[CLAUDE] Phase1: foundation - BE Clean Arch + Identity + JWT + 2 FE React + login E2E

Backend (.NET 10):
- Domain: BaseEntity/AuditableEntity, ContractType/Phase/ApprovalDecision enums, User/Role (Identity<Guid>), AppRoles (12 const)
- Application: IApplicationDbContext/ICurrentUser/IDateTime/IJwtTokenService, custom exceptions, ValidationBehavior (MediatR pipeline), Auth CQRS (Login/Refresh/Me), DependencyInjection
- Infrastructure: ApplicationDbContext (IdentityDbContext), AuditingInterceptor (auto audit + soft delete), DbInitializer (seed 12 role + admin), DesignTimeDbContextFactory, JwtTokenService, DateTimeService, DI
- Api: CurrentUserService, GlobalExceptionMiddleware (ProblemDetails), AuthController, Program.cs rewrite (Serilog + JWT + CORS + Swagger), appsettings + launchSettings (port 5443)
- Migration Init applied to SolutionErp_Dev LocalDB

Frontend (React 19 + Vite 8 + Tailwind 4):
- fe-admin (:8082 blue) + fe-user (:8080 emerald) - shared structure, khac menu + brand color
- Tailwind 4 via @tailwindcss/vite plugin, theme brand colors
- AuthContext (localStorage token), ProtectedRoute, Layout (sidebar + header)
- UI kit: Button/Input/Label (CVA + Tailwind)
- LoginPage voi toast error, DashboardPage/InboxPage placeholder
- Axios interceptor: auto Bearer + 401 redirect
- TanStack Query client, React Router 7, Sonner toast

Package downgrades (do .NET 10 / TS 6 compat):
- MediatR 14 -> 12.4.1 (v14 breaking changes)
- Swashbuckle 10 -> 6.9.0 (v10 khong tuong thich OpenApi 2)
- Removed Microsoft.AspNetCore.OpenApi (conflict voi Swashbuckle)

E2E verified: POST /api/auth/login qua Vite proxy ca 2 FE -> JWT + user info

Credentials seed: admin@solutionerp.local / Admin@123456

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/Backend/SolutionErp.Application/Common/Behaviors/ValidationBehavior.cs

@@ -0,0 +1,33 @@
+using FluentValidation;
+using MediatR;
+using ValidationException = SolutionErp.Application.Common.Exceptions.ValidationException;
+
+namespace SolutionErp.Application.Common.Behaviors;
+
+public class ValidationBehavior<TRequest, TResponse> : IPipelineBehavior<TRequest, TResponse>
+    where TRequest : notnull
+{
+    private readonly IEnumerable<IValidator<TRequest>> _validators;
+
+    public ValidationBehavior(IEnumerable<IValidator<TRequest>> validators)
+    {
+        _validators = validators;
+    }
+
+    public async Task<TResponse> Handle(TRequest request, RequestHandlerDelegate<TResponse> next, CancellationToken cancellationToken)
+    {
+        if (!_validators.Any())
+            return await next();
+
+        var context = new ValidationContext<TRequest>(request);
+        var failures = (await Task.WhenAll(_validators.Select(v => v.ValidateAsync(context, cancellationToken))))
+            .SelectMany(r => r.Errors)
+            .Where(f => f is not null)
+            .ToList();
+
+        if (failures.Count != 0)
+            throw new ValidationException(failures);
+
+        return await next();
+    }
+}

src/Backend/SolutionErp.Application/Common/Exceptions/ApplicationException.cs

@@ -0,0 +1,40 @@
+namespace SolutionErp.Application.Common.Exceptions;
+
+public class NotFoundException : Exception
+{
+    public NotFoundException(string message) : base(message) { }
+    public NotFoundException(string entity, object id)
+        : base($"{entity} với id '{id}' không tồn tại.") { }
+}
+
+public class ValidationException : Exception
+{
+    public IDictionary<string, string[]> Errors { get; }
+
+    public ValidationException() : base("Có lỗi trong dữ liệu gửi lên.")
+    {
+        Errors = new Dictionary<string, string[]>();
+    }
+
+    public ValidationException(IEnumerable<FluentValidation.Results.ValidationFailure> failures) : this()
+    {
+        Errors = failures
+            .GroupBy(f => f.PropertyName)
+            .ToDictionary(g => g.Key, g => g.Select(e => e.ErrorMessage).ToArray());
+    }
+}
+
+public class ForbiddenException : Exception
+{
+    public ForbiddenException(string message = "Không đủ quyền thực hiện thao tác này.") : base(message) { }
+}
+
+public class UnauthorizedException : Exception
+{
+    public UnauthorizedException(string message = "Chưa đăng nhập hoặc token không hợp lệ.") : base(message) { }
+}
+
+public class ConflictException : Exception
+{
+    public ConflictException(string message) : base(message) { }
+}

src/Backend/SolutionErp.Application/Common/Interfaces/IApplicationDbContext.cs

@@ -0,0 +1,6 @@
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface IApplicationDbContext
+{
+    Task<int> SaveChangesAsync(CancellationToken cancellationToken = default);
+}

src/Backend/SolutionErp.Application/Common/Interfaces/ICurrentUser.cs

@@ -0,0 +1,10 @@
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface ICurrentUser
+{
+    Guid? UserId { get; }
+    string? Email { get; }
+    string? FullName { get; }
+    IReadOnlyList<string> Roles { get; }
+    bool IsAuthenticated { get; }
+}

src/Backend/SolutionErp.Application/Common/Interfaces/IDateTime.cs

@@ -0,0 +1,7 @@
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface IDateTime
+{
+    DateTime UtcNow { get; }
+    DateTime Now { get; }
+}

src/Backend/SolutionErp.Application/Common/Interfaces/IJwtTokenService.cs

@@ -0,0 +1,9 @@
+using SolutionErp.Domain.Identity;
+
+namespace SolutionErp.Application.Common.Interfaces;
+
+public interface IJwtTokenService
+{
+    Task<(string AccessToken, string RefreshToken, DateTime RefreshTokenExpiresAt)> GenerateTokensAsync(User user, IList<string> roles);
+    Task<Guid?> ValidateRefreshTokenAsync(string userId, string refreshToken);
+}