[CLAUDE] Docs: STATUS + session log cho prod go-live + ERP shell + Notifications
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m45s
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m45s
This commit is contained in:
pqhuy1987
@ -2,19 +2,33 @@
|
||||
|
||||
> **Update rule:** trước khi bắt đầu 1 task → ghi row vào `🔥 In Progress`. Xong → chuyển sang `✅ Recently Done`.
|
||||
|
||||
**Last updated:** 2026-04-21 17:30
|
||||
**Last updated:** 2026-04-21 15:30 (post-prod-deploy)
|
||||
|
||||
## 📍 Phase hiện tại: **IDOR + SLA Job xong** — gần đủ feature, chờ Gitea URL cho Phase 5 deploy prod
|
||||
## 📍 Phase hiện tại: **Đã go-live prod** — 3 domain HTTPS live, CI/CD xanh, Notifications module + ERP shell
|
||||
|
||||
### 🌐 Production URLs
|
||||
- https://api.huypham.vn — API (Let's Encrypt, auto-renew via win-acme)
|
||||
- https://admin.huypham.vn — Admin FE (HTTP→HTTPS auto-redirect)
|
||||
- https://user.huypham.vn — User FE (HTTP→HTTPS auto-redirect)
|
||||
- https://git.baocaogiaoduc.vn/vietreport-admin/solution-erp — Gitea repo + Actions
|
||||
- Default admin: `admin@solutionerp.local` / `Admin@123456` ⚠️ **RE-ROTATE sau login đầu**
|
||||
|
||||
## 🔥 In Progress
|
||||
|
||||
_(không có)_
|
||||
_(không có — chờ UAT + quyết Tier 3 tiếp theo)_
|
||||
|
||||
## ✅ Recently Done (newest on top)
|
||||
|
||||
| Ngày | Ai | Task | Commit |
|
||||
|---|---|---|---|
|
||||
| 2026-04-21 | Claude | **IDOR + SLA Job + Admin warning** — ContractsController List/GetDetail filter theo role (non-admin chỉ thấy HĐ mình là Drafter hoặc role eligible phase). SlaExpiryJob BackgroundService auto-approve quá hạn mỗi 15min với Decision=AutoApprove. DbInitializer warn log khi admin vẫn dùng password default | (sắp commit) |
|
||||
| 2026-04-21 | Claude | **Fix login Network Error** — SPA web.config thêm HTTP→HTTPS redirect rule (CORS chỉ allow https origin, user gõ bare domain bị block) | `397eb36` |
|
||||
| 2026-04-21 | Claude | **Notifications module E2E** — Domain entity + EF migration + Infra service + CQRS (List/UnreadCount/MarkRead/MarkAllRead) + API controller + FE bells wire real endpoint + ContractWorkflowService emit notification cho Drafter khi phase transition. Foundation sẵn cho SignalR/email outbox | `49c0ddc` |
|
||||
| 2026-04-21 | Claude | **PermissionsPage improved** — search, stats badge, bulk column toggle, empty state icon | `6c0e206` |
|
||||
| 2026-04-21 | Claude | **ERP shell**: TopBar + NotificationBell + UserMenu (avatar + role badges). Layout tách `[sidebar] [topbar + content]` — foundation cho multi-module ERP | `2b6f91c` |
|
||||
| 2026-04-21 | Claude | **Tier 1 UI polish** — SlaTimer (inline + full variant, 5 chỗ), Inbox stat cards, DataTable skeleton rows, EmptyState component + MyContracts CTA | `290936a`..`2e43799` |
|
||||
| 2026-04-21 | Claude | **CI/CD deploy xanh E2E** — self-hosted Windows runner, single job build+deploy local, npm install fresh node_modules (Vite 8 rolldown binding), appsettings rendered từ secrets, /health/live 200 sau deploy | `b40da1e` |
|
||||
| 2026-04-21 | Claude | **VPS prod setup** — SQL DB (SQLEXPRESS), IIS sites (SolutionErp-Api/Admin/User), win-acme 3 Let's Encrypt certs + auto-renew, shared gitea-runner với VIETREPORT | `169e268`..`519ba85` |
|
||||
