f3fb3fd565
Backend production infra:
- Packages: Serilog.Sinks.File, HealthChecks.EntityFrameworkCore (RateLimiting built-in .NET 10)
- appsettings.Production.json MOI: placeholder __SET_VIA_SECRETS__, AllowedOrigins, Serilog File sink rolling daily retention 30d, RateLimit config
- appsettings.json + Development.json: them Serilog WriteTo Console
- Program.cs REWRITE:
- Serilog ReadFrom.Configuration (prod file / dev console)
- Rate limiter: policy auth-login 5/min/IP (AuthController.Login) + GlobalLimiter 300/min/IP
- Health checks: /health/live liveness (empty predicate) + /health/ready DB probe (AddDbContextCheck)
- HSTS production 1 year
- CORS origins from config AllowedOrigins (default dev 2 localhost)
- AuthController.Login gắn [EnableRateLimiting("auth-login")]
Deploy scripts:
- scripts/deploy-iis.ps1: stop pool → backup current → clean+extract artifact → start pool → health check loop 30s timeout → rollback instruction if fail
- scripts/backup-sql.ps1: BACKUP DATABASE voi INIT+COMPRESSION+CHECKSUM + retention 30d auto cleanup
- .gitea/workflows/deploy.yml MOI: 4 job build BE (Windows) + build 2 FE (Ubuntu, pin .nvmrc 20) + deploy-iis qua WinRM PSSession (secrets IIS_HOST/USER/PASSWORD/JWT_SECRET/DB_CONNECTION)
Docs guides MOI (4 file):
- deployment-iis.md: prereqs (IIS features, Hosting Bundle, SQL, WinRM) + setup lan dau (app pool, 3 site, HTTPS win-acme, user-secrets) + deploy hang ngay (CI/CD + manual) + rollback + monitoring + troubleshooting + SPA web.config sample
- cicd.md: pipeline overview 4 job, secrets setup, runner Windows+Ubuntu, branch strategy, build optimizations, common CI/CD issues
- security-checklist.md: OWASP top 10 2021 mapping voi status + pre go-live checklist + incident response
- runbook.md: daily ops (health/logs), restart/rollback, DB backup/restore/migration revert, user management (reset password, unlock, disable), monitoring (CPU/disk/connection pool), deployment checklist, common gotcha
Frontend refresh token (ca 2 app fe-admin + fe-user):
- lib/api.ts REWRITE: them REFRESH_KEY, axios response interceptor 401 → POST /auth/refresh → retry request goc. Queue pattern cho nhieu request song song chi 1 refresh call chay. Skip retry /auth/login + /auth/refresh tranh infinite loop. _retry flag tren original config.
- contexts/AuthContext.tsx: luu+xoa REFRESH_KEY trong login/logout
E2E verified:
- GET /health/live → 200 Healthy
- GET /health/ready → 200 Healthy (DB probe)
- Rate limit flood 7 POST /auth/login → #1-5 HTTP 400 (cred sai) + #6-7 HTTP 429 Too Many Requests ✅
- TS check fe-admin + fe-user → pass
- dotnet build → 0 errors
Docs updates:
- docs/STATUS.md: Phase 5 prep done, next Phase 5 deploy production + Phase 5.1 security hardening, cumulative stats 8 commits
- docs/HANDOFF.md: phase table them Phase 5 prep row, file tree update voi guides + scripts + workflows, git state commit 8
- docs/changelog/migration-todos.md: tick Phase 5 prep items (12 items done) + Phase 5 deploy items remaining + Phase 5.1 security hardening list
- docs/changelog/sessions/2026-04-21-1530-phase5-prep.md: session log chi tiet
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SOLUTION_ERP
Hệ thống quản lý Hợp đồng Nhà cung cấp / Thầu phụ / Tổ đội cho Công ty TNHH Xây dựng Solutions.
📘 AI context:
CLAUDE.md(pointer) →docs/CLAUDE.md(full)
Quick start (dev)
Yêu cầu: .NET 10 SDK, Node 20+, SQL Server (local hoặc qua Docker).
# 1. DB — chạy SQL Server qua Docker (nếu chưa có local)
docker compose up -d
# 2. Backend — migration + run Api (port 5443)
dotnet ef database update --project src/Backend/SolutionErp.Infrastructure --startup-project src/Backend/SolutionErp.Api
dotnet run --project src/Backend/SolutionErp.Api
# 3. Frontend admin (port 8082) — terminal mới
cd fe-admin
npm install
npm run dev
# 4. Frontend user (port 8080) — terminal mới
cd fe-user
npm install
npm run dev
Admin mặc định (sẽ seed sau Phase 1): admin@solutionerp.local / Admin@123456
Architecture
fe-admin (:8082) fe-user (:8080)
│ │
└────── /api proxy ──────┘
▼
SolutionErp.Api (:5443)
│
┌──────────────┼──────────────┐
▼ ▼ ▼
Application Domain Infrastructure ── SQL Server
Tech stack
- Backend: .NET 10 + Clean Architecture + CQRS (MediatR) + FluentValidation + AutoMapper + EF Core + ASP.NET Identity + JWT
- Frontend: React 18 + Vite + TypeScript + Tailwind + shadcn/ui + TanStack Query
- DB: SQL Server 2022
- Deploy: Windows Server + IIS
Roadmap
| Phase | Tuần | Focus |
|---|---|---|
| 0 Draft | T1 | Scaffold, parse FORM + QUY_TRINH |
| 1 Alpha Core | T2-4 | Auth, Permission, CRUD master |
| 2 Form Engine | T5-6 | Render template docx/xlsx |
| 3 Workflow | T7-9 | State machine 9 phase |
| 4 Report + Polish | T10-11 | Dashboard + Excel export |
| 5 Production | T12-13 | CI/CD IIS, UAT, go-live |
Chi tiết ở docs/changelog/migration-todos.md.
License
Proprietary — Công ty TNHH Xây dựng Solutions.