string
{
return "refresh_token:{$token}";
}
/**
* Base64URL encode
*
* @param string $data
* @return string
*/
private function base64UrlEncode(string $data): string
{
return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($data));
}
/**
* Base64URL decode
*
* @param string $data
* @return string
*/
private function base64UrlDecode(string $data): string
{
$padding = 4 - (strlen($data) % 4);
if ($padding !== 4) {
$data .= str_repeat('=', $padding);
}
return base64_decode(str_replace(['-', '_'], ['+', '/'], $data));
}
}

237
backend/app/Services/ProjectService.php Normal file
View File

@@ -0,0 +1,237 @@
<?php
namespace App\Services;
use App\Models\Project;
use App\Models\ProjectStatus;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\ValidationException;
/**
* Project Service
*
* Handles business logic for project operations.
*/
class ProjectService
{
public function __construct(protected ProjectStatusService $statusService) {}
/**
* Get all projects with optional filtering.
*
* @param int|null $statusId Filter by status ID
* @param int|null $typeId Filter by type ID
* @return Collection<Project>
*/
public function getAll(?int $statusId = null, ?int $typeId = null): Collection
{
$query = Project::with([
'status:id,name,order',
'type:id,name',
])
->select('projects.*')
->leftJoin('project_statuses', 'projects.status_id', '=', 'project_statuses.id');
if ($statusId !== null) {
$query->where('projects.status_id', $statusId);
}
if ($typeId !== null) {
$query->where('projects.type_id', $typeId);
}
return $query->get();
}
/**
* Find a project by ID.
*/
public function findById(string $id): ?Project
{
return Project::with(['status', 'type', 'allocations', 'actuals'])->find($id);
}
/**
* Create a new project.
*
* @throws ValidationException
*/
public function create(array $data): Project
{
$validator = Validator::make($data, [
'code' => 'required|string|max:50|unique:projects,code',
'title' => 'required|string|max:255',
'type_id' => 'required|integer|exists:project_types,id',
'status_id' => 'sometimes|integer|exists:project_statuses,id',
], [
'code.unique' => 'Project code must be unique',
]);
if ($validator->fails()) {
throw new ValidationException($validator);
}
// Default to first status (Pre-sales) if not provided
if (! isset($data['status_id'])) {
$initialStatus = ProjectStatus::orderBy('order')->first();
$data['status_id'] = $initialStatus?->id;
}
$project = Project::create($data);
$project->load(['status', 'type']);
return $project;
}
/**
* Update an existing project.
*
* @throws ValidationException
*/
public function update(Project $project, array $data): Project
{
$validator = Validator::make($data, [
'code' => 'sometimes|string|max:50|unique:projects,code,'.$project->id,
'title' => 'sometimes|string|max:255',
'type_id' => 'sometimes|integer|exists:project_types,id',
'status_id' => 'sometimes|integer|exists:project_statuses,id',
], [
'code.unique' => 'Project code must be unique',
]);
if ($validator->fails()) {
throw new ValidationException($validator);
}
$project->update($data);
$project->load(['status', 'type']);
return $project;
}
/**
* Transition project to a new status.
*
* @throws \RuntimeException
*/
public function transitionStatus(Project $project, int $newStatusId): Project
{
$newStatus = ProjectStatus::find($newStatusId);
if (! $newStatus) {
throw new \RuntimeException('Invalid status', 422);
}
$currentStatusName = $project->status->name;
$newStatusName = $newStatus->name;
// Check if transition is valid
if (! $this->statusService->canTransition($currentStatusName, $newStatusName)) {
throw new \RuntimeException(
"Cannot transition from {$currentStatusName} to {$newStatusName}",
422
);
}
// Special validation: Estimate Approved requires approved_estimate > 0
if ($this->statusService->requiresEstimate($newStatusName)) {
if (! $project->approved_estimate || $project->approved_estimate <= 0) {
throw new \RuntimeException(
'Cannot transition to Estimate Approved without an approved estimate',
422
);
}
}
$project->update(['status_id' => $newStatusId]);
$project->load(['status', 'type']);
return $project;
}
/**
* Set the approved estimate for a project.
*
* @throws \RuntimeException
*/
public function setApprovedEstimate(Project $project, float $estimate): Project
{
if ($estimate <= 0) {
throw new \RuntimeException('Approved estimate must be greater than 0', 422);
}
$project->update(['approved_estimate' => $estimate]);
$project->load(['status', 'type']);
return $project;
}
/**
* Set the forecasted effort for a project.
*
* @param array $forecastedEffort ['2024-01' => 40, '2024-02' => 60, ...]
*
* @throws \RuntimeException
*/
public function setForecastedEffort(Project $project, array $forecastedEffort): Project
{
// Calculate total forecasted hours
$totalForecasted = array_sum($forecastedEffort);
// If project has approved estimate, validate within tolerance
if ($project->approved_estimate && $project->approved_estimate > 0) {
$approved = (float) $project->approved_estimate;
$difference = $totalForecasted - $approved;
$percentageDiff = ($difference / $approved) * 100;
$tolerancePercent = 5;
if (abs($percentageDiff) > $tolerancePercent) {
$lowerBound = max(0, round($approved * (1 - $tolerancePercent / 100), 2));
$upperBound = round($approved * (1 + $tolerancePercent / 100), 2);
$message = sprintf(
'Forecasted effort (%s h) %s approved estimate (%s h) by %s hours (%s%%). Forecasted effort must be between %s and %s hours for a %s hour estimate.',
number_format($totalForecasted, 2, '.', ''),
$difference > 0 ? 'exceeds' : 'is below',
number_format($approved, 2, '.', ''),
number_format(abs($difference), 2, '.', ''),
number_format(abs($percentageDiff), 2, '.', ''),
number_format($lowerBound, 2, '.', ''),
number_format($upperBound, 2, '.', ''),
number_format($approved, 2, '.', '')
);
throw new \RuntimeException($message, 422);
}
}
$project->update(['forecasted_effort' => $forecastedEffort]);
$project->load(['status', 'type']);
return $project;
}
/**
* Check if a project can be deleted.
*
* @return array{canDelete: bool, reason?: string}
*/
public function canDelete(Project $project): array
{
if ($project->allocations()->exists()) {
return [
'canDelete' => false,
'reason' => 'Project has allocations',
];
}
if ($project->actuals()->exists()) {
return [
'canDelete' => false,
'reason' => 'Project has actuals',
];
}
return ['canDelete' => true];
}
}

61
backend/app/Services/ProjectStatusService.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
namespace App\Services;
/**
* Encapsulates the project lifecycle state machine.
*/
class ProjectStatusService
{
/**
* Valid status transitions for the project state machine.
* Key = from status, Value = array of valid target statuses
*/
protected array $statusTransitions = [
'Pre-sales' => ['SOW Approval'],
'SOW Approval' => ['Estimation', 'Pre-sales'],
'Estimation' => ['Estimate Approved', 'SOW Approval'],
'Estimate Approved' => ['Resource Allocation', 'Estimate Rework'],
'Resource Allocation' => ['Sprint 0', 'Estimate Approved'],
'Sprint 0' => ['In Progress', 'Resource Allocation'],
'In Progress' => ['UAT', 'Sprint 0', 'On Hold'],
'UAT' => ['Handover / Sign-off', 'In Progress', 'On Hold'],
'Handover / Sign-off' => ['Closed', 'UAT'],
'Estimate Rework' => ['Estimation'],
'On Hold' => ['In Progress', 'Cancelled'],
'Cancelled' => [],
'Closed' => [],
];
/**
* Return the valid target statuses for the provided current status.
*/
public function getValidTransitions(string $currentStatus): array
{
return $this->statusTransitions[$currentStatus] ?? [];
}
/**
* Determine if a transition from the current status to the target is allowed.
*/
public function canTransition(string $currentStatus, string $targetStatus): bool
{
return in_array($targetStatus, $this->getValidTransitions($currentStatus), true);
}
/**
* Return statuses that do not allow further transitions.
*/
public function getTerminalStatuses(): array
{
return array_keys(array_filter($this->statusTransitions, static fn (array $targets): bool => $targets === []));
}
/**
* Determine if a status requires an approved estimate before entering.
*/
public function requiresEstimate(string $statusName): bool
{
return $statusName === 'Estimate Approved';
}
}