| 2026-04-21 | Claude | **IDOR + SLA Job + Admin warning** — ContractsController List/GetDetail filter theo role (non-admin chỉ thấy HĐ mình là Drafter hoặc role eligible phase). SlaExpiryJob BackgroundService auto-approve quá hạn mỗi 15min với Decision=AutoApprove. DbInitializer warn log khi admin vẫn dùng password default | `fba0754` |
|
||||
| 2026-04-21 | Claude | **Phase 5.1 Security + Users Mgmt** — Security headers + Identity lockout + LoginHandler check + Users CQRS + UsersController + FE `/system/users` | `11e61c9` |
|
||||
| 2026-04-21 | Claude | **Phase 5 Prep** — BE rate limit + health check + Serilog file + HSTS + scripts deploy-iis/backup-sql + .gitea/workflows/deploy.yml + 4 guides + FE refresh token queue pattern | `46a2cab` |
|
||||
| 2026-04-21 | Claude | **Phase 4 Report MVP + Docs Consolidation** — Dashboard KPI + Excel export + rules.md + architecture.md + schema-diagram.md + gotchas update 26 pitfalls | `fe7ad8e` |
|
||||
@ -36,17 +50,28 @@ Session logs: [P0](changelog/sessions/2026-04-21-1045-phase0-scaffold.md) · [P1
|
||||
|
||||
## 🎯 Next up
|
||||
|
||||
### Phase 5 còn lại (cần Gitea URL)
|
||||
### Phase 5 (prod go-live)
|
||||
|
||||
- [ ] Setup Gitea remote + push all commits
|
||||
- [ ] Enable Gitea Actions runner (Windows + Ubuntu)
|
||||
- [ ] Set 5 secrets trong Gitea (IIS_HOST/USER/PASSWORD/JWT_SECRET/DB_CONNECTION)
|
||||
- [ ] Test CI/CD workflow lần đầu trên staging
|
||||
- [ ] Windows Server setup IIS theo [`guides/deployment-iis.md`](guides/deployment-iis.md)
|
||||
- [ ] HTTPS cert (win-acme Let's Encrypt)
|
||||
- [ ] SQL Server prod + Task Scheduler backup
|
||||
- [ ] Smoke test end-to-end prod
|
||||
- [ ] UAT 1 tuần 2-3 user thật
|
||||
- [x] Gitea remote + push all commits
|
||||
- [x] Gitea Actions runner (self-hosted Windows, shared VIETREPORT runner)
|
||||
- [x] Secrets Gitea (JWT_SECRET, DB_CONNECTION — IIS_* deprecated sau rewrite workflow)
|
||||
- [x] CI/CD workflow xanh end-to-end
|
||||
- [x] Windows Server setup IIS (SolutionErp-Api/Admin/User)
|
||||
- [x] HTTPS cert (win-acme 3 Let's Encrypt + auto-renew)
|
||||
- [x] SQL Server prod (SQLEXPRESS) + vrapp db_owner
|
||||
- [x] Smoke test E2E: /health/ready Healthy, login JWT thật, FE live
|
||||
- [ ] **UAT 1 tuần 2-3 user thật** ← next
|
||||
- [ ] SQL backup Task Scheduler (script đã có, chưa schedule)
|
||||
- [ ] Rotate credentials (SA, vrapp, JWT, runner token) — 1 số đã post chat
|
||||
|
||||
### Tier 3 ERP roadmap còn (lớn, để dành session sau)
|
||||
|
||||
- [ ] Form template builder UI (field spec JSON editor, upload .docx/.xlsx admin)
|
||||
- [ ] PDF export (LibreOffice headless pipeline hoặc QuestPDF re-render)
|
||||
- [ ] SignalR real-time push (extend NotificationService, IHubContext)
|
||||
- [ ] Email outbox cho Notification (MailKit, SMTP config)
|
||||
- [ ] .doc → .docx conversion UI/pipeline (3 file pending)
|
||||
- [ ] Attachment upload BE endpoint + FE drag-drop
|
||||
|
||||
### Phase 5.1 Security — hầu như xong
|
||||
|
||||
|
||||
@ -0,0 +1,113 @@
|
||||
# Session 2026-04-21 15:00 — Prod go-live + ERP shell + Notifications module
|
||||
|
||||
**Focus:** Đưa SOLUTION_ERP lên production thật (3 domain HTTPS), cải thiện UX
|
||||
foundation để sau này scale thành ERP đầy đủ (HR, Accounting, Inventory...),
|
||||
và build Notifications module E2E.
|
||||
|
||||
## Outcomes
|
||||
|
||||
### 1. Production go-live E2E (3 domain HTTPS)
|
||||
|
||||
- VPS: Windows Server chia sẻ với VIETREPORT (`103.124.94.38`), IIS + SQLEXPRESS
|
||||
- Sites tạo: `SolutionErp-Api`, `SolutionErp-Admin`, `SolutionErp-User`
|
||||
- Win-acme issue 3 Let's Encrypt cert + auto-renew 9h daily scheduled task
|
||||
- Gitea runner `vps-vietreport-runner` (shared) pickup SOLUTION_ERP tasks
|
||||
- CI/CD workflow rewrite: single `windows-latest` self-hosted job, deploy local
|
||||
(không WinRM vì runner trên cùng VPS với IIS)
|
||||
- JWT_SECRET generate + push qua Gitea API (64-char hex)
|
||||
- DbInitializer auto-migrate khi API start → migration `AddNotifications` chạy
|
||||
tự động lần deploy sau
|
||||
|
||||
### 2. ERP shell (scale foundation)
|
||||
|
||||
- `TopBar` component — title placeholder + NotificationBell + UserMenu (avatar
|
||||
initials + role badges + logout). Thay cho bottom-of-sidebar layout cũ.
|
||||
- `NotificationBell` — unread badge, 30s refetch, click mark-read, 'Đọc hết'
|
||||
bulk action. Foundation sẵn cho SignalR/email sau này.
|
||||
- Layout giờ `[sidebar] [topbar + content]` grid — sau này thêm module HR, KT…
|
||||
chỉ cần thêm vào menu tree, không đụng layout.
|
||||
|
||||
### 3. Tier 1 UI polish
|
||||
|
||||
- `SlaTimer` (inline + full variant, 5 chỗ: 3 list + 2 detail)
|
||||
- Inline: countdown text có màu (emerald/amber/red) + pulsing dot khi quá hạn
|
||||
- Full: progress bar + deadline timestamp
|
||||
- Inbox stat cards (total / sắp hạn / quá hạn / tổng giá trị) — derived client-side
|
||||
- `DataTable` skeleton rows khi loading (thay "Đang tải…" text)
|
||||
- `EmptyState` component (icon + title + description + CTA) + MyContracts empty với "Tạo HĐ mới" button
|
||||
|
||||
### 4. PermissionsPage improvement
|
||||
|
||||
- Search menu theo tên/key
|
||||
- Stats badge: granted / total quyền theo role
|
||||
- Bulk column toggle (tick/bỏ toàn cột CRUD)
|
||||
- EmptyState khi chưa chọn role
|
||||
|
||||
### 5. Notifications module E2E
|
||||
|
||||
**Domain:**
|
||||
- `Notification` entity (UserId, Type, Title, Description, Href, RefId, ReadAt)
|
||||
- `NotificationType` enum (stable ints): ContractPhaseTransition, ContractCommentAdded,
|
||||
SlaWarning, SlaOverdue, ContractPublished, ContractRejected, Generic
|
||||
|
||||
**Infrastructure:**
|
||||
- `NotificationConfiguration` (bảng Notifications, index `(UserId, ReadAt)`)
|
||||
- `NotificationService` — ghi DbContext, KHÔNG SaveChanges (caller quyết định
|
||||
unit-of-work — đảm bảo atomic với domain mutation)
|
||||
- Migration `AddNotifications`
|
||||
|
||||
**Application:**
|
||||
- `INotificationService` (Notify / NotifyMany)
|
||||
- CQRS: `ListMyNotificationsQuery`, `GetMyUnreadCountQuery`, `MarkNotificationReadCommand`,
|
||||
`MarkAllNotificationsReadCommand`
|
||||
|
||||
**Api:**
|
||||
- `NotificationsController` — GET /api/notifications + unread-count + POST {id}/read + read-all
|
||||
|
||||
**Integration:**
|
||||
- `ContractWorkflowService.TransitionAsync` emit notification cho Drafter (skip
|
||||
nếu actor chính là Drafter). Title + type map theo phase đích:
|
||||
- `DaPhatHanh` → `ContractPublished`
|
||||
- `TuChoi` → `ContractRejected`
|
||||
- Khác → `ContractPhaseTransition`
|
||||
|
||||
**FE:**
|
||||
- Both NotificationBell (admin + user) dùng `/api/notifications` thật
|
||||
(thay derived-from-inbox mock)
|
||||
|
||||
### 6. Login bug fix — "Network Error"
|
||||
|
||||
- Root cause: SPA web.config thiếu HTTP→HTTPS redirect rule. User gõ bare
|
||||
`admin.huypham.vn` → load HTTP → `Origin: http://...` → CORS chỉ allow HTTPS → browser block.
|
||||
- Fix: thêm rule `HTTP to HTTPS` (301) vào SPA web.config trước SPA Routes rule.
|
||||
Vừa deploy SCP lên VPS trực tiếp, vừa update `setup-iis-sites.ps1` cho deploy sau.
|
||||
|
||||
## Commits (chronological)
|
||||
|
||||
```
|
||||
169e268 Scripts: rewrite 4 deploy PS1 ASCII-only (PS 5.1 compat)
|
||||
4545276 Scripts: fix setup-ssl.ps1 --installationsiteid flag
|
||||
ccfcfb4 CICD: rewrite workflow for local deploy on self-hosted runner
|
||||
5df883d CICD: re-trigger after runner PATH fix
|
||||
57a0275 CICD: use powershell (5.1) instead of pwsh (7)
|
||||
10ae519 CICD: re-trigger after task 32 stuck (runner restart race)
|
||||
519ba85 CICD: npm install (not ci) — Vite 8 rolldown native binding
|
||||
5709092 CICD: fresh node_modules per build
|
||||
b40da1e CICD: read appsettings template from source workspace
|
||||
290936a CICD + FE: deploy pool-state guard + SlaTimer component
|
||||
0e5b5cd FE-User: stat cards trên Inbox
|
||||
c1c2361 FE: DataTable skeleton rows khi loading
|
||||
2e43799 FE: EmptyState component + MyContracts CTA empty state
|
||||
2b6f91c FE: TopBar + NotificationBell + UserMenu — ERP shell foundation
|
||||
6c0e206 FE-Admin: PermissionsPage improved
|
||||
49c0ddc App+Domain+Infra+Api+FE: Notifications module end-to-end
|
||||
397eb36 Scripts: SPA web.config thêm HTTP→HTTPS redirect
|
||||
```
|
||||
|
||||
## Next session priority
|
||||
|
||||
1. **UAT 1 tuần với 2-3 user thật** — hard requirement từ roadmap
|
||||
2. Chọn Tier 3 tiếp: Form template builder (admin tự upload template + field spec JSON)
|
||||
vs PDF export (LibreOffice/QuestPDF) vs SignalR real-time push
|
||||
3. SQL backup Task Scheduler schedule hàng ngày
|
||||
4. Rotate credentials đã post chat (SA, vrapp, JWT)
|
||||
Reference in New Issue
Block a user