160
backend/app/Services/TeamMemberService.php Normal file
View File

@@ -0,0 +1,160 @@
<?php
namespace App\Services;
use App\Models\TeamMember;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Validation\ValidationException;
use Illuminate\Support\Facades\Validator;
/**
* Team Member Service
*
* Handles business logic for team member operations.
*/
class TeamMemberService
{
/**
* Get all team members with optional filtering.
*
* @param bool|null $active Filter by active status
* @return Collection<TeamMember>
*/
public function getAll(?bool $active = null): Collection
{
$query = TeamMember::with('role');
if ($active !== null) {
$query->where('active', $active);
}
return $query->get();
}
/**
* Find a team member by ID.
*
* @param string $id
* @return TeamMember|null
*/
public function findById(string $id): ?TeamMember
{
return TeamMember::with('role')->find($id);
}
/**
* Create a new team member.
*
* @param array $data
* @return TeamMember
* @throws ValidationException
*/
public function create(array $data): TeamMember
{
$validator = Validator::make($data, [
'name' => 'required|string|max:255',
'role_id' => 'required|integer|exists:roles,id',
'hourly_rate' => 'required|numeric|gt:0',
'active' => 'boolean',
], [
'hourly_rate.gt' => 'Hourly rate must be greater than 0',
]);
if ($validator->fails()) {
throw new ValidationException($validator);
}
$teamMember = TeamMember::create([
'name' => $data['name'],
'role_id' => $data['role_id'],
'hourly_rate' => $data['hourly_rate'],
'active' => $data['active'] ?? true,
]);
$teamMember->load('role');
return $teamMember;
}
/**
* Update an existing team member.
*
* @param TeamMember $teamMember
* @param array $data
* @return TeamMember
* @throws ValidationException
*/
public function update(TeamMember $teamMember, array $data): TeamMember
{
$validator = Validator::make($data, [
'name' => 'sometimes|string|max:255',
'role_id' => 'sometimes|integer|exists:roles,id',
'hourly_rate' => 'sometimes|numeric|gt:0',
'active' => 'sometimes|boolean',
], [
'hourly_rate.gt' => 'Hourly rate must be greater than 0',
]);
if ($validator->fails()) {
throw new ValidationException($validator);
}
$teamMember->update($data);
$teamMember->load('role');
return $teamMember;
}
/**
* Delete a team member.
*
* @param TeamMember $teamMember
* @return void
* @throws \RuntimeException
*/
public function delete(TeamMember $teamMember): void
{
// Check if team member has allocations
if ($teamMember->allocations()->exists()) {
throw new \RuntimeException(
'Cannot delete team member with active allocations',
422
);
}
// Check if team member has actuals
if ($teamMember->actuals()->exists()) {
throw new \RuntimeException(
'Cannot delete team member with historical data',
422
);
}
$teamMember->delete();
}
/**
* Check if a team member can be deleted.
*
* @param TeamMember $teamMember
* @return array{canDelete: bool, reason?: string}
*/
public function canDelete(TeamMember $teamMember): array
{
if ($teamMember->allocations()->exists()) {
return [
'canDelete' => false,
'reason' => 'Team member has active allocations',
];
}
if ($teamMember->actuals()->exists()) {
return [
'canDelete' => false,
'reason' => 'Team member has historical data',
];
}
return ['canDelete' => true];
}
}

18
backend/artisan Normal file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/env php
<?php
use Illuminate\Foundation\Application;
use Symfony\Component\Console\Input\ArgvInput;
define('LARAVEL_START', microtime(true));
// Register the Composer autoloader...
require __DIR__.'/vendor/autoload.php';
// Bootstrap Laravel and handle the command...
/** @var Application $app */
$app = require_once __DIR__.'/bootstrap/app.php';
$status = $app->handleCommand(new ArgvInput);
exit($status);

14
backend/boost.json Normal file
View File

@@ -0,0 +1,14 @@
{
"agents": [
"opencode",
"junie",
"codex"
],
"guidelines": true,
"herd_mcp": false,
"mcp": true,
"sail": false,
"skills": [
"pest-testing"
]
}

19
backend/bootstrap/app.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
api: __DIR__.'/../routes/api.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware): void {
//
})
->withExceptions(function (Exceptions $exceptions): void {
//
})->create();

2
backend/bootstrap/cache/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
*
!.gitignore

5
backend/bootstrap/providers.php Normal file
View File

@@ -0,0 +1,5 @@
<?php
return [
App\Providers\AppServiceProvider::class,
];

96
backend/composer.json Normal file
View File

@@ -0,0 +1,96 @@
{
"$schema": "https://getcomposer.org/schema.json",
"name": "laravel/laravel",
"type": "project",
"description": "The skeleton application for the Laravel framework.",
"keywords": [
"laravel",
"framework"
],
"license": "MIT",
"require": {
"php": "^8.2",
"knuckleswtf/scribe": "^5.7",
"laravel/framework": "^12.0",
"laravel/tinker": "^2.10.1",
"parsedown/parsedown": "1.7.4",
"predis/predis": "^2.0",
"tymon/jwt-auth": "^2.0"
},
"require-dev": {
"laravel/boost": "^2.1",
"fakerphp/faker": "^1.23",
"laravel/pail": "^1.2.2",
"laravel/pint": "^1.24",
"laravel/sail": "^1.41",
"mockery/mockery": "^1.6",
"nunomaduro/collision": "^8.6",
"pestphp/pest": "^3.8",
"pestphp/pest-plugin-laravel": "^3.0",
"phpunit/phpunit": "^11.5.3"
},
"autoload": {
"psr-4": {
"App\\": "app/",
"Database\\Factories\\": "database/factories/",
"Database\\Seeders\\": "database/seeders/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"scripts": {
"setup": [
"composer install",
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\"",
"@php artisan key:generate",
"@php artisan migrate --force",
"npm install",
"npm run build"
],
"dev": [
"Composer\\Config::disableProcessTimeout",
"npx concurrently -c \"#93c5fd,#c4b5fd,#fb7185,#fdba74\" \"php artisan serve\" \"php artisan queue:listen --tries=1 --timeout=0\" \"php artisan pail --timeout=0\" \"npm run dev\" --names=server,queue,logs,vite --kill-others"
],
"test": [
"@php artisan config:clear --ansi",
"@php artisan test"
],
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan package:discover --ansi"
],
"post-update-cmd": [
"@php artisan vendor:publish --tag=laravel-assets --ansi --force"
],
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate --ansi",
"@php -r \"file_exists('database/database.sqlite') || touch('database/database.sqlite');\"",
"@php artisan migrate --graceful --ansi"
],
"pre-package-uninstall": [
"Illuminate\\Foundation\\ComposerScripts::prePackageUninstall"
]
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true,
"allow-plugins": {
"pestphp/pest-plugin": true,
"php-http/discovery": true
}
},
"minimum-stability": "stable",
"prefer-stable": true
}

10253
backend/composer.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

126
backend/config/app.php Normal file
View File

@@ -0,0 +1,126 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Application Name
|--------------------------------------------------------------------------
|
| This value is the name of your application, which will be used when the
| framework needs to place the application's name in a notification or
| other UI elements where an application name needs to be displayed.
|
*/
'name' => env('APP_NAME', 'Laravel'),
/*
|--------------------------------------------------------------------------
| Application Environment
|--------------------------------------------------------------------------
|
| This value determines the "environment" your application is currently
| running in. This may determine how you prefer to configure various
| services the application utilizes. Set this in your ".env" file.
|
*/
'env' => env('APP_ENV', 'production'),
/*
|--------------------------------------------------------------------------
| Application Debug Mode
|--------------------------------------------------------------------------
|
| When your application is in debug mode, detailed error messages with
| stack traces will be shown on every error that occurs within your
| application. If disabled, a simple generic error page is shown.
|
*/
'debug' => (bool) env('APP_DEBUG', false),
/*
|--------------------------------------------------------------------------
| Application URL
|--------------------------------------------------------------------------
|
| This URL is used by the console to properly generate URLs when using
| the Artisan command line tool. You should set this to the root of
| the application so that it's available within Artisan commands.
|
*/
'url' => env('APP_URL', 'http://localhost'),
/*
|--------------------------------------------------------------------------
| Application Timezone
|--------------------------------------------------------------------------
|
| Here you may specify the default timezone for your application, which
| will be used by the PHP date and date-time functions. The timezone
| is set to "UTC" by default as it is suitable for most use cases.
|
*/
'timezone' => 'UTC',
/*
|--------------------------------------------------------------------------
| Application Locale Configuration
|--------------------------------------------------------------------------
|
| The application locale determines the default locale that will be used
| by Laravel's translation / localization methods. This option can be
| set to any locale for which you plan to have translation strings.
|
*/
'locale' => env('APP_LOCALE', 'en'),
'fallback_locale' => env('APP_FALLBACK_LOCALE', 'en'),
'faker_locale' => env('APP_FAKER_LOCALE', 'en_US'),
/*
|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
| This key is utilized by Laravel's encryption services and should be set
| to a random, 32 character string to ensure that all encrypted values
| are secure. You should do this prior to deploying the application.
|
*/
'cipher' => 'AES-256-CBC',
'key' => env('APP_KEY'),
'previous_keys' => [
...array_filter(
explode(',', (string) env('APP_PREVIOUS_KEYS', ''))
),
],
/*
|--------------------------------------------------------------------------
| Maintenance Mode Driver
|--------------------------------------------------------------------------
|
| These configuration options determine the driver used to determine and
| manage Laravel's "maintenance mode" status. The "cache" driver will
| allow maintenance mode to be controlled across multiple machines.
|
| Supported drivers: "file", "cache"
|
*/
'maintenance' => [
'driver' => env('APP_MAINTENANCE_DRIVER', 'file'),
'store' => env('APP_MAINTENANCE_STORE', 'database'),
],
];

115
backend/config/auth.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option defines the default authentication "guard" and password
| reset "broker" for your application. You may change these values
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => env('AUTH_GUARD', 'web'),
'passwords' => env('AUTH_PASSWORD_BROKER', 'users'),
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| which utilizes session storage plus the Eloquent user provider.
|
| All authentication guards have a user provider, which defines how the
| users are actually retrieved out of your database or other storage
| system used by the application. Typically, Eloquent is utilized.
|
| Supported: "session"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication guards have a user provider, which defines how the
| users are actually retrieved out of your database or other storage
| system used by the application. Typically, Eloquent is utilized.
|
| If you have multiple user tables or models you may configure multiple
| providers to represent the model / table. These providers may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => env('AUTH_MODEL', App\Models\User::class),
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| These configuration options specify the behavior of Laravel's password
| reset functionality, including the table utilized for token storage
| and the user provider that is invoked to actually retrieve users.
|
| The expiry time is the number of minutes that each reset token will be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
| The throttle setting is the number of seconds a user must wait before
| generating more password reset tokens. This prevents the user from
| quickly generating a very large amount of password reset tokens.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => env('AUTH_PASSWORD_RESET_TOKEN_TABLE', 'password_reset_tokens'),
'expire' => 60,
'throttle' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Password Confirmation Timeout
|--------------------------------------------------------------------------
|
| Here you may define the number of seconds before a password confirmation
| window expires and users are asked to re-enter their password via the
| confirmation screen. By default, the timeout lasts for three hours.
|
*/
'password_timeout' => env('AUTH_PASSWORD_TIMEOUT', 10800),
];

51
backend/config/boost.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
declare(strict_types=1);
return [
/*
|--------------------------------------------------------------------------
| Boost Master Switch
|--------------------------------------------------------------------------
|
| This option may be used to disable all Boost functionality - which
| will prevent Boost's routes from being registered and will also
| disable Boost's browser logging functionality from operating.
|
*/
'enabled' => env('BOOST_ENABLED', true),
/*
|--------------------------------------------------------------------------
| Boost Browser Logs Watcher
|--------------------------------------------------------------------------
|
| The following option may be used to enable or disable the browser logs
| watcher feature within Laravel Boost. The log watcher will read any
| errors within the browser's console to give Boost better context.
|
*/
'browser_logs_watcher' => env('BOOST_BROWSER_LOGS_WATCHER', true),
/*
|--------------------------------------------------------------------------
| Boost Executables Paths
|--------------------------------------------------------------------------
|
| These options allow you to specify custom paths for the executables that
| Boost uses. When configured, they take precedence over the automatic
| discovery mechanism. Leave empty to use defaults from your $PATH.
|
*/
'executable_paths' => [
'php' => env('BOOST_PHP_EXECUTABLE_PATH'),
'composer' => env('BOOST_COMPOSER_EXECUTABLE_PATH'),
'npm' => env('BOOST_NPM_EXECUTABLE_PATH'),
'vendor_bin' => env('BOOST_VENDOR_BIN_EXECUTABLE_PATH'),
],
];

117
backend/config/cache.php Normal file
View File

@@ -0,0 +1,117 @@
<?php
use Illuminate\Support\Str;
return [
/*
|--------------------------------------------------------------------------
| Default Cache Store
|--------------------------------------------------------------------------
|
| This option controls the default cache store that will be used by the
| framework. This connection is utilized if another isn't explicitly
| specified when running a cache operation inside the application.
|
*/
'default' => env('CACHE_STORE', 'database'),
/*
|--------------------------------------------------------------------------
| Cache Stores
|--------------------------------------------------------------------------
|
| Here you may define all of the cache "stores" for your application as
| well as their drivers. You may even define multiple stores for the
| same cache driver to group types of items stored in your caches.
|
| Supported drivers: "array", "database", "file", "memcached",
| "redis", "dynamodb", "octane",
| "failover", "null"
|
*/
'stores' => [
'array' => [
'driver' => 'array',
'serialize' => false,
],
'database' => [
'driver' => 'database',
'connection' => env('DB_CACHE_CONNECTION'),
'table' => env('DB_CACHE_TABLE', 'cache'),
'lock_connection' => env('DB_CACHE_LOCK_CONNECTION'),
'lock_table' => env('DB_CACHE_LOCK_TABLE'),
],
'file' => [
'driver' => 'file',
'path' => storage_path('framework/cache/data'),
'lock_path' => storage_path('framework/cache/data'),
],
'memcached' => [
'driver' => 'memcached',
'persistent_id' => env('MEMCACHED_PERSISTENT_ID'),
'sasl' => [
env('MEMCACHED_USERNAME'),
env('MEMCACHED_PASSWORD'),
],
'options' => [
// Memcached::OPT_CONNECT_TIMEOUT => 2000,
],
'servers' => [
[
'host' => env('MEMCACHED_HOST', '127.0.0.1'),
'port' => env('MEMCACHED_PORT', 11211),
'weight' => 100,
],
],
],
'redis' => [
'driver' => 'redis',
'connection' => env('REDIS_CACHE_CONNECTION', 'cache'),
'lock_connection' => env('REDIS_CACHE_LOCK_CONNECTION', 'default'),
],
'dynamodb' => [
'driver' => 'dynamodb',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
'table' => env('DYNAMODB_CACHE_TABLE', 'cache'),
'endpoint' => env('DYNAMODB_ENDPOINT'),
],
'octane' => [
'driver' => 'octane',
],
'failover' => [
'driver' => 'failover',
'stores' => [
'database',
'array',
],
],
],
/*
|--------------------------------------------------------------------------
| Cache Key Prefix
|--------------------------------------------------------------------------
|
| When utilizing the APC, database, memcached, Redis, and DynamoDB cache
| stores, there might be other applications using the same cache. For
| that reason, you may prefix every cache key to avoid collisions.
|
*/
'prefix' => env('CACHE_PREFIX', Str::slug((string) env('APP_NAME', 'laravel')).'-cache-'),
];

24
backend/config/cors.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
return [
'paths' => [
'api/*',
'api/documentation',
'api/documentation/*',
'sanctum/csrf-cookie',
],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
];

183
backend/config/database.php Normal file
View File

@@ -0,0 +1,183 @@
<?php
use Illuminate\Support\Str;
return [
/*
|--------------------------------------------------------------------------
| Default Database Connection Name
|--------------------------------------------------------------------------
|
| Here you may specify which of the database connections below you wish
| to use as your default connection for database operations. This is
| the connection which will be utilized unless another connection
| is explicitly specified when you execute a query / statement.
|
*/
'default' => env('DB_CONNECTION', 'sqlite'),
/*
|--------------------------------------------------------------------------
| Database Connections
|--------------------------------------------------------------------------
|
| Below are all of the database connections defined for your application.
| An example configuration is provided for each database system which
| is supported by Laravel. You're free to add / remove connections.
|
*/
'connections' => [
'sqlite' => [
'driver' => 'sqlite',
'url' => env('DB_URL'),
'database' => env('DB_DATABASE', database_path('database.sqlite')),
'prefix' => '',
'foreign_key_constraints' => env('DB_FOREIGN_KEYS', true),
'busy_timeout' => null,
'journal_mode' => null,
'synchronous' => null,
'transaction_mode' => 'DEFERRED',
],
'mysql' => [
'driver' => 'mysql',
'url' => env('DB_URL'),
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PORT', '3306'),
'database' => env('DB_DATABASE', 'laravel'),
'username' => env('DB_USERNAME', 'root'),
'password' => env('DB_PASSWORD', ''),
'unix_socket' => env('DB_SOCKET', ''),
'charset' => env('DB_CHARSET', 'utf8mb4'),
'collation' => env('DB_COLLATION', 'utf8mb4_unicode_ci'),
'prefix' => '',
'prefix_indexes' => true,
'strict' => true,
'engine' => null,
'options' => extension_loaded('pdo_mysql') ? array_filter([
(PHP_VERSION_ID >= 80500 ? \Pdo\Mysql::ATTR_SSL_CA : \PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
]) : [],
],
'mariadb' => [
'driver' => 'mariadb',
'url' => env('DB_URL'),
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PORT', '3306'),
'database' => env('DB_DATABASE', 'laravel'),
'username' => env('DB_USERNAME', 'root'),
'password' => env('DB_PASSWORD', ''),
'unix_socket' => env('DB_SOCKET', ''),
'charset' => env('DB_CHARSET', 'utf8mb4'),
'collation' => env('DB_COLLATION', 'utf8mb4_unicode_ci'),
'prefix' => '',
'prefix_indexes' => true,
'strict' => true,
'engine' => null,
'options' => extension_loaded('pdo_mysql') ? array_filter([
(PHP_VERSION_ID >= 80500 ? \Pdo\Mysql::ATTR_SSL_CA : \PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
]) : [],
],
'pgsql' => [
'driver' => 'pgsql',
'url' => env('DB_URL'),
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PORT', '5432'),
'database' => env('DB_DATABASE', 'laravel'),
'username' => env('DB_USERNAME', 'root'),
'password' => env('DB_PASSWORD', ''),
'charset' => env('DB_CHARSET', 'utf8'),
'prefix' => '',
'prefix_indexes' => true,
'search_path' => 'public',
'sslmode' => env('DB_SSLMODE', 'prefer'),
],
'sqlsrv' => [
'driver' => 'sqlsrv',
'url' => env('DB_URL'),
'host' => env('DB_HOST', 'localhost'),
'port' => env('DB_PORT', '1433'),
'database' => env('DB_DATABASE', 'laravel'),
'username' => env('DB_USERNAME', 'root'),
'password' => env('DB_PASSWORD', ''),
'charset' => env('DB_CHARSET', 'utf8'),
'prefix' => '',
'prefix_indexes' => true,
// 'encrypt' => env('DB_ENCRYPT', 'yes'),
// 'trust_server_certificate' => env('DB_TRUST_SERVER_CERTIFICATE', 'false'),
],
],
/*
|--------------------------------------------------------------------------
| Migration Repository Table
|--------------------------------------------------------------------------
|
| This table keeps track of all the migrations that have already run for
| your application. Using this information, we can determine which of
| the migrations on disk haven't actually been run on the database.
|
*/
'migrations' => [
'table' => 'migrations',
'update_date_on_publish' => true,
],
/*
|--------------------------------------------------------------------------
| Redis Databases
|--------------------------------------------------------------------------
|
| Redis is an open source, fast, and advanced key-value store that also
| provides a richer body of commands than a typical key-value system
| such as Memcached. You may define your connection settings here.
|
*/
'redis' => [
'client' => env('REDIS_CLIENT', 'phpredis'),
'options' => [
'cluster' => env('REDIS_CLUSTER', 'redis'),
'prefix' => env('REDIS_PREFIX', Str::slug((string) env('APP_NAME', 'laravel')).'-database-'),
'persistent' => env('REDIS_PERSISTENT', false),
],
'default' => [
'url' => env('REDIS_URL'),
'host' => env('REDIS_HOST', '127.0.0.1'),
'username' => env('REDIS_USERNAME'),
'password' => env('REDIS_PASSWORD'),
'port' => env('REDIS_PORT', '6379'),
'database' => env('REDIS_DB', '0'),
'max_retries' => env('REDIS_MAX_RETRIES', 3),
'backoff_algorithm' => env('REDIS_BACKOFF_ALGORITHM', 'decorrelated_jitter'),
'backoff_base' => env('REDIS_BACKOFF_BASE', 100),
'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000),
],
'cache' => [
'url' => env('REDIS_URL'),
'host' => env('REDIS_HOST', '127.0.0.1'),
'username' => env('REDIS_USERNAME'),
'password' => env('REDIS_PASSWORD'),
'port' => env('REDIS_PORT', '6379'),
'database' => env('REDIS_CACHE_DB', '1'),
'max_retries' => env('REDIS_MAX_RETRIES', 3),
'backoff_algorithm' => env('REDIS_BACKOFF_ALGORITHM', 'decorrelated_jitter'),
'backoff_base' => env('REDIS_BACKOFF_BASE', 100),
'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000),
],
],
];

80
backend/config/filesystems.php Normal file
View File

@@ -0,0 +1,80 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Filesystem Disk
|--------------------------------------------------------------------------
|
| Here you may specify the default filesystem disk that should be used
| by the framework. The "local" disk, as well as a variety of cloud
| based disks are available to your application for file storage.
|
*/
'default' => env('FILESYSTEM_DISK', 'local'),
/*
|--------------------------------------------------------------------------
| Filesystem Disks
|--------------------------------------------------------------------------
|
| Below you may configure as many filesystem disks as necessary, and you
| may even configure multiple disks for the same driver. Examples for
| most supported storage drivers are configured here for reference.
|
| Supported drivers: "local", "ftp", "sftp", "s3"
|
*/
'disks' => [
'local' => [
'driver' => 'local',
'root' => storage_path('app/private'),
'serve' => true,
'throw' => false,
'report' => false,
],
'public' => [
'driver' => 'local',
'root' => storage_path('app/public'),
'url' => rtrim(env('APP_URL', 'http://localhost'), '/').'/storage',
'visibility' => 'public',
'throw' => false,
'report' => false,
],
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION'),
'bucket' => env('AWS_BUCKET'),
'url' => env('AWS_URL'),
'endpoint' => env('AWS_ENDPOINT'),
'use_path_style_endpoint' => env('AWS_USE_PATH_STYLE_ENDPOINT', false),
'throw' => false,
'report' => false,
],
],
/*
|--------------------------------------------------------------------------
| Symbolic Links
|--------------------------------------------------------------------------
|
| Here you may configure the symbolic links that will be created when the
| `storage:link` Artisan command is executed. The array keys should be
| the locations of the links and the values should be their targets.
|
*/
'links' => [
public_path('storage') => storage_path('app/public'),
],
];

301
backend/config/jwt.php Normal file
View File

@@ -0,0 +1,301 @@
<?php
/*
* This file is part of jwt-auth.
*
* (c) Sean Tymon <tymon148@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
return [
/*
|--------------------------------------------------------------------------
| JWT Authentication Secret
|--------------------------------------------------------------------------
|
| Don't forget to set this in your .env file, as it will be used to sign
| your tokens. A helper command is provided for this:
| `php artisan jwt:secret`
|
| Note: This will be used for Symmetric algorithms only (HMAC),
| since RSA and ECDSA use a private/public key combo (See below).
|
*/
'secret' => env('JWT_SECRET'),
/*
|--------------------------------------------------------------------------
| JWT Authentication Keys
|--------------------------------------------------------------------------
|
| The algorithm you are using, will determine whether your tokens are
| signed with a random string (defined in `JWT_SECRET`) or using the
| following public & private keys.
|
| Symmetric Algorithms:
| HS256, HS384 & HS512 will use `JWT_SECRET`.
|
| Asymmetric Algorithms:
| RS256, RS384 & RS512 / ES256, ES384 & ES512 will use the keys below.
|
*/
'keys' => [
/*
|--------------------------------------------------------------------------
| Public Key
|--------------------------------------------------------------------------
|
| A path or resource to your public key.
|
| E.g. 'file://path/to/public/key'
|
*/
'public' => env('JWT_PUBLIC_KEY'),
/*
|--------------------------------------------------------------------------
| Private Key
|--------------------------------------------------------------------------
|
| A path or resource to your private key.
|
| E.g. 'file://path/to/private/key'
|
*/
'private' => env('JWT_PRIVATE_KEY'),
/*
|--------------------------------------------------------------------------
| Passphrase
|--------------------------------------------------------------------------
|
| The passphrase for your private key. Can be null if none set.
|
*/
'passphrase' => env('JWT_PASSPHRASE'),
],
/*
|--------------------------------------------------------------------------
| JWT time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token will be valid for.
| Defaults to 1 hour.
|
| You can also set this to null, to yield a never expiring token.
| Some people may want this behaviour for e.g. a mobile app.
| This is not particularly recommended, so make sure you have appropriate
| systems in place to revoke the token if necessary.
| Notice: If you set this to null you should remove 'exp' element from 'required_claims' list.
|
*/
'ttl' => env('JWT_TTL', 60),
/*
|--------------------------------------------------------------------------
| Refresh time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token can be refreshed
| within. I.E. The user can refresh their token within a 2 week window of
| the original token being created until they must re-authenticate.
| Defaults to 2 weeks.
|
| You can also set this to null, to yield an infinite refresh time.
| Some may want this instead of never expiring tokens for e.g. a mobile app.
| This is not particularly recommended, so make sure you have appropriate
| systems in place to revoke the token if necessary.
|
*/
'refresh_ttl' => env('JWT_REFRESH_TTL', 20160),
/*
|--------------------------------------------------------------------------
| JWT hashing algorithm
|--------------------------------------------------------------------------
|
| Specify the hashing algorithm that will be used to sign the token.
|
*/
'algo' => env('JWT_ALGO', Tymon\JWTAuth\Providers\JWT\Provider::ALGO_HS256),
/*
|--------------------------------------------------------------------------
| Required Claims
|--------------------------------------------------------------------------
|
| Specify the required claims that must exist in any token.
| A TokenInvalidException will be thrown if any of these claims are not
| present in the payload.
|
*/
'required_claims' => [
'iss',
'iat',
'exp',
'nbf',
'sub',
'jti',
],
/*
|--------------------------------------------------------------------------
| Persistent Claims
|--------------------------------------------------------------------------
|
| Specify the claim keys to be persisted when refreshing a token.
| `sub` and `iat` will automatically be persisted, in
| addition to the these claims.
|
| Note: If a claim does not exist then it will be ignored.
|
*/
'persistent_claims' => [
// 'foo',
// 'bar',
],
/*
|--------------------------------------------------------------------------
| Lock Subject
|--------------------------------------------------------------------------
|
| This will determine whether a `prv` claim is automatically added to
| the token. The purpose of this is to ensure that if you have multiple
| authentication models e.g. `App\User` & `App\OtherPerson`, then we
| should prevent one authentication request from impersonating another,
| if 2 tokens happen to have the same id across the 2 different models.
|
| Under specific circumstances, you may want to disable this behaviour
| e.g. if you only have one authentication model, then you would save
| a little on token size.
|
*/
'lock_subject' => true,
/*
|--------------------------------------------------------------------------
| Leeway
|--------------------------------------------------------------------------
|
| This property gives the jwt timestamp claims some "leeway".
| Meaning that if you have any unavoidable slight clock skew on
| any of your servers then this will afford you some level of cushioning.
|
| This applies to the claims `iat`, `nbf` and `exp`.
|
| Specify in seconds - only if you know you need it.
|
*/
'leeway' => env('JWT_LEEWAY', 0),
/*
|--------------------------------------------------------------------------
| Blacklist Enabled
|--------------------------------------------------------------------------
|
| In order to invalidate tokens, you must have the blacklist enabled.
| If you do not want or need this functionality, then set this to false.
|
*/
'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
/*
| -------------------------------------------------------------------------
| Blacklist Grace Period
| -------------------------------------------------------------------------
|
| When multiple concurrent requests are made with the same JWT,
| it is possible that some of them fail, due to token regeneration
| on every request.
|
| Set grace period in seconds to prevent parallel request failure.
|
*/
'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0),
/*
|--------------------------------------------------------------------------
| Cookies encryption
|--------------------------------------------------------------------------
|
| By default Laravel encrypt cookies for security reason.
| If you decide to not decrypt cookies, you will have to configure Laravel
| to not encrypt your cookie token by adding its name into the $except
| array available in the middleware "EncryptCookies" provided by Laravel.
| see https://laravel.com/docs/master/responses#cookies-and-encryption
| for details.
|
| Set it to true if you want to decrypt cookies.
|
*/
'decrypt_cookies' => false,
/*
|--------------------------------------------------------------------------
| Providers
|--------------------------------------------------------------------------
|
| Specify the various providers used throughout the package.
|
*/
'providers' => [
/*
|--------------------------------------------------------------------------
| JWT Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to create and decode the tokens.
|
*/
'jwt' => Tymon\JWTAuth\Providers\JWT\Lcobucci::class,
/*
|--------------------------------------------------------------------------
| Authentication Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to authenticate users.
|
*/
'auth' => Tymon\JWTAuth\Providers\Auth\Illuminate::class,
/*
|--------------------------------------------------------------------------
| Storage Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to store tokens in the blacklist.
|
*/
'storage' => Tymon\JWTAuth\Providers\Storage\Illuminate::class,
],
];

132
backend/config/logging.php Normal file
View File

@@ -0,0 +1,132 @@
<?php
use Monolog\Handler\NullHandler;
use Monolog\Handler\StreamHandler;
use Monolog\Handler\SyslogUdpHandler;
use Monolog\Processor\PsrLogMessageProcessor;
return [
/*
|--------------------------------------------------------------------------
| Default Log Channel
|--------------------------------------------------------------------------
|
| This option defines the default log channel that is utilized to write
| messages to your logs. The value provided here should match one of
| the channels present in the list of "channels" configured below.
|
*/
'default' => env('LOG_CHANNEL', 'stack'),
/*
|--------------------------------------------------------------------------
| Deprecations Log Channel
|--------------------------------------------------------------------------
|
| This option controls the log channel that should be used to log warnings
| regarding deprecated PHP and library features. This allows you to get
| your application ready for upcoming major versions of dependencies.
|
*/
'deprecations' => [
'channel' => env('LOG_DEPRECATIONS_CHANNEL', 'null'),
'trace' => env('LOG_DEPRECATIONS_TRACE', false),
],
/*
|--------------------------------------------------------------------------
| Log Channels
|--------------------------------------------------------------------------
|
| Here you may configure the log channels for your application. Laravel
| utilizes the Monolog PHP logging library, which includes a variety
| of powerful log handlers and formatters that you're free to use.
|
| Available drivers: "single", "daily", "slack", "syslog",
| "errorlog", "monolog", "custom", "stack"
|
*/
'channels' => [
'stack' => [
'driver' => 'stack',
'channels' => explode(',', (string) env('LOG_STACK', 'single')),
'ignore_exceptions' => false,
],
'single' => [
'driver' => 'single',
'path' => storage_path('logs/laravel.log'),
'level' => env('LOG_LEVEL', 'debug'),
'replace_placeholders' => true,
],
'daily' => [
'driver' => 'daily',
'path' => storage_path('logs/laravel.log'),
'level' => env('LOG_LEVEL', 'debug'),
'days' => env('LOG_DAILY_DAYS', 14),
'replace_placeholders' => true,
],
'slack' => [
'driver' => 'slack',
'url' => env('LOG_SLACK_WEBHOOK_URL'),
'username' => env('LOG_SLACK_USERNAME', 'Laravel Log'),
'emoji' => env('LOG_SLACK_EMOJI', ':boom:'),
'level' => env('LOG_LEVEL', 'critical'),
'replace_placeholders' => true,
],
'papertrail' => [
'driver' => 'monolog',
'level' => env('LOG_LEVEL', 'debug'),
'handler' => env('LOG_PAPERTRAIL_HANDLER', SyslogUdpHandler::class),
'handler_with' => [
'host' => env('PAPERTRAIL_URL'),
'port' => env('PAPERTRAIL_PORT'),
'connectionString' => 'tls://'.env('PAPERTRAIL_URL').':'.env('PAPERTRAIL_PORT'),
],
'processors' => [PsrLogMessageProcessor::class],
],
'stderr' => [
'driver' => 'monolog',
'level' => env('LOG_LEVEL', 'debug'),
'handler' => StreamHandler::class,
'handler_with' => [
'stream' => 'php://stderr',
],
'formatter' => env('LOG_STDERR_FORMATTER'),
'processors' => [PsrLogMessageProcessor::class],
],
'syslog' => [
'driver' => 'syslog',
'level' => env('LOG_LEVEL', 'debug'),
'facility' => env('LOG_SYSLOG_FACILITY', LOG_USER),
'replace_placeholders' => true,
],
'errorlog' => [
'driver' => 'errorlog',
'level' => env('LOG_LEVEL', 'debug'),
'replace_placeholders' => true,
],
'null' => [
'driver' => 'monolog',
'handler' => NullHandler::class,
],
'emergency' => [
'path' => storage_path('logs/laravel.log'),
],
],
];

118
backend/config/mail.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Mailer
|--------------------------------------------------------------------------
|
| This option controls the default mailer that is used to send all email
| messages unless another mailer is explicitly specified when sending
| the message. All additional mailers can be configured within the
| "mailers" array. Examples of each type of mailer are provided.
|
*/
'default' => env('MAIL_MAILER', 'log'),
/*
|--------------------------------------------------------------------------
| Mailer Configurations
|--------------------------------------------------------------------------
|
| Here you may configure all of the mailers used by your application plus
| their respective settings. Several examples have been configured for
| you and you are free to add your own as your application requires.
|
| Laravel supports a variety of mail "transport" drivers that can be used
| when delivering an email. You may specify which one you're using for
| your mailers below. You may also add additional mailers if needed.
|
| Supported: "smtp", "sendmail", "mailgun", "ses", "ses-v2",
| "postmark", "resend", "log", "array",
| "failover", "roundrobin"
|
*/
'mailers' => [
'smtp' => [
'transport' => 'smtp',
'scheme' => env('MAIL_SCHEME'),
'url' => env('MAIL_URL'),
'host' => env('MAIL_HOST', '127.0.0.1'),
'port' => env('MAIL_PORT', 2525),
'username' => env('MAIL_USERNAME'),
'password' => env('MAIL_PASSWORD'),
'timeout' => null,
'local_domain' => env('MAIL_EHLO_DOMAIN', parse_url((string) env('APP_URL', 'http://localhost'), PHP_URL_HOST)),
],
'ses' => [
'transport' => 'ses',
],
'postmark' => [
'transport' => 'postmark',
// 'message_stream_id' => env('POSTMARK_MESSAGE_STREAM_ID'),
// 'client' => [
// 'timeout' => 5,
// ],
],
'resend' => [
'transport' => 'resend',
],
'sendmail' => [
'transport' => 'sendmail',
'path' => env('MAIL_SENDMAIL_PATH', '/usr/sbin/sendmail -bs -i'),
],
'log' => [
'transport' => 'log',
'channel' => env('MAIL_LOG_CHANNEL'),
],
'array' => [
'transport' => 'array',
],
'failover' => [
'transport' => 'failover',
'mailers' => [
'smtp',
'log',
],
'retry_after' => 60,
],
'roundrobin' => [
'transport' => 'roundrobin',
'mailers' => [
'ses',
'postmark',
],
'retry_after' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Global "From" Address
|--------------------------------------------------------------------------
|
| You may wish for all emails sent by your application to be sent from
| the same address. Here you may specify a name and address that is
| used globally for all emails that are sent by your application.
|
*/
'from' => [
'address' => env('MAIL_FROM_ADDRESS', 'hello@example.com'),
'name' => env('MAIL_FROM_NAME', 'Example'),
],
];

129
backend/config/queue.php Normal file
View File

@@ -0,0 +1,129 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Queue Connection Name
|--------------------------------------------------------------------------
|
| Laravel's queue supports a variety of backends via a single, unified
| API, giving you convenient access to each backend using identical
| syntax for each. The default queue connection is defined below.
|
*/
'default' => env('QUEUE_CONNECTION', 'database'),
/*
|--------------------------------------------------------------------------
| Queue Connections
|--------------------------------------------------------------------------
|
| Here you may configure the connection options for every queue backend
| used by your application. An example configuration is provided for
| each backend supported by Laravel. You're also free to add more.
|
| Drivers: "sync", "database", "beanstalkd", "sqs", "redis",
| "deferred", "background", "failover", "null"
|
*/
'connections' => [
'sync' => [
'driver' => 'sync',
],
'database' => [
'driver' => 'database',
'connection' => env('DB_QUEUE_CONNECTION'),
'table' => env('DB_QUEUE_TABLE', 'jobs'),
'queue' => env('DB_QUEUE', 'default'),
'retry_after' => (int) env('DB_QUEUE_RETRY_AFTER', 90),
'after_commit' => false,
],
'beanstalkd' => [
'driver' => 'beanstalkd',
'host' => env('BEANSTALKD_QUEUE_HOST', 'localhost'),
'queue' => env('BEANSTALKD_QUEUE', 'default'),
'retry_after' => (int) env('BEANSTALKD_QUEUE_RETRY_AFTER', 90),
'block_for' => 0,
'after_commit' => false,
],
'sqs' => [
'driver' => 'sqs',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'prefix' => env('SQS_PREFIX', 'https://sqs.us-east-1.amazonaws.com/your-account-id'),
'queue' => env('SQS_QUEUE', 'default'),
'suffix' => env('SQS_SUFFIX'),
'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
'after_commit' => false,
],
'redis' => [
'driver' => 'redis',
'connection' => env('REDIS_QUEUE_CONNECTION', 'default'),
'queue' => env('REDIS_QUEUE', 'default'),
'retry_after' => (int) env('REDIS_QUEUE_RETRY_AFTER', 90),
'block_for' => null,
'after_commit' => false,
],
'deferred' => [
'driver' => 'deferred',
],
'background' => [
'driver' => 'background',
],
'failover' => [
'driver' => 'failover',
'connections' => [
'database',
'deferred',
],
],
],
/*
|--------------------------------------------------------------------------
| Job Batching
|--------------------------------------------------------------------------
|
| The following options configure the database and table that store job
| batching information. These options can be updated to any database
| connection and table which has been defined by your application.
|
*/
'batching' => [
'database' => env('DB_CONNECTION', 'sqlite'),
'table' => 'job_batches',
],
/*
|--------------------------------------------------------------------------
| Failed Queue Jobs
|--------------------------------------------------------------------------
|
| These options configure the behavior of failed queue job logging so you
| can control how and where failed jobs are stored. Laravel ships with
| support for storing failed jobs in a simple file or in a database.
|
| Supported drivers: "database-uuids", "dynamodb", "file", "null"
|
*/
'failed' => [
'driver' => env('QUEUE_FAILED_DRIVER', 'database-uuids'),
'database' => env('DB_CONNECTION', 'sqlite'),
'table' => 'failed_jobs',
],
];

259
backend/config/scribe.php Normal file
View File

@@ -0,0 +1,259 @@
<?php
use Knuckles\Scribe\Config\AuthIn;
use Knuckles\Scribe\Config\Defaults;
use Knuckles\Scribe\Extracting\Strategies;
use function Knuckles\Scribe\Config\configureStrategy;
use function Knuckles\Scribe\Config\removeStrategies;
// Only the most common configs are shown. See the https://scribe.knuckles.wtf/laravel/reference/config for all.
return [
// The HTML <title> for the generated documentation.
'title' => config('app.name').' API Documentation',
// A short description of your API. Will be included in the docs webpage, Postman collection and OpenAPI spec.
'description' => '',
// Text to place in the "Introduction" section, right after the `description`. Markdown and HTML are supported.
'intro_text' => <<<'INTRO'
This documentation aims to provide all the information you need to work with our API.
<aside>As you scroll, you'll see code examples for working with the API in different programming languages in the dark area to the right (or as part of the content on mobile).
You can switch the language used with the tabs at the top right (or from the nav menu at the top left on mobile).</aside>
INTRO,
// The base URL displayed in the docs.
// If you're using `laravel` type, you can set this to a dynamic string, like '{{ config("app.tenant_url") }}' to get a dynamic base URL.
'base_url' => config('app.url'),
// Routes to include in the docs
'routes' => [
[
'match' => [
// Match only routes whose paths match this pattern (use * as a wildcard to match any characters). Example: 'users/*'.
'prefixes' => ['api/*'],
// Match only routes whose domains match this pattern (use * as a wildcard to match any characters). Example: 'api.*'.
'domains' => ['*'],
],
// Include these routes even if they did not match the rules above.
'include' => [
// 'users.index', 'POST /new', '/auth/*'
],
// Exclude these routes even if they matched the rules above.
'exclude' => [
// 'GET /health', 'admin.*'
],
],
],
// The type of documentation output to generate.
// - "static" will generate a static HTMl page in the /public/docs folder,
// - "laravel" will generate the documentation as a Blade view, so you can add routing and authentication.
// - "external_static" and "external_laravel" do the same as above, but pass the OpenAPI spec as a URL to an external UI template
'type' => 'laravel',
// See https://scribe.knuckles.wtf/laravel/reference/config#theme for supported options
'theme' => 'default',
'static' => [
// HTML documentation, assets and Postman collection will be generated to this folder.
// Source Markdown will still be in resources/docs.
'output_path' => 'public/docs',
],
'laravel' => [
// Whether to automatically create a docs route for you to view your generated docs. You can still set up routing manually.
'add_routes' => true,
// URL path to use for the docs endpoint (if `add_routes` is true).
// By default, `/docs` opens the HTML page, `/docs.postman` opens the Postman collection, and `/docs.openapi` the OpenAPI spec.
'docs_url' => '/docs',
// Directory within `public` in which to store CSS and JS assets.
// By default, assets are stored in `public/vendor/scribe`.
// If set, assets will be stored in `public/{{assets_directory}}`
'assets_directory' => null,
// Middleware to attach to the docs endpoint (if `add_routes` is true).
'middleware' => [],
],
'external' => [
'html_attributes' => [],
],
'try_it_out' => [
// Add a Try It Out button to your endpoints so consumers can test endpoints right from their browser.
// Don't forget to enable CORS headers for your endpoints.
'enabled' => true,
// The base URL to use in the API tester. Leave as null to be the same as the displayed URL (`scribe.base_url`).
'base_url' => null,
// [Laravel Sanctum] Fetch a CSRF token before each request, and add it as an X-XSRF-TOKEN header.
'use_csrf' => false,
// The URL to fetch the CSRF token from (if `use_csrf` is true).
'csrf_url' => '/sanctum/csrf-cookie',
],
// How is your API authenticated? This information will be used in the displayed docs, generated examples and response calls.
'auth' => [
// Set this to true if ANY endpoints in your API use authentication.
'enabled' => false,
// Set this to true if your API should be authenticated by default. If so, you must also set `enabled` (above) to true.
// You can then use @unauthenticated or @authenticated on individual endpoints to change their status from the default.
'default' => false,
// Where is the auth value meant to be sent in a request?
'in' => AuthIn::BEARER->value,
// The name of the auth parameter (e.g. token, key, apiKey) or header (e.g. Authorization, Api-Key).
'name' => 'key',
// The value of the parameter to be used by Scribe to authenticate response calls.
// This will NOT be included in the generated documentation. If empty, Scribe will use a random value.
'use_value' => env('SCRIBE_AUTH_KEY'),
// Placeholder your users will see for the auth parameter in the example requests.
// Set this to null if you want Scribe to use a random value as placeholder instead.
'placeholder' => '{YOUR_AUTH_KEY}',
// Any extra authentication-related info for your users. Markdown and HTML are supported.
'extra_info' => 'You can retrieve your token by visiting your dashboard and clicking <b>Generate API token</b>.',
],
// Example requests for each endpoint will be shown in each of these languages.
// Supported options are: bash, javascript, php, python
// To add a language of your own, see https://scribe.knuckles.wtf/laravel/advanced/example-requests
// Note: does not work for `external` docs types
'example_languages' => [
'bash',
'javascript',
],
// Generate a Postman collection (v2.1.0) in addition to HTML docs.
// For 'static' docs, the collection will be generated to public/docs/collection.json.
// For 'laravel' docs, it will be generated to storage/app/scribe/collection.json.
// Setting `laravel.add_routes` to true (above) will also add a route for the collection.
'postman' => [
'enabled' => true,
'overrides' => [
// 'info.version' => '2.0.0',
],
],
// Generate an OpenAPI spec in addition to docs webpage.
// For 'static' docs, the collection will be generated to public/docs/openapi.yaml.
// For 'laravel' docs, it will be generated to storage/app/scribe/openapi.yaml.
// Setting `laravel.add_routes` to true (above) will also add a route for the spec.
'openapi' => [
'enabled' => true,
// The OpenAPI spec version to generate. Supported versions: '3.0.3', '3.1.0'.
// OpenAPI 3.1 is more compatible with JSON Schema and is becoming the dominant version.
// See https://spec.openapis.org/oas/v3.1.0 for details on 3.1 changes.
'version' => '3.0.3',
'overrides' => [
// 'info.version' => '2.0.0',
],
// Additional generators to use when generating the OpenAPI spec.
// Should extend `Knuckles\Scribe\Writing\OpenApiSpecGenerators\OpenApiGenerator`.
'generators' => [],
],
'groups' => [
// Endpoints which don't have a @group will be placed in this default group.
'default' => 'Endpoints',
// By default, Scribe will sort groups alphabetically, and endpoints in the order their routes are defined.
// You can override this by listing the groups, subgroups and endpoints here in the order you want them.
// See https://scribe.knuckles.wtf/blog/laravel-v4#easier-sorting and https://scribe.knuckles.wtf/laravel/reference/config#order for details
// Note: does not work for `external` docs types
'order' => [],
],
// Custom logo path. This will be used as the value of the src attribute for the <img> tag,
// so make sure it points to an accessible URL or path. Set to false to not use a logo.
// For example, if your logo is in public/img:
// - 'logo' => '../img/logo.png' // for `static` type (output folder is public/docs)
// - 'logo' => 'img/logo.png' // for `laravel` type
'logo' => false,
// Customize the "Last updated" value displayed in the docs by specifying tokens and formats.
// Examples:
// - {date:F j Y} => March 28, 2022
// - {git:short} => Short hash of the last Git commit
// Available tokens are `{date:<format>}` and `{git:<format>}`.
// The format you pass to `date` will be passed to PHP's `date()` function.
// The format you pass to `git` can be either "short" or "long".
// Note: does not work for `external` docs types
'last_updated' => 'Last updated: {date:F j, Y}',
'examples' => [
// Set this to any number to generate the same example values for parameters on each run,
'faker_seed' => 1234,
// With API resources and transformers, Scribe tries to generate example models to use in your API responses.
// By default, Scribe will try the model's factory, and if that fails, try fetching the first from the database.
// You can reorder or remove strategies here.
'models_source' => ['factoryCreate', 'factoryMake', 'databaseFirst'],
],
// The strategies Scribe will use to extract information about your routes at each stage.
// Use configureStrategy() to specify settings for a strategy in the list.
// Use removeStrategies() to remove an included strategy.
'strategies' => [
'metadata' => [
...Defaults::METADATA_STRATEGIES,
],
'headers' => [
...Defaults::HEADERS_STRATEGIES,
Strategies\StaticData::withSettings(data: [
'Content-Type' => 'application/json',
'Accept' => 'application/json',
]),
],
'urlParameters' => [
...Defaults::URL_PARAMETERS_STRATEGIES,
],
'queryParameters' => [
...Defaults::QUERY_PARAMETERS_STRATEGIES,
],
'bodyParameters' => [
...Defaults::BODY_PARAMETERS_STRATEGIES,
],
'responses' => configureStrategy(
Defaults::RESPONSES_STRATEGIES,
Strategies\Responses\ResponseCalls::withSettings(
only: ['GET *'],
// Recommended: disable debug mode in response calls to avoid error stack traces in responses
config: [
'app.debug' => false,
]
)
),
'responseFields' => [
...Defaults::RESPONSE_FIELDS_STRATEGIES,
],
],
// For response calls, API resource responses and transformer responses,
// Scribe will try to start database transactions, so no changes are persisted to your database.
// Tell Scribe which connections should be transacted here. If you only use one db connection, you can leave this as is.
'database_connections_to_transact' => [config('database.default')],
'fractal' => [
// If you are using a custom serializer with league/fractal, you can specify it here.
'serializer' => null,
],
];

38
backend/config/services.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Third Party Services
|--------------------------------------------------------------------------
|
| This file is for storing the credentials for third party services such
| as Mailgun, Postmark, AWS and more. This file provides the de facto
| location for this type of information, allowing packages to have
| a conventional file to locate the various service credentials.
|
*/
'postmark' => [
'key' => env('POSTMARK_API_KEY'),
],
'resend' => [
'key' => env('RESEND_API_KEY'),
],
'ses' => [
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
],
'slack' => [
'notifications' => [
'bot_user_oauth_token' => env('SLACK_BOT_USER_OAUTH_TOKEN'),
'channel' => env('SLACK_BOT_USER_DEFAULT_CHANNEL'),
],
],
];

217
backend/config/session.php Normal file
View File

@@ -0,0 +1,217 @@
<?php
use Illuminate\Support\Str;
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option determines the default session driver that is utilized for
| incoming requests. Laravel supports a variety of storage options to
| persist session data. Database storage is a great default choice.
|
| Supported: "file", "cookie", "database", "memcached",
| "redis", "dynamodb", "array"
|
*/
'driver' => env('SESSION_DRIVER', 'database'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to expire immediately when the browser is closed then you may
| indicate that via the expire_on_close configuration option.
|
*/
'lifetime' => (int) env('SESSION_LIFETIME', 120),
'expire_on_close' => env('SESSION_EXPIRE_ON_CLOSE', false),
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it's stored. All encryption is performed
| automatically by Laravel and you may use the session like normal.
|
*/
'encrypt' => env('SESSION_ENCRYPT', false),
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When utilizing the "file" session driver, the session files are placed
| on disk. The default storage location is defined here; however, you
| are free to provide another location where they should be stored.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => env('SESSION_CONNECTION'),
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table to
| be used to store sessions. Of course, a sensible default is defined
| for you; however, you're welcome to change this to another table.
|
*/
'table' => env('SESSION_TABLE', 'sessions'),
/*
|--------------------------------------------------------------------------
| Session Cache Store
|--------------------------------------------------------------------------
|
| When using one of the framework's cache driven session backends, you may
| define the cache store which should be used to store the session data
| between requests. This must match one of your defined cache stores.
|
| Affects: "dynamodb", "memcached", "redis"
|
*/
'store' => env('SESSION_STORE'),
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the session cookie that is created by
| the framework. Typically, you should not need to change this value
| since doing so does not grant a meaningful security improvement.
|
*/
'cookie' => env(
'SESSION_COOKIE',
Str::slug((string) env('APP_NAME', 'laravel')).'-session'
),
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application, but you're free to change this when necessary.
|
*/
'path' => env('SESSION_PATH', '/'),
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| This value determines the domain and subdomains the session cookie is
| available to. By default, the cookie will be available to the root
| domain without subdomains. Typically, this shouldn't be changed.
|
*/
'domain' => env('SESSION_DOMAIN'),
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you when it can't be done securely.
|
*/
'secure' => env('SESSION_SECURE_COOKIE'),
/*
|--------------------------------------------------------------------------
| HTTP Access Only
|--------------------------------------------------------------------------
|
| Setting this value to true will prevent JavaScript from accessing the
| value of the cookie and the cookie will only be accessible through
| the HTTP protocol. It's unlikely you should disable this option.
|
*/
'http_only' => env('SESSION_HTTP_ONLY', true),
/*
|--------------------------------------------------------------------------
| Same-Site Cookies
|--------------------------------------------------------------------------
|
| This option determines how your cookies behave when cross-site requests
| take place, and can be used to mitigate CSRF attacks. By default, we
| will set this value to "lax" to permit secure cross-site requests.
|
| See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
|
| Supported: "lax", "strict", "none", null
|
*/
'same_site' => env('SESSION_SAME_SITE', 'lax'),
/*
|--------------------------------------------------------------------------
| Partitioned Cookies
|--------------------------------------------------------------------------
|
| Setting this value to true will tie the cookie to the top-level site for
| a cross-site context. Partitioned cookies are accepted by the browser
| when flagged "secure" and the Same-Site attribute is set to "none".
|
*/
'partitioned' => env('SESSION_PARTITIONED_COOKIE', false),
];

1
backend/database/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
*.sqlite*

28
backend/database/factories/ActualFactory.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Str;
use App\Models\Actual;
use App\Models\Project;
use App\Models\TeamMember;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory\u003c\App\Models\Actual>
*/
class ActualFactory extends Factory
{
protected $model = Actual::class;
public function definition(): array
{
return [
'id' => (string) Str::uuid(),
'project_id' => Project::factory(),
'team_member_id' => TeamMember::factory(),
'month' => fake()->dateTimeBetween('-6 months', 'now')->format('Y-m-01'),
'hours_logged' => fake()->randomFloat(2, 0, 160),
];
}
}

28
backend/database/factories/AllocationFactory.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Str;
use App\Models\Allocation;
use App\Models\Project;
use App\Models\TeamMember;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory\u003c\App\Models\Allocation>
*/
class AllocationFactory extends Factory
{
protected $model = Allocation::class;
public function definition(): array
{
return [
'id' => (string) Str::uuid(),
'project_id' => Project::factory(),
'team_member_id' => TeamMember::factory(),
'month' => fake()->dateTimeBetween('-6 months', '+6 months')->format('Y-m-01'),
'allocated_hours' => fake()->randomFloat(2, 0, 160),
];
}
}

42
backend/database/factories/ProjectFactory.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Str;
use App\Models\Project;
use App\Models\ProjectStatus;
use App\Models\ProjectType;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory\u003c\App\Models\Project>
*/
class ProjectFactory extends Factory
{
protected $model = Project::class;
public function definition(): array
{
return [
'id' => (string) Str::uuid(),
'code' => strtoupper(fake()->unique()->bothify('PRJ-####')),
'title' => fake()->sentence(3),
'status_id' => ProjectStatus::factory(),
'type_id' => ProjectType::factory(),
'approved_estimate' => null,
'forecasted_effort' => null,
];
}
public function approved(): static
{
return $this->state(fn (array $attributes) => [
'approved_estimate' => fake()->randomFloat(2, 5000, 50000),
'forecasted_effort' => [
'frontend' => fake()->numberBetween(40, 200),
'backend' => fake()->numberBetween(60, 300),
'qa' => fake()->numberBetween(20, 100),
],
]);
}
}

24
backend/database/factories/ProjectStatusFactory.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use App\Models\ProjectStatus;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory\u003c\App\Models\ProjectStatus>
*/
class ProjectStatusFactory extends Factory
{
protected $model = ProjectStatus::class;
public function definition(): array
{
return [
'name' => fake()->unique()->words(2, true),
'order' => fake()->numberBetween(1, 20),
'is_active' => fake()->boolean(),
'is_billable' => fake()->boolean(),
];
}
}

22
backend/database/factories/ProjectTypeFactory.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use App\Models\ProjectType;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory\u003c\App\Models\ProjectType>
*/
class ProjectTypeFactory extends Factory
{
protected $model = ProjectType::class;
public function definition(): array
{
return [
'name' => fake()->unique()->word(),
'description' => fake()->sentence(),
];
}
}

23
backend/database/factories/RoleFactory.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Str;
use App\Models\Role;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory\u003c\App\Models\Role>
*/
class RoleFactory extends Factory
{
protected $model = Role::class;
public function definition(): array
{
return [
'name' => fake()->unique()->jobTitle(),
'description' => fake()->sentence(),
];
}
}

34
backend/database/factories/TeamMemberFactory.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Str;
use App\Models\TeamMember;
use App\Models\Role;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory\u003c\App\Models\TeamMember>
*/
class TeamMemberFactory extends Factory
{
protected $model = TeamMember::class;
public function definition(): array
{
return [
'id' => (string) Str::uuid(),
'name' => fake()->name(),
'role_id' => Role::factory(),
'hourly_rate' => fake()->randomFloat(2, 20, 150),
'active' => true,
];
}
public function inactive(): static
{
return $this->state(fn (array $attributes) => [
'active' => false,
]);
}
}

45
backend/database/factories/UserFactory.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\User>
*/
class UserFactory extends Factory
{
/**
* The current password being used by the factory.
*/
protected static ?string $password;
/**
* Define the model's default state.
*
* @return array<string, mixed>
*/
public function definition(): array
{
return [
'name' => fake()->name(),
'email' => fake()->unique()->safeEmail(),
'email_verified_at' => now(),
'password' => static::$password ??= Hash::make('password'),
'role' => fake()->randomElement(['superuser', 'manager', 'developer', 'top_brass']),
'remember_token' => Str::random(10),
];
}
/**
* Indicate that the model's email address should be unverified.
*/
public function unverified(): static
{
return $this->state(fn (array $attributes) => [
'email_verified_at' => null,
]);
}
}

49
backend/database/migrations/0001_01_01_000000_create_users_table.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('users', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('email')->unique();
$table->timestamp('email_verified_at')->nullable();
$table->string('password');
$table->rememberToken();
$table->timestamps();
});
Schema::create('password_reset_tokens', function (Blueprint $table) {
$table->string('email')->primary();
$table->string('token');
$table->timestamp('created_at')->nullable();
});
Schema::create('sessions', function (Blueprint $table) {
$table->string('id')->primary();
$table->foreignId('user_id')->nullable()->index();
$table->string('ip_address', 45)->nullable();
$table->text('user_agent')->nullable();
$table->longText('payload');
$table->integer('last_activity')->index();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('users');
Schema::dropIfExists('password_reset_tokens');
Schema::dropIfExists('sessions');
}
};

35
backend/database/migrations/0001_01_01_000001_create_cache_table.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('cache', function (Blueprint $table) {
$table->string('key')->primary();
$table->mediumText('value');
$table->integer('expiration')->index();
});
Schema::create('cache_locks', function (Blueprint $table) {
$table->string('key')->primary();
$table->string('owner');
$table->integer('expiration')->index();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('cache');
Schema::dropIfExists('cache_locks');
}
};

57
backend/database/migrations/0001_01_01_000002_create_jobs_table.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('jobs', function (Blueprint $table) {
$table->id();
$table->string('queue')->index();
$table->longText('payload');
$table->unsignedTinyInteger('attempts');
$table->unsignedInteger('reserved_at')->nullable();
$table->unsignedInteger('available_at');
$table->unsignedInteger('created_at');
});
Schema::create('job_batches', function (Blueprint $table) {
$table->string('id')->primary();
$table->string('name');
$table->integer('total_jobs');
$table->integer('pending_jobs');
$table->integer('failed_jobs');
$table->longText('failed_job_ids');
$table->mediumText('options')->nullable();
$table->integer('cancelled_at')->nullable();
$table->integer('created_at');
$table->integer('finished_at')->nullable();
});
Schema::create('failed_jobs', function (Blueprint $table) {
$table->id();
$table->string('uuid')->unique();
$table->text('connection');
$table->text('queue');
$table->longText('payload');
$table->longText('exception');
$table->timestamp('failed_at')->useCurrent();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('jobs');
Schema::dropIfExists('job_batches');
Schema::dropIfExists('failed_jobs');
}
};

29
backend/database/migrations/2024_02_17_000001_create_roles_table.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('roles', function (Blueprint $table) {
$table->id();
$table->string('name')->unique();
$table->text('description')->nullable();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('roles');
}
};

31
backend/database/migrations/2024_02_17_000002_create_project_statuses_table.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('project_statuses', function (Blueprint $table) {
$table->id();
$table->string('name')->unique();
$table->integer('order')->default(0);
$table->boolean('is_active')->default(true);
$table->boolean('is_billable')->default(false);
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('project_statuses');
}
};

29
backend/database/migrations/2024_02_17_000003_create_project_types_table.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('project_types', function (Blueprint $table) {
$table->id();
$table->string('name')->unique();
$table->text('description')->nullable();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('project_types');
}
};

31
backend/database/migrations/2024_02_17_000004_create_team_members_table.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('team_members', function (Blueprint $table) {
$table->uuid('id')->primary();
$table->string('name');
$table->foreignId('role_id')->constrained('roles');
$table->decimal('hourly_rate', 10, 2);
$table->boolean('active')->default(true);
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('team_members');
}
};

33
backend/database/migrations/2024_02_17_000005_create_projects_table.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('projects', function (Blueprint $table) {
$table->uuid('id')->primary();
$table->string('code')->unique();
$table->string('title');
$table->foreignId('status_id')->constrained('project_statuses');
$table->foreignId('type_id')->constrained('project_types');
$table->decimal('approved_estimate', 12, 2)->nullable();
$table->json('forecasted_effort')->nullable();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('projects');
}
};

35
backend/database/migrations/2024_02_17_000006_create_allocations_table.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('allocations', function (Blueprint $table) {
$table->uuid('id')->primary();
$table->foreignUuid('project_id')->constrained('projects');
$table->foreignUuid('team_member_id')->constrained('team_members');
$table->date('month'); // First day of the month
$table->decimal('allocated_hours', 8, 2)->default(0);
$table->timestamps();
// Composite indexes for common queries
$table->index(['project_id', 'month'], 'idx_allocations_project_month');
$table->index(['team_member_id', 'month'], 'idx_allocations_member_month');
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('allocations');
}
};

35
backend/database/migrations/2024_02_17_000007_create_actuals_table.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('actuals', function (Blueprint $table) {
$table->uuid('id')->primary();
$table->foreignUuid('project_id')->constrained('projects');
$table->foreignUuid('team_member_id')->constrained('team_members');
$table->date('month'); // First day of the month
$table->decimal('hours_logged', 8, 2)->default(0);
$table->timestamps();
// Composite indexes for common queries
$table->index(['project_id', 'month'], 'idx_actuals_project_month');
$table->index(['team_member_id', 'month'], 'idx_actuals_member_month');
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('actuals');
}
};

30
backend/database/migrations/2024_02_17_000008_create_holidays_table.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('holidays', function (Blueprint $table) {
$table->uuid('id')->primary();
$table->date('date')->unique();
$table->string('name');
$table->text('description')->nullable();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('holidays');
}
};

32
backend/database/migrations/2024_02_17_000009_create_ptos_table.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('ptos', function (Blueprint $table) {
$table->uuid('id')->primary();
$table->foreignUuid('team_member_id')->constrained('team_members');
$table->date('start_date');
$table->date('end_date');
$table->string('reason')->nullable();
$table->enum('status', ['pending', 'approved', 'rejected'])->default('pending');
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('ptos');
}
};

37
backend/database/migrations/2024_02_17_000010_create_users_table.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
// Drop the default users table and recreate with UUID
Schema::dropIfExists('users');
Schema::create('users', function (Blueprint $table) {
$table->uuid('id')->primary();
$table->string('name');
$table->string('email')->unique();
$table->timestamp('email_verified_at')->nullable();
$table->string('password');
$table->enum('role', ['superuser', 'manager', 'developer', 'top_brass'])->default('developer');
$table->boolean('active')->default(true);
$table->rememberToken();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('users');
}
};

25
backend/database/seeders/DatabaseSeeder.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace Database\Seeders;
use Illuminate\Database\Console\Seeds\WithoutModelEvents;
use Illuminate\Database\Seeder;
class DatabaseSeeder extends Seeder
{
use WithoutModelEvents;
/**
* Seed the application's database.
*/
public function run(): void
{
$this->call([
RoleSeeder::class,
ProjectStatusSeeder::class,
ProjectTypeSeeder::class,
ProjectSeeder::class,
UserSeeder::class,
]);
}
}

83
backend/database/seeders/ProjectSeeder.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
class ProjectSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run(): void
{
// Get status and type IDs
$preSalesStatus = DB::table('project_statuses')->where('name', 'Pre-sales')->first();
$sowApprovalStatus = DB::table('project_statuses')->where('name', 'SOW Approval')->first();
$estimationStatus = DB::table('project_statuses')->where('name', 'Estimation')->first();
$inProgressStatus = DB::table('project_statuses')->where('name', 'In Progress')->first();
$onHoldStatus = DB::table('project_statuses')->where('name', 'On Hold')->first();
$projectType = DB::table('project_types')->where('name', 'Project')->first();
$supportType = DB::table('project_types')->where('name', 'Support')->first();
if (! $preSalesStatus || ! $projectType) {
$this->command->warn('Required statuses or types not found. Run ProjectStatusSeeder and ProjectTypeSeeder first.');
return;
}
$projects = [
[
'id' => Str::uuid()->toString(),
'code' => 'PROJ-001',
'title' => 'Website Redesign',
'status_id' => $preSalesStatus->id, // Pre-sales for transition testing
'type_id' => $projectType->id,
'approved_estimate' => null,
'forecasted_effort' => null,
],
[
'id' => Str::uuid()->toString(),
'code' => 'PROJ-002',
'title' => 'API Integration',
'status_id' => $estimationStatus->id ?? $preSalesStatus->id,
'type_id' => $projectType->id,
'approved_estimate' => null,
'forecasted_effort' => null,
],
[
'id' => Str::uuid()->toString(),
'code' => 'SUP-001',
'title' => 'Bug Fixes',
'status_id' => $onHoldStatus->id ?? $preSalesStatus->id,
'type_id' => $supportType->id,
'approved_estimate' => 40.00,
'forecasted_effort' => json_encode(['2024-02' => 20, '2024-03' => 20]),
],
[
'id' => Str::uuid()->toString(),
'code' => 'PROJ-003',
'title' => 'Mobile App Development',
'status_id' => $inProgressStatus->id ?? $preSalesStatus->id,
'type_id' => $projectType->id,
'approved_estimate' => 120.00,
'forecasted_effort' => json_encode(['2024-02' => 40, '2024-03' => 50, '2024-04' => 30]),
],
];
foreach ($projects as $project) {
DB::table('projects')->updateOrInsert(
['code' => $project['code']],
array_merge($project, [
'created_at' => now(),
'updated_at' => now(),
])
);
}
$this->command->info('Seeded '.count($projects).' projects.');
}
}

103
backend/database/seeders/ProjectStatusSeeder.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Illuminate\Support\Facades\DB;
class ProjectStatusSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run(): void
{
$statuses = [
[
'name' => 'Pre-sales',
'order' => 1,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'SOW Approval',
'order' => 2,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'Estimation',
'order' => 3,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'Estimate Approved',
'order' => 4,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'Resource Allocation',
'order' => 5,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'Sprint 0',
'order' => 6,
'is_active' => true,
'is_billable' => false,
],
[
'name' => 'In Progress',
'order' => 7,
'is_active' => true,
'is_billable' => true,
],
[
'name' => 'UAT',
'order' => 8,
'is_active' => true,
'is_billable' => true,
],
[
'name' => 'Handover / Sign-off',
'order' => 9,
'is_active' => true,
'is_billable' => true,
],
[
'name' => 'Estimate Rework',
'order' => 10,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'On Hold',
'order' => 11,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'Cancelled',
'order' => 12,
'is_active' => false,
'is_billable' => false,
],
[
'name' => 'Closed',
'order' => 13,
'is_active' => false,
'is_billable' => false,
],
];
foreach ($statuses as $status) {
DB::table('project_statuses')->updateOrInsert(
['name' => $status['name']],
$status
);
}
}
}

33
backend/database/seeders/ProjectTypeSeeder.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Illuminate\Support\Facades\DB;
class ProjectTypeSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run(): void
{
$types = [
[
'name' => 'Project',
'description' => 'Full software development project with defined scope, timeline, and deliverables',
],
[
'name' => 'Support',
'description' => 'Ongoing support and maintenance with SLA requirements',
],
];
foreach ($types as $type) {
DB::table('project_types')->updateOrInsert(
['name' => $type['name']],
$type
);
}
}
}

53
backend/database/seeders/RoleSeeder.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Illuminate\Support\Facades\DB;
class RoleSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run(): void
{
$roles = [
[
'name' => 'Frontend Dev',
'description' => 'Frontend Developer - specializes in UI/UX and client-side development',
],
[
'name' => 'Backend Dev',
'description' => 'Backend Developer - specializes in server-side logic and APIs',
],
[
'name' => 'QA',
'description' => 'Quality Assurance - tests software and ensures quality standards',
],
[
'name' => 'DevOps',
'description' => 'DevOps Engineer - manages infrastructure, CI/CD, and deployments',
],
[
'name' => 'UX',
'description' => 'UX Designer - designs user experiences and interfaces',
],
[
'name' => 'PM',
'description' => 'Project Manager - manages projects, timelines, and client communication',
],
[
'name' => 'Architect',
'description' => 'Solution Architect - designs system architecture and technical solutions',
],
];
foreach ($roles as $role) {
DB::table('roles')->updateOrInsert(
['name' => $role['name']],
$role
);
}
}
}

Some files were not shown because too many files have changed in this diff Show